From 3193b3b171c01bb7c49dc52452389ee3fe9f2ca7 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 15 May 2023 10:51:21 +0100 Subject: [PATCH 01/15] Swift: Make the CleartextLogging.ql query ID consistent with the other swift/cleartext-* queries. --- swift/ql/src/queries/Security/CWE-312/CleartextLogging.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/swift/ql/src/queries/Security/CWE-312/CleartextLogging.ql b/swift/ql/src/queries/Security/CWE-312/CleartextLogging.ql index 2d76f1d3e7e..d4314ab1631 100644 --- a/swift/ql/src/queries/Security/CWE-312/CleartextLogging.ql +++ b/swift/ql/src/queries/Security/CWE-312/CleartextLogging.ql @@ -6,7 +6,7 @@ * @problem.severity error * @security-severity 7.5 * @precision high - * @id swift/clear-text-logging + * @id swift/cleartext-logging * @tags security * external/cwe/cwe-312 * external/cwe/cwe-359 From 2a4d7cb642f5bd6c7121d9b3205f6d8e84812bc0 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 15 May 2023 11:53:58 +0100 Subject: [PATCH 02/15] Swift: Make the result message consistent as well. --- .../src/queries/Security/CWE-312/CleartextLogging.ql | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/swift/ql/src/queries/Security/CWE-312/CleartextLogging.ql b/swift/ql/src/queries/Security/CWE-312/CleartextLogging.ql index d4314ab1631..764a4af3d94 100644 --- a/swift/ql/src/queries/Security/CWE-312/CleartextLogging.ql +++ b/swift/ql/src/queries/Security/CWE-312/CleartextLogging.ql @@ -18,7 +18,9 @@ import codeql.swift.dataflow.DataFlow import codeql.swift.security.CleartextLoggingQuery import CleartextLoggingFlow::PathGraph -from CleartextLoggingFlow::PathNode src, CleartextLoggingFlow::PathNode sink -where CleartextLoggingFlow::flowPath(src, sink) -select sink.getNode(), src, sink, "This $@ is written to a log file.", src.getNode(), - "potentially sensitive information" +from CleartextLoggingFlow::PathNode source, CleartextLoggingFlow::PathNode sink +where CleartextLoggingFlow::flowPath(source, sink) +select sink, source, sink, + "This operation writes '" + sink.toString() + + "' to a log file. It may contain unencrypted sensitive data from $@.", source, + source.getNode().toString() From 94b4ebe38b0628e957599e7daea8cfea919c0df2 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 16 May 2023 14:16:30 +0100 Subject: [PATCH 03/15] Update swift/ql/src/queries/Security/CWE-312/CleartextLogging.ql Co-authored-by: Mathias Vorreiter Pedersen --- swift/ql/src/queries/Security/CWE-312/CleartextLogging.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/swift/ql/src/queries/Security/CWE-312/CleartextLogging.ql b/swift/ql/src/queries/Security/CWE-312/CleartextLogging.ql index 764a4af3d94..69601b3d931 100644 --- a/swift/ql/src/queries/Security/CWE-312/CleartextLogging.ql +++ b/swift/ql/src/queries/Security/CWE-312/CleartextLogging.ql @@ -20,7 +20,7 @@ import CleartextLoggingFlow::PathGraph from CleartextLoggingFlow::PathNode source, CleartextLoggingFlow::PathNode sink where CleartextLoggingFlow::flowPath(source, sink) -select sink, source, sink, +select sink.getNode(), source, sink, "This operation writes '" + sink.toString() + "' to a log file. It may contain unencrypted sensitive data from $@.", source, source.getNode().toString() From 66b13e2294bb5baea9ec3d7d58aded8a1e4135ec Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 17 May 2023 17:08:14 +0100 Subject: [PATCH 04/15] Swift: Add a test of enum decls. --- .../elements/decl/enumdecl/enumdecl.expected | 27 +++++++++++++++++++ .../elements/decl/enumdecl/enumdecl.ql | 25 +++++++++++++++++ .../elements/decl/enumdecl/enumdecl.swift | 20 ++++++++++++++ 3 files changed, 72 insertions(+) create mode 100644 swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.expected create mode 100644 swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.ql create mode 100644 swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.swift diff --git a/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.expected b/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.expected new file mode 100644 index 00000000000..0f20f1f20f4 --- /dev/null +++ b/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.expected @@ -0,0 +1,27 @@ +| enumdecl.swift:2:1:6:1 | MyColours | (EnumDecl), .getMember(0) = case ..., .getMember(1) = red, .getMember(10) = hashValue, .getMember(2) = case ..., .getMember(3) = green, .getMember(4) = yellow, .getMember(5) = case ..., .getMember(6) = blue, .getMember(7) = __derived_enum_equals(_:_:), .getMember(8) = var ... = ..., .getMember(9) = hash(into:), .getType = MyColours | +| enumdecl.swift:3:2:3:7 | case ... | (EnumCaseDecl), .getDeclaringDecl = MyColours, .getElement(0) = red | +| enumdecl.swift:3:7:3:7 | red | (EnumElementDecl), .getDeclaringDecl = MyColours | +| enumdecl.swift:4:2:4:14 | case ... | (EnumCaseDecl), .getDeclaringDecl = MyColours, .getElement(0) = green, .getElement(1) = yellow | +| enumdecl.swift:4:7:4:7 | green | (EnumElementDecl), .getDeclaringDecl = MyColours | +| enumdecl.swift:4:14:4:14 | yellow | (EnumElementDecl), .getDeclaringDecl = MyColours | +| enumdecl.swift:5:2:5:7 | case ... | (EnumCaseDecl), .getDeclaringDecl = MyColours, .getElement(0) = blue | +| enumdecl.swift:5:7:5:7 | blue | (EnumElementDecl), .getDeclaringDecl = MyColours | +| enumdecl.swift:8:1:11:1 | MyContainer | (EnumDecl), .getMember(0) = case ..., .getMember(1) = str, .getMember(2) = case ..., .getMember(3) = pair, .getType = MyContainer | +| enumdecl.swift:9:2:9:17 | case ... | (EnumCaseDecl), .getDeclaringDecl = MyContainer, .getElement(0) = str | +| enumdecl.swift:9:7:9:17 | str | (EnumElementDecl), .getDeclaringDecl = MyContainer, .getParam(0) = _ | +| enumdecl.swift:10:2:10:26 | case ... | (EnumCaseDecl), .getDeclaringDecl = MyContainer, .getElement(0) = pair | +| enumdecl.swift:10:7:10:26 | pair | (EnumElementDecl), .getDeclaringDecl = MyContainer, .getParam(0) = x, .getParam(1) = y | +| enumdecl.swift:13:1:16:1 | MyNumbers | (EnumDecl), .getMember(0) = case ..., .getMember(1) = one, .getMember(2) = two, .getMember(3) = case ..., .getMember(4) = three, .getMember(5) = four, .getMember(6) = MyNumbers.init(rawValue:), .getMember(7) = var ... = ..., .getMember(8) = RawValue, .getMember(9) = rawValue, .getType = MyNumbers | +| enumdecl.swift:14:2:14:16 | case ... | (EnumCaseDecl), .getDeclaringDecl = MyNumbers, .getElement(0) = one, .getElement(1) = two | +| enumdecl.swift:14:7:14:13 | one | (EnumElementDecl), .getDeclaringDecl = MyNumbers | +| enumdecl.swift:14:16:14:16 | two | (EnumElementDecl), .getDeclaringDecl = MyNumbers | +| enumdecl.swift:15:2:15:14 | case ... | (EnumCaseDecl), .getDeclaringDecl = MyNumbers, .getElement(0) = three, .getElement(1) = four | +| enumdecl.swift:15:7:15:7 | three | (EnumElementDecl), .getDeclaringDecl = MyNumbers | +| enumdecl.swift:15:14:15:14 | four | (EnumElementDecl), .getDeclaringDecl = MyNumbers | +| enumdecl.swift:18:1:20:1 | MyGreek | (EnumDecl), .getMember(0) = case ..., .getMember(1) = alpha, .getMember(2) = beta, .getMember(3) = gamma, .getMember(4) = delta, .getMember(5) = epsilon, .getMember(6) = __derived_enum_equals(_:_:), .getMember(7) = var ... = ..., .getMember(8) = hash(into:), .getMember(9) = hashValue, .getType = MyGreek | +| enumdecl.swift:19:2:19:34 | case ... | (EnumCaseDecl), .getDeclaringDecl = MyGreek, .getElement(0) = alpha, .getElement(1) = beta, .getElement(2) = gamma, .getElement(3) = delta, .getElement(4) = epsilon | +| enumdecl.swift:19:7:19:7 | alpha | (EnumElementDecl), .getDeclaringDecl = MyGreek | +| enumdecl.swift:19:14:19:14 | beta | (EnumElementDecl), .getDeclaringDecl = MyGreek | +| enumdecl.swift:19:20:19:20 | gamma | (EnumElementDecl), .getDeclaringDecl = MyGreek | +| enumdecl.swift:19:27:19:27 | delta | (EnumElementDecl), .getDeclaringDecl = MyGreek | +| enumdecl.swift:19:34:19:34 | epsilon | (EnumElementDecl), .getDeclaringDecl = MyGreek | diff --git a/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.ql b/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.ql new file mode 100644 index 00000000000..18d07936f21 --- /dev/null +++ b/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.ql @@ -0,0 +1,25 @@ +import swift + +string describe(Decl d) { + (d instanceof EnumDecl and result = "(EnumDecl)") + or + (d instanceof EnumCaseDecl and result = "(EnumCaseDecl)") + or + (d instanceof EnumElementDecl and result = "(EnumElementDecl)") + or + result = ".getType = " + d.(EnumDecl).getType().toString() + or + result = ".getDeclaringDecl = " + d.getDeclaringDecl().toString() + or + exists(int i | + result = ".getMember(" + i.toString() + ") = " + d.getMember(i).toString() + or + result = ".getElement(" + i.toString() + ") = " + d.(EnumCaseDecl).getElement(i).toString() + or + result = ".getParam(" + i.toString() + ") = " + d.(EnumElementDecl).getParam(i).toString() + ) +} + +from Decl d +where d.getLocation().getFile().getName() != "" +select d, strictconcat(describe(d), ", ") diff --git a/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.swift b/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.swift new file mode 100644 index 00000000000..7a8b06b7d94 --- /dev/null +++ b/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.swift @@ -0,0 +1,20 @@ + +enum MyColours { + case red + case green, yellow + case blue +} + +enum MyContainer { + case str(String) + case pair(x: Int, y: Int) +} + +enum MyNumbers: Int { + case one = 1, two + case three, four +} + +enum MyGreek { + case alpha, beta, gamma, delta, epsilon +} From 95caaecd7158064f114dd8c0ce4e55b1a2775ab7 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 17 May 2023 18:40:01 +0100 Subject: [PATCH 05/15] Swift: Add EnumDecl.getEnumElement(_). --- .../codeql/swift/elements/decl/EnumDecl.qll | 51 ++++++++++++++++++- .../elements/decl/enumdecl/enumdecl.expected | 8 +-- .../elements/decl/enumdecl/enumdecl.ql | 2 + 3 files changed, 55 insertions(+), 6 deletions(-) diff --git a/swift/ql/lib/codeql/swift/elements/decl/EnumDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/EnumDecl.qll index f7c42dc9a2f..b1100cc9abe 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/EnumDecl.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/EnumDecl.qll @@ -1,4 +1,51 @@ -// generated by codegen/codegen.py, remove this comment if you wish to edit this file private import codeql.swift.generated.decl.EnumDecl +private import codeql.swift.elements.decl.EnumCaseDecl +private import codeql.swift.elements.decl.EnumElementDecl +private import codeql.swift.elements.decl.Decl -class EnumDecl extends Generated::EnumDecl { } +/** + * An enumeration declaration, for example: + * ``` + * enum MyColours { + * case red + * case green + * case blue + * } + * ``` + */ +class EnumDecl extends Generated::EnumDecl { + /** + * Gets the number of `EnumElementDecl`s in this enumeration before the `index`th member. Some + * of the members of an `EnumDecl` are `EnumCaseDecls` (representing the `case` lines), each of + * which holds one or more `EnumElementDecl`s. + */ + private int countEnumElementsTo(int memberIndex) { + memberIndex = 0 and result = 0 + or + exists(Decl prev | prev = this.getMember(memberIndex - 1) | + result = this.countEnumElementsTo(memberIndex - 1) + prev.(EnumCaseDecl).getNumberOfElements() + or + not prev instanceof EnumCaseDecl and + result = this.countEnumElementsTo(memberIndex - 1) + ) + } + + /** + * Gets the `index`th enumeration element of this enumeration (0-based). + */ + final EnumElementDecl getEnumElement(int index) { + exists(int memberIndex | + result = + this.getMember(memberIndex) + .(EnumCaseDecl) + .getElement(index - this.countEnumElementsTo(memberIndex)) + ) + } + + /** + * Gets an enumeration element of this enumeration. + */ + final EnumElementDecl getAnEnumElement() { + result = this.getMember(_).(EnumCaseDecl).getElement(_) + } +} diff --git a/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.expected b/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.expected index 0f20f1f20f4..0494f6a9da8 100644 --- a/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.expected +++ b/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.expected @@ -1,4 +1,4 @@ -| enumdecl.swift:2:1:6:1 | MyColours | (EnumDecl), .getMember(0) = case ..., .getMember(1) = red, .getMember(10) = hashValue, .getMember(2) = case ..., .getMember(3) = green, .getMember(4) = yellow, .getMember(5) = case ..., .getMember(6) = blue, .getMember(7) = __derived_enum_equals(_:_:), .getMember(8) = var ... = ..., .getMember(9) = hash(into:), .getType = MyColours | +| enumdecl.swift:2:1:6:1 | MyColours | (EnumDecl), .getEnumElement(0) = red, .getEnumElement(1) = green, .getEnumElement(2) = yellow, .getEnumElement(3) = blue, .getMember(0) = case ..., .getMember(1) = red, .getMember(10) = hashValue, .getMember(2) = case ..., .getMember(3) = green, .getMember(4) = yellow, .getMember(5) = case ..., .getMember(6) = blue, .getMember(7) = __derived_enum_equals(_:_:), .getMember(8) = var ... = ..., .getMember(9) = hash(into:), .getType = MyColours | | enumdecl.swift:3:2:3:7 | case ... | (EnumCaseDecl), .getDeclaringDecl = MyColours, .getElement(0) = red | | enumdecl.swift:3:7:3:7 | red | (EnumElementDecl), .getDeclaringDecl = MyColours | | enumdecl.swift:4:2:4:14 | case ... | (EnumCaseDecl), .getDeclaringDecl = MyColours, .getElement(0) = green, .getElement(1) = yellow | @@ -6,19 +6,19 @@ | enumdecl.swift:4:14:4:14 | yellow | (EnumElementDecl), .getDeclaringDecl = MyColours | | enumdecl.swift:5:2:5:7 | case ... | (EnumCaseDecl), .getDeclaringDecl = MyColours, .getElement(0) = blue | | enumdecl.swift:5:7:5:7 | blue | (EnumElementDecl), .getDeclaringDecl = MyColours | -| enumdecl.swift:8:1:11:1 | MyContainer | (EnumDecl), .getMember(0) = case ..., .getMember(1) = str, .getMember(2) = case ..., .getMember(3) = pair, .getType = MyContainer | +| enumdecl.swift:8:1:11:1 | MyContainer | (EnumDecl), .getEnumElement(0) = str, .getEnumElement(1) = pair, .getMember(0) = case ..., .getMember(1) = str, .getMember(2) = case ..., .getMember(3) = pair, .getType = MyContainer | | enumdecl.swift:9:2:9:17 | case ... | (EnumCaseDecl), .getDeclaringDecl = MyContainer, .getElement(0) = str | | enumdecl.swift:9:7:9:17 | str | (EnumElementDecl), .getDeclaringDecl = MyContainer, .getParam(0) = _ | | enumdecl.swift:10:2:10:26 | case ... | (EnumCaseDecl), .getDeclaringDecl = MyContainer, .getElement(0) = pair | | enumdecl.swift:10:7:10:26 | pair | (EnumElementDecl), .getDeclaringDecl = MyContainer, .getParam(0) = x, .getParam(1) = y | -| enumdecl.swift:13:1:16:1 | MyNumbers | (EnumDecl), .getMember(0) = case ..., .getMember(1) = one, .getMember(2) = two, .getMember(3) = case ..., .getMember(4) = three, .getMember(5) = four, .getMember(6) = MyNumbers.init(rawValue:), .getMember(7) = var ... = ..., .getMember(8) = RawValue, .getMember(9) = rawValue, .getType = MyNumbers | +| enumdecl.swift:13:1:16:1 | MyNumbers | (EnumDecl), .getEnumElement(0) = one, .getEnumElement(1) = two, .getEnumElement(2) = three, .getEnumElement(3) = four, .getMember(0) = case ..., .getMember(1) = one, .getMember(2) = two, .getMember(3) = case ..., .getMember(4) = three, .getMember(5) = four, .getMember(6) = MyNumbers.init(rawValue:), .getMember(7) = var ... = ..., .getMember(8) = RawValue, .getMember(9) = rawValue, .getType = MyNumbers | | enumdecl.swift:14:2:14:16 | case ... | (EnumCaseDecl), .getDeclaringDecl = MyNumbers, .getElement(0) = one, .getElement(1) = two | | enumdecl.swift:14:7:14:13 | one | (EnumElementDecl), .getDeclaringDecl = MyNumbers | | enumdecl.swift:14:16:14:16 | two | (EnumElementDecl), .getDeclaringDecl = MyNumbers | | enumdecl.swift:15:2:15:14 | case ... | (EnumCaseDecl), .getDeclaringDecl = MyNumbers, .getElement(0) = three, .getElement(1) = four | | enumdecl.swift:15:7:15:7 | three | (EnumElementDecl), .getDeclaringDecl = MyNumbers | | enumdecl.swift:15:14:15:14 | four | (EnumElementDecl), .getDeclaringDecl = MyNumbers | -| enumdecl.swift:18:1:20:1 | MyGreek | (EnumDecl), .getMember(0) = case ..., .getMember(1) = alpha, .getMember(2) = beta, .getMember(3) = gamma, .getMember(4) = delta, .getMember(5) = epsilon, .getMember(6) = __derived_enum_equals(_:_:), .getMember(7) = var ... = ..., .getMember(8) = hash(into:), .getMember(9) = hashValue, .getType = MyGreek | +| enumdecl.swift:18:1:20:1 | MyGreek | (EnumDecl), .getEnumElement(0) = alpha, .getEnumElement(1) = beta, .getEnumElement(2) = gamma, .getEnumElement(3) = delta, .getEnumElement(4) = epsilon, .getMember(0) = case ..., .getMember(1) = alpha, .getMember(2) = beta, .getMember(3) = gamma, .getMember(4) = delta, .getMember(5) = epsilon, .getMember(6) = __derived_enum_equals(_:_:), .getMember(7) = var ... = ..., .getMember(8) = hash(into:), .getMember(9) = hashValue, .getType = MyGreek | | enumdecl.swift:19:2:19:34 | case ... | (EnumCaseDecl), .getDeclaringDecl = MyGreek, .getElement(0) = alpha, .getElement(1) = beta, .getElement(2) = gamma, .getElement(3) = delta, .getElement(4) = epsilon | | enumdecl.swift:19:7:19:7 | alpha | (EnumElementDecl), .getDeclaringDecl = MyGreek | | enumdecl.swift:19:14:19:14 | beta | (EnumElementDecl), .getDeclaringDecl = MyGreek | diff --git a/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.ql b/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.ql index 18d07936f21..a8e9b2e1f9f 100644 --- a/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.ql +++ b/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.ql @@ -17,6 +17,8 @@ string describe(Decl d) { result = ".getElement(" + i.toString() + ") = " + d.(EnumCaseDecl).getElement(i).toString() or result = ".getParam(" + i.toString() + ") = " + d.(EnumElementDecl).getParam(i).toString() + or + result = ".getEnumElement(" + i.toString() + ") = " + d.(EnumDecl).getEnumElement(i).toString() ) } From 6c35bbf5c2c3f0145603b7c6514e19c733d37b2e Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 17 May 2023 18:45:19 +0100 Subject: [PATCH 06/15] Swift: Simplify / focus the test. --- .../elements/decl/enumdecl/enumdecl.expected | 8 ++++---- .../test/library-tests/elements/decl/enumdecl/enumdecl.ql | 2 -- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.expected b/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.expected index 0494f6a9da8..5e0222c484c 100644 --- a/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.expected +++ b/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.expected @@ -1,4 +1,4 @@ -| enumdecl.swift:2:1:6:1 | MyColours | (EnumDecl), .getEnumElement(0) = red, .getEnumElement(1) = green, .getEnumElement(2) = yellow, .getEnumElement(3) = blue, .getMember(0) = case ..., .getMember(1) = red, .getMember(10) = hashValue, .getMember(2) = case ..., .getMember(3) = green, .getMember(4) = yellow, .getMember(5) = case ..., .getMember(6) = blue, .getMember(7) = __derived_enum_equals(_:_:), .getMember(8) = var ... = ..., .getMember(9) = hash(into:), .getType = MyColours | +| enumdecl.swift:2:1:6:1 | MyColours | (EnumDecl), .getEnumElement(0) = red, .getEnumElement(1) = green, .getEnumElement(2) = yellow, .getEnumElement(3) = blue, .getType = MyColours | | enumdecl.swift:3:2:3:7 | case ... | (EnumCaseDecl), .getDeclaringDecl = MyColours, .getElement(0) = red | | enumdecl.swift:3:7:3:7 | red | (EnumElementDecl), .getDeclaringDecl = MyColours | | enumdecl.swift:4:2:4:14 | case ... | (EnumCaseDecl), .getDeclaringDecl = MyColours, .getElement(0) = green, .getElement(1) = yellow | @@ -6,19 +6,19 @@ | enumdecl.swift:4:14:4:14 | yellow | (EnumElementDecl), .getDeclaringDecl = MyColours | | enumdecl.swift:5:2:5:7 | case ... | (EnumCaseDecl), .getDeclaringDecl = MyColours, .getElement(0) = blue | | enumdecl.swift:5:7:5:7 | blue | (EnumElementDecl), .getDeclaringDecl = MyColours | -| enumdecl.swift:8:1:11:1 | MyContainer | (EnumDecl), .getEnumElement(0) = str, .getEnumElement(1) = pair, .getMember(0) = case ..., .getMember(1) = str, .getMember(2) = case ..., .getMember(3) = pair, .getType = MyContainer | +| enumdecl.swift:8:1:11:1 | MyContainer | (EnumDecl), .getEnumElement(0) = str, .getEnumElement(1) = pair, .getType = MyContainer | | enumdecl.swift:9:2:9:17 | case ... | (EnumCaseDecl), .getDeclaringDecl = MyContainer, .getElement(0) = str | | enumdecl.swift:9:7:9:17 | str | (EnumElementDecl), .getDeclaringDecl = MyContainer, .getParam(0) = _ | | enumdecl.swift:10:2:10:26 | case ... | (EnumCaseDecl), .getDeclaringDecl = MyContainer, .getElement(0) = pair | | enumdecl.swift:10:7:10:26 | pair | (EnumElementDecl), .getDeclaringDecl = MyContainer, .getParam(0) = x, .getParam(1) = y | -| enumdecl.swift:13:1:16:1 | MyNumbers | (EnumDecl), .getEnumElement(0) = one, .getEnumElement(1) = two, .getEnumElement(2) = three, .getEnumElement(3) = four, .getMember(0) = case ..., .getMember(1) = one, .getMember(2) = two, .getMember(3) = case ..., .getMember(4) = three, .getMember(5) = four, .getMember(6) = MyNumbers.init(rawValue:), .getMember(7) = var ... = ..., .getMember(8) = RawValue, .getMember(9) = rawValue, .getType = MyNumbers | +| enumdecl.swift:13:1:16:1 | MyNumbers | (EnumDecl), .getEnumElement(0) = one, .getEnumElement(1) = two, .getEnumElement(2) = three, .getEnumElement(3) = four, .getType = MyNumbers | | enumdecl.swift:14:2:14:16 | case ... | (EnumCaseDecl), .getDeclaringDecl = MyNumbers, .getElement(0) = one, .getElement(1) = two | | enumdecl.swift:14:7:14:13 | one | (EnumElementDecl), .getDeclaringDecl = MyNumbers | | enumdecl.swift:14:16:14:16 | two | (EnumElementDecl), .getDeclaringDecl = MyNumbers | | enumdecl.swift:15:2:15:14 | case ... | (EnumCaseDecl), .getDeclaringDecl = MyNumbers, .getElement(0) = three, .getElement(1) = four | | enumdecl.swift:15:7:15:7 | three | (EnumElementDecl), .getDeclaringDecl = MyNumbers | | enumdecl.swift:15:14:15:14 | four | (EnumElementDecl), .getDeclaringDecl = MyNumbers | -| enumdecl.swift:18:1:20:1 | MyGreek | (EnumDecl), .getEnumElement(0) = alpha, .getEnumElement(1) = beta, .getEnumElement(2) = gamma, .getEnumElement(3) = delta, .getEnumElement(4) = epsilon, .getMember(0) = case ..., .getMember(1) = alpha, .getMember(2) = beta, .getMember(3) = gamma, .getMember(4) = delta, .getMember(5) = epsilon, .getMember(6) = __derived_enum_equals(_:_:), .getMember(7) = var ... = ..., .getMember(8) = hash(into:), .getMember(9) = hashValue, .getType = MyGreek | +| enumdecl.swift:18:1:20:1 | MyGreek | (EnumDecl), .getEnumElement(0) = alpha, .getEnumElement(1) = beta, .getEnumElement(2) = gamma, .getEnumElement(3) = delta, .getEnumElement(4) = epsilon, .getType = MyGreek | | enumdecl.swift:19:2:19:34 | case ... | (EnumCaseDecl), .getDeclaringDecl = MyGreek, .getElement(0) = alpha, .getElement(1) = beta, .getElement(2) = gamma, .getElement(3) = delta, .getElement(4) = epsilon | | enumdecl.swift:19:7:19:7 | alpha | (EnumElementDecl), .getDeclaringDecl = MyGreek | | enumdecl.swift:19:14:19:14 | beta | (EnumElementDecl), .getDeclaringDecl = MyGreek | diff --git a/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.ql b/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.ql index a8e9b2e1f9f..e2756b77a49 100644 --- a/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.ql +++ b/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.ql @@ -12,8 +12,6 @@ string describe(Decl d) { result = ".getDeclaringDecl = " + d.getDeclaringDecl().toString() or exists(int i | - result = ".getMember(" + i.toString() + ") = " + d.getMember(i).toString() - or result = ".getElement(" + i.toString() + ") = " + d.(EnumCaseDecl).getElement(i).toString() or result = ".getParam(" + i.toString() + ") = " + d.(EnumElementDecl).getParam(i).toString() From 3539e55bb2651a7b9b8b4b87d7e5059e843a191d Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 17 May 2023 19:21:41 +0100 Subject: [PATCH 07/15] Swift: Autoformat. --- .../test/library-tests/elements/decl/enumdecl/enumdecl.ql | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.ql b/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.ql index e2756b77a49..dba88e6009d 100644 --- a/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.ql +++ b/swift/ql/test/library-tests/elements/decl/enumdecl/enumdecl.ql @@ -1,11 +1,11 @@ import swift string describe(Decl d) { - (d instanceof EnumDecl and result = "(EnumDecl)") + d instanceof EnumDecl and result = "(EnumDecl)" or - (d instanceof EnumCaseDecl and result = "(EnumCaseDecl)") + d instanceof EnumCaseDecl and result = "(EnumCaseDecl)" or - (d instanceof EnumElementDecl and result = "(EnumElementDecl)") + d instanceof EnumElementDecl and result = "(EnumElementDecl)" or result = ".getType = " + d.(EnumDecl).getType().toString() or From f0ce5b09c6b9e9d345d94376ff174502166ce90d Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 18 May 2023 09:39:42 +0100 Subject: [PATCH 08/15] Swift: Address QL-for-QL warning. --- swift/ql/lib/codeql/swift/elements/decl/EnumDecl.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/swift/ql/lib/codeql/swift/elements/decl/EnumDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/EnumDecl.qll index b1100cc9abe..6fb24f21ea0 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/EnumDecl.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/EnumDecl.qll @@ -15,7 +15,7 @@ private import codeql.swift.elements.decl.Decl */ class EnumDecl extends Generated::EnumDecl { /** - * Gets the number of `EnumElementDecl`s in this enumeration before the `index`th member. Some + * Gets the number of `EnumElementDecl`s in this enumeration before the `memberIndex`th member. Some * of the members of an `EnumDecl` are `EnumCaseDecls` (representing the `case` lines), each of * which holds one or more `EnumElementDecl`s. */ From d26a86185faec1057eca98940bc81e719715518f Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 18 May 2023 09:42:32 +0100 Subject: [PATCH 09/15] Swift: Codegen. --- swift/ql/.generated.list | 1 - swift/ql/.gitattributes | 1 - 2 files changed, 2 deletions(-) diff --git a/swift/ql/.generated.list b/swift/ql/.generated.list index 2a56c1ba2ae..c3c0bfb69ec 100644 --- a/swift/ql/.generated.list +++ b/swift/ql/.generated.list @@ -24,7 +24,6 @@ lib/codeql/swift/elements/decl/ConcreteVarDecl.qll 94bcbdd91f461295c5b6b49fa597b lib/codeql/swift/elements/decl/ConcreteVarDeclConstructor.qll 4b6a9f458db5437f9351b14464b3809a78194029554ea818b3e18272c17afba3 a60d695b0d0ffa917ad01908bec2beaa663e644eddb00fb370fbc906623775d4 lib/codeql/swift/elements/decl/DeinitializerConstructor.qll 85f29a68ee5c0f2606c51e7a859f5f45fbc5f373e11b5e9c0762c9ba5cff51c4 6b28f69b8125d0393607dbad8e7a8aaa6469b9c671f67e8e825cc63964ed2f5d lib/codeql/swift/elements/decl/EnumCaseDeclConstructor.qll 8c907544170671f713a8665d294eeefdbe78a607c2f16e2c630ea9c33f484baf eec83efc930683628185dbdad8f73311aad510074d168a53d85ea09d13f1f7e1 -lib/codeql/swift/elements/decl/EnumDecl.qll 29f9d8cbfb19c174af9a666162fd918af7f962fa5d97756105e78d5eec38cb9e 779940ebdbd510eb651972c57eb84b04af39c44ef59a8c307a44549ab730febb lib/codeql/swift/elements/decl/EnumDeclConstructor.qll 642bbfb71e917d84695622f3b2c7b36bf5be4e185358609810267ab1fc4e221b f6e06d79e7ff65fbabf72c553508b67406fb59c577215d28cc47971d34b6af05 lib/codeql/swift/elements/decl/EnumElementDeclConstructor.qll 736074246a795c14a30a8ec7bb8da595a729983187887294e485487309919dc6 4614fb380fad7af1b5fb8afce920f3e7350378254ece60d19722046046672fbb lib/codeql/swift/elements/decl/ExtensionDeclConstructor.qll 4f811e3332720327d2b9019edbb2fa70fb24322e72881afc040e7927452409d6 554f9832311dfc30762507e0bd4b25c5b6fdb9d0c4e8252cc5a1ef1033fafacb diff --git a/swift/ql/.gitattributes b/swift/ql/.gitattributes index 71cc5c58ecf..a1bd08a0b69 100644 --- a/swift/ql/.gitattributes +++ b/swift/ql/.gitattributes @@ -26,7 +26,6 @@ /lib/codeql/swift/elements/decl/ConcreteVarDeclConstructor.qll linguist-generated /lib/codeql/swift/elements/decl/DeinitializerConstructor.qll linguist-generated /lib/codeql/swift/elements/decl/EnumCaseDeclConstructor.qll linguist-generated -/lib/codeql/swift/elements/decl/EnumDecl.qll linguist-generated /lib/codeql/swift/elements/decl/EnumDeclConstructor.qll linguist-generated /lib/codeql/swift/elements/decl/EnumElementDeclConstructor.qll linguist-generated /lib/codeql/swift/elements/decl/ExtensionDeclConstructor.qll linguist-generated From 5ffde7a7628cc8793ce279f3e64fcabeb40cb234 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 19 May 2023 14:55:39 +0100 Subject: [PATCH 10/15] Update swift/ql/lib/codeql/swift/elements/decl/EnumDecl.qll Co-authored-by: Mathias Vorreiter Pedersen --- .../codeql/swift/elements/decl/EnumDecl.qll | 29 +++++-------------- 1 file changed, 7 insertions(+), 22 deletions(-) diff --git a/swift/ql/lib/codeql/swift/elements/decl/EnumDecl.qll b/swift/ql/lib/codeql/swift/elements/decl/EnumDecl.qll index 6fb24f21ea0..91f597c8d38 100644 --- a/swift/ql/lib/codeql/swift/elements/decl/EnumDecl.qll +++ b/swift/ql/lib/codeql/swift/elements/decl/EnumDecl.qll @@ -14,32 +14,17 @@ private import codeql.swift.elements.decl.Decl * ``` */ class EnumDecl extends Generated::EnumDecl { - /** - * Gets the number of `EnumElementDecl`s in this enumeration before the `memberIndex`th member. Some - * of the members of an `EnumDecl` are `EnumCaseDecls` (representing the `case` lines), each of - * which holds one or more `EnumElementDecl`s. - */ - private int countEnumElementsTo(int memberIndex) { - memberIndex = 0 and result = 0 - or - exists(Decl prev | prev = this.getMember(memberIndex - 1) | - result = this.countEnumElementsTo(memberIndex - 1) + prev.(EnumCaseDecl).getNumberOfElements() - or - not prev instanceof EnumCaseDecl and - result = this.countEnumElementsTo(memberIndex - 1) - ) - } - /** * Gets the `index`th enumeration element of this enumeration (0-based). */ final EnumElementDecl getEnumElement(int index) { - exists(int memberIndex | - result = - this.getMember(memberIndex) - .(EnumCaseDecl) - .getElement(index - this.countEnumElementsTo(memberIndex)) - ) + result = + rank[index + 1](int memberIndex, Decl d | + d = this.getMember(memberIndex) and + d instanceof EnumElementDecl + | + d order by memberIndex + ) } /** From 881134a6f5776a7ef13017f52e8fc6ed7160e51b Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 19 May 2023 15:29:49 +0100 Subject: [PATCH 11/15] Swift: Add warning note to Decl.getMember. --- swift/ql/.generated.list | 4 ++-- swift/ql/lib/codeql/swift/generated/Raw.qll | 4 ++++ swift/ql/lib/codeql/swift/generated/decl/Decl.qll | 4 ++++ swift/schema.py | 6 +++++- 4 files changed, 15 insertions(+), 3 deletions(-) diff --git a/swift/ql/.generated.list b/swift/ql/.generated.list index c3c0bfb69ec..dcc8cd2a698 100644 --- a/swift/ql/.generated.list +++ b/swift/ql/.generated.list @@ -383,7 +383,7 @@ lib/codeql/swift/generated/OtherAvailabilitySpec.qll 0e26a203b26ff0581b7396b0c6d lib/codeql/swift/generated/ParentChild.qll 7db14da89a0dc22ab41e654750f59d03085de8726ac358c458fccb0e0b75e193 e16991b33eb0ddea18c0699d7ea31710460ff8ada1f51d8e94f1100f6e18d1c8 lib/codeql/swift/generated/PlatformVersionAvailabilitySpec.qll f82d9ca416fe8bd59b5531b65b1c74c9f317b3297a6101544a11339a1cffce38 7f5c6d3309e66c134107afe55bae76dfc9a72cb7cdd6d4c3706b6b34cee09fa0 lib/codeql/swift/generated/PureSynthConstructors.qll 173c0dd59396a1de26fe870e3bc2766c46de689da2a4d8807cb62023bbce1a98 173c0dd59396a1de26fe870e3bc2766c46de689da2a4d8807cb62023bbce1a98 -lib/codeql/swift/generated/Raw.qll 8d4880e5ee1fdd120adeb7bf0dfa1399e7b1a53b2cc7598aed8e15cbf996d1c0 da0d446347d29f5cd05281c17c24e87610f31c32adb7e05ab8f3a26bed55bd90 +lib/codeql/swift/generated/Raw.qll cc504ec0771dbb461367944a5c95186047bad59a087a9bda74ef346c7b89b0d3 0b5973d56edd8099b645ea1f7be2a4934e62d5fa165261c63299ac2cf634437d lib/codeql/swift/generated/Synth.qll 551fdf7e4b53f9ee1314d1bb42c2638cf82f45bfa1f40a635dfa7b6072e4418c 9ab178464700a19951fc5285acacda4913addee81515d8e072b3d7055935a814 lib/codeql/swift/generated/SynthConstructors.qll 2f801bd8b0db829b0253cd459ed3253c1fdfc55dce68ebc53e7fec138ef0aca4 2f801bd8b0db829b0253cd459ed3253c1fdfc55dce68ebc53e7fec138ef0aca4 lib/codeql/swift/generated/UnknownFile.qll 0fcf9beb8de79440bcdfff4bb6ab3dd139bd273e6c32754e05e6a632651e85f6 0fcf9beb8de79440bcdfff4bb6ab3dd139bd273e6c32754e05e6a632651e85f6 @@ -397,7 +397,7 @@ lib/codeql/swift/generated/decl/AssociatedTypeDecl.qll 4169d083104f9c089223ed3c5 lib/codeql/swift/generated/decl/CapturedDecl.qll cbc416f48471f978d21f5f9ec02eb912692f9678ed154cb0b6d30df9de48e628 d9534cdf290ad48e285d27a520c0b1692afed14bbdd907430bcd46e7de2fbb31 lib/codeql/swift/generated/decl/ClassDecl.qll a60e8af2fdbcd20cfa2049660c8bcbbc00508fbd3dde72b4778317dfc23c5ae4 a60e8af2fdbcd20cfa2049660c8bcbbc00508fbd3dde72b4778317dfc23c5ae4 lib/codeql/swift/generated/decl/ConcreteVarDecl.qll 4801ccc477480c4bc4fc117976fbab152e081064e064c97fbb0f37199cb1d0a8 4d7cfbf5b39b307dd673781adc220fdef04213f2e3d080004fa658ba6d3acb8d -lib/codeql/swift/generated/decl/Decl.qll 2cc8ad7e3a3b658d7b1b06d20bdaf7604de387045c33b0d64191b5ef998708c2 7ed3194e89f7ae37cf9c691e4666449e4f406f6c3ee6d35bbbda4e66cdd3ca5a +lib/codeql/swift/generated/decl/Decl.qll 4bb00d3c64f88f3c8e1bdc7aa9de93d2bef6477adf756d6f7e3897d2c5685726 36d805a6f2b0c2dd8bdfbd10de6978bd9344a025e71c938e58d0c3c0f9672247 lib/codeql/swift/generated/decl/Deinitializer.qll 816ecd92552915d06952517606a6e4c67bc53d7e7d9f5c09b7276e70612627fe 816ecd92552915d06952517606a6e4c67bc53d7e7d9f5c09b7276e70612627fe lib/codeql/swift/generated/decl/EnumCaseDecl.qll 7942eb77f91680c3553becb313f21723e0b437eadebc117f0690e5364705bef1 40eec2e74c514cecdfcdf6d7d5c8a033c717f69a38cfca834934fe3859c4e1ef lib/codeql/swift/generated/decl/EnumDecl.qll fa4490d511ee537751a4fab2478e65250ff3deba43c74db5341184c9ba25b534 fa4490d511ee537751a4fab2478e65250ff3deba43c74db5341184c9ba25b534 diff --git a/swift/ql/lib/codeql/swift/generated/Raw.qll b/swift/ql/lib/codeql/swift/generated/Raw.qll index dc5ddeed979..8989bc83905 100644 --- a/swift/ql/lib/codeql/swift/generated/Raw.qll +++ b/swift/ql/lib/codeql/swift/generated/Raw.qll @@ -310,6 +310,10 @@ module Raw { /** * Gets the `index`th member of this declaration (0-based). + * + * Prefer to use more specific methods (such as `EnumDecl.getEnumElement`) rather than relying + * on the order of members given by `getMember`. In some cases the order of members may not + * align with expectations, and could change in future releases. */ Decl getMember(int index) { decl_members(this, index, result) } } diff --git a/swift/ql/lib/codeql/swift/generated/decl/Decl.qll b/swift/ql/lib/codeql/swift/generated/decl/Decl.qll index 673de2cffee..136d28ea852 100644 --- a/swift/ql/lib/codeql/swift/generated/decl/Decl.qll +++ b/swift/ql/lib/codeql/swift/generated/decl/Decl.qll @@ -34,6 +34,10 @@ module Generated { /** * Gets the `index`th member of this declaration (0-based). + * + * Prefer to use more specific methods (such as `EnumDecl.getEnumElement`) rather than relying + * on the order of members given by `getMember`. In some cases the order of members may not + * align with expectations, and could change in future releases. */ final Decl getMember(int index) { result = this.getImmediateMember(index).resolve() } diff --git a/swift/schema.py b/swift/schema.py index 8fc0941e171..ccb538769af 100644 --- a/swift/schema.py +++ b/swift/schema.py @@ -80,7 +80,11 @@ class Type(Element): @group("decl") class Decl(AstNode): module: "ModuleDecl" - members: list["Decl"] | child + members: list["Decl"] | child | desc(""" + Prefer to use more specific methods (such as `EnumDecl.getEnumElement`) rather than relying + on the order of members given by `getMember`. In some cases the order of members may not + align with expectations, and could change in future releases. + """) @group("expr") class Expr(AstNode): From 3bcaff605914083b4f1f8cc550a41c025b3b61e1 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 22 May 2023 16:37:03 +0100 Subject: [PATCH 12/15] Swift: re-run codegen. --- swift/ql/.generated.list | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/swift/ql/.generated.list b/swift/ql/.generated.list index a28e6ba533b..e8993c8570d 100644 --- a/swift/ql/.generated.list +++ b/swift/ql/.generated.list @@ -24,7 +24,6 @@ lib/codeql/swift/elements/decl/ConcreteVarDecl.qll 94bcbdd91f461295c5b6b49fa597b lib/codeql/swift/elements/decl/ConcreteVarDeclConstructor.qll 4b6a9f458db5437f9351b14464b3809a78194029554ea818b3e18272c17afba3 a60d695b0d0ffa917ad01908bec2beaa663e644eddb00fb370fbc906623775d4 lib/codeql/swift/elements/decl/DeinitializerConstructor.qll 85f29a68ee5c0f2606c51e7a859f5f45fbc5f373e11b5e9c0762c9ba5cff51c4 6b28f69b8125d0393607dbad8e7a8aaa6469b9c671f67e8e825cc63964ed2f5d lib/codeql/swift/elements/decl/EnumCaseDeclConstructor.qll 8c907544170671f713a8665d294eeefdbe78a607c2f16e2c630ea9c33f484baf eec83efc930683628185dbdad8f73311aad510074d168a53d85ea09d13f1f7e1 -lib/codeql/swift/elements/decl/EnumDecl.qll 29f9d8cbfb19c174af9a666162fd918af7f962fa5d97756105e78d5eec38cb9e 779940ebdbd510eb651972c57eb84b04af39c44ef59a8c307a44549ab730febb lib/codeql/swift/elements/decl/EnumDeclConstructor.qll 642bbfb71e917d84695622f3b2c7b36bf5be4e185358609810267ab1fc4e221b f6e06d79e7ff65fbabf72c553508b67406fb59c577215d28cc47971d34b6af05 lib/codeql/swift/elements/decl/EnumElementDeclConstructor.qll 736074246a795c14a30a8ec7bb8da595a729983187887294e485487309919dc6 4614fb380fad7af1b5fb8afce920f3e7350378254ece60d19722046046672fbb lib/codeql/swift/elements/decl/ExtensionDeclConstructor.qll 4f811e3332720327d2b9019edbb2fa70fb24322e72881afc040e7927452409d6 554f9832311dfc30762507e0bd4b25c5b6fdb9d0c4e8252cc5a1ef1033fafacb @@ -384,7 +383,7 @@ lib/codeql/swift/generated/OtherAvailabilitySpec.qll 0e26a203b26ff0581b7396b0c6d lib/codeql/swift/generated/ParentChild.qll f490202e849b9cbd550ee9d758644b85d43e60d81413e6c28df2850fb1e9a2d6 6b95aeab6b53a880b230ad0c96b6deb519a7368898c844632ae96090de59df99 lib/codeql/swift/generated/PlatformVersionAvailabilitySpec.qll f82d9ca416fe8bd59b5531b65b1c74c9f317b3297a6101544a11339a1cffce38 7f5c6d3309e66c134107afe55bae76dfc9a72cb7cdd6d4c3706b6b34cee09fa0 lib/codeql/swift/generated/PureSynthConstructors.qll 173c0dd59396a1de26fe870e3bc2766c46de689da2a4d8807cb62023bbce1a98 173c0dd59396a1de26fe870e3bc2766c46de689da2a4d8807cb62023bbce1a98 -lib/codeql/swift/generated/Raw.qll 8d4880e5ee1fdd120adeb7bf0dfa1399e7b1a53b2cc7598aed8e15cbf996d1c0 da0d446347d29f5cd05281c17c24e87610f31c32adb7e05ab8f3a26bed55bd90 +lib/codeql/swift/generated/Raw.qll cc504ec0771dbb461367944a5c95186047bad59a087a9bda74ef346c7b89b0d3 0b5973d56edd8099b645ea1f7be2a4934e62d5fa165261c63299ac2cf634437d lib/codeql/swift/generated/Synth.qll 551fdf7e4b53f9ee1314d1bb42c2638cf82f45bfa1f40a635dfa7b6072e4418c 9ab178464700a19951fc5285acacda4913addee81515d8e072b3d7055935a814 lib/codeql/swift/generated/SynthConstructors.qll 2f801bd8b0db829b0253cd459ed3253c1fdfc55dce68ebc53e7fec138ef0aca4 2f801bd8b0db829b0253cd459ed3253c1fdfc55dce68ebc53e7fec138ef0aca4 lib/codeql/swift/generated/UnknownFile.qll 0fcf9beb8de79440bcdfff4bb6ab3dd139bd273e6c32754e05e6a632651e85f6 0fcf9beb8de79440bcdfff4bb6ab3dd139bd273e6c32754e05e6a632651e85f6 @@ -398,7 +397,7 @@ lib/codeql/swift/generated/decl/AssociatedTypeDecl.qll 4169d083104f9c089223ed3c5 lib/codeql/swift/generated/decl/CapturedDecl.qll f8b69887acb35cc8de572984fef83eb08649845b49179b68d3afef36b526bddb 94ab461ef9ab5983dece5e2b1865b6056e381e5c06f2a3ec4dfde634a9368e59 lib/codeql/swift/generated/decl/ClassDecl.qll a60e8af2fdbcd20cfa2049660c8bcbbc00508fbd3dde72b4778317dfc23c5ae4 a60e8af2fdbcd20cfa2049660c8bcbbc00508fbd3dde72b4778317dfc23c5ae4 lib/codeql/swift/generated/decl/ConcreteVarDecl.qll 4801ccc477480c4bc4fc117976fbab152e081064e064c97fbb0f37199cb1d0a8 4d7cfbf5b39b307dd673781adc220fdef04213f2e3d080004fa658ba6d3acb8d -lib/codeql/swift/generated/decl/Decl.qll 1d620c8e43df3cb46e5446dc9f6592205040c4d2b03c2ce1e491d7628f8904d0 b02514d7548a5a1dca39a148974a1b4dfeb681ebf81ad80f78d53ea48bab6133 +lib/codeql/swift/generated/decl/Decl.qll e9a27347096be6b0d1f9e555ba98867b4e3f1629bc4c24ed4c737921e416ef8c 5b9d839d3cce81a282fda869d83a33138c9587c76c1547692811aed05c44aa46 lib/codeql/swift/generated/decl/Deinitializer.qll 816ecd92552915d06952517606a6e4c67bc53d7e7d9f5c09b7276e70612627fe 816ecd92552915d06952517606a6e4c67bc53d7e7d9f5c09b7276e70612627fe lib/codeql/swift/generated/decl/EnumCaseDecl.qll 564718862a9fd5b99427591a83921bf57aac2074041b5b335577599e8eefda16 90899d7d7a9c695576ae4b24d19deb05e45e0e85c954ab41de154d5cc521019e lib/codeql/swift/generated/decl/EnumDecl.qll fa4490d511ee537751a4fab2478e65250ff3deba43c74db5341184c9ba25b534 fa4490d511ee537751a4fab2478e65250ff3deba43c74db5341184c9ba25b534 From 7aa23cf11db24341995b4252a64bc13d1b104bb2 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 22 May 2023 20:47:00 +0000 Subject: [PATCH 13/15] Release preparation for version 2.13.3 --- cpp/ql/lib/CHANGELOG.md | 16 ++++++++ .../2023-04-28-indirect-barrier-node.md | 4 -- .../2023-04-28-static-local-dataflow.md | 4 -- .../2023-05-02-ir-noreturn-calls.md | 4 -- .../2023-05-02-range-analysis-wrapper.md | 4 -- .../2023-05-22-inline-in-std-namespace.md | 4 -- cpp/ql/lib/change-notes/released/0.7.2.md | 15 +++++++ cpp/ql/lib/codeql-pack.release.yml | 2 +- cpp/ql/lib/qlpack.yml | 2 +- cpp/ql/src/CHANGELOG.md | 4 ++ cpp/ql/src/change-notes/released/0.6.2.md | 3 ++ cpp/ql/src/codeql-pack.release.yml | 2 +- cpp/ql/src/qlpack.yml | 2 +- .../ql/campaigns/Solorigate/lib/CHANGELOG.md | 4 ++ .../lib/change-notes/released/1.5.2.md | 3 ++ .../Solorigate/lib/codeql-pack.release.yml | 2 +- csharp/ql/campaigns/Solorigate/lib/qlpack.yml | 2 +- .../ql/campaigns/Solorigate/src/CHANGELOG.md | 4 ++ .../src/change-notes/released/1.5.2.md | 3 ++ .../Solorigate/src/codeql-pack.release.yml | 2 +- csharp/ql/campaigns/Solorigate/src/qlpack.yml | 2 +- csharp/ql/lib/CHANGELOG.md | 7 ++++ .../2023-04-26-neutral-model-kinds.md | 4 -- .../0.6.2.md} | 8 ++-- csharp/ql/lib/codeql-pack.release.yml | 2 +- csharp/ql/lib/qlpack.yml | 2 +- csharp/ql/src/CHANGELOG.md | 4 ++ csharp/ql/src/change-notes/released/0.6.2.md | 3 ++ csharp/ql/src/codeql-pack.release.yml | 2 +- csharp/ql/src/qlpack.yml | 2 +- go/ql/lib/CHANGELOG.md | 6 +++ .../0.5.2.md} | 9 ++-- go/ql/lib/codeql-pack.release.yml | 2 +- go/ql/lib/qlpack.yml | 2 +- go/ql/src/CHANGELOG.md | 4 ++ go/ql/src/change-notes/released/0.5.2.md | 3 ++ go/ql/src/codeql-pack.release.yml | 2 +- go/ql/src/qlpack.yml | 2 +- java/ql/lib/CHANGELOG.md | 41 +++++++++++++++++++ ...-04-20-create-model-for-io-jsonwebtoken.md | 5 --- .../2023-04-26-neutral-model-kinds.md | 4 -- .../2023-05-02-apache-commons-net-models.md | 4 -- ...3-05-03-url-open-stream-as-experimental.md | 4 -- .../lib/change-notes/2023-05-11-new-models.md | 6 --- .../2023-05-12-spring-jdbc-sql-sinks.md | 4 -- .../0.6.2.md} | 17 ++++++-- java/ql/lib/codeql-pack.release.yml | 2 +- java/ql/lib/qlpack.yml | 2 +- java/ql/src/CHANGELOG.md | 8 ++++ .../change-notes/2023-05-15-xpath-xxe-sink.md | 4 -- .../2023-05-19-groovy-injection-sink.md | 4 -- .../0.6.2.md} | 9 ++-- java/ql/src/codeql-pack.release.yml | 2 +- java/ql/src/qlpack.yml | 2 +- javascript/ql/lib/CHANGELOG.md | 6 +++ .../0.6.2.md} | 9 ++-- javascript/ql/lib/codeql-pack.release.yml | 2 +- javascript/ql/lib/qlpack.yml | 2 +- javascript/ql/src/CHANGELOG.md | 20 +++++++++ .../2023-04-13-Forge-truncated-sha512-hash.md | 5 --- .../2023-04-26-unsafe-yaml-deserialization.md | 5 --- .../2023-04-28-json-with-comments.md | 5 --- .../2023-05-02-github-actions-sources.md | 5 --- .../change-notes/2023-05-17-indirect-shell.md | 4 -- .../ql/src/change-notes/released/0.6.2.md | 19 +++++++++ javascript/ql/src/codeql-pack.release.yml | 2 +- javascript/ql/src/qlpack.yml | 2 +- misc/suite-helpers/CHANGELOG.md | 4 ++ .../change-notes/released/0.5.2.md | 3 ++ misc/suite-helpers/codeql-pack.release.yml | 2 +- misc/suite-helpers/qlpack.yml | 2 +- python/ql/lib/CHANGELOG.md | 7 ++++ ...16-typetracking-read-captured-variables.md | 4 -- .../0.9.2.md} | 8 ++-- python/ql/lib/codeql-pack.release.yml | 2 +- python/ql/lib/qlpack.yml | 2 +- python/ql/src/CHANGELOG.md | 4 ++ python/ql/src/change-notes/released/0.7.2.md | 3 ++ python/ql/src/codeql-pack.release.yml | 2 +- python/ql/src/qlpack.yml | 2 +- ruby/ql/lib/CHANGELOG.md | 6 +++ .../0.6.2.md} | 7 ++-- ruby/ql/lib/codeql-pack.release.yml | 2 +- ruby/ql/lib/qlpack.yml | 2 +- ruby/ql/src/CHANGELOG.md | 4 ++ ruby/ql/src/change-notes/released/0.6.2.md | 3 ++ ruby/ql/src/codeql-pack.release.yml | 2 +- ruby/ql/src/qlpack.yml | 2 +- shared/regex/CHANGELOG.md | 4 ++ shared/regex/change-notes/released/0.0.13.md | 3 ++ shared/regex/codeql-pack.release.yml | 2 +- shared/regex/qlpack.yml | 2 +- shared/ssa/CHANGELOG.md | 4 ++ shared/ssa/change-notes/released/0.0.17.md | 3 ++ shared/ssa/codeql-pack.release.yml | 2 +- shared/ssa/qlpack.yml | 2 +- shared/tutorial/CHANGELOG.md | 4 ++ .../tutorial/change-notes/released/0.0.10.md | 3 ++ shared/tutorial/codeql-pack.release.yml | 2 +- shared/tutorial/qlpack.yml | 2 +- shared/typetracking/CHANGELOG.md | 4 ++ .../change-notes/released/0.0.10.md | 3 ++ shared/typetracking/codeql-pack.release.yml | 2 +- shared/typetracking/qlpack.yml | 2 +- shared/typos/CHANGELOG.md | 4 ++ shared/typos/change-notes/released/0.0.17.md | 3 ++ shared/typos/codeql-pack.release.yml | 2 +- shared/typos/qlpack.yml | 2 +- shared/util/CHANGELOG.md | 4 ++ shared/util/change-notes/released/0.0.10.md | 3 ++ shared/util/codeql-pack.release.yml | 2 +- shared/util/qlpack.yml | 2 +- shared/yaml/CHANGELOG.md | 4 ++ shared/yaml/change-notes/released/0.0.2.md | 3 ++ shared/yaml/codeql-pack.release.yml | 2 +- shared/yaml/qlpack.yml | 2 +- 116 files changed, 347 insertions(+), 159 deletions(-) delete mode 100644 cpp/ql/lib/change-notes/2023-04-28-indirect-barrier-node.md delete mode 100644 cpp/ql/lib/change-notes/2023-04-28-static-local-dataflow.md delete mode 100644 cpp/ql/lib/change-notes/2023-05-02-ir-noreturn-calls.md delete mode 100644 cpp/ql/lib/change-notes/2023-05-02-range-analysis-wrapper.md delete mode 100644 cpp/ql/lib/change-notes/2023-05-22-inline-in-std-namespace.md create mode 100644 cpp/ql/lib/change-notes/released/0.7.2.md create mode 100644 cpp/ql/src/change-notes/released/0.6.2.md create mode 100644 csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.5.2.md create mode 100644 csharp/ql/campaigns/Solorigate/src/change-notes/released/1.5.2.md delete mode 100644 csharp/ql/lib/change-notes/2023-04-26-neutral-model-kinds.md rename csharp/ql/lib/change-notes/{2023-05-16-ilogger-extension-methods.md => released/0.6.2.md} (58%) create mode 100644 csharp/ql/src/change-notes/released/0.6.2.md rename go/ql/lib/change-notes/{2023-04-25-data-flow-varargs-parameters.md => released/0.5.2.md} (85%) create mode 100644 go/ql/src/change-notes/released/0.5.2.md delete mode 100644 java/ql/lib/change-notes/2023-04-20-create-model-for-io-jsonwebtoken.md delete mode 100644 java/ql/lib/change-notes/2023-04-26-neutral-model-kinds.md delete mode 100644 java/ql/lib/change-notes/2023-05-02-apache-commons-net-models.md delete mode 100644 java/ql/lib/change-notes/2023-05-03-url-open-stream-as-experimental.md delete mode 100644 java/ql/lib/change-notes/2023-05-11-new-models.md delete mode 100644 java/ql/lib/change-notes/2023-05-12-spring-jdbc-sql-sinks.md rename java/ql/lib/change-notes/{2023-05-04-add-libraries-for-query-configurations.md => released/0.6.2.md} (87%) delete mode 100644 java/ql/src/change-notes/2023-05-15-xpath-xxe-sink.md delete mode 100644 java/ql/src/change-notes/2023-05-19-groovy-injection-sink.md rename java/ql/src/change-notes/{2023-04-26-xxe-sinks-promotion.md => released/0.6.2.md} (50%) rename javascript/ql/lib/change-notes/{2023-04-03-gh-injection.md => released/0.6.2.md} (85%) delete mode 100644 javascript/ql/src/change-notes/2023-04-13-Forge-truncated-sha512-hash.md delete mode 100644 javascript/ql/src/change-notes/2023-04-26-unsafe-yaml-deserialization.md delete mode 100644 javascript/ql/src/change-notes/2023-04-28-json-with-comments.md delete mode 100644 javascript/ql/src/change-notes/2023-05-02-github-actions-sources.md delete mode 100644 javascript/ql/src/change-notes/2023-05-17-indirect-shell.md create mode 100644 javascript/ql/src/change-notes/released/0.6.2.md create mode 100644 misc/suite-helpers/change-notes/released/0.5.2.md delete mode 100644 python/ql/lib/change-notes/2023-03-16-typetracking-read-captured-variables.md rename python/ql/lib/change-notes/{2022-11-15-dictionary-read-store-steps.md => released/0.9.2.md} (51%) create mode 100644 python/ql/src/change-notes/released/0.7.2.md rename ruby/ql/lib/change-notes/{2023-05-03-sqlite3.md => released/0.6.2.md} (80%) create mode 100644 ruby/ql/src/change-notes/released/0.6.2.md create mode 100644 shared/regex/change-notes/released/0.0.13.md create mode 100644 shared/ssa/change-notes/released/0.0.17.md create mode 100644 shared/tutorial/change-notes/released/0.0.10.md create mode 100644 shared/typetracking/change-notes/released/0.0.10.md create mode 100644 shared/typos/change-notes/released/0.0.17.md create mode 100644 shared/util/change-notes/released/0.0.10.md create mode 100644 shared/yaml/change-notes/released/0.0.2.md diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md index f77a14c328f..e5d2ae643bc 100644 --- a/cpp/ql/lib/CHANGELOG.md +++ b/cpp/ql/lib/CHANGELOG.md @@ -1,3 +1,19 @@ +## 0.7.2 + +### New Features + +* Added an AST-based interface (`semmle.code.cpp.rangeanalysis.new.RangeAnalysis`) for the relative range analysis library. +* A new predicate `BarrierGuard::getAnIndirectBarrierNode` has been added to the new dataflow library (`semmle.code.cpp.dataflow.new.DataFlow`) to mark indirect expressions as barrier nodes using the `BarrierGuard` API. + +### Major Analysis Improvements + +* In the intermediate representation, handling of control flow after non-returning calls has been improved. This should remove false positives in queries that use the intermedite representation or libraries based on it, including the new data flow library. + +### Minor Analysis Improvements + +* The `StdNamespace` class now also includes all inline namespaces that are children of `std` namespace. +* The new dataflow (`semmle.code.cpp.dataflow.new.DataFlow`) and taint-tracking libraries (`semmle.code.cpp.dataflow.new.TaintTracking`) now support tracking flow through static local variables. + ## 0.7.1 No user-facing changes. diff --git a/cpp/ql/lib/change-notes/2023-04-28-indirect-barrier-node.md b/cpp/ql/lib/change-notes/2023-04-28-indirect-barrier-node.md deleted file mode 100644 index 68421139e7d..00000000000 --- a/cpp/ql/lib/change-notes/2023-04-28-indirect-barrier-node.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* A new predicate `BarrierGuard::getAnIndirectBarrierNode` has been added to the new dataflow library (`semmle.code.cpp.dataflow.new.DataFlow`) to mark indirect expressions as barrier nodes using the `BarrierGuard` API. diff --git a/cpp/ql/lib/change-notes/2023-04-28-static-local-dataflow.md b/cpp/ql/lib/change-notes/2023-04-28-static-local-dataflow.md deleted file mode 100644 index be4c4e73ed0..00000000000 --- a/cpp/ql/lib/change-notes/2023-04-28-static-local-dataflow.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The new dataflow (`semmle.code.cpp.dataflow.new.DataFlow`) and taint-tracking libraries (`semmle.code.cpp.dataflow.new.TaintTracking`) now support tracking flow through static local variables. diff --git a/cpp/ql/lib/change-notes/2023-05-02-ir-noreturn-calls.md b/cpp/ql/lib/change-notes/2023-05-02-ir-noreturn-calls.md deleted file mode 100644 index 5688945dc80..00000000000 --- a/cpp/ql/lib/change-notes/2023-05-02-ir-noreturn-calls.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: majorAnalysis ---- -* In the intermediate representation, handling of control flow after non-returning calls has been improved. This should remove false positives in queries that use the intermedite representation or libraries based on it, including the new data flow library. \ No newline at end of file diff --git a/cpp/ql/lib/change-notes/2023-05-02-range-analysis-wrapper.md b/cpp/ql/lib/change-notes/2023-05-02-range-analysis-wrapper.md deleted file mode 100644 index b28167dc52d..00000000000 --- a/cpp/ql/lib/change-notes/2023-05-02-range-analysis-wrapper.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* Added an AST-based interface (`semmle.code.cpp.rangeanalysis.new.RangeAnalysis`) for the relative range analysis library. \ No newline at end of file diff --git a/cpp/ql/lib/change-notes/2023-05-22-inline-in-std-namespace.md b/cpp/ql/lib/change-notes/2023-05-22-inline-in-std-namespace.md deleted file mode 100644 index 8b562bd8357..00000000000 --- a/cpp/ql/lib/change-notes/2023-05-22-inline-in-std-namespace.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The `StdNamespace` class now also includes all inline namespaces that are children of `std` namespace. diff --git a/cpp/ql/lib/change-notes/released/0.7.2.md b/cpp/ql/lib/change-notes/released/0.7.2.md new file mode 100644 index 00000000000..4decad06ae8 --- /dev/null +++ b/cpp/ql/lib/change-notes/released/0.7.2.md @@ -0,0 +1,15 @@ +## 0.7.2 + +### New Features + +* Added an AST-based interface (`semmle.code.cpp.rangeanalysis.new.RangeAnalysis`) for the relative range analysis library. +* A new predicate `BarrierGuard::getAnIndirectBarrierNode` has been added to the new dataflow library (`semmle.code.cpp.dataflow.new.DataFlow`) to mark indirect expressions as barrier nodes using the `BarrierGuard` API. + +### Major Analysis Improvements + +* In the intermediate representation, handling of control flow after non-returning calls has been improved. This should remove false positives in queries that use the intermedite representation or libraries based on it, including the new data flow library. + +### Minor Analysis Improvements + +* The `StdNamespace` class now also includes all inline namespaces that are children of `std` namespace. +* The new dataflow (`semmle.code.cpp.dataflow.new.DataFlow`) and taint-tracking libraries (`semmle.code.cpp.dataflow.new.TaintTracking`) now support tracking flow through static local variables. diff --git a/cpp/ql/lib/codeql-pack.release.yml b/cpp/ql/lib/codeql-pack.release.yml index e007a9aec3e..fee171e9685 100644 --- a/cpp/ql/lib/codeql-pack.release.yml +++ b/cpp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.1 +lastReleaseVersion: 0.7.2 diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index 3f6482c1ebe..2008adee602 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 0.7.2-dev +version: 0.7.2 groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md index 1314e6d7553..4991b66538f 100644 --- a/cpp/ql/src/CHANGELOG.md +++ b/cpp/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.6.2 + +No user-facing changes. + ## 0.6.1 ### New Queries diff --git a/cpp/ql/src/change-notes/released/0.6.2.md b/cpp/ql/src/change-notes/released/0.6.2.md new file mode 100644 index 00000000000..43f80640fc5 --- /dev/null +++ b/cpp/ql/src/change-notes/released/0.6.2.md @@ -0,0 +1,3 @@ +## 0.6.2 + +No user-facing changes. diff --git a/cpp/ql/src/codeql-pack.release.yml b/cpp/ql/src/codeql-pack.release.yml index 80fb0899f64..5501a2a1cc5 100644 --- a/cpp/ql/src/codeql-pack.release.yml +++ b/cpp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.1 +lastReleaseVersion: 0.6.2 diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index 4df58a2da69..8b2bb0ed100 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 0.6.2-dev +version: 0.6.2 groups: - cpp - queries diff --git a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md index 56de88b8aa5..ad7a007007f 100644 --- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.5.2 + +No user-facing changes. + ## 1.5.1 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.5.2.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.5.2.md new file mode 100644 index 00000000000..384c27833f1 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.5.2.md @@ -0,0 +1,3 @@ +## 1.5.2 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml index c5775c46013..7eb901bae56 100644 --- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.5.1 +lastReleaseVersion: 1.5.2 diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index fb0859160cc..9c09d378a20 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.5.2-dev +version: 1.5.2 groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md index 56de88b8aa5..ad7a007007f 100644 --- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.5.2 + +No user-facing changes. + ## 1.5.1 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.5.2.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.5.2.md new file mode 100644 index 00000000000..384c27833f1 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.5.2.md @@ -0,0 +1,3 @@ +## 1.5.2 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml index c5775c46013..7eb901bae56 100644 --- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.5.1 +lastReleaseVersion: 1.5.2 diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index 4c9eeb60c87..241bb764b7c 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.5.2-dev +version: 1.5.2 groups: - csharp - solorigate diff --git a/csharp/ql/lib/CHANGELOG.md b/csharp/ql/lib/CHANGELOG.md index 4ebff5c86a7..435255a997a 100644 --- a/csharp/ql/lib/CHANGELOG.md +++ b/csharp/ql/lib/CHANGELOG.md @@ -1,3 +1,10 @@ +## 0.6.2 + +### Minor Analysis Improvements + +* The `cs/log-forging`, `cs/cleartext-storage`, and `cs/exposure-of-sensitive-information` queries now correctly handle unsanitized arguments to `ILogger` extension methods. +* Updated the `neutralModel` extensible predicate to include a `kind` column. + ## 0.6.1 No user-facing changes. diff --git a/csharp/ql/lib/change-notes/2023-04-26-neutral-model-kinds.md b/csharp/ql/lib/change-notes/2023-04-26-neutral-model-kinds.md deleted file mode 100644 index ab19597224b..00000000000 --- a/csharp/ql/lib/change-notes/2023-04-26-neutral-model-kinds.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Updated the `neutralModel` extensible predicate to include a `kind` column. \ No newline at end of file diff --git a/csharp/ql/lib/change-notes/2023-05-16-ilogger-extension-methods.md b/csharp/ql/lib/change-notes/released/0.6.2.md similarity index 58% rename from csharp/ql/lib/change-notes/2023-05-16-ilogger-extension-methods.md rename to csharp/ql/lib/change-notes/released/0.6.2.md index 4d4f0767238..c3829f2df86 100644 --- a/csharp/ql/lib/change-notes/2023-05-16-ilogger-extension-methods.md +++ b/csharp/ql/lib/change-notes/released/0.6.2.md @@ -1,4 +1,6 @@ ---- -category: minorAnalysis ---- +## 0.6.2 + +### Minor Analysis Improvements + * The `cs/log-forging`, `cs/cleartext-storage`, and `cs/exposure-of-sensitive-information` queries now correctly handle unsanitized arguments to `ILogger` extension methods. +* Updated the `neutralModel` extensible predicate to include a `kind` column. diff --git a/csharp/ql/lib/codeql-pack.release.yml b/csharp/ql/lib/codeql-pack.release.yml index 80fb0899f64..5501a2a1cc5 100644 --- a/csharp/ql/lib/codeql-pack.release.yml +++ b/csharp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.1 +lastReleaseVersion: 0.6.2 diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index fdb710e9371..1e56c93103b 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 0.6.2-dev +version: 0.6.2 groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/CHANGELOG.md b/csharp/ql/src/CHANGELOG.md index fb6006fc6f9..e214ec42a03 100644 --- a/csharp/ql/src/CHANGELOG.md +++ b/csharp/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.6.2 + +No user-facing changes. + ## 0.6.1 ### Minor Analysis Improvements diff --git a/csharp/ql/src/change-notes/released/0.6.2.md b/csharp/ql/src/change-notes/released/0.6.2.md new file mode 100644 index 00000000000..43f80640fc5 --- /dev/null +++ b/csharp/ql/src/change-notes/released/0.6.2.md @@ -0,0 +1,3 @@ +## 0.6.2 + +No user-facing changes. diff --git a/csharp/ql/src/codeql-pack.release.yml b/csharp/ql/src/codeql-pack.release.yml index 80fb0899f64..5501a2a1cc5 100644 --- a/csharp/ql/src/codeql-pack.release.yml +++ b/csharp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.1 +lastReleaseVersion: 0.6.2 diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index d68e0a497c1..663ad9efee2 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 0.6.2-dev +version: 0.6.2 groups: - csharp - queries diff --git a/go/ql/lib/CHANGELOG.md b/go/ql/lib/CHANGELOG.md index e144655e159..5f09272c19b 100644 --- a/go/ql/lib/CHANGELOG.md +++ b/go/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.5.2 + +### Minor Analysis Improvements + +* Fixed data flow through variadic function parameters. The arguments corresponding to a variadic parameter are no longer returned by `CallNode.getArgument(int i)` and `CallNode.getAnArgument()`, and hence aren't `ArgumentNode`s. They now have one result, which is an `ImplicitVarargsSlice` node. For example, a call `f(a, b, c)` to a function `f(T...)` is treated like `f([]T{a, b, c})`. The old behaviour is preserved by `CallNode.getSyntacticArgument(int i)` and `CallNode.getASyntacticArgument()`. `CallExpr.getArgument(int i)` and `CallExpr.getAnArgument()` are unchanged, and will still have three results in the example given. + ## 0.5.1 ### Minor Analysis Improvements diff --git a/go/ql/lib/change-notes/2023-04-25-data-flow-varargs-parameters.md b/go/ql/lib/change-notes/released/0.5.2.md similarity index 85% rename from go/ql/lib/change-notes/2023-04-25-data-flow-varargs-parameters.md rename to go/ql/lib/change-notes/released/0.5.2.md index 881d570361e..ad1dea14924 100644 --- a/go/ql/lib/change-notes/2023-04-25-data-flow-varargs-parameters.md +++ b/go/ql/lib/change-notes/released/0.5.2.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- -* Fixed data flow through variadic function parameters. The arguments corresponding to a variadic parameter are no longer returned by `CallNode.getArgument(int i)` and `CallNode.getAnArgument()`, and hence aren't `ArgumentNode`s. They now have one result, which is an `ImplicitVarargsSlice` node. For example, a call `f(a, b, c)` to a function `f(T...)` is treated like `f([]T{a, b, c})`. The old behaviour is preserved by `CallNode.getSyntacticArgument(int i)` and `CallNode.getASyntacticArgument()`. `CallExpr.getArgument(int i)` and `CallExpr.getAnArgument()` are unchanged, and will still have three results in the example given. \ No newline at end of file +## 0.5.2 + +### Minor Analysis Improvements + +* Fixed data flow through variadic function parameters. The arguments corresponding to a variadic parameter are no longer returned by `CallNode.getArgument(int i)` and `CallNode.getAnArgument()`, and hence aren't `ArgumentNode`s. They now have one result, which is an `ImplicitVarargsSlice` node. For example, a call `f(a, b, c)` to a function `f(T...)` is treated like `f([]T{a, b, c})`. The old behaviour is preserved by `CallNode.getSyntacticArgument(int i)` and `CallNode.getASyntacticArgument()`. `CallExpr.getArgument(int i)` and `CallExpr.getAnArgument()` are unchanged, and will still have three results in the example given. diff --git a/go/ql/lib/codeql-pack.release.yml b/go/ql/lib/codeql-pack.release.yml index 0bf7024c337..2d9d3f587f8 100644 --- a/go/ql/lib/codeql-pack.release.yml +++ b/go/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.5.1 +lastReleaseVersion: 0.5.2 diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index 346dc087db4..4da3e4ac60c 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 0.5.2-dev +version: 0.5.2 groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/src/CHANGELOG.md b/go/ql/src/CHANGELOG.md index 81ce4f00d02..8a1b8bcfebc 100644 --- a/go/ql/src/CHANGELOG.md +++ b/go/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.5.2 + +No user-facing changes. + ## 0.5.1 No user-facing changes. diff --git a/go/ql/src/change-notes/released/0.5.2.md b/go/ql/src/change-notes/released/0.5.2.md new file mode 100644 index 00000000000..e94d1f4ad5b --- /dev/null +++ b/go/ql/src/change-notes/released/0.5.2.md @@ -0,0 +1,3 @@ +## 0.5.2 + +No user-facing changes. diff --git a/go/ql/src/codeql-pack.release.yml b/go/ql/src/codeql-pack.release.yml index 0bf7024c337..2d9d3f587f8 100644 --- a/go/ql/src/codeql-pack.release.yml +++ b/go/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.5.1 +lastReleaseVersion: 0.5.2 diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index 64be9928c63..81410e8a0bc 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 0.5.2-dev +version: 0.5.2 groups: - go - queries diff --git a/java/ql/lib/CHANGELOG.md b/java/ql/lib/CHANGELOG.md index 03907f74b89..53fb1470bb9 100644 --- a/java/ql/lib/CHANGELOG.md +++ b/java/ql/lib/CHANGELOG.md @@ -1,3 +1,44 @@ +## 0.6.2 + +### Minor Analysis Improvements + +* Added SQL injection sinks for Spring JDBC's `NamedParameterJdbcOperations`. +* Added models for the following packages: + + * org.apache.hadoop.fs +* Added the `ArithmeticCommon.qll` library to provide predicates for reasoning about arithmetic operations. +* Added the `ArithmeticTaintedLocalQuery.qll` library to provide the `ArithmeticTaintedLocalOverflowFlow` and `ArithmeticTaintedLocalUnderflowFlow` taint-tracking modules to reason about arithmetic with unvalidated user input. +* Added the `ArithmeticTaintedQuery.qll` library to provide the `RemoteUserInputOverflow` and `RemoteUserInputUnderflow` taint-tracking modules to reason about arithmetic with unvalidated user input. +* Added the `ArithmeticUncontrolledQuery.qll` library to provide the `ArithmeticUncontrolledOverflowFlow` and `ArithmeticUncontrolledUnderflowFlow` taint-tracking modules to reason about arithmetic with uncontrolled user input. +* Added the `ArithmeticWithExtremeValuesQuery.qll` library to provide the `MaxValueFlow` and `MinValueFlow` dataflow modules to reason about arithmetic with extreme values. +* Added the `BrokenCryptoAlgorithmQuery.qll` library to provide the `InsecureCryptoFlow` taint-tracking module to reason about broken cryptographic algorithm vulnerabilities. +* Added the `ExecTaintedLocalQuery.qll` library to provide the `LocalUserInputToArgumentToExecFlow` taint-tracking module to reason about command injection vulnerabilities caused by local data flow. +* Added the `ExternallyControlledFormatStringLocalQuery.qll` library to provide the `ExternallyControlledFormatStringLocalFlow` taint-tracking module to reason about format string vulnerabilities caused by local data flow. +* Added the `ImproperValidationOfArrayConstructionCodeSpecifiedQuery.qll` library to provide the `BoundedFlowSourceFlow` dataflow module to reason about improper validation of code-specified sizes used for array construction. +* Added the `ImproperValidationOfArrayConstructionLocalQuery.qll` library to provide the `ImproperValidationOfArrayConstructionLocalFlow` taint-tracking module to reason about improper validation of local user-provided sizes used for array construction caused by local data flow. +* Added the `ImproperValidationOfArrayConstructionQuery.qll` library to provide the `ImproperValidationOfArrayConstructionFlow` taint-tracking module to reason about improper validation of user-provided size used for array construction. +* Added the `ImproperValidationOfArrayIndexCodeSpecifiedQuery.qll` library to provide the `BoundedFlowSourceFlow` data flow module to reason about about improper validation of code-specified array index. +* Added the `ImproperValidationOfArrayIndexLocalQuery.qll` library to provide the `ImproperValidationOfArrayIndexLocalFlow` taint-tracking module to reason about improper validation of a local user-provided array index. +* Added the `ImproperValidationOfArrayIndexQuery.qll` library to provide the `ImproperValidationOfArrayIndexFlow` taint-tracking module to reason about improper validation of user-provided array index. +* Added the `InsecureCookieQuery.qll` library to provide the `SecureCookieFlow` taint-tracking module to reason about insecure cookie vulnerabilities. +* Added the `MaybeBrokenCryptoAlgorithmQuery.qll` library to provide the `InsecureCryptoFlow` taint-tracking module to reason about broken cryptographic algorithm vulnerabilities. +* Added the `NumericCastTaintedQuery.qll` library to provide the `NumericCastTaintedFlow` taint-tracking module to reason about numeric cast vulnerabilities. +* Added the `ResponseSplittingLocalQuery.qll` library to provide the `ResponseSplittingLocalFlow` taint-tracking module to reason about response splitting vulnerabilities caused by local data flow. +* Added the `SqlConcatenatedQuery.qll` library to provide the `UncontrolledStringBuilderSourceFlow` taint-tracking module to reason about SQL injection vulnerabilities caused by concatenating untrusted strings. +* Added the `SqlTaintedLocalQuery.qll` library to provide the `LocalUserInputToArgumentToSqlFlow` taint-tracking module to reason about SQL injection vulnerabilities caused by local data flow. +* Added the `StackTraceExposureQuery.qll` library to provide the `printsStackExternally`, `stringifiedStackFlowsExternally`, and `getMessageFlowsExternally` predicates to reason about stack trace exposure vulnerabilities. +* Added the `TaintedPermissionQuery.qll` library to provide the `TaintedPermissionFlow` taint-tracking module to reason about tainted permission vulnerabilities. +* Added the `TempDirLocalInformationDisclosureQuery.qll` library to provide the `TempDirSystemGetPropertyToCreate` taint-tracking module to reason about local information disclosure vulnerabilities caused by local data flow. +* Added the `UnsafeHostnameVerificationQuery.qll` library to provide the `TrustAllHostnameVerifierFlow` taint-tracking module to reason about insecure hostname verification vulnerabilities. +* Added the `UrlRedirectLocalQuery.qll` library to provide the `UrlRedirectLocalFlow` taint-tracking module to reason about URL redirection vulnerabilities caused by local data flow. +* Added the `UrlRedirectQuery.qll` library to provide the `UrlRedirectFlow` taint-tracking module to reason about URL redirection vulnerabilities. +* Added the `XPathInjectionQuery.qll` library to provide the `XPathInjectionFlow` taint-tracking module to reason about XPath injection vulnerabilities. +* Added the `XssLocalQuery.qll` library to provide the `XssLocalFlow` taint-tracking module to reason about XSS vulnerabilities caused by local data flow. +* Moved the `url-open-stream` sink models to experimental and removed `url-open-stream` as a sink option from the [Customizing Library Models for Java](https://github.com/github/codeql/blob/733a00039efdb39c3dd76ddffad5e6d6c85e6774/docs/codeql/codeql-language-guides/customizing-library-models-for-java.rst#customizing-library-models-for-java) documentation. +* Added models for the Apache Commons Net library. +* Updated the `neutralModel` extensible predicate to include a `kind` column. +* Added models for the `io.jsonwebtoken` library. + ## 0.6.1 ### Deprecated APIs diff --git a/java/ql/lib/change-notes/2023-04-20-create-model-for-io-jsonwebtoken.md b/java/ql/lib/change-notes/2023-04-20-create-model-for-io-jsonwebtoken.md deleted file mode 100644 index 3a037075967..00000000000 --- a/java/ql/lib/change-notes/2023-04-20-create-model-for-io-jsonwebtoken.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- -* Added models for the `io.jsonwebtoken` library. - diff --git a/java/ql/lib/change-notes/2023-04-26-neutral-model-kinds.md b/java/ql/lib/change-notes/2023-04-26-neutral-model-kinds.md deleted file mode 100644 index ab19597224b..00000000000 --- a/java/ql/lib/change-notes/2023-04-26-neutral-model-kinds.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Updated the `neutralModel` extensible predicate to include a `kind` column. \ No newline at end of file diff --git a/java/ql/lib/change-notes/2023-05-02-apache-commons-net-models.md b/java/ql/lib/change-notes/2023-05-02-apache-commons-net-models.md deleted file mode 100644 index a669c74d3e8..00000000000 --- a/java/ql/lib/change-notes/2023-05-02-apache-commons-net-models.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added models for the Apache Commons Net library. diff --git a/java/ql/lib/change-notes/2023-05-03-url-open-stream-as-experimental.md b/java/ql/lib/change-notes/2023-05-03-url-open-stream-as-experimental.md deleted file mode 100644 index 1d57d64973c..00000000000 --- a/java/ql/lib/change-notes/2023-05-03-url-open-stream-as-experimental.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Moved the `url-open-stream` sink models to experimental and removed `url-open-stream` as a sink option from the [Customizing Library Models for Java](https://github.com/github/codeql/blob/733a00039efdb39c3dd76ddffad5e6d6c85e6774/docs/codeql/codeql-language-guides/customizing-library-models-for-java.rst#customizing-library-models-for-java) documentation. diff --git a/java/ql/lib/change-notes/2023-05-11-new-models.md b/java/ql/lib/change-notes/2023-05-11-new-models.md deleted file mode 100644 index 067105b4aca..00000000000 --- a/java/ql/lib/change-notes/2023-05-11-new-models.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -category: minorAnalysis ---- -* Added models for the following packages: - - * org.apache.hadoop.fs diff --git a/java/ql/lib/change-notes/2023-05-12-spring-jdbc-sql-sinks.md b/java/ql/lib/change-notes/2023-05-12-spring-jdbc-sql-sinks.md deleted file mode 100644 index 68d6c2b45fe..00000000000 --- a/java/ql/lib/change-notes/2023-05-12-spring-jdbc-sql-sinks.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added SQL injection sinks for Spring JDBC's `NamedParameterJdbcOperations`. \ No newline at end of file diff --git a/java/ql/lib/change-notes/2023-05-04-add-libraries-for-query-configurations.md b/java/ql/lib/change-notes/released/0.6.2.md similarity index 87% rename from java/ql/lib/change-notes/2023-05-04-add-libraries-for-query-configurations.md rename to java/ql/lib/change-notes/released/0.6.2.md index ead324ee5fb..f0bf9441a47 100644 --- a/java/ql/lib/change-notes/2023-05-04-add-libraries-for-query-configurations.md +++ b/java/ql/lib/change-notes/released/0.6.2.md @@ -1,6 +1,11 @@ ---- -category: minorAnalysis ---- +## 0.6.2 + +### Minor Analysis Improvements + +* Added SQL injection sinks for Spring JDBC's `NamedParameterJdbcOperations`. +* Added models for the following packages: + + * org.apache.hadoop.fs * Added the `ArithmeticCommon.qll` library to provide predicates for reasoning about arithmetic operations. * Added the `ArithmeticTaintedLocalQuery.qll` library to provide the `ArithmeticTaintedLocalOverflowFlow` and `ArithmeticTaintedLocalUnderflowFlow` taint-tracking modules to reason about arithmetic with unvalidated user input. * Added the `ArithmeticTaintedQuery.qll` library to provide the `RemoteUserInputOverflow` and `RemoteUserInputUnderflow` taint-tracking modules to reason about arithmetic with unvalidated user input. @@ -28,4 +33,8 @@ category: minorAnalysis * Added the `UrlRedirectLocalQuery.qll` library to provide the `UrlRedirectLocalFlow` taint-tracking module to reason about URL redirection vulnerabilities caused by local data flow. * Added the `UrlRedirectQuery.qll` library to provide the `UrlRedirectFlow` taint-tracking module to reason about URL redirection vulnerabilities. * Added the `XPathInjectionQuery.qll` library to provide the `XPathInjectionFlow` taint-tracking module to reason about XPath injection vulnerabilities. -* Added the `XssLocalQuery.qll` library to provide the `XssLocalFlow` taint-tracking module to reason about XSS vulnerabilities caused by local data flow. \ No newline at end of file +* Added the `XssLocalQuery.qll` library to provide the `XssLocalFlow` taint-tracking module to reason about XSS vulnerabilities caused by local data flow. +* Moved the `url-open-stream` sink models to experimental and removed `url-open-stream` as a sink option from the [Customizing Library Models for Java](https://github.com/github/codeql/blob/733a00039efdb39c3dd76ddffad5e6d6c85e6774/docs/codeql/codeql-language-guides/customizing-library-models-for-java.rst#customizing-library-models-for-java) documentation. +* Added models for the Apache Commons Net library. +* Updated the `neutralModel` extensible predicate to include a `kind` column. +* Added models for the `io.jsonwebtoken` library. diff --git a/java/ql/lib/codeql-pack.release.yml b/java/ql/lib/codeql-pack.release.yml index 80fb0899f64..5501a2a1cc5 100644 --- a/java/ql/lib/codeql-pack.release.yml +++ b/java/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.1 +lastReleaseVersion: 0.6.2 diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index c48db63b34d..94ec029ed07 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 0.6.2-dev +version: 0.6.2 groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/CHANGELOG.md b/java/ql/src/CHANGELOG.md index 744ac866083..1e7cebcfca1 100644 --- a/java/ql/src/CHANGELOG.md +++ b/java/ql/src/CHANGELOG.md @@ -1,3 +1,11 @@ +## 0.6.2 + +### Minor Analysis Improvements + +* The query `java/groovy-injection` now recognizes `groovy.text.TemplateEngine.createTemplate` as a sink. +* The queries `java/xxe` and `java/xxe-local` now recognize the second argument of calls to `XPath.evaluate` as a sink. +* Experimental sinks for the query "Resolving XML external entity in user-controlled data" (`java/xxe`) have been promoted to the main query pack. These sinks were originally [submitted as part of an experimental query by @haby0](https://github.com/github/codeql/pull/6564). + ## 0.6.1 No user-facing changes. diff --git a/java/ql/src/change-notes/2023-05-15-xpath-xxe-sink.md b/java/ql/src/change-notes/2023-05-15-xpath-xxe-sink.md deleted file mode 100644 index 1696ffbd213..00000000000 --- a/java/ql/src/change-notes/2023-05-15-xpath-xxe-sink.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The queries `java/xxe` and `java/xxe-local` now recognize the second argument of calls to `XPath.evaluate` as a sink. diff --git a/java/ql/src/change-notes/2023-05-19-groovy-injection-sink.md b/java/ql/src/change-notes/2023-05-19-groovy-injection-sink.md deleted file mode 100644 index 7f668dd1b28..00000000000 --- a/java/ql/src/change-notes/2023-05-19-groovy-injection-sink.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The query `java/groovy-injection` now recognizes `groovy.text.TemplateEngine.createTemplate` as a sink. diff --git a/java/ql/src/change-notes/2023-04-26-xxe-sinks-promotion.md b/java/ql/src/change-notes/released/0.6.2.md similarity index 50% rename from java/ql/src/change-notes/2023-04-26-xxe-sinks-promotion.md rename to java/ql/src/change-notes/released/0.6.2.md index 01bbfe267bd..50a5ff81b8f 100644 --- a/java/ql/src/change-notes/2023-04-26-xxe-sinks-promotion.md +++ b/java/ql/src/change-notes/released/0.6.2.md @@ -1,4 +1,7 @@ ---- -category: minorAnalysis ---- +## 0.6.2 + +### Minor Analysis Improvements + +* The query `java/groovy-injection` now recognizes `groovy.text.TemplateEngine.createTemplate` as a sink. +* The queries `java/xxe` and `java/xxe-local` now recognize the second argument of calls to `XPath.evaluate` as a sink. * Experimental sinks for the query "Resolving XML external entity in user-controlled data" (`java/xxe`) have been promoted to the main query pack. These sinks were originally [submitted as part of an experimental query by @haby0](https://github.com/github/codeql/pull/6564). diff --git a/java/ql/src/codeql-pack.release.yml b/java/ql/src/codeql-pack.release.yml index 80fb0899f64..5501a2a1cc5 100644 --- a/java/ql/src/codeql-pack.release.yml +++ b/java/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.1 +lastReleaseVersion: 0.6.2 diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index 3e640f9376f..8936d5a4373 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 0.6.2-dev +version: 0.6.2 groups: - java - queries diff --git a/javascript/ql/lib/CHANGELOG.md b/javascript/ql/lib/CHANGELOG.md index 24e199a69d7..3ac3bc23481 100644 --- a/javascript/ql/lib/CHANGELOG.md +++ b/javascript/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.6.2 + +### Minor Analysis Improvements + +* Improved the queries for injection vulnerabilities in GitHub Actions workflows (`js/actions/command-injection` and `js/actions/pull-request-target`) and the associated library `semmle.javascript.Actions`. These now support steps defined in composite actions, in addition to steps defined in Actions workflow files. It supports more potentially untrusted input values. Additionally to the shell injections it now also detects injections in `actions/github-script`. It also detects simple injections from user controlled `${{ env.name }}`. Additionally to the `yml` extension now it also supports workflows with the `yaml` extension. + ## 0.6.1 ### Major Analysis Improvements diff --git a/javascript/ql/lib/change-notes/2023-04-03-gh-injection.md b/javascript/ql/lib/change-notes/released/0.6.2.md similarity index 85% rename from javascript/ql/lib/change-notes/2023-04-03-gh-injection.md rename to javascript/ql/lib/change-notes/released/0.6.2.md index 63e913eb694..f97f6633c49 100644 --- a/javascript/ql/lib/change-notes/2023-04-03-gh-injection.md +++ b/javascript/ql/lib/change-notes/released/0.6.2.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- -* Improved the queries for injection vulnerabilities in GitHub Actions workflows (`js/actions/command-injection` and `js/actions/pull-request-target`) and the associated library `semmle.javascript.Actions`. These now support steps defined in composite actions, in addition to steps defined in Actions workflow files. It supports more potentially untrusted input values. Additionally to the shell injections it now also detects injections in `actions/github-script`. It also detects simple injections from user controlled `${{ env.name }}`. Additionally to the `yml` extension now it also supports workflows with the `yaml` extension. \ No newline at end of file +## 0.6.2 + +### Minor Analysis Improvements + +* Improved the queries for injection vulnerabilities in GitHub Actions workflows (`js/actions/command-injection` and `js/actions/pull-request-target`) and the associated library `semmle.javascript.Actions`. These now support steps defined in composite actions, in addition to steps defined in Actions workflow files. It supports more potentially untrusted input values. Additionally to the shell injections it now also detects injections in `actions/github-script`. It also detects simple injections from user controlled `${{ env.name }}`. Additionally to the `yml` extension now it also supports workflows with the `yaml` extension. diff --git a/javascript/ql/lib/codeql-pack.release.yml b/javascript/ql/lib/codeql-pack.release.yml index 80fb0899f64..5501a2a1cc5 100644 --- a/javascript/ql/lib/codeql-pack.release.yml +++ b/javascript/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.1 +lastReleaseVersion: 0.6.2 diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index 4b0fa8d4ffb..c45ff2f4732 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 0.6.2-dev +version: 0.6.2 groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/CHANGELOG.md b/javascript/ql/src/CHANGELOG.md index d0933ef06cf..eb914577876 100644 --- a/javascript/ql/src/CHANGELOG.md +++ b/javascript/ql/src/CHANGELOG.md @@ -1,3 +1,23 @@ +## 0.6.2 + +### Major Analysis Improvements + +* Added taint sources from the `@actions/core` and `@actions/github` packages. +* Added command-injection sinks from the `@actions/exec` package. + +### Minor Analysis Improvements + +* The `js/indirect-command-line-injection` query no longer flags command arguments that cannot be interpreted as a shell string. +* The `js/unsafe-deserialization` query no longer flags deserialization through the `js-yaml` library, except + when it is used with an unsafe schema. +* The Forge module in `CryptoLibraries.qll` now correctly classifies SHA-512/224, + SHA-512/256, and SHA-512/384 hashes used in message digests as NonKeyCiphers. + +### Bug Fixes + +* Fixed a spurious diagnostic warning about comments in JSON files being illegal. + Comments in JSON files are in fact fully supported, and the diagnostic message was misleading. + ## 0.6.1 ### Minor Analysis Improvements diff --git a/javascript/ql/src/change-notes/2023-04-13-Forge-truncated-sha512-hash.md b/javascript/ql/src/change-notes/2023-04-13-Forge-truncated-sha512-hash.md deleted file mode 100644 index 1d2bfc9a8f9..00000000000 --- a/javascript/ql/src/change-notes/2023-04-13-Forge-truncated-sha512-hash.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- -* The Forge module in `CryptoLibraries.qll` now correctly classifies SHA-512/224, - SHA-512/256, and SHA-512/384 hashes used in message digests as NonKeyCiphers. \ No newline at end of file diff --git a/javascript/ql/src/change-notes/2023-04-26-unsafe-yaml-deserialization.md b/javascript/ql/src/change-notes/2023-04-26-unsafe-yaml-deserialization.md deleted file mode 100644 index 02b044ee47a..00000000000 --- a/javascript/ql/src/change-notes/2023-04-26-unsafe-yaml-deserialization.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- -* The `js/unsafe-deserialization` query no longer flags deserialization through the `js-yaml` library, except - when it is used with an unsafe schema. diff --git a/javascript/ql/src/change-notes/2023-04-28-json-with-comments.md b/javascript/ql/src/change-notes/2023-04-28-json-with-comments.md deleted file mode 100644 index 3ce9949a39a..00000000000 --- a/javascript/ql/src/change-notes/2023-04-28-json-with-comments.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: fix ---- -* Fixed a spurious diagnostic warning about comments in JSON files being illegal. - Comments in JSON files are in fact fully supported, and the diagnostic message was misleading. diff --git a/javascript/ql/src/change-notes/2023-05-02-github-actions-sources.md b/javascript/ql/src/change-notes/2023-05-02-github-actions-sources.md deleted file mode 100644 index a9cf1339421..00000000000 --- a/javascript/ql/src/change-notes/2023-05-02-github-actions-sources.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: majorAnalysis ---- -* Added taint sources from the `@actions/core` and `@actions/github` packages. -* Added command-injection sinks from the `@actions/exec` package. diff --git a/javascript/ql/src/change-notes/2023-05-17-indirect-shell.md b/javascript/ql/src/change-notes/2023-05-17-indirect-shell.md deleted file mode 100644 index 556e9976152..00000000000 --- a/javascript/ql/src/change-notes/2023-05-17-indirect-shell.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The `js/indirect-command-line-injection` query no longer flags command arguments that cannot be interpreted as a shell string. diff --git a/javascript/ql/src/change-notes/released/0.6.2.md b/javascript/ql/src/change-notes/released/0.6.2.md new file mode 100644 index 00000000000..777dd69688e --- /dev/null +++ b/javascript/ql/src/change-notes/released/0.6.2.md @@ -0,0 +1,19 @@ +## 0.6.2 + +### Major Analysis Improvements + +* Added taint sources from the `@actions/core` and `@actions/github` packages. +* Added command-injection sinks from the `@actions/exec` package. + +### Minor Analysis Improvements + +* The `js/indirect-command-line-injection` query no longer flags command arguments that cannot be interpreted as a shell string. +* The `js/unsafe-deserialization` query no longer flags deserialization through the `js-yaml` library, except + when it is used with an unsafe schema. +* The Forge module in `CryptoLibraries.qll` now correctly classifies SHA-512/224, + SHA-512/256, and SHA-512/384 hashes used in message digests as NonKeyCiphers. + +### Bug Fixes + +* Fixed a spurious diagnostic warning about comments in JSON files being illegal. + Comments in JSON files are in fact fully supported, and the diagnostic message was misleading. diff --git a/javascript/ql/src/codeql-pack.release.yml b/javascript/ql/src/codeql-pack.release.yml index 80fb0899f64..5501a2a1cc5 100644 --- a/javascript/ql/src/codeql-pack.release.yml +++ b/javascript/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.1 +lastReleaseVersion: 0.6.2 diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index 2c62c9e75d5..f64917ed51f 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 0.6.2-dev +version: 0.6.2 groups: - javascript - queries diff --git a/misc/suite-helpers/CHANGELOG.md b/misc/suite-helpers/CHANGELOG.md index 9621c2fa167..46787616efa 100644 --- a/misc/suite-helpers/CHANGELOG.md +++ b/misc/suite-helpers/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.5.2 + +No user-facing changes. + ## 0.5.1 No user-facing changes. diff --git a/misc/suite-helpers/change-notes/released/0.5.2.md b/misc/suite-helpers/change-notes/released/0.5.2.md new file mode 100644 index 00000000000..e94d1f4ad5b --- /dev/null +++ b/misc/suite-helpers/change-notes/released/0.5.2.md @@ -0,0 +1,3 @@ +## 0.5.2 + +No user-facing changes. diff --git a/misc/suite-helpers/codeql-pack.release.yml b/misc/suite-helpers/codeql-pack.release.yml index 0bf7024c337..2d9d3f587f8 100644 --- a/misc/suite-helpers/codeql-pack.release.yml +++ b/misc/suite-helpers/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.5.1 +lastReleaseVersion: 0.5.2 diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml index c5cf2398633..a66a845730d 100644 --- a/misc/suite-helpers/qlpack.yml +++ b/misc/suite-helpers/qlpack.yml @@ -1,3 +1,3 @@ name: codeql/suite-helpers -version: 0.5.2-dev +version: 0.5.2 groups: shared diff --git a/python/ql/lib/CHANGELOG.md b/python/ql/lib/CHANGELOG.md index b00d10f98d9..91f53df486b 100644 --- a/python/ql/lib/CHANGELOG.md +++ b/python/ql/lib/CHANGELOG.md @@ -1,3 +1,10 @@ +## 0.9.2 + +### Minor Analysis Improvements + +* Type tracking is now aware of reads of captured variables (variables defined in an outer scope). This leads to a richer API graph, and may lead to more results in some queries. +* Added more content-flow/field-flow for dictionaries, by adding support for reads through `mydict.get("key")` and `mydict.setdefault("key", value)`, and store steps through `dict["key"] = value` and `mydict.setdefault("key", value)`. + ## 0.9.1 ### Minor Analysis Improvements diff --git a/python/ql/lib/change-notes/2023-03-16-typetracking-read-captured-variables.md b/python/ql/lib/change-notes/2023-03-16-typetracking-read-captured-variables.md deleted file mode 100644 index 6905a03c8e8..00000000000 --- a/python/ql/lib/change-notes/2023-03-16-typetracking-read-captured-variables.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Type tracking is now aware of reads of captured variables (variables defined in an outer scope). This leads to a richer API graph, and may lead to more results in some queries. diff --git a/python/ql/lib/change-notes/2022-11-15-dictionary-read-store-steps.md b/python/ql/lib/change-notes/released/0.9.2.md similarity index 51% rename from python/ql/lib/change-notes/2022-11-15-dictionary-read-store-steps.md rename to python/ql/lib/change-notes/released/0.9.2.md index 45b225bbb26..06149b0aac9 100644 --- a/python/ql/lib/change-notes/2022-11-15-dictionary-read-store-steps.md +++ b/python/ql/lib/change-notes/released/0.9.2.md @@ -1,4 +1,6 @@ ---- -category: minorAnalysis ---- +## 0.9.2 + +### Minor Analysis Improvements + +* Type tracking is now aware of reads of captured variables (variables defined in an outer scope). This leads to a richer API graph, and may lead to more results in some queries. * Added more content-flow/field-flow for dictionaries, by adding support for reads through `mydict.get("key")` and `mydict.setdefault("key", value)`, and store steps through `dict["key"] = value` and `mydict.setdefault("key", value)`. diff --git a/python/ql/lib/codeql-pack.release.yml b/python/ql/lib/codeql-pack.release.yml index 6789dcd18b7..e1eda519435 100644 --- a/python/ql/lib/codeql-pack.release.yml +++ b/python/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.9.1 +lastReleaseVersion: 0.9.2 diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index 9948ffa5d7f..be1ec0efa99 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 0.9.2-dev +version: 0.9.2 groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/CHANGELOG.md b/python/ql/src/CHANGELOG.md index 36f736322c9..712de670fdc 100644 --- a/python/ql/src/CHANGELOG.md +++ b/python/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.7.2 + +No user-facing changes. + ## 0.7.1 No user-facing changes. diff --git a/python/ql/src/change-notes/released/0.7.2.md b/python/ql/src/change-notes/released/0.7.2.md new file mode 100644 index 00000000000..8693d609ec7 --- /dev/null +++ b/python/ql/src/change-notes/released/0.7.2.md @@ -0,0 +1,3 @@ +## 0.7.2 + +No user-facing changes. diff --git a/python/ql/src/codeql-pack.release.yml b/python/ql/src/codeql-pack.release.yml index e007a9aec3e..fee171e9685 100644 --- a/python/ql/src/codeql-pack.release.yml +++ b/python/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.1 +lastReleaseVersion: 0.7.2 diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index 0d2839ec410..d399ced2ccd 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 0.7.2-dev +version: 0.7.2 groups: - python - queries diff --git a/ruby/ql/lib/CHANGELOG.md b/ruby/ql/lib/CHANGELOG.md index 2071494bb54..65eba10cc10 100644 --- a/ruby/ql/lib/CHANGELOG.md +++ b/ruby/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.6.2 + +### Minor Analysis Improvements + +* Support for the `sqlite3` gem has been added. Method calls that execute queries against an SQLite3 database that may be vulnerable to injection attacks will now be recognized. + ## 0.6.1 No user-facing changes. diff --git a/ruby/ql/lib/change-notes/2023-05-03-sqlite3.md b/ruby/ql/lib/change-notes/released/0.6.2.md similarity index 80% rename from ruby/ql/lib/change-notes/2023-05-03-sqlite3.md rename to ruby/ql/lib/change-notes/released/0.6.2.md index 16af7f859e9..a1214bd6e68 100644 --- a/ruby/ql/lib/change-notes/2023-05-03-sqlite3.md +++ b/ruby/ql/lib/change-notes/released/0.6.2.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 0.6.2 + +### Minor Analysis Improvements + * Support for the `sqlite3` gem has been added. Method calls that execute queries against an SQLite3 database that may be vulnerable to injection attacks will now be recognized. diff --git a/ruby/ql/lib/codeql-pack.release.yml b/ruby/ql/lib/codeql-pack.release.yml index 80fb0899f64..5501a2a1cc5 100644 --- a/ruby/ql/lib/codeql-pack.release.yml +++ b/ruby/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.1 +lastReleaseVersion: 0.6.2 diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index f25ce14aa24..7d01fb676db 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 0.6.2-dev +version: 0.6.2 groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/CHANGELOG.md b/ruby/ql/src/CHANGELOG.md index 20ece6388aa..7e2e0df8b38 100644 --- a/ruby/ql/src/CHANGELOG.md +++ b/ruby/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.6.2 + +No user-facing changes. + ## 0.6.1 No user-facing changes. diff --git a/ruby/ql/src/change-notes/released/0.6.2.md b/ruby/ql/src/change-notes/released/0.6.2.md new file mode 100644 index 00000000000..43f80640fc5 --- /dev/null +++ b/ruby/ql/src/change-notes/released/0.6.2.md @@ -0,0 +1,3 @@ +## 0.6.2 + +No user-facing changes. diff --git a/ruby/ql/src/codeql-pack.release.yml b/ruby/ql/src/codeql-pack.release.yml index 80fb0899f64..5501a2a1cc5 100644 --- a/ruby/ql/src/codeql-pack.release.yml +++ b/ruby/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.1 +lastReleaseVersion: 0.6.2 diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index b85dc0f5e4f..2ba1f5ae58f 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 0.6.2-dev +version: 0.6.2 groups: - ruby - queries diff --git a/shared/regex/CHANGELOG.md b/shared/regex/CHANGELOG.md index 64199d2b5ca..cc83ed1e68c 100644 --- a/shared/regex/CHANGELOG.md +++ b/shared/regex/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.13 + +No user-facing changes. + ## 0.0.12 No user-facing changes. diff --git a/shared/regex/change-notes/released/0.0.13.md b/shared/regex/change-notes/released/0.0.13.md new file mode 100644 index 00000000000..f679eaf0313 --- /dev/null +++ b/shared/regex/change-notes/released/0.0.13.md @@ -0,0 +1,3 @@ +## 0.0.13 + +No user-facing changes. diff --git a/shared/regex/codeql-pack.release.yml b/shared/regex/codeql-pack.release.yml index 997fb8da83c..044e54e4f7e 100644 --- a/shared/regex/codeql-pack.release.yml +++ b/shared/regex/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.12 +lastReleaseVersion: 0.0.13 diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml index ef9519ead25..deb3ab1029b 100644 --- a/shared/regex/qlpack.yml +++ b/shared/regex/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/regex -version: 0.0.13-dev +version: 0.0.13 groups: shared library: true dependencies: diff --git a/shared/ssa/CHANGELOG.md b/shared/ssa/CHANGELOG.md index 52bdc7e1442..5e42000c1d1 100644 --- a/shared/ssa/CHANGELOG.md +++ b/shared/ssa/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.17 + +No user-facing changes. + ## 0.0.16 No user-facing changes. diff --git a/shared/ssa/change-notes/released/0.0.17.md b/shared/ssa/change-notes/released/0.0.17.md new file mode 100644 index 00000000000..62cc89030a6 --- /dev/null +++ b/shared/ssa/change-notes/released/0.0.17.md @@ -0,0 +1,3 @@ +## 0.0.17 + +No user-facing changes. diff --git a/shared/ssa/codeql-pack.release.yml b/shared/ssa/codeql-pack.release.yml index a49f7be4cff..cbc3d3cd493 100644 --- a/shared/ssa/codeql-pack.release.yml +++ b/shared/ssa/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.16 +lastReleaseVersion: 0.0.17 diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml index 4bb3d04e800..2200a923da4 100644 --- a/shared/ssa/qlpack.yml +++ b/shared/ssa/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ssa -version: 0.0.17-dev +version: 0.0.17 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/tutorial/CHANGELOG.md b/shared/tutorial/CHANGELOG.md index 1e8bd30fccd..02876619527 100644 --- a/shared/tutorial/CHANGELOG.md +++ b/shared/tutorial/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.10 + +No user-facing changes. + ## 0.0.9 No user-facing changes. diff --git a/shared/tutorial/change-notes/released/0.0.10.md b/shared/tutorial/change-notes/released/0.0.10.md new file mode 100644 index 00000000000..22391080fd4 --- /dev/null +++ b/shared/tutorial/change-notes/released/0.0.10.md @@ -0,0 +1,3 @@ +## 0.0.10 + +No user-facing changes. diff --git a/shared/tutorial/codeql-pack.release.yml b/shared/tutorial/codeql-pack.release.yml index ecdd64fbab8..b740014e5ae 100644 --- a/shared/tutorial/codeql-pack.release.yml +++ b/shared/tutorial/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.9 +lastReleaseVersion: 0.0.10 diff --git a/shared/tutorial/qlpack.yml b/shared/tutorial/qlpack.yml index 37c2fca38b4..dafd176c023 100644 --- a/shared/tutorial/qlpack.yml +++ b/shared/tutorial/qlpack.yml @@ -1,6 +1,6 @@ name: codeql/tutorial description: Library for the CodeQL detective tutorials, helping new users learn to write CodeQL queries. -version: 0.0.10-dev +version: 0.0.10 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/typetracking/CHANGELOG.md b/shared/typetracking/CHANGELOG.md index 77af08547b4..c8729dc39f8 100644 --- a/shared/typetracking/CHANGELOG.md +++ b/shared/typetracking/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.10 + +No user-facing changes. + ## 0.0.9 No user-facing changes. diff --git a/shared/typetracking/change-notes/released/0.0.10.md b/shared/typetracking/change-notes/released/0.0.10.md new file mode 100644 index 00000000000..22391080fd4 --- /dev/null +++ b/shared/typetracking/change-notes/released/0.0.10.md @@ -0,0 +1,3 @@ +## 0.0.10 + +No user-facing changes. diff --git a/shared/typetracking/codeql-pack.release.yml b/shared/typetracking/codeql-pack.release.yml index ecdd64fbab8..b740014e5ae 100644 --- a/shared/typetracking/codeql-pack.release.yml +++ b/shared/typetracking/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.9 +lastReleaseVersion: 0.0.10 diff --git a/shared/typetracking/qlpack.yml b/shared/typetracking/qlpack.yml index 499f5cc4d34..697964c9078 100644 --- a/shared/typetracking/qlpack.yml +++ b/shared/typetracking/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typetracking -version: 0.0.10-dev +version: 0.0.10 groups: shared library: true dependencies: diff --git a/shared/typos/CHANGELOG.md b/shared/typos/CHANGELOG.md index 600b6f93329..472d0ef41a5 100644 --- a/shared/typos/CHANGELOG.md +++ b/shared/typos/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.17 + +No user-facing changes. + ## 0.0.16 No user-facing changes. diff --git a/shared/typos/change-notes/released/0.0.17.md b/shared/typos/change-notes/released/0.0.17.md new file mode 100644 index 00000000000..62cc89030a6 --- /dev/null +++ b/shared/typos/change-notes/released/0.0.17.md @@ -0,0 +1,3 @@ +## 0.0.17 + +No user-facing changes. diff --git a/shared/typos/codeql-pack.release.yml b/shared/typos/codeql-pack.release.yml index a49f7be4cff..cbc3d3cd493 100644 --- a/shared/typos/codeql-pack.release.yml +++ b/shared/typos/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.16 +lastReleaseVersion: 0.0.17 diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml index 6d0b76e1ce5..41595203b56 100644 --- a/shared/typos/qlpack.yml +++ b/shared/typos/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typos -version: 0.0.17-dev +version: 0.0.17 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/util/CHANGELOG.md b/shared/util/CHANGELOG.md index aad25b929dc..99aa576343d 100644 --- a/shared/util/CHANGELOG.md +++ b/shared/util/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.10 + +No user-facing changes. + ## 0.0.9 No user-facing changes. diff --git a/shared/util/change-notes/released/0.0.10.md b/shared/util/change-notes/released/0.0.10.md new file mode 100644 index 00000000000..22391080fd4 --- /dev/null +++ b/shared/util/change-notes/released/0.0.10.md @@ -0,0 +1,3 @@ +## 0.0.10 + +No user-facing changes. diff --git a/shared/util/codeql-pack.release.yml b/shared/util/codeql-pack.release.yml index ecdd64fbab8..b740014e5ae 100644 --- a/shared/util/codeql-pack.release.yml +++ b/shared/util/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.9 +lastReleaseVersion: 0.0.10 diff --git a/shared/util/qlpack.yml b/shared/util/qlpack.yml index 8ff9a0efdb6..b6a5d413250 100644 --- a/shared/util/qlpack.yml +++ b/shared/util/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/util -version: 0.0.10-dev +version: 0.0.10 groups: shared library: true dependencies: diff --git a/shared/yaml/CHANGELOG.md b/shared/yaml/CHANGELOG.md index 9e8194d5e01..9119d5fc839 100644 --- a/shared/yaml/CHANGELOG.md +++ b/shared/yaml/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.2 + +No user-facing changes. + ## 0.0.1 ### Minor Analysis Improvements diff --git a/shared/yaml/change-notes/released/0.0.2.md b/shared/yaml/change-notes/released/0.0.2.md new file mode 100644 index 00000000000..5ab250998ed --- /dev/null +++ b/shared/yaml/change-notes/released/0.0.2.md @@ -0,0 +1,3 @@ +## 0.0.2 + +No user-facing changes. diff --git a/shared/yaml/codeql-pack.release.yml b/shared/yaml/codeql-pack.release.yml index c6933410b71..55dc06fbd76 100644 --- a/shared/yaml/codeql-pack.release.yml +++ b/shared/yaml/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.1 +lastReleaseVersion: 0.0.2 diff --git a/shared/yaml/qlpack.yml b/shared/yaml/qlpack.yml index 75a796f2ba3..5f61beb0f39 100644 --- a/shared/yaml/qlpack.yml +++ b/shared/yaml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/yaml -version: 0.0.2-dev +version: 0.0.2 groups: shared library: true warnOnImplicitThis: true From d5d56cde5aac76d13baae120d0d1a2ce169694f5 Mon Sep 17 00:00:00 2001 From: Chris Smowton Date: Tue, 23 May 2023 10:51:21 +0100 Subject: [PATCH 14/15] Dead store of field: count passing to a vararg function as escaping --- go/ql/src/RedundantCode/DeadStoreOfField.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go/ql/src/RedundantCode/DeadStoreOfField.ql b/go/ql/src/RedundantCode/DeadStoreOfField.ql index 2060ac1f734..9dd2c4de65c 100644 --- a/go/ql/src/RedundantCode/DeadStoreOfField.ql +++ b/go/ql/src/RedundantCode/DeadStoreOfField.ql @@ -36,7 +36,7 @@ predicate escapes(DataFlow::Node nd) { exists(SendStmt s | nd.asExpr() = s.getValue()) or // if `nd` is passed to a function, then it escapes - nd instanceof DataFlow::ArgumentNode + nd = any(DataFlow::CallNode c).getASyntacticArgument() or // if `nd` has its address taken, then it escapes exists(AddressExpr ae | nd.asExpr() = ae.getOperand()) From 0574f2784f2db7639bad37fba8871b71c99cb3d2 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Tue, 23 May 2023 12:32:28 +0200 Subject: [PATCH 15/15] Swift: trigger workflow on `codeql-cli-*` --- .github/workflows/swift.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/swift.yml b/.github/workflows/swift.yml index 806e04e6c68..075a5505f39 100644 --- a/.github/workflows/swift.yml +++ b/.github/workflows/swift.yml @@ -16,6 +16,7 @@ on: branches: - main - rc/* + - codeql-cli-* push: paths: - "swift/**" @@ -30,6 +31,7 @@ on: branches: - main - rc/* + - codeql-cli-* jobs: # not using a matrix as you cannot depend on a specific job in a matrix, and we want to start linux checks