зеркало из https://github.com/github/codeql.git
Merge branch 'codeql-cli-2.13.3' into redsun82/swift-hidden-ast
This commit is contained in:
Paolo Tranquilli
Коммит
fce33d369b
|
|
@ -16,6 +16,7 @@ on:
|
|||
branches:
|
||||
- main
|
||||
- rc/*
|
||||
- codeql-cli-*
|
||||
push:
|
||||
paths:
|
||||
- "swift/**"
|
||||
|
|
@ -30,6 +31,7 @@ on:
|
|||
branches:
|
||||
- main
|
||||
- rc/*
|
||||
- codeql-cli-*
|
||||
|
||||
jobs:
|
||||
# not using a matrix as you cannot depend on a specific job in a matrix, and we want to start linux checks
|
||||
|
|
|
|||
|
|
@ -1,3 +1,19 @@
|
|||
## 0.7.2
|
||||
|
||||
### New Features
|
||||
|
||||
* Added an AST-based interface (`semmle.code.cpp.rangeanalysis.new.RangeAnalysis`) for the relative range analysis library.
|
||||
* A new predicate `BarrierGuard::getAnIndirectBarrierNode` has been added to the new dataflow library (`semmle.code.cpp.dataflow.new.DataFlow`) to mark indirect expressions as barrier nodes using the `BarrierGuard` API.
|
||||
|
||||
### Major Analysis Improvements
|
||||
|
||||
* In the intermediate representation, handling of control flow after non-returning calls has been improved. This should remove false positives in queries that use the intermedite representation or libraries based on it, including the new data flow library.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The `StdNamespace` class now also includes all inline namespaces that are children of `std` namespace.
|
||||
* The new dataflow (`semmle.code.cpp.dataflow.new.DataFlow`) and taint-tracking libraries (`semmle.code.cpp.dataflow.new.TaintTracking`) now support tracking flow through static local variables.
|
||||
|
||||
## 0.7.1
|
||||
|
||||
No user-facing changes.
|
||||
|
|
|
|||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: feature
|
||||
---
|
||||
* A new predicate `BarrierGuard::getAnIndirectBarrierNode` has been added to the new dataflow library (`semmle.code.cpp.dataflow.new.DataFlow`) to mark indirect expressions as barrier nodes using the `BarrierGuard` API.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The new dataflow (`semmle.code.cpp.dataflow.new.DataFlow`) and taint-tracking libraries (`semmle.code.cpp.dataflow.new.TaintTracking`) now support tracking flow through static local variables.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: majorAnalysis
|
||||
---
|
||||
* In the intermediate representation, handling of control flow after non-returning calls has been improved. This should remove false positives in queries that use the intermedite representation or libraries based on it, including the new data flow library.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: feature
|
||||
---
|
||||
* Added an AST-based interface (`semmle.code.cpp.rangeanalysis.new.RangeAnalysis`) for the relative range analysis library.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The `StdNamespace` class now also includes all inline namespaces that are children of `std` namespace.
|
||||
|
|
@ -0,0 +1,15 @@
|
|||
## 0.7.2
|
||||
|
||||
### New Features
|
||||
|
||||
* Added an AST-based interface (`semmle.code.cpp.rangeanalysis.new.RangeAnalysis`) for the relative range analysis library.
|
||||
* A new predicate `BarrierGuard::getAnIndirectBarrierNode` has been added to the new dataflow library (`semmle.code.cpp.dataflow.new.DataFlow`) to mark indirect expressions as barrier nodes using the `BarrierGuard` API.
|
||||
|
||||
### Major Analysis Improvements
|
||||
|
||||
* In the intermediate representation, handling of control flow after non-returning calls has been improved. This should remove false positives in queries that use the intermedite representation or libraries based on it, including the new data flow library.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The `StdNamespace` class now also includes all inline namespaces that are children of `std` namespace.
|
||||
* The new dataflow (`semmle.code.cpp.dataflow.new.DataFlow`) and taint-tracking libraries (`semmle.code.cpp.dataflow.new.TaintTracking`) now support tracking flow through static local variables.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 0.7.1
|
||||
lastReleaseVersion: 0.7.2
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/cpp-all
|
||||
version: 0.7.2-dev
|
||||
version: 0.7.2
|
||||
groups: cpp
|
||||
dbscheme: semmlecode.cpp.dbscheme
|
||||
extractor: cpp
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
## 0.6.2
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.6.1
|
||||
|
||||
### New Queries
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
## 0.6.2
|
||||
|
||||
No user-facing changes.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 0.6.1
|
||||
lastReleaseVersion: 0.6.2
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/cpp-queries
|
||||
version: 0.6.2-dev
|
||||
version: 0.6.2
|
||||
groups:
|
||||
- cpp
|
||||
- queries
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
## 1.5.2
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.5.1
|
||||
|
||||
No user-facing changes.
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
## 1.5.2
|
||||
|
||||
No user-facing changes.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 1.5.1
|
||||
lastReleaseVersion: 1.5.2
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/csharp-solorigate-all
|
||||
version: 1.5.2-dev
|
||||
version: 1.5.2
|
||||
groups:
|
||||
- csharp
|
||||
- solorigate
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
## 1.5.2
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.5.1
|
||||
|
||||
No user-facing changes.
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
## 1.5.2
|
||||
|
||||
No user-facing changes.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 1.5.1
|
||||
lastReleaseVersion: 1.5.2
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/csharp-solorigate-queries
|
||||
version: 1.5.2-dev
|
||||
version: 1.5.2
|
||||
groups:
|
||||
- csharp
|
||||
- solorigate
|
||||
|
|
|
|||
|
|
@ -1,3 +1,10 @@
|
|||
## 0.6.2
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The `cs/log-forging`, `cs/cleartext-storage`, and `cs/exposure-of-sensitive-information` queries now correctly handle unsanitized arguments to `ILogger` extension methods.
|
||||
* Updated the `neutralModel` extensible predicate to include a `kind` column.
|
||||
|
||||
## 0.6.1
|
||||
|
||||
No user-facing changes.
|
||||
|
|
|
|||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Updated the `neutralModel` extensible predicate to include a `kind` column.
|
||||
|
|
@ -1,4 +1,6 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
## 0.6.2
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The `cs/log-forging`, `cs/cleartext-storage`, and `cs/exposure-of-sensitive-information` queries now correctly handle unsanitized arguments to `ILogger` extension methods.
|
||||
* Updated the `neutralModel` extensible predicate to include a `kind` column.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 0.6.1
|
||||
lastReleaseVersion: 0.6.2
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/csharp-all
|
||||
version: 0.6.2-dev
|
||||
version: 0.6.2
|
||||
groups: csharp
|
||||
dbscheme: semmlecode.csharp.dbscheme
|
||||
extractor: csharp
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
## 0.6.2
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.6.1
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
## 0.6.2
|
||||
|
||||
No user-facing changes.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 0.6.1
|
||||
lastReleaseVersion: 0.6.2
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/csharp-queries
|
||||
version: 0.6.2-dev
|
||||
version: 0.6.2
|
||||
groups:
|
||||
- csharp
|
||||
- queries
|
||||
|
|
|
|||
|
|
@ -1,3 +1,9 @@
|
|||
## 0.5.2
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Fixed data flow through variadic function parameters. The arguments corresponding to a variadic parameter are no longer returned by `CallNode.getArgument(int i)` and `CallNode.getAnArgument()`, and hence aren't `ArgumentNode`s. They now have one result, which is an `ImplicitVarargsSlice` node. For example, a call `f(a, b, c)` to a function `f(T...)` is treated like `f([]T{a, b, c})`. The old behaviour is preserved by `CallNode.getSyntacticArgument(int i)` and `CallNode.getASyntacticArgument()`. `CallExpr.getArgument(int i)` and `CallExpr.getAnArgument()` are unchanged, and will still have three results in the example given.
|
||||
|
||||
## 0.5.1
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
## 0.5.2
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Fixed data flow through variadic function parameters. The arguments corresponding to a variadic parameter are no longer returned by `CallNode.getArgument(int i)` and `CallNode.getAnArgument()`, and hence aren't `ArgumentNode`s. They now have one result, which is an `ImplicitVarargsSlice` node. For example, a call `f(a, b, c)` to a function `f(T...)` is treated like `f([]T{a, b, c})`. The old behaviour is preserved by `CallNode.getSyntacticArgument(int i)` and `CallNode.getASyntacticArgument()`. `CallExpr.getArgument(int i)` and `CallExpr.getAnArgument()` are unchanged, and will still have three results in the example given.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 0.5.1
|
||||
lastReleaseVersion: 0.5.2
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/go-all
|
||||
version: 0.5.2-dev
|
||||
version: 0.5.2
|
||||
groups: go
|
||||
dbscheme: go.dbscheme
|
||||
extractor: go
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
## 0.5.2
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.5.1
|
||||
|
||||
No user-facing changes.
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@ predicate escapes(DataFlow::Node nd) {
|
|||
exists(SendStmt s | nd.asExpr() = s.getValue())
|
||||
or
|
||||
// if `nd` is passed to a function, then it escapes
|
||||
nd instanceof DataFlow::ArgumentNode
|
||||
nd = any(DataFlow::CallNode c).getASyntacticArgument()
|
||||
or
|
||||
// if `nd` has its address taken, then it escapes
|
||||
exists(AddressExpr ae | nd.asExpr() = ae.getOperand())
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
## 0.5.2
|
||||
|
||||
No user-facing changes.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 0.5.1
|
||||
lastReleaseVersion: 0.5.2
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/go-queries
|
||||
version: 0.5.2-dev
|
||||
version: 0.5.2
|
||||
groups:
|
||||
- go
|
||||
- queries
|
||||
|
|
|
|||
|
|
@ -1,3 +1,44 @@
|
|||
## 0.6.2
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added SQL injection sinks for Spring JDBC's `NamedParameterJdbcOperations`.
|
||||
* Added models for the following packages:
|
||||
|
||||
* org.apache.hadoop.fs
|
||||
* Added the `ArithmeticCommon.qll` library to provide predicates for reasoning about arithmetic operations.
|
||||
* Added the `ArithmeticTaintedLocalQuery.qll` library to provide the `ArithmeticTaintedLocalOverflowFlow` and `ArithmeticTaintedLocalUnderflowFlow` taint-tracking modules to reason about arithmetic with unvalidated user input.
|
||||
* Added the `ArithmeticTaintedQuery.qll` library to provide the `RemoteUserInputOverflow` and `RemoteUserInputUnderflow` taint-tracking modules to reason about arithmetic with unvalidated user input.
|
||||
* Added the `ArithmeticUncontrolledQuery.qll` library to provide the `ArithmeticUncontrolledOverflowFlow` and `ArithmeticUncontrolledUnderflowFlow` taint-tracking modules to reason about arithmetic with uncontrolled user input.
|
||||
* Added the `ArithmeticWithExtremeValuesQuery.qll` library to provide the `MaxValueFlow` and `MinValueFlow` dataflow modules to reason about arithmetic with extreme values.
|
||||
* Added the `BrokenCryptoAlgorithmQuery.qll` library to provide the `InsecureCryptoFlow` taint-tracking module to reason about broken cryptographic algorithm vulnerabilities.
|
||||
* Added the `ExecTaintedLocalQuery.qll` library to provide the `LocalUserInputToArgumentToExecFlow` taint-tracking module to reason about command injection vulnerabilities caused by local data flow.
|
||||
* Added the `ExternallyControlledFormatStringLocalQuery.qll` library to provide the `ExternallyControlledFormatStringLocalFlow` taint-tracking module to reason about format string vulnerabilities caused by local data flow.
|
||||
* Added the `ImproperValidationOfArrayConstructionCodeSpecifiedQuery.qll` library to provide the `BoundedFlowSourceFlow` dataflow module to reason about improper validation of code-specified sizes used for array construction.
|
||||
* Added the `ImproperValidationOfArrayConstructionLocalQuery.qll` library to provide the `ImproperValidationOfArrayConstructionLocalFlow` taint-tracking module to reason about improper validation of local user-provided sizes used for array construction caused by local data flow.
|
||||
* Added the `ImproperValidationOfArrayConstructionQuery.qll` library to provide the `ImproperValidationOfArrayConstructionFlow` taint-tracking module to reason about improper validation of user-provided size used for array construction.
|
||||
* Added the `ImproperValidationOfArrayIndexCodeSpecifiedQuery.qll` library to provide the `BoundedFlowSourceFlow` data flow module to reason about about improper validation of code-specified array index.
|
||||
* Added the `ImproperValidationOfArrayIndexLocalQuery.qll` library to provide the `ImproperValidationOfArrayIndexLocalFlow` taint-tracking module to reason about improper validation of a local user-provided array index.
|
||||
* Added the `ImproperValidationOfArrayIndexQuery.qll` library to provide the `ImproperValidationOfArrayIndexFlow` taint-tracking module to reason about improper validation of user-provided array index.
|
||||
* Added the `InsecureCookieQuery.qll` library to provide the `SecureCookieFlow` taint-tracking module to reason about insecure cookie vulnerabilities.
|
||||
* Added the `MaybeBrokenCryptoAlgorithmQuery.qll` library to provide the `InsecureCryptoFlow` taint-tracking module to reason about broken cryptographic algorithm vulnerabilities.
|
||||
* Added the `NumericCastTaintedQuery.qll` library to provide the `NumericCastTaintedFlow` taint-tracking module to reason about numeric cast vulnerabilities.
|
||||
* Added the `ResponseSplittingLocalQuery.qll` library to provide the `ResponseSplittingLocalFlow` taint-tracking module to reason about response splitting vulnerabilities caused by local data flow.
|
||||
* Added the `SqlConcatenatedQuery.qll` library to provide the `UncontrolledStringBuilderSourceFlow` taint-tracking module to reason about SQL injection vulnerabilities caused by concatenating untrusted strings.
|
||||
* Added the `SqlTaintedLocalQuery.qll` library to provide the `LocalUserInputToArgumentToSqlFlow` taint-tracking module to reason about SQL injection vulnerabilities caused by local data flow.
|
||||
* Added the `StackTraceExposureQuery.qll` library to provide the `printsStackExternally`, `stringifiedStackFlowsExternally`, and `getMessageFlowsExternally` predicates to reason about stack trace exposure vulnerabilities.
|
||||
* Added the `TaintedPermissionQuery.qll` library to provide the `TaintedPermissionFlow` taint-tracking module to reason about tainted permission vulnerabilities.
|
||||
* Added the `TempDirLocalInformationDisclosureQuery.qll` library to provide the `TempDirSystemGetPropertyToCreate` taint-tracking module to reason about local information disclosure vulnerabilities caused by local data flow.
|
||||
* Added the `UnsafeHostnameVerificationQuery.qll` library to provide the `TrustAllHostnameVerifierFlow` taint-tracking module to reason about insecure hostname verification vulnerabilities.
|
||||
* Added the `UrlRedirectLocalQuery.qll` library to provide the `UrlRedirectLocalFlow` taint-tracking module to reason about URL redirection vulnerabilities caused by local data flow.
|
||||
* Added the `UrlRedirectQuery.qll` library to provide the `UrlRedirectFlow` taint-tracking module to reason about URL redirection vulnerabilities.
|
||||
* Added the `XPathInjectionQuery.qll` library to provide the `XPathInjectionFlow` taint-tracking module to reason about XPath injection vulnerabilities.
|
||||
* Added the `XssLocalQuery.qll` library to provide the `XssLocalFlow` taint-tracking module to reason about XSS vulnerabilities caused by local data flow.
|
||||
* Moved the `url-open-stream` sink models to experimental and removed `url-open-stream` as a sink option from the [Customizing Library Models for Java](https://github.com/github/codeql/blob/733a00039efdb39c3dd76ddffad5e6d6c85e6774/docs/codeql/codeql-language-guides/customizing-library-models-for-java.rst#customizing-library-models-for-java) documentation.
|
||||
* Added models for the Apache Commons Net library.
|
||||
* Updated the `neutralModel` extensible predicate to include a `kind` column.
|
||||
* Added models for the `io.jsonwebtoken` library.
|
||||
|
||||
## 0.6.1
|
||||
|
||||
### Deprecated APIs
|
||||
|
|
|
|||
|
|
@ -1,5 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added models for the `io.jsonwebtoken` library.
|
||||
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Updated the `neutralModel` extensible predicate to include a `kind` column.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added models for the Apache Commons Net library.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Moved the `url-open-stream` sink models to experimental and removed `url-open-stream` as a sink option from the [Customizing Library Models for Java](https://github.com/github/codeql/blob/733a00039efdb39c3dd76ddffad5e6d6c85e6774/docs/codeql/codeql-language-guides/customizing-library-models-for-java.rst#customizing-library-models-for-java) documentation.
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added models for the following packages:
|
||||
|
||||
* org.apache.hadoop.fs
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added SQL injection sinks for Spring JDBC's `NamedParameterJdbcOperations`.
|
||||
|
|
@ -1,6 +1,11 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
## 0.6.2
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added SQL injection sinks for Spring JDBC's `NamedParameterJdbcOperations`.
|
||||
* Added models for the following packages:
|
||||
|
||||
* org.apache.hadoop.fs
|
||||
* Added the `ArithmeticCommon.qll` library to provide predicates for reasoning about arithmetic operations.
|
||||
* Added the `ArithmeticTaintedLocalQuery.qll` library to provide the `ArithmeticTaintedLocalOverflowFlow` and `ArithmeticTaintedLocalUnderflowFlow` taint-tracking modules to reason about arithmetic with unvalidated user input.
|
||||
* Added the `ArithmeticTaintedQuery.qll` library to provide the `RemoteUserInputOverflow` and `RemoteUserInputUnderflow` taint-tracking modules to reason about arithmetic with unvalidated user input.
|
||||
|
|
@ -29,3 +34,7 @@ category: minorAnalysis
|
|||
* Added the `UrlRedirectQuery.qll` library to provide the `UrlRedirectFlow` taint-tracking module to reason about URL redirection vulnerabilities.
|
||||
* Added the `XPathInjectionQuery.qll` library to provide the `XPathInjectionFlow` taint-tracking module to reason about XPath injection vulnerabilities.
|
||||
* Added the `XssLocalQuery.qll` library to provide the `XssLocalFlow` taint-tracking module to reason about XSS vulnerabilities caused by local data flow.
|
||||
* Moved the `url-open-stream` sink models to experimental and removed `url-open-stream` as a sink option from the [Customizing Library Models for Java](https://github.com/github/codeql/blob/733a00039efdb39c3dd76ddffad5e6d6c85e6774/docs/codeql/codeql-language-guides/customizing-library-models-for-java.rst#customizing-library-models-for-java) documentation.
|
||||
* Added models for the Apache Commons Net library.
|
||||
* Updated the `neutralModel` extensible predicate to include a `kind` column.
|
||||
* Added models for the `io.jsonwebtoken` library.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 0.6.1
|
||||
lastReleaseVersion: 0.6.2
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/java-all
|
||||
version: 0.6.2-dev
|
||||
version: 0.6.2
|
||||
groups: java
|
||||
dbscheme: config/semmlecode.dbscheme
|
||||
extractor: java
|
||||
|
|
|
|||
|
|
@ -1,3 +1,11 @@
|
|||
## 0.6.2
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The query `java/groovy-injection` now recognizes `groovy.text.TemplateEngine.createTemplate` as a sink.
|
||||
* The queries `java/xxe` and `java/xxe-local` now recognize the second argument of calls to `XPath.evaluate` as a sink.
|
||||
* Experimental sinks for the query "Resolving XML external entity in user-controlled data" (`java/xxe`) have been promoted to the main query pack. These sinks were originally [submitted as part of an experimental query by @haby0](https://github.com/github/codeql/pull/6564).
|
||||
|
||||
## 0.6.1
|
||||
|
||||
No user-facing changes.
|
||||
|
|
|
|||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The queries `java/xxe` and `java/xxe-local` now recognize the second argument of calls to `XPath.evaluate` as a sink.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The query `java/groovy-injection` now recognizes `groovy.text.TemplateEngine.createTemplate` as a sink.
|
||||
|
|
@ -1,4 +1,7 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
## 0.6.2
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The query `java/groovy-injection` now recognizes `groovy.text.TemplateEngine.createTemplate` as a sink.
|
||||
* The queries `java/xxe` and `java/xxe-local` now recognize the second argument of calls to `XPath.evaluate` as a sink.
|
||||
* Experimental sinks for the query "Resolving XML external entity in user-controlled data" (`java/xxe`) have been promoted to the main query pack. These sinks were originally [submitted as part of an experimental query by @haby0](https://github.com/github/codeql/pull/6564).
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 0.6.1
|
||||
lastReleaseVersion: 0.6.2
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/java-queries
|
||||
version: 0.6.2-dev
|
||||
version: 0.6.2
|
||||
groups:
|
||||
- java
|
||||
- queries
|
||||
|
|
|
|||
|
|
@ -1,3 +1,9 @@
|
|||
## 0.6.2
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Improved the queries for injection vulnerabilities in GitHub Actions workflows (`js/actions/command-injection` and `js/actions/pull-request-target`) and the associated library `semmle.javascript.Actions`. These now support steps defined in composite actions, in addition to steps defined in Actions workflow files. It supports more potentially untrusted input values. Additionally to the shell injections it now also detects injections in `actions/github-script`. It also detects simple injections from user controlled `${{ env.name }}`. Additionally to the `yml` extension now it also supports workflows with the `yaml` extension.
|
||||
|
||||
## 0.6.1
|
||||
|
||||
### Major Analysis Improvements
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
## 0.6.2
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Improved the queries for injection vulnerabilities in GitHub Actions workflows (`js/actions/command-injection` and `js/actions/pull-request-target`) and the associated library `semmle.javascript.Actions`. These now support steps defined in composite actions, in addition to steps defined in Actions workflow files. It supports more potentially untrusted input values. Additionally to the shell injections it now also detects injections in `actions/github-script`. It also detects simple injections from user controlled `${{ env.name }}`. Additionally to the `yml` extension now it also supports workflows with the `yaml` extension.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 0.6.1
|
||||
lastReleaseVersion: 0.6.2
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/javascript-all
|
||||
version: 0.6.2-dev
|
||||
version: 0.6.2
|
||||
groups: javascript
|
||||
dbscheme: semmlecode.javascript.dbscheme
|
||||
extractor: javascript
|
||||
|
|
|
|||
|
|
@ -1,3 +1,23 @@
|
|||
## 0.6.2
|
||||
|
||||
### Major Analysis Improvements
|
||||
|
||||
* Added taint sources from the `@actions/core` and `@actions/github` packages.
|
||||
* Added command-injection sinks from the `@actions/exec` package.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The `js/indirect-command-line-injection` query no longer flags command arguments that cannot be interpreted as a shell string.
|
||||
* The `js/unsafe-deserialization` query no longer flags deserialization through the `js-yaml` library, except
|
||||
when it is used with an unsafe schema.
|
||||
* The Forge module in `CryptoLibraries.qll` now correctly classifies SHA-512/224,
|
||||
SHA-512/256, and SHA-512/384 hashes used in message digests as NonKeyCiphers.
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* Fixed a spurious diagnostic warning about comments in JSON files being illegal.
|
||||
Comments in JSON files are in fact fully supported, and the diagnostic message was misleading.
|
||||
|
||||
## 0.6.1
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
|
|
|||
|
|
@ -1,5 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The Forge module in `CryptoLibraries.qll` now correctly classifies SHA-512/224,
|
||||
SHA-512/256, and SHA-512/384 hashes used in message digests as NonKeyCiphers.
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The `js/unsafe-deserialization` query no longer flags deserialization through the `js-yaml` library, except
|
||||
when it is used with an unsafe schema.
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
---
|
||||
category: fix
|
||||
---
|
||||
* Fixed a spurious diagnostic warning about comments in JSON files being illegal.
|
||||
Comments in JSON files are in fact fully supported, and the diagnostic message was misleading.
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
---
|
||||
category: majorAnalysis
|
||||
---
|
||||
* Added taint sources from the `@actions/core` and `@actions/github` packages.
|
||||
* Added command-injection sinks from the `@actions/exec` package.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The `js/indirect-command-line-injection` query no longer flags command arguments that cannot be interpreted as a shell string.
|
||||
|
|
@ -0,0 +1,19 @@
|
|||
## 0.6.2
|
||||
|
||||
### Major Analysis Improvements
|
||||
|
||||
* Added taint sources from the `@actions/core` and `@actions/github` packages.
|
||||
* Added command-injection sinks from the `@actions/exec` package.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The `js/indirect-command-line-injection` query no longer flags command arguments that cannot be interpreted as a shell string.
|
||||
* The `js/unsafe-deserialization` query no longer flags deserialization through the `js-yaml` library, except
|
||||
when it is used with an unsafe schema.
|
||||
* The Forge module in `CryptoLibraries.qll` now correctly classifies SHA-512/224,
|
||||
SHA-512/256, and SHA-512/384 hashes used in message digests as NonKeyCiphers.
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* Fixed a spurious diagnostic warning about comments in JSON files being illegal.
|
||||
Comments in JSON files are in fact fully supported, and the diagnostic message was misleading.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 0.6.1
|
||||
lastReleaseVersion: 0.6.2
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/javascript-queries
|
||||
version: 0.6.2-dev
|
||||
version: 0.6.2
|
||||
groups:
|
||||
- javascript
|
||||
- queries
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
## 0.5.2
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.5.1
|
||||
|
||||
No user-facing changes.
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
## 0.5.2
|
||||
|
||||
No user-facing changes.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 0.5.1
|
||||
lastReleaseVersion: 0.5.2
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
name: codeql/suite-helpers
|
||||
version: 0.5.2-dev
|
||||
version: 0.5.2
|
||||
groups: shared
|
||||
|
|
|
|||
|
|
@ -1,3 +1,10 @@
|
|||
## 0.9.2
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Type tracking is now aware of reads of captured variables (variables defined in an outer scope). This leads to a richer API graph, and may lead to more results in some queries.
|
||||
* Added more content-flow/field-flow for dictionaries, by adding support for reads through `mydict.get("key")` and `mydict.setdefault("key", value)`, and store steps through `dict["key"] = value` and `mydict.setdefault("key", value)`.
|
||||
|
||||
## 0.9.1
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
|
|
|||
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Type tracking is now aware of reads of captured variables (variables defined in an outer scope). This leads to a richer API graph, and may lead to more results in some queries.
|
||||
|
|
@ -1,4 +1,6 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
## 0.9.2
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Type tracking is now aware of reads of captured variables (variables defined in an outer scope). This leads to a richer API graph, and may lead to more results in some queries.
|
||||
* Added more content-flow/field-flow for dictionaries, by adding support for reads through `mydict.get("key")` and `mydict.setdefault("key", value)`, and store steps through `dict["key"] = value` and `mydict.setdefault("key", value)`.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 0.9.1
|
||||
lastReleaseVersion: 0.9.2
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/python-all
|
||||
version: 0.9.2-dev
|
||||
version: 0.9.2
|
||||
groups: python
|
||||
dbscheme: semmlecode.python.dbscheme
|
||||
extractor: python
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
## 0.7.2
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.7.1
|
||||
|
||||
No user-facing changes.
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
## 0.7.2
|
||||
|
||||
No user-facing changes.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 0.7.1
|
||||
lastReleaseVersion: 0.7.2
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/python-queries
|
||||
version: 0.7.2-dev
|
||||
version: 0.7.2
|
||||
groups:
|
||||
- python
|
||||
- queries
|
||||
|
|
|
|||
|
|
@ -1,3 +1,9 @@
|
|||
## 0.6.2
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Support for the `sqlite3` gem has been added. Method calls that execute queries against an SQLite3 database that may be vulnerable to injection attacks will now be recognized.
|
||||
|
||||
## 0.6.1
|
||||
|
||||
No user-facing changes.
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
## 0.6.2
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Support for the `sqlite3` gem has been added. Method calls that execute queries against an SQLite3 database that may be vulnerable to injection attacks will now be recognized.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 0.6.1
|
||||
lastReleaseVersion: 0.6.2
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/ruby-all
|
||||
version: 0.6.2-dev
|
||||
version: 0.6.2
|
||||
groups: ruby
|
||||
extractor: ruby
|
||||
dbscheme: ruby.dbscheme
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
## 0.6.2
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.6.1
|
||||
|
||||
No user-facing changes.
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
## 0.6.2
|
||||
|
||||
No user-facing changes.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 0.6.1
|
||||
lastReleaseVersion: 0.6.2
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/ruby-queries
|
||||
version: 0.6.2-dev
|
||||
version: 0.6.2
|
||||
groups:
|
||||
- ruby
|
||||
- queries
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
## 0.0.13
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.0.12
|
||||
|
||||
No user-facing changes.
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
## 0.0.13
|
||||
|
||||
No user-facing changes.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 0.0.12
|
||||
lastReleaseVersion: 0.0.13
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/regex
|
||||
version: 0.0.13-dev
|
||||
version: 0.0.13
|
||||
groups: shared
|
||||
library: true
|
||||
dependencies:
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
## 0.0.17
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.0.16
|
||||
|
||||
No user-facing changes.
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
## 0.0.17
|
||||
|
||||
No user-facing changes.
|
||||
|
|
@ -1,2 +1,2 @@
|
|||
---
|
||||
lastReleaseVersion: 0.0.16
|
||||
lastReleaseVersion: 0.0.17
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
name: codeql/ssa
|
||||
version: 0.0.17-dev
|
||||
version: 0.0.17
|
||||
groups: shared
|
||||
library: true
|
||||
warnOnImplicitThis: true
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
## 0.0.10
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.0.9
|
||||
|
||||
No user-facing changes.
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
## 0.0.10
|
||||
|
||||
No user-facing changes.
|
||||
Некоторые файлы не были показаны из-за слишком большого количества измененных файлов Показать больше
Загрузка…
Ссылка в новой задаче