github · nickrolfe · May 31, 2022 · May 25, 2022 · May 25, 2022 · May 25, 2022
@@ -1,3 +1,13 @@
+## 0.2.2
+
+### Deprecated APIs
+
+ * The `AnalysedString` class in the `StringAnalysis` module has been replaced with `AnalyzedString`, to follow our style guide. The old name still exists as a deprecated alias.
+
+### New Features
+
+* A `getInitialization` predicate was added to the `ConstexprIfStmt`, `IfStmt`, and `SwitchStmt` classes that yields the C++17-style initializer of the `if` or `switch` statement when it exists.
+
 ## 0.2.1
 
 ## 0.2.0

@@ -0,0 +1,9 @@
+## 0.2.2
+
+### Deprecated APIs
+
+ * The `AnalysedString` class in the `StringAnalysis` module has been replaced with `AnalyzedString`, to follow our style guide. The old name still exists as a deprecated alias.
+
+### New Features
+
+* A `getInitialization` predicate was added to the `ConstexprIfStmt`, `IfStmt`, and `SwitchStmt` classes that yields the C++17-style initializer of the `if` or `switch` statement when it exists.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.2.1
+lastReleaseVersion: 0.2.2
@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 0.2.2-dev
+version: 0.2.3-dev
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp

@@ -1,3 +1,10 @@
+## 0.1.3
+
+### Minor Analysis Improvements
+
+* The "XML external entity expansion" (`cpp/external-entity-expansion`) query precision has been increased to `high`.
+* The `cpp/unused-local-variable` no longer ignores functions that include `if` and `switch` statements with C++17-style initializers.
+
 ## 0.1.2
 
 ### Minor Analysis Improvements

@@ -0,0 +1,6 @@
+## 0.1.3
+
+### Minor Analysis Improvements
+
+* The "XML external entity expansion" (`cpp/external-entity-expansion`) query precision has been increased to `high`.
+* The `cpp/unused-local-variable` no longer ignores functions that include `if` and `switch` statements with C++17-style initializers.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.2
+lastReleaseVersion: 0.1.3
@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 0.1.3-dev
+version: 0.1.4-dev
 groups: 
   - cpp
   - queries

@@ -1,3 +1,5 @@
+## 1.1.3
+
 ## 1.1.2
 
 ## 1.1.1

@@ -0,0 +1 @@
+## 1.1.3
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.1.2
+lastReleaseVersion: 1.1.3
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.1.3-dev
+version: 1.1.4-dev
 groups:
     - csharp
     - solorigate

@@ -1,3 +1,5 @@
+## 1.1.3
+
 ## 1.1.2
 
 ## 1.1.1

@@ -0,0 +1 @@
+## 1.1.3
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.1.2
+lastReleaseVersion: 1.1.3
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.1.3-dev
+version: 1.1.4-dev
 groups:
     - csharp
     - solorigate

@@ -1,3 +1,5 @@
+## 0.2.2
+
 ## 0.2.1
 
 ## 0.2.0

@@ -0,0 +1 @@
+## 0.2.2
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.2.1
+lastReleaseVersion: 0.2.2
@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 0.2.2-dev
+version: 0.2.3-dev
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp

@@ -777,10 +777,10 @@ module Private {
     predicate prohibitsUseUseFlow(ArgNode arg, SummarizedCallable sc) {
       exists(ParamNode p, Node mid, ParameterPosition ppos, Node ret |
         p = summaryArgParam0(_, arg, sc) and
-        p.isParameterOf(_, ppos) and
+        p.isParameterOf(_, pragma[only_bind_into](ppos)) and
         summaryLocalStep(p, mid, true) and
         summaryLocalStep(mid, ret, true) and
-        isParameterPostUpdate(ret, _, ppos)
+        isParameterPostUpdate(ret, _, pragma[only_bind_into](ppos))
       |
         summaryClearsContent(mid, _) or
         summaryExpectsContent(mid, _)

@@ -1,3 +1,5 @@
+## 0.1.3
+
 ## 0.1.2
 
 ## 0.1.1

@@ -0,0 +1 @@
+## 0.1.3
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.2
+lastReleaseVersion: 0.1.3
@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 0.1.3-dev
+version: 0.1.4-dev
 groups: 
   - csharp
   - queries

@@ -1,3 +1,5 @@
+## 0.1.3
+
 ## 0.1.2
 
 ### New Features

@@ -0,0 +1 @@
+## 0.1.3
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.2
+lastReleaseVersion: 0.1.3
@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 0.1.3-dev
+version: 0.1.4-dev
 groups: go
 dbscheme: go.dbscheme
 extractor: go

@@ -1,3 +1,5 @@
+## 0.1.3
+
 ## 0.1.2
 
 ## 0.1.1

@@ -0,0 +1 @@
+## 0.1.3
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.2
+lastReleaseVersion: 0.1.3
@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 0.1.3-dev
+version: 0.1.4-dev
 groups:
   - go
   - queries

@@ -1,3 +1,14 @@
+## 0.2.2
+
+### Deprecated APIs
+
+* The QL class `FloatingPointLiteral` has been renamed to `FloatLiteral`.
+
+### Minor Analysis Improvements
+
+* Fixed a sanitizer of the query `java/android/intent-redirection`. Now, for an intent to be considered
+  safe against intent redirection, both its package name and class name must be checked.
+
 ## 0.2.1
 
 ### New Features

@@ -0,0 +1,10 @@
+## 0.2.2
+
+### Deprecated APIs
+
+* The QL class `FloatingPointLiteral` has been renamed to `FloatLiteral`.
+
+### Minor Analysis Improvements
+
+* Fixed a sanitizer of the query `java/android/intent-redirection`. Now, for an intent to be considered
+  safe against intent redirection, both its package name and class name must be checked.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.2.1
+lastReleaseVersion: 0.2.2
@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 0.2.2-dev
+version: 0.2.3-dev
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java

@@ -777,10 +777,10 @@ module Private {
     predicate prohibitsUseUseFlow(ArgNode arg, SummarizedCallable sc) {
       exists(ParamNode p, Node mid, ParameterPosition ppos, Node ret |
         p = summaryArgParam0(_, arg, sc) and
-        p.isParameterOf(_, ppos) and
+        p.isParameterOf(_, pragma[only_bind_into](ppos)) and
         summaryLocalStep(p, mid, true) and
         summaryLocalStep(mid, ret, true) and
-        isParameterPostUpdate(ret, _, ppos)
+        isParameterPostUpdate(ret, _, pragma[only_bind_into](ppos))
       |
         summaryClearsContent(mid, _) or
         summaryExpectsContent(mid, _)

@@ -1,3 +1,17 @@
+## 0.1.3
+
+### New Queries
+
+* Two new queries "Inefficient regular expression" (`java/redos`) and "Polynomial regular expression used on uncontrolled data" (`java/polynomial-redos`) have been added.
+These queries help find instances of Regular Expression Denial of Service vulnerabilities. 
+
+### Minor Analysis Improvements
+
+* Query `java/sensitive-log` has received several improvements.
+  * It no longer considers usernames as sensitive information.
+  * The conditions to consider a variable a constant (and therefore exclude it as user-provided sensitive information) have been tightened.
+  * A sanitizer has been added to handle certain elements introduced by a Kotlin compiler plugin that have deceptive names.
+
 ## 0.1.2
 
 ### Query Metadata Changes
@@ -39,7 +53,7 @@ this respect.
 
 ### Minor Analysis Improvements
 
-* Updated "Local information disclosure in a temporary directory" (`java/local-temp-file-or-directory-information-disclosure`) to remove false-positives when OS is properly used as logical guard.
+ * Updated "Local information disclosure in a temporary directory" (`java/local-temp-file-or-directory-information-disclosure`) to remove false-positives when OS is properly used as logical guard.
 
 ## 0.0.11
 

@@ -1,6 +1,12 @@
----
-category: minorAnalysis
----
+## 0.1.3
+
+### New Queries
+
+* Two new queries "Inefficient regular expression" (`java/redos`) and "Polynomial regular expression used on uncontrolled data" (`java/polynomial-redos`) have been added.
+These queries help find instances of Regular Expression Denial of Service vulnerabilities. 
+
+### Minor Analysis Improvements
+
 * Query `java/sensitive-log` has received several improvements.
   * It no longer considers usernames as sensitive information.
   * The conditions to consider a variable a constant (and therefore exclude it as user-provided sensitive information) have been tightened.

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.2
+lastReleaseVersion: 0.1.3
@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 0.1.3-dev
+version: 0.1.4-dev
 groups: 
   - java
   - queries

@@ -1,3 +1,9 @@
+## 0.1.3
+
+### Minor Analysis Improvements
+
+* The `isLibaryFile` predicate from `ClassifyFiles.qll` has been renamed to `isLibraryFile` to fix a typo. 
+
 ## 0.1.2
 
 ### Deprecated APIs

@@ -1,4 +1,5 @@
----
-category: minorAnalysis
----
+## 0.1.3
+
+### Minor Analysis Improvements
+
 * The `isLibaryFile` predicate from `ClassifyFiles.qll` has been renamed to `isLibraryFile` to fix a typo. 
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.2
+lastReleaseVersion: 0.1.3
@@ -1,5 +1,5 @@
 name: codeql/javascript-all
-version: 0.1.3-dev
+version: 0.1.4-dev
 groups: javascript
 dbscheme: semmlecode.javascript.dbscheme
 extractor: javascript

@@ -1,3 +1,12 @@
+## 0.1.3
+
+### New Queries
+
+* The `js/actions/command-injection` query has been added. It highlights GitHub Actions workflows that may allow an 
+  attacker to execute arbitrary code in the workflow.
+  The query previously existed an experimental query.
+* A new query `js/insecure-temporary-file` has been added. The query detects the creation of temporary files that may be accessible by others users. The query is not run by default. 
+
 ## 0.1.2
 
 ### New Queries

@@ -0,0 +1,8 @@
+## 0.1.3
+
+### New Queries
+
+* The `js/actions/command-injection` query has been added. It highlights GitHub Actions workflows that may allow an 
+  attacker to execute arbitrary code in the workflow.
+  The query previously existed an experimental query.
+* A new query `js/insecure-temporary-file` has been added. The query detects the creation of temporary files that may be accessible by others users. The query is not run by default.