зеркало из https://github.com/github/codeql.git
Merge pull request #15236 from github/codeql-cli-2.15.5
Merge `codeql-cli-2.15.5` back to `main`
This commit is contained in:
Henry Mercer
GitHub
Коммит
93d9332ab4
|
|
@ -158,6 +158,14 @@ Dataflow Analysis
|
|||
|
||||
* The API for debugging flow using partial flow has changed slightly. Instead of using :code:`module Partial = FlowExploration<limit/0>` and choosing between :code:`Partial::partialFlow` and :code:`Partial::partialFlowRev`, you now choose between :code:`module Partial = FlowExplorationFwd<limit/0>` and :code:`module Partial = FlowExplorationRev<limit/0>`, and then always use :code:`Partial::partialFlow`.
|
||||
|
||||
Minor Analysis Improvements
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
Range Analysis
|
||||
""""""""""""""
|
||||
|
||||
* Initial release. Moves the range analysis library into its own qlpack.
|
||||
|
||||
New Features
|
||||
~~~~~~~~~~~~
|
||||
|
||||
|
|
|
|||
|
|
@ -23,20 +23,19 @@ Bug Fixes
|
|||
~~~~~~~~~
|
||||
|
||||
* Fixed an internal error in the compiler when arguments to the :code:`codePointCount` string primitive were not bound.
|
||||
* Fixed a bug where :code:`codeql database finalize` would fail if a database under construction was moved between machines between
|
||||
:code:`codeql database init` and :code:`codeql database finalize`. This should now work, as long as both commands are run by the same *release* of the CodeQL CLI and the extractors used are the ones bundled with the CLI.
|
||||
* Fixed a bug where :code:`codeql database finalize` would fail if a database under construction was moved between machines between :code:`codeql database init` and :code:`codeql database finalize`.
|
||||
This should now work, as long as both commands are run by the same *release* of the CodeQL CLI and the extractors used are the ones bundled with the CLI.
|
||||
* Fixed a bug where :code:`codeql database run-queries` would fail in some circumstances when the database path included an :code:`@`.
|
||||
|
||||
New Features
|
||||
~~~~~~~~~~~~
|
||||
|
||||
* A new compilation flag (:code:`--fail-on-ambiguous-relation-name`) has been added to specify that compilation should fail if the compiler generates an ambiguous relation name.
|
||||
* :code:`codeql database analyze` now defaults to include markdown query help for all custom queries with help files available. To change the default behaviour you can pass the new flag :code:`--sarif-include-query-help`, which provides the options :code:`always` (which includes query help for all queries), :code:`custom_queries_only` (the default) and :code:`never` (which does not include query help for any query). The existing flag
|
||||
:code:`--sarif-add-query-help` has been deprecated and will be removed in a future release.
|
||||
* The new (advanced) command-line option :code:`--[no-]linkage-aware-import` disables the linkage-awareness phase of :code:`codeql dataset import`, as a quick fix (at the expense of database completeness) for C++ projects where this part of database creation consumes too much memory. This option is available in the commands :code:`database create`,
|
||||
:code:`database finalize`, :code:`database import`, :code:`dataset import`, :code:`test extract`, and
|
||||
:code:`test run`.
|
||||
* The CodeQL language server now provides basic support for Rename, and you can now use the Rename Symbol functionality in Visual Studio Code for CodeQL. The current Rename support is less a refactoring tool and more a labor-saving device. You may have to perform some manual edits after using Rename, but it should still be faster and less work than renaming a symbol manually.
|
||||
* :code:`codeql database analyze` now defaults to include markdown query help for all custom queries with help files available. To change the default behaviour you can pass the new flag :code:`--sarif-include-query-help`, which provides the options :code:`always` (which includes query help for all queries), :code:`custom_queries_only` (the default) and :code:`never` (which does not include query help for any query). The existing flag
|
||||
:code:`--sarif-add-query-help` has been deprecated and will be removed in a future release.
|
||||
|
||||
Improvements
|
||||
~~~~~~~~~~~~
|
||||
|
|
@ -84,7 +83,7 @@ Swift
|
|||
"""""
|
||||
|
||||
* Added new query "System command built from user-controlled sources" (:code:`swift/command-line-injection`) for Swift. This query detects system commands built from user-controlled sources without sufficient validation. The query was previously `contributed to the 'experimental' directory by @maikypedia <https://github.com/github/codeql/pull/13726>`__ but will now run by default for all code scanning users.
|
||||
* Added a nw query "Missing regular expression anchor" (:code:`swift/missing-regexp-anchor`) for Swift. This query detects regular expressions without anchors that can be vulnerable to bypassing.
|
||||
* Added a new query "Missing regular expression anchor" (:code:`swift/missing-regexp-anchor`) for Swift. This query detects regular expressions without anchors that can be vulnerable to bypassing.
|
||||
|
||||
Query Metadata Changes
|
||||
~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
|
@ -92,8 +91,8 @@ Query Metadata Changes
|
|||
JavaScript/TypeScript
|
||||
"""""""""""""""""""""
|
||||
|
||||
* Lower the severity of log-injection to medium.
|
||||
* Increase the severity of XSS to high.
|
||||
* Lower the security severity of log-injection to medium.
|
||||
* Increase the security severity of XSS to high.
|
||||
|
||||
Language Libraries
|
||||
------------------
|
||||
|
|
@ -192,7 +191,7 @@ C#
|
|||
Golang
|
||||
""""""
|
||||
|
||||
* Added the `gin cors <https://github.com/gin-contrib/cors>`__ library to the CorsMisconfiguration.ql query
|
||||
* Added the `gin-contrib/cors <https://github.com/gin-contrib/cors>`__ library to the experimental query "CORS misconfiguration" (:code:`go/cors-misconfiguration`).
|
||||
|
||||
Java
|
||||
""""
|
||||
|
|
|
|||
|
|
@ -0,0 +1,115 @@
|
|||
.. _codeql-cli-2.15.4:
|
||||
|
||||
==========================
|
||||
CodeQL 2.15.4 (2023-12-11)
|
||||
==========================
|
||||
|
||||
.. contents:: Contents
|
||||
:depth: 2
|
||||
:local:
|
||||
:backlinks: none
|
||||
|
||||
This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog <https://github.blog/tag/code-scanning/>`__, `relevant GitHub Changelog updates <https://github.blog/changelog/label/code-scanning/>`__, `changes in the CodeQL extension for Visual Studio Code <https://marketplace.visualstudio.com/items/GitHub.vscode-codeql/changelog>`__, and the `CodeQL Action changelog <https://github.com/github/codeql-action/blob/main/CHANGELOG.md>`__.
|
||||
|
||||
CodeQL CLI
|
||||
----------
|
||||
|
||||
Improvements
|
||||
~~~~~~~~~~~~
|
||||
|
||||
* Parallelism in the evaluator has been improved, resulting in faster analysis when running with many threads, particularly for large databases.
|
||||
|
||||
Query Packs
|
||||
-----------
|
||||
|
||||
Breaking Changes
|
||||
~~~~~~~~~~~~~~~~
|
||||
|
||||
C/C++
|
||||
"""""
|
||||
|
||||
* The :code:`cpp/tainted-format-string-through-global` query has been deleted. This does not lead to a loss of relevant alerts, as the query duplicated a subset of the alerts from :code:`cpp/tainted-format-string`.
|
||||
|
||||
Minor Analysis Improvements
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
C#
|
||||
""
|
||||
|
||||
* Modelled additional flow steps to track flow from a :code:`View` call in an MVC controller to the corresponding Razor View (:code:`.cshtml`) file, which may result in additional results for queries such as :code:`cs/web/xss`.
|
||||
|
||||
JavaScript/TypeScript
|
||||
"""""""""""""""""""""
|
||||
|
||||
* Added django URLs to detected "safe" URL patterns in :code:`js/unsafe-external-link`.
|
||||
|
||||
Swift
|
||||
"""""
|
||||
|
||||
* Added additional sinks for the "Uncontrolled format string" (:code:`swift/uncontrolled-format-string`) query. Some of these sinks are heuristic (imprecise) in nature.
|
||||
* Added heuristic (imprecise) sinks for the "Database query built from user-controlled sources" (:code:`swift/sql-injection`) query.
|
||||
|
||||
New Queries
|
||||
~~~~~~~~~~~
|
||||
|
||||
C/C++
|
||||
"""""
|
||||
|
||||
* Added a new query, :code:`cpp/use-of-string-after-lifetime-ends`, to detect calls to :code:`c_str` on strings that will be destroyed immediately.
|
||||
|
||||
Language Libraries
|
||||
------------------
|
||||
|
||||
Bug Fixes
|
||||
~~~~~~~~~
|
||||
|
||||
Golang
|
||||
""""""
|
||||
|
||||
* A bug has been fixed that meant that value flow through a slice expression was not tracked correctly. Taint flow was tracked correctly.
|
||||
|
||||
Minor Analysis Improvements
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
Java
|
||||
""""
|
||||
|
||||
* The diagnostic query :code:`java/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned Java files, now considers any Java file seen during extraction, even one with some errors, to be extracted / scanned.
|
||||
* Switch cases using binding patterns and :code:`case null[, default]` are now supported. Classes :code:`PatternCase` and :code:`NullDefaultCase` are introduced to represent new kinds of case statement.
|
||||
* Both switch cases and instanceof expressions using record patterns are now supported. The new class :code:`RecordPatternExpr` is introduced to represent record patterns, and :code:`InstanceOfExpr` gains :code:`getPattern` to replace :code:`getLocalVariableDeclExpr`.
|
||||
* The control-flow graph and therefore dominance information regarding switch blocks in statement context but with an expression rule (e.g. :code:`switch(...) { case 1 -> System.out.println("Hello world!") }`) has been fixed. This reduces false positives and negatives from various queries relating to functions featuring such statements.
|
||||
|
||||
JavaScript/TypeScript
|
||||
"""""""""""""""""""""
|
||||
|
||||
* Added models for the :code:`sqlite` and :code:`better-sqlite3` npm packages.
|
||||
* TypeScript 5.3 is now supported.
|
||||
|
||||
Python
|
||||
""""""
|
||||
|
||||
* Added support for tarfile extraction filters as defined in `PEP-706 <https://peps.python.org/pep-0706>`__. In particular, calls to :code:`TarFile.extract`, and :code:`TarFile.extractall` are no longer considered to be sinks for the :code:`py/tarslip` query if a sufficiently safe filter is provided.
|
||||
* Added modeling of :code:`*args` and :code:`**kwargs` as routed-parameters in request handlers for django/flask/FastAPI/tornado.
|
||||
* Added support for type parameters in function and class definitions, as well as the new Python 3.12 type alias statement.
|
||||
* Added taint-flow modeling for regular expressions with :code:`re` module from the standard library.
|
||||
|
||||
Ruby
|
||||
""""
|
||||
|
||||
* Improved modeling for :code:`ActiveRecord`\ s :code:`update_all` method
|
||||
|
||||
Swift
|
||||
"""""
|
||||
|
||||
* Extracts Swift's :code:`DiscardStmt` and :code:`MaterizliePackExpr`
|
||||
* Expanded and improved flow models for :code:`Set` and :code:`Sequence`.
|
||||
* Added imprecise flow sources matching initializers such as :code:`init(contentsOfFile:)`.
|
||||
* Extracts :code:`MacroDecl` and some related information
|
||||
|
||||
New Features
|
||||
~~~~~~~~~~~~
|
||||
|
||||
C/C++
|
||||
"""""
|
||||
|
||||
* Added an :code:`isPrototyped` predicate to :code:`Function` that holds when the function has a prototype.
|
||||
|
|
@ -9,6 +9,7 @@ This is an overview of changes in the CodeQL CLI and relevant CodeQL query and l
|
|||
.. toctree::
|
||||
:maxdepth: 1
|
||||
|
||||
codeql-cli-2.15.4
|
||||
codeql-cli-2.15.3
|
||||
codeql-cli-2.15.2
|
||||
codeql-cli-2.15.1
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче