зеркало из https://github.com/github/codeql.git
Merge pull request #10920 from github/post-release-prep/codeql-cli-2.11.2
Post-release preparation for codeql-cli-2.11.2
This commit is contained in:
Arthur Baars
GitHub
Коммит
a56ed88db2
|
|
@ -1,3 +1,7 @@
|
|||
## 0.4.2
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.4.1
|
||||
|
||||
No user-facing changes.
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
## 0.4.2
|
||||
|
||||
No user-facing changes.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 0.4.1
|
||||
lastReleaseVersion: 0.4.2
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/cpp-all
|
||||
version: 0.4.2-dev
|
||||
version: 0.4.3-dev
|
||||
groups: cpp
|
||||
dbscheme: semmlecode.cpp.dbscheme
|
||||
extractor: cpp
|
||||
|
|
|
|||
|
|
@ -1,3 +1,14 @@
|
|||
## 0.4.2
|
||||
|
||||
### New Queries
|
||||
|
||||
* Added a new medium-precision query, `cpp/comma-before-misleading-indentation`, which detects instances of whitespace that have readability issues.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The "Unterminated variadic call" (`cpp/unterminated-variadic-call`) query has been tuned to produce fewer false positive results.
|
||||
* Fixed false positives from the "Unused static function" (`cpp/unused-static-function`) query in files that had errors during compilation.
|
||||
|
||||
## 0.4.1
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
|
|
|||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Fixed false positives from the "Unused static function" (`cpp/unused-static-function`) query in files that had errors during compilation.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: newQuery
|
||||
---
|
||||
* Added a new medium-precision query, `cpp/comma-before-misleading-indentation`, which detects instances of whitespace that have readability issues.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The "Unterminated variadic call" (`cpp/unterminated-variadic-call`) query has been tuned to produce fewer false positive results.
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
## 0.4.2
|
||||
|
||||
### New Queries
|
||||
|
||||
* Added a new medium-precision query, `cpp/comma-before-misleading-indentation`, which detects instances of whitespace that have readability issues.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The "Unterminated variadic call" (`cpp/unterminated-variadic-call`) query has been tuned to produce fewer false positive results.
|
||||
* Fixed false positives from the "Unused static function" (`cpp/unused-static-function`) query in files that had errors during compilation.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 0.4.1
|
||||
lastReleaseVersion: 0.4.2
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/cpp-queries
|
||||
version: 0.4.2-dev
|
||||
version: 0.4.3-dev
|
||||
groups:
|
||||
- cpp
|
||||
- queries
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
## 1.3.2
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.3.1
|
||||
|
||||
No user-facing changes.
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
## 1.3.2
|
||||
|
||||
No user-facing changes.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 1.3.1
|
||||
lastReleaseVersion: 1.3.2
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/csharp-solorigate-all
|
||||
version: 1.3.2-dev
|
||||
version: 1.3.3-dev
|
||||
groups:
|
||||
- csharp
|
||||
- solorigate
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
## 1.3.2
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.3.1
|
||||
|
||||
No user-facing changes.
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
## 1.3.2
|
||||
|
||||
No user-facing changes.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 1.3.1
|
||||
lastReleaseVersion: 1.3.2
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/csharp-solorigate-queries
|
||||
version: 1.3.2-dev
|
||||
version: 1.3.3-dev
|
||||
groups:
|
||||
- csharp
|
||||
- solorigate
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
## 0.4.2
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.4.1
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
## 0.4.2
|
||||
|
||||
No user-facing changes.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 0.4.1
|
||||
lastReleaseVersion: 0.4.2
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/csharp-all
|
||||
version: 0.4.2-dev
|
||||
version: 0.4.3-dev
|
||||
groups: csharp
|
||||
dbscheme: semmlecode.csharp.dbscheme
|
||||
extractor: csharp
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
## 0.4.2
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.4.1
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
## 0.4.2
|
||||
|
||||
No user-facing changes.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 0.4.1
|
||||
lastReleaseVersion: 0.4.2
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/csharp-queries
|
||||
version: 0.4.2-dev
|
||||
version: 0.4.3-dev
|
||||
groups:
|
||||
- csharp
|
||||
- queries
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
## 0.3.2
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.3.1
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
## 0.3.2
|
||||
|
||||
No user-facing changes.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 0.3.1
|
||||
lastReleaseVersion: 0.3.2
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/go-all
|
||||
version: 0.3.2-dev
|
||||
version: 0.3.3-dev
|
||||
groups: go
|
||||
dbscheme: go.dbscheme
|
||||
extractor: go
|
||||
|
|
|
|||
|
|
@ -1,3 +1,9 @@
|
|||
## 0.3.2
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The alert messages of many queries were changed to better follow the style guide and make the messages consistent with other languages.
|
||||
|
||||
## 0.3.1
|
||||
|
||||
No user-facing changes.
|
||||
|
|
|
|||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The alert message of many queries have been changed to better follow the style guide and make the message consistent with other languages.
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
## 0.3.2
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The alert messages of many queries were changed to better follow the style guide and make the messages consistent with other languages.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 0.3.1
|
||||
lastReleaseVersion: 0.3.2
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/go-queries
|
||||
version: 0.3.2-dev
|
||||
version: 0.3.3-dev
|
||||
groups:
|
||||
- go
|
||||
- queries
|
||||
|
|
|
|||
|
|
@ -1,3 +1,20 @@
|
|||
## 0.4.2
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
* Deprecated `ContextStartActivityMethod`. Use `StartActivityMethod` instead.
|
||||
|
||||
### New Features
|
||||
|
||||
* Added a new predicate, `hasIncompletePermissions`, in the `AndroidProviderXmlElement` class. This predicate detects if a provider element does not provide both read and write permissions.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added support for common patterns involving `Stream.collect` and common collectors like `Collectors.toList()`.
|
||||
* The class `TypeVariable` now also extends `Modifiable`.
|
||||
* Added data flow steps for tainted Android intents that are sent to services and receivers.
|
||||
* Improved the data flow step for tainted Android intents that are sent to activities so that more cases are covered.
|
||||
|
||||
## 0.4.1
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
|
|
|||
|
|
@ -1,5 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added data flow steps for tainted Android intents that are sent to services and receivers.
|
||||
* Improved the data flow step for tainted Android intents that are sent to activities so that more cases are covered.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: deprecated
|
||||
---
|
||||
* Deprecated `ContextStartActivityMethod`. Use `StartActivityMethod` instead.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: feature
|
||||
---
|
||||
* Added a new predicate, `hasIncompletePermissions`, in the `AndroidProviderXmlElement` class. This predicate detects if a provider element does not provide both read and write permissions.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The class `TypeVariable` now also extends `Modifiable`.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added support for common patterns involving `Stream.collect` and common collectors like `Collectors.toList()`.
|
||||
|
|
@ -0,0 +1,16 @@
|
|||
## 0.4.2
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
* Deprecated `ContextStartActivityMethod`. Use `StartActivityMethod` instead.
|
||||
|
||||
### New Features
|
||||
|
||||
* Added a new predicate, `hasIncompletePermissions`, in the `AndroidProviderXmlElement` class. This predicate detects if a provider element does not provide both read and write permissions.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added support for common patterns involving `Stream.collect` and common collectors like `Collectors.toList()`.
|
||||
* The class `TypeVariable` now also extends `Modifiable`.
|
||||
* Added data flow steps for tainted Android intents that are sent to services and receivers.
|
||||
* Improved the data flow step for tainted Android intents that are sent to activities so that more cases are covered.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 0.4.1
|
||||
lastReleaseVersion: 0.4.2
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/java-all
|
||||
version: 0.4.2-dev
|
||||
version: 0.4.3-dev
|
||||
groups: java
|
||||
dbscheme: config/semmlecode.dbscheme
|
||||
extractor: java
|
||||
|
|
|
|||
|
|
@ -1,3 +1,10 @@
|
|||
## 0.4.2
|
||||
|
||||
### New Queries
|
||||
|
||||
* Added a new query, `java/android/incomplete-provider-permissions`, to detect if an Android ContentProvider is not protected with a correct set of permissions.
|
||||
* A new query "Uncontrolled data used in content resolution" (`java/androd/unsafe-content-uri-resolution`) has been added. This query finds paths from user-provided data to URI resolution operations in Android's `ContentResolver` without previous validation or sanitization.
|
||||
|
||||
## 0.4.1
|
||||
|
||||
### New Queries
|
||||
|
|
|
|||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: newQuery
|
||||
---
|
||||
* Added a new query, `java/android/incomplete-provider-permissions`, to detect if an Android ContentProvider is not protected with a correct set of permissions.
|
||||
|
|
@ -1,4 +1,6 @@
|
|||
---
|
||||
category: newQuery
|
||||
---
|
||||
* A new query "Uncontrolled data used in content resolution" (`java/androd/unsafe-content-uri-resolution`) has been added. This query finds paths from user-provided data to URI resolution operations in Android's `ContentResolver` without previous validation or sanitization.
|
||||
## 0.4.2
|
||||
|
||||
### New Queries
|
||||
|
||||
* Added a new query, `java/android/incomplete-provider-permissions`, to detect if an Android ContentProvider is not protected with a correct set of permissions.
|
||||
* A new query "Uncontrolled data used in content resolution" (`java/androd/unsafe-content-uri-resolution`) has been added. This query finds paths from user-provided data to URI resolution operations in Android's `ContentResolver` without previous validation or sanitization.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 0.4.1
|
||||
lastReleaseVersion: 0.4.2
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/java-queries
|
||||
version: 0.4.2-dev
|
||||
version: 0.4.3-dev
|
||||
groups:
|
||||
- java
|
||||
- queries
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
## 0.3.2
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.3.1
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
## 0.3.2
|
||||
|
||||
No user-facing changes.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 0.3.1
|
||||
lastReleaseVersion: 0.3.2
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/javascript-all
|
||||
version: 0.3.2-dev
|
||||
version: 0.3.3-dev
|
||||
groups: javascript
|
||||
dbscheme: semmlecode.javascript.dbscheme
|
||||
extractor: javascript
|
||||
|
|
|
|||
|
|
@ -1,3 +1,10 @@
|
|||
## 0.4.2
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Removed some false positives from the `js/file-system-race` query by requiring that the file-check dominates the file-access.
|
||||
* Improved taint tracking through `JSON.stringify` in cases where a tainted value is stored somewhere in the input object.
|
||||
|
||||
## 0.4.1
|
||||
|
||||
No user-facing changes.
|
||||
|
|
|
|||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Removed some false positives from the `js/file-system-race` query by requiring that the file-check dominates the file-access.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Improved taint tracking through `JSON.stringify` in cases where a tainted value is stored somewhere in the input object.
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
## 0.4.2
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Removed some false positives from the `js/file-system-race` query by requiring that the file-check dominates the file-access.
|
||||
* Improved taint tracking through `JSON.stringify` in cases where a tainted value is stored somewhere in the input object.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 0.4.1
|
||||
lastReleaseVersion: 0.4.2
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/javascript-queries
|
||||
version: 0.4.2-dev
|
||||
version: 0.4.3-dev
|
||||
groups:
|
||||
- javascript
|
||||
- queries
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
## 0.3.2
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.3.1
|
||||
|
||||
No user-facing changes.
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
## 0.3.2
|
||||
|
||||
No user-facing changes.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 0.3.1
|
||||
lastReleaseVersion: 0.3.2
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
name: codeql/suite-helpers
|
||||
version: 0.3.2-dev
|
||||
version: 0.3.3-dev
|
||||
groups: shared
|
||||
|
|
|
|||
|
|
@ -1,3 +1,12 @@
|
|||
## 0.6.2
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Fixed labels in the API graph pertaining to definitions of subscripts. Previously, these were found by `getMember` rather than `getASubscript`.
|
||||
* Added edges for indices of subscripts to the API graph. Now a subscripted API node will have an edge to the API node for the index expression. So if `foo` is matched by API node `A`, then `"key"` in `foo["key"]` will be matched by the API node `A.getIndex()`. This can be used to track the origin of the index.
|
||||
* Added member predicate `getSubscriptAt(API::Node index)` to `API::Node`. Like `getASubscript()`, this will return an API node that matches a subscript of the node, but here it will be restricted to subscripts where the index matches the `index` parameter.
|
||||
* Added convenience predicate `getSubscript("key")` to obtain a subscript at a specific index, when the index happens to be a statically known string.
|
||||
|
||||
## 0.6.1
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
## 0.6.2
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Fixed labels in the API graph pertaining to definitions of subscripts. Previously, these were found by `getMember` rather than `getASubscript`.
|
||||
* Added edges for indices of subscripts to the API graph. Now a subscripted API node will have an edge to the API node for the index expression. So if `foo` is matched by API node `A`, then `"key"` in `foo["key"]` will be matched by the API node `A.getIndex()`. This can be used to track the origin of the index.
|
||||
* Added member predicate `getSubscriptAt(API::Node index)` to `API::Node`. Like `getASubscript()`, this will return an API node that matches a subscript of the node, but here it will be restricted to subscripts where the index matches the `index` parameter.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 0.6.1
|
||||
lastReleaseVersion: 0.6.2
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/python-all
|
||||
version: 0.6.2-dev
|
||||
version: 0.6.3-dev
|
||||
groups: python
|
||||
dbscheme: semmlecode.python.dbscheme
|
||||
extractor: python
|
||||
|
|
|
|||
|
|
@ -1,3 +1,16 @@
|
|||
## 0.5.2
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added model of `cx_Oracle`, `oracledb`, `phonenixdb` and `pyodbc` PyPI packages as a SQL interface following PEP249, resulting in additional sinks for `py/sql-injection`.
|
||||
* Added model of `executemany` calls on PEP-249 compliant database APIs, resulting in additional sinks for `py/sql-injection`.
|
||||
* Added model of `pymssql` PyPI package as a SQL interface following PEP249, resulting in additional sinks for `py/sql-injection`.
|
||||
* The alert messages of many queries were changed to better follow the style guide and make the messages consistent with other languages.
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* Fixed how `flask.request` is modeled as a RemoteFlowSource, such that we show fewer duplicated alert messages for Code Scanning alerts. The import, such as `from flask import request`, will now be shown as the first step in a path explanation.
|
||||
|
||||
## 0.5.1
|
||||
|
||||
No user-facing changes.
|
||||
|
|
|
|||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: fix
|
||||
---
|
||||
* Fixed how `flask.request` is modeled as a RemoteFlowSource, such that we show fewer duplicated alert messages for Code Scanning alerts. The import, such as `from flask import request`, will now be shown as the first step in a path explanation.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The alert message of many queries have been changed to better follow the style guide and make the message consistent with other languages.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added model of `executemany` calls on PEP-249 compliant database APIs, resulting in additional sinks for `py/sql-injection`.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added model of `pymssql` PyPI package as a SQL interface following PEP249, resulting in additional sinks for `py/sql-injection`.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added model of `cx_Oracle`, `oracledb`, `phonenixdb` and `pyodbc` PyPI packages as a SQL interface following PEP249, resulting in additional sinks for `py/sql-injection`.
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
## 0.5.2
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added model of `cx_Oracle`, `oracledb`, `phonenixdb` and `pyodbc` PyPI packages as a SQL interface following PEP249, resulting in additional sinks for `py/sql-injection`.
|
||||
* Added model of `executemany` calls on PEP-249 compliant database APIs, resulting in additional sinks for `py/sql-injection`.
|
||||
* Added model of `pymssql` PyPI package as a SQL interface following PEP249, resulting in additional sinks for `py/sql-injection`.
|
||||
* The alert messages of many queries were changed to better follow the style guide and make the messages consistent with other languages.
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* Fixed how `flask.request` is modeled as a RemoteFlowSource, such that we show fewer duplicated alert messages for Code Scanning alerts. The import, such as `from flask import request`, will now be shown as the first step in a path explanation.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 0.5.1
|
||||
lastReleaseVersion: 0.5.2
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/python-queries
|
||||
version: 0.5.2-dev
|
||||
version: 0.5.3-dev
|
||||
groups:
|
||||
- python
|
||||
- queries
|
||||
|
|
|
|||
|
|
@ -1,3 +1,14 @@
|
|||
## 0.4.2
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The hashing algorithms from `Digest` and `OpenSSL::Digest` are now recognized and can be flagged by the `rb/weak-cryptographic-algorithm` query.
|
||||
* More sources of remote input arising from methods on `ActionDispatch::Request` are now recognized.
|
||||
* The response value returned by the `Faraday#run_request` method is now also considered a source of remote input.
|
||||
* `ActiveJob::Serializers.deserialize` is considered to be a code execution sink.
|
||||
* Calls to `params` in `ActionMailer` classes are now treated as sources of remote user input.
|
||||
* Taint flow through `ActionController::Parameters` is tracked more accurately.
|
||||
|
||||
## 0.4.1
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
|
|
|||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Taint flow through `ActionController::Parameters` is tracked more accurately.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Calls to `params` in `ActionMailer` classes are now treated as sources of remote user input.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* `ActiveJob::Serializers.deserialize` is considered to be a code execution sink.
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* More sources of remote input arising from methods on `ActionDispatch::Request`
|
||||
are now recognised.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The response value returned by the `Faraday#run_request` method is now also considered a source of remote input.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The hashing algorithms from `Digest` and `OpenSSL::Digest` are now recognized and can be flagged by the `rb/weak-cryptographic-algorithm` query.
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
## 0.4.2
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The hashing algorithms from `Digest` and `OpenSSL::Digest` are now recognized and can be flagged by the `rb/weak-cryptographic-algorithm` query.
|
||||
* More sources of remote input arising from methods on `ActionDispatch::Request` are now recognized.
|
||||
* The response value returned by the `Faraday#run_request` method is now also considered a source of remote input.
|
||||
* `ActiveJob::Serializers.deserialize` is considered to be a code execution sink.
|
||||
* Calls to `params` in `ActionMailer` classes are now treated as sources of remote user input.
|
||||
* Taint flow through `ActionController::Parameters` is tracked more accurately.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 0.4.1
|
||||
lastReleaseVersion: 0.4.2
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/ruby-all
|
||||
version: 0.4.2-dev
|
||||
version: 0.4.3-dev
|
||||
groups: ruby
|
||||
extractor: ruby
|
||||
dbscheme: ruby.dbscheme
|
||||
|
|
|
|||
|
|
@ -1,3 +1,17 @@
|
|||
## 0.4.2
|
||||
|
||||
### New Queries
|
||||
|
||||
* Added a new query, `rb/non-constant-kernel-open`, to detect uses of Kernel.open and related methods with non-constant values.
|
||||
* Added a new query, `rb/sensitive-get-query`, to detect cases where sensitive data is read from the query parameters of an HTTP `GET` request.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* HTTP response header and body writes via `ActionDispatch::Response` are now
|
||||
recognized.
|
||||
* The `rb/path-injection` query now treats the `file:` argument of the Rails `render` method as a sink.
|
||||
* The alert messages of many queries were changed to better follow the style guide and make the messages consistent with other languages.
|
||||
|
||||
## 0.4.1
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
|
|
|||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: newQuery
|
||||
---
|
||||
* Added a new query, `rb/sensitive-get-query`, to detect cases where sensitive data is read from the query parameters of an HTTP `GET` request.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: newQuery
|
||||
---
|
||||
* Added a new query, `rb/non-constant-kernel-open`, to detect uses of Kernel.open and related methods with non-constant values.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The alert message of many queries have been changed to better follow the style guide and make the message consistent with other languages.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The `rb/path-injection` query now treats the `file:` argument of the Rails `render` method as a sink.
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* HTTP response header and body writes via `ActionDispatch::Response` are now
|
||||
recognized.
|
||||
|
|
@ -0,0 +1,13 @@
|
|||
## 0.4.2
|
||||
|
||||
### New Queries
|
||||
|
||||
* Added a new query, `rb/non-constant-kernel-open`, to detect uses of Kernel.open and related methods with non-constant values.
|
||||
* Added a new query, `rb/sensitive-get-query`, to detect cases where sensitive data is read from the query parameters of an HTTP `GET` request.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* HTTP response header and body writes via `ActionDispatch::Response` are now
|
||||
recognized.
|
||||
* The `rb/path-injection` query now treats the `file:` argument of the Rails `render` method as a sink.
|
||||
* The alert messages of many queries were changed to better follow the style guide and make the messages consistent with other languages.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 0.4.1
|
||||
lastReleaseVersion: 0.4.2
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/ruby-queries
|
||||
version: 0.4.2-dev
|
||||
version: 0.4.3-dev
|
||||
groups:
|
||||
- ruby
|
||||
- queries
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
## 0.0.3
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.0.2
|
||||
|
||||
No user-facing changes.
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
## 0.0.3
|
||||
|
||||
No user-facing changes.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 0.0.2
|
||||
lastReleaseVersion: 0.0.3
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
name: codeql/ssa
|
||||
version: 0.0.3-dev
|
||||
version: 0.0.4-dev
|
||||
groups: shared
|
||||
library: true
|
||||
|
|
|
|||
Некоторые файлы не были показаны из-за слишком большого количества измененных файлов Показать больше
Загрузка…
Ссылка в новой задаче