From 7ef611e6dc6077aa26638acecae43c2f59083513 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Tue, 23 Jan 2024 19:45:16 +0000 Subject: [PATCH 1/2] Release preparation for version 2.16.1 --- cpp/ql/lib/CHANGELOG.md | 7 +++++ .../0.12.4.md} | 7 ++--- cpp/ql/lib/codeql-pack.release.yml | 2 +- cpp/ql/lib/qlpack.yml | 2 +- cpp/ql/src/CHANGELOG.md | 6 +++++ .../0.9.3.md} | 7 ++--- cpp/ql/src/codeql-pack.release.yml | 2 +- cpp/ql/src/qlpack.yml | 2 +- .../ql/campaigns/Solorigate/lib/CHANGELOG.md | 4 +++ .../lib/change-notes/released/1.7.7.md | 3 +++ .../Solorigate/lib/codeql-pack.release.yml | 2 +- csharp/ql/campaigns/Solorigate/lib/qlpack.yml | 2 +- .../ql/campaigns/Solorigate/src/CHANGELOG.md | 4 +++ .../src/change-notes/released/1.7.7.md | 3 +++ .../Solorigate/src/codeql-pack.release.yml | 2 +- csharp/ql/campaigns/Solorigate/src/qlpack.yml | 2 +- csharp/ql/lib/CHANGELOG.md | 17 ++++++++++++ .../2024-01-10-lambda-param-defaults.md | 4 --- ...l-neutral-model-blocks-generated-models.md | 4 --- ...024-01-17-csharp-successfully-extracted.md | 4 --- ...4-01-17-introduce-threatmodelflowsource.md | 4 --- .../change-notes/2024-01-18-inline-arrays.md | 4 --- .../2024-01-18-simpletype-sanitizer.md | 4 --- .../2024-01-22-outdated-deprecations.md | 9 ------- csharp/ql/lib/change-notes/released/0.8.7.md | 16 ++++++++++++ csharp/ql/lib/codeql-pack.release.yml | 2 +- csharp/ql/lib/qlpack.yml | 2 +- csharp/ql/src/CHANGELOG.md | 6 +++++ .../0.8.7.md} | 9 ++++--- csharp/ql/src/codeql-pack.release.yml | 2 +- csharp/ql/src/qlpack.yml | 2 +- go/ql/consistency-queries/CHANGELOG.md | 4 +++ .../change-notes/released/0.0.6.md | 3 +++ .../codeql-pack.release.yml | 2 +- go/ql/consistency-queries/qlpack.yml | 2 +- go/ql/lib/CHANGELOG.md | 13 ++++++++++ ...9-18-add-support-for-fasthttp-framework.md | 4 --- ...09-fmt-apprender-or-sprinter-deprecated.md | 4 --- .../2024-01-18-aws-lambda-sources.md | 4 --- .../2024-01-22-outdated-deprecations.md | 5 ---- go/ql/lib/change-notes/released/0.7.7.md | 12 +++++++++ go/ql/lib/codeql-pack.release.yml | 2 +- go/ql/lib/qlpack.yml | 2 +- go/ql/src/CHANGELOG.md | 7 +++++ ...cleartext-logging-new-sources-and-sinks.md | 4 --- .../0.7.7.md} | 8 +++--- go/ql/src/codeql-pack.release.yml | 2 +- go/ql/src/qlpack.yml | 2 +- java/ql/automodel/src/CHANGELOG.md | 4 +++ .../src/change-notes/released/0.0.13.md | 3 +++ java/ql/automodel/src/codeql-pack.release.yml | 2 +- java/ql/automodel/src/qlpack.yml | 2 +- java/ql/lib/CHANGELOG.md | 26 +++++++++++++++++++ .../lib/change-notes/2023-12-21-new-models.md | 4 --- .../2024-01-02-gson-model-updates.md | 11 -------- .../2024-01-06-regex-flag-parsing.md | 4 --- .../change-notes/2024-01-10-new-jdk-models.md | 4 --- ...larsanitizer-class-for-common-sanitizer.md | 5 ---- .../2024-01-22-outdated-deprecations.md | 5 ---- java/ql/lib/change-notes/released/0.8.7.md | 25 ++++++++++++++++++ java/ql/lib/codeql-pack.release.yml | 2 +- java/ql/lib/qlpack.yml | 2 +- java/ql/src/CHANGELOG.md | 10 +++++++ ...09-environment-variable-injection-query.md | 5 ---- ...l-neutral-model-blocks-generated-models.md | 4 --- java/ql/src/change-notes/released/0.8.7.md | 9 +++++++ java/ql/src/codeql-pack.release.yml | 2 +- java/ql/src/qlpack.yml | 2 +- javascript/ql/lib/CHANGELOG.md | 12 +++++++++ ...01-17-successfully-extracted-diagnostic.md | 4 --- .../0.8.7.md} | 8 +++--- javascript/ql/lib/codeql-pack.release.yml | 2 +- javascript/ql/lib/qlpack.yml | 2 +- javascript/ql/src/CHANGELOG.md | 6 +++++ .../0.8.7.md} | 7 ++--- javascript/ql/src/codeql-pack.release.yml | 2 +- javascript/ql/src/qlpack.yml | 2 +- misc/suite-helpers/CHANGELOG.md | 4 +++ .../change-notes/released/0.7.7.md | 3 +++ misc/suite-helpers/codeql-pack.release.yml | 2 +- misc/suite-helpers/qlpack.yml | 2 +- python/ql/lib/CHANGELOG.md | 11 ++++++++ ...01-17-successfully-extracted-diagnostic.md | 4 --- .../0.11.7.md} | 8 +++--- python/ql/lib/codeql-pack.release.yml | 2 +- python/ql/lib/qlpack.yml | 2 +- python/ql/src/CHANGELOG.md | 6 +++++ .../0.9.7.md} | 6 ++--- python/ql/src/codeql-pack.release.yml | 2 +- python/ql/src/qlpack.yml | 2 +- ruby/ql/lib/CHANGELOG.md | 14 ++++++++++ ...01-17-successfully-extracted-diagnostic.md | 4 --- .../0.8.7.md} | 10 ++++--- ruby/ql/lib/codeql-pack.release.yml | 2 +- ruby/ql/lib/qlpack.yml | 2 +- ruby/ql/src/CHANGELOG.md | 4 +++ ruby/ql/src/change-notes/released/0.8.7.md | 3 +++ ruby/ql/src/codeql-pack.release.yml | 2 +- ruby/ql/src/qlpack.yml | 2 +- shared/controlflow/CHANGELOG.md | 4 +++ .../change-notes/released/0.1.7.md | 3 +++ shared/controlflow/codeql-pack.release.yml | 2 +- shared/controlflow/qlpack.yml | 2 +- shared/dataflow/CHANGELOG.md | 4 +++ .../dataflow/change-notes/released/0.1.7.md | 3 +++ shared/dataflow/codeql-pack.release.yml | 2 +- shared/dataflow/qlpack.yml | 2 +- shared/mad/CHANGELOG.md | 4 +++ shared/mad/change-notes/released/0.2.7.md | 3 +++ shared/mad/codeql-pack.release.yml | 2 +- shared/mad/qlpack.yml | 2 +- shared/rangeanalysis/CHANGELOG.md | 4 +++ .../change-notes/released/0.0.6.md | 3 +++ shared/rangeanalysis/codeql-pack.release.yml | 2 +- shared/rangeanalysis/qlpack.yml | 2 +- shared/regex/CHANGELOG.md | 4 +++ shared/regex/change-notes/released/0.2.7.md | 3 +++ shared/regex/codeql-pack.release.yml | 2 +- shared/regex/qlpack.yml | 2 +- shared/ssa/CHANGELOG.md | 6 +++++ .../0.2.7.md} | 9 ++++--- shared/ssa/codeql-pack.release.yml | 2 +- shared/ssa/qlpack.yml | 2 +- shared/threat-models/CHANGELOG.md | 4 +++ .../change-notes/released/0.0.6.md | 3 +++ shared/threat-models/codeql-pack.release.yml | 2 +- shared/threat-models/qlpack.yml | 2 +- shared/tutorial/CHANGELOG.md | 4 +++ .../tutorial/change-notes/released/0.2.7.md | 3 +++ shared/tutorial/codeql-pack.release.yml | 2 +- shared/tutorial/qlpack.yml | 2 +- shared/typetracking/CHANGELOG.md | 4 +++ .../change-notes/released/0.2.7.md | 3 +++ shared/typetracking/codeql-pack.release.yml | 2 +- shared/typetracking/qlpack.yml | 2 +- shared/typos/CHANGELOG.md | 4 +++ shared/typos/change-notes/released/0.2.7.md | 3 +++ shared/typos/codeql-pack.release.yml | 2 +- shared/typos/qlpack.yml | 2 +- shared/util/CHANGELOG.md | 4 +++ shared/util/change-notes/released/0.2.7.md | 3 +++ shared/util/codeql-pack.release.yml | 2 +- shared/util/qlpack.yml | 2 +- shared/yaml/CHANGELOG.md | 4 +++ shared/yaml/change-notes/released/0.2.7.md | 3 +++ shared/yaml/codeql-pack.release.yml | 2 +- shared/yaml/qlpack.yml | 2 +- swift/ql/lib/CHANGELOG.md | 7 +++++ .../change-notes/2024-01-09-swift-5.9.2.md | 4 --- .../0.3.7.md} | 8 +++--- swift/ql/lib/codeql-pack.release.yml | 2 +- swift/ql/lib/qlpack.yml | 2 +- swift/ql/src/CHANGELOG.md | 10 +++++++ .../2024-01-19-extracted-files.md | 4 --- .../0.3.7.md} | 10 ++++--- swift/ql/src/codeql-pack.release.yml | 2 +- swift/ql/src/qlpack.yml | 2 +- 157 files changed, 469 insertions(+), 221 deletions(-) rename cpp/ql/lib/change-notes/{2024-01-22-outdated-deprecations.md => released/0.12.4.md} (85%) rename cpp/ql/src/change-notes/{2024-01-09-add-exception-to-av-rule-32.md => released/0.9.3.md} (72%) create mode 100644 csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.7.md create mode 100644 csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.7.md delete mode 100644 csharp/ql/lib/change-notes/2024-01-10-lambda-param-defaults.md delete mode 100644 csharp/ql/lib/change-notes/2024-01-11-manual-neutral-model-blocks-generated-models.md delete mode 100644 csharp/ql/lib/change-notes/2024-01-17-csharp-successfully-extracted.md delete mode 100644 csharp/ql/lib/change-notes/2024-01-17-introduce-threatmodelflowsource.md delete mode 100644 csharp/ql/lib/change-notes/2024-01-18-inline-arrays.md delete mode 100644 csharp/ql/lib/change-notes/2024-01-18-simpletype-sanitizer.md delete mode 100644 csharp/ql/lib/change-notes/2024-01-22-outdated-deprecations.md create mode 100644 csharp/ql/lib/change-notes/released/0.8.7.md rename csharp/ql/src/change-notes/{2023-12-12-page-model-flow-steps.md => released/0.8.7.md} (74%) create mode 100644 go/ql/consistency-queries/change-notes/released/0.0.6.md delete mode 100644 go/ql/lib/change-notes/2023-09-18-add-support-for-fasthttp-framework.md delete mode 100644 go/ql/lib/change-notes/2024-01-09-fmt-apprender-or-sprinter-deprecated.md delete mode 100644 go/ql/lib/change-notes/2024-01-18-aws-lambda-sources.md delete mode 100644 go/ql/lib/change-notes/2024-01-22-outdated-deprecations.md create mode 100644 go/ql/lib/change-notes/released/0.7.7.md delete mode 100644 go/ql/src/change-notes/2024-01-09-cleartext-logging-new-sources-and-sinks.md rename go/ql/src/change-notes/{2024-01-10-insecure-randomness-index-flowstep.md => released/0.7.7.md} (74%) create mode 100644 java/ql/automodel/src/change-notes/released/0.0.13.md delete mode 100644 java/ql/lib/change-notes/2023-12-21-new-models.md delete mode 100644 java/ql/lib/change-notes/2024-01-02-gson-model-updates.md delete mode 100644 java/ql/lib/change-notes/2024-01-06-regex-flag-parsing.md delete mode 100644 java/ql/lib/change-notes/2024-01-10-new-jdk-models.md delete mode 100644 java/ql/lib/change-notes/2024-01-20-introduce-simplescalarsanitizer-class-for-common-sanitizer.md delete mode 100644 java/ql/lib/change-notes/2024-01-22-outdated-deprecations.md create mode 100644 java/ql/lib/change-notes/released/0.8.7.md delete mode 100644 java/ql/src/change-notes/2024-01-09-environment-variable-injection-query.md delete mode 100644 java/ql/src/change-notes/2024-01-11-manual-neutral-model-blocks-generated-models.md create mode 100644 java/ql/src/change-notes/released/0.8.7.md delete mode 100644 javascript/ql/lib/change-notes/2024-01-17-successfully-extracted-diagnostic.md rename javascript/ql/lib/change-notes/{2024-01-22-outdated-deprecations.md => released/0.8.7.md} (71%) rename javascript/ql/src/change-notes/{2023-12-18-dot-templates.md => released/0.8.7.md} (61%) create mode 100644 misc/suite-helpers/change-notes/released/0.7.7.md delete mode 100644 python/ql/lib/change-notes/2024-01-17-successfully-extracted-diagnostic.md rename python/ql/lib/change-notes/{2024-01-22-outdated-deprecations.md => released/0.11.7.md} (68%) rename python/ql/src/change-notes/{2023-12-21-url-redirect-more-sanitizers.md => released/0.9.7.md} (80%) delete mode 100644 ruby/ql/lib/change-notes/2024-01-17-successfully-extracted-diagnostic.md rename ruby/ql/lib/change-notes/{2024-01-22-outdated-deprecations.md => released/0.8.7.md} (78%) create mode 100644 ruby/ql/src/change-notes/released/0.8.7.md create mode 100644 shared/controlflow/change-notes/released/0.1.7.md create mode 100644 shared/dataflow/change-notes/released/0.1.7.md create mode 100644 shared/mad/change-notes/released/0.2.7.md create mode 100644 shared/rangeanalysis/change-notes/released/0.0.6.md create mode 100644 shared/regex/change-notes/released/0.2.7.md rename shared/ssa/change-notes/{2024-01-22-outdated-deprecations.md => released/0.2.7.md} (73%) create mode 100644 shared/threat-models/change-notes/released/0.0.6.md create mode 100644 shared/tutorial/change-notes/released/0.2.7.md create mode 100644 shared/typetracking/change-notes/released/0.2.7.md create mode 100644 shared/typos/change-notes/released/0.2.7.md create mode 100644 shared/util/change-notes/released/0.2.7.md create mode 100644 shared/yaml/change-notes/released/0.2.7.md delete mode 100644 swift/ql/lib/change-notes/2024-01-09-swift-5.9.2.md rename swift/ql/lib/change-notes/{2024-01-05-parameterized-cfg-library.md => released/0.3.7.md} (74%) delete mode 100644 swift/ql/src/change-notes/2024-01-19-extracted-files.md rename swift/ql/src/change-notes/{2023-12-15-weak-password-hashing.md => released/0.3.7.md} (57%) diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md index e3a13b1d5183..dc092f2ed351 100644 --- a/cpp/ql/lib/CHANGELOG.md +++ b/cpp/ql/lib/CHANGELOG.md @@ -1,3 +1,10 @@ +## 0.12.4 + +### Minor Analysis Improvements + +* Deleted many deprecated predicates and classes with uppercase `XML`, `SSA`, `SAL`, `SQL`, etc. in their names. Use the PascalCased versions instead. +* Deleted the deprecated `StrcatFunction` class, use `semmle.code.cpp.models.implementations.Strcat.qll` instead. + ## 0.12.3 ### Deprecated APIs diff --git a/cpp/ql/lib/change-notes/2024-01-22-outdated-deprecations.md b/cpp/ql/lib/change-notes/released/0.12.4.md similarity index 85% rename from cpp/ql/lib/change-notes/2024-01-22-outdated-deprecations.md rename to cpp/ql/lib/change-notes/released/0.12.4.md index 37cec4ea7770..cea064c8785f 100644 --- a/cpp/ql/lib/change-notes/2024-01-22-outdated-deprecations.md +++ b/cpp/ql/lib/change-notes/released/0.12.4.md @@ -1,5 +1,6 @@ ---- -category: minorAnalysis ---- +## 0.12.4 + +### Minor Analysis Improvements + * Deleted many deprecated predicates and classes with uppercase `XML`, `SSA`, `SAL`, `SQL`, etc. in their names. Use the PascalCased versions instead. * Deleted the deprecated `StrcatFunction` class, use `semmle.code.cpp.models.implementations.Strcat.qll` instead. diff --git a/cpp/ql/lib/codeql-pack.release.yml b/cpp/ql/lib/codeql-pack.release.yml index 65578a5162ee..b458bb47c536 100644 --- a/cpp/ql/lib/codeql-pack.release.yml +++ b/cpp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.12.3 +lastReleaseVersion: 0.12.4 diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index a937e3d6023b..d376016f96ad 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 0.12.4-dev +version: 0.12.4 groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md index 9c287ddfae82..0e67defb949c 100644 --- a/cpp/ql/src/CHANGELOG.md +++ b/cpp/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.9.3 + +### Minor Analysis Improvements + +* The `cpp/include-non-header` style query will now ignore the `.def` extension for textual header inclusions. + ## 0.9.2 ### New Queries diff --git a/cpp/ql/src/change-notes/2024-01-09-add-exception-to-av-rule-32.md b/cpp/ql/src/change-notes/released/0.9.3.md similarity index 72% rename from cpp/ql/src/change-notes/2024-01-09-add-exception-to-av-rule-32.md rename to cpp/ql/src/change-notes/released/0.9.3.md index fdd6b141d9a6..2ededfaadf99 100644 --- a/cpp/ql/src/change-notes/2024-01-09-add-exception-to-av-rule-32.md +++ b/cpp/ql/src/change-notes/released/0.9.3.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 0.9.3 + +### Minor Analysis Improvements + * The `cpp/include-non-header` style query will now ignore the `.def` extension for textual header inclusions. diff --git a/cpp/ql/src/codeql-pack.release.yml b/cpp/ql/src/codeql-pack.release.yml index e1eda5194355..7af7247cbb0a 100644 --- a/cpp/ql/src/codeql-pack.release.yml +++ b/cpp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.9.2 +lastReleaseVersion: 0.9.3 diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index 0950e88c3d86..9d7c65caebc2 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 0.9.3-dev +version: 0.9.3 groups: - cpp - queries diff --git a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md index 303e0da11759..8afcdeb67f39 100644 --- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.7 + +No user-facing changes. + ## 1.7.6 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.7.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.7.md new file mode 100644 index 000000000000..e1a2f3e1d9a0 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.7.md @@ -0,0 +1,3 @@ +## 1.7.7 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml index 1f68518dba9b..df4010bd267b 100644 --- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.6 +lastReleaseVersion: 1.7.7 diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index 2d733304bee5..4216406af91d 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.7.7-dev +version: 1.7.7 groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md index 303e0da11759..8afcdeb67f39 100644 --- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.7 + +No user-facing changes. + ## 1.7.6 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.7.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.7.md new file mode 100644 index 000000000000..e1a2f3e1d9a0 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.7.md @@ -0,0 +1,3 @@ +## 1.7.7 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml index 1f68518dba9b..df4010bd267b 100644 --- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.6 +lastReleaseVersion: 1.7.7 diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index 507492f20444..82e85d24c161 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.7.7-dev +version: 1.7.7 groups: - csharp - solorigate diff --git a/csharp/ql/lib/CHANGELOG.md b/csharp/ql/lib/CHANGELOG.md index a0d1cbc59f86..0b168b22df6a 100644 --- a/csharp/ql/lib/CHANGELOG.md +++ b/csharp/ql/lib/CHANGELOG.md @@ -1,3 +1,20 @@ +## 0.8.7 + +### Minor Analysis Improvements + +* Deleted many deprecated predicates and classes with uppercase `SSL`, `XML`, `URI`, `SSA` etc. in their names. Use the PascalCased versions instead. +* Deleted the deprecated `getALocalFlowSucc` predicate and `TaintType` class from the dataflow library. +* Deleted the deprecated `Newobj` and `Rethrow` classes, use `NewObj` and `ReThrow` instead. +* Deleted the deprecated `getAFirstRead`, `hasAdjacentReads`, `lastRefBeforeRedef`, and `hasLastInputRef` predicates from the SSA library. +* Deleted the deprecated `getAReachableRead` predicate from the `AssignableRead` and `VariableRead` classes. +* Deleted the deprecated `hasQualifiedName` predicate from the `NamedElement` class. +* C# 12: Add extractor support and QL library support for inline arrays. +* Fixed a Log forging false positive when logging the value of a nullable simple type. This fix also applies to all other queries that use the simple type sanitizer. +* The diagnostic query `cs/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned C# files, now considers any C# file seen during extraction, even one with some errors, to be extracted / scanned. +* Added a new library `semmle.code.csharp.security.dataflow.flowsources.FlowSources`, which provides a new class `ThreatModelFlowSource`. The `ThreatModelFlowSource` class can be used to include sources which match the current *threat model* configuration. +* A manual neutral summary model for a callable now blocks all generated summary models for that callable from having any effect. +* C# 12: Add extractor support for lambda expressions with parameter defaults like `(int x, int y = 1) => ...` and lambda expressions with a `param` parameter like `(params int[] x) => ...)`. + ## 0.8.6 ### Minor Analysis Improvements diff --git a/csharp/ql/lib/change-notes/2024-01-10-lambda-param-defaults.md b/csharp/ql/lib/change-notes/2024-01-10-lambda-param-defaults.md deleted file mode 100644 index f86a83333318..000000000000 --- a/csharp/ql/lib/change-notes/2024-01-10-lambda-param-defaults.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* C# 12: Add extractor support for lambda expressions with parameter defaults like `(int x, int y = 1) => ...` and lambda expressions with a `param` parameter like `(params int[] x) => ...)`. diff --git a/csharp/ql/lib/change-notes/2024-01-11-manual-neutral-model-blocks-generated-models.md b/csharp/ql/lib/change-notes/2024-01-11-manual-neutral-model-blocks-generated-models.md deleted file mode 100644 index bdc5c1b0f2d0..000000000000 --- a/csharp/ql/lib/change-notes/2024-01-11-manual-neutral-model-blocks-generated-models.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* A manual neutral summary model for a callable now blocks all generated summary models for that callable from having any effect. diff --git a/csharp/ql/lib/change-notes/2024-01-17-csharp-successfully-extracted.md b/csharp/ql/lib/change-notes/2024-01-17-csharp-successfully-extracted.md deleted file mode 100644 index 1ed6b51d6c5b..000000000000 --- a/csharp/ql/lib/change-notes/2024-01-17-csharp-successfully-extracted.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The diagnostic query `cs/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned C# files, now considers any C# file seen during extraction, even one with some errors, to be extracted / scanned. diff --git a/csharp/ql/lib/change-notes/2024-01-17-introduce-threatmodelflowsource.md b/csharp/ql/lib/change-notes/2024-01-17-introduce-threatmodelflowsource.md deleted file mode 100644 index 8b1fbe404fbf..000000000000 --- a/csharp/ql/lib/change-notes/2024-01-17-introduce-threatmodelflowsource.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added a new library `semmle.code.csharp.security.dataflow.flowsources.FlowSources`, which provides a new class `ThreatModelFlowSource`. The `ThreatModelFlowSource` class can be used to include sources which match the current *threat model* configuration. diff --git a/csharp/ql/lib/change-notes/2024-01-18-inline-arrays.md b/csharp/ql/lib/change-notes/2024-01-18-inline-arrays.md deleted file mode 100644 index 14ded9913624..000000000000 --- a/csharp/ql/lib/change-notes/2024-01-18-inline-arrays.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* C# 12: Add extractor support and QL library support for inline arrays. diff --git a/csharp/ql/lib/change-notes/2024-01-18-simpletype-sanitizer.md b/csharp/ql/lib/change-notes/2024-01-18-simpletype-sanitizer.md deleted file mode 100644 index 6c34629c098a..000000000000 --- a/csharp/ql/lib/change-notes/2024-01-18-simpletype-sanitizer.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Fixed a Log forging false positive when logging the value of a nullable simple type. This fix also applies to all other queries that use the simple type sanitizer. diff --git a/csharp/ql/lib/change-notes/2024-01-22-outdated-deprecations.md b/csharp/ql/lib/change-notes/2024-01-22-outdated-deprecations.md deleted file mode 100644 index 385e9748e5a8..000000000000 --- a/csharp/ql/lib/change-notes/2024-01-22-outdated-deprecations.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -category: minorAnalysis ---- -* Deleted many deprecated predicates and classes with uppercase `SSL`, `XML`, `URI`, `SSA` etc. in their names. Use the PascalCased versions instead. -* Deleted the deprecated `getALocalFlowSucc` predicate and `TaintType` class from the dataflow library. -* Deleted the deprecated `Newobj` and `Rethrow` classes, use `NewObj` and `ReThrow` instead. -* Deleted the deprecated `getAFirstRead`, `hasAdjacentReads`, `lastRefBeforeRedef`, and `hasLastInputRef` predicates from the SSA library. -* Deleted the deprecated `getAReachableRead` predicate from the `AssignableRead` and `VariableRead` classes. -* Deleted the deprecated `hasQualifiedName` predicate from the `NamedElement` class. diff --git a/csharp/ql/lib/change-notes/released/0.8.7.md b/csharp/ql/lib/change-notes/released/0.8.7.md new file mode 100644 index 000000000000..2aa26252f4b5 --- /dev/null +++ b/csharp/ql/lib/change-notes/released/0.8.7.md @@ -0,0 +1,16 @@ +## 0.8.7 + +### Minor Analysis Improvements + +* Deleted many deprecated predicates and classes with uppercase `SSL`, `XML`, `URI`, `SSA` etc. in their names. Use the PascalCased versions instead. +* Deleted the deprecated `getALocalFlowSucc` predicate and `TaintType` class from the dataflow library. +* Deleted the deprecated `Newobj` and `Rethrow` classes, use `NewObj` and `ReThrow` instead. +* Deleted the deprecated `getAFirstRead`, `hasAdjacentReads`, `lastRefBeforeRedef`, and `hasLastInputRef` predicates from the SSA library. +* Deleted the deprecated `getAReachableRead` predicate from the `AssignableRead` and `VariableRead` classes. +* Deleted the deprecated `hasQualifiedName` predicate from the `NamedElement` class. +* C# 12: Add extractor support and QL library support for inline arrays. +* Fixed a Log forging false positive when logging the value of a nullable simple type. This fix also applies to all other queries that use the simple type sanitizer. +* The diagnostic query `cs/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned C# files, now considers any C# file seen during extraction, even one with some errors, to be extracted / scanned. +* Added a new library `semmle.code.csharp.security.dataflow.flowsources.FlowSources`, which provides a new class `ThreatModelFlowSource`. The `ThreatModelFlowSource` class can be used to include sources which match the current *threat model* configuration. +* A manual neutral summary model for a callable now blocks all generated summary models for that callable from having any effect. +* C# 12: Add extractor support for lambda expressions with parameter defaults like `(int x, int y = 1) => ...` and lambda expressions with a `param` parameter like `(params int[] x) => ...)`. diff --git a/csharp/ql/lib/codeql-pack.release.yml b/csharp/ql/lib/codeql-pack.release.yml index d67c1aac29de..2ef6dc421f30 100644 --- a/csharp/ql/lib/codeql-pack.release.yml +++ b/csharp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.6 +lastReleaseVersion: 0.8.7 diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index f618b3b7a240..9e263845ae96 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 0.8.7-dev +version: 0.8.7 groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/CHANGELOG.md b/csharp/ql/src/CHANGELOG.md index ebb31d1516f9..6572f664b0e7 100644 --- a/csharp/ql/src/CHANGELOG.md +++ b/csharp/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.8.7 + +### Minor Analysis Improvements + +* Modelled additional flow steps to track flow from handler methods of a `PageModel` class to the corresponding Razor Page (`.cshtml`) file, which may result in additional results for queries such as `cs/web/xss`. + ## 0.8.6 ### Minor Analysis Improvements diff --git a/csharp/ql/src/change-notes/2023-12-12-page-model-flow-steps.md b/csharp/ql/src/change-notes/released/0.8.7.md similarity index 74% rename from csharp/ql/src/change-notes/2023-12-12-page-model-flow-steps.md rename to csharp/ql/src/change-notes/released/0.8.7.md index 3d849ea1eecd..6be5342a4e21 100644 --- a/csharp/ql/src/change-notes/2023-12-12-page-model-flow-steps.md +++ b/csharp/ql/src/change-notes/released/0.8.7.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- -* Modelled additional flow steps to track flow from handler methods of a `PageModel` class to the corresponding Razor Page (`.cshtml`) file, which may result in additional results for queries such as `cs/web/xss`. \ No newline at end of file +## 0.8.7 + +### Minor Analysis Improvements + +* Modelled additional flow steps to track flow from handler methods of a `PageModel` class to the corresponding Razor Page (`.cshtml`) file, which may result in additional results for queries such as `cs/web/xss`. diff --git a/csharp/ql/src/codeql-pack.release.yml b/csharp/ql/src/codeql-pack.release.yml index d67c1aac29de..2ef6dc421f30 100644 --- a/csharp/ql/src/codeql-pack.release.yml +++ b/csharp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.6 +lastReleaseVersion: 0.8.7 diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index 19e64a427646..5210814ce32a 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 0.8.7-dev +version: 0.8.7 groups: - csharp - queries diff --git a/go/ql/consistency-queries/CHANGELOG.md b/go/ql/consistency-queries/CHANGELOG.md index 9b269441c000..ad2e63eb4709 100644 --- a/go/ql/consistency-queries/CHANGELOG.md +++ b/go/ql/consistency-queries/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.6 + +No user-facing changes. + ## 0.0.5 No user-facing changes. diff --git a/go/ql/consistency-queries/change-notes/released/0.0.6.md b/go/ql/consistency-queries/change-notes/released/0.0.6.md new file mode 100644 index 000000000000..ccbce856079d --- /dev/null +++ b/go/ql/consistency-queries/change-notes/released/0.0.6.md @@ -0,0 +1,3 @@ +## 0.0.6 + +No user-facing changes. diff --git a/go/ql/consistency-queries/codeql-pack.release.yml b/go/ql/consistency-queries/codeql-pack.release.yml index bb45a1ab0182..cf398ce02aa4 100644 --- a/go/ql/consistency-queries/codeql-pack.release.yml +++ b/go/ql/consistency-queries/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.5 +lastReleaseVersion: 0.0.6 diff --git a/go/ql/consistency-queries/qlpack.yml b/go/ql/consistency-queries/qlpack.yml index 3d2df20dccac..fd42ee80ed07 100644 --- a/go/ql/consistency-queries/qlpack.yml +++ b/go/ql/consistency-queries/qlpack.yml @@ -1,5 +1,5 @@ name: codeql-go-consistency-queries -version: 0.0.6-dev +version: 0.0.6 groups: - go - queries diff --git a/go/ql/lib/CHANGELOG.md b/go/ql/lib/CHANGELOG.md index 048d598bf3b9..b9ff6e4e0e23 100644 --- a/go/ql/lib/CHANGELOG.md +++ b/go/ql/lib/CHANGELOG.md @@ -1,3 +1,16 @@ +## 0.7.7 + +### Deprecated APIs + +* The class `Fmt::AppenderOrSprinter` of the `Fmt.qll` module has been deprecated. Use the new `Fmt::AppenderOrSprinterFunc` class instead. Its taint flow features have been migrated to models-as-data. + +### Minor Analysis Improvements + +* Deleted many deprecated predicates and classes with uppercase `TLD`, `HTTP`, `SQL`, `URL` etc. in their names. Use the PascalCased versions instead. +* Deleted the deprecated and unused `Source` class from the `SharedXss` module of `Xss.qll` +* Support for flow sources in [AWS Lambda function handlers](https://docs.aws.amazon.com/lambda/latest/dg/golang-handler.html) has been added. +* Support for the [fasthttp framework](https://github.com/valyala/fasthttp/) has been added. + ## 0.7.6 ### Minor Analysis Improvements diff --git a/go/ql/lib/change-notes/2023-09-18-add-support-for-fasthttp-framework.md b/go/ql/lib/change-notes/2023-09-18-add-support-for-fasthttp-framework.md deleted file mode 100644 index 410b43a8b2b1..000000000000 --- a/go/ql/lib/change-notes/2023-09-18-add-support-for-fasthttp-framework.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Support for the [fasthttp framework](https://github.com/valyala/fasthttp/) has been added. \ No newline at end of file diff --git a/go/ql/lib/change-notes/2024-01-09-fmt-apprender-or-sprinter-deprecated.md b/go/ql/lib/change-notes/2024-01-09-fmt-apprender-or-sprinter-deprecated.md deleted file mode 100644 index 6ddc3e56ca06..000000000000 --- a/go/ql/lib/change-notes/2024-01-09-fmt-apprender-or-sprinter-deprecated.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: deprecated ---- -* The class `Fmt::AppenderOrSprinter` of the `Fmt.qll` module has been deprecated. Use the new `Fmt::AppenderOrSprinterFunc` class instead. Its taint flow features have been migrated to models-as-data. diff --git a/go/ql/lib/change-notes/2024-01-18-aws-lambda-sources.md b/go/ql/lib/change-notes/2024-01-18-aws-lambda-sources.md deleted file mode 100644 index df4c2fa8e4cd..000000000000 --- a/go/ql/lib/change-notes/2024-01-18-aws-lambda-sources.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Support for flow sources in [AWS Lambda function handlers](https://docs.aws.amazon.com/lambda/latest/dg/golang-handler.html) has been added. diff --git a/go/ql/lib/change-notes/2024-01-22-outdated-deprecations.md b/go/ql/lib/change-notes/2024-01-22-outdated-deprecations.md deleted file mode 100644 index f92c003ddead..000000000000 --- a/go/ql/lib/change-notes/2024-01-22-outdated-deprecations.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- -* Deleted many deprecated predicates and classes with uppercase `TLD`, `HTTP`, `SQL`, `URL` etc. in their names. Use the PascalCased versions instead. -* Deleted the deprecated and unused `Source` class from the `SharedXss` module of `Xss.qll` diff --git a/go/ql/lib/change-notes/released/0.7.7.md b/go/ql/lib/change-notes/released/0.7.7.md new file mode 100644 index 000000000000..044deb69c413 --- /dev/null +++ b/go/ql/lib/change-notes/released/0.7.7.md @@ -0,0 +1,12 @@ +## 0.7.7 + +### Deprecated APIs + +* The class `Fmt::AppenderOrSprinter` of the `Fmt.qll` module has been deprecated. Use the new `Fmt::AppenderOrSprinterFunc` class instead. Its taint flow features have been migrated to models-as-data. + +### Minor Analysis Improvements + +* Deleted many deprecated predicates and classes with uppercase `TLD`, `HTTP`, `SQL`, `URL` etc. in their names. Use the PascalCased versions instead. +* Deleted the deprecated and unused `Source` class from the `SharedXss` module of `Xss.qll` +* Support for flow sources in [AWS Lambda function handlers](https://docs.aws.amazon.com/lambda/latest/dg/golang-handler.html) has been added. +* Support for the [fasthttp framework](https://github.com/valyala/fasthttp/) has been added. diff --git a/go/ql/lib/codeql-pack.release.yml b/go/ql/lib/codeql-pack.release.yml index 863f5a24cd20..89cc2330c109 100644 --- a/go/ql/lib/codeql-pack.release.yml +++ b/go/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.6 +lastReleaseVersion: 0.7.7 diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index a6623a1daafc..1e55bb5b26f5 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 0.7.7-dev +version: 0.7.7 groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/src/CHANGELOG.md b/go/ql/src/CHANGELOG.md index 702bdfd7f402..dafcd7aa695d 100644 --- a/go/ql/src/CHANGELOG.md +++ b/go/ql/src/CHANGELOG.md @@ -1,3 +1,10 @@ +## 0.7.7 + +### Minor Analysis Improvements + +* The query `go/insecure-randomness` now recognizes the selection of candidates from a predefined set using a weak RNG when the result is used in a sensitive operation. Also, false positives have been reduced by adding more sink exclusions for functions in the `crypto` package not related to cryptographic operations. +* Added more sources and sinks to the query `go/clear-text-logging`. + ## 0.7.6 ### Minor Analysis Improvements diff --git a/go/ql/src/change-notes/2024-01-09-cleartext-logging-new-sources-and-sinks.md b/go/ql/src/change-notes/2024-01-09-cleartext-logging-new-sources-and-sinks.md deleted file mode 100644 index 53e1704b6b7a..000000000000 --- a/go/ql/src/change-notes/2024-01-09-cleartext-logging-new-sources-and-sinks.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added more sources and sinks to the query `go/clear-text-logging`. diff --git a/go/ql/src/change-notes/2024-01-10-insecure-randomness-index-flowstep.md b/go/ql/src/change-notes/released/0.7.7.md similarity index 74% rename from go/ql/src/change-notes/2024-01-10-insecure-randomness-index-flowstep.md rename to go/ql/src/change-notes/released/0.7.7.md index c6adf350cb6c..3f7f0f410235 100644 --- a/go/ql/src/change-notes/2024-01-10-insecure-randomness-index-flowstep.md +++ b/go/ql/src/change-notes/released/0.7.7.md @@ -1,4 +1,6 @@ ---- -category: minorAnalysis ---- +## 0.7.7 + +### Minor Analysis Improvements + * The query `go/insecure-randomness` now recognizes the selection of candidates from a predefined set using a weak RNG when the result is used in a sensitive operation. Also, false positives have been reduced by adding more sink exclusions for functions in the `crypto` package not related to cryptographic operations. +* Added more sources and sinks to the query `go/clear-text-logging`. diff --git a/go/ql/src/codeql-pack.release.yml b/go/ql/src/codeql-pack.release.yml index 863f5a24cd20..89cc2330c109 100644 --- a/go/ql/src/codeql-pack.release.yml +++ b/go/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.6 +lastReleaseVersion: 0.7.7 diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index fc83f4bf1842..f2d8263dedbb 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 0.7.7-dev +version: 0.7.7 groups: - go - queries diff --git a/java/ql/automodel/src/CHANGELOG.md b/java/ql/automodel/src/CHANGELOG.md index d1bc8b8ee5f1..eb9aae31d418 100644 --- a/java/ql/automodel/src/CHANGELOG.md +++ b/java/ql/automodel/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.13 + +No user-facing changes. + ## 0.0.12 No user-facing changes. diff --git a/java/ql/automodel/src/change-notes/released/0.0.13.md b/java/ql/automodel/src/change-notes/released/0.0.13.md new file mode 100644 index 000000000000..f679eaf0313a --- /dev/null +++ b/java/ql/automodel/src/change-notes/released/0.0.13.md @@ -0,0 +1,3 @@ +## 0.0.13 + +No user-facing changes. diff --git a/java/ql/automodel/src/codeql-pack.release.yml b/java/ql/automodel/src/codeql-pack.release.yml index 997fb8da83cd..044e54e4f7e5 100644 --- a/java/ql/automodel/src/codeql-pack.release.yml +++ b/java/ql/automodel/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.12 +lastReleaseVersion: 0.0.13 diff --git a/java/ql/automodel/src/qlpack.yml b/java/ql/automodel/src/qlpack.yml index 178b3a9f2a90..be0d6df34036 100644 --- a/java/ql/automodel/src/qlpack.yml +++ b/java/ql/automodel/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-automodel-queries -version: 0.0.13-dev +version: 0.0.13 groups: - java - automodel diff --git a/java/ql/lib/CHANGELOG.md b/java/ql/lib/CHANGELOG.md index dc0af8b76be7..3621a766e8ae 100644 --- a/java/ql/lib/CHANGELOG.md +++ b/java/ql/lib/CHANGELOG.md @@ -1,3 +1,29 @@ +## 0.8.7 + +### New Features + +* Added a new library `semmle.code.java.security.Sanitizers` which contains a new sanitizer class `SimpleTypeSanitizer`, which represents nodes which cannot realistically carry taint for most queries (e.g. primitives, their boxed equivalents, and numeric types). +* Converted definitions of `isBarrier` and sanitizer classes to use `SimpleTypeSanitizer` instead of checking if `node.getType()` is `PrimitiveType` or `BoxedType`. + +### Minor Analysis Improvements + +* Deleted many deprecated predicates and classes with uppercase `EJB`, `JMX`, `NFE`, `DNS` etc. in their names. Use the PascalCased versions instead. +* Deleted the deprecated `semmle/code/java/security/OverlyLargeRangeQuery.qll`, `semmle/code/java/security/regexp/ExponentialBackTracking.qll`, `semmle/code/java/security/regexp/NfaUtils.qll`, and `semmle/code/java/security/regexp/NfaUtils.qll` files. +* Improved models for `java.lang.Throwable` and `java.lang.Exception`, and the `valueOf` method of `java.lang.String`. +* Added taint tracking for the following GSON methods: + * `com.google.gson.stream.JsonReader` constructor + * `com.google.gson.stream.JsonWriter` constructor + * `com.google.gson.JsonObject.getAsJsonArray` + * `com.google.gson.JsonObject.getAsJsonObject` + * `com.google.gson.JsonObject.getAsJsonPrimitive` + * `com.google.gson.JsonParser.parseReader` + * `com.google.gson.JsonParser.parseString` +* Added a dataflow model for `java.awt.Desktop.browse(URI)`. + +### Bug Fixes + +* Fixed regular expressions containing flags not being parsed correctly in some cases. + ## 0.8.6 ### Deprecated APIs diff --git a/java/ql/lib/change-notes/2023-12-21-new-models.md b/java/ql/lib/change-notes/2023-12-21-new-models.md deleted file mode 100644 index da45a5f4ac71..000000000000 --- a/java/ql/lib/change-notes/2023-12-21-new-models.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added a dataflow model for `java.awt.Desktop.browse(URI)`. diff --git a/java/ql/lib/change-notes/2024-01-02-gson-model-updates.md b/java/ql/lib/change-notes/2024-01-02-gson-model-updates.md deleted file mode 100644 index c2684fcf2b5b..000000000000 --- a/java/ql/lib/change-notes/2024-01-02-gson-model-updates.md +++ /dev/null @@ -1,11 +0,0 @@ ---- -category: minorAnalysis ---- -* Added taint tracking for the following GSON methods: - * `com.google.gson.stream.JsonReader` constructor - * `com.google.gson.stream.JsonWriter` constructor - * `com.google.gson.JsonObject.getAsJsonArray` - * `com.google.gson.JsonObject.getAsJsonObject` - * `com.google.gson.JsonObject.getAsJsonPrimitive` - * `com.google.gson.JsonParser.parseReader` - * `com.google.gson.JsonParser.parseString` diff --git a/java/ql/lib/change-notes/2024-01-06-regex-flag-parsing.md b/java/ql/lib/change-notes/2024-01-06-regex-flag-parsing.md deleted file mode 100644 index 532ab1a88dc0..000000000000 --- a/java/ql/lib/change-notes/2024-01-06-regex-flag-parsing.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: fix ---- -* Fixed regular expressions containing flags not being parsed correctly in some cases. diff --git a/java/ql/lib/change-notes/2024-01-10-new-jdk-models.md b/java/ql/lib/change-notes/2024-01-10-new-jdk-models.md deleted file mode 100644 index 82a0cc827868..000000000000 --- a/java/ql/lib/change-notes/2024-01-10-new-jdk-models.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Improved models for `java.lang.Throwable` and `java.lang.Exception`, and the `valueOf` method of `java.lang.String`. diff --git a/java/ql/lib/change-notes/2024-01-20-introduce-simplescalarsanitizer-class-for-common-sanitizer.md b/java/ql/lib/change-notes/2024-01-20-introduce-simplescalarsanitizer-class-for-common-sanitizer.md deleted file mode 100644 index f40fa257685a..000000000000 --- a/java/ql/lib/change-notes/2024-01-20-introduce-simplescalarsanitizer-class-for-common-sanitizer.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: feature ---- -* Added a new library `semmle.code.java.security.Sanitizers` which contains a new sanitizer class `SimpleTypeSanitizer`, which represents nodes which cannot realistically carry taint for most queries (e.g. primitives, their boxed equivalents, and numeric types). -* Converted definitions of `isBarrier` and sanitizer classes to use `SimpleTypeSanitizer` instead of checking if `node.getType()` is `PrimitiveType` or `BoxedType`. diff --git a/java/ql/lib/change-notes/2024-01-22-outdated-deprecations.md b/java/ql/lib/change-notes/2024-01-22-outdated-deprecations.md deleted file mode 100644 index c723457668d0..000000000000 --- a/java/ql/lib/change-notes/2024-01-22-outdated-deprecations.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- -* Deleted many deprecated predicates and classes with uppercase `EJB`, `JMX`, `NFE`, `DNS` etc. in their names. Use the PascalCased versions instead. -* Deleted the deprecated `semmle/code/java/security/OverlyLargeRangeQuery.qll`, `semmle/code/java/security/regexp/ExponentialBackTracking.qll`, `semmle/code/java/security/regexp/NfaUtils.qll`, and `semmle/code/java/security/regexp/NfaUtils.qll` files. diff --git a/java/ql/lib/change-notes/released/0.8.7.md b/java/ql/lib/change-notes/released/0.8.7.md new file mode 100644 index 000000000000..18fedb9d935c --- /dev/null +++ b/java/ql/lib/change-notes/released/0.8.7.md @@ -0,0 +1,25 @@ +## 0.8.7 + +### New Features + +* Added a new library `semmle.code.java.security.Sanitizers` which contains a new sanitizer class `SimpleTypeSanitizer`, which represents nodes which cannot realistically carry taint for most queries (e.g. primitives, their boxed equivalents, and numeric types). +* Converted definitions of `isBarrier` and sanitizer classes to use `SimpleTypeSanitizer` instead of checking if `node.getType()` is `PrimitiveType` or `BoxedType`. + +### Minor Analysis Improvements + +* Deleted many deprecated predicates and classes with uppercase `EJB`, `JMX`, `NFE`, `DNS` etc. in their names. Use the PascalCased versions instead. +* Deleted the deprecated `semmle/code/java/security/OverlyLargeRangeQuery.qll`, `semmle/code/java/security/regexp/ExponentialBackTracking.qll`, `semmle/code/java/security/regexp/NfaUtils.qll`, and `semmle/code/java/security/regexp/NfaUtils.qll` files. +* Improved models for `java.lang.Throwable` and `java.lang.Exception`, and the `valueOf` method of `java.lang.String`. +* Added taint tracking for the following GSON methods: + * `com.google.gson.stream.JsonReader` constructor + * `com.google.gson.stream.JsonWriter` constructor + * `com.google.gson.JsonObject.getAsJsonArray` + * `com.google.gson.JsonObject.getAsJsonObject` + * `com.google.gson.JsonObject.getAsJsonPrimitive` + * `com.google.gson.JsonParser.parseReader` + * `com.google.gson.JsonParser.parseString` +* Added a dataflow model for `java.awt.Desktop.browse(URI)`. + +### Bug Fixes + +* Fixed regular expressions containing flags not being parsed correctly in some cases. diff --git a/java/ql/lib/codeql-pack.release.yml b/java/ql/lib/codeql-pack.release.yml index d67c1aac29de..2ef6dc421f30 100644 --- a/java/ql/lib/codeql-pack.release.yml +++ b/java/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.6 +lastReleaseVersion: 0.8.7 diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index 2c70000e4da7..2854cfbd8cfe 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 0.8.7-dev +version: 0.8.7 groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/CHANGELOG.md b/java/ql/src/CHANGELOG.md index 89a3d694649d..84096230dd17 100644 --- a/java/ql/src/CHANGELOG.md +++ b/java/ql/src/CHANGELOG.md @@ -1,3 +1,13 @@ +## 0.8.7 + +### New Queries + +* Added the `java/exec-tainted-environment` query, to detect the injection of environment variables names or values from remote input. + +### Minor Analysis Improvements + +* A manual neutral summary model for a callable now blocks all generated summary models for that callable from having any effect. + ## 0.8.6 ### Deprecated Queries diff --git a/java/ql/src/change-notes/2024-01-09-environment-variable-injection-query.md b/java/ql/src/change-notes/2024-01-09-environment-variable-injection-query.md deleted file mode 100644 index 9fe73afb98c0..000000000000 --- a/java/ql/src/change-notes/2024-01-09-environment-variable-injection-query.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: newQuery ---- -* Added the `java/exec-tainted-environment` query, to detect the injection of environment variables names or values from remote input. - diff --git a/java/ql/src/change-notes/2024-01-11-manual-neutral-model-blocks-generated-models.md b/java/ql/src/change-notes/2024-01-11-manual-neutral-model-blocks-generated-models.md deleted file mode 100644 index bdc5c1b0f2d0..000000000000 --- a/java/ql/src/change-notes/2024-01-11-manual-neutral-model-blocks-generated-models.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* A manual neutral summary model for a callable now blocks all generated summary models for that callable from having any effect. diff --git a/java/ql/src/change-notes/released/0.8.7.md b/java/ql/src/change-notes/released/0.8.7.md new file mode 100644 index 000000000000..1069b48a0ebe --- /dev/null +++ b/java/ql/src/change-notes/released/0.8.7.md @@ -0,0 +1,9 @@ +## 0.8.7 + +### New Queries + +* Added the `java/exec-tainted-environment` query, to detect the injection of environment variables names or values from remote input. + +### Minor Analysis Improvements + +* A manual neutral summary model for a callable now blocks all generated summary models for that callable from having any effect. diff --git a/java/ql/src/codeql-pack.release.yml b/java/ql/src/codeql-pack.release.yml index d67c1aac29de..2ef6dc421f30 100644 --- a/java/ql/src/codeql-pack.release.yml +++ b/java/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.6 +lastReleaseVersion: 0.8.7 diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index 9f4e3f937df2..315f8b0e4d11 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 0.8.7-dev +version: 0.8.7 groups: - java - queries diff --git a/javascript/ql/lib/CHANGELOG.md b/javascript/ql/lib/CHANGELOG.md index c963c1fd4ab7..29005b5ce877 100644 --- a/javascript/ql/lib/CHANGELOG.md +++ b/javascript/ql/lib/CHANGELOG.md @@ -1,3 +1,15 @@ +## 0.8.7 + +### Minor Analysis Improvements + +* Deleted many deprecated predicates and classes with uppercase `CPU`, `TLD`, `SSA`, `ASM` etc. in their names. Use the PascalCased versions instead. +* Deleted the deprecated `getMessageSuffix` predicates in `CodeInjectionCustomizations.qll`. +* Deleted the deprecated `semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedData.qll` file. +* Deleted the deprecated `getANonHtmlHeaderDefinition` and `nonHtmlContentTypeHeader` predicates from `ReflectedXssCustomizations.qll`. +* Deleted the deprecated `semmle/javascript/security/OverlyLargeRangeQuery.qll`, `semmle/javascript/security/regexp/ExponentialBackTracking.qll`, `semmle/javascript/security/regexp/NfaUtils.qll`, and `semmle/javascript/security/regexp/NfaUtils.qll` files. +* Deleted the deprecated `Expressions/TypoDatabase.qll` file. +* The diagnostic query `js/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned JavaScript and TypeScript files, now considers any JavaScript and TypeScript file seen during extraction, even one with some errors, to be extracted / scanned. + ## 0.8.6 No user-facing changes. diff --git a/javascript/ql/lib/change-notes/2024-01-17-successfully-extracted-diagnostic.md b/javascript/ql/lib/change-notes/2024-01-17-successfully-extracted-diagnostic.md deleted file mode 100644 index 16eb835b3a06..000000000000 --- a/javascript/ql/lib/change-notes/2024-01-17-successfully-extracted-diagnostic.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The diagnostic query `js/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned JavaScript and TypeScript files, now considers any JavaScript and TypeScript file seen during extraction, even one with some errors, to be extracted / scanned. \ No newline at end of file diff --git a/javascript/ql/lib/change-notes/2024-01-22-outdated-deprecations.md b/javascript/ql/lib/change-notes/released/0.8.7.md similarity index 71% rename from javascript/ql/lib/change-notes/2024-01-22-outdated-deprecations.md rename to javascript/ql/lib/change-notes/released/0.8.7.md index 98eb2f1d8f4c..79a14dc3d7d7 100644 --- a/javascript/ql/lib/change-notes/2024-01-22-outdated-deprecations.md +++ b/javascript/ql/lib/change-notes/released/0.8.7.md @@ -1,9 +1,11 @@ ---- -category: minorAnalysis ---- +## 0.8.7 + +### Minor Analysis Improvements + * Deleted many deprecated predicates and classes with uppercase `CPU`, `TLD`, `SSA`, `ASM` etc. in their names. Use the PascalCased versions instead. * Deleted the deprecated `getMessageSuffix` predicates in `CodeInjectionCustomizations.qll`. * Deleted the deprecated `semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedData.qll` file. * Deleted the deprecated `getANonHtmlHeaderDefinition` and `nonHtmlContentTypeHeader` predicates from `ReflectedXssCustomizations.qll`. * Deleted the deprecated `semmle/javascript/security/OverlyLargeRangeQuery.qll`, `semmle/javascript/security/regexp/ExponentialBackTracking.qll`, `semmle/javascript/security/regexp/NfaUtils.qll`, and `semmle/javascript/security/regexp/NfaUtils.qll` files. * Deleted the deprecated `Expressions/TypoDatabase.qll` file. +* The diagnostic query `js/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned JavaScript and TypeScript files, now considers any JavaScript and TypeScript file seen during extraction, even one with some errors, to be extracted / scanned. diff --git a/javascript/ql/lib/codeql-pack.release.yml b/javascript/ql/lib/codeql-pack.release.yml index d67c1aac29de..2ef6dc421f30 100644 --- a/javascript/ql/lib/codeql-pack.release.yml +++ b/javascript/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.6 +lastReleaseVersion: 0.8.7 diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index e6494d64d9a5..a4ff756b9a24 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 0.8.7-dev +version: 0.8.7 groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/CHANGELOG.md b/javascript/ql/src/CHANGELOG.md index 3e8696d3fb10..ba868a7d629a 100644 --- a/javascript/ql/src/CHANGELOG.md +++ b/javascript/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.8.7 + +### Minor Analysis Improvements + +* Added support for [doT](https://github.com/olado/doT) templates. + ## 0.8.6 No user-facing changes. diff --git a/javascript/ql/src/change-notes/2023-12-18-dot-templates.md b/javascript/ql/src/change-notes/released/0.8.7.md similarity index 61% rename from javascript/ql/src/change-notes/2023-12-18-dot-templates.md rename to javascript/ql/src/change-notes/released/0.8.7.md index a710ee590328..0baf6adcf941 100644 --- a/javascript/ql/src/change-notes/2023-12-18-dot-templates.md +++ b/javascript/ql/src/change-notes/released/0.8.7.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 0.8.7 + +### Minor Analysis Improvements + * Added support for [doT](https://github.com/olado/doT) templates. diff --git a/javascript/ql/src/codeql-pack.release.yml b/javascript/ql/src/codeql-pack.release.yml index d67c1aac29de..2ef6dc421f30 100644 --- a/javascript/ql/src/codeql-pack.release.yml +++ b/javascript/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.6 +lastReleaseVersion: 0.8.7 diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index 96edbefafe69..ed205e7db4ca 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 0.8.7-dev +version: 0.8.7 groups: - javascript - queries diff --git a/misc/suite-helpers/CHANGELOG.md b/misc/suite-helpers/CHANGELOG.md index 5fd816aeb8c3..1c10493c9e76 100644 --- a/misc/suite-helpers/CHANGELOG.md +++ b/misc/suite-helpers/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.7.7 + +No user-facing changes. + ## 0.7.6 No user-facing changes. diff --git a/misc/suite-helpers/change-notes/released/0.7.7.md b/misc/suite-helpers/change-notes/released/0.7.7.md new file mode 100644 index 000000000000..385342f72148 --- /dev/null +++ b/misc/suite-helpers/change-notes/released/0.7.7.md @@ -0,0 +1,3 @@ +## 0.7.7 + +No user-facing changes. diff --git a/misc/suite-helpers/codeql-pack.release.yml b/misc/suite-helpers/codeql-pack.release.yml index 863f5a24cd20..89cc2330c109 100644 --- a/misc/suite-helpers/codeql-pack.release.yml +++ b/misc/suite-helpers/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.6 +lastReleaseVersion: 0.7.7 diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml index 8c0470c0a3b9..5341f14e0985 100644 --- a/misc/suite-helpers/qlpack.yml +++ b/misc/suite-helpers/qlpack.yml @@ -1,4 +1,4 @@ name: codeql/suite-helpers -version: 0.7.7-dev +version: 0.7.7 groups: shared warnOnImplicitThis: true diff --git a/python/ql/lib/CHANGELOG.md b/python/ql/lib/CHANGELOG.md index f9f4fc8c8a46..ca684c593203 100644 --- a/python/ql/lib/CHANGELOG.md +++ b/python/ql/lib/CHANGELOG.md @@ -1,3 +1,14 @@ +## 0.11.7 + +### Minor Analysis Improvements + +* Deleted many deprecated predicates and classes with uppercase `LDAP`, `HTTP`, `URL`, `CGI` etc. in their names. Use the PascalCased versions instead. +* Deleted the deprecated `localSourceStoreStep` predicate, use `flowsToStoreStep` instead. +* Deleted the deprecated `iteration_defined_variable` predicate from the `SSA` library. +* Deleted various deprecated predicates from the points-to libraries. +* Deleted the deprecated `semmle/python/security/OverlyLargeRangeQuery.qll`, `semmle/python/security/regexp/ExponentialBackTracking.qll`, `semmle/python/security/regexp/NfaUtils.qll`, and `semmle/python/security/regexp/NfaUtils.qll` files. +* The diagnostic query `py/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned Python files, now considers any Python file seen during extraction, even one with some errors, to be extracted / scanned. + ## 0.11.6 ### Major Analysis Improvements diff --git a/python/ql/lib/change-notes/2024-01-17-successfully-extracted-diagnostic.md b/python/ql/lib/change-notes/2024-01-17-successfully-extracted-diagnostic.md deleted file mode 100644 index 0bf607e73438..000000000000 --- a/python/ql/lib/change-notes/2024-01-17-successfully-extracted-diagnostic.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The diagnostic query `py/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned Python files, now considers any Python file seen during extraction, even one with some errors, to be extracted / scanned. \ No newline at end of file diff --git a/python/ql/lib/change-notes/2024-01-22-outdated-deprecations.md b/python/ql/lib/change-notes/released/0.11.7.md similarity index 68% rename from python/ql/lib/change-notes/2024-01-22-outdated-deprecations.md rename to python/ql/lib/change-notes/released/0.11.7.md index e3dce6a5ccd3..f2a8784113d4 100644 --- a/python/ql/lib/change-notes/2024-01-22-outdated-deprecations.md +++ b/python/ql/lib/change-notes/released/0.11.7.md @@ -1,8 +1,10 @@ ---- -category: minorAnalysis ---- +## 0.11.7 + +### Minor Analysis Improvements + * Deleted many deprecated predicates and classes with uppercase `LDAP`, `HTTP`, `URL`, `CGI` etc. in their names. Use the PascalCased versions instead. * Deleted the deprecated `localSourceStoreStep` predicate, use `flowsToStoreStep` instead. * Deleted the deprecated `iteration_defined_variable` predicate from the `SSA` library. * Deleted various deprecated predicates from the points-to libraries. * Deleted the deprecated `semmle/python/security/OverlyLargeRangeQuery.qll`, `semmle/python/security/regexp/ExponentialBackTracking.qll`, `semmle/python/security/regexp/NfaUtils.qll`, and `semmle/python/security/regexp/NfaUtils.qll` files. +* The diagnostic query `py/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned Python files, now considers any Python file seen during extraction, even one with some errors, to be extracted / scanned. diff --git a/python/ql/lib/codeql-pack.release.yml b/python/ql/lib/codeql-pack.release.yml index 100225af99d3..59fa16251b6e 100644 --- a/python/ql/lib/codeql-pack.release.yml +++ b/python/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.11.6 +lastReleaseVersion: 0.11.7 diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index 78e859e46490..4c3af155e2f3 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 0.11.7-dev +version: 0.11.7 groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/CHANGELOG.md b/python/ql/src/CHANGELOG.md index ade5cb0cc54d..b42dcfd8b31b 100644 --- a/python/ql/src/CHANGELOG.md +++ b/python/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.9.7 + +### Minor Analysis Improvements + +- Added modeling of YARL's `is_absolute` method and checks of the `netloc` of a parsed URL as sanitizers for the `py/url-redirection` query, leading to fewer false positives. + ## 0.9.6 No user-facing changes. diff --git a/python/ql/src/change-notes/2023-12-21-url-redirect-more-sanitizers.md b/python/ql/src/change-notes/released/0.9.7.md similarity index 80% rename from python/ql/src/change-notes/2023-12-21-url-redirect-more-sanitizers.md rename to python/ql/src/change-notes/released/0.9.7.md index 9c731aa1cee7..67c13ecd4c51 100644 --- a/python/ql/src/change-notes/2023-12-21-url-redirect-more-sanitizers.md +++ b/python/ql/src/change-notes/released/0.9.7.md @@ -1,5 +1,5 @@ ---- -category: minorAnalysis ---- +## 0.9.7 + +### Minor Analysis Improvements - Added modeling of YARL's `is_absolute` method and checks of the `netloc` of a parsed URL as sanitizers for the `py/url-redirection` query, leading to fewer false positives. diff --git a/python/ql/src/codeql-pack.release.yml b/python/ql/src/codeql-pack.release.yml index 19139c132b2d..0921a4382544 100644 --- a/python/ql/src/codeql-pack.release.yml +++ b/python/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.9.6 +lastReleaseVersion: 0.9.7 diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index b55fb9e2c5b8..c91d3d4fbb8e 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 0.9.7-dev +version: 0.9.7 groups: - python - queries diff --git a/ruby/ql/lib/CHANGELOG.md b/ruby/ql/lib/CHANGELOG.md index 4a2cc6d2e24c..e9e4507d8df7 100644 --- a/ruby/ql/lib/CHANGELOG.md +++ b/ruby/ql/lib/CHANGELOG.md @@ -1,3 +1,17 @@ +## 0.8.7 + +### Minor Analysis Improvements + +* Deleted many deprecated predicates and classes with uppercase `HTTP`, `CSRF`, ``, `` etc. in their names. Use the PascalCased versions instead. +* Deleted the deprecated `getAUse` and `getARhs` predicates from `API::Node`, use `getASource` and `getASink` instead. +* Deleted the deprecated `disablesCertificateValidation` predicate from the `Http` module. +* Deleted the deprecated `ParamsCall`, `CookiesCall`, and `ActionControllerControllerClass` classes from `ActionController.qll`, use the simarly named classes from `codeql.ruby.frameworks.Rails::Rails` instead. +* Deleted the deprecated `HtmlSafeCall`, `HtmlEscapeCall`, `RenderCall`, and `RenderToCall` classes from `ActionView.qll`, use the simarly named classes from `codeql.ruby.frameworks.Rails::Rails` instead. +* Deleted the deprecated `HtmlSafeCall` class from `Rails.qll`. +* Deleted the deprecated `codeql/ruby/security/BadTagFilterQuery.qll`, `codeql/ruby/security/OverlyLargeRangeQuery.qll`, `codeql/ruby/security/regexp/ExponentialBackTracking.qll`, `codeql/ruby/security/regexp/NfaUtils.qll`, `codeql/ruby/security/regexp/RegexpMatching.qll`, and `codeql/ruby/security/regexp/SuperlinearBackTracking.qll` files. +* Deleted the deprecated `localSourceStoreStep` predicate from `TypeTracker.qll`, use `flowsToStoreStep` instead. +* The diagnostic query `rb/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned Ruby files, now considers any Ruby file seen during extraction, even one with some errors, to be extracted / scanned. + ## 0.8.6 ### Minor Analysis Improvements diff --git a/ruby/ql/lib/change-notes/2024-01-17-successfully-extracted-diagnostic.md b/ruby/ql/lib/change-notes/2024-01-17-successfully-extracted-diagnostic.md deleted file mode 100644 index 7e1ce1c3488d..000000000000 --- a/ruby/ql/lib/change-notes/2024-01-17-successfully-extracted-diagnostic.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The diagnostic query `rb/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned Ruby files, now considers any Ruby file seen during extraction, even one with some errors, to be extracted / scanned. \ No newline at end of file diff --git a/ruby/ql/lib/change-notes/2024-01-22-outdated-deprecations.md b/ruby/ql/lib/change-notes/released/0.8.7.md similarity index 78% rename from ruby/ql/lib/change-notes/2024-01-22-outdated-deprecations.md rename to ruby/ql/lib/change-notes/released/0.8.7.md index c57e54712f67..454ab2b2c976 100644 --- a/ruby/ql/lib/change-notes/2024-01-22-outdated-deprecations.md +++ b/ruby/ql/lib/change-notes/released/0.8.7.md @@ -1,6 +1,7 @@ ---- -category: minorAnalysis ---- +## 0.8.7 + +### Minor Analysis Improvements + * Deleted many deprecated predicates and classes with uppercase `HTTP`, `CSRF`, ``, `` etc. in their names. Use the PascalCased versions instead. * Deleted the deprecated `getAUse` and `getARhs` predicates from `API::Node`, use `getASource` and `getASink` instead. * Deleted the deprecated `disablesCertificateValidation` predicate from the `Http` module. @@ -8,4 +9,5 @@ category: minorAnalysis * Deleted the deprecated `HtmlSafeCall`, `HtmlEscapeCall`, `RenderCall`, and `RenderToCall` classes from `ActionView.qll`, use the simarly named classes from `codeql.ruby.frameworks.Rails::Rails` instead. * Deleted the deprecated `HtmlSafeCall` class from `Rails.qll`. * Deleted the deprecated `codeql/ruby/security/BadTagFilterQuery.qll`, `codeql/ruby/security/OverlyLargeRangeQuery.qll`, `codeql/ruby/security/regexp/ExponentialBackTracking.qll`, `codeql/ruby/security/regexp/NfaUtils.qll`, `codeql/ruby/security/regexp/RegexpMatching.qll`, and `codeql/ruby/security/regexp/SuperlinearBackTracking.qll` files. -* Deleted the deprecated `localSourceStoreStep` predicate from `TypeTracker.qll`, use `flowsToStoreStep` instead. \ No newline at end of file +* Deleted the deprecated `localSourceStoreStep` predicate from `TypeTracker.qll`, use `flowsToStoreStep` instead. +* The diagnostic query `rb/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned Ruby files, now considers any Ruby file seen during extraction, even one with some errors, to be extracted / scanned. diff --git a/ruby/ql/lib/codeql-pack.release.yml b/ruby/ql/lib/codeql-pack.release.yml index d67c1aac29de..2ef6dc421f30 100644 --- a/ruby/ql/lib/codeql-pack.release.yml +++ b/ruby/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.6 +lastReleaseVersion: 0.8.7 diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index 026be203d9ab..81a2235285f8 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 0.8.7-dev +version: 0.8.7 groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/CHANGELOG.md b/ruby/ql/src/CHANGELOG.md index 7d5c2de21319..05a89118b05f 100644 --- a/ruby/ql/src/CHANGELOG.md +++ b/ruby/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.8.7 + +No user-facing changes. + ## 0.8.6 No user-facing changes. diff --git a/ruby/ql/src/change-notes/released/0.8.7.md b/ruby/ql/src/change-notes/released/0.8.7.md new file mode 100644 index 000000000000..65a3c3ae5cdf --- /dev/null +++ b/ruby/ql/src/change-notes/released/0.8.7.md @@ -0,0 +1,3 @@ +## 0.8.7 + +No user-facing changes. diff --git a/ruby/ql/src/codeql-pack.release.yml b/ruby/ql/src/codeql-pack.release.yml index d67c1aac29de..2ef6dc421f30 100644 --- a/ruby/ql/src/codeql-pack.release.yml +++ b/ruby/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.6 +lastReleaseVersion: 0.8.7 diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index eb204a2988d8..6cef7a2129b2 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 0.8.7-dev +version: 0.8.7 groups: - ruby - queries diff --git a/shared/controlflow/CHANGELOG.md b/shared/controlflow/CHANGELOG.md index 71269fe4ba88..6635db28abc8 100644 --- a/shared/controlflow/CHANGELOG.md +++ b/shared/controlflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.7 + +No user-facing changes. + ## 0.1.6 No user-facing changes. diff --git a/shared/controlflow/change-notes/released/0.1.7.md b/shared/controlflow/change-notes/released/0.1.7.md new file mode 100644 index 000000000000..49dc15228e3d --- /dev/null +++ b/shared/controlflow/change-notes/released/0.1.7.md @@ -0,0 +1,3 @@ +## 0.1.7 + +No user-facing changes. diff --git a/shared/controlflow/codeql-pack.release.yml b/shared/controlflow/codeql-pack.release.yml index d271632b3dde..949d4c64c66f 100644 --- a/shared/controlflow/codeql-pack.release.yml +++ b/shared/controlflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.6 +lastReleaseVersion: 0.1.7 diff --git a/shared/controlflow/qlpack.yml b/shared/controlflow/qlpack.yml index b70a8b5a307c..cada45f48545 100644 --- a/shared/controlflow/qlpack.yml +++ b/shared/controlflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/controlflow -version: 0.1.7-dev +version: 0.1.7 groups: shared library: true dependencies: diff --git a/shared/dataflow/CHANGELOG.md b/shared/dataflow/CHANGELOG.md index a996595df47a..c537cb3bb8e8 100644 --- a/shared/dataflow/CHANGELOG.md +++ b/shared/dataflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.7 + +No user-facing changes. + ## 0.1.6 ### Deprecated APIs diff --git a/shared/dataflow/change-notes/released/0.1.7.md b/shared/dataflow/change-notes/released/0.1.7.md new file mode 100644 index 000000000000..49dc15228e3d --- /dev/null +++ b/shared/dataflow/change-notes/released/0.1.7.md @@ -0,0 +1,3 @@ +## 0.1.7 + +No user-facing changes. diff --git a/shared/dataflow/codeql-pack.release.yml b/shared/dataflow/codeql-pack.release.yml index d271632b3dde..949d4c64c66f 100644 --- a/shared/dataflow/codeql-pack.release.yml +++ b/shared/dataflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.6 +lastReleaseVersion: 0.1.7 diff --git a/shared/dataflow/qlpack.yml b/shared/dataflow/qlpack.yml index 54c411fd27db..d9d8512e659a 100644 --- a/shared/dataflow/qlpack.yml +++ b/shared/dataflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/dataflow -version: 0.1.7-dev +version: 0.1.7 groups: shared library: true dependencies: diff --git a/shared/mad/CHANGELOG.md b/shared/mad/CHANGELOG.md index 514ddda4d2b1..438ce8241a69 100644 --- a/shared/mad/CHANGELOG.md +++ b/shared/mad/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.7 + +No user-facing changes. + ## 0.2.6 No user-facing changes. diff --git a/shared/mad/change-notes/released/0.2.7.md b/shared/mad/change-notes/released/0.2.7.md new file mode 100644 index 000000000000..80b98e73c702 --- /dev/null +++ b/shared/mad/change-notes/released/0.2.7.md @@ -0,0 +1,3 @@ +## 0.2.7 + +No user-facing changes. diff --git a/shared/mad/codeql-pack.release.yml b/shared/mad/codeql-pack.release.yml index 248dd0f4594b..6d3c0021858b 100644 --- a/shared/mad/codeql-pack.release.yml +++ b/shared/mad/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.6 +lastReleaseVersion: 0.2.7 diff --git a/shared/mad/qlpack.yml b/shared/mad/qlpack.yml index 09bfb3de3d65..c0e173edbbb7 100644 --- a/shared/mad/qlpack.yml +++ b/shared/mad/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/mad -version: 0.2.7-dev +version: 0.2.7 groups: shared library: true dependencies: null diff --git a/shared/rangeanalysis/CHANGELOG.md b/shared/rangeanalysis/CHANGELOG.md index 381b7ea88408..6f334d57356f 100644 --- a/shared/rangeanalysis/CHANGELOG.md +++ b/shared/rangeanalysis/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.6 + +No user-facing changes. + ## 0.0.5 No user-facing changes. diff --git a/shared/rangeanalysis/change-notes/released/0.0.6.md b/shared/rangeanalysis/change-notes/released/0.0.6.md new file mode 100644 index 000000000000..ccbce856079d --- /dev/null +++ b/shared/rangeanalysis/change-notes/released/0.0.6.md @@ -0,0 +1,3 @@ +## 0.0.6 + +No user-facing changes. diff --git a/shared/rangeanalysis/codeql-pack.release.yml b/shared/rangeanalysis/codeql-pack.release.yml index bb45a1ab0182..cf398ce02aa4 100644 --- a/shared/rangeanalysis/codeql-pack.release.yml +++ b/shared/rangeanalysis/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.5 +lastReleaseVersion: 0.0.6 diff --git a/shared/rangeanalysis/qlpack.yml b/shared/rangeanalysis/qlpack.yml index ab5974524f2f..5405046e6a74 100644 --- a/shared/rangeanalysis/qlpack.yml +++ b/shared/rangeanalysis/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rangeanalysis -version: 0.0.6-dev +version: 0.0.6 groups: shared library: true dependencies: diff --git a/shared/regex/CHANGELOG.md b/shared/regex/CHANGELOG.md index 04bb2adcc0ab..267288c38df8 100644 --- a/shared/regex/CHANGELOG.md +++ b/shared/regex/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.7 + +No user-facing changes. + ## 0.2.6 No user-facing changes. diff --git a/shared/regex/change-notes/released/0.2.7.md b/shared/regex/change-notes/released/0.2.7.md new file mode 100644 index 000000000000..80b98e73c702 --- /dev/null +++ b/shared/regex/change-notes/released/0.2.7.md @@ -0,0 +1,3 @@ +## 0.2.7 + +No user-facing changes. diff --git a/shared/regex/codeql-pack.release.yml b/shared/regex/codeql-pack.release.yml index 248dd0f4594b..6d3c0021858b 100644 --- a/shared/regex/codeql-pack.release.yml +++ b/shared/regex/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.6 +lastReleaseVersion: 0.2.7 diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml index c8db4fc8b891..daf8890cc4c7 100644 --- a/shared/regex/qlpack.yml +++ b/shared/regex/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/regex -version: 0.2.7-dev +version: 0.2.7 groups: shared library: true dependencies: diff --git a/shared/ssa/CHANGELOG.md b/shared/ssa/CHANGELOG.md index 3ba7f8edce16..8a920eb7bedd 100644 --- a/shared/ssa/CHANGELOG.md +++ b/shared/ssa/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.2.7 + +### Minor Analysis Improvements + +* Deleted the deprecated `adjacentDefNoUncertainReads`, `lastRefRedefNoUncertainReads`, and `lastRefNoUncertainReads` predicates. + ## 0.2.6 No user-facing changes. diff --git a/shared/ssa/change-notes/2024-01-22-outdated-deprecations.md b/shared/ssa/change-notes/released/0.2.7.md similarity index 73% rename from shared/ssa/change-notes/2024-01-22-outdated-deprecations.md rename to shared/ssa/change-notes/released/0.2.7.md index c1a3deabd2de..f47b6b30aed0 100644 --- a/shared/ssa/change-notes/2024-01-22-outdated-deprecations.md +++ b/shared/ssa/change-notes/released/0.2.7.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- -* Deleted the deprecated `adjacentDefNoUncertainReads`, `lastRefRedefNoUncertainReads`, and `lastRefNoUncertainReads` predicates. \ No newline at end of file +## 0.2.7 + +### Minor Analysis Improvements + +* Deleted the deprecated `adjacentDefNoUncertainReads`, `lastRefRedefNoUncertainReads`, and `lastRefNoUncertainReads` predicates. diff --git a/shared/ssa/codeql-pack.release.yml b/shared/ssa/codeql-pack.release.yml index 248dd0f4594b..6d3c0021858b 100644 --- a/shared/ssa/codeql-pack.release.yml +++ b/shared/ssa/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.6 +lastReleaseVersion: 0.2.7 diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml index 5a9c880c1981..bb08329f5e97 100644 --- a/shared/ssa/qlpack.yml +++ b/shared/ssa/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ssa -version: 0.2.7-dev +version: 0.2.7 groups: shared library: true dependencies: diff --git a/shared/threat-models/CHANGELOG.md b/shared/threat-models/CHANGELOG.md index 9b269441c000..ad2e63eb4709 100644 --- a/shared/threat-models/CHANGELOG.md +++ b/shared/threat-models/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.6 + +No user-facing changes. + ## 0.0.5 No user-facing changes. diff --git a/shared/threat-models/change-notes/released/0.0.6.md b/shared/threat-models/change-notes/released/0.0.6.md new file mode 100644 index 000000000000..ccbce856079d --- /dev/null +++ b/shared/threat-models/change-notes/released/0.0.6.md @@ -0,0 +1,3 @@ +## 0.0.6 + +No user-facing changes. diff --git a/shared/threat-models/codeql-pack.release.yml b/shared/threat-models/codeql-pack.release.yml index bb45a1ab0182..cf398ce02aa4 100644 --- a/shared/threat-models/codeql-pack.release.yml +++ b/shared/threat-models/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.5 +lastReleaseVersion: 0.0.6 diff --git a/shared/threat-models/qlpack.yml b/shared/threat-models/qlpack.yml index 4db8c6ee2fd4..8167833d8b1b 100644 --- a/shared/threat-models/qlpack.yml +++ b/shared/threat-models/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/threat-models -version: 0.0.6-dev +version: 0.0.6 library: true groups: shared dataExtensions: diff --git a/shared/tutorial/CHANGELOG.md b/shared/tutorial/CHANGELOG.md index 1523a1599c21..d89b3171dc64 100644 --- a/shared/tutorial/CHANGELOG.md +++ b/shared/tutorial/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.7 + +No user-facing changes. + ## 0.2.6 No user-facing changes. diff --git a/shared/tutorial/change-notes/released/0.2.7.md b/shared/tutorial/change-notes/released/0.2.7.md new file mode 100644 index 000000000000..80b98e73c702 --- /dev/null +++ b/shared/tutorial/change-notes/released/0.2.7.md @@ -0,0 +1,3 @@ +## 0.2.7 + +No user-facing changes. diff --git a/shared/tutorial/codeql-pack.release.yml b/shared/tutorial/codeql-pack.release.yml index 248dd0f4594b..6d3c0021858b 100644 --- a/shared/tutorial/codeql-pack.release.yml +++ b/shared/tutorial/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.6 +lastReleaseVersion: 0.2.7 diff --git a/shared/tutorial/qlpack.yml b/shared/tutorial/qlpack.yml index 992f83d7dd35..5a2e85a176d6 100644 --- a/shared/tutorial/qlpack.yml +++ b/shared/tutorial/qlpack.yml @@ -1,7 +1,7 @@ name: codeql/tutorial description: Library for the CodeQL detective tutorials, helping new users learn to write CodeQL queries. -version: 0.2.7-dev +version: 0.2.7 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/typetracking/CHANGELOG.md b/shared/typetracking/CHANGELOG.md index a8639d1de49a..b47b17710e8b 100644 --- a/shared/typetracking/CHANGELOG.md +++ b/shared/typetracking/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.7 + +No user-facing changes. + ## 0.2.6 No user-facing changes. diff --git a/shared/typetracking/change-notes/released/0.2.7.md b/shared/typetracking/change-notes/released/0.2.7.md new file mode 100644 index 000000000000..80b98e73c702 --- /dev/null +++ b/shared/typetracking/change-notes/released/0.2.7.md @@ -0,0 +1,3 @@ +## 0.2.7 + +No user-facing changes. diff --git a/shared/typetracking/codeql-pack.release.yml b/shared/typetracking/codeql-pack.release.yml index 248dd0f4594b..6d3c0021858b 100644 --- a/shared/typetracking/codeql-pack.release.yml +++ b/shared/typetracking/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.6 +lastReleaseVersion: 0.2.7 diff --git a/shared/typetracking/qlpack.yml b/shared/typetracking/qlpack.yml index 63dc62c9a91a..a2093adcc8ce 100644 --- a/shared/typetracking/qlpack.yml +++ b/shared/typetracking/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typetracking -version: 0.2.7-dev +version: 0.2.7 groups: shared library: true dependencies: diff --git a/shared/typos/CHANGELOG.md b/shared/typos/CHANGELOG.md index bd1c41f82970..101d57dbad8d 100644 --- a/shared/typos/CHANGELOG.md +++ b/shared/typos/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.7 + +No user-facing changes. + ## 0.2.6 No user-facing changes. diff --git a/shared/typos/change-notes/released/0.2.7.md b/shared/typos/change-notes/released/0.2.7.md new file mode 100644 index 000000000000..80b98e73c702 --- /dev/null +++ b/shared/typos/change-notes/released/0.2.7.md @@ -0,0 +1,3 @@ +## 0.2.7 + +No user-facing changes. diff --git a/shared/typos/codeql-pack.release.yml b/shared/typos/codeql-pack.release.yml index 248dd0f4594b..6d3c0021858b 100644 --- a/shared/typos/codeql-pack.release.yml +++ b/shared/typos/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.6 +lastReleaseVersion: 0.2.7 diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml index b9342d72242a..1304e33853ce 100644 --- a/shared/typos/qlpack.yml +++ b/shared/typos/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typos -version: 0.2.7-dev +version: 0.2.7 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/util/CHANGELOG.md b/shared/util/CHANGELOG.md index 677b82a2b4e6..edfa06a5da2d 100644 --- a/shared/util/CHANGELOG.md +++ b/shared/util/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.7 + +No user-facing changes. + ## 0.2.6 No user-facing changes. diff --git a/shared/util/change-notes/released/0.2.7.md b/shared/util/change-notes/released/0.2.7.md new file mode 100644 index 000000000000..80b98e73c702 --- /dev/null +++ b/shared/util/change-notes/released/0.2.7.md @@ -0,0 +1,3 @@ +## 0.2.7 + +No user-facing changes. diff --git a/shared/util/codeql-pack.release.yml b/shared/util/codeql-pack.release.yml index 248dd0f4594b..6d3c0021858b 100644 --- a/shared/util/codeql-pack.release.yml +++ b/shared/util/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.6 +lastReleaseVersion: 0.2.7 diff --git a/shared/util/qlpack.yml b/shared/util/qlpack.yml index 332d91969fbe..0d0c351da6a1 100644 --- a/shared/util/qlpack.yml +++ b/shared/util/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/util -version: 0.2.7-dev +version: 0.2.7 groups: shared library: true dependencies: null diff --git a/shared/yaml/CHANGELOG.md b/shared/yaml/CHANGELOG.md index e043461448eb..c5b3ec6b30e7 100644 --- a/shared/yaml/CHANGELOG.md +++ b/shared/yaml/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.7 + +No user-facing changes. + ## 0.2.6 No user-facing changes. diff --git a/shared/yaml/change-notes/released/0.2.7.md b/shared/yaml/change-notes/released/0.2.7.md new file mode 100644 index 000000000000..80b98e73c702 --- /dev/null +++ b/shared/yaml/change-notes/released/0.2.7.md @@ -0,0 +1,3 @@ +## 0.2.7 + +No user-facing changes. diff --git a/shared/yaml/codeql-pack.release.yml b/shared/yaml/codeql-pack.release.yml index 248dd0f4594b..6d3c0021858b 100644 --- a/shared/yaml/codeql-pack.release.yml +++ b/shared/yaml/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.6 +lastReleaseVersion: 0.2.7 diff --git a/shared/yaml/qlpack.yml b/shared/yaml/qlpack.yml index 23d8139aebb7..8bcfb231d100 100644 --- a/shared/yaml/qlpack.yml +++ b/shared/yaml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/yaml -version: 0.2.7-dev +version: 0.2.7 groups: shared library: true warnOnImplicitThis: true diff --git a/swift/ql/lib/CHANGELOG.md b/swift/ql/lib/CHANGELOG.md index 7236e3740d94..f06c4195a35a 100644 --- a/swift/ql/lib/CHANGELOG.md +++ b/swift/ql/lib/CHANGELOG.md @@ -1,3 +1,10 @@ +## 0.3.7 + +### Minor Analysis Improvements + +* Swift upgraded to 5.9.2 +* The control flow graph library (`codeql.swift.controlflow`) has been transitioned to use the shared implementation from the `codeql/controlflow` qlpack. No result changes are expected due to this change. + ## 0.3.6 ### Minor Analysis Improvements diff --git a/swift/ql/lib/change-notes/2024-01-09-swift-5.9.2.md b/swift/ql/lib/change-notes/2024-01-09-swift-5.9.2.md deleted file mode 100644 index ce39b42bc9e5..000000000000 --- a/swift/ql/lib/change-notes/2024-01-09-swift-5.9.2.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Swift upgraded to 5.9.2 diff --git a/swift/ql/lib/change-notes/2024-01-05-parameterized-cfg-library.md b/swift/ql/lib/change-notes/released/0.3.7.md similarity index 74% rename from swift/ql/lib/change-notes/2024-01-05-parameterized-cfg-library.md rename to swift/ql/lib/change-notes/released/0.3.7.md index 9d6f66173fdf..3b44a900b475 100644 --- a/swift/ql/lib/change-notes/2024-01-05-parameterized-cfg-library.md +++ b/swift/ql/lib/change-notes/released/0.3.7.md @@ -1,4 +1,6 @@ ---- -category: minorAnalysis ---- +## 0.3.7 + +### Minor Analysis Improvements + +* Swift upgraded to 5.9.2 * The control flow graph library (`codeql.swift.controlflow`) has been transitioned to use the shared implementation from the `codeql/controlflow` qlpack. No result changes are expected due to this change. diff --git a/swift/ql/lib/codeql-pack.release.yml b/swift/ql/lib/codeql-pack.release.yml index 7bbaa8987dd3..939934ffd005 100644 --- a/swift/ql/lib/codeql-pack.release.yml +++ b/swift/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.3.6 +lastReleaseVersion: 0.3.7 diff --git a/swift/ql/lib/qlpack.yml b/swift/ql/lib/qlpack.yml index 592a7d33bb97..35e9f92e73f8 100644 --- a/swift/ql/lib/qlpack.yml +++ b/swift/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-all -version: 0.3.7-dev +version: 0.3.7 groups: swift extractor: swift dbscheme: swift.dbscheme diff --git a/swift/ql/src/CHANGELOG.md b/swift/ql/src/CHANGELOG.md index 9ef921546760..ff380eb0b974 100644 --- a/swift/ql/src/CHANGELOG.md +++ b/swift/ql/src/CHANGELOG.md @@ -1,3 +1,13 @@ +## 0.3.7 + +### New Queries + +* Added new query "Use of an inappropriate cryptographic hashing algorithm on passwords" (`swift/weak-password-hashing`). This query detects use of inappropriate hashing algorithms for password hashing. Some of the results of this query are new, others would previously have been reported by the "Use of a broken or weak cryptographic hashing algorithm on sensitive data" (`swift/weak-sensitive-data-hashing`) query. + +### Minor Analysis Improvements + +* The diagnostic query `swift/diagnostics/successfully-extracted-files` now considers any Swift file seen during extraction, even one with some errors, to be extracted / scanned. This affects the Code Scanning UI measure of scanned Swift files. + ## 0.3.6 ### Minor Analysis Improvements diff --git a/swift/ql/src/change-notes/2024-01-19-extracted-files.md b/swift/ql/src/change-notes/2024-01-19-extracted-files.md deleted file mode 100644 index 3b773524a9f1..000000000000 --- a/swift/ql/src/change-notes/2024-01-19-extracted-files.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The diagnostic query `swift/diagnostics/successfully-extracted-files` now considers any Swift file seen during extraction, even one with some errors, to be extracted / scanned. This affects the Code Scanning UI measure of scanned Swift files. diff --git a/swift/ql/src/change-notes/2023-12-15-weak-password-hashing.md b/swift/ql/src/change-notes/released/0.3.7.md similarity index 57% rename from swift/ql/src/change-notes/2023-12-15-weak-password-hashing.md rename to swift/ql/src/change-notes/released/0.3.7.md index dfd81f471d0b..ddcc4fffcfe9 100644 --- a/swift/ql/src/change-notes/2023-12-15-weak-password-hashing.md +++ b/swift/ql/src/change-notes/released/0.3.7.md @@ -1,5 +1,9 @@ ---- -category: newQuery ---- +## 0.3.7 + +### New Queries * Added new query "Use of an inappropriate cryptographic hashing algorithm on passwords" (`swift/weak-password-hashing`). This query detects use of inappropriate hashing algorithms for password hashing. Some of the results of this query are new, others would previously have been reported by the "Use of a broken or weak cryptographic hashing algorithm on sensitive data" (`swift/weak-sensitive-data-hashing`) query. + +### Minor Analysis Improvements + +* The diagnostic query `swift/diagnostics/successfully-extracted-files` now considers any Swift file seen during extraction, even one with some errors, to be extracted / scanned. This affects the Code Scanning UI measure of scanned Swift files. diff --git a/swift/ql/src/codeql-pack.release.yml b/swift/ql/src/codeql-pack.release.yml index 7bbaa8987dd3..939934ffd005 100644 --- a/swift/ql/src/codeql-pack.release.yml +++ b/swift/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.3.6 +lastReleaseVersion: 0.3.7 diff --git a/swift/ql/src/qlpack.yml b/swift/ql/src/qlpack.yml index 09314f7dc00e..258b75da846b 100644 --- a/swift/ql/src/qlpack.yml +++ b/swift/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-queries -version: 0.3.7-dev +version: 0.3.7 groups: - swift - queries From d0b74c00fe67a8ec5a8b0443cd7fab3cb975588d Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Tue, 23 Jan 2024 23:02:29 +0000 Subject: [PATCH 2/2] Post-release preparation for codeql-cli-2.16.1 --- cpp/ql/lib/qlpack.yml | 2 +- cpp/ql/src/qlpack.yml | 2 +- csharp/ql/campaigns/Solorigate/lib/qlpack.yml | 2 +- csharp/ql/campaigns/Solorigate/src/qlpack.yml | 2 +- csharp/ql/lib/qlpack.yml | 2 +- csharp/ql/src/qlpack.yml | 2 +- go/ql/consistency-queries/qlpack.yml | 2 +- go/ql/lib/qlpack.yml | 2 +- go/ql/src/qlpack.yml | 2 +- java/ql/automodel/src/qlpack.yml | 2 +- java/ql/lib/qlpack.yml | 2 +- java/ql/src/qlpack.yml | 2 +- javascript/ql/lib/qlpack.yml | 2 +- javascript/ql/src/qlpack.yml | 2 +- misc/suite-helpers/qlpack.yml | 2 +- python/ql/lib/qlpack.yml | 2 +- python/ql/src/qlpack.yml | 2 +- ruby/ql/lib/qlpack.yml | 2 +- ruby/ql/src/qlpack.yml | 2 +- shared/controlflow/qlpack.yml | 2 +- shared/dataflow/qlpack.yml | 2 +- shared/mad/qlpack.yml | 2 +- shared/rangeanalysis/qlpack.yml | 2 +- shared/regex/qlpack.yml | 2 +- shared/ssa/qlpack.yml | 2 +- shared/threat-models/qlpack.yml | 2 +- shared/tutorial/qlpack.yml | 2 +- shared/typetracking/qlpack.yml | 2 +- shared/typos/qlpack.yml | 2 +- shared/util/qlpack.yml | 2 +- shared/yaml/qlpack.yml | 2 +- swift/ql/lib/qlpack.yml | 2 +- swift/ql/src/qlpack.yml | 2 +- 33 files changed, 33 insertions(+), 33 deletions(-) diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index d376016f96ad..f0479b167c69 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 0.12.4 +version: 0.12.5-dev groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index 9d7c65caebc2..a04a64686174 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 0.9.3 +version: 0.9.4-dev groups: - cpp - queries diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index 4216406af91d..56cadaf85345 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.7.7 +version: 1.7.8-dev groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index 82e85d24c161..0b783c75d5ae 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.7.7 +version: 1.7.8-dev groups: - csharp - solorigate diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index 9e263845ae96..9d8db7347cb7 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 0.8.7 +version: 0.8.8-dev groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index 5210814ce32a..c39739489933 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 0.8.7 +version: 0.8.8-dev groups: - csharp - queries diff --git a/go/ql/consistency-queries/qlpack.yml b/go/ql/consistency-queries/qlpack.yml index fd42ee80ed07..88886034408e 100644 --- a/go/ql/consistency-queries/qlpack.yml +++ b/go/ql/consistency-queries/qlpack.yml @@ -1,5 +1,5 @@ name: codeql-go-consistency-queries -version: 0.0.6 +version: 0.0.7-dev groups: - go - queries diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index 1e55bb5b26f5..67c991934e00 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 0.7.7 +version: 0.7.8-dev groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index f2d8263dedbb..a760c3429700 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 0.7.7 +version: 0.7.8-dev groups: - go - queries diff --git a/java/ql/automodel/src/qlpack.yml b/java/ql/automodel/src/qlpack.yml index be0d6df34036..0845b6f1761b 100644 --- a/java/ql/automodel/src/qlpack.yml +++ b/java/ql/automodel/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-automodel-queries -version: 0.0.13 +version: 0.0.14-dev groups: - java - automodel diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index 2854cfbd8cfe..62f4a0d7e962 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 0.8.7 +version: 0.8.8-dev groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index 315f8b0e4d11..4d0d39baca33 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 0.8.7 +version: 0.8.8-dev groups: - java - queries diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index a4ff756b9a24..bd0c1a815f39 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 0.8.7 +version: 0.8.8-dev groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index ed205e7db4ca..51a22b542e0b 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 0.8.7 +version: 0.8.8-dev groups: - javascript - queries diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml index 5341f14e0985..82d40178d7ed 100644 --- a/misc/suite-helpers/qlpack.yml +++ b/misc/suite-helpers/qlpack.yml @@ -1,4 +1,4 @@ name: codeql/suite-helpers -version: 0.7.7 +version: 0.7.8-dev groups: shared warnOnImplicitThis: true diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index 4c3af155e2f3..23bff260f7a1 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 0.11.7 +version: 0.11.8-dev groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index c91d3d4fbb8e..5de71eb6e3a6 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 0.9.7 +version: 0.9.8-dev groups: - python - queries diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index 81a2235285f8..8179ac539965 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 0.8.7 +version: 0.8.8-dev groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index 6cef7a2129b2..6891e0227d31 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 0.8.7 +version: 0.8.8-dev groups: - ruby - queries diff --git a/shared/controlflow/qlpack.yml b/shared/controlflow/qlpack.yml index cada45f48545..c6c4fb5f728c 100644 --- a/shared/controlflow/qlpack.yml +++ b/shared/controlflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/controlflow -version: 0.1.7 +version: 0.1.8-dev groups: shared library: true dependencies: diff --git a/shared/dataflow/qlpack.yml b/shared/dataflow/qlpack.yml index d9d8512e659a..91d1454351c5 100644 --- a/shared/dataflow/qlpack.yml +++ b/shared/dataflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/dataflow -version: 0.1.7 +version: 0.1.8-dev groups: shared library: true dependencies: diff --git a/shared/mad/qlpack.yml b/shared/mad/qlpack.yml index c0e173edbbb7..31a8e8b7534a 100644 --- a/shared/mad/qlpack.yml +++ b/shared/mad/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/mad -version: 0.2.7 +version: 0.2.8-dev groups: shared library: true dependencies: null diff --git a/shared/rangeanalysis/qlpack.yml b/shared/rangeanalysis/qlpack.yml index 5405046e6a74..6317ae4cac46 100644 --- a/shared/rangeanalysis/qlpack.yml +++ b/shared/rangeanalysis/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rangeanalysis -version: 0.0.6 +version: 0.0.7-dev groups: shared library: true dependencies: diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml index daf8890cc4c7..c75c3ca7b2db 100644 --- a/shared/regex/qlpack.yml +++ b/shared/regex/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/regex -version: 0.2.7 +version: 0.2.8-dev groups: shared library: true dependencies: diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml index bb08329f5e97..92717e37ccbb 100644 --- a/shared/ssa/qlpack.yml +++ b/shared/ssa/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ssa -version: 0.2.7 +version: 0.2.8-dev groups: shared library: true dependencies: diff --git a/shared/threat-models/qlpack.yml b/shared/threat-models/qlpack.yml index 8167833d8b1b..4fd423016e24 100644 --- a/shared/threat-models/qlpack.yml +++ b/shared/threat-models/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/threat-models -version: 0.0.6 +version: 0.0.7-dev library: true groups: shared dataExtensions: diff --git a/shared/tutorial/qlpack.yml b/shared/tutorial/qlpack.yml index 5a2e85a176d6..573d2d5e5bd4 100644 --- a/shared/tutorial/qlpack.yml +++ b/shared/tutorial/qlpack.yml @@ -1,7 +1,7 @@ name: codeql/tutorial description: Library for the CodeQL detective tutorials, helping new users learn to write CodeQL queries. -version: 0.2.7 +version: 0.2.8-dev groups: shared library: true warnOnImplicitThis: true diff --git a/shared/typetracking/qlpack.yml b/shared/typetracking/qlpack.yml index a2093adcc8ce..a35e17dee123 100644 --- a/shared/typetracking/qlpack.yml +++ b/shared/typetracking/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typetracking -version: 0.2.7 +version: 0.2.8-dev groups: shared library: true dependencies: diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml index 1304e33853ce..bc2565304e49 100644 --- a/shared/typos/qlpack.yml +++ b/shared/typos/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typos -version: 0.2.7 +version: 0.2.8-dev groups: shared library: true warnOnImplicitThis: true diff --git a/shared/util/qlpack.yml b/shared/util/qlpack.yml index 0d0c351da6a1..cddb6cc42f1d 100644 --- a/shared/util/qlpack.yml +++ b/shared/util/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/util -version: 0.2.7 +version: 0.2.8-dev groups: shared library: true dependencies: null diff --git a/shared/yaml/qlpack.yml b/shared/yaml/qlpack.yml index 8bcfb231d100..2680ca9cbb96 100644 --- a/shared/yaml/qlpack.yml +++ b/shared/yaml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/yaml -version: 0.2.7 +version: 0.2.8-dev groups: shared library: true warnOnImplicitThis: true diff --git a/swift/ql/lib/qlpack.yml b/swift/ql/lib/qlpack.yml index 35e9f92e73f8..bb5078ca42bd 100644 --- a/swift/ql/lib/qlpack.yml +++ b/swift/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-all -version: 0.3.7 +version: 0.3.8-dev groups: swift extractor: swift dbscheme: swift.dbscheme diff --git a/swift/ql/src/qlpack.yml b/swift/ql/src/qlpack.yml index 258b75da846b..e61def6dd277 100644 --- a/swift/ql/src/qlpack.yml +++ b/swift/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-queries -version: 0.3.7 +version: 0.3.8-dev groups: - swift - queries