From 1f1b364feb81ed98993df7d36e625042bb5ea58e Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Wed, 25 May 2022 07:46:48 +0000 Subject: [PATCH 1/6] Release preparation for version 2.9.3 --- cpp/ql/lib/CHANGELOG.md | 10 ++++++++++ .../2022-04-12-if-and-switch-initializers.md | 4 ---- .../2022-05-11-deprecated-analysed-string.md | 4 ---- cpp/ql/lib/change-notes/released/0.2.2.md | 9 +++++++++ cpp/ql/lib/codeql-pack.release.yml | 2 +- cpp/ql/lib/qlpack.yml | 2 +- cpp/ql/src/CHANGELOG.md | 7 +++++++ .../2022-04-12-unused-local-variable.md | 4 ---- .../2022-05-12-external-entity-expansion.md | 4 ---- cpp/ql/src/change-notes/released/0.1.3.md | 6 ++++++ cpp/ql/src/codeql-pack.release.yml | 2 +- cpp/ql/src/qlpack.yml | 2 +- csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md | 2 ++ .../lib/change-notes/released/1.1.3.md | 1 + .../Solorigate/lib/codeql-pack.release.yml | 2 +- csharp/ql/campaigns/Solorigate/lib/qlpack.yml | 2 +- csharp/ql/campaigns/Solorigate/src/CHANGELOG.md | 2 ++ .../src/change-notes/released/1.1.3.md | 1 + .../Solorigate/src/codeql-pack.release.yml | 2 +- csharp/ql/campaigns/Solorigate/src/qlpack.yml | 2 +- csharp/ql/lib/CHANGELOG.md | 2 ++ csharp/ql/lib/change-notes/released/0.2.2.md | 1 + csharp/ql/lib/codeql-pack.release.yml | 2 +- csharp/ql/lib/qlpack.yml | 2 +- csharp/ql/src/CHANGELOG.md | 2 ++ csharp/ql/src/change-notes/released/0.1.3.md | 1 + csharp/ql/src/codeql-pack.release.yml | 2 +- csharp/ql/src/qlpack.yml | 2 +- go/ql/lib/CHANGELOG.md | 2 ++ go/ql/lib/change-notes/released/0.1.3.md | 1 + go/ql/lib/codeql-pack.release.yml | 2 +- go/ql/lib/qlpack.yml | 2 +- go/ql/src/CHANGELOG.md | 2 ++ go/ql/src/change-notes/released/0.1.3.md | 1 + go/ql/src/codeql-pack.release.yml | 2 +- go/ql/src/qlpack.yml | 2 +- java/ql/lib/CHANGELOG.md | 11 +++++++++++ .../2022-05-16-floating-point-literal-rename.md | 4 ---- .../0.2.2.md} | 13 +++++++++---- java/ql/lib/codeql-pack.release.yml | 2 +- java/ql/lib/qlpack.yml | 2 +- java/ql/src/CHANGELOG.md | 16 +++++++++++++++- java/ql/src/change-notes/2022-03-03-redos.md | 6 ------ .../0.1.3.md} | 12 +++++++++--- java/ql/src/codeql-pack.release.yml | 2 +- java/ql/src/qlpack.yml | 2 +- javascript/ql/lib/CHANGELOG.md | 6 ++++++ .../0.1.3.md} | 7 ++++--- javascript/ql/lib/codeql-pack.release.yml | 2 +- javascript/ql/lib/qlpack.yml | 2 +- javascript/ql/src/CHANGELOG.md | 9 +++++++++ .../2022-01-18-insecure-temporary-file.md | 4 ---- .../0.1.3.md} | 8 +++++--- javascript/ql/src/codeql-pack.release.yml | 2 +- javascript/ql/src/qlpack.yml | 2 +- python/ql/lib/CHANGELOG.md | 6 ++++++ .../0.4.0.md} | 7 ++++--- python/ql/lib/codeql-pack.release.yml | 2 +- python/ql/lib/qlpack.yml | 2 +- python/ql/src/CHANGELOG.md | 6 ++++++ .../0.1.3.md} | 7 ++++--- python/ql/src/codeql-pack.release.yml | 2 +- python/ql/src/qlpack.yml | 2 +- ruby/ql/lib/CHANGELOG.md | 11 +++++++++++ .../2022-05-01-safe-navigation-operator.md | 4 ---- .../change-notes/2022-05-19-hashes-data-flow.md | 4 ---- ...2022-05-23-flow-through-instance-variables.md | 4 ---- ruby/ql/lib/change-notes/released/0.2.2.md | 10 ++++++++++ ruby/ql/lib/codeql-pack.release.yml | 2 +- ruby/ql/lib/qlpack.yml | 2 +- ruby/ql/src/CHANGELOG.md | 2 ++ ruby/ql/src/change-notes/released/0.1.3.md | 1 + ruby/ql/src/codeql-pack.release.yml | 2 +- ruby/ql/src/qlpack.yml | 2 +- 74 files changed, 194 insertions(+), 94 deletions(-) delete mode 100644 cpp/ql/lib/change-notes/2022-04-12-if-and-switch-initializers.md delete mode 100644 cpp/ql/lib/change-notes/2022-05-11-deprecated-analysed-string.md create mode 100644 cpp/ql/lib/change-notes/released/0.2.2.md delete mode 100644 cpp/ql/src/change-notes/2022-04-12-unused-local-variable.md delete mode 100644 cpp/ql/src/change-notes/2022-05-12-external-entity-expansion.md create mode 100644 cpp/ql/src/change-notes/released/0.1.3.md create mode 100644 csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.1.3.md create mode 100644 csharp/ql/campaigns/Solorigate/src/change-notes/released/1.1.3.md create mode 100644 csharp/ql/lib/change-notes/released/0.2.2.md create mode 100644 csharp/ql/src/change-notes/released/0.1.3.md create mode 100644 go/ql/lib/change-notes/released/0.1.3.md create mode 100644 go/ql/src/change-notes/released/0.1.3.md delete mode 100644 java/ql/lib/change-notes/2022-05-16-floating-point-literal-rename.md rename java/ql/lib/change-notes/{2022-04-29-intent-redirection-sanitizer-fix.md => released/0.2.2.md} (50%) delete mode 100644 java/ql/src/change-notes/2022-03-03-redos.md rename java/ql/src/change-notes/{2022-05-12-sensitive-log-improvements.md => released/0.1.3.md} (54%) rename javascript/ql/lib/change-notes/{2022-05-24-isLibraryFile.md => released/0.1.3.md} (71%) delete mode 100644 javascript/ql/src/change-notes/2022-01-18-insecure-temporary-file.md rename javascript/ql/src/change-notes/{2022-05-03-actions-injection.md => released/0.1.3.md} (50%) rename python/ql/lib/change-notes/{2022-05-12-moduleimport-disallow-dots.md => released/0.4.0.md} (92%) rename python/ql/src/change-notes/{2022-05-10-promote-pam-authentication-bypass.md => released/0.1.3.md} (92%) delete mode 100644 ruby/ql/lib/change-notes/2022-05-01-safe-navigation-operator.md delete mode 100644 ruby/ql/lib/change-notes/2022-05-19-hashes-data-flow.md delete mode 100644 ruby/ql/lib/change-notes/2022-05-23-flow-through-instance-variables.md create mode 100644 ruby/ql/lib/change-notes/released/0.2.2.md create mode 100644 ruby/ql/src/change-notes/released/0.1.3.md diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md index 6f030187ef9b..0ad3f658760e 100644 --- a/cpp/ql/lib/CHANGELOG.md +++ b/cpp/ql/lib/CHANGELOG.md @@ -1,3 +1,13 @@ +## 0.2.2 + +### Deprecated APIs + + * The `AnalysedString` class in the `StringAnalysis` module has been replaced with `AnalyzedString`, to follow our style guide. The old name still exists as a deprecated alias. + +### New Features + +* A `getInitialization` predicate was added to the `ConstexprIfStmt`, `IfStmt`, and `SwitchStmt` classes that yields the C++17-style initializer of the `if` or `switch` statement when it exists. + ## 0.2.1 ## 0.2.0 diff --git a/cpp/ql/lib/change-notes/2022-04-12-if-and-switch-initializers.md b/cpp/ql/lib/change-notes/2022-04-12-if-and-switch-initializers.md deleted file mode 100644 index dcfa69120fa0..000000000000 --- a/cpp/ql/lib/change-notes/2022-04-12-if-and-switch-initializers.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* A `getInitialization` predicate was added to the `ConstexprIfStmt`, `IfStmt`, and `SwitchStmt` classes that yields the C++17-style initializer of the `if` or `switch` statement when it exists. diff --git a/cpp/ql/lib/change-notes/2022-05-11-deprecated-analysed-string.md b/cpp/ql/lib/change-notes/2022-05-11-deprecated-analysed-string.md deleted file mode 100644 index 82626eaf329b..000000000000 --- a/cpp/ql/lib/change-notes/2022-05-11-deprecated-analysed-string.md +++ /dev/null @@ -1,4 +0,0 @@ ---- - category: deprecated ---- - * The `AnalysedString` class in the `StringAnalysis` module has been replaced with `AnalyzedString`, to follow our style guide. The old name still exists as a deprecated alias. diff --git a/cpp/ql/lib/change-notes/released/0.2.2.md b/cpp/ql/lib/change-notes/released/0.2.2.md new file mode 100644 index 000000000000..cd8e654fe18f --- /dev/null +++ b/cpp/ql/lib/change-notes/released/0.2.2.md @@ -0,0 +1,9 @@ +## 0.2.2 + +### Deprecated APIs + + * The `AnalysedString` class in the `StringAnalysis` module has been replaced with `AnalyzedString`, to follow our style guide. The old name still exists as a deprecated alias. + +### New Features + +* A `getInitialization` predicate was added to the `ConstexprIfStmt`, `IfStmt`, and `SwitchStmt` classes that yields the C++17-style initializer of the `if` or `switch` statement when it exists. diff --git a/cpp/ql/lib/codeql-pack.release.yml b/cpp/ql/lib/codeql-pack.release.yml index df29a726bccc..16a06790aa83 100644 --- a/cpp/ql/lib/codeql-pack.release.yml +++ b/cpp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.1 +lastReleaseVersion: 0.2.2 diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index b8488e9ce82f..b2e91f8f7682 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 0.2.2-dev +version: 0.2.2 groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md index 50408aea1040..62b22e4e950c 100644 --- a/cpp/ql/src/CHANGELOG.md +++ b/cpp/ql/src/CHANGELOG.md @@ -1,3 +1,10 @@ +## 0.1.3 + +### Minor Analysis Improvements + +* The "XML external entity expansion" (`cpp/external-entity-expansion`) query precision has been increased to `high`. +* The `cpp/unused-local-variable` no longer ignores functions that include `if` and `switch` statements with C++17-style initializers. + ## 0.1.2 ### Minor Analysis Improvements diff --git a/cpp/ql/src/change-notes/2022-04-12-unused-local-variable.md b/cpp/ql/src/change-notes/2022-04-12-unused-local-variable.md deleted file mode 100644 index d4120401e1a9..000000000000 --- a/cpp/ql/src/change-notes/2022-04-12-unused-local-variable.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The `cpp/unused-local-variable` no longer ignores functions that include `if` and `switch` statements with C++17-style initializers. diff --git a/cpp/ql/src/change-notes/2022-05-12-external-entity-expansion.md b/cpp/ql/src/change-notes/2022-05-12-external-entity-expansion.md deleted file mode 100644 index 7d2f38c5040a..000000000000 --- a/cpp/ql/src/change-notes/2022-05-12-external-entity-expansion.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The "XML external entity expansion" (`cpp/external-entity-expansion`) query precision has been increased to `high`. diff --git a/cpp/ql/src/change-notes/released/0.1.3.md b/cpp/ql/src/change-notes/released/0.1.3.md new file mode 100644 index 000000000000..a65e7d35838e --- /dev/null +++ b/cpp/ql/src/change-notes/released/0.1.3.md @@ -0,0 +1,6 @@ +## 0.1.3 + +### Minor Analysis Improvements + +* The "XML external entity expansion" (`cpp/external-entity-expansion`) query precision has been increased to `high`. +* The `cpp/unused-local-variable` no longer ignores functions that include `if` and `switch` statements with C++17-style initializers. diff --git a/cpp/ql/src/codeql-pack.release.yml b/cpp/ql/src/codeql-pack.release.yml index 6abd14b1ef83..b79d8f9d00a2 100644 --- a/cpp/ql/src/codeql-pack.release.yml +++ b/cpp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.2 +lastReleaseVersion: 0.1.3 diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index b31a20cb12a1..bbdc731d64af 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 0.1.3-dev +version: 0.1.3 groups: - cpp - queries diff --git a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md index a3b06b075db5..8d49a52e30a6 100644 --- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md @@ -1,3 +1,5 @@ +## 1.1.3 + ## 1.1.2 ## 1.1.1 diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.1.3.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.1.3.md new file mode 100644 index 000000000000..7b688219362e --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.1.3.md @@ -0,0 +1 @@ +## 1.1.3 diff --git a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml index 53ab127707fc..35e710ab1bf0 100644 --- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.1.2 +lastReleaseVersion: 1.1.3 diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index ef0192e094a9..63474d8014a5 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.1.3-dev +version: 1.1.3 groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md index a3b06b075db5..8d49a52e30a6 100644 --- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md @@ -1,3 +1,5 @@ +## 1.1.3 + ## 1.1.2 ## 1.1.1 diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.1.3.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.1.3.md new file mode 100644 index 000000000000..7b688219362e --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.1.3.md @@ -0,0 +1 @@ +## 1.1.3 diff --git a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml index 53ab127707fc..35e710ab1bf0 100644 --- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.1.2 +lastReleaseVersion: 1.1.3 diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index d3d0baabf19b..86e98be369c0 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.1.3-dev +version: 1.1.3 groups: - csharp - solorigate diff --git a/csharp/ql/lib/CHANGELOG.md b/csharp/ql/lib/CHANGELOG.md index 17252098beb2..5ef7f456c17a 100644 --- a/csharp/ql/lib/CHANGELOG.md +++ b/csharp/ql/lib/CHANGELOG.md @@ -1,3 +1,5 @@ +## 0.2.2 + ## 0.2.1 ## 0.2.0 diff --git a/csharp/ql/lib/change-notes/released/0.2.2.md b/csharp/ql/lib/change-notes/released/0.2.2.md new file mode 100644 index 000000000000..fc31cbd3d6fb --- /dev/null +++ b/csharp/ql/lib/change-notes/released/0.2.2.md @@ -0,0 +1 @@ +## 0.2.2 diff --git a/csharp/ql/lib/codeql-pack.release.yml b/csharp/ql/lib/codeql-pack.release.yml index df29a726bccc..16a06790aa83 100644 --- a/csharp/ql/lib/codeql-pack.release.yml +++ b/csharp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.1 +lastReleaseVersion: 0.2.2 diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index 2b91ac08704f..a0a8508cba6f 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 0.2.2-dev +version: 0.2.2 groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/CHANGELOG.md b/csharp/ql/src/CHANGELOG.md index 77df7a74581a..a6d0420d782b 100644 --- a/csharp/ql/src/CHANGELOG.md +++ b/csharp/ql/src/CHANGELOG.md @@ -1,3 +1,5 @@ +## 0.1.3 + ## 0.1.2 ## 0.1.1 diff --git a/csharp/ql/src/change-notes/released/0.1.3.md b/csharp/ql/src/change-notes/released/0.1.3.md new file mode 100644 index 000000000000..6d5db835a3ee --- /dev/null +++ b/csharp/ql/src/change-notes/released/0.1.3.md @@ -0,0 +1 @@ +## 0.1.3 diff --git a/csharp/ql/src/codeql-pack.release.yml b/csharp/ql/src/codeql-pack.release.yml index 6abd14b1ef83..b79d8f9d00a2 100644 --- a/csharp/ql/src/codeql-pack.release.yml +++ b/csharp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.2 +lastReleaseVersion: 0.1.3 diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index 873dbdff8c68..e75257f98efa 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 0.1.3-dev +version: 0.1.3 groups: - csharp - queries diff --git a/go/ql/lib/CHANGELOG.md b/go/ql/lib/CHANGELOG.md index 940f3e172513..c6902d6e28ac 100644 --- a/go/ql/lib/CHANGELOG.md +++ b/go/ql/lib/CHANGELOG.md @@ -1,3 +1,5 @@ +## 0.1.3 + ## 0.1.2 ### New Features diff --git a/go/ql/lib/change-notes/released/0.1.3.md b/go/ql/lib/change-notes/released/0.1.3.md new file mode 100644 index 000000000000..6d5db835a3ee --- /dev/null +++ b/go/ql/lib/change-notes/released/0.1.3.md @@ -0,0 +1 @@ +## 0.1.3 diff --git a/go/ql/lib/codeql-pack.release.yml b/go/ql/lib/codeql-pack.release.yml index 6abd14b1ef83..b79d8f9d00a2 100644 --- a/go/ql/lib/codeql-pack.release.yml +++ b/go/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.2 +lastReleaseVersion: 0.1.3 diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index a4bdaa250f85..dcb0afc19faa 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 0.1.3-dev +version: 0.1.3 groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/src/CHANGELOG.md b/go/ql/src/CHANGELOG.md index 421b2fe95158..a7fea1aae538 100644 --- a/go/ql/src/CHANGELOG.md +++ b/go/ql/src/CHANGELOG.md @@ -1,3 +1,5 @@ +## 0.1.3 + ## 0.1.2 ## 0.1.1 diff --git a/go/ql/src/change-notes/released/0.1.3.md b/go/ql/src/change-notes/released/0.1.3.md new file mode 100644 index 000000000000..6d5db835a3ee --- /dev/null +++ b/go/ql/src/change-notes/released/0.1.3.md @@ -0,0 +1 @@ +## 0.1.3 diff --git a/go/ql/src/codeql-pack.release.yml b/go/ql/src/codeql-pack.release.yml index 6abd14b1ef83..b79d8f9d00a2 100644 --- a/go/ql/src/codeql-pack.release.yml +++ b/go/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.2 +lastReleaseVersion: 0.1.3 diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index a1824f99d4ef..273a1e803f0e 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 0.1.3-dev +version: 0.1.3 groups: - go - queries diff --git a/java/ql/lib/CHANGELOG.md b/java/ql/lib/CHANGELOG.md index ee42afab311e..369f96f61d9f 100644 --- a/java/ql/lib/CHANGELOG.md +++ b/java/ql/lib/CHANGELOG.md @@ -1,3 +1,14 @@ +## 0.2.2 + +### Deprecated APIs + +* The QL class `FloatingPointLiteral` has been renamed to `FloatLiteral`. + +### Minor Analysis Improvements + +Fixed a sanitizer of the query `java/android/intent-redirection`. Now, for an intent to be considered +safe against intent redirection, both its package name and class name must be checked. + ## 0.2.1 ### New Features diff --git a/java/ql/lib/change-notes/2022-05-16-floating-point-literal-rename.md b/java/ql/lib/change-notes/2022-05-16-floating-point-literal-rename.md deleted file mode 100644 index a6603a7d4909..000000000000 --- a/java/ql/lib/change-notes/2022-05-16-floating-point-literal-rename.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: deprecated ---- -* The QL class `FloatingPointLiteral` has been renamed to `FloatLiteral`. diff --git a/java/ql/lib/change-notes/2022-04-29-intent-redirection-sanitizer-fix.md b/java/ql/lib/change-notes/released/0.2.2.md similarity index 50% rename from java/ql/lib/change-notes/2022-04-29-intent-redirection-sanitizer-fix.md rename to java/ql/lib/change-notes/released/0.2.2.md index 66fa93ec4db2..78f03ebaded4 100644 --- a/java/ql/lib/change-notes/2022-04-29-intent-redirection-sanitizer-fix.md +++ b/java/ql/lib/change-notes/released/0.2.2.md @@ -1,5 +1,10 @@ ---- -category: minorAnalysis ---- +## 0.2.2 + +### Deprecated APIs + +* The QL class `FloatingPointLiteral` has been renamed to `FloatLiteral`. + +### Minor Analysis Improvements + Fixed a sanitizer of the query `java/android/intent-redirection`. Now, for an intent to be considered -safe against intent redirection, both its package name and class name must be checked. \ No newline at end of file +safe against intent redirection, both its package name and class name must be checked. diff --git a/java/ql/lib/codeql-pack.release.yml b/java/ql/lib/codeql-pack.release.yml index df29a726bccc..16a06790aa83 100644 --- a/java/ql/lib/codeql-pack.release.yml +++ b/java/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.1 +lastReleaseVersion: 0.2.2 diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index c50997eef693..7a7ee41518ad 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 0.2.2-dev +version: 0.2.2 groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/CHANGELOG.md b/java/ql/src/CHANGELOG.md index 33afe7328881..e3cc7e78471a 100644 --- a/java/ql/src/CHANGELOG.md +++ b/java/ql/src/CHANGELOG.md @@ -1,3 +1,17 @@ +## 0.1.3 + +### New Queries + +* Two new queries "Inefficient regular expression" (`java/redos`) and "Polynomial regular expression used on uncontrolled data" (`java/polynomial-redos`) have been added. +These queries help find instances of Regular Expression Denial of Service vulnerabilities. + +### Minor Analysis Improvements + +* Query `java/sensitive-log` has received several improvements. + * It no longer considers usernames as sensitive information. + * The conditions to consider a variable a constant (and therefore exclude it as user-provided sensitive information) have been tightened. + * A sanitizer has been added to handle certain elements introduced by a Kotlin compiler plugin that have deceptive names. + ## 0.1.2 ### Query Metadata Changes @@ -39,7 +53,7 @@ this respect. ### Minor Analysis Improvements -* Updated "Local information disclosure in a temporary directory" (`java/local-temp-file-or-directory-information-disclosure`) to remove false-positives when OS is properly used as logical guard. + * Updated "Local information disclosure in a temporary directory" (`java/local-temp-file-or-directory-information-disclosure`) to remove false-positives when OS is properly used as logical guard. ## 0.0.11 diff --git a/java/ql/src/change-notes/2022-03-03-redos.md b/java/ql/src/change-notes/2022-03-03-redos.md deleted file mode 100644 index daf1dd51be18..000000000000 --- a/java/ql/src/change-notes/2022-03-03-redos.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -category: newQuery ---- - -* Two new queries "Inefficient regular expression" (`java/redos`) and "Polynomial regular expression used on uncontrolled data" (`java/polynomial-redos`) have been added. -These queries help find instances of Regular Expression Denial of Service vulnerabilities. \ No newline at end of file diff --git a/java/ql/src/change-notes/2022-05-12-sensitive-log-improvements.md b/java/ql/src/change-notes/released/0.1.3.md similarity index 54% rename from java/ql/src/change-notes/2022-05-12-sensitive-log-improvements.md rename to java/ql/src/change-notes/released/0.1.3.md index bbd6e58e5897..58ec421c2e3b 100644 --- a/java/ql/src/change-notes/2022-05-12-sensitive-log-improvements.md +++ b/java/ql/src/change-notes/released/0.1.3.md @@ -1,6 +1,12 @@ ---- -category: minorAnalysis ---- +## 0.1.3 + +### New Queries + +* Two new queries "Inefficient regular expression" (`java/redos`) and "Polynomial regular expression used on uncontrolled data" (`java/polynomial-redos`) have been added. +These queries help find instances of Regular Expression Denial of Service vulnerabilities. + +### Minor Analysis Improvements + * Query `java/sensitive-log` has received several improvements. * It no longer considers usernames as sensitive information. * The conditions to consider a variable a constant (and therefore exclude it as user-provided sensitive information) have been tightened. diff --git a/java/ql/src/codeql-pack.release.yml b/java/ql/src/codeql-pack.release.yml index 6abd14b1ef83..b79d8f9d00a2 100644 --- a/java/ql/src/codeql-pack.release.yml +++ b/java/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.2 +lastReleaseVersion: 0.1.3 diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index 821e23b0f204..901f00d6c72c 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 0.1.3-dev +version: 0.1.3 groups: - java - queries diff --git a/javascript/ql/lib/CHANGELOG.md b/javascript/ql/lib/CHANGELOG.md index 2ffafc074a75..c36a02603cc6 100644 --- a/javascript/ql/lib/CHANGELOG.md +++ b/javascript/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.1.3 + +### Minor Analysis Improvements + +* The `isLibaryFile` predicate from `ClassifyFiles.qll` has been renamed to `isLibraryFile` to fix a typo. + ## 0.1.2 ### Deprecated APIs diff --git a/javascript/ql/lib/change-notes/2022-05-24-isLibraryFile.md b/javascript/ql/lib/change-notes/released/0.1.3.md similarity index 71% rename from javascript/ql/lib/change-notes/2022-05-24-isLibraryFile.md rename to javascript/ql/lib/change-notes/released/0.1.3.md index 148de92cb53c..6e8f5be49d9b 100644 --- a/javascript/ql/lib/change-notes/2022-05-24-isLibraryFile.md +++ b/javascript/ql/lib/change-notes/released/0.1.3.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 0.1.3 + +### Minor Analysis Improvements + * The `isLibaryFile` predicate from `ClassifyFiles.qll` has been renamed to `isLibraryFile` to fix a typo. diff --git a/javascript/ql/lib/codeql-pack.release.yml b/javascript/ql/lib/codeql-pack.release.yml index 6abd14b1ef83..b79d8f9d00a2 100644 --- a/javascript/ql/lib/codeql-pack.release.yml +++ b/javascript/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.2 +lastReleaseVersion: 0.1.3 diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index 251489bbc734..b5c1f2c2175e 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 0.1.3-dev +version: 0.1.3 groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/CHANGELOG.md b/javascript/ql/src/CHANGELOG.md index 0854beff86d4..84a3f833c63e 100644 --- a/javascript/ql/src/CHANGELOG.md +++ b/javascript/ql/src/CHANGELOG.md @@ -1,3 +1,12 @@ +## 0.1.3 + +### New Queries + +* The `js/actions/injection` query has been added. It highlights GitHub Actions workflows that may allow an + attacker to execute arbitrary code in the workflow. + The query previously existed an experimental query. +* A new query `js/insecure-temporary-file` has been added. The query detects the creation of temporary files that may be accessible by others users. The query is not run by default. + ## 0.1.2 ### New Queries diff --git a/javascript/ql/src/change-notes/2022-01-18-insecure-temporary-file.md b/javascript/ql/src/change-notes/2022-01-18-insecure-temporary-file.md deleted file mode 100644 index e8713e94b764..000000000000 --- a/javascript/ql/src/change-notes/2022-01-18-insecure-temporary-file.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: newQuery ---- -* A new query `js/insecure-temporary-file` has been added. The query detects the creation of temporary files that may be accessible by others users. The query is not run by default. diff --git a/javascript/ql/src/change-notes/2022-05-03-actions-injection.md b/javascript/ql/src/change-notes/released/0.1.3.md similarity index 50% rename from javascript/ql/src/change-notes/2022-05-03-actions-injection.md rename to javascript/ql/src/change-notes/released/0.1.3.md index 57eda2fc21b4..cc358456260e 100644 --- a/javascript/ql/src/change-notes/2022-05-03-actions-injection.md +++ b/javascript/ql/src/change-notes/released/0.1.3.md @@ -1,6 +1,8 @@ ---- -category: newQuery ---- +## 0.1.3 + +### New Queries + * The `js/actions/injection` query has been added. It highlights GitHub Actions workflows that may allow an attacker to execute arbitrary code in the workflow. The query previously existed an experimental query. +* A new query `js/insecure-temporary-file` has been added. The query detects the creation of temporary files that may be accessible by others users. The query is not run by default. diff --git a/javascript/ql/src/codeql-pack.release.yml b/javascript/ql/src/codeql-pack.release.yml index 6abd14b1ef83..b79d8f9d00a2 100644 --- a/javascript/ql/src/codeql-pack.release.yml +++ b/javascript/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.2 +lastReleaseVersion: 0.1.3 diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index 45b115003917..ed72653103e2 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 0.1.3-dev +version: 0.1.3 groups: - javascript - queries diff --git a/python/ql/lib/CHANGELOG.md b/python/ql/lib/CHANGELOG.md index 8734a5f89ef5..2c9f75c29eda 100644 --- a/python/ql/lib/CHANGELOG.md +++ b/python/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.4.0 + +### Breaking Changes + +`API::moduleImport` no longer has any results for dotted names, such as `API::moduleImport("foo.bar")`. Using `API::moduleImport("foo.bar").getMember("baz").getACall()` previously worked if the Python code was `from foo.bar import baz; baz()`, but not if the code was `import foo.bar; foo.bar.baz()` -- we are making this change to ensure the approach that can handle all cases is always used. + ## 0.3.0 ### Breaking Changes diff --git a/python/ql/lib/change-notes/2022-05-12-moduleimport-disallow-dots.md b/python/ql/lib/change-notes/released/0.4.0.md similarity index 92% rename from python/ql/lib/change-notes/2022-05-12-moduleimport-disallow-dots.md rename to python/ql/lib/change-notes/released/0.4.0.md index 23678871c795..bc3b72185d02 100644 --- a/python/ql/lib/change-notes/2022-05-12-moduleimport-disallow-dots.md +++ b/python/ql/lib/change-notes/released/0.4.0.md @@ -1,4 +1,5 @@ ---- -category: breaking ---- +## 0.4.0 + +### Breaking Changes + `API::moduleImport` no longer has any results for dotted names, such as `API::moduleImport("foo.bar")`. Using `API::moduleImport("foo.bar").getMember("baz").getACall()` previously worked if the Python code was `from foo.bar import baz; baz()`, but not if the code was `import foo.bar; foo.bar.baz()` -- we are making this change to ensure the approach that can handle all cases is always used. diff --git a/python/ql/lib/codeql-pack.release.yml b/python/ql/lib/codeql-pack.release.yml index 95f6e3a0ba6d..458bfbeccffd 100644 --- a/python/ql/lib/codeql-pack.release.yml +++ b/python/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.3.0 +lastReleaseVersion: 0.4.0 diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index 3e239436c034..1ec764551eac 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 0.3.1-dev +version: 0.4.0 groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/CHANGELOG.md b/python/ql/src/CHANGELOG.md index a0c725aeb081..030650268159 100644 --- a/python/ql/src/CHANGELOG.md +++ b/python/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.1.3 + +### New Queries + +* The query "PAM authorization bypass due to incorrect usage" (`py/pam-auth-bypass`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @porcupineyhairs](https://github.com/github/codeql/pull/8595). + ## 0.1.2 ### New Queries diff --git a/python/ql/src/change-notes/2022-05-10-promote-pam-authentication-bypass.md b/python/ql/src/change-notes/released/0.1.3.md similarity index 92% rename from python/ql/src/change-notes/2022-05-10-promote-pam-authentication-bypass.md rename to python/ql/src/change-notes/released/0.1.3.md index e87e717f6099..22234c93b689 100644 --- a/python/ql/src/change-notes/2022-05-10-promote-pam-authentication-bypass.md +++ b/python/ql/src/change-notes/released/0.1.3.md @@ -1,4 +1,5 @@ ---- -category: newQuery ---- +## 0.1.3 + +### New Queries + * The query "PAM authorization bypass due to incorrect usage" (`py/pam-auth-bypass`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @porcupineyhairs](https://github.com/github/codeql/pull/8595). diff --git a/python/ql/src/codeql-pack.release.yml b/python/ql/src/codeql-pack.release.yml index 6abd14b1ef83..b79d8f9d00a2 100644 --- a/python/ql/src/codeql-pack.release.yml +++ b/python/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.2 +lastReleaseVersion: 0.1.3 diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index 9e43fd7246f9..5f5169e9264f 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 0.1.3-dev +version: 0.1.3 groups: - python - queries diff --git a/ruby/ql/lib/CHANGELOG.md b/ruby/ql/lib/CHANGELOG.md index c9f38d77c7d9..1086b078537c 100644 --- a/ruby/ql/lib/CHANGELOG.md +++ b/ruby/ql/lib/CHANGELOG.md @@ -1,3 +1,14 @@ +## 0.2.2 + +### Major Analysis Improvements + +Added data-flow support for [hashes](https://docs.ruby-lang.org/en/3.1/Hash.html). + +### Minor Analysis Improvements + +Support for data flow through instance variables has been added. +Support of the safe navigation operator (`&.`) has been added; there is a new predicate `MethodCall.isSafeNavigation()`. + ## 0.2.1 ### Bug Fixes diff --git a/ruby/ql/lib/change-notes/2022-05-01-safe-navigation-operator.md b/ruby/ql/lib/change-notes/2022-05-01-safe-navigation-operator.md deleted file mode 100644 index bed3c7869e8d..000000000000 --- a/ruby/ql/lib/change-notes/2022-05-01-safe-navigation-operator.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -Support of the safe navigation operator (`&.`) has been added; there is a new predicate `MethodCall.isSafeNavigation()`. diff --git a/ruby/ql/lib/change-notes/2022-05-19-hashes-data-flow.md b/ruby/ql/lib/change-notes/2022-05-19-hashes-data-flow.md deleted file mode 100644 index ff6c64b163de..000000000000 --- a/ruby/ql/lib/change-notes/2022-05-19-hashes-data-flow.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: majorAnalysis ---- -Added data-flow support for [hashes](https://docs.ruby-lang.org/en/3.1/Hash.html). \ No newline at end of file diff --git a/ruby/ql/lib/change-notes/2022-05-23-flow-through-instance-variables.md b/ruby/ql/lib/change-notes/2022-05-23-flow-through-instance-variables.md deleted file mode 100644 index bbb0b4011de4..000000000000 --- a/ruby/ql/lib/change-notes/2022-05-23-flow-through-instance-variables.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -Support for data flow through instance variables has been added. diff --git a/ruby/ql/lib/change-notes/released/0.2.2.md b/ruby/ql/lib/change-notes/released/0.2.2.md new file mode 100644 index 000000000000..bb64916e27b1 --- /dev/null +++ b/ruby/ql/lib/change-notes/released/0.2.2.md @@ -0,0 +1,10 @@ +## 0.2.2 + +### Major Analysis Improvements + +Added data-flow support for [hashes](https://docs.ruby-lang.org/en/3.1/Hash.html). + +### Minor Analysis Improvements + +Support for data flow through instance variables has been added. +Support of the safe navigation operator (`&.`) has been added; there is a new predicate `MethodCall.isSafeNavigation()`. diff --git a/ruby/ql/lib/codeql-pack.release.yml b/ruby/ql/lib/codeql-pack.release.yml index df29a726bccc..16a06790aa83 100644 --- a/ruby/ql/lib/codeql-pack.release.yml +++ b/ruby/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.1 +lastReleaseVersion: 0.2.2 diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index 037c4dddc630..c0dcb2edb687 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 0.2.2-dev +version: 0.2.2 groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/CHANGELOG.md b/ruby/ql/src/CHANGELOG.md index be4af4786d10..c7caad247bc2 100644 --- a/ruby/ql/src/CHANGELOG.md +++ b/ruby/ql/src/CHANGELOG.md @@ -1,3 +1,5 @@ +## 0.1.3 + ## 0.1.2 ## 0.1.1 diff --git a/ruby/ql/src/change-notes/released/0.1.3.md b/ruby/ql/src/change-notes/released/0.1.3.md new file mode 100644 index 000000000000..6d5db835a3ee --- /dev/null +++ b/ruby/ql/src/change-notes/released/0.1.3.md @@ -0,0 +1 @@ +## 0.1.3 diff --git a/ruby/ql/src/codeql-pack.release.yml b/ruby/ql/src/codeql-pack.release.yml index 6abd14b1ef83..b79d8f9d00a2 100644 --- a/ruby/ql/src/codeql-pack.release.yml +++ b/ruby/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.2 +lastReleaseVersion: 0.1.3 diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index 3e176887075c..0602ee70f466 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 0.1.3-dev +version: 0.1.3 groups: - ruby - queries From 673355df65fb1a931f0a6f792d50c3b7503071c5 Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Wed, 25 May 2022 10:02:48 +0200 Subject: [PATCH 2/6] Fix markdown lists --- java/ql/lib/CHANGELOG.md | 4 ++-- java/ql/lib/change-notes/released/0.2.2.md | 4 ++-- python/ql/lib/CHANGELOG.md | 2 +- python/ql/lib/change-notes/released/0.4.0.md | 2 +- ruby/ql/lib/CHANGELOG.md | 6 +++--- ruby/ql/lib/change-notes/released/0.2.2.md | 6 +++--- 6 files changed, 12 insertions(+), 12 deletions(-) diff --git a/java/ql/lib/CHANGELOG.md b/java/ql/lib/CHANGELOG.md index 369f96f61d9f..afad3a84db7a 100644 --- a/java/ql/lib/CHANGELOG.md +++ b/java/ql/lib/CHANGELOG.md @@ -6,8 +6,8 @@ ### Minor Analysis Improvements -Fixed a sanitizer of the query `java/android/intent-redirection`. Now, for an intent to be considered -safe against intent redirection, both its package name and class name must be checked. +* Fixed a sanitizer of the query `java/android/intent-redirection`. Now, for an intent to be considered + safe against intent redirection, both its package name and class name must be checked. ## 0.2.1 diff --git a/java/ql/lib/change-notes/released/0.2.2.md b/java/ql/lib/change-notes/released/0.2.2.md index 78f03ebaded4..407f65f2eeec 100644 --- a/java/ql/lib/change-notes/released/0.2.2.md +++ b/java/ql/lib/change-notes/released/0.2.2.md @@ -6,5 +6,5 @@ ### Minor Analysis Improvements -Fixed a sanitizer of the query `java/android/intent-redirection`. Now, for an intent to be considered -safe against intent redirection, both its package name and class name must be checked. +* Fixed a sanitizer of the query `java/android/intent-redirection`. Now, for an intent to be considered + safe against intent redirection, both its package name and class name must be checked. diff --git a/python/ql/lib/CHANGELOG.md b/python/ql/lib/CHANGELOG.md index 2c9f75c29eda..eb133dc042ff 100644 --- a/python/ql/lib/CHANGELOG.md +++ b/python/ql/lib/CHANGELOG.md @@ -2,7 +2,7 @@ ### Breaking Changes -`API::moduleImport` no longer has any results for dotted names, such as `API::moduleImport("foo.bar")`. Using `API::moduleImport("foo.bar").getMember("baz").getACall()` previously worked if the Python code was `from foo.bar import baz; baz()`, but not if the code was `import foo.bar; foo.bar.baz()` -- we are making this change to ensure the approach that can handle all cases is always used. +* `API::moduleImport` no longer has any results for dotted names, such as `API::moduleImport("foo.bar")`. Using `API::moduleImport("foo.bar").getMember("baz").getACall()` previously worked if the Python code was `from foo.bar import baz; baz()`, but not if the code was `import foo.bar; foo.bar.baz()` -- we are making this change to ensure the approach that can handle all cases is always used. ## 0.3.0 diff --git a/python/ql/lib/change-notes/released/0.4.0.md b/python/ql/lib/change-notes/released/0.4.0.md index bc3b72185d02..d1b7863f68c8 100644 --- a/python/ql/lib/change-notes/released/0.4.0.md +++ b/python/ql/lib/change-notes/released/0.4.0.md @@ -2,4 +2,4 @@ ### Breaking Changes -`API::moduleImport` no longer has any results for dotted names, such as `API::moduleImport("foo.bar")`. Using `API::moduleImport("foo.bar").getMember("baz").getACall()` previously worked if the Python code was `from foo.bar import baz; baz()`, but not if the code was `import foo.bar; foo.bar.baz()` -- we are making this change to ensure the approach that can handle all cases is always used. +* `API::moduleImport` no longer has any results for dotted names, such as `API::moduleImport("foo.bar")`. Using `API::moduleImport("foo.bar").getMember("baz").getACall()` previously worked if the Python code was `from foo.bar import baz; baz()`, but not if the code was `import foo.bar; foo.bar.baz()` -- we are making this change to ensure the approach that can handle all cases is always used. diff --git a/ruby/ql/lib/CHANGELOG.md b/ruby/ql/lib/CHANGELOG.md index 1086b078537c..1cbb554d58b3 100644 --- a/ruby/ql/lib/CHANGELOG.md +++ b/ruby/ql/lib/CHANGELOG.md @@ -2,12 +2,12 @@ ### Major Analysis Improvements -Added data-flow support for [hashes](https://docs.ruby-lang.org/en/3.1/Hash.html). +* Added data-flow support for [hashes](https://docs.ruby-lang.org/en/3.1/Hash.html). ### Minor Analysis Improvements -Support for data flow through instance variables has been added. -Support of the safe navigation operator (`&.`) has been added; there is a new predicate `MethodCall.isSafeNavigation()`. +* Support for data flow through instance variables has been added. +* Support of the safe navigation operator (`&.`) has been added; there is a new predicate `MethodCall.isSafeNavigation()`. ## 0.2.1 diff --git a/ruby/ql/lib/change-notes/released/0.2.2.md b/ruby/ql/lib/change-notes/released/0.2.2.md index bb64916e27b1..9a6456224f9a 100644 --- a/ruby/ql/lib/change-notes/released/0.2.2.md +++ b/ruby/ql/lib/change-notes/released/0.2.2.md @@ -2,9 +2,9 @@ ### Major Analysis Improvements -Added data-flow support for [hashes](https://docs.ruby-lang.org/en/3.1/Hash.html). +* Added data-flow support for [hashes](https://docs.ruby-lang.org/en/3.1/Hash.html). ### Minor Analysis Improvements -Support for data flow through instance variables has been added. -Support of the safe navigation operator (`&.`) has been added; there is a new predicate `MethodCall.isSafeNavigation()`. +* Support for data flow through instance variables has been added. +* Support of the safe navigation operator (`&.`) has been added; there is a new predicate `MethodCall.isSafeNavigation()`. From 009ba4c280ce70bc46b95864eaf383199a684b0a Mon Sep 17 00:00:00 2001 From: Erik Krogh Kristensen Date: Wed, 25 May 2022 10:55:33 +0200 Subject: [PATCH 3/6] update query id to the updated id --- javascript/ql/src/CHANGELOG.md | 2 +- javascript/ql/src/change-notes/released/0.1.3.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/javascript/ql/src/CHANGELOG.md b/javascript/ql/src/CHANGELOG.md index 84a3f833c63e..013d389cb083 100644 --- a/javascript/ql/src/CHANGELOG.md +++ b/javascript/ql/src/CHANGELOG.md @@ -2,7 +2,7 @@ ### New Queries -* The `js/actions/injection` query has been added. It highlights GitHub Actions workflows that may allow an +* The `js/actions/command-injection` query has been added. It highlights GitHub Actions workflows that may allow an attacker to execute arbitrary code in the workflow. The query previously existed an experimental query. * A new query `js/insecure-temporary-file` has been added. The query detects the creation of temporary files that may be accessible by others users. The query is not run by default. diff --git a/javascript/ql/src/change-notes/released/0.1.3.md b/javascript/ql/src/change-notes/released/0.1.3.md index cc358456260e..c7bbff9a68f4 100644 --- a/javascript/ql/src/change-notes/released/0.1.3.md +++ b/javascript/ql/src/change-notes/released/0.1.3.md @@ -2,7 +2,7 @@ ### New Queries -* The `js/actions/injection` query has been added. It highlights GitHub Actions workflows that may allow an +* The `js/actions/command-injection` query has been added. It highlights GitHub Actions workflows that may allow an attacker to execute arbitrary code in the workflow. The query previously existed an experimental query. * A new query `js/insecure-temporary-file` has been added. The query detects the creation of temporary files that may be accessible by others users. The query is not run by default. From 3d072abcff8ef18e75b41bf7f321874338b71081 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Wed, 25 May 2022 13:40:30 +0200 Subject: [PATCH 4/6] Data flow: Fix bad join in `prohibitsUseUseFlow` Before ``` Tuple counts for FlowSummaryImpl::Private::Steps::prohibitsUseUseFlow#1de78b88#ff@fdf8bdrq: 6099 ~0% {2} r1 = SCAN FlowSummaryImpl::Private::isParameterPostUpdate#1de78b88#fff OUTPUT In.2, In.0 787252695 ~2% {3} r2 = JOIN r1 WITH project#DataFlowImplCommon::ParamNode::isParameterOf#dispred#f0820431#fff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, true, Lhs.1 5360462712 ~0% {4} r3 = JOIN r2 WITH FlowSummaryImpl::Private::Steps::summaryLocalStep#1de78b88#ffb_021#join_rhs ON FIRST 2 OUTPUT Rhs.2, Lhs.2, true, Lhs.0 7132 ~2% {2} r4 = JOIN r3 WITH FlowSummaryImpl::Private::Steps::summaryLocalStep#1de78b88#ffb ON FIRST 3 OUTPUT Lhs.0, Lhs.3 5869 ~25% {1} r5 = JOIN r4 WITH DataFlowImplCommon::Cached::clearsContentCached#4f8df883#ff ON FIRST 1 OUTPUT Lhs.1 1263 ~9% {1} r6 = JOIN r4 WITH DataFlowImplCommon::Cached::expectsContentCached#4f8df883#ff ON FIRST 1 OUTPUT Lhs.1 7132 ~52% {1} r7 = r5 UNION r6 29593 ~26% {2} r8 = JOIN r7 WITH project#FlowSummaryImpl::Private::Steps::summaryArgParam0#1de78b88#ffff#2_201#join_rhs ON FIRST 1 OUTPUT Rhs.1, Rhs.2 return r8 ``` After ``` Tuple counts for FlowSummaryImpl::Private::Steps::prohibitsUseUseFlow#1de78b88#ff@aa7a37lj: 6099 ~4% {3} r1 = SCAN FlowSummaryImpl::Private::isParameterPostUpdate#1de78b88#fff OUTPUT In.0, true, In.2 8434 ~5% {2} r2 = JOIN r1 WITH FlowSummaryImpl::Private::Steps::summaryLocalStep#1de78b88#ffb_120#join_rhs ON FIRST 2 OUTPUT Rhs.2, Lhs.2 5869 ~5% {3} r3 = JOIN r2 WITH DataFlowImplCommon::Cached::clearsContentCached#4f8df883#ff ON FIRST 1 OUTPUT Lhs.0, true, Lhs.1 1278 ~6% {3} r4 = JOIN r2 WITH DataFlowImplCommon::Cached::expectsContentCached#4f8df883#ff ON FIRST 1 OUTPUT Lhs.0, true, Lhs.1 7147 ~6% {3} r5 = r3 UNION r4 7147 ~57% {2} r6 = JOIN r5 WITH FlowSummaryImpl::Private::Steps::summaryLocalStep#1de78b88#ffb_120#join_rhs ON FIRST 2 OUTPUT Rhs.2, Lhs.2 5892 ~26% {1} r7 = JOIN r6 WITH project#DataFlowImplCommon::ParamNode::isParameterOf#dispred#f0820431#fff ON FIRST 2 OUTPUT Lhs.0 29589 ~26% {2} r8 = JOIN r7 WITH project#FlowSummaryImpl::Private::Steps::summaryArgParam0#1de78b88#ffff#2_201#join_rhs ON FIRST 1 OUTPUT Rhs.1, Rhs.2 return r8 ``` --- ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImpl.qll | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImpl.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImpl.qll index d907032547d4..400a10741fbb 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImpl.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImpl.qll @@ -777,10 +777,10 @@ module Private { predicate prohibitsUseUseFlow(ArgNode arg, SummarizedCallable sc) { exists(ParamNode p, Node mid, ParameterPosition ppos, Node ret | p = summaryArgParam0(_, arg, sc) and - p.isParameterOf(_, ppos) and + p.isParameterOf(_, pragma[only_bind_into](ppos)) and summaryLocalStep(p, mid, true) and summaryLocalStep(mid, ret, true) and - isParameterPostUpdate(ret, _, ppos) + isParameterPostUpdate(ret, _, pragma[only_bind_into](ppos)) | summaryClearsContent(mid, _) or summaryExpectsContent(mid, _) From 42f05dadc413d9a5a3c8ecbad7872cce8e0d4bc0 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Wed, 25 May 2022 13:42:37 +0200 Subject: [PATCH 5/6] Data flow: Sync files --- .../semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll | 4 ++-- .../semmle/code/java/dataflow/internal/FlowSummaryImpl.qll | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll index d907032547d4..400a10741fbb 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll @@ -777,10 +777,10 @@ module Private { predicate prohibitsUseUseFlow(ArgNode arg, SummarizedCallable sc) { exists(ParamNode p, Node mid, ParameterPosition ppos, Node ret | p = summaryArgParam0(_, arg, sc) and - p.isParameterOf(_, ppos) and + p.isParameterOf(_, pragma[only_bind_into](ppos)) and summaryLocalStep(p, mid, true) and summaryLocalStep(mid, ret, true) and - isParameterPostUpdate(ret, _, ppos) + isParameterPostUpdate(ret, _, pragma[only_bind_into](ppos)) | summaryClearsContent(mid, _) or summaryExpectsContent(mid, _) diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll b/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll index d907032547d4..400a10741fbb 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll @@ -777,10 +777,10 @@ module Private { predicate prohibitsUseUseFlow(ArgNode arg, SummarizedCallable sc) { exists(ParamNode p, Node mid, ParameterPosition ppos, Node ret | p = summaryArgParam0(_, arg, sc) and - p.isParameterOf(_, ppos) and + p.isParameterOf(_, pragma[only_bind_into](ppos)) and summaryLocalStep(p, mid, true) and summaryLocalStep(mid, ret, true) and - isParameterPostUpdate(ret, _, ppos) + isParameterPostUpdate(ret, _, pragma[only_bind_into](ppos)) | summaryClearsContent(mid, _) or summaryExpectsContent(mid, _) From ed2f3409bc4972cd04380b0e4c82cacedb62c7d4 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Tue, 31 May 2022 09:54:55 +0000 Subject: [PATCH 6/6] Post-release preparation for codeql-cli-2.9.3 --- cpp/ql/lib/qlpack.yml | 2 +- cpp/ql/src/qlpack.yml | 2 +- csharp/ql/campaigns/Solorigate/lib/qlpack.yml | 2 +- csharp/ql/campaigns/Solorigate/src/qlpack.yml | 2 +- csharp/ql/lib/qlpack.yml | 2 +- csharp/ql/src/qlpack.yml | 2 +- go/ql/lib/qlpack.yml | 2 +- go/ql/src/qlpack.yml | 2 +- java/ql/lib/qlpack.yml | 2 +- java/ql/src/qlpack.yml | 2 +- javascript/ql/lib/qlpack.yml | 2 +- javascript/ql/src/qlpack.yml | 2 +- python/ql/lib/qlpack.yml | 2 +- python/ql/src/qlpack.yml | 2 +- ruby/ql/lib/qlpack.yml | 2 +- ruby/ql/src/qlpack.yml | 2 +- 16 files changed, 16 insertions(+), 16 deletions(-) diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index b2e91f8f7682..59dbe66d65c2 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 0.2.2 +version: 0.2.3-dev groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index bbdc731d64af..d187cfcc8d1a 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 0.1.3 +version: 0.1.4-dev groups: - cpp - queries diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index 63474d8014a5..742747fdec92 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.1.3 +version: 1.1.4-dev groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index 86e98be369c0..e5ce4bb150af 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.1.3 +version: 1.1.4-dev groups: - csharp - solorigate diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index a0a8508cba6f..3654b3237435 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 0.2.2 +version: 0.2.3-dev groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index e75257f98efa..150101e42409 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 0.1.3 +version: 0.1.4-dev groups: - csharp - queries diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index dcb0afc19faa..d41ea83a94d3 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 0.1.3 +version: 0.1.4-dev groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index 273a1e803f0e..96fa44d23390 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 0.1.3 +version: 0.1.4-dev groups: - go - queries diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index 7a7ee41518ad..4a9cae91dcdd 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 0.2.2 +version: 0.2.3-dev groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index 901f00d6c72c..bfc7bd821e39 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 0.1.3 +version: 0.1.4-dev groups: - java - queries diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index b5c1f2c2175e..1e9804f94541 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 0.1.3 +version: 0.1.4-dev groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index ed72653103e2..c4f7dc6a1039 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 0.1.3 +version: 0.1.4-dev groups: - javascript - queries diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index 1ec764551eac..963ab5fa7027 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 0.4.0 +version: 0.4.1-dev groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index 5f5169e9264f..5f3e42c9a045 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 0.1.3 +version: 0.1.4-dev groups: - python - queries diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index c0dcb2edb687..0550d5592f6b 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 0.2.2 +version: 0.2.3-dev groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index 0602ee70f466..f87eaa9e3ba1 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 0.1.3 +version: 0.1.4-dev groups: - ruby - queries