diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md index 01d30a387ee3..abf6a3e48e70 100644 --- a/cpp/ql/lib/CHANGELOG.md +++ b/cpp/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.0.10 + +### New Features + +* Added a `isStructuredBinding` predicate to the `Variable` class which holds when the variable is declared as part of a structured binding declaration. + ## 0.0.9 ## 0.0.8 diff --git a/cpp/ql/lib/change-notes/2022-02-21-structured-binding-data.md b/cpp/ql/lib/change-notes/released/0.0.10.md similarity index 84% rename from cpp/ql/lib/change-notes/2022-02-21-structured-binding-data.md rename to cpp/ql/lib/change-notes/released/0.0.10.md index 999cbd83d182..aa49a7c2ff2d 100644 --- a/cpp/ql/lib/change-notes/2022-02-21-structured-binding-data.md +++ b/cpp/ql/lib/change-notes/released/0.0.10.md @@ -1,4 +1,5 @@ ---- -category: feature ---- +## 0.0.10 + +### New Features + * Added a `isStructuredBinding` predicate to the `Variable` class which holds when the variable is declared as part of a structured binding declaration. diff --git a/cpp/ql/lib/codeql-pack.release.yml b/cpp/ql/lib/codeql-pack.release.yml index ecdd64fbab86..b740014e5aed 100644 --- a/cpp/ql/lib/codeql-pack.release.yml +++ b/cpp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.9 +lastReleaseVersion: 0.0.10 diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index 4424055e172f..fe2ce10e49b8 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 0.0.10-dev +version: 0.0.11-dev groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md index 2a5e4775e180..283c0a929967 100644 --- a/cpp/ql/src/CHANGELOG.md +++ b/cpp/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.0.10 + +### Deprecated Classes + +* The `CodeDuplication.Copy`, `CodeDuplication.DuplicateBlock`, and `CodeDuplication.SimilarBlock` classes have been deprecated. + ## 0.0.9 ### New Queries diff --git a/cpp/ql/src/change-notes/2022-02-11-code-duplication.md b/cpp/ql/src/change-notes/released/0.0.10.md similarity index 78% rename from cpp/ql/src/change-notes/2022-02-11-code-duplication.md rename to cpp/ql/src/change-notes/released/0.0.10.md index e9f676022b7d..9ee2cd7e2cbc 100644 --- a/cpp/ql/src/change-notes/2022-02-11-code-duplication.md +++ b/cpp/ql/src/change-notes/released/0.0.10.md @@ -1,4 +1,5 @@ ---- -category: deprecated ---- +## 0.0.10 + +### Deprecated Classes + * The `CodeDuplication.Copy`, `CodeDuplication.DuplicateBlock`, and `CodeDuplication.SimilarBlock` classes have been deprecated. diff --git a/cpp/ql/src/codeql-pack.release.yml b/cpp/ql/src/codeql-pack.release.yml index ecdd64fbab86..b740014e5aed 100644 --- a/cpp/ql/src/codeql-pack.release.yml +++ b/cpp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.9 +lastReleaseVersion: 0.0.10 diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index ca4d832566fb..78d0169a538b 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 0.0.10-dev +version: 0.0.11-dev groups: - cpp - queries diff --git a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md index e6ee473d3957..229de9908436 100644 --- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md @@ -1,3 +1,5 @@ +## 1.0.4 + ## 1.0.3 ## 1.0.2 diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.0.4.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.0.4.md new file mode 100644 index 000000000000..8f1e57bce598 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.0.4.md @@ -0,0 +1 @@ +## 1.0.4 diff --git a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml index 06fa75b96cbc..03f7ea71b58e 100644 --- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.3 +lastReleaseVersion: 1.0.4 diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index 7c9df44253cd..97b3f928fa95 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.0.4-dev +version: 1.0.5-dev groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md index e6ee473d3957..229de9908436 100644 --- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md @@ -1,3 +1,5 @@ +## 1.0.4 + ## 1.0.3 ## 1.0.2 diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.0.4.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.0.4.md new file mode 100644 index 000000000000..8f1e57bce598 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.0.4.md @@ -0,0 +1 @@ +## 1.0.4 diff --git a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml index 06fa75b96cbc..03f7ea71b58e 100644 --- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.3 +lastReleaseVersion: 1.0.4 diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index 45e39cb9a9d0..e428de5b82db 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.0.4-dev +version: 1.0.5-dev groups: - csharp - solorigate diff --git a/csharp/ql/lib/CHANGELOG.md b/csharp/ql/lib/CHANGELOG.md index 761175ca743a..193709d12601 100644 --- a/csharp/ql/lib/CHANGELOG.md +++ b/csharp/ql/lib/CHANGELOG.md @@ -1,3 +1,5 @@ +## 0.0.10 + ## 0.0.9 ### Major Analysis Improvements diff --git a/csharp/ql/lib/change-notes/released/0.0.10.md b/csharp/ql/lib/change-notes/released/0.0.10.md new file mode 100644 index 000000000000..979029c01626 --- /dev/null +++ b/csharp/ql/lib/change-notes/released/0.0.10.md @@ -0,0 +1 @@ +## 0.0.10 diff --git a/csharp/ql/lib/codeql-pack.release.yml b/csharp/ql/lib/codeql-pack.release.yml index ecdd64fbab86..b740014e5aed 100644 --- a/csharp/ql/lib/codeql-pack.release.yml +++ b/csharp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.9 +lastReleaseVersion: 0.0.10 diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index e38e027bbb97..786e7dcd2aa1 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 0.0.10-dev +version: 0.0.11-dev groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/CHANGELOG.md b/csharp/ql/src/CHANGELOG.md index 0de57f8d135b..ce70794f289a 100644 --- a/csharp/ql/src/CHANGELOG.md +++ b/csharp/ql/src/CHANGELOG.md @@ -1,3 +1,10 @@ +## 0.0.10 + +### Query Metadata Changes + +* The precision of hardcoded credentials queries (`cs/hardcoded-credentials` and +`cs/hardcoded-connection-string-credentials`) have been downgraded to medium. + ## 0.0.9 ## 0.0.8 diff --git a/csharp/ql/src/change-notes/2022-02-15-hardcoded-credentials-downgrade.md b/csharp/ql/src/change-notes/2022-02-15-hardcoded-credentials-downgrade.md deleted file mode 100644 index a33c09ab18d7..000000000000 --- a/csharp/ql/src/change-notes/2022-02-15-hardcoded-credentials-downgrade.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: queryMetadata ---- -The precision of hardcoded credentials queries (`cs/hardcoded-credentials` and -`cs/hardcoded-connection-string-credentials`) have been downgraded to medium. \ No newline at end of file diff --git a/csharp/ql/src/change-notes/released/0.0.10.md b/csharp/ql/src/change-notes/released/0.0.10.md new file mode 100644 index 000000000000..9b4d2ccc75f5 --- /dev/null +++ b/csharp/ql/src/change-notes/released/0.0.10.md @@ -0,0 +1,6 @@ +## 0.0.10 + +### Query Metadata Changes + +* The precision of hardcoded credentials queries (`cs/hardcoded-credentials` and +`cs/hardcoded-connection-string-credentials`) have been downgraded to medium. diff --git a/csharp/ql/src/codeql-pack.release.yml b/csharp/ql/src/codeql-pack.release.yml index ecdd64fbab86..b740014e5aed 100644 --- a/csharp/ql/src/codeql-pack.release.yml +++ b/csharp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.9 +lastReleaseVersion: 0.0.10 diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index fe6c62e31b68..4938eea66973 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 0.0.10-dev +version: 0.0.11-dev groups: - csharp - queries diff --git a/java/ql/lib/CHANGELOG.md b/java/ql/lib/CHANGELOG.md index dbdff648dbe9..9d066ac3d17b 100644 --- a/java/ql/lib/CHANGELOG.md +++ b/java/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.0.10 + +### New Features + +* Added predicates `ClassOrInterface.getAPermittedSubtype` and `isSealed` exposing information about sealed classes. + ## 0.0.9 ## 0.0.8 diff --git a/java/ql/lib/change-notes/2022-02-14-sealed-classes-predicates.md b/java/ql/lib/change-notes/released/0.0.10.md similarity index 80% rename from java/ql/lib/change-notes/2022-02-14-sealed-classes-predicates.md rename to java/ql/lib/change-notes/released/0.0.10.md index 294897514ceb..17a23f74068d 100644 --- a/java/ql/lib/change-notes/2022-02-14-sealed-classes-predicates.md +++ b/java/ql/lib/change-notes/released/0.0.10.md @@ -1,4 +1,5 @@ ---- -category: feature ---- +## 0.0.10 + +### New Features + * Added predicates `ClassOrInterface.getAPermittedSubtype` and `isSealed` exposing information about sealed classes. diff --git a/java/ql/lib/codeql-pack.release.yml b/java/ql/lib/codeql-pack.release.yml index ecdd64fbab86..b740014e5aed 100644 --- a/java/ql/lib/codeql-pack.release.yml +++ b/java/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.9 +lastReleaseVersion: 0.0.10 diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index 7c06a164ee9a..694ff8074033 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 0.0.10-dev +version: 0.0.11-dev groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/CHANGELOG.md b/java/ql/src/CHANGELOG.md index e769bcddb4fa..72a5dc970645 100644 --- a/java/ql/src/CHANGELOG.md +++ b/java/ql/src/CHANGELOG.md @@ -1,3 +1,20 @@ +## 0.0.10 + +### Breaking Changes + +* Add more classes to Netty request/response splitting. Change identification to `java/netty-http-request-or-response-splitting`. + Identify request splitting differently from response splitting in query results. + Support addional classes: + * `io.netty.handler.codec.http.CombinedHttpHeaders` + * `io.netty.handler.codec.http.DefaultHttpRequest` + * `io.netty.handler.codec.http.DefaultFullHttpRequest` + +### New Queries + +* A new query titled "Local information disclosure in a temporary directory" (`java/local-temp-file-or-directory-information-disclosure`) has been added. + This query finds uses of APIs that leak potentially sensitive information to other local users via the system temporary directory. + This query was originally [submitted as query by @JLLeitschuh](https://github.com/github/codeql/pull/4388). + ## 0.0.9 ### New Queries diff --git a/java/ql/src/change-notes/2021-01-02-netty-response-splitting-improve.md b/java/ql/src/change-notes/2021-01-02-netty-response-splitting-improve.md deleted file mode 100644 index 3aba8c9581e7..000000000000 --- a/java/ql/src/change-notes/2021-01-02-netty-response-splitting-improve.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -category: breaking ---- -* Add more classes to Netty request/response splitting. Change identification to `java/netty-http-request-or-response-splitting`. - Identify request splitting differently from response splitting in query results. - Support addional classes: - * `io.netty.handler.codec.http.CombinedHttpHeaders` - * `io.netty.handler.codec.http.DefaultHttpRequest` - * `io.netty.handler.codec.http.DefaultFullHttpRequest` diff --git a/java/ql/src/change-notes/2022-02-04-local-temp-file-or-directory-information-disclosure.md b/java/ql/src/change-notes/2022-02-04-local-temp-file-or-directory-information-disclosure.md deleted file mode 100644 index 23f3a476e793..000000000000 --- a/java/ql/src/change-notes/2022-02-04-local-temp-file-or-directory-information-disclosure.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -category: newQuery ---- -* A new query titled "Local information disclosure in a temporary directory" (`java/local-temp-file-or-directory-information-disclosure`) has been added. - This query finds uses of APIs that leak potentially sensitive information to other local users via the system temporary directory. - This query was originally [submitted as query by @JLLeitschuh](https://github.com/github/codeql/pull/4388). \ No newline at end of file diff --git a/java/ql/src/change-notes/released/0.0.10.md b/java/ql/src/change-notes/released/0.0.10.md new file mode 100644 index 000000000000..0b868cd5dce3 --- /dev/null +++ b/java/ql/src/change-notes/released/0.0.10.md @@ -0,0 +1,16 @@ +## 0.0.10 + +### Breaking Changes + +* Add more classes to Netty request/response splitting. Change identification to `java/netty-http-request-or-response-splitting`. + Identify request splitting differently from response splitting in query results. + Support addional classes: + * `io.netty.handler.codec.http.CombinedHttpHeaders` + * `io.netty.handler.codec.http.DefaultHttpRequest` + * `io.netty.handler.codec.http.DefaultFullHttpRequest` + +### New Queries + +* A new query titled "Local information disclosure in a temporary directory" (`java/local-temp-file-or-directory-information-disclosure`) has been added. + This query finds uses of APIs that leak potentially sensitive information to other local users via the system temporary directory. + This query was originally [submitted as query by @JLLeitschuh](https://github.com/github/codeql/pull/4388). diff --git a/java/ql/src/codeql-pack.release.yml b/java/ql/src/codeql-pack.release.yml index ecdd64fbab86..b740014e5aed 100644 --- a/java/ql/src/codeql-pack.release.yml +++ b/java/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.9 +lastReleaseVersion: 0.0.10 diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index f22255940082..4be8ebddff72 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 0.0.10-dev +version: 0.0.11-dev groups: - java - queries diff --git a/javascript/ql/lib/CHANGELOG.md b/javascript/ql/lib/CHANGELOG.md index 31ae8e8b3e06..b7b52ff7c15f 100644 --- a/javascript/ql/lib/CHANGELOG.md +++ b/javascript/ql/lib/CHANGELOG.md @@ -1,3 +1,5 @@ +## 0.0.11 + ## 0.0.10 ## 0.0.9 diff --git a/javascript/ql/lib/change-notes/released/0.0.11.md b/javascript/ql/lib/change-notes/released/0.0.11.md new file mode 100644 index 000000000000..eba254bd51fb --- /dev/null +++ b/javascript/ql/lib/change-notes/released/0.0.11.md @@ -0,0 +1 @@ +## 0.0.11 diff --git a/javascript/ql/lib/codeql-pack.release.yml b/javascript/ql/lib/codeql-pack.release.yml index b740014e5aed..e679dc420925 100644 --- a/javascript/ql/lib/codeql-pack.release.yml +++ b/javascript/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.10 +lastReleaseVersion: 0.0.11 diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index bce145e72e1c..70fbb4bac8f1 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 0.0.11-dev +version: 0.0.12-dev groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/CHANGELOG.md b/javascript/ql/src/CHANGELOG.md index d7257168de8c..af7e04b0c8a7 100644 --- a/javascript/ql/src/CHANGELOG.md +++ b/javascript/ql/src/CHANGELOG.md @@ -1,3 +1,25 @@ +## 0.0.11 + +### New Queries + +* A new query, `js/functionality-from-untrusted-source`, has been added to the query suite. It finds DOM elements + that load functionality from untrusted sources, like `script` or `iframe` elements using `http` links. + The query is run by default. + +### Query Metadata Changes + +* The `js/request-forgery` query previously flagged both server-side and client-side request forgery, + but these are now handled by two different queries: + * `js/request-forgery` is now specific to server-side request forgery. Its precision has been raised to + `high` and is now shown by default (it was previously in the `security-extended` suite). + * `js/client-side-request-forgery` is specific to client-side request forgery. This is technically a new query + but simply flags a subset of what the old query did. + This has precision `medium` and is part of the `security-extended` suite. + +### Minor Analysis Improvements + +* Added dataflow through the [`snapdragon`](https://npmjs.com/package/snapdragon) library. + ## 0.0.10 ### New Queries diff --git a/javascript/ql/src/change-notes/2022-02-10-snapdragon.md b/javascript/ql/src/change-notes/2022-02-10-snapdragon.md deleted file mode 100644 index e7445eb85e47..000000000000 --- a/javascript/ql/src/change-notes/2022-02-10-snapdragon.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added dataflow through the [`snapdragon`](https://npmjs.com/package/snapdragon) library. \ No newline at end of file diff --git a/javascript/ql/src/change-notes/2022-02-14-functionality-from-untrusted-source.md b/javascript/ql/src/change-notes/2022-02-14-functionality-from-untrusted-source.md deleted file mode 100644 index 03f7e81c1d73..000000000000 --- a/javascript/ql/src/change-notes/2022-02-14-functionality-from-untrusted-source.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -category: newQuery ---- -* A new query, `js/functionality-from-untrusted-source`, has been added to the query suite. It finds DOM elements - that load functionality from untrusted sources, like `script` or `iframe` elements using `http` links. - The query is run by default. \ No newline at end of file diff --git a/javascript/ql/src/change-notes/2022-02-16-split-request-forgery.md b/javascript/ql/src/change-notes/released/0.0.11.md similarity index 58% rename from javascript/ql/src/change-notes/2022-02-16-split-request-forgery.md rename to javascript/ql/src/change-notes/released/0.0.11.md index 82aa3af24ffc..ea4c2283773a 100644 --- a/javascript/ql/src/change-notes/2022-02-16-split-request-forgery.md +++ b/javascript/ql/src/change-notes/released/0.0.11.md @@ -1,6 +1,13 @@ ---- -category: queryMetadata ---- +## 0.0.11 + +### New Queries + +* A new query, `js/functionality-from-untrusted-source`, has been added to the query suite. It finds DOM elements + that load functionality from untrusted sources, like `script` or `iframe` elements using `http` links. + The query is run by default. + +### Query Metadata Changes + * The `js/request-forgery` query previously flagged both server-side and client-side request forgery, but these are now handled by two different queries: * `js/request-forgery` is now specific to server-side request forgery. Its precision has been raised to @@ -8,3 +15,7 @@ category: queryMetadata * `js/client-side-request-forgery` is specific to client-side request forgery. This is technically a new query but simply flags a subset of what the old query did. This has precision `medium` and is part of the `security-extended` suite. + +### Minor Analysis Improvements + +* Added dataflow through the [`snapdragon`](https://npmjs.com/package/snapdragon) library. diff --git a/javascript/ql/src/codeql-pack.release.yml b/javascript/ql/src/codeql-pack.release.yml index b740014e5aed..e679dc420925 100644 --- a/javascript/ql/src/codeql-pack.release.yml +++ b/javascript/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.10 +lastReleaseVersion: 0.0.11 diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index 6ec78f2d55b7..c5a820194cae 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 0.0.11-dev +version: 0.0.12-dev groups: - javascript - queries diff --git a/python/ql/lib/CHANGELOG.md b/python/ql/lib/CHANGELOG.md index 6bbd554af1ea..c3e5859574b9 100644 --- a/python/ql/lib/CHANGELOG.md +++ b/python/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.0.10 + +### Deprecated APIs + +* The old points-to based modeling has been deprecated. Use the new type-tracking/API-graphs based modeling instead. + ## 0.0.9 ## 0.0.8 diff --git a/python/ql/lib/change-notes/2022-01-19-deprecate-old-library-modeling.md b/python/ql/lib/change-notes/released/0.0.10.md similarity index 78% rename from python/ql/lib/change-notes/2022-01-19-deprecate-old-library-modeling.md rename to python/ql/lib/change-notes/released/0.0.10.md index 969e398931b1..3e485f114774 100644 --- a/python/ql/lib/change-notes/2022-01-19-deprecate-old-library-modeling.md +++ b/python/ql/lib/change-notes/released/0.0.10.md @@ -1,4 +1,5 @@ ---- -category: deprecated ---- +## 0.0.10 + +### Deprecated APIs + * The old points-to based modeling has been deprecated. Use the new type-tracking/API-graphs based modeling instead. diff --git a/python/ql/lib/codeql-pack.release.yml b/python/ql/lib/codeql-pack.release.yml index ecdd64fbab86..b740014e5aed 100644 --- a/python/ql/lib/codeql-pack.release.yml +++ b/python/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.9 +lastReleaseVersion: 0.0.10 diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index bce626bd1abd..0c72ef23386e 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 0.0.10-dev +version: 0.0.11-dev groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/CHANGELOG.md b/python/ql/src/CHANGELOG.md index 0e4896756cf3..d0bd0e98da3d 100644 --- a/python/ql/src/CHANGELOG.md +++ b/python/ql/src/CHANGELOG.md @@ -1,3 +1,10 @@ +## 0.0.10 + +### New Queries + +* The query "LDAP query built from user-controlled sources" (`py/ldap-injection`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @jorgectf](https://github.com/github/codeql/pull/5443). +* The query "Log Injection" (`py/log-injection`) has been promoted from experimental to the main query pack. Its results will now appear when `security-extended` is used. This query was originally [submitted as an experimental query by @haby0](https://github.com/github/codeql/pull/6182). + ## 0.0.9 ### Bug Fixes diff --git a/python/ql/src/change-notes/2022-02-25-promote-log-injection.md b/python/ql/src/change-notes/2022-02-25-promote-log-injection.md deleted file mode 100644 index 79d3aa23ab72..000000000000 --- a/python/ql/src/change-notes/2022-02-25-promote-log-injection.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: newQuery ---- -* The query "Log Injection" (`py/log-injection`) has been promoted from experimental to the main query pack. Its results will now appear when `security-extended` is used. This query was originally [submitted as an experimental query by @haby0](https://github.com/github/codeql/pull/6182). diff --git a/python/ql/src/change-notes/2022-02-28-promote-ldap-injection.md b/python/ql/src/change-notes/2022-02-28-promote-ldap-injection.md deleted file mode 100644 index abdb933fe2a6..000000000000 --- a/python/ql/src/change-notes/2022-02-28-promote-ldap-injection.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: newQuery ---- -* The query "LDAP query built from user-controlled sources" (`py/ldap-injection`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @jorgectf](https://github.com/github/codeql/pull/5443). diff --git a/python/ql/src/change-notes/released/0.0.10.md b/python/ql/src/change-notes/released/0.0.10.md new file mode 100644 index 000000000000..47b2f749219b --- /dev/null +++ b/python/ql/src/change-notes/released/0.0.10.md @@ -0,0 +1,6 @@ +## 0.0.10 + +### New Queries + +* The query "LDAP query built from user-controlled sources" (`py/ldap-injection`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @jorgectf](https://github.com/github/codeql/pull/5443). +* The query "Log Injection" (`py/log-injection`) has been promoted from experimental to the main query pack. Its results will now appear when `security-extended` is used. This query was originally [submitted as an experimental query by @haby0](https://github.com/github/codeql/pull/6182). diff --git a/python/ql/src/codeql-pack.release.yml b/python/ql/src/codeql-pack.release.yml index ecdd64fbab86..b740014e5aed 100644 --- a/python/ql/src/codeql-pack.release.yml +++ b/python/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.9 +lastReleaseVersion: 0.0.10 diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index ee2e09bf9606..a3c02f6ac5eb 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 0.0.10-dev +version: 0.0.11-dev groups: - python - queries diff --git a/ruby/ql/lib/CHANGELOG.md b/ruby/ql/lib/CHANGELOG.md index 56e699dfe015..1375344ef2c8 100644 --- a/ruby/ql/lib/CHANGELOG.md +++ b/ruby/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.0.10 + +### Minor Analysis Improvements + +* Added `FileSystemWriteAccess` concept to model data written to the filesystem. + ## 0.0.9 ## 0.0.8 diff --git a/ruby/ql/lib/change-notes/2022-02-20-file-system-write-access.md b/ruby/ql/lib/change-notes/released/0.0.10.md similarity index 64% rename from ruby/ql/lib/change-notes/2022-02-20-file-system-write-access.md rename to ruby/ql/lib/change-notes/released/0.0.10.md index 9e386c1908f3..947bc1b318ba 100644 --- a/ruby/ql/lib/change-notes/2022-02-20-file-system-write-access.md +++ b/ruby/ql/lib/change-notes/released/0.0.10.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 0.0.10 + +### Minor Analysis Improvements + * Added `FileSystemWriteAccess` concept to model data written to the filesystem. diff --git a/ruby/ql/lib/codeql-pack.release.yml b/ruby/ql/lib/codeql-pack.release.yml index ecdd64fbab86..b740014e5aed 100644 --- a/ruby/ql/lib/codeql-pack.release.yml +++ b/ruby/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.9 +lastReleaseVersion: 0.0.10 diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index 04d55b7ffdf4..5df0af6975b8 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 0.0.10-dev +version: 0.0.11-dev groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/CHANGELOG.md b/ruby/ql/src/CHANGELOG.md index 87fcfbf935f4..6be0a65018d9 100644 --- a/ruby/ql/src/CHANGELOG.md +++ b/ruby/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.0.10 + +### New Queries + +* Added a new query, `rb/clear-text-logging-sensitive-data`. The query finds cases where sensitive information, such as user credentials, are logged as cleartext. + ## 0.0.9 ## 0.0.8 diff --git a/ruby/ql/src/change-notes/2022-01-28-rb-clear-text-logging-sensitive-data.md b/ruby/ql/src/change-notes/released/0.0.10.md similarity index 85% rename from ruby/ql/src/change-notes/2022-01-28-rb-clear-text-logging-sensitive-data.md rename to ruby/ql/src/change-notes/released/0.0.10.md index 50ead197b580..353c9174664f 100644 --- a/ruby/ql/src/change-notes/2022-01-28-rb-clear-text-logging-sensitive-data.md +++ b/ruby/ql/src/change-notes/released/0.0.10.md @@ -1,4 +1,5 @@ ---- -category: newQuery ---- +## 0.0.10 + +### New Queries + * Added a new query, `rb/clear-text-logging-sensitive-data`. The query finds cases where sensitive information, such as user credentials, are logged as cleartext. diff --git a/ruby/ql/src/codeql-pack.release.yml b/ruby/ql/src/codeql-pack.release.yml index ecdd64fbab86..b740014e5aed 100644 --- a/ruby/ql/src/codeql-pack.release.yml +++ b/ruby/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.9 +lastReleaseVersion: 0.0.10 diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index 3616007ddd8f..b32ee154870c 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 0.0.10-dev +version: 0.0.11-dev groups: - ruby - queries