Merge pull request #15416 from github/post-release-prep/codeql-cli-2.…

…16.1 Post-release preparation for codeql-cli-2.16.1
github · Jan 25, 2024 · 10343dd · 10343dd
2 parents fb11e4e + d0b74c0
commit 10343dd
Show file tree

Hide file tree

Showing 157 changed files with 469 additions and 221 deletions.
diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md
@@ -1,3 +1,10 @@
+## 0.12.4
+
+### Minor Analysis Improvements
+
+* Deleted many deprecated predicates and classes with uppercase `XML`, `SSA`, `SAL`, `SQL`, etc. in their names. Use the PascalCased versions instead.
+* Deleted the deprecated `StrcatFunction` class, use `semmle.code.cpp.models.implementations.Strcat.qll` instead.
+
 ## 0.12.3
 
 ### Deprecated APIs

diff --git a/...notes/2024-01-22-outdated-deprecations.md → cpp/ql/lib/change-notes/released/0.12.4.md b/...notes/2024-01-22-outdated-deprecations.md → cpp/ql/lib/change-notes/released/0.12.4.md
@@ -1,5 +1,6 @@
----
-category: minorAnalysis
----
+## 0.12.4
+
+### Minor Analysis Improvements
+
 * Deleted many deprecated predicates and classes with uppercase `XML`, `SSA`, `SAL`, `SQL`, etc. in their names. Use the PascalCased versions instead.
 * Deleted the deprecated `StrcatFunction` class, use `semmle.code.cpp.models.implementations.Strcat.qll` instead.
diff --git a/cpp/ql/lib/codeql-pack.release.yml b/cpp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.12.3
+lastReleaseVersion: 0.12.4
diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 0.12.4-dev
+version: 0.12.5-dev
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp

diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 0.9.3
+
+### Minor Analysis Improvements
+
+* The `cpp/include-non-header` style query will now ignore the `.def` extension for textual header inclusions.
+
 ## 0.9.2
 
 ### New Queries

diff --git a/...2024-01-09-add-exception-to-av-rule-32.md → cpp/ql/src/change-notes/released/0.9.3.md b/...2024-01-09-add-exception-to-av-rule-32.md → cpp/ql/src/change-notes/released/0.9.3.md
@@ -1,4 +1,5 @@
----
-category: minorAnalysis
----
+## 0.9.3
+
+### Minor Analysis Improvements
+
 * The `cpp/include-non-header` style query will now ignore the `.def` extension for textual header inclusions.
diff --git a/cpp/ql/src/codeql-pack.release.yml b/cpp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.9.2
+lastReleaseVersion: 0.9.3
diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 0.9.3-dev
+version: 0.9.4-dev
 groups:
   - cpp
   - queries

diff --git a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 1.7.7
+
+No user-facing changes.
+
 ## 1.7.6
 
 No user-facing changes.

diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.7.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.7.md
@@ -0,0 +1,3 @@
+## 1.7.7
+
+No user-facing changes.
diff --git a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.6
+lastReleaseVersion: 1.7.7
diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.7.7-dev
+version: 1.7.8-dev
 groups:
   - csharp
   - solorigate

diff --git a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 1.7.7
+
+No user-facing changes.
+
 ## 1.7.6
 
 No user-facing changes.

diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.7.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.7.md
@@ -0,0 +1,3 @@
+## 1.7.7
+
+No user-facing changes.
diff --git a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.6
+lastReleaseVersion: 1.7.7
diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.7.7-dev
+version: 1.7.8-dev
 groups:
   - csharp
   - solorigate

diff --git a/csharp/ql/lib/CHANGELOG.md b/csharp/ql/lib/CHANGELOG.md
@@ -1,3 +1,20 @@
+## 0.8.7
+
+### Minor Analysis Improvements
+
+* Deleted many deprecated predicates and classes with uppercase `SSL`, `XML`, `URI`, `SSA` etc. in their names. Use the PascalCased versions instead.
+* Deleted the deprecated `getALocalFlowSucc` predicate and `TaintType` class from the dataflow library.
+* Deleted the deprecated `Newobj` and `Rethrow` classes, use `NewObj` and `ReThrow` instead.
+* Deleted the deprecated `getAFirstRead`, `hasAdjacentReads`, `lastRefBeforeRedef`, and `hasLastInputRef` predicates from the SSA library.
+* Deleted the deprecated `getAReachableRead` predicate from the `AssignableRead` and `VariableRead` classes.
+* Deleted the deprecated `hasQualifiedName` predicate from the `NamedElement` class.
+* C# 12: Add extractor support and QL library support for inline arrays.
+* Fixed a Log forging false positive when logging the value of a nullable simple type. This fix also applies to all other queries that use the simple type sanitizer.
+* The diagnostic query `cs/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned C# files, now considers any C# file seen during extraction, even one with some errors, to be extracted / scanned.
+* Added a new library `semmle.code.csharp.security.dataflow.flowsources.FlowSources`, which provides a new class `ThreatModelFlowSource`. The `ThreatModelFlowSource` class can be used to include sources which match the current *threat model* configuration.
+* A manual neutral summary model for a callable now blocks all generated summary models for that callable from having any effect.
+* C# 12: Add extractor support for lambda expressions with parameter defaults like `(int x, int y = 1) => ...` and lambda expressions with a `param` parameter like `(params int[] x) => ...)`.
+
 ## 0.8.6
 
 ### Minor Analysis Improvements

diff --git a/csharp/ql/lib/change-notes/2024-01-10-lambda-param-defaults.md b/csharp/ql/lib/change-notes/2024-01-10-lambda-param-defaults.md
diff --git a/.../ql/lib/change-notes/2024-01-11-manual-neutral-model-blocks-generated-models.md b/.../ql/lib/change-notes/2024-01-11-manual-neutral-model-blocks-generated-models.md
diff --git a/csharp/ql/lib/change-notes/2024-01-17-csharp-successfully-extracted.md b/csharp/ql/lib/change-notes/2024-01-17-csharp-successfully-extracted.md
diff --git a/csharp/ql/lib/change-notes/2024-01-17-introduce-threatmodelflowsource.md b/csharp/ql/lib/change-notes/2024-01-17-introduce-threatmodelflowsource.md
diff --git a/csharp/ql/lib/change-notes/2024-01-18-inline-arrays.md b/csharp/ql/lib/change-notes/2024-01-18-inline-arrays.md
diff --git a/csharp/ql/lib/change-notes/2024-01-18-simpletype-sanitizer.md b/csharp/ql/lib/change-notes/2024-01-18-simpletype-sanitizer.md
diff --git a/csharp/ql/lib/change-notes/2024-01-22-outdated-deprecations.md b/csharp/ql/lib/change-notes/2024-01-22-outdated-deprecations.md
diff --git a/csharp/ql/lib/change-notes/released/0.8.7.md b/csharp/ql/lib/change-notes/released/0.8.7.md
@@ -0,0 +1,16 @@
+## 0.8.7
+
+### Minor Analysis Improvements
+
+* Deleted many deprecated predicates and classes with uppercase `SSL`, `XML`, `URI`, `SSA` etc. in their names. Use the PascalCased versions instead.
+* Deleted the deprecated `getALocalFlowSucc` predicate and `TaintType` class from the dataflow library.
+* Deleted the deprecated `Newobj` and `Rethrow` classes, use `NewObj` and `ReThrow` instead.
+* Deleted the deprecated `getAFirstRead`, `hasAdjacentReads`, `lastRefBeforeRedef`, and `hasLastInputRef` predicates from the SSA library.
+* Deleted the deprecated `getAReachableRead` predicate from the `AssignableRead` and `VariableRead` classes.
+* Deleted the deprecated `hasQualifiedName` predicate from the `NamedElement` class.
+* C# 12: Add extractor support and QL library support for inline arrays.
+* Fixed a Log forging false positive when logging the value of a nullable simple type. This fix also applies to all other queries that use the simple type sanitizer.
+* The diagnostic query `cs/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned C# files, now considers any C# file seen during extraction, even one with some errors, to be extracted / scanned.
+* Added a new library `semmle.code.csharp.security.dataflow.flowsources.FlowSources`, which provides a new class `ThreatModelFlowSource`. The `ThreatModelFlowSource` class can be used to include sources which match the current *threat model* configuration.
+* A manual neutral summary model for a callable now blocks all generated summary models for that callable from having any effect.
+* C# 12: Add extractor support for lambda expressions with parameter defaults like `(int x, int y = 1) => ...` and lambda expressions with a `param` parameter like `(params int[] x) => ...)`.
diff --git a/csharp/ql/lib/codeql-pack.release.yml b/csharp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.6
+lastReleaseVersion: 0.8.7
diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 0.8.7-dev
+version: 0.8.8-dev
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp

diff --git a/csharp/ql/src/CHANGELOG.md b/csharp/ql/src/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 0.8.7
+
+### Minor Analysis Improvements
+
+* Modelled additional flow steps to track flow from handler methods of a `PageModel` class to the corresponding Razor Page (`.cshtml`) file, which may result in additional results for queries such as `cs/web/xss`.
+
 ## 0.8.6
 
 ### Minor Analysis Improvements

diff --git a/...notes/2023-12-12-page-model-flow-steps.md → csharp/ql/src/change-notes/released/0.8.7.md b/...notes/2023-12-12-page-model-flow-steps.md → csharp/ql/src/change-notes/released/0.8.7.md
@@ -1,4 +1,5 @@
----
-category: minorAnalysis
----
-* Modelled additional flow steps to track flow from handler methods of a `PageModel` class to the corresponding Razor Page (`.cshtml`) file, which may result in additional results for queries such as `cs/web/xss`.
+## 0.8.7
+
+### Minor Analysis Improvements
+
+* Modelled additional flow steps to track flow from handler methods of a `PageModel` class to the corresponding Razor Page (`.cshtml`) file, which may result in additional results for queries such as `cs/web/xss`.
diff --git a/csharp/ql/src/codeql-pack.release.yml b/csharp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.6
+lastReleaseVersion: 0.8.7
diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 0.8.7-dev
+version: 0.8.8-dev
 groups:
   - csharp
   - queries

diff --git a/go/ql/consistency-queries/CHANGELOG.md b/go/ql/consistency-queries/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.0.6
+
+No user-facing changes.
+
 ## 0.0.5
 
 No user-facing changes.

diff --git a/go/ql/consistency-queries/change-notes/released/0.0.6.md b/go/ql/consistency-queries/change-notes/released/0.0.6.md
@@ -0,0 +1,3 @@
+## 0.0.6
+
+No user-facing changes.
diff --git a/go/ql/consistency-queries/codeql-pack.release.yml b/go/ql/consistency-queries/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.5
+lastReleaseVersion: 0.0.6
diff --git a/go/ql/consistency-queries/qlpack.yml b/go/ql/consistency-queries/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql-go-consistency-queries
-version: 0.0.6-dev
+version: 0.0.7-dev
 groups:
   - go
   - queries

diff --git a/go/ql/lib/CHANGELOG.md b/go/ql/lib/CHANGELOG.md
@@ -1,3 +1,16 @@
+## 0.7.7
+
+### Deprecated APIs
+
+* The class `Fmt::AppenderOrSprinter` of the `Fmt.qll` module has been deprecated. Use the new `Fmt::AppenderOrSprinterFunc` class instead. Its taint flow features have been migrated to models-as-data.
+
+### Minor Analysis Improvements
+
+* Deleted many deprecated predicates and classes with uppercase `TLD`, `HTTP`, `SQL`, `URL` etc. in their names. Use the PascalCased versions instead.
+* Deleted the deprecated and unused `Source` class from the `SharedXss` module of `Xss.qll`
+* Support for flow sources in [AWS Lambda function handlers](https://docs.aws.amazon.com/lambda/latest/dg/golang-handler.html) has been added.
+* Support for the [fasthttp framework](https://github.com/valyala/fasthttp/) has been added.
+
 ## 0.7.6
 
 ### Minor Analysis Improvements

diff --git a/go/ql/lib/change-notes/2023-09-18-add-support-for-fasthttp-framework.md b/go/ql/lib/change-notes/2023-09-18-add-support-for-fasthttp-framework.md
diff --git a/go/ql/lib/change-notes/2024-01-09-fmt-apprender-or-sprinter-deprecated.md b/go/ql/lib/change-notes/2024-01-09-fmt-apprender-or-sprinter-deprecated.md
diff --git a/go/ql/lib/change-notes/2024-01-18-aws-lambda-sources.md b/go/ql/lib/change-notes/2024-01-18-aws-lambda-sources.md
diff --git a/go/ql/lib/change-notes/2024-01-22-outdated-deprecations.md b/go/ql/lib/change-notes/2024-01-22-outdated-deprecations.md
diff --git a/go/ql/lib/change-notes/released/0.7.7.md b/go/ql/lib/change-notes/released/0.7.7.md
@@ -0,0 +1,12 @@
+## 0.7.7
+
+### Deprecated APIs
+
+* The class `Fmt::AppenderOrSprinter` of the `Fmt.qll` module has been deprecated. Use the new `Fmt::AppenderOrSprinterFunc` class instead. Its taint flow features have been migrated to models-as-data.
+
+### Minor Analysis Improvements
+
+* Deleted many deprecated predicates and classes with uppercase `TLD`, `HTTP`, `SQL`, `URL` etc. in their names. Use the PascalCased versions instead.
+* Deleted the deprecated and unused `Source` class from the `SharedXss` module of `Xss.qll`
+* Support for flow sources in [AWS Lambda function handlers](https://docs.aws.amazon.com/lambda/latest/dg/golang-handler.html) has been added.
+* Support for the [fasthttp framework](https://github.com/valyala/fasthttp/) has been added.
diff --git a/go/ql/lib/codeql-pack.release.yml b/go/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.6
+lastReleaseVersion: 0.7.7
diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 0.7.7-dev
+version: 0.7.8-dev
 groups: go
 dbscheme: go.dbscheme
 extractor: go

diff --git a/go/ql/src/CHANGELOG.md b/go/ql/src/CHANGELOG.md
@@ -1,3 +1,10 @@
+## 0.7.7
+
+### Minor Analysis Improvements
+
+* The query `go/insecure-randomness` now recognizes the selection of candidates from a predefined set using a weak RNG when the result is used in a sensitive operation. Also, false positives have been reduced by adding more sink exclusions for functions in the `crypto` package not related to cryptographic operations.
+* Added more sources and sinks to the query `go/clear-text-logging`.
+
 ## 0.7.6
 
 ### Minor Analysis Improvements

diff --git a/go/ql/src/change-notes/2024-01-09-cleartext-logging-new-sources-and-sinks.md b/go/ql/src/change-notes/2024-01-09-cleartext-logging-new-sources-and-sinks.md
diff --git a/...-10-insecure-randomness-index-flowstep.md → go/ql/src/change-notes/released/0.7.7.md b/...-10-insecure-randomness-index-flowstep.md → go/ql/src/change-notes/released/0.7.7.md
@@ -1,4 +1,6 @@
----
-category: minorAnalysis
----
+## 0.7.7
+
+### Minor Analysis Improvements
+
 * The query `go/insecure-randomness` now recognizes the selection of candidates from a predefined set using a weak RNG when the result is used in a sensitive operation. Also, false positives have been reduced by adding more sink exclusions for functions in the `crypto` package not related to cryptographic operations.
+* Added more sources and sinks to the query `go/clear-text-logging`.
diff --git a/go/ql/src/codeql-pack.release.yml b/go/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.6
+lastReleaseVersion: 0.7.7
diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 0.7.7-dev
+version: 0.7.8-dev
 groups:
   - go
   - queries

diff --git a/java/ql/automodel/src/CHANGELOG.md b/java/ql/automodel/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.0.13
+
+No user-facing changes.
+
 ## 0.0.12
 
 No user-facing changes.

diff --git a/java/ql/automodel/src/change-notes/released/0.0.13.md b/java/ql/automodel/src/change-notes/released/0.0.13.md
@@ -0,0 +1,3 @@
+## 0.0.13
+
+No user-facing changes.
diff --git a/java/ql/automodel/src/codeql-pack.release.yml b/java/ql/automodel/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.12
+lastReleaseVersion: 0.0.13
diff --git a/java/ql/automodel/src/qlpack.yml b/java/ql/automodel/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-automodel-queries
-version: 0.0.13-dev
+version: 0.0.14-dev
 groups:
     - java
     - automodel