From 019da8c287e7f4e107c28f145eced7097f8b95a6 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Wed, 7 Aug 2024 14:02:38 +0000 Subject: [PATCH] Release preparation for version 2.18.2 --- cpp/ql/lib/CHANGELOG.md | 15 +++++++++++++ .../2024-07-23-destroying-delete.md | 4 ---- .../2024-07-23-using-enum-declaration.md | 4 ---- .../2024-07-25-alias-analysis-perf.md | 4 ---- .../change-notes/2024-07-31-constexpr-if.md | 4 ---- .../2024-08-01-deduction-guide.md | 4 ---- .../change-notes/2024-08-01-explicit-bool.md | 5 ----- cpp/ql/lib/change-notes/released/1.4.0.md | 14 +++++++++++++ cpp/ql/lib/codeql-pack.release.yml | 2 +- cpp/ql/lib/qlpack.yml | 2 +- cpp/ql/src/CHANGELOG.md | 13 ++++++++++++ ...fference-expression-compared-zero-query.md | 4 ---- ...-22-incorrect-allocation-error-handling.md | 4 ---- .../2024-07-22-suspicious-allocation-size.md | 4 ---- .../2024-07-23-incorrectly-checked-scanf.md | 4 ---- .../2024-07-31-memory-may-not-be-freed.md | 4 ---- cpp/ql/src/change-notes/released/1.2.0.md | 12 +++++++++++ cpp/ql/src/codeql-pack.release.yml | 2 +- cpp/ql/src/qlpack.yml | 2 +- .../ql/campaigns/Solorigate/lib/CHANGELOG.md | 4 ++++ .../lib/change-notes/released/1.7.22.md | 3 +++ .../Solorigate/lib/codeql-pack.release.yml | 2 +- csharp/ql/campaigns/Solorigate/lib/qlpack.yml | 2 +- .../ql/campaigns/Solorigate/src/CHANGELOG.md | 4 ++++ .../src/change-notes/released/1.7.22.md | 3 +++ .../Solorigate/src/codeql-pack.release.yml | 2 +- csharp/ql/campaigns/Solorigate/src/qlpack.yml | 2 +- csharp/ql/lib/CHANGELOG.md | 4 ++++ csharp/ql/lib/change-notes/released/1.0.5.md | 3 +++ csharp/ql/lib/codeql-pack.release.yml | 2 +- csharp/ql/lib/qlpack.yml | 2 +- csharp/ql/src/CHANGELOG.md | 4 ++++ csharp/ql/src/change-notes/released/1.0.5.md | 3 +++ csharp/ql/src/codeql-pack.release.yml | 2 +- csharp/ql/src/qlpack.yml | 2 +- go/ql/consistency-queries/CHANGELOG.md | 4 ++++ .../change-notes/released/1.0.5.md | 3 +++ .../codeql-pack.release.yml | 2 +- go/ql/consistency-queries/qlpack.yml | 2 +- go/ql/lib/CHANGELOG.md | 4 ++++ go/ql/lib/change-notes/released/1.1.4.md | 3 +++ go/ql/lib/codeql-pack.release.yml | 2 +- go/ql/lib/qlpack.yml | 2 +- go/ql/src/CHANGELOG.md | 4 ++++ go/ql/src/change-notes/released/1.0.5.md | 3 +++ go/ql/src/codeql-pack.release.yml | 2 +- go/ql/src/qlpack.yml | 2 +- java/ql/automodel/src/CHANGELOG.md | 4 ++++ .../src/change-notes/released/1.0.5.md | 3 +++ java/ql/automodel/src/codeql-pack.release.yml | 2 +- java/ql/automodel/src/qlpack.yml | 2 +- java/ql/lib/CHANGELOG.md | 20 ++++++++++++++++++ ...add-models-for-the-lastaflute-framework.md | 4 ---- .../2024-07-19-apache-ant-property-sinks.md | 4 ---- .../2024-07-24-url-fields-inherit-taint.md | 4 ---- .../lib/change-notes/2024-07-25-env-vars.md | 4 ---- .../change-notes/2024-08-02-buildless-ga.md | 4 ---- .../3.0.0.md} | 21 ++++++++++++++++--- java/ql/lib/codeql-pack.release.yml | 2 +- java/ql/lib/qlpack.yml | 2 +- java/ql/src/CHANGELOG.md | 11 +++++++++- ...2024-07-23-java-sensitivelogging-source.md | 4 ---- .../2024-07-25-java-error-message-exposure.md | 4 ---- ...07-30-sensitive-log-whitelist-tokenizer.md | 4 ---- java/ql/src/change-notes/2024-07-30-unused.md | 4 ---- java/ql/src/change-notes/released/1.1.2.md | 8 +++++++ java/ql/src/codeql-pack.release.yml | 2 +- java/ql/src/qlpack.yml | 2 +- javascript/ql/lib/CHANGELOG.md | 4 ++++ .../ql/lib/change-notes/released/1.1.2.md | 3 +++ javascript/ql/lib/codeql-pack.release.yml | 2 +- javascript/ql/lib/qlpack.yml | 2 +- javascript/ql/src/CHANGELOG.md | 4 ++++ .../ql/src/change-notes/released/1.1.1.md | 3 +++ javascript/ql/src/codeql-pack.release.yml | 2 +- javascript/ql/src/qlpack.yml | 2 +- misc/suite-helpers/CHANGELOG.md | 4 ++++ .../change-notes/released/1.0.5.md | 3 +++ misc/suite-helpers/codeql-pack.release.yml | 2 +- misc/suite-helpers/qlpack.yml | 2 +- python/ql/lib/CHANGELOG.md | 6 ++++++ .../1.0.5.md} | 7 ++++--- python/ql/lib/codeql-pack.release.yml | 2 +- python/ql/lib/qlpack.yml | 2 +- python/ql/src/CHANGELOG.md | 10 +++++++++ .../2024-07-26-streamlit-models.md | 4 ---- .../1.1.0.md} | 13 ++++++++---- python/ql/src/codeql-pack.release.yml | 2 +- python/ql/src/qlpack.yml | 2 +- ruby/ql/lib/CHANGELOG.md | 4 ++++ ruby/ql/lib/change-notes/released/1.0.5.md | 3 +++ ruby/ql/lib/codeql-pack.release.yml | 2 +- ruby/ql/lib/qlpack.yml | 2 +- ruby/ql/src/CHANGELOG.md | 6 ++++++ .../1.1.0.md} | 7 ++++--- ruby/ql/src/codeql-pack.release.yml | 2 +- ruby/ql/src/qlpack.yml | 2 +- shared/controlflow/CHANGELOG.md | 4 ++++ .../change-notes/released/1.0.5.md | 3 +++ shared/controlflow/codeql-pack.release.yml | 2 +- shared/controlflow/qlpack.yml | 2 +- shared/dataflow/CHANGELOG.md | 4 ++++ .../dataflow/change-notes/released/1.0.5.md | 3 +++ shared/dataflow/codeql-pack.release.yml | 2 +- shared/dataflow/qlpack.yml | 2 +- shared/mad/CHANGELOG.md | 4 ++++ shared/mad/change-notes/released/1.0.5.md | 3 +++ shared/mad/codeql-pack.release.yml | 2 +- shared/mad/qlpack.yml | 2 +- shared/rangeanalysis/CHANGELOG.md | 4 ++++ .../change-notes/released/1.0.5.md | 3 +++ shared/rangeanalysis/codeql-pack.release.yml | 2 +- shared/rangeanalysis/qlpack.yml | 2 +- shared/regex/CHANGELOG.md | 4 ++++ shared/regex/change-notes/released/1.0.5.md | 3 +++ shared/regex/codeql-pack.release.yml | 2 +- shared/regex/qlpack.yml | 2 +- shared/ssa/CHANGELOG.md | 4 ++++ shared/ssa/change-notes/released/1.0.5.md | 3 +++ shared/ssa/codeql-pack.release.yml | 2 +- shared/ssa/qlpack.yml | 2 +- shared/threat-models/CHANGELOG.md | 4 ++++ .../change-notes/released/1.0.5.md | 3 +++ shared/threat-models/codeql-pack.release.yml | 2 +- shared/threat-models/qlpack.yml | 2 +- shared/tutorial/CHANGELOG.md | 4 ++++ .../tutorial/change-notes/released/1.0.5.md | 3 +++ shared/tutorial/codeql-pack.release.yml | 2 +- shared/tutorial/qlpack.yml | 2 +- shared/typeflow/CHANGELOG.md | 4 ++++ .../typeflow/change-notes/released/1.0.5.md | 3 +++ shared/typeflow/codeql-pack.release.yml | 2 +- shared/typeflow/qlpack.yml | 2 +- shared/typetracking/CHANGELOG.md | 4 ++++ .../change-notes/released/1.0.5.md | 3 +++ shared/typetracking/codeql-pack.release.yml | 2 +- shared/typetracking/qlpack.yml | 2 +- shared/typos/CHANGELOG.md | 4 ++++ shared/typos/change-notes/released/1.0.5.md | 3 +++ shared/typos/codeql-pack.release.yml | 2 +- shared/typos/qlpack.yml | 2 +- shared/util/CHANGELOG.md | 4 ++++ shared/util/change-notes/released/1.0.5.md | 3 +++ shared/util/codeql-pack.release.yml | 2 +- shared/util/qlpack.yml | 2 +- shared/xml/CHANGELOG.md | 4 ++++ shared/xml/change-notes/released/1.0.5.md | 3 +++ shared/xml/codeql-pack.release.yml | 2 +- shared/xml/qlpack.yml | 2 +- shared/yaml/CHANGELOG.md | 4 ++++ shared/yaml/change-notes/released/1.0.5.md | 3 +++ shared/yaml/codeql-pack.release.yml | 2 +- shared/yaml/qlpack.yml | 2 +- swift/ql/lib/CHANGELOG.md | 7 +++++++ .../lib/change-notes/2024-07-24-url-model.md | 4 ---- .../2024-08-01-filemanager-model.md | 4 ---- swift/ql/lib/change-notes/released/1.1.1.md | 6 ++++++ swift/ql/lib/codeql-pack.release.yml | 2 +- swift/ql/lib/qlpack.yml | 2 +- swift/ql/src/CHANGELOG.md | 7 +++++++ .../1.0.5.md} | 7 ++++--- swift/ql/src/codeql-pack.release.yml | 2 +- swift/ql/src/qlpack.yml | 2 +- 163 files changed, 425 insertions(+), 180 deletions(-) delete mode 100644 cpp/ql/lib/change-notes/2024-07-23-destroying-delete.md delete mode 100644 cpp/ql/lib/change-notes/2024-07-23-using-enum-declaration.md delete mode 100644 cpp/ql/lib/change-notes/2024-07-25-alias-analysis-perf.md delete mode 100644 cpp/ql/lib/change-notes/2024-07-31-constexpr-if.md delete mode 100644 cpp/ql/lib/change-notes/2024-08-01-deduction-guide.md delete mode 100644 cpp/ql/lib/change-notes/2024-08-01-explicit-bool.md create mode 100644 cpp/ql/lib/change-notes/released/1.4.0.md delete mode 100644 cpp/ql/src/change-notes/2024-07-11-unsigned-difference-expression-compared-zero-query.md delete mode 100644 cpp/ql/src/change-notes/2024-07-22-incorrect-allocation-error-handling.md delete mode 100644 cpp/ql/src/change-notes/2024-07-22-suspicious-allocation-size.md delete mode 100644 cpp/ql/src/change-notes/2024-07-23-incorrectly-checked-scanf.md delete mode 100644 cpp/ql/src/change-notes/2024-07-31-memory-may-not-be-freed.md create mode 100644 cpp/ql/src/change-notes/released/1.2.0.md create mode 100644 csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.22.md create mode 100644 csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.22.md create mode 100644 csharp/ql/lib/change-notes/released/1.0.5.md create mode 100644 csharp/ql/src/change-notes/released/1.0.5.md create mode 100644 go/ql/consistency-queries/change-notes/released/1.0.5.md create mode 100644 go/ql/lib/change-notes/released/1.1.4.md create mode 100644 go/ql/src/change-notes/released/1.0.5.md create mode 100644 java/ql/automodel/src/change-notes/released/1.0.5.md delete mode 100644 java/ql/lib/change-notes/2024-07-16-add-models-for-the-lastaflute-framework.md delete mode 100644 java/ql/lib/change-notes/2024-07-19-apache-ant-property-sinks.md delete mode 100644 java/ql/lib/change-notes/2024-07-24-url-fields-inherit-taint.md delete mode 100644 java/ql/lib/change-notes/2024-07-25-env-vars.md delete mode 100644 java/ql/lib/change-notes/2024-08-02-buildless-ga.md rename java/ql/lib/change-notes/{2024-06-14-reverse-dns-separate-threat-model-kind.md => released/3.0.0.md} (60%) delete mode 100644 java/ql/src/change-notes/2024-07-23-java-sensitivelogging-source.md delete mode 100644 java/ql/src/change-notes/2024-07-25-java-error-message-exposure.md delete mode 100644 java/ql/src/change-notes/2024-07-30-sensitive-log-whitelist-tokenizer.md delete mode 100644 java/ql/src/change-notes/2024-07-30-unused.md create mode 100644 java/ql/src/change-notes/released/1.1.2.md create mode 100644 javascript/ql/lib/change-notes/released/1.1.2.md create mode 100644 javascript/ql/src/change-notes/released/1.1.1.md create mode 100644 misc/suite-helpers/change-notes/released/1.0.5.md rename python/ql/lib/change-notes/{2024-07-12-mad-dict-sources.md => released/1.0.5.md} (83%) delete mode 100644 python/ql/src/change-notes/2024-07-26-streamlit-models.md rename python/ql/src/change-notes/{2024-07-19-cookie-injection.md => released/1.1.0.md} (59%) create mode 100644 ruby/ql/lib/change-notes/released/1.0.5.md rename ruby/ql/src/change-notes/{2024-06-18-weak-sensitive-data-hashing-query.md => released/1.1.0.md} (84%) create mode 100644 shared/controlflow/change-notes/released/1.0.5.md create mode 100644 shared/dataflow/change-notes/released/1.0.5.md create mode 100644 shared/mad/change-notes/released/1.0.5.md create mode 100644 shared/rangeanalysis/change-notes/released/1.0.5.md create mode 100644 shared/regex/change-notes/released/1.0.5.md create mode 100644 shared/ssa/change-notes/released/1.0.5.md create mode 100644 shared/threat-models/change-notes/released/1.0.5.md create mode 100644 shared/tutorial/change-notes/released/1.0.5.md create mode 100644 shared/typeflow/change-notes/released/1.0.5.md create mode 100644 shared/typetracking/change-notes/released/1.0.5.md create mode 100644 shared/typos/change-notes/released/1.0.5.md create mode 100644 shared/util/change-notes/released/1.0.5.md create mode 100644 shared/xml/change-notes/released/1.0.5.md create mode 100644 shared/yaml/change-notes/released/1.0.5.md delete mode 100644 swift/ql/lib/change-notes/2024-07-24-url-model.md delete mode 100644 swift/ql/lib/change-notes/2024-08-01-filemanager-model.md create mode 100644 swift/ql/lib/change-notes/released/1.1.1.md rename swift/ql/src/change-notes/{2024-08-01-constant-salt.md => released/1.0.5.md} (88%) diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md index 9f01040830c1..646199bb39c8 100644 --- a/cpp/ql/lib/CHANGELOG.md +++ b/cpp/ql/lib/CHANGELOG.md @@ -1,3 +1,18 @@ +## 1.4.0 + +### New Features + +* A `getTemplateClass` predicate was added to the `DeductionGuide` class to get the class template for which the deduction guide is a guide. +* An `isExplicit` predicate was added to the `Function` class that determines whether the function was declared as explicit. +* A `getExplicitExpr` predicate was added to the `Function` class that yields the constant boolean expression (if any) that conditionally determines whether the function is explicit. +* A `isDestroyingDeleteDeallocation` predicate was added to the `NewOrNewArrayExpr` and `DeleteOrDeleteArrayExpr` classes to indicate whether the deallocation function is a destroying delete. + +### Minor Analysis Improvements + +* The controlling expression of a `constexpr if` is now always recognized as an unevaluated expression. +* Improved performance of alias analysis of large function bodies. In rare cases, alerts that depend on alias analysis of large function bodies may be affected. +* A `UsingEnumDeclarationEntry` class has been added for C++ `using enum` declarations. As part of this, synthesized `UsingDeclarationEntry`s are no longer emitted for individual enumerators of the referenced enumeration. + ## 1.3.0 ### New Features diff --git a/cpp/ql/lib/change-notes/2024-07-23-destroying-delete.md b/cpp/ql/lib/change-notes/2024-07-23-destroying-delete.md deleted file mode 100644 index eb2a69f5bac6..000000000000 --- a/cpp/ql/lib/change-notes/2024-07-23-destroying-delete.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* A `isDestroyingDeleteDeallocation` predicate was added to the `NewOrNewArrayExpr` and `DeleteOrDeleteArrayExpr` classes to indicate whether the deallocation function is a destroying delete. diff --git a/cpp/ql/lib/change-notes/2024-07-23-using-enum-declaration.md b/cpp/ql/lib/change-notes/2024-07-23-using-enum-declaration.md deleted file mode 100644 index cf85b3cef4e8..000000000000 --- a/cpp/ql/lib/change-notes/2024-07-23-using-enum-declaration.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* A `UsingEnumDeclarationEntry` class has been added for C++ `using enum` declarations. As part of this, synthesized `UsingDeclarationEntry`s are no longer emitted for individual enumerators of the referenced enumeration. diff --git a/cpp/ql/lib/change-notes/2024-07-25-alias-analysis-perf.md b/cpp/ql/lib/change-notes/2024-07-25-alias-analysis-perf.md deleted file mode 100644 index 585e824e6f19..000000000000 --- a/cpp/ql/lib/change-notes/2024-07-25-alias-analysis-perf.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Improved performance of alias analysis of large function bodies. In rare cases, alerts that depend on alias analysis of large function bodies may be affected. diff --git a/cpp/ql/lib/change-notes/2024-07-31-constexpr-if.md b/cpp/ql/lib/change-notes/2024-07-31-constexpr-if.md deleted file mode 100644 index 09e27337bd11..000000000000 --- a/cpp/ql/lib/change-notes/2024-07-31-constexpr-if.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The controlling expression of a `constexpr if` is now always recognized as an unevaluated expression. \ No newline at end of file diff --git a/cpp/ql/lib/change-notes/2024-08-01-deduction-guide.md b/cpp/ql/lib/change-notes/2024-08-01-deduction-guide.md deleted file mode 100644 index b2d18d5994f5..000000000000 --- a/cpp/ql/lib/change-notes/2024-08-01-deduction-guide.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* A `getTemplateClass` predicate was added to the `DeductionGuide` class to get the class template for which the deduction guide is a guide. diff --git a/cpp/ql/lib/change-notes/2024-08-01-explicit-bool.md b/cpp/ql/lib/change-notes/2024-08-01-explicit-bool.md deleted file mode 100644 index f6ff9d19e8b3..000000000000 --- a/cpp/ql/lib/change-notes/2024-08-01-explicit-bool.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: feature ---- -* An `isExplicit` predicate was added to the `Function` class that determines whether the function was declared as explicit. -* A `getExplicitExpr` predicate was added to the `Function` class that yields the constant boolean expression (if any) that conditionally determines whether the function is explicit. diff --git a/cpp/ql/lib/change-notes/released/1.4.0.md b/cpp/ql/lib/change-notes/released/1.4.0.md new file mode 100644 index 000000000000..a8466b0ef11c --- /dev/null +++ b/cpp/ql/lib/change-notes/released/1.4.0.md @@ -0,0 +1,14 @@ +## 1.4.0 + +### New Features + +* A `getTemplateClass` predicate was added to the `DeductionGuide` class to get the class template for which the deduction guide is a guide. +* An `isExplicit` predicate was added to the `Function` class that determines whether the function was declared as explicit. +* A `getExplicitExpr` predicate was added to the `Function` class that yields the constant boolean expression (if any) that conditionally determines whether the function is explicit. +* A `isDestroyingDeleteDeallocation` predicate was added to the `NewOrNewArrayExpr` and `DeleteOrDeleteArrayExpr` classes to indicate whether the deallocation function is a destroying delete. + +### Minor Analysis Improvements + +* The controlling expression of a `constexpr if` is now always recognized as an unevaluated expression. +* Improved performance of alias analysis of large function bodies. In rare cases, alerts that depend on alias analysis of large function bodies may be affected. +* A `UsingEnumDeclarationEntry` class has been added for C++ `using enum` declarations. As part of this, synthesized `UsingDeclarationEntry`s are no longer emitted for individual enumerators of the referenced enumeration. diff --git a/cpp/ql/lib/codeql-pack.release.yml b/cpp/ql/lib/codeql-pack.release.yml index ec16350ed6fd..b8b2e97d5086 100644 --- a/cpp/ql/lib/codeql-pack.release.yml +++ b/cpp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.3.0 +lastReleaseVersion: 1.4.0 diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index 5ef613e94c00..002da21daec9 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 1.3.1-dev +version: 1.4.0 groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md index 9f10be7db909..25e322a99b75 100644 --- a/cpp/ql/src/CHANGELOG.md +++ b/cpp/ql/src/CHANGELOG.md @@ -1,3 +1,16 @@ +## 1.2.0 + +### Query Metadata Changes + +* The precision of `cpp/unsigned-difference-expression-compared-zero` ("Unsigned difference expression compared to zero") has been increased to `high`. As a result, it will be run by default as part of the Code Scanning suite. + +### Minor Analysis Improvements + +* Fixed false positives in the `cpp/memory-may-not-be-freed` ("Memory may not be freed") query involving class methods that returned an allocated field of that class being misidentified as allocators. +* The `cpp/incorrectly-checked-scanf` ("Incorrect return-value check for a 'scanf'-like function") query now produces fewer false positive results. +* The `cpp/incorrect-allocation-error-handling` ("Incorrect allocation-error handling") query no longer produces occasional false positive results inside template instantiations. +* The `cpp/suspicious-allocation-size` ("Not enough memory allocated for array of pointer type") query no longer produces false positives on "variable size" `struct`s. + ## 1.1.0 ### Query Metadata Changes diff --git a/cpp/ql/src/change-notes/2024-07-11-unsigned-difference-expression-compared-zero-query.md b/cpp/ql/src/change-notes/2024-07-11-unsigned-difference-expression-compared-zero-query.md deleted file mode 100644 index 7a1469464c27..000000000000 --- a/cpp/ql/src/change-notes/2024-07-11-unsigned-difference-expression-compared-zero-query.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: queryMetadata ---- -* The precision of `cpp/unsigned-difference-expression-compared-zero` ("Unsigned difference expression compared to zero") has been increased to `high`. As a result, it will be run by default as part of the Code Scanning suite. diff --git a/cpp/ql/src/change-notes/2024-07-22-incorrect-allocation-error-handling.md b/cpp/ql/src/change-notes/2024-07-22-incorrect-allocation-error-handling.md deleted file mode 100644 index 5e95cd05678e..000000000000 --- a/cpp/ql/src/change-notes/2024-07-22-incorrect-allocation-error-handling.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The `cpp/incorrect-allocation-error-handling` ("Incorrect allocation-error handling") query no longer produces occasional false positive results inside template instantiations. diff --git a/cpp/ql/src/change-notes/2024-07-22-suspicious-allocation-size.md b/cpp/ql/src/change-notes/2024-07-22-suspicious-allocation-size.md deleted file mode 100644 index 8b55e61e85a7..000000000000 --- a/cpp/ql/src/change-notes/2024-07-22-suspicious-allocation-size.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The `cpp/suspicious-allocation-size` ("Not enough memory allocated for array of pointer type") query no longer produces false positives on "variable size" `struct`s. diff --git a/cpp/ql/src/change-notes/2024-07-23-incorrectly-checked-scanf.md b/cpp/ql/src/change-notes/2024-07-23-incorrectly-checked-scanf.md deleted file mode 100644 index 9149c7611f5b..000000000000 --- a/cpp/ql/src/change-notes/2024-07-23-incorrectly-checked-scanf.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The `cpp/incorrectly-checked-scanf` ("Incorrect return-value check for a 'scanf'-like function") query now produces fewer false positive results. diff --git a/cpp/ql/src/change-notes/2024-07-31-memory-may-not-be-freed.md b/cpp/ql/src/change-notes/2024-07-31-memory-may-not-be-freed.md deleted file mode 100644 index a0ce19ccf694..000000000000 --- a/cpp/ql/src/change-notes/2024-07-31-memory-may-not-be-freed.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Fixed false positives in the `cpp/memory-may-not-be-freed` ("Memory may not be freed") query involving class methods that returned an allocated field of that class being misidentified as allocators. diff --git a/cpp/ql/src/change-notes/released/1.2.0.md b/cpp/ql/src/change-notes/released/1.2.0.md new file mode 100644 index 000000000000..f23e2b92eec6 --- /dev/null +++ b/cpp/ql/src/change-notes/released/1.2.0.md @@ -0,0 +1,12 @@ +## 1.2.0 + +### Query Metadata Changes + +* The precision of `cpp/unsigned-difference-expression-compared-zero` ("Unsigned difference expression compared to zero") has been increased to `high`. As a result, it will be run by default as part of the Code Scanning suite. + +### Minor Analysis Improvements + +* Fixed false positives in the `cpp/memory-may-not-be-freed` ("Memory may not be freed") query involving class methods that returned an allocated field of that class being misidentified as allocators. +* The `cpp/incorrectly-checked-scanf` ("Incorrect return-value check for a 'scanf'-like function") query now produces fewer false positive results. +* The `cpp/incorrect-allocation-error-handling` ("Incorrect allocation-error handling") query no longer produces occasional false positive results inside template instantiations. +* The `cpp/suspicious-allocation-size` ("Not enough memory allocated for array of pointer type") query no longer produces false positives on "variable size" `struct`s. diff --git a/cpp/ql/src/codeql-pack.release.yml b/cpp/ql/src/codeql-pack.release.yml index 2ac15439f561..75430e73d1c4 100644 --- a/cpp/ql/src/codeql-pack.release.yml +++ b/cpp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.1.0 +lastReleaseVersion: 1.2.0 diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index 97b40ad7de2d..a26e3b68c6de 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 1.1.1-dev +version: 1.2.0 groups: - cpp - queries diff --git a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md index 503822fbd684..eb7af5234e3c 100644 --- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.22 + +No user-facing changes. + ## 1.7.21 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.22.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.22.md new file mode 100644 index 000000000000..7d6f39f3ce21 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.22.md @@ -0,0 +1,3 @@ +## 1.7.22 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml index 87eff681b88a..6a79a0ec163e 100644 --- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.21 +lastReleaseVersion: 1.7.22 diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index f8c5a6f14a29..a13c44628162 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.7.22-dev +version: 1.7.22 groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md index 503822fbd684..eb7af5234e3c 100644 --- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.22 + +No user-facing changes. + ## 1.7.21 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.22.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.22.md new file mode 100644 index 000000000000..7d6f39f3ce21 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.22.md @@ -0,0 +1,3 @@ +## 1.7.22 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml index 87eff681b88a..6a79a0ec163e 100644 --- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.21 +lastReleaseVersion: 1.7.22 diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index f8e6ff0dc93a..d6062ac903d3 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.7.22-dev +version: 1.7.22 groups: - csharp - solorigate diff --git a/csharp/ql/lib/CHANGELOG.md b/csharp/ql/lib/CHANGELOG.md index e8db03319514..50a19e99d36a 100644 --- a/csharp/ql/lib/CHANGELOG.md +++ b/csharp/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/csharp/ql/lib/change-notes/released/1.0.5.md b/csharp/ql/lib/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/csharp/ql/lib/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/csharp/ql/lib/codeql-pack.release.yml b/csharp/ql/lib/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/csharp/ql/lib/codeql-pack.release.yml +++ b/csharp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index 7c679023e56f..6df287fb5e1c 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 1.0.5-dev +version: 1.0.5 groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/CHANGELOG.md b/csharp/ql/src/CHANGELOG.md index 0b2583745f1e..bd25f8118dd5 100644 --- a/csharp/ql/src/CHANGELOG.md +++ b/csharp/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/csharp/ql/src/change-notes/released/1.0.5.md b/csharp/ql/src/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/csharp/ql/src/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/csharp/ql/src/codeql-pack.release.yml b/csharp/ql/src/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/csharp/ql/src/codeql-pack.release.yml +++ b/csharp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index d1efd4cbf183..1f6b695454dc 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 1.0.5-dev +version: 1.0.5 groups: - csharp - queries diff --git a/go/ql/consistency-queries/CHANGELOG.md b/go/ql/consistency-queries/CHANGELOG.md index bdc66d513224..2e7162889c38 100644 --- a/go/ql/consistency-queries/CHANGELOG.md +++ b/go/ql/consistency-queries/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/go/ql/consistency-queries/change-notes/released/1.0.5.md b/go/ql/consistency-queries/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/go/ql/consistency-queries/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/go/ql/consistency-queries/codeql-pack.release.yml b/go/ql/consistency-queries/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/go/ql/consistency-queries/codeql-pack.release.yml +++ b/go/ql/consistency-queries/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/go/ql/consistency-queries/qlpack.yml b/go/ql/consistency-queries/qlpack.yml index 84c6cd451e2e..62d6836c3c35 100644 --- a/go/ql/consistency-queries/qlpack.yml +++ b/go/ql/consistency-queries/qlpack.yml @@ -1,5 +1,5 @@ name: codeql-go-consistency-queries -version: 1.0.5-dev +version: 1.0.5 groups: - go - queries diff --git a/go/ql/lib/CHANGELOG.md b/go/ql/lib/CHANGELOG.md index ed4e9b3750f8..41cfec4595ef 100644 --- a/go/ql/lib/CHANGELOG.md +++ b/go/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.1.4 + +No user-facing changes. + ## 1.1.3 ### Minor Analysis Improvements diff --git a/go/ql/lib/change-notes/released/1.1.4.md b/go/ql/lib/change-notes/released/1.1.4.md new file mode 100644 index 000000000000..b95051903c5a --- /dev/null +++ b/go/ql/lib/change-notes/released/1.1.4.md @@ -0,0 +1,3 @@ +## 1.1.4 + +No user-facing changes. diff --git a/go/ql/lib/codeql-pack.release.yml b/go/ql/lib/codeql-pack.release.yml index 35e710ab1bf0..26cbcd3f123b 100644 --- a/go/ql/lib/codeql-pack.release.yml +++ b/go/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.1.3 +lastReleaseVersion: 1.1.4 diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index 0393983bbc1e..574d34df3c58 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 1.1.4-dev +version: 1.1.4 groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/src/CHANGELOG.md b/go/ql/src/CHANGELOG.md index 7248057e4089..36470f89ebab 100644 --- a/go/ql/src/CHANGELOG.md +++ b/go/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/go/ql/src/change-notes/released/1.0.5.md b/go/ql/src/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/go/ql/src/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/go/ql/src/codeql-pack.release.yml b/go/ql/src/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/go/ql/src/codeql-pack.release.yml +++ b/go/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index 36f79d28b5b4..2d492bd3eaa7 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 1.0.5-dev +version: 1.0.5 groups: - go - queries diff --git a/java/ql/automodel/src/CHANGELOG.md b/java/ql/automodel/src/CHANGELOG.md index 7ef174ca56a5..7dc759d1ac6f 100644 --- a/java/ql/automodel/src/CHANGELOG.md +++ b/java/ql/automodel/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/java/ql/automodel/src/change-notes/released/1.0.5.md b/java/ql/automodel/src/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/java/ql/automodel/src/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/java/ql/automodel/src/codeql-pack.release.yml b/java/ql/automodel/src/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/java/ql/automodel/src/codeql-pack.release.yml +++ b/java/ql/automodel/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/java/ql/automodel/src/qlpack.yml b/java/ql/automodel/src/qlpack.yml index 59878324d3d2..77cfa34c6dbe 100644 --- a/java/ql/automodel/src/qlpack.yml +++ b/java/ql/automodel/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-automodel-queries -version: 1.0.5-dev +version: 1.0.5 groups: - java - automodel diff --git a/java/ql/lib/CHANGELOG.md b/java/ql/lib/CHANGELOG.md index 07b324f259c5..2dd89daf33f6 100644 --- a/java/ql/lib/CHANGELOG.md +++ b/java/ql/lib/CHANGELOG.md @@ -1,3 +1,23 @@ +## 3.0.0 + +### Breaking Changes + +* The Java and Kotlin extractors no longer support the `SOURCE_ARCHIVE` and `TRAP_FOLDER` legacy environment variable. + +### New Features + +* Java support for `build-mode: none` is now out of beta, and generally available. + +### Major Analysis Improvements + +* We previously considered reverse DNS resolutions (IP address -> domain name) as sources of untrusted data, since compromised/malicious DNS servers could potentially return malicious responses to arbitrary requests. We have now removed this source from the default set of untrusted sources and made a new threat model kind for them, called "reverse-dns". You can optionally include other threat models as appropriate when using the CodeQL CLI and in GitHub code scanning. For more information, see [Analyzing your code with CodeQL queries](https://docs.github.com/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries#including-model-packs-to-add-potential-sources-of-tainted-data>) and [Customizing your advanced setup for code scanning](https://docs.github.com/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#extending-codeql-coverage-with-threat-models). + +### Minor Analysis Improvements + +* Added flow through some methods of the class `java.net.URL` by ensuring that the fields of a URL are tainted. +* Added path-injection sinks for `org.apache.tools.ant.taskdefs.Property.setFile` and `org.apache.tools.ant.taskdefs.Property.setResource`. +* Adds models for request handlers using the `org.lastaflute.web` web framework. + ## 2.0.0 ### Breaking Changes diff --git a/java/ql/lib/change-notes/2024-07-16-add-models-for-the-lastaflute-framework.md b/java/ql/lib/change-notes/2024-07-16-add-models-for-the-lastaflute-framework.md deleted file mode 100644 index b5f924cdb676..000000000000 --- a/java/ql/lib/change-notes/2024-07-16-add-models-for-the-lastaflute-framework.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Adds models for request handlers using the `org.lastaflute.web` web framework. diff --git a/java/ql/lib/change-notes/2024-07-19-apache-ant-property-sinks.md b/java/ql/lib/change-notes/2024-07-19-apache-ant-property-sinks.md deleted file mode 100644 index 11d84d15e3f2..000000000000 --- a/java/ql/lib/change-notes/2024-07-19-apache-ant-property-sinks.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added path-injection sinks for `org.apache.tools.ant.taskdefs.Property.setFile` and `org.apache.tools.ant.taskdefs.Property.setResource`. diff --git a/java/ql/lib/change-notes/2024-07-24-url-fields-inherit-taint.md b/java/ql/lib/change-notes/2024-07-24-url-fields-inherit-taint.md deleted file mode 100644 index 80851dbc6559..000000000000 --- a/java/ql/lib/change-notes/2024-07-24-url-fields-inherit-taint.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added flow through some methods of the class `java.net.URL` by ensuring that the fields of a URL are tainted. diff --git a/java/ql/lib/change-notes/2024-07-25-env-vars.md b/java/ql/lib/change-notes/2024-07-25-env-vars.md deleted file mode 100644 index 8c58be3b4126..000000000000 --- a/java/ql/lib/change-notes/2024-07-25-env-vars.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: breaking ---- -* The Java and Kotlin extractors no longer support the `SOURCE_ARCHIVE` and `TRAP_FOLDER` legacy environment variable. diff --git a/java/ql/lib/change-notes/2024-08-02-buildless-ga.md b/java/ql/lib/change-notes/2024-08-02-buildless-ga.md deleted file mode 100644 index 8d2d8b6255d4..000000000000 --- a/java/ql/lib/change-notes/2024-08-02-buildless-ga.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* Java support for `build-mode: none` is now out of beta, and generally available. diff --git a/java/ql/lib/change-notes/2024-06-14-reverse-dns-separate-threat-model-kind.md b/java/ql/lib/change-notes/released/3.0.0.md similarity index 60% rename from java/ql/lib/change-notes/2024-06-14-reverse-dns-separate-threat-model-kind.md rename to java/ql/lib/change-notes/released/3.0.0.md index f5e39a0b5ea5..be106b16574c 100644 --- a/java/ql/lib/change-notes/2024-06-14-reverse-dns-separate-threat-model-kind.md +++ b/java/ql/lib/change-notes/released/3.0.0.md @@ -1,4 +1,19 @@ ---- -category: majorAnalysis ---- +## 3.0.0 + +### Breaking Changes + +* The Java and Kotlin extractors no longer support the `SOURCE_ARCHIVE` and `TRAP_FOLDER` legacy environment variable. + +### New Features + +* Java support for `build-mode: none` is now out of beta, and generally available. + +### Major Analysis Improvements + * We previously considered reverse DNS resolutions (IP address -> domain name) as sources of untrusted data, since compromised/malicious DNS servers could potentially return malicious responses to arbitrary requests. We have now removed this source from the default set of untrusted sources and made a new threat model kind for them, called "reverse-dns". You can optionally include other threat models as appropriate when using the CodeQL CLI and in GitHub code scanning. For more information, see [Analyzing your code with CodeQL queries](https://docs.github.com/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries#including-model-packs-to-add-potential-sources-of-tainted-data>) and [Customizing your advanced setup for code scanning](https://docs.github.com/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#extending-codeql-coverage-with-threat-models). + +### Minor Analysis Improvements + +* Added flow through some methods of the class `java.net.URL` by ensuring that the fields of a URL are tainted. +* Added path-injection sinks for `org.apache.tools.ant.taskdefs.Property.setFile` and `org.apache.tools.ant.taskdefs.Property.setResource`. +* Adds models for request handlers using the `org.lastaflute.web` web framework. diff --git a/java/ql/lib/codeql-pack.release.yml b/java/ql/lib/codeql-pack.release.yml index 0abe6ccede0f..33d3a2cd1139 100644 --- a/java/ql/lib/codeql-pack.release.yml +++ b/java/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.0 +lastReleaseVersion: 3.0.0 diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index 470dfa198988..74bb47b0b8d0 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 2.0.1-dev +version: 3.0.0 groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/CHANGELOG.md b/java/ql/src/CHANGELOG.md index 79a69c7ed9b6..464768e3a7fc 100644 --- a/java/ql/src/CHANGELOG.md +++ b/java/ql/src/CHANGELOG.md @@ -1,3 +1,12 @@ +## 1.1.2 + +### Minor Analysis Improvements + +* Variables names containing the string "tokenizer" (case-insensitively) are no longer sources for the `java/sensitive-log` query. They normally relate to things like `java.util.StringTokenizer`, which are not sensitive information. This should fix some false positive alerts. +* The query "Unused classes and interfaces" (`java/unused-reference-type`) now recognizes that if a method of a class has an annotation then it may be accessed reflectively. This should remove false positive alerts, especially for JUnit 4-style tests annotated with `@test`. +* Alerts about exposing `exception.getMessage()` in servlet responses are now split out of `java/stack-trace-exposure` into its own query `java/error-message-exposure`. +* Added the extensible abstract class `SensitiveLoggerSource`. Now this class can be extended to add more sources to the `java/sensitive-log` query or for customizations overrides. + ## 1.1.1 ### Minor Analysis Improvements @@ -325,7 +334,7 @@ No user-facing changes. ### New Queries * Added a new query, `java/android/incomplete-provider-permissions`, to detect if an Android ContentProvider is not protected with a correct set of permissions. -* A new query "Uncontrolled data used in content resolution" (`java/android/unsafe-content-uri-resolution`) has been added. This query finds paths from user-provided data to URI resolution operations in Android's `ContentResolver` without previous validation or sanitization. +* A new query "Uncontrolled data used in content resolution" (`java/androd/unsafe-content-uri-resolution`) has been added. This query finds paths from user-provided data to URI resolution operations in Android's `ContentResolver` without previous validation or sanitization. ## 0.4.1 diff --git a/java/ql/src/change-notes/2024-07-23-java-sensitivelogging-source.md b/java/ql/src/change-notes/2024-07-23-java-sensitivelogging-source.md deleted file mode 100644 index ff8a3e12ee4a..000000000000 --- a/java/ql/src/change-notes/2024-07-23-java-sensitivelogging-source.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added the extensible abstract class `SensitiveLoggerSource`. Now this class can be extended to add more sources to the `java/sensitive-log` query or for customizations overrides. \ No newline at end of file diff --git a/java/ql/src/change-notes/2024-07-25-java-error-message-exposure.md b/java/ql/src/change-notes/2024-07-25-java-error-message-exposure.md deleted file mode 100644 index 2cc18cc1c644..000000000000 --- a/java/ql/src/change-notes/2024-07-25-java-error-message-exposure.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Alerts about exposing `exception.getMessage()` in servlet responses are now split out of `java/stack-trace-exposure` into its own query `java/error-message-exposure`. \ No newline at end of file diff --git a/java/ql/src/change-notes/2024-07-30-sensitive-log-whitelist-tokenizer.md b/java/ql/src/change-notes/2024-07-30-sensitive-log-whitelist-tokenizer.md deleted file mode 100644 index a9a2bf2a9e0c..000000000000 --- a/java/ql/src/change-notes/2024-07-30-sensitive-log-whitelist-tokenizer.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Variables names containing the string "tokenizer" (case-insensitively) are no longer sources for the `java/sensitive-log` query. They normally relate to things like `java.util.StringTokenizer`, which are not sensitive information. This should fix some false positive alerts. diff --git a/java/ql/src/change-notes/2024-07-30-unused.md b/java/ql/src/change-notes/2024-07-30-unused.md deleted file mode 100644 index 44eaaf515e5f..000000000000 --- a/java/ql/src/change-notes/2024-07-30-unused.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The query "Unused classes and interfaces" (`java/unused-reference-type`) now recognizes that if a method of a class has an annotation then it may be accessed reflectively. This should remove false positive alerts, especially for JUnit 4-style tests annotated with `@test`. diff --git a/java/ql/src/change-notes/released/1.1.2.md b/java/ql/src/change-notes/released/1.1.2.md new file mode 100644 index 000000000000..f14365cfdd3a --- /dev/null +++ b/java/ql/src/change-notes/released/1.1.2.md @@ -0,0 +1,8 @@ +## 1.1.2 + +### Minor Analysis Improvements + +* Variables names containing the string "tokenizer" (case-insensitively) are no longer sources for the `java/sensitive-log` query. They normally relate to things like `java.util.StringTokenizer`, which are not sensitive information. This should fix some false positive alerts. +* The query "Unused classes and interfaces" (`java/unused-reference-type`) now recognizes that if a method of a class has an annotation then it may be accessed reflectively. This should remove false positive alerts, especially for JUnit 4-style tests annotated with `@test`. +* Alerts about exposing `exception.getMessage()` in servlet responses are now split out of `java/stack-trace-exposure` into its own query `java/error-message-exposure`. +* Added the extensible abstract class `SensitiveLoggerSource`. Now this class can be extended to add more sources to the `java/sensitive-log` query or for customizations overrides. diff --git a/java/ql/src/codeql-pack.release.yml b/java/ql/src/codeql-pack.release.yml index 1a19084be3f7..53ab127707fc 100644 --- a/java/ql/src/codeql-pack.release.yml +++ b/java/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.1.1 +lastReleaseVersion: 1.1.2 diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index e34220277ab7..2b82652c07ed 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 1.1.2-dev +version: 1.1.2 groups: - java - queries diff --git a/javascript/ql/lib/CHANGELOG.md b/javascript/ql/lib/CHANGELOG.md index 182f9a9685c5..134bbe39a693 100644 --- a/javascript/ql/lib/CHANGELOG.md +++ b/javascript/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.1.2 + +No user-facing changes. + ## 1.1.1 No user-facing changes. diff --git a/javascript/ql/lib/change-notes/released/1.1.2.md b/javascript/ql/lib/change-notes/released/1.1.2.md new file mode 100644 index 000000000000..ce8d2c1a4f37 --- /dev/null +++ b/javascript/ql/lib/change-notes/released/1.1.2.md @@ -0,0 +1,3 @@ +## 1.1.2 + +No user-facing changes. diff --git a/javascript/ql/lib/codeql-pack.release.yml b/javascript/ql/lib/codeql-pack.release.yml index 1a19084be3f7..53ab127707fc 100644 --- a/javascript/ql/lib/codeql-pack.release.yml +++ b/javascript/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.1.1 +lastReleaseVersion: 1.1.2 diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index f7bdd033b1c9..55728be6e206 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 1.1.2-dev +version: 1.1.2 groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/CHANGELOG.md b/javascript/ql/src/CHANGELOG.md index 0f30798ecd18..af1e040cc44a 100644 --- a/javascript/ql/src/CHANGELOG.md +++ b/javascript/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.1.1 + +No user-facing changes. + ## 1.1.0 ### New Queries diff --git a/javascript/ql/src/change-notes/released/1.1.1.md b/javascript/ql/src/change-notes/released/1.1.1.md new file mode 100644 index 000000000000..7fb56d366105 --- /dev/null +++ b/javascript/ql/src/change-notes/released/1.1.1.md @@ -0,0 +1,3 @@ +## 1.1.1 + +No user-facing changes. diff --git a/javascript/ql/src/codeql-pack.release.yml b/javascript/ql/src/codeql-pack.release.yml index 2ac15439f561..1a19084be3f7 100644 --- a/javascript/ql/src/codeql-pack.release.yml +++ b/javascript/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.1.0 +lastReleaseVersion: 1.1.1 diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index bd70dd01c26f..930347d58bc4 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 1.1.1-dev +version: 1.1.1 groups: - javascript - queries diff --git a/misc/suite-helpers/CHANGELOG.md b/misc/suite-helpers/CHANGELOG.md index 9f92ac20b255..5e4196ac3372 100644 --- a/misc/suite-helpers/CHANGELOG.md +++ b/misc/suite-helpers/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/misc/suite-helpers/change-notes/released/1.0.5.md b/misc/suite-helpers/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/misc/suite-helpers/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/misc/suite-helpers/codeql-pack.release.yml b/misc/suite-helpers/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/misc/suite-helpers/codeql-pack.release.yml +++ b/misc/suite-helpers/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml index b09efa35a30e..530d81be5a7a 100644 --- a/misc/suite-helpers/qlpack.yml +++ b/misc/suite-helpers/qlpack.yml @@ -1,4 +1,4 @@ name: codeql/suite-helpers -version: 1.0.5-dev +version: 1.0.5 groups: shared warnOnImplicitThis: true diff --git a/python/ql/lib/CHANGELOG.md b/python/ql/lib/CHANGELOG.md index 382efff551c6..87cbf5bfda15 100644 --- a/python/ql/lib/CHANGELOG.md +++ b/python/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 1.0.5 + +### Minor Analysis Improvements + +* Added support for `DictionaryElement[]` and `DictionaryElementAny` when Customizing Library Models for `sourceModel` (see https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-python/) + ## 1.0.4 ### Minor Analysis Improvements diff --git a/python/ql/lib/change-notes/2024-07-12-mad-dict-sources.md b/python/ql/lib/change-notes/released/1.0.5.md similarity index 83% rename from python/ql/lib/change-notes/2024-07-12-mad-dict-sources.md rename to python/ql/lib/change-notes/released/1.0.5.md index 1cc64bc5e7f3..f65ec74a0951 100644 --- a/python/ql/lib/change-notes/2024-07-12-mad-dict-sources.md +++ b/python/ql/lib/change-notes/released/1.0.5.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 1.0.5 + +### Minor Analysis Improvements + * Added support for `DictionaryElement[]` and `DictionaryElementAny` when Customizing Library Models for `sourceModel` (see https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-python/) diff --git a/python/ql/lib/codeql-pack.release.yml b/python/ql/lib/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/python/ql/lib/codeql-pack.release.yml +++ b/python/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index f25441dbef5e..d43d4386a88e 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 1.0.5-dev +version: 1.0.5 groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/CHANGELOG.md b/python/ql/src/CHANGELOG.md index b386509bd979..318971129253 100644 --- a/python/ql/src/CHANGELOG.md +++ b/python/ql/src/CHANGELOG.md @@ -1,3 +1,13 @@ +## 1.1.0 + +### New Queries + +* The `py/cookie-injection` query, originally contributed to the experimental query pack by @jorgectf, has been promoted to the main query pack. This query finds instances of cookies being constructed from user input. + +### Minor Analysis Improvements + +* Added models of `streamlit` PyPI package. + ## 1.0.4 No user-facing changes. diff --git a/python/ql/src/change-notes/2024-07-26-streamlit-models.md b/python/ql/src/change-notes/2024-07-26-streamlit-models.md deleted file mode 100644 index 7deba7dffed6..000000000000 --- a/python/ql/src/change-notes/2024-07-26-streamlit-models.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added models of `streamlit` PyPI package. diff --git a/python/ql/src/change-notes/2024-07-19-cookie-injection.md b/python/ql/src/change-notes/released/1.1.0.md similarity index 59% rename from python/ql/src/change-notes/2024-07-19-cookie-injection.md rename to python/ql/src/change-notes/released/1.1.0.md index ceefa99c886b..9ced8370f539 100644 --- a/python/ql/src/change-notes/2024-07-19-cookie-injection.md +++ b/python/ql/src/change-notes/released/1.1.0.md @@ -1,4 +1,9 @@ ---- -category: newQuery ---- -* The `py/cookie-injection` query, originally contributed to the experimental query pack by @jorgectf, has been promoted to the main query pack. This query finds instances of cookies being constructed from user input. \ No newline at end of file +## 1.1.0 + +### New Queries + +* The `py/cookie-injection` query, originally contributed to the experimental query pack by @jorgectf, has been promoted to the main query pack. This query finds instances of cookies being constructed from user input. + +### Minor Analysis Improvements + +* Added models of `streamlit` PyPI package. diff --git a/python/ql/src/codeql-pack.release.yml b/python/ql/src/codeql-pack.release.yml index 03f7ea71b58e..2ac15439f561 100644 --- a/python/ql/src/codeql-pack.release.yml +++ b/python/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.1.0 diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index 6c6bf5f7798f..d994d8744a18 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 1.0.5-dev +version: 1.1.0 groups: - python - queries diff --git a/ruby/ql/lib/CHANGELOG.md b/ruby/ql/lib/CHANGELOG.md index 865dc997f3a6..4d575d4ef0f3 100644 --- a/ruby/ql/lib/CHANGELOG.md +++ b/ruby/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/ruby/ql/lib/change-notes/released/1.0.5.md b/ruby/ql/lib/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/ruby/ql/lib/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/ruby/ql/lib/codeql-pack.release.yml b/ruby/ql/lib/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/ruby/ql/lib/codeql-pack.release.yml +++ b/ruby/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index 6cee97698704..5a94c2c93d3c 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 1.0.5-dev +version: 1.0.5 groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/CHANGELOG.md b/ruby/ql/src/CHANGELOG.md index ac5d0c7525c0..37101f41c704 100644 --- a/ruby/ql/src/CHANGELOG.md +++ b/ruby/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 1.1.0 + +### New Queries + +* Added a new query, `rb/weak-sensitive-data-hashing`, to detect cases where sensitive data is hashed using a weak cryptographic hashing algorithm. + ## 1.0.4 No user-facing changes. diff --git a/ruby/ql/src/change-notes/2024-06-18-weak-sensitive-data-hashing-query.md b/ruby/ql/src/change-notes/released/1.1.0.md similarity index 84% rename from ruby/ql/src/change-notes/2024-06-18-weak-sensitive-data-hashing-query.md rename to ruby/ql/src/change-notes/released/1.1.0.md index 6fffd21d616c..17dcb0b1237f 100644 --- a/ruby/ql/src/change-notes/2024-06-18-weak-sensitive-data-hashing-query.md +++ b/ruby/ql/src/change-notes/released/1.1.0.md @@ -1,4 +1,5 @@ ---- -category: newQuery ---- +## 1.1.0 + +### New Queries + * Added a new query, `rb/weak-sensitive-data-hashing`, to detect cases where sensitive data is hashed using a weak cryptographic hashing algorithm. diff --git a/ruby/ql/src/codeql-pack.release.yml b/ruby/ql/src/codeql-pack.release.yml index 03f7ea71b58e..2ac15439f561 100644 --- a/ruby/ql/src/codeql-pack.release.yml +++ b/ruby/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.1.0 diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index c1c895167bcd..675736868034 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 1.0.5-dev +version: 1.1.0 groups: - ruby - queries diff --git a/shared/controlflow/CHANGELOG.md b/shared/controlflow/CHANGELOG.md index 047afa97e510..f62d99b8a599 100644 --- a/shared/controlflow/CHANGELOG.md +++ b/shared/controlflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/shared/controlflow/change-notes/released/1.0.5.md b/shared/controlflow/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/shared/controlflow/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/shared/controlflow/codeql-pack.release.yml b/shared/controlflow/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/shared/controlflow/codeql-pack.release.yml +++ b/shared/controlflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/shared/controlflow/qlpack.yml b/shared/controlflow/qlpack.yml index e981c2fed5dc..411b43b82cc4 100644 --- a/shared/controlflow/qlpack.yml +++ b/shared/controlflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/controlflow -version: 1.0.5-dev +version: 1.0.5 groups: shared library: true dependencies: diff --git a/shared/dataflow/CHANGELOG.md b/shared/dataflow/CHANGELOG.md index ca6c7165b9bf..0a94e1b80ec2 100644 --- a/shared/dataflow/CHANGELOG.md +++ b/shared/dataflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/shared/dataflow/change-notes/released/1.0.5.md b/shared/dataflow/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/shared/dataflow/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/shared/dataflow/codeql-pack.release.yml b/shared/dataflow/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/shared/dataflow/codeql-pack.release.yml +++ b/shared/dataflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/shared/dataflow/qlpack.yml b/shared/dataflow/qlpack.yml index 4302341cb3b5..bfec0e93a53a 100644 --- a/shared/dataflow/qlpack.yml +++ b/shared/dataflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/dataflow -version: 1.0.5-dev +version: 1.0.5 groups: shared library: true dependencies: diff --git a/shared/mad/CHANGELOG.md b/shared/mad/CHANGELOG.md index 8680f86e786b..0bf218b96568 100644 --- a/shared/mad/CHANGELOG.md +++ b/shared/mad/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/shared/mad/change-notes/released/1.0.5.md b/shared/mad/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/shared/mad/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/shared/mad/codeql-pack.release.yml b/shared/mad/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/shared/mad/codeql-pack.release.yml +++ b/shared/mad/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/shared/mad/qlpack.yml b/shared/mad/qlpack.yml index 0c16b8a9bddb..21aa9dc3cb74 100644 --- a/shared/mad/qlpack.yml +++ b/shared/mad/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/mad -version: 1.0.5-dev +version: 1.0.5 groups: shared library: true dependencies: diff --git a/shared/rangeanalysis/CHANGELOG.md b/shared/rangeanalysis/CHANGELOG.md index a33a857c9057..f445578246d1 100644 --- a/shared/rangeanalysis/CHANGELOG.md +++ b/shared/rangeanalysis/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/shared/rangeanalysis/change-notes/released/1.0.5.md b/shared/rangeanalysis/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/shared/rangeanalysis/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/shared/rangeanalysis/codeql-pack.release.yml b/shared/rangeanalysis/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/shared/rangeanalysis/codeql-pack.release.yml +++ b/shared/rangeanalysis/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/shared/rangeanalysis/qlpack.yml b/shared/rangeanalysis/qlpack.yml index c2f65e2931f0..0a0b326205c1 100644 --- a/shared/rangeanalysis/qlpack.yml +++ b/shared/rangeanalysis/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rangeanalysis -version: 1.0.5-dev +version: 1.0.5 groups: shared library: true dependencies: diff --git a/shared/regex/CHANGELOG.md b/shared/regex/CHANGELOG.md index d78925faba07..78f8369e7396 100644 --- a/shared/regex/CHANGELOG.md +++ b/shared/regex/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/shared/regex/change-notes/released/1.0.5.md b/shared/regex/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/shared/regex/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/shared/regex/codeql-pack.release.yml b/shared/regex/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/shared/regex/codeql-pack.release.yml +++ b/shared/regex/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml index 930dfbf4098b..d0b658524fe6 100644 --- a/shared/regex/qlpack.yml +++ b/shared/regex/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/regex -version: 1.0.5-dev +version: 1.0.5 groups: shared library: true dependencies: diff --git a/shared/ssa/CHANGELOG.md b/shared/ssa/CHANGELOG.md index 1a64a39471c8..f41fc9a7fe7e 100644 --- a/shared/ssa/CHANGELOG.md +++ b/shared/ssa/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/shared/ssa/change-notes/released/1.0.5.md b/shared/ssa/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/shared/ssa/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/shared/ssa/codeql-pack.release.yml b/shared/ssa/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/shared/ssa/codeql-pack.release.yml +++ b/shared/ssa/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml index e59f7a2e601d..6ff39d141cdc 100644 --- a/shared/ssa/qlpack.yml +++ b/shared/ssa/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ssa -version: 1.0.5-dev +version: 1.0.5 groups: shared library: true dependencies: diff --git a/shared/threat-models/CHANGELOG.md b/shared/threat-models/CHANGELOG.md index bdc66d513224..2e7162889c38 100644 --- a/shared/threat-models/CHANGELOG.md +++ b/shared/threat-models/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/shared/threat-models/change-notes/released/1.0.5.md b/shared/threat-models/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/shared/threat-models/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/shared/threat-models/codeql-pack.release.yml b/shared/threat-models/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/shared/threat-models/codeql-pack.release.yml +++ b/shared/threat-models/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/shared/threat-models/qlpack.yml b/shared/threat-models/qlpack.yml index 819206dd32a6..fdd405e20961 100644 --- a/shared/threat-models/qlpack.yml +++ b/shared/threat-models/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/threat-models -version: 1.0.5-dev +version: 1.0.5 library: true groups: shared dataExtensions: diff --git a/shared/tutorial/CHANGELOG.md b/shared/tutorial/CHANGELOG.md index ad8f62a4e9d5..f20cfe347d73 100644 --- a/shared/tutorial/CHANGELOG.md +++ b/shared/tutorial/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/shared/tutorial/change-notes/released/1.0.5.md b/shared/tutorial/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/shared/tutorial/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/shared/tutorial/codeql-pack.release.yml b/shared/tutorial/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/shared/tutorial/codeql-pack.release.yml +++ b/shared/tutorial/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/shared/tutorial/qlpack.yml b/shared/tutorial/qlpack.yml index c542374804d8..502519631d05 100644 --- a/shared/tutorial/qlpack.yml +++ b/shared/tutorial/qlpack.yml @@ -1,7 +1,7 @@ name: codeql/tutorial description: Library for the CodeQL detective tutorials, helping new users learn to write CodeQL queries. -version: 1.0.5-dev +version: 1.0.5 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/typeflow/CHANGELOG.md b/shared/typeflow/CHANGELOG.md index b9366dadb5c1..7ba137cbf536 100644 --- a/shared/typeflow/CHANGELOG.md +++ b/shared/typeflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/shared/typeflow/change-notes/released/1.0.5.md b/shared/typeflow/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/shared/typeflow/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/shared/typeflow/codeql-pack.release.yml b/shared/typeflow/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/shared/typeflow/codeql-pack.release.yml +++ b/shared/typeflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/shared/typeflow/qlpack.yml b/shared/typeflow/qlpack.yml index 9dbfd6533f47..95557584bfee 100644 --- a/shared/typeflow/qlpack.yml +++ b/shared/typeflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typeflow -version: 1.0.5-dev +version: 1.0.5 groups: shared library: true dependencies: diff --git a/shared/typetracking/CHANGELOG.md b/shared/typetracking/CHANGELOG.md index d17f150b27b2..77d9b6f4fcf5 100644 --- a/shared/typetracking/CHANGELOG.md +++ b/shared/typetracking/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/shared/typetracking/change-notes/released/1.0.5.md b/shared/typetracking/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/shared/typetracking/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/shared/typetracking/codeql-pack.release.yml b/shared/typetracking/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/shared/typetracking/codeql-pack.release.yml +++ b/shared/typetracking/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/shared/typetracking/qlpack.yml b/shared/typetracking/qlpack.yml index c2a176796e89..0c31e5be9a1b 100644 --- a/shared/typetracking/qlpack.yml +++ b/shared/typetracking/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typetracking -version: 1.0.5-dev +version: 1.0.5 groups: shared library: true dependencies: diff --git a/shared/typos/CHANGELOG.md b/shared/typos/CHANGELOG.md index d323c0974fe2..f8ac1347b0f9 100644 --- a/shared/typos/CHANGELOG.md +++ b/shared/typos/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/shared/typos/change-notes/released/1.0.5.md b/shared/typos/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/shared/typos/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/shared/typos/codeql-pack.release.yml b/shared/typos/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/shared/typos/codeql-pack.release.yml +++ b/shared/typos/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml index 5bbc01323a88..97b3f34bd045 100644 --- a/shared/typos/qlpack.yml +++ b/shared/typos/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typos -version: 1.0.5-dev +version: 1.0.5 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/util/CHANGELOG.md b/shared/util/CHANGELOG.md index 6042620d77cb..e44386743adc 100644 --- a/shared/util/CHANGELOG.md +++ b/shared/util/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/shared/util/change-notes/released/1.0.5.md b/shared/util/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/shared/util/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/shared/util/codeql-pack.release.yml b/shared/util/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/shared/util/codeql-pack.release.yml +++ b/shared/util/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/shared/util/qlpack.yml b/shared/util/qlpack.yml index 964747c8c599..8b6247e151db 100644 --- a/shared/util/qlpack.yml +++ b/shared/util/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/util -version: 1.0.5-dev +version: 1.0.5 groups: shared library: true dependencies: null diff --git a/shared/xml/CHANGELOG.md b/shared/xml/CHANGELOG.md index 1323436e6b2f..1b292c168764 100644 --- a/shared/xml/CHANGELOG.md +++ b/shared/xml/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/shared/xml/change-notes/released/1.0.5.md b/shared/xml/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/shared/xml/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/shared/xml/codeql-pack.release.yml b/shared/xml/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/shared/xml/codeql-pack.release.yml +++ b/shared/xml/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/shared/xml/qlpack.yml b/shared/xml/qlpack.yml index edaeefea948c..1a7f307050be 100644 --- a/shared/xml/qlpack.yml +++ b/shared/xml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/xml -version: 1.0.5-dev +version: 1.0.5 groups: shared library: true dependencies: diff --git a/shared/yaml/CHANGELOG.md b/shared/yaml/CHANGELOG.md index cd2c2e92ddfd..064f83a6efd6 100644 --- a/shared/yaml/CHANGELOG.md +++ b/shared/yaml/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/shared/yaml/change-notes/released/1.0.5.md b/shared/yaml/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/shared/yaml/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/shared/yaml/codeql-pack.release.yml b/shared/yaml/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/shared/yaml/codeql-pack.release.yml +++ b/shared/yaml/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/shared/yaml/qlpack.yml b/shared/yaml/qlpack.yml index da7d8b2956ae..790d2dc1caed 100644 --- a/shared/yaml/qlpack.yml +++ b/shared/yaml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/yaml -version: 1.0.5-dev +version: 1.0.5 groups: shared library: true warnOnImplicitThis: true diff --git a/swift/ql/lib/CHANGELOG.md b/swift/ql/lib/CHANGELOG.md index 21e8b74bb023..b8e0122e0a0e 100644 --- a/swift/ql/lib/CHANGELOG.md +++ b/swift/ql/lib/CHANGELOG.md @@ -1,3 +1,10 @@ +## 1.1.1 + +### Minor Analysis Improvements + +* The model for `FileManager` no longer considers methods that return paths on the file system as taint sources. This is because these sources have been found to produce results of low value. +* An error in the model for `URL.withUnsafeFileSystemRepresentation(_:)` has been corrected. This may result in new data flow paths being found during analysis. + ## 1.1.0 ### New Features diff --git a/swift/ql/lib/change-notes/2024-07-24-url-model.md b/swift/ql/lib/change-notes/2024-07-24-url-model.md deleted file mode 100644 index ab831ab4593c..000000000000 --- a/swift/ql/lib/change-notes/2024-07-24-url-model.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* An error in the model for `URL.withUnsafeFileSystemRepresentation(_:)` has been corrected. This may result in new data flow paths being found during analysis. diff --git a/swift/ql/lib/change-notes/2024-08-01-filemanager-model.md b/swift/ql/lib/change-notes/2024-08-01-filemanager-model.md deleted file mode 100644 index e4630d38f2c1..000000000000 --- a/swift/ql/lib/change-notes/2024-08-01-filemanager-model.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The model for `FileManager` no longer considers methods that return paths on the file system as taint sources. This is because these sources have been found to produce results of low value. diff --git a/swift/ql/lib/change-notes/released/1.1.1.md b/swift/ql/lib/change-notes/released/1.1.1.md new file mode 100644 index 000000000000..50bd8dff3ce0 --- /dev/null +++ b/swift/ql/lib/change-notes/released/1.1.1.md @@ -0,0 +1,6 @@ +## 1.1.1 + +### Minor Analysis Improvements + +* The model for `FileManager` no longer considers methods that return paths on the file system as taint sources. This is because these sources have been found to produce results of low value. +* An error in the model for `URL.withUnsafeFileSystemRepresentation(_:)` has been corrected. This may result in new data flow paths being found during analysis. diff --git a/swift/ql/lib/codeql-pack.release.yml b/swift/ql/lib/codeql-pack.release.yml index 2ac15439f561..1a19084be3f7 100644 --- a/swift/ql/lib/codeql-pack.release.yml +++ b/swift/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.1.0 +lastReleaseVersion: 1.1.1 diff --git a/swift/ql/lib/qlpack.yml b/swift/ql/lib/qlpack.yml index 2b14c18b1283..2878c24bc555 100644 --- a/swift/ql/lib/qlpack.yml +++ b/swift/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-all -version: 1.1.1-dev +version: 1.1.1 groups: swift extractor: swift dbscheme: swift.dbscheme diff --git a/swift/ql/src/CHANGELOG.md b/swift/ql/src/CHANGELOG.md index ca26ff94f225..e33d96f63f5a 100644 --- a/swift/ql/src/CHANGELOG.md +++ b/swift/ql/src/CHANGELOG.md @@ -1,3 +1,10 @@ +## 1.0.5 + +### Minor Analysis Improvements + +* The `swift/constant-salt` ("Use of constant salts") query now considers string concatenation and interpolation as a barrier. As a result, there will be fewer false positive results from this query involving constructed strings. +* The `swift/constant-salt` ("Use of constant salts") query message now contains a link to the source node. + ## 1.0.4 No user-facing changes. diff --git a/swift/ql/src/change-notes/2024-08-01-constant-salt.md b/swift/ql/src/change-notes/released/1.0.5.md similarity index 88% rename from swift/ql/src/change-notes/2024-08-01-constant-salt.md rename to swift/ql/src/change-notes/released/1.0.5.md index 5ead3f3c9844..f2169e0059f5 100644 --- a/swift/ql/src/change-notes/2024-08-01-constant-salt.md +++ b/swift/ql/src/change-notes/released/1.0.5.md @@ -1,5 +1,6 @@ ---- -category: minorAnalysis ---- +## 1.0.5 + +### Minor Analysis Improvements + * The `swift/constant-salt` ("Use of constant salts") query now considers string concatenation and interpolation as a barrier. As a result, there will be fewer false positive results from this query involving constructed strings. * The `swift/constant-salt` ("Use of constant salts") query message now contains a link to the source node. diff --git a/swift/ql/src/codeql-pack.release.yml b/swift/ql/src/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/swift/ql/src/codeql-pack.release.yml +++ b/swift/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/swift/ql/src/qlpack.yml b/swift/ql/src/qlpack.yml index a6a4598cc743..c88cab945eb3 100644 --- a/swift/ql/src/qlpack.yml +++ b/swift/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-queries -version: 1.0.5-dev +version: 1.0.5 groups: - swift - queries