зеркало из https://github.com/github/codeql.git
Release preparation for version 2.18.2
This commit is contained in:
github-actions[bot]
Родитель
32b3924548
Коммит
c14ba0e4bd
|
|
@ -1,3 +1,18 @@
|
|||
## 1.4.0
|
||||
|
||||
### New Features
|
||||
|
||||
* A `getTemplateClass` predicate was added to the `DeductionGuide` class to get the class template for which the deduction guide is a guide.
|
||||
* An `isExplicit` predicate was added to the `Function` class that determines whether the function was declared as explicit.
|
||||
* A `getExplicitExpr` predicate was added to the `Function` class that yields the constant boolean expression (if any) that conditionally determines whether the function is explicit.
|
||||
* A `isDestroyingDeleteDeallocation` predicate was added to the `NewOrNewArrayExpr` and `DeleteOrDeleteArrayExpr` classes to indicate whether the deallocation function is a destroying delete.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The controlling expression of a `constexpr if` is now always recognized as an unevaluated expression.
|
||||
* Improved performance of alias analysis of large function bodies. In rare cases, alerts that depend on alias analysis of large function bodies may be affected.
|
||||
* A `UsingEnumDeclarationEntry` class has been added for C++ `using enum` declarations. As part of this, synthesized `UsingDeclarationEntry`s are no longer emitted for individual enumerators of the referenced enumeration.
|
||||
|
||||
## 1.3.0
|
||||
|
||||
### New Features
|
||||
|
|
|
|||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: feature
|
||||
---
|
||||
* A `isDestroyingDeleteDeallocation` predicate was added to the `NewOrNewArrayExpr` and `DeleteOrDeleteArrayExpr` classes to indicate whether the deallocation function is a destroying delete.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* A `UsingEnumDeclarationEntry` class has been added for C++ `using enum` declarations. As part of this, synthesized `UsingDeclarationEntry`s are no longer emitted for individual enumerators of the referenced enumeration.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Improved performance of alias analysis of large function bodies. In rare cases, alerts that depend on alias analysis of large function bodies may be affected.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The controlling expression of a `constexpr if` is now always recognized as an unevaluated expression.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: feature
|
||||
---
|
||||
* A `getTemplateClass` predicate was added to the `DeductionGuide` class to get the class template for which the deduction guide is a guide.
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
---
|
||||
category: feature
|
||||
---
|
||||
* An `isExplicit` predicate was added to the `Function` class that determines whether the function was declared as explicit.
|
||||
* A `getExplicitExpr` predicate was added to the `Function` class that yields the constant boolean expression (if any) that conditionally determines whether the function is explicit.
|
||||
|
|
@ -0,0 +1,14 @@
|
|||
## 1.4.0
|
||||
|
||||
### New Features
|
||||
|
||||
* A `getTemplateClass` predicate was added to the `DeductionGuide` class to get the class template for which the deduction guide is a guide.
|
||||
* An `isExplicit` predicate was added to the `Function` class that determines whether the function was declared as explicit.
|
||||
* A `getExplicitExpr` predicate was added to the `Function` class that yields the constant boolean expression (if any) that conditionally determines whether the function is explicit.
|
||||
* A `isDestroyingDeleteDeallocation` predicate was added to the `NewOrNewArrayExpr` and `DeleteOrDeleteArrayExpr` classes to indicate whether the deallocation function is a destroying delete.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The controlling expression of a `constexpr if` is now always recognized as an unevaluated expression.
|
||||
* Improved performance of alias analysis of large function bodies. In rare cases, alerts that depend on alias analysis of large function bodies may be affected.
|
||||
* A `UsingEnumDeclarationEntry` class has been added for C++ `using enum` declarations. As part of this, synthesized `UsingDeclarationEntry`s are no longer emitted for individual enumerators of the referenced enumeration.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 1.3.0
|
||||
lastReleaseVersion: 1.4.0
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/cpp-all
|
||||
version: 1.3.1-dev
|
||||
version: 1.4.0
|
||||
groups: cpp
|
||||
dbscheme: semmlecode.cpp.dbscheme
|
||||
extractor: cpp
|
||||
|
|
|
|||
|
|
@ -1,3 +1,16 @@
|
|||
## 1.2.0
|
||||
|
||||
### Query Metadata Changes
|
||||
|
||||
* The precision of `cpp/unsigned-difference-expression-compared-zero` ("Unsigned difference expression compared to zero") has been increased to `high`. As a result, it will be run by default as part of the Code Scanning suite.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Fixed false positives in the `cpp/memory-may-not-be-freed` ("Memory may not be freed") query involving class methods that returned an allocated field of that class being misidentified as allocators.
|
||||
* The `cpp/incorrectly-checked-scanf` ("Incorrect return-value check for a 'scanf'-like function") query now produces fewer false positive results.
|
||||
* The `cpp/incorrect-allocation-error-handling` ("Incorrect allocation-error handling") query no longer produces occasional false positive results inside template instantiations.
|
||||
* The `cpp/suspicious-allocation-size` ("Not enough memory allocated for array of pointer type") query no longer produces false positives on "variable size" `struct`s.
|
||||
|
||||
## 1.1.0
|
||||
|
||||
### Query Metadata Changes
|
||||
|
|
|
|||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: queryMetadata
|
||||
---
|
||||
* The precision of `cpp/unsigned-difference-expression-compared-zero` ("Unsigned difference expression compared to zero") has been increased to `high`. As a result, it will be run by default as part of the Code Scanning suite.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The `cpp/incorrect-allocation-error-handling` ("Incorrect allocation-error handling") query no longer produces occasional false positive results inside template instantiations.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The `cpp/suspicious-allocation-size` ("Not enough memory allocated for array of pointer type") query no longer produces false positives on "variable size" `struct`s.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The `cpp/incorrectly-checked-scanf` ("Incorrect return-value check for a 'scanf'-like function") query now produces fewer false positive results.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Fixed false positives in the `cpp/memory-may-not-be-freed` ("Memory may not be freed") query involving class methods that returned an allocated field of that class being misidentified as allocators.
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
## 1.2.0
|
||||
|
||||
### Query Metadata Changes
|
||||
|
||||
* The precision of `cpp/unsigned-difference-expression-compared-zero` ("Unsigned difference expression compared to zero") has been increased to `high`. As a result, it will be run by default as part of the Code Scanning suite.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Fixed false positives in the `cpp/memory-may-not-be-freed` ("Memory may not be freed") query involving class methods that returned an allocated field of that class being misidentified as allocators.
|
||||
* The `cpp/incorrectly-checked-scanf` ("Incorrect return-value check for a 'scanf'-like function") query now produces fewer false positive results.
|
||||
* The `cpp/incorrect-allocation-error-handling` ("Incorrect allocation-error handling") query no longer produces occasional false positive results inside template instantiations.
|
||||
* The `cpp/suspicious-allocation-size` ("Not enough memory allocated for array of pointer type") query no longer produces false positives on "variable size" `struct`s.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 1.1.0
|
||||
lastReleaseVersion: 1.2.0
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/cpp-queries
|
||||
version: 1.1.1-dev
|
||||
version: 1.2.0
|
||||
groups:
|
||||
- cpp
|
||||
- queries
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
## 1.7.22
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.7.21
|
||||
|
||||
No user-facing changes.
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
## 1.7.22
|
||||
|
||||
No user-facing changes.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 1.7.21
|
||||
lastReleaseVersion: 1.7.22
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/csharp-solorigate-all
|
||||
version: 1.7.22-dev
|
||||
version: 1.7.22
|
||||
groups:
|
||||
- csharp
|
||||
- solorigate
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
## 1.7.22
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.7.21
|
||||
|
||||
No user-facing changes.
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
## 1.7.22
|
||||
|
||||
No user-facing changes.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 1.7.21
|
||||
lastReleaseVersion: 1.7.22
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/csharp-solorigate-queries
|
||||
version: 1.7.22-dev
|
||||
version: 1.7.22
|
||||
groups:
|
||||
- csharp
|
||||
- solorigate
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
## 1.0.5
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.0.4
|
||||
|
||||
No user-facing changes.
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
## 1.0.5
|
||||
|
||||
No user-facing changes.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 1.0.4
|
||||
lastReleaseVersion: 1.0.5
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/csharp-all
|
||||
version: 1.0.5-dev
|
||||
version: 1.0.5
|
||||
groups: csharp
|
||||
dbscheme: semmlecode.csharp.dbscheme
|
||||
extractor: csharp
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
## 1.0.5
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.0.4
|
||||
|
||||
No user-facing changes.
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
## 1.0.5
|
||||
|
||||
No user-facing changes.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 1.0.4
|
||||
lastReleaseVersion: 1.0.5
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/csharp-queries
|
||||
version: 1.0.5-dev
|
||||
version: 1.0.5
|
||||
groups:
|
||||
- csharp
|
||||
- queries
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
## 1.0.5
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.0.4
|
||||
|
||||
No user-facing changes.
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
## 1.0.5
|
||||
|
||||
No user-facing changes.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 1.0.4
|
||||
lastReleaseVersion: 1.0.5
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql-go-consistency-queries
|
||||
version: 1.0.5-dev
|
||||
version: 1.0.5
|
||||
groups:
|
||||
- go
|
||||
- queries
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
## 1.1.4
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.1.3
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
## 1.1.4
|
||||
|
||||
No user-facing changes.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 1.1.3
|
||||
lastReleaseVersion: 1.1.4
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/go-all
|
||||
version: 1.1.4-dev
|
||||
version: 1.1.4
|
||||
groups: go
|
||||
dbscheme: go.dbscheme
|
||||
extractor: go
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
## 1.0.5
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.0.4
|
||||
|
||||
No user-facing changes.
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
## 1.0.5
|
||||
|
||||
No user-facing changes.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 1.0.4
|
||||
lastReleaseVersion: 1.0.5
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/go-queries
|
||||
version: 1.0.5-dev
|
||||
version: 1.0.5
|
||||
groups:
|
||||
- go
|
||||
- queries
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
## 1.0.5
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.0.4
|
||||
|
||||
No user-facing changes.
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
## 1.0.5
|
||||
|
||||
No user-facing changes.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 1.0.4
|
||||
lastReleaseVersion: 1.0.5
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/java-automodel-queries
|
||||
version: 1.0.5-dev
|
||||
version: 1.0.5
|
||||
groups:
|
||||
- java
|
||||
- automodel
|
||||
|
|
|
|||
|
|
@ -1,3 +1,23 @@
|
|||
## 3.0.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
* The Java and Kotlin extractors no longer support the `SOURCE_ARCHIVE` and `TRAP_FOLDER` legacy environment variable.
|
||||
|
||||
### New Features
|
||||
|
||||
* Java support for `build-mode: none` is now out of beta, and generally available.
|
||||
|
||||
### Major Analysis Improvements
|
||||
|
||||
* We previously considered reverse DNS resolutions (IP address -> domain name) as sources of untrusted data, since compromised/malicious DNS servers could potentially return malicious responses to arbitrary requests. We have now removed this source from the default set of untrusted sources and made a new threat model kind for them, called "reverse-dns". You can optionally include other threat models as appropriate when using the CodeQL CLI and in GitHub code scanning. For more information, see [Analyzing your code with CodeQL queries](https://docs.github.com/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries#including-model-packs-to-add-potential-sources-of-tainted-data>) and [Customizing your advanced setup for code scanning](https://docs.github.com/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#extending-codeql-coverage-with-threat-models).
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added flow through some methods of the class `java.net.URL` by ensuring that the fields of a URL are tainted.
|
||||
* Added path-injection sinks for `org.apache.tools.ant.taskdefs.Property.setFile` and `org.apache.tools.ant.taskdefs.Property.setResource`.
|
||||
* Adds models for request handlers using the `org.lastaflute.web` web framework.
|
||||
|
||||
## 2.0.0
|
||||
|
||||
### Breaking Changes
|
||||
|
|
|
|||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Adds models for request handlers using the `org.lastaflute.web` web framework.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added path-injection sinks for `org.apache.tools.ant.taskdefs.Property.setFile` and `org.apache.tools.ant.taskdefs.Property.setResource`.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added flow through some methods of the class `java.net.URL` by ensuring that the fields of a URL are tainted.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: breaking
|
||||
---
|
||||
* The Java and Kotlin extractors no longer support the `SOURCE_ARCHIVE` and `TRAP_FOLDER` legacy environment variable.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: feature
|
||||
---
|
||||
* Java support for `build-mode: none` is now out of beta, and generally available.
|
||||
|
|
@ -1,4 +1,19 @@
|
|||
---
|
||||
category: majorAnalysis
|
||||
---
|
||||
## 3.0.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
* The Java and Kotlin extractors no longer support the `SOURCE_ARCHIVE` and `TRAP_FOLDER` legacy environment variable.
|
||||
|
||||
### New Features
|
||||
|
||||
* Java support for `build-mode: none` is now out of beta, and generally available.
|
||||
|
||||
### Major Analysis Improvements
|
||||
|
||||
* We previously considered reverse DNS resolutions (IP address -> domain name) as sources of untrusted data, since compromised/malicious DNS servers could potentially return malicious responses to arbitrary requests. We have now removed this source from the default set of untrusted sources and made a new threat model kind for them, called "reverse-dns". You can optionally include other threat models as appropriate when using the CodeQL CLI and in GitHub code scanning. For more information, see [Analyzing your code with CodeQL queries](https://docs.github.com/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries#including-model-packs-to-add-potential-sources-of-tainted-data>) and [Customizing your advanced setup for code scanning](https://docs.github.com/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#extending-codeql-coverage-with-threat-models).
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added flow through some methods of the class `java.net.URL` by ensuring that the fields of a URL are tainted.
|
||||
* Added path-injection sinks for `org.apache.tools.ant.taskdefs.Property.setFile` and `org.apache.tools.ant.taskdefs.Property.setResource`.
|
||||
* Adds models for request handlers using the `org.lastaflute.web` web framework.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 2.0.0
|
||||
lastReleaseVersion: 3.0.0
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/java-all
|
||||
version: 2.0.1-dev
|
||||
version: 3.0.0
|
||||
groups: java
|
||||
dbscheme: config/semmlecode.dbscheme
|
||||
extractor: java
|
||||
|
|
|
|||
|
|
@ -1,3 +1,12 @@
|
|||
## 1.1.2
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Variables names containing the string "tokenizer" (case-insensitively) are no longer sources for the `java/sensitive-log` query. They normally relate to things like `java.util.StringTokenizer`, which are not sensitive information. This should fix some false positive alerts.
|
||||
* The query "Unused classes and interfaces" (`java/unused-reference-type`) now recognizes that if a method of a class has an annotation then it may be accessed reflectively. This should remove false positive alerts, especially for JUnit 4-style tests annotated with `@test`.
|
||||
* Alerts about exposing `exception.getMessage()` in servlet responses are now split out of `java/stack-trace-exposure` into its own query `java/error-message-exposure`.
|
||||
* Added the extensible abstract class `SensitiveLoggerSource`. Now this class can be extended to add more sources to the `java/sensitive-log` query or for customizations overrides.
|
||||
|
||||
## 1.1.1
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
|
@ -325,7 +334,7 @@ No user-facing changes.
|
|||
### New Queries
|
||||
|
||||
* Added a new query, `java/android/incomplete-provider-permissions`, to detect if an Android ContentProvider is not protected with a correct set of permissions.
|
||||
* A new query "Uncontrolled data used in content resolution" (`java/android/unsafe-content-uri-resolution`) has been added. This query finds paths from user-provided data to URI resolution operations in Android's `ContentResolver` without previous validation or sanitization.
|
||||
* A new query "Uncontrolled data used in content resolution" (`java/androd/unsafe-content-uri-resolution`) has been added. This query finds paths from user-provided data to URI resolution operations in Android's `ContentResolver` without previous validation or sanitization.
|
||||
|
||||
## 0.4.1
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added the extensible abstract class `SensitiveLoggerSource`. Now this class can be extended to add more sources to the `java/sensitive-log` query or for customizations overrides.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Alerts about exposing `exception.getMessage()` in servlet responses are now split out of `java/stack-trace-exposure` into its own query `java/error-message-exposure`.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Variables names containing the string "tokenizer" (case-insensitively) are no longer sources for the `java/sensitive-log` query. They normally relate to things like `java.util.StringTokenizer`, which are not sensitive information. This should fix some false positive alerts.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The query "Unused classes and interfaces" (`java/unused-reference-type`) now recognizes that if a method of a class has an annotation then it may be accessed reflectively. This should remove false positive alerts, especially for JUnit 4-style tests annotated with `@test`.
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
## 1.1.2
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Variables names containing the string "tokenizer" (case-insensitively) are no longer sources for the `java/sensitive-log` query. They normally relate to things like `java.util.StringTokenizer`, which are not sensitive information. This should fix some false positive alerts.
|
||||
* The query "Unused classes and interfaces" (`java/unused-reference-type`) now recognizes that if a method of a class has an annotation then it may be accessed reflectively. This should remove false positive alerts, especially for JUnit 4-style tests annotated with `@test`.
|
||||
* Alerts about exposing `exception.getMessage()` in servlet responses are now split out of `java/stack-trace-exposure` into its own query `java/error-message-exposure`.
|
||||
* Added the extensible abstract class `SensitiveLoggerSource`. Now this class can be extended to add more sources to the `java/sensitive-log` query or for customizations overrides.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 1.1.1
|
||||
lastReleaseVersion: 1.1.2
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/java-queries
|
||||
version: 1.1.2-dev
|
||||
version: 1.1.2
|
||||
groups:
|
||||
- java
|
||||
- queries
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
## 1.1.2
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.1.1
|
||||
|
||||
No user-facing changes.
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
## 1.1.2
|
||||
|
||||
No user-facing changes.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 1.1.1
|
||||
lastReleaseVersion: 1.1.2
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/javascript-all
|
||||
version: 1.1.2-dev
|
||||
version: 1.1.2
|
||||
groups: javascript
|
||||
dbscheme: semmlecode.javascript.dbscheme
|
||||
extractor: javascript
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
## 1.1.1
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.1.0
|
||||
|
||||
### New Queries
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
## 1.1.1
|
||||
|
||||
No user-facing changes.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 1.1.0
|
||||
lastReleaseVersion: 1.1.1
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/javascript-queries
|
||||
version: 1.1.1-dev
|
||||
version: 1.1.1
|
||||
groups:
|
||||
- javascript
|
||||
- queries
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
## 1.0.5
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.0.4
|
||||
|
||||
No user-facing changes.
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
## 1.0.5
|
||||
|
||||
No user-facing changes.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 1.0.4
|
||||
lastReleaseVersion: 1.0.5
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
name: codeql/suite-helpers
|
||||
version: 1.0.5-dev
|
||||
version: 1.0.5
|
||||
groups: shared
|
||||
warnOnImplicitThis: true
|
||||
|
|
|
|||
|
|
@ -1,3 +1,9 @@
|
|||
## 1.0.5
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added support for `DictionaryElement[<key>]` and `DictionaryElementAny` when Customizing Library Models for `sourceModel` (see https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-python/)
|
||||
|
||||
## 1.0.4
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
## 1.0.5
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added support for `DictionaryElement[<key>]` and `DictionaryElementAny` when Customizing Library Models for `sourceModel` (see https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-python/)
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 1.0.4
|
||||
lastReleaseVersion: 1.0.5
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/python-all
|
||||
version: 1.0.5-dev
|
||||
version: 1.0.5
|
||||
groups: python
|
||||
dbscheme: semmlecode.python.dbscheme
|
||||
extractor: python
|
||||
|
|
|
|||
|
|
@ -1,3 +1,13 @@
|
|||
## 1.1.0
|
||||
|
||||
### New Queries
|
||||
|
||||
* The `py/cookie-injection` query, originally contributed to the experimental query pack by @jorgectf, has been promoted to the main query pack. This query finds instances of cookies being constructed from user input.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added models of `streamlit` PyPI package.
|
||||
|
||||
## 1.0.4
|
||||
|
||||
No user-facing changes.
|
||||
|
|
|
|||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added models of `streamlit` PyPI package.
|
||||
|
|
@ -1,4 +1,9 @@
|
|||
---
|
||||
category: newQuery
|
||||
---
|
||||
* The `py/cookie-injection` query, originally contributed to the experimental query pack by @jorgectf, has been promoted to the main query pack. This query finds instances of cookies being constructed from user input.
|
||||
## 1.1.0
|
||||
|
||||
### New Queries
|
||||
|
||||
* The `py/cookie-injection` query, originally contributed to the experimental query pack by @jorgectf, has been promoted to the main query pack. This query finds instances of cookies being constructed from user input.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added models of `streamlit` PyPI package.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 1.0.4
|
||||
lastReleaseVersion: 1.1.0
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/python-queries
|
||||
version: 1.0.5-dev
|
||||
version: 1.1.0
|
||||
groups:
|
||||
- python
|
||||
- queries
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
## 1.0.5
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.0.4
|
||||
|
||||
No user-facing changes.
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
## 1.0.5
|
||||
|
||||
No user-facing changes.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 1.0.4
|
||||
lastReleaseVersion: 1.0.5
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/ruby-all
|
||||
version: 1.0.5-dev
|
||||
version: 1.0.5
|
||||
groups: ruby
|
||||
extractor: ruby
|
||||
dbscheme: ruby.dbscheme
|
||||
|
|
|
|||
|
|
@ -1,3 +1,9 @@
|
|||
## 1.1.0
|
||||
|
||||
### New Queries
|
||||
|
||||
* Added a new query, `rb/weak-sensitive-data-hashing`, to detect cases where sensitive data is hashed using a weak cryptographic hashing algorithm.
|
||||
|
||||
## 1.0.4
|
||||
|
||||
No user-facing changes.
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
---
|
||||
category: newQuery
|
||||
---
|
||||
## 1.1.0
|
||||
|
||||
### New Queries
|
||||
|
||||
* Added a new query, `rb/weak-sensitive-data-hashing`, to detect cases where sensitive data is hashed using a weak cryptographic hashing algorithm.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 1.0.4
|
||||
lastReleaseVersion: 1.1.0
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/ruby-queries
|
||||
version: 1.0.5-dev
|
||||
version: 1.1.0
|
||||
groups:
|
||||
- ruby
|
||||
- queries
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
## 1.0.5
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.0.4
|
||||
|
||||
No user-facing changes.
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
## 1.0.5
|
||||
|
||||
No user-facing changes.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 1.0.4
|
||||
lastReleaseVersion: 1.0.5
|
||||
|
|
|
|||
Некоторые файлы не были показаны из-за слишком большого количества измененных файлов Показать больше
Загрузка…
Ссылка в новой задаче