diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md index 615ceab066f5..8f6d36edc61d 100644 --- a/cpp/ql/lib/CHANGELOG.md +++ b/cpp/ql/lib/CHANGELOG.md @@ -1,3 +1,13 @@ +## 0.8.0 + +### New Features + +* The `ProductFlow::StateConfigSig` signature now includes default predicates for `isBarrier1`, `isBarrier2`, `isAdditionalFlowStep1`, and `isAdditionalFlowStep1`. Hence, it is no longer needed to provide `none()` implementations of these predicates if they are not needed. + +### Minor Analysis Improvements + +* Deleted the deprecated `getURL` predicate from the `Container`, `Folder`, and `File` classes. Use the `getLocation` predicate instead. + ## 0.7.4 No user-facing changes. diff --git a/cpp/ql/lib/change-notes/2023-06-19-delete-container-url.md b/cpp/ql/lib/change-notes/2023-06-19-delete-container-url.md deleted file mode 100644 index 9fef359a1e8a..000000000000 --- a/cpp/ql/lib/change-notes/2023-06-19-delete-container-url.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Deleted the deprecated `getURL` predicate from the `Container`, `Folder`, and `File` classes. Use the `getLocation` predicate instead. \ No newline at end of file diff --git a/cpp/ql/lib/change-notes/2023-07-06-product-dataflow-defaults.md b/cpp/ql/lib/change-notes/released/0.8.0.md similarity index 57% rename from cpp/ql/lib/change-notes/2023-07-06-product-dataflow-defaults.md rename to cpp/ql/lib/change-notes/released/0.8.0.md index 5e73c243921b..573e0cb34b65 100644 --- a/cpp/ql/lib/change-notes/2023-07-06-product-dataflow-defaults.md +++ b/cpp/ql/lib/change-notes/released/0.8.0.md @@ -1,4 +1,9 @@ ---- -category: feature ---- +## 0.8.0 + +### New Features + * The `ProductFlow::StateConfigSig` signature now includes default predicates for `isBarrier1`, `isBarrier2`, `isAdditionalFlowStep1`, and `isAdditionalFlowStep1`. Hence, it is no longer needed to provide `none()` implementations of these predicates if they are not needed. + +### Minor Analysis Improvements + +* Deleted the deprecated `getURL` predicate from the `Container`, `Folder`, and `File` classes. Use the `getLocation` predicate instead. diff --git a/cpp/ql/lib/codeql-pack.release.yml b/cpp/ql/lib/codeql-pack.release.yml index e388f34b4ecc..37eab3197dcb 100644 --- a/cpp/ql/lib/codeql-pack.release.yml +++ b/cpp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.4 +lastReleaseVersion: 0.8.0 diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index eef5dc63e1fc..9bc445e8fdc6 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 0.8.0-dev +version: 0.8.0 groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md index 2f64242b90c3..5b7104d23317 100644 --- a/cpp/ql/src/CHANGELOG.md +++ b/cpp/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.7.0 + +### Minor Analysis Improvements + +* The `cpp/comparison-with-wider-type` query now correctly handles relational operations on signed operators. As a result the query may find more results. + ## 0.6.4 No user-facing changes. diff --git a/cpp/ql/src/change-notes/2023-06-29-improve-comparison-wider-type.md b/cpp/ql/src/change-notes/released/0.7.0.md similarity index 64% rename from cpp/ql/src/change-notes/2023-06-29-improve-comparison-wider-type.md rename to cpp/ql/src/change-notes/released/0.7.0.md index 8be9a5aedd81..7fac39808021 100644 --- a/cpp/ql/src/change-notes/2023-06-29-improve-comparison-wider-type.md +++ b/cpp/ql/src/change-notes/released/0.7.0.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- -* The `cpp/comparison-with-wider-type` query now correctly handles relational operations on signed operators. As a result the query may find more results. \ No newline at end of file +## 0.7.0 + +### Minor Analysis Improvements + +* The `cpp/comparison-with-wider-type` query now correctly handles relational operations on signed operators. As a result the query may find more results. diff --git a/cpp/ql/src/codeql-pack.release.yml b/cpp/ql/src/codeql-pack.release.yml index ced8cf94614b..c761f3e7ab44 100644 --- a/cpp/ql/src/codeql-pack.release.yml +++ b/cpp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.4 +lastReleaseVersion: 0.7.0 diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index 615e532bb718..b400a52bb100 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 0.7.0-dev +version: 0.7.0 groups: - cpp - queries diff --git a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md index 1acc1f679bfa..f410a14eae64 100644 --- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.6.0 + +No user-facing changes. + ## 1.5.4 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.6.0.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.6.0.md new file mode 100644 index 000000000000..f5bad5808f60 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.6.0.md @@ -0,0 +1,3 @@ +## 1.6.0 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml index c216828ee1c3..c4f0b07d5336 100644 --- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.5.4 +lastReleaseVersion: 1.6.0 diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index c1d62301f3de..e83567f77f5e 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.6.0-dev +version: 1.6.0 groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md index 1acc1f679bfa..f410a14eae64 100644 --- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.6.0 + +No user-facing changes. + ## 1.5.4 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.6.0.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.6.0.md new file mode 100644 index 000000000000..f5bad5808f60 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.6.0.md @@ -0,0 +1,3 @@ +## 1.6.0 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml index c216828ee1c3..c4f0b07d5336 100644 --- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.5.4 +lastReleaseVersion: 1.6.0 diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index 44cb88bccd67..4ff99e03b0e9 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.6.0-dev +version: 1.6.0 groups: - csharp - solorigate diff --git a/csharp/ql/lib/CHANGELOG.md b/csharp/ql/lib/CHANGELOG.md index 551d7ee2b8bc..57ddb064fe62 100644 --- a/csharp/ql/lib/CHANGELOG.md +++ b/csharp/ql/lib/CHANGELOG.md @@ -1,3 +1,13 @@ +## 0.7.0 + +### Major Analysis Improvements + +* The data flow library now performs type strengthening. This increases precision for all data flow queries by excluding paths that can be inferred to be impossible due to incompatible types. + +### Minor Analysis Improvements + +* Additional support for `command-injection`, `ldap-injection`, `log-injection`, and `url-redirection` sink kinds for Models as Data. + ## 0.6.4 No user-facing changes. diff --git a/csharp/ql/lib/change-notes/2023-05-09-models-as-data.md b/csharp/ql/lib/change-notes/2023-05-09-models-as-data.md deleted file mode 100644 index c0abd8f06c0e..000000000000 --- a/csharp/ql/lib/change-notes/2023-05-09-models-as-data.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Additional support for `command-injection`, `ldap-injection`, `log-injection`, and `url-redirection` sink kinds for Models as Data. \ No newline at end of file diff --git a/csharp/ql/lib/change-notes/2023-06-08-type-strengthening.md b/csharp/ql/lib/change-notes/2023-06-08-type-strengthening.md deleted file mode 100644 index 60daaa530589..000000000000 --- a/csharp/ql/lib/change-notes/2023-06-08-type-strengthening.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: majorAnalysis ---- -* The data flow library now performs type strengthening. This increases precision for all data flow queries by excluding paths that can be inferred to be impossible due to incompatible types. diff --git a/csharp/ql/lib/change-notes/released/0.7.0.md b/csharp/ql/lib/change-notes/released/0.7.0.md new file mode 100644 index 000000000000..87b2fbe9b1ba --- /dev/null +++ b/csharp/ql/lib/change-notes/released/0.7.0.md @@ -0,0 +1,9 @@ +## 0.7.0 + +### Major Analysis Improvements + +* The data flow library now performs type strengthening. This increases precision for all data flow queries by excluding paths that can be inferred to be impossible due to incompatible types. + +### Minor Analysis Improvements + +* Additional support for `command-injection`, `ldap-injection`, `log-injection`, and `url-redirection` sink kinds for Models as Data. diff --git a/csharp/ql/lib/codeql-pack.release.yml b/csharp/ql/lib/codeql-pack.release.yml index ced8cf94614b..c761f3e7ab44 100644 --- a/csharp/ql/lib/codeql-pack.release.yml +++ b/csharp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.4 +lastReleaseVersion: 0.7.0 diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index 12aaa927bbe4..46c970876575 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 0.7.0-dev +version: 0.7.0 groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/CHANGELOG.md b/csharp/ql/src/CHANGELOG.md index ba01a4cd7d59..302ba09808fe 100644 --- a/csharp/ql/src/CHANGELOG.md +++ b/csharp/ql/src/CHANGELOG.md @@ -1,3 +1,13 @@ +## 0.7.0 + +### New Queries + +* Added a new query, `cs/web/missing-function-level-access-control`, to find instances of missing authorization checks. + +### Bug Fixes + +* The query "Arbitrary file write during zip extraction ("Zip Slip")" (`cs/zipslip`) has been renamed to "Arbitrary file access during archive extraction ("Zip Slip")." + ## 0.6.4 No user-facing changes. diff --git a/csharp/ql/src/change-notes/2023-06-14-missing-access-control.md b/csharp/ql/src/change-notes/2023-06-14-missing-access-control.md deleted file mode 100644 index 6cbb12fceea3..000000000000 --- a/csharp/ql/src/change-notes/2023-06-14-missing-access-control.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: newQuery ---- -* Added a new query, `cs/web/missing-function-level-access-control`, to find instances of missing authorization checks. \ No newline at end of file diff --git a/csharp/ql/src/change-notes/2023-06-16-zipslip-rename.md b/csharp/ql/src/change-notes/released/0.7.0.md similarity index 50% rename from csharp/ql/src/change-notes/2023-06-16-zipslip-rename.md rename to csharp/ql/src/change-notes/released/0.7.0.md index 3c13e6da67ae..552b6f631d7b 100644 --- a/csharp/ql/src/change-notes/2023-06-16-zipslip-rename.md +++ b/csharp/ql/src/change-notes/released/0.7.0.md @@ -1,4 +1,9 @@ ---- -category: fix ---- +## 0.7.0 + +### New Queries + +* Added a new query, `cs/web/missing-function-level-access-control`, to find instances of missing authorization checks. + +### Bug Fixes + * The query "Arbitrary file write during zip extraction ("Zip Slip")" (`cs/zipslip`) has been renamed to "Arbitrary file access during archive extraction ("Zip Slip")." diff --git a/csharp/ql/src/codeql-pack.release.yml b/csharp/ql/src/codeql-pack.release.yml index ced8cf94614b..c761f3e7ab44 100644 --- a/csharp/ql/src/codeql-pack.release.yml +++ b/csharp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.4 +lastReleaseVersion: 0.7.0 diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index 7862ba8543ef..3a159ef75868 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 0.7.0-dev +version: 0.7.0 groups: - csharp - queries diff --git a/go/ql/lib/CHANGELOG.md b/go/ql/lib/CHANGELOG.md index 0e1ac53f289e..6a9a07074b8a 100644 --- a/go/ql/lib/CHANGELOG.md +++ b/go/ql/lib/CHANGELOG.md @@ -1,3 +1,13 @@ +## 0.6.0 + +### Deprecated APIs + +* The `LogInjection::Configuration` taint flow configuration class has been deprecated. Use the `LogInjection::Flow` module instead. + +### Minor Analysis Improvements + +* When a result of path query flows through a function modeled using `DataFlow::FunctionModel` or `TaintTracking::FunctionModel`, the path now includes nodes corresponding to the input and output to the function. This brings it in line with functions modeled using Models-as-Data. + ## 0.5.4 No user-facing changes. diff --git a/go/ql/lib/change-notes/2023-06-14-log-injection-deprecation.md b/go/ql/lib/change-notes/2023-06-14-log-injection-deprecation.md deleted file mode 100644 index 88ec05c17cef..000000000000 --- a/go/ql/lib/change-notes/2023-06-14-log-injection-deprecation.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: deprecated ---- -* The `LogInjection::Configuration` taint flow configuration class has been deprecated. Use the `LogInjection::Flow` module instead. \ No newline at end of file diff --git a/go/ql/lib/change-notes/2023-06-20-function-model-path-nodes.md b/go/ql/lib/change-notes/released/0.6.0.md similarity index 58% rename from go/ql/lib/change-notes/2023-06-20-function-model-path-nodes.md rename to go/ql/lib/change-notes/released/0.6.0.md index 5c6164813267..23b2a7f68477 100644 --- a/go/ql/lib/change-notes/2023-06-20-function-model-path-nodes.md +++ b/go/ql/lib/change-notes/released/0.6.0.md @@ -1,4 +1,9 @@ ---- -category: minorAnalysis ---- +## 0.6.0 + +### Deprecated APIs + +* The `LogInjection::Configuration` taint flow configuration class has been deprecated. Use the `LogInjection::Flow` module instead. + +### Minor Analysis Improvements + * When a result of path query flows through a function modeled using `DataFlow::FunctionModel` or `TaintTracking::FunctionModel`, the path now includes nodes corresponding to the input and output to the function. This brings it in line with functions modeled using Models-as-Data. diff --git a/go/ql/lib/codeql-pack.release.yml b/go/ql/lib/codeql-pack.release.yml index cd3f72e25138..a3f820f884d3 100644 --- a/go/ql/lib/codeql-pack.release.yml +++ b/go/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.5.4 +lastReleaseVersion: 0.6.0 diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index f46b9b6fca60..a93ef4564f11 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 0.6.0-dev +version: 0.6.0 groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/src/CHANGELOG.md b/go/ql/src/CHANGELOG.md index 5acce410dbd9..2b87cb252c4f 100644 --- a/go/ql/src/CHANGELOG.md +++ b/go/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.6.0 + +### Bug Fixes + +* The query "Arbitrary file write during zip extraction ("zip slip")" (`go/zipslip`) has been renamed to "Arbitrary file access during archive extraction ("Zip Slip")." + ## 0.5.4 No user-facing changes. diff --git a/go/ql/src/change-notes/2023-06-16-zipslip-rename.md b/go/ql/src/change-notes/released/0.6.0.md similarity index 87% rename from go/ql/src/change-notes/2023-06-16-zipslip-rename.md rename to go/ql/src/change-notes/released/0.6.0.md index 72913f37c06d..a994c79cdf0f 100644 --- a/go/ql/src/change-notes/2023-06-16-zipslip-rename.md +++ b/go/ql/src/change-notes/released/0.6.0.md @@ -1,4 +1,5 @@ ---- -category: fix ---- +## 0.6.0 + +### Bug Fixes + * The query "Arbitrary file write during zip extraction ("zip slip")" (`go/zipslip`) has been renamed to "Arbitrary file access during archive extraction ("Zip Slip")." diff --git a/go/ql/src/codeql-pack.release.yml b/go/ql/src/codeql-pack.release.yml index cd3f72e25138..a3f820f884d3 100644 --- a/go/ql/src/codeql-pack.release.yml +++ b/go/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.5.4 +lastReleaseVersion: 0.6.0 diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index fe646c3ed324..f9bbdca3b736 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 0.6.0-dev +version: 0.6.0 groups: - go - queries diff --git a/java/ql/lib/CHANGELOG.md b/java/ql/lib/CHANGELOG.md index 8c5b6fdcd9e8..77961e193da0 100644 --- a/java/ql/lib/CHANGELOG.md +++ b/java/ql/lib/CHANGELOG.md @@ -1,3 +1,25 @@ +## 0.7.0 + +### Deprecated APIs + +* The `ExecCallable` class in `ExternalProcess.qll` has been deprecated. + +### Major Analysis Improvements + +* The data flow library now performs type strengthening. This increases precision for all data flow queries by excluding paths that can be inferred to be impossible due to incompatible types. + +### Minor Analysis Improvements + +* Added automatically-generated dataflow models for `javax.portlet`. +* Added a missing summary model for the method `java.net.URL.toString`. +* Added automatically-generated dataflow models for the following frameworks and libraries: + * `hudson` + * `jenkins` + * `net.sf.json` + * `stapler` +* Added more models for the Hudson framework. +* Added more models for the Stapler framework. + ## 0.6.4 No user-facing changes. diff --git a/java/ql/lib/change-notes/2023-04-19-deprecated-execcallable.md b/java/ql/lib/change-notes/2023-04-19-deprecated-execcallable.md deleted file mode 100644 index fc21d1825bf6..000000000000 --- a/java/ql/lib/change-notes/2023-04-19-deprecated-execcallable.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: deprecated ---- -* The `ExecCallable` class in `ExternalProcess.qll` has been deprecated. diff --git a/java/ql/lib/change-notes/2023-05-22-hudson-models.md b/java/ql/lib/change-notes/2023-05-22-hudson-models.md deleted file mode 100644 index 55e2acae00ee..000000000000 --- a/java/ql/lib/change-notes/2023-05-22-hudson-models.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added more models for the Hudson framework. \ No newline at end of file diff --git a/java/ql/lib/change-notes/2023-05-22-stapler-models.md b/java/ql/lib/change-notes/2023-05-22-stapler-models.md deleted file mode 100644 index 37c7250b9539..000000000000 --- a/java/ql/lib/change-notes/2023-05-22-stapler-models.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added more models for the Stapler framework. diff --git a/java/ql/lib/change-notes/2023-06-08-type-strengthening.md b/java/ql/lib/change-notes/2023-06-08-type-strengthening.md deleted file mode 100644 index 60daaa530589..000000000000 --- a/java/ql/lib/change-notes/2023-06-08-type-strengthening.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: majorAnalysis ---- -* The data flow library now performs type strengthening. This increases precision for all data flow queries by excluding paths that can be inferred to be impossible due to incompatible types. diff --git a/java/ql/lib/change-notes/2023-06-14-jenkins-autogenerated-models.md b/java/ql/lib/change-notes/2023-06-14-jenkins-autogenerated-models.md deleted file mode 100644 index da2f90c23266..000000000000 --- a/java/ql/lib/change-notes/2023-06-14-jenkins-autogenerated-models.md +++ /dev/null @@ -1,8 +0,0 @@ ---- -category: minorAnalysis ---- -* Added automatically-generated dataflow models for the following frameworks and libraries: - * `hudson` - * `jenkins` - * `net.sf.json` - * `stapler` diff --git a/java/ql/lib/change-notes/2023-06-22-url-tostring-model.md b/java/ql/lib/change-notes/2023-06-22-url-tostring-model.md deleted file mode 100644 index fc5a58ce4e64..000000000000 --- a/java/ql/lib/change-notes/2023-06-22-url-tostring-model.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added a missing summary model for the method `java.net.URL.toString`. diff --git a/java/ql/lib/change-notes/2023-06-28-javax-portlet-autogenerated-models.md b/java/ql/lib/change-notes/2023-06-28-javax-portlet-autogenerated-models.md deleted file mode 100644 index 7e6e88f7595e..000000000000 --- a/java/ql/lib/change-notes/2023-06-28-javax-portlet-autogenerated-models.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added automatically-generated dataflow models for `javax.portlet`. diff --git a/java/ql/lib/change-notes/released/0.7.0.md b/java/ql/lib/change-notes/released/0.7.0.md new file mode 100644 index 000000000000..d355c5e5a183 --- /dev/null +++ b/java/ql/lib/change-notes/released/0.7.0.md @@ -0,0 +1,21 @@ +## 0.7.0 + +### Deprecated APIs + +* The `ExecCallable` class in `ExternalProcess.qll` has been deprecated. + +### Major Analysis Improvements + +* The data flow library now performs type strengthening. This increases precision for all data flow queries by excluding paths that can be inferred to be impossible due to incompatible types. + +### Minor Analysis Improvements + +* Added automatically-generated dataflow models for `javax.portlet`. +* Added a missing summary model for the method `java.net.URL.toString`. +* Added automatically-generated dataflow models for the following frameworks and libraries: + * `hudson` + * `jenkins` + * `net.sf.json` + * `stapler` +* Added more models for the Hudson framework. +* Added more models for the Stapler framework. diff --git a/java/ql/lib/codeql-pack.release.yml b/java/ql/lib/codeql-pack.release.yml index ced8cf94614b..c761f3e7ab44 100644 --- a/java/ql/lib/codeql-pack.release.yml +++ b/java/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.4 +lastReleaseVersion: 0.7.0 diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index a9b4a8cc3ebd..6a87f2452834 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 0.7.0-dev +version: 0.7.0 groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/CHANGELOG.md b/java/ql/src/CHANGELOG.md index 9107f8c044f9..63dffc3382f3 100644 --- a/java/ql/src/CHANGELOG.md +++ b/java/ql/src/CHANGELOG.md @@ -1,3 +1,14 @@ +## 0.7.0 + +### Minor Analysis Improvements + +* New models have been added for `org.apache.commons.lang`. +* The query `java/unsafe-deserialization` has been updated to take into account `SerialKiller`, a library used to prevent deserialization of arbitrary classes. + +### Bug Fixes + +* The query "Arbitrary file write during archive extraction ("Zip Slip")" (`java/zipslip`) has been renamed to "Arbitrary file access during archive extraction ("Zip Slip")." + ## 0.6.4 No user-facing changes. diff --git a/java/ql/src/change-notes/2023-06-02-unsafe-deserialization-serialkiller.md b/java/ql/src/change-notes/2023-06-02-unsafe-deserialization-serialkiller.md deleted file mode 100644 index 588e83d4795e..000000000000 --- a/java/ql/src/change-notes/2023-06-02-unsafe-deserialization-serialkiller.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The query `java/unsafe-deserialization` has been updated to take into account `SerialKiller`, a library used to prevent deserialization of arbitrary classes. \ No newline at end of file diff --git a/java/ql/src/change-notes/2023-06-16-zipslip-rename.md b/java/ql/src/change-notes/2023-06-16-zipslip-rename.md deleted file mode 100644 index fa1343317ba6..000000000000 --- a/java/ql/src/change-notes/2023-06-16-zipslip-rename.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: fix ---- -* The query "Arbitrary file write during archive extraction ("Zip Slip")" (`java/zipslip`) has been renamed to "Arbitrary file access during archive extraction ("Zip Slip")." diff --git a/java/ql/src/change-notes/2023-06-23-apache-commons-lang.md b/java/ql/src/change-notes/2023-06-23-apache-commons-lang.md deleted file mode 100644 index dc33878d2e5c..000000000000 --- a/java/ql/src/change-notes/2023-06-23-apache-commons-lang.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* New models have been added for `org.apache.commons.lang`. diff --git a/java/ql/src/change-notes/released/0.7.0.md b/java/ql/src/change-notes/released/0.7.0.md new file mode 100644 index 000000000000..e12c2ef58fe3 --- /dev/null +++ b/java/ql/src/change-notes/released/0.7.0.md @@ -0,0 +1,10 @@ +## 0.7.0 + +### Minor Analysis Improvements + +* New models have been added for `org.apache.commons.lang`. +* The query `java/unsafe-deserialization` has been updated to take into account `SerialKiller`, a library used to prevent deserialization of arbitrary classes. + +### Bug Fixes + +* The query "Arbitrary file write during archive extraction ("Zip Slip")" (`java/zipslip`) has been renamed to "Arbitrary file access during archive extraction ("Zip Slip")." diff --git a/java/ql/src/codeql-pack.release.yml b/java/ql/src/codeql-pack.release.yml index ced8cf94614b..c761f3e7ab44 100644 --- a/java/ql/src/codeql-pack.release.yml +++ b/java/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.4 +lastReleaseVersion: 0.7.0 diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index ca772c85d5ce..ccf777a554a6 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 0.7.0-dev +version: 0.7.0 groups: - java - queries diff --git a/javascript/ql/lib/CHANGELOG.md b/javascript/ql/lib/CHANGELOG.md index 97c9fe20787b..14cbfac41414 100644 --- a/javascript/ql/lib/CHANGELOG.md +++ b/javascript/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.7.0 + +### Minor Analysis Improvements + +* Added models for the Webix Framework. + ## 0.6.4 No user-facing changes. diff --git a/javascript/ql/lib/change-notes/2023-06-22-webix.md b/javascript/ql/lib/change-notes/2023-06-22-webix.md deleted file mode 100644 index 9daa1b1a5dcc..000000000000 --- a/javascript/ql/lib/change-notes/2023-06-22-webix.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added models for the Webix Framework. \ No newline at end of file diff --git a/javascript/ql/lib/change-notes/released/0.7.0.md b/javascript/ql/lib/change-notes/released/0.7.0.md new file mode 100644 index 000000000000..3c2c9c44d8e0 --- /dev/null +++ b/javascript/ql/lib/change-notes/released/0.7.0.md @@ -0,0 +1,5 @@ +## 0.7.0 + +### Minor Analysis Improvements + +* Added models for the Webix Framework. diff --git a/javascript/ql/lib/codeql-pack.release.yml b/javascript/ql/lib/codeql-pack.release.yml index ced8cf94614b..c761f3e7ab44 100644 --- a/javascript/ql/lib/codeql-pack.release.yml +++ b/javascript/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.4 +lastReleaseVersion: 0.7.0 diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index 699cc7645c26..20867487b74d 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 0.7.0-dev +version: 0.7.0 groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/CHANGELOG.md b/javascript/ql/src/CHANGELOG.md index 475c9ed092ca..1adbe57d5f58 100644 --- a/javascript/ql/src/CHANGELOG.md +++ b/javascript/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.7.0 + +### Bug Fixes + +* The query "Arbitrary file write during zip extraction ("Zip Slip")" (`js/zipslip`) has been renamed to "Arbitrary file access during archive extraction ("Zip Slip")." + ## 0.6.4 No user-facing changes. diff --git a/javascript/ql/src/change-notes/2023-06-16-zipslip-rename.md b/javascript/ql/src/change-notes/released/0.7.0.md similarity index 87% rename from javascript/ql/src/change-notes/2023-06-16-zipslip-rename.md rename to javascript/ql/src/change-notes/released/0.7.0.md index 3a0654e642ed..96e0a1f98948 100644 --- a/javascript/ql/src/change-notes/2023-06-16-zipslip-rename.md +++ b/javascript/ql/src/change-notes/released/0.7.0.md @@ -1,4 +1,5 @@ ---- -category: fix ---- +## 0.7.0 + +### Bug Fixes + * The query "Arbitrary file write during zip extraction ("Zip Slip")" (`js/zipslip`) has been renamed to "Arbitrary file access during archive extraction ("Zip Slip")." diff --git a/javascript/ql/src/codeql-pack.release.yml b/javascript/ql/src/codeql-pack.release.yml index ced8cf94614b..c761f3e7ab44 100644 --- a/javascript/ql/src/codeql-pack.release.yml +++ b/javascript/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.4 +lastReleaseVersion: 0.7.0 diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index ea0087ba3bc6..bf8d5393824f 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 0.7.0-dev +version: 0.7.0 groups: - javascript - queries diff --git a/misc/suite-helpers/CHANGELOG.md b/misc/suite-helpers/CHANGELOG.md index 78cd5a4e222e..f3a5d5d8a894 100644 --- a/misc/suite-helpers/CHANGELOG.md +++ b/misc/suite-helpers/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.6.0 + +No user-facing changes. + ## 0.5.4 No user-facing changes. diff --git a/misc/suite-helpers/change-notes/released/0.6.0.md b/misc/suite-helpers/change-notes/released/0.6.0.md new file mode 100644 index 000000000000..4383f5ec1ea5 --- /dev/null +++ b/misc/suite-helpers/change-notes/released/0.6.0.md @@ -0,0 +1,3 @@ +## 0.6.0 + +No user-facing changes. diff --git a/misc/suite-helpers/codeql-pack.release.yml b/misc/suite-helpers/codeql-pack.release.yml index cd3f72e25138..a3f820f884d3 100644 --- a/misc/suite-helpers/codeql-pack.release.yml +++ b/misc/suite-helpers/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.5.4 +lastReleaseVersion: 0.6.0 diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml index 41155a5149ee..401b2ae7ef1a 100644 --- a/misc/suite-helpers/qlpack.yml +++ b/misc/suite-helpers/qlpack.yml @@ -1,4 +1,4 @@ name: codeql/suite-helpers -version: 0.6.0-dev +version: 0.6.0 groups: shared warnOnImplicitThis: true diff --git a/python/ql/lib/CHANGELOG.md b/python/ql/lib/CHANGELOG.md index 4a27642ba5be..b94cc6f91629 100644 --- a/python/ql/lib/CHANGELOG.md +++ b/python/ql/lib/CHANGELOG.md @@ -1,3 +1,22 @@ +## 0.10.0 + +### New Features + +* It is now possible to specify flow summaries in the format "MyPkg;Member[list_map];Argument[1].ListElement;Argument[0].Parameter[0];value" + +### Minor Analysis Improvements + +* Deleted many models that used the old dataflow library, the new models can be found in the `python/ql/lib/semmle/python/frameworks` folder. +* More precise modeling of several container functions (such as `sorted`, `reversed`) and methods (such as `set.add`, `list.append`). +* Added modeling of taint flow through the template argument of `flask.render_template_string` and `flask.stream_template_string`. +* Deleted many deprecated predicates and classes with uppercase `API`, `HTTP`, `XSS`, `SQL`, etc. in their names. Use the PascalCased versions instead. +* Deleted the deprecated `getName()` predicate from the `Container` class, use `getAbsolutePath()` instead. +* Deleted many deprecated module names that started with a lowercase letter, use the versions that start with an uppercase letter instead. +* Deleted many deprecated predicates in `PointsTo.qll`. +* Deleted many deprecated files from the `semmle.python.security` package. +* Deleted the deprecated `BottleRoutePointToExtension` class from `Extensions.qll`. +* Type tracking is now aware of flow summaries. This leads to a richer API graph, and may lead to more results in some queries. + ## 0.9.4 No user-facing changes. diff --git a/python/ql/lib/change-notes/2023-05-30-typetracking-via-flow-summaries.md b/python/ql/lib/change-notes/2023-05-30-typetracking-via-flow-summaries.md deleted file mode 100644 index 11c016299873..000000000000 --- a/python/ql/lib/change-notes/2023-05-30-typetracking-via-flow-summaries.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Type tracking is now aware of flow summaries. This leads to a richer API graph, and may lead to more results in some queries. diff --git a/python/ql/lib/change-notes/2023-06-09-delete-deps.md b/python/ql/lib/change-notes/2023-06-09-delete-deps.md deleted file mode 100644 index 75753ea93b77..000000000000 --- a/python/ql/lib/change-notes/2023-06-09-delete-deps.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -category: minorAnalysis ---- -* Deleted many deprecated predicates and classes with uppercase `API`, `HTTP`, `XSS`, `SQL`, etc. in their names. Use the PascalCased versions instead. -* Deleted the deprecated `getName()` predicate from the `Container` class, use `getAbsolutePath()` instead. -* Deleted many deprecated module names that started with a lowercase letter, use the versions that start with an uppercase letter instead. -* Deleted many deprecated predicates in `PointsTo.qll`. -* Deleted many deprecated files from the `semmle.python.security` package. -* Deleted the deprecated `BottleRoutePointToExtension` class from `Extensions.qll`. \ No newline at end of file diff --git a/python/ql/lib/change-notes/2023-06-12-flask-render-template-string.md b/python/ql/lib/change-notes/2023-06-12-flask-render-template-string.md deleted file mode 100644 index d9f1a2e5d5ce..000000000000 --- a/python/ql/lib/change-notes/2023-06-12-flask-render-template-string.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added modeling of taint flow through the template argument of `flask.render_template_string` and `flask.stream_template_string`. diff --git a/python/ql/lib/change-notes/2023-06-13-container-store-steps.md b/python/ql/lib/change-notes/2023-06-13-container-store-steps.md deleted file mode 100644 index 3e12554a92bc..000000000000 --- a/python/ql/lib/change-notes/2023-06-13-container-store-steps.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* More precise modelling of several container functions (such as `sorted`, `reversed`) and methods (such as `set.add`, `list.append`). diff --git a/python/ql/lib/change-notes/2023-06-14-delete-deps.md b/python/ql/lib/change-notes/2023-06-14-delete-deps.md deleted file mode 100644 index 16946163f5e0..000000000000 --- a/python/ql/lib/change-notes/2023-06-14-delete-deps.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Deleted many models that used the old dataflow library, the new models can be found in the `python/ql/lib/semmle/python/frameworks` folder. \ No newline at end of file diff --git a/python/ql/lib/change-notes/2023-06-20-summaries-from-models.md b/python/ql/lib/change-notes/2023-06-20-summaries-from-models.md deleted file mode 100644 index feded1bb6c5f..000000000000 --- a/python/ql/lib/change-notes/2023-06-20-summaries-from-models.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* It is now possible to specify flow summaries in the format "MyPkg;Member[list_map];Argument[1].ListElement;Argument[0].Parameter[0];value" diff --git a/python/ql/lib/change-notes/released/0.10.0.md b/python/ql/lib/change-notes/released/0.10.0.md new file mode 100644 index 000000000000..bd0224251fdb --- /dev/null +++ b/python/ql/lib/change-notes/released/0.10.0.md @@ -0,0 +1,18 @@ +## 0.10.0 + +### New Features + +* It is now possible to specify flow summaries in the format "MyPkg;Member[list_map];Argument[1].ListElement;Argument[0].Parameter[0];value" + +### Minor Analysis Improvements + +* Deleted many models that used the old dataflow library, the new models can be found in the `python/ql/lib/semmle/python/frameworks` folder. +* More precise modeling of several container functions (such as `sorted`, `reversed`) and methods (such as `set.add`, `list.append`). +* Added modeling of taint flow through the template argument of `flask.render_template_string` and `flask.stream_template_string`. +* Deleted many deprecated predicates and classes with uppercase `API`, `HTTP`, `XSS`, `SQL`, etc. in their names. Use the PascalCased versions instead. +* Deleted the deprecated `getName()` predicate from the `Container` class, use `getAbsolutePath()` instead. +* Deleted many deprecated module names that started with a lowercase letter, use the versions that start with an uppercase letter instead. +* Deleted many deprecated predicates in `PointsTo.qll`. +* Deleted many deprecated files from the `semmle.python.security` package. +* Deleted the deprecated `BottleRoutePointToExtension` class from `Extensions.qll`. +* Type tracking is now aware of flow summaries. This leads to a richer API graph, and may lead to more results in some queries. diff --git a/python/ql/lib/codeql-pack.release.yml b/python/ql/lib/codeql-pack.release.yml index 694907ca221a..b21db6232459 100644 --- a/python/ql/lib/codeql-pack.release.yml +++ b/python/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.9.4 +lastReleaseVersion: 0.10.0 diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index 1a0f3932f484..eb1e0ea92319 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 0.10.0-dev +version: 0.10.0 groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/CHANGELOG.md b/python/ql/src/CHANGELOG.md index f61314098755..d97cca6084cb 100644 --- a/python/ql/src/CHANGELOG.md +++ b/python/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.8.0 + +### Bug Fixes + +* The query "Arbitrary file write during archive extraction ("Zip Slip")" (`py/zipslip`) has been renamed to "Arbitrary file access during archive extraction ("Zip Slip")." + ## 0.7.4 No user-facing changes. diff --git a/python/ql/src/change-notes/2023-06-16-zipslip-rename.md b/python/ql/src/change-notes/released/0.8.0.md similarity index 87% rename from python/ql/src/change-notes/2023-06-16-zipslip-rename.md rename to python/ql/src/change-notes/released/0.8.0.md index 4d4d4db15c33..6e2a75767e03 100644 --- a/python/ql/src/change-notes/2023-06-16-zipslip-rename.md +++ b/python/ql/src/change-notes/released/0.8.0.md @@ -1,4 +1,5 @@ ---- -category: fix ---- +## 0.8.0 + +### Bug Fixes + * The query "Arbitrary file write during archive extraction ("Zip Slip")" (`py/zipslip`) has been renamed to "Arbitrary file access during archive extraction ("Zip Slip")." diff --git a/python/ql/src/codeql-pack.release.yml b/python/ql/src/codeql-pack.release.yml index e388f34b4ecc..37eab3197dcb 100644 --- a/python/ql/src/codeql-pack.release.yml +++ b/python/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.4 +lastReleaseVersion: 0.8.0 diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index 6d7301eb9c6f..77308df34bab 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 0.8.0-dev +version: 0.8.0 groups: - python - queries diff --git a/ruby/ql/lib/CHANGELOG.md b/ruby/ql/lib/CHANGELOG.md index 1bfe6b913c70..a06ccb6f8ada 100644 --- a/ruby/ql/lib/CHANGELOG.md +++ b/ruby/ql/lib/CHANGELOG.md @@ -1,3 +1,16 @@ +## 0.7.0 + +### Deprecated APIs + +* The `Configuration` taint flow configuration class from `codeql.ruby.security.InsecureDownloadQuery` has been deprecated. Use the `Flow` module instead. + +### Minor Analysis Improvements + +* More kinds of rack applications are now recognized. +* Rack::Response instances are now recognized as potential responses from rack applications. +* HTTP redirect responses from Rack applications are now recognized as a potential sink for open redirect alerts. +* Additional sinks for `rb/unsafe-deserialization` have been added. This includes various methods from the `yaml` and `plist` gems, which deserialize YAML and Property List data, respectively. + ## 0.6.4 No user-facing changes. diff --git a/ruby/ql/lib/change-notes/2023-05-27-unsafe-deserialization.md b/ruby/ql/lib/change-notes/2023-05-27-unsafe-deserialization.md deleted file mode 100644 index 4039e7c90dc1..000000000000 --- a/ruby/ql/lib/change-notes/2023-05-27-unsafe-deserialization.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Additional sinks for `rb/unsafe-deserialization` have been added. This includes various methods from the `yaml` and `plist` gems, which deserialize YAML and Property List data, respectively. diff --git a/ruby/ql/lib/change-notes/2023-06-08-rack-redirect.md b/ruby/ql/lib/change-notes/2023-06-08-rack-redirect.md deleted file mode 100644 index 09687fa95be2..000000000000 --- a/ruby/ql/lib/change-notes/2023-06-08-rack-redirect.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* HTTP redirect responses from Rack applications are now recognized as a potential sink for open redirect alerts. diff --git a/ruby/ql/lib/change-notes/2023-06-14-insecure-download-config.md b/ruby/ql/lib/change-notes/2023-06-14-insecure-download-config.md deleted file mode 100644 index 6bf019cd0510..000000000000 --- a/ruby/ql/lib/change-notes/2023-06-14-insecure-download-config.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: deprecated ---- -* The `Configuration` taint flow configuration class from `codeql.ruby.security.InsecureDownloadQuery` has been deprecated. Use the `Flow` module instead. diff --git a/ruby/ql/lib/change-notes/2023-06-23-rack-response.md b/ruby/ql/lib/change-notes/2023-06-23-rack-response.md deleted file mode 100644 index d4bc2ca74194..000000000000 --- a/ruby/ql/lib/change-notes/2023-06-23-rack-response.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- -* More kinds of rack applications are now recognized. -* Rack::Response instances are now recognized as potential responses from rack applications. diff --git a/ruby/ql/lib/change-notes/released/0.7.0.md b/ruby/ql/lib/change-notes/released/0.7.0.md new file mode 100644 index 000000000000..4051d8a0c270 --- /dev/null +++ b/ruby/ql/lib/change-notes/released/0.7.0.md @@ -0,0 +1,12 @@ +## 0.7.0 + +### Deprecated APIs + +* The `Configuration` taint flow configuration class from `codeql.ruby.security.InsecureDownloadQuery` has been deprecated. Use the `Flow` module instead. + +### Minor Analysis Improvements + +* More kinds of rack applications are now recognized. +* Rack::Response instances are now recognized as potential responses from rack applications. +* HTTP redirect responses from Rack applications are now recognized as a potential sink for open redirect alerts. +* Additional sinks for `rb/unsafe-deserialization` have been added. This includes various methods from the `yaml` and `plist` gems, which deserialize YAML and Property List data, respectively. diff --git a/ruby/ql/lib/codeql-pack.release.yml b/ruby/ql/lib/codeql-pack.release.yml index ced8cf94614b..c761f3e7ab44 100644 --- a/ruby/ql/lib/codeql-pack.release.yml +++ b/ruby/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.4 +lastReleaseVersion: 0.7.0 diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index 3dd5dfe5e421..1cbf86803146 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 0.7.0-dev +version: 0.7.0 groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/CHANGELOG.md b/ruby/ql/src/CHANGELOG.md index db531529e742..cbf9e0d037d4 100644 --- a/ruby/ql/src/CHANGELOG.md +++ b/ruby/ql/src/CHANGELOG.md @@ -1,3 +1,15 @@ +## 0.7.0 + +### Minor Analysis Improvements + +* Fixed a bug in how `map_filter` calls are analyzed. Previously, such calls would + appear to the return the receiver of the call, but now the return value of the callback + is properly taken into account. + +### Bug Fixes + +* The experimental query "Arbitrary file write during zipfile/tarfile extraction" (`ruby/zipslip`) has been renamed to "Arbitrary file access during archive extraction ("Zip Slip")." + ## 0.6.4 No user-facing changes. diff --git a/ruby/ql/src/change-notes/2023-06-12-map_filter.md b/ruby/ql/src/change-notes/2023-06-12-map_filter.md deleted file mode 100644 index ac5803a6096f..000000000000 --- a/ruby/ql/src/change-notes/2023-06-12-map_filter.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -category: minorAnalysis ---- -* Fixed a bug in how `map_filter` calls are analyzed. Previously, such calls would - appear to the return the receiver of the call, but now the return value of the callback - is properly taken into account. diff --git a/ruby/ql/src/change-notes/2023-06-16-zipslip-rename.md b/ruby/ql/src/change-notes/2023-06-16-zipslip-rename.md deleted file mode 100644 index eeb9c5254bb5..000000000000 --- a/ruby/ql/src/change-notes/2023-06-16-zipslip-rename.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: fix ---- -* The experimental query "Arbitrary file write during zipfile/tarfile extraction" (`ruby/zipslip`) has been renamed to "Arbitrary file access during archive extraction ("Zip Slip")." diff --git a/ruby/ql/src/change-notes/released/0.7.0.md b/ruby/ql/src/change-notes/released/0.7.0.md new file mode 100644 index 000000000000..689aca7fb310 --- /dev/null +++ b/ruby/ql/src/change-notes/released/0.7.0.md @@ -0,0 +1,11 @@ +## 0.7.0 + +### Minor Analysis Improvements + +* Fixed a bug in how `map_filter` calls are analyzed. Previously, such calls would + appear to the return the receiver of the call, but now the return value of the callback + is properly taken into account. + +### Bug Fixes + +* The experimental query "Arbitrary file write during zipfile/tarfile extraction" (`ruby/zipslip`) has been renamed to "Arbitrary file access during archive extraction ("Zip Slip")." diff --git a/ruby/ql/src/codeql-pack.release.yml b/ruby/ql/src/codeql-pack.release.yml index ced8cf94614b..c761f3e7ab44 100644 --- a/ruby/ql/src/codeql-pack.release.yml +++ b/ruby/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.4 +lastReleaseVersion: 0.7.0 diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index d04333b01ab4..fd905f3ad516 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 0.7.0-dev +version: 0.7.0 groups: - ruby - queries diff --git a/shared/mad/CHANGELOG.md b/shared/mad/CHANGELOG.md new file mode 100644 index 000000000000..7b4d4fc699c0 --- /dev/null +++ b/shared/mad/CHANGELOG.md @@ -0,0 +1,3 @@ +## 0.1.0 + +No user-facing changes. diff --git a/shared/mad/change-notes/released/0.1.0.md b/shared/mad/change-notes/released/0.1.0.md new file mode 100644 index 000000000000..7b4d4fc699c0 --- /dev/null +++ b/shared/mad/change-notes/released/0.1.0.md @@ -0,0 +1,3 @@ +## 0.1.0 + +No user-facing changes. diff --git a/shared/mad/codeql-pack.release.yml b/shared/mad/codeql-pack.release.yml new file mode 100644 index 000000000000..2e08f40f6aa3 --- /dev/null +++ b/shared/mad/codeql-pack.release.yml @@ -0,0 +1,2 @@ +--- +lastReleaseVersion: 0.1.0 diff --git a/shared/mad/qlpack.yml b/shared/mad/qlpack.yml index cbf763127acb..19ec5fe1ad9b 100644 --- a/shared/mad/qlpack.yml +++ b/shared/mad/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/mad -version: 0.1.0-dev +version: 0.1.0 groups: shared library: true dependencies: diff --git a/shared/regex/CHANGELOG.md b/shared/regex/CHANGELOG.md index 2f5ce2ea5db9..0db043e73e09 100644 --- a/shared/regex/CHANGELOG.md +++ b/shared/regex/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.0 + +No user-facing changes. + ## 0.0.15 No user-facing changes. diff --git a/shared/regex/change-notes/released/0.1.0.md b/shared/regex/change-notes/released/0.1.0.md new file mode 100644 index 000000000000..7b4d4fc699c0 --- /dev/null +++ b/shared/regex/change-notes/released/0.1.0.md @@ -0,0 +1,3 @@ +## 0.1.0 + +No user-facing changes. diff --git a/shared/regex/codeql-pack.release.yml b/shared/regex/codeql-pack.release.yml index dff35216fc69..2e08f40f6aa3 100644 --- a/shared/regex/codeql-pack.release.yml +++ b/shared/regex/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.15 +lastReleaseVersion: 0.1.0 diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml index 091e5dc6d44b..828e0f8fb854 100644 --- a/shared/regex/qlpack.yml +++ b/shared/regex/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/regex -version: 0.1.0-dev +version: 0.1.0 groups: shared library: true dependencies: diff --git a/shared/ssa/CHANGELOG.md b/shared/ssa/CHANGELOG.md index b5e659d15c34..db77b7b0fdbe 100644 --- a/shared/ssa/CHANGELOG.md +++ b/shared/ssa/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.0 + +No user-facing changes. + ## 0.0.19 No user-facing changes. diff --git a/shared/ssa/change-notes/released/0.1.0.md b/shared/ssa/change-notes/released/0.1.0.md new file mode 100644 index 000000000000..7b4d4fc699c0 --- /dev/null +++ b/shared/ssa/change-notes/released/0.1.0.md @@ -0,0 +1,3 @@ +## 0.1.0 + +No user-facing changes. diff --git a/shared/ssa/codeql-pack.release.yml b/shared/ssa/codeql-pack.release.yml index f406319f372e..2e08f40f6aa3 100644 --- a/shared/ssa/codeql-pack.release.yml +++ b/shared/ssa/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.19 +lastReleaseVersion: 0.1.0 diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml index 207a86d889f9..48c0f4d4717c 100644 --- a/shared/ssa/qlpack.yml +++ b/shared/ssa/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ssa -version: 0.1.0-dev +version: 0.1.0 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/tutorial/CHANGELOG.md b/shared/tutorial/CHANGELOG.md index 546e2c83454e..ca80e2080967 100644 --- a/shared/tutorial/CHANGELOG.md +++ b/shared/tutorial/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.0 + +No user-facing changes. + ## 0.0.12 No user-facing changes. diff --git a/shared/tutorial/change-notes/released/0.1.0.md b/shared/tutorial/change-notes/released/0.1.0.md new file mode 100644 index 000000000000..7b4d4fc699c0 --- /dev/null +++ b/shared/tutorial/change-notes/released/0.1.0.md @@ -0,0 +1,3 @@ +## 0.1.0 + +No user-facing changes. diff --git a/shared/tutorial/codeql-pack.release.yml b/shared/tutorial/codeql-pack.release.yml index 997fb8da83cd..2e08f40f6aa3 100644 --- a/shared/tutorial/codeql-pack.release.yml +++ b/shared/tutorial/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.12 +lastReleaseVersion: 0.1.0 diff --git a/shared/tutorial/qlpack.yml b/shared/tutorial/qlpack.yml index aa73cd991f9a..fb5dbc243bcb 100644 --- a/shared/tutorial/qlpack.yml +++ b/shared/tutorial/qlpack.yml @@ -1,6 +1,6 @@ name: codeql/tutorial description: Library for the CodeQL detective tutorials, helping new users learn to write CodeQL queries. -version: 0.1.0-dev +version: 0.1.0 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/typetracking/CHANGELOG.md b/shared/typetracking/CHANGELOG.md index 155c9f116560..2ac1e6e8688b 100644 --- a/shared/typetracking/CHANGELOG.md +++ b/shared/typetracking/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.0 + +No user-facing changes. + ## 0.0.12 No user-facing changes. diff --git a/shared/typetracking/change-notes/released/0.1.0.md b/shared/typetracking/change-notes/released/0.1.0.md new file mode 100644 index 000000000000..7b4d4fc699c0 --- /dev/null +++ b/shared/typetracking/change-notes/released/0.1.0.md @@ -0,0 +1,3 @@ +## 0.1.0 + +No user-facing changes. diff --git a/shared/typetracking/codeql-pack.release.yml b/shared/typetracking/codeql-pack.release.yml index 997fb8da83cd..2e08f40f6aa3 100644 --- a/shared/typetracking/codeql-pack.release.yml +++ b/shared/typetracking/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.12 +lastReleaseVersion: 0.1.0 diff --git a/shared/typetracking/qlpack.yml b/shared/typetracking/qlpack.yml index 0bd557e2627a..754600f5d374 100644 --- a/shared/typetracking/qlpack.yml +++ b/shared/typetracking/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typetracking -version: 0.1.0-dev +version: 0.1.0 groups: shared library: true dependencies: diff --git a/shared/typos/CHANGELOG.md b/shared/typos/CHANGELOG.md index 6a3b31619394..81740128f3e6 100644 --- a/shared/typos/CHANGELOG.md +++ b/shared/typos/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.0 + +No user-facing changes. + ## 0.0.19 No user-facing changes. diff --git a/shared/typos/change-notes/released/0.1.0.md b/shared/typos/change-notes/released/0.1.0.md new file mode 100644 index 000000000000..7b4d4fc699c0 --- /dev/null +++ b/shared/typos/change-notes/released/0.1.0.md @@ -0,0 +1,3 @@ +## 0.1.0 + +No user-facing changes. diff --git a/shared/typos/codeql-pack.release.yml b/shared/typos/codeql-pack.release.yml index f406319f372e..2e08f40f6aa3 100644 --- a/shared/typos/codeql-pack.release.yml +++ b/shared/typos/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.19 +lastReleaseVersion: 0.1.0 diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml index 7e03d9567aa7..1691c1c191ce 100644 --- a/shared/typos/qlpack.yml +++ b/shared/typos/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typos -version: 0.1.0-dev +version: 0.1.0 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/util/CHANGELOG.md b/shared/util/CHANGELOG.md index 4bab5793788c..ede5b6ee8055 100644 --- a/shared/util/CHANGELOG.md +++ b/shared/util/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.0 + +No user-facing changes. + ## 0.0.12 No user-facing changes. diff --git a/shared/util/change-notes/released/0.1.0.md b/shared/util/change-notes/released/0.1.0.md new file mode 100644 index 000000000000..7b4d4fc699c0 --- /dev/null +++ b/shared/util/change-notes/released/0.1.0.md @@ -0,0 +1,3 @@ +## 0.1.0 + +No user-facing changes. diff --git a/shared/util/codeql-pack.release.yml b/shared/util/codeql-pack.release.yml index 997fb8da83cd..2e08f40f6aa3 100644 --- a/shared/util/codeql-pack.release.yml +++ b/shared/util/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.12 +lastReleaseVersion: 0.1.0 diff --git a/shared/util/qlpack.yml b/shared/util/qlpack.yml index 4f42739a73d2..2b44398c0f8b 100644 --- a/shared/util/qlpack.yml +++ b/shared/util/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/util -version: 0.1.0-dev +version: 0.1.0 groups: shared library: true dependencies: diff --git a/shared/yaml/CHANGELOG.md b/shared/yaml/CHANGELOG.md index f2981af2aa0a..4c37b59dbedf 100644 --- a/shared/yaml/CHANGELOG.md +++ b/shared/yaml/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.0 + +No user-facing changes. + ## 0.0.4 No user-facing changes. diff --git a/shared/yaml/change-notes/released/0.1.0.md b/shared/yaml/change-notes/released/0.1.0.md new file mode 100644 index 000000000000..7b4d4fc699c0 --- /dev/null +++ b/shared/yaml/change-notes/released/0.1.0.md @@ -0,0 +1,3 @@ +## 0.1.0 + +No user-facing changes. diff --git a/shared/yaml/codeql-pack.release.yml b/shared/yaml/codeql-pack.release.yml index ec411a674bcd..2e08f40f6aa3 100644 --- a/shared/yaml/codeql-pack.release.yml +++ b/shared/yaml/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.4 +lastReleaseVersion: 0.1.0 diff --git a/shared/yaml/qlpack.yml b/shared/yaml/qlpack.yml index dc1754d146a3..5d21475aaf58 100644 --- a/shared/yaml/qlpack.yml +++ b/shared/yaml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/yaml -version: 0.1.0-dev +version: 0.1.0 groups: shared library: true warnOnImplicitThis: true diff --git a/swift/ql/lib/CHANGELOG.md b/swift/ql/lib/CHANGELOG.md index fbd0cd1a9a1c..e31a562c13c4 100644 --- a/swift/ql/lib/CHANGELOG.md +++ b/swift/ql/lib/CHANGELOG.md @@ -1,3 +1,18 @@ +## 0.2.0 + +### Breaking Changes + +* The `BraceStmt` AST node's `AstNode getElement(index)` member predicate no longer returns `VarDecl`s after the `PatternBindingDecl` that declares them. Instead, a new `VarDecl getVariable(index)` predicate has been introduced for accessing the variables declared in a `BraceStmt`. + +### New Features + +* Added new libraries `Regex.qll` and `RegexTreeView.qll` for reasoning about regular expressions +in Swift code and places where they are evaluated. + +### Minor Analysis Improvements + +* Added a data flow model for `swap(_:_:)`. + ## 0.1.2 No user-facing changes. diff --git a/swift/ql/lib/change-notes/2023-06-06-brace-stmt-variables.md b/swift/ql/lib/change-notes/2023-06-06-brace-stmt-variables.md deleted file mode 100644 index 8dc01f156598..000000000000 --- a/swift/ql/lib/change-notes/2023-06-06-brace-stmt-variables.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: breaking ---- -* The `BraceStmt` AST node's `AstNode getElement(index)` member predicate no longer returns `VarDecl`s after the `PatternBindingDecl` that declares them. Instead, a new `VarDecl getVariable(index)` predicate has been introduced for accessing the variables declared in a `BraceStmt`. This change only affects query writers. diff --git a/swift/ql/lib/change-notes/2023-06-19-regex-library.md b/swift/ql/lib/change-notes/2023-06-19-regex-library.md deleted file mode 100644 index 8f3f11725d9a..000000000000 --- a/swift/ql/lib/change-notes/2023-06-19-regex-library.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -category: feature ---- - -* Added new libraries `Regex.qll` and `RegexTreeView.qll` for reasoning about regular expressions -in Swift code and places where they are evaluated. diff --git a/swift/ql/lib/change-notes/2023-07-04-swap.md b/swift/ql/lib/change-notes/2023-07-04-swap.md deleted file mode 100644 index a06d0cb7ae9f..000000000000 --- a/swift/ql/lib/change-notes/2023-07-04-swap.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- - -* Added a data flow model for `swap(_:_:)`. diff --git a/swift/ql/lib/change-notes/released/0.2.0.md b/swift/ql/lib/change-notes/released/0.2.0.md new file mode 100644 index 000000000000..edfbdce82695 --- /dev/null +++ b/swift/ql/lib/change-notes/released/0.2.0.md @@ -0,0 +1,14 @@ +## 0.2.0 + +### Breaking Changes + +* The `BraceStmt` AST node's `AstNode getElement(index)` member predicate no longer returns `VarDecl`s after the `PatternBindingDecl` that declares them. Instead, a new `VarDecl getVariable(index)` predicate has been introduced for accessing the variables declared in a `BraceStmt`. + +### New Features + +* Added new libraries `Regex.qll` and `RegexTreeView.qll` for reasoning about regular expressions +in Swift code and places where they are evaluated. + +### Minor Analysis Improvements + +* Added a data flow model for `swap(_:_:)`. diff --git a/swift/ql/lib/codeql-pack.release.yml b/swift/ql/lib/codeql-pack.release.yml index 6abd14b1ef83..5274e27ed522 100644 --- a/swift/ql/lib/codeql-pack.release.yml +++ b/swift/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.2 +lastReleaseVersion: 0.2.0 diff --git a/swift/ql/lib/qlpack.yml b/swift/ql/lib/qlpack.yml index 8ace27357a87..6dab746da5b0 100644 --- a/swift/ql/lib/qlpack.yml +++ b/swift/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-all -version: 0.2.0-dev +version: 0.2.0 groups: swift extractor: swift dbscheme: swift.dbscheme diff --git a/swift/ql/src/CHANGELOG.md b/swift/ql/src/CHANGELOG.md index cfa79d360a43..6e2f1c94742e 100644 --- a/swift/ql/src/CHANGELOG.md +++ b/swift/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.2.0 + +### Bug Fixes + +* Functions and methods modeled as flow summaries are no longer shown in the path of `path-problem` queries. This results in more succinct paths for most security queries. + ## 0.1.2 No user-facing changes. diff --git a/swift/ql/src/change-notes/2023-06-22-hide-summarized-nodes.md b/swift/ql/src/change-notes/released/0.2.0.md similarity index 87% rename from swift/ql/src/change-notes/2023-06-22-hide-summarized-nodes.md rename to swift/ql/src/change-notes/released/0.2.0.md index 3c192330ee49..471197cd28c6 100644 --- a/swift/ql/src/change-notes/2023-06-22-hide-summarized-nodes.md +++ b/swift/ql/src/change-notes/released/0.2.0.md @@ -1,4 +1,5 @@ ---- -category: fix ---- +## 0.2.0 + +### Bug Fixes + * Functions and methods modeled as flow summaries are no longer shown in the path of `path-problem` queries. This results in more succinct paths for most security queries. diff --git a/swift/ql/src/codeql-pack.release.yml b/swift/ql/src/codeql-pack.release.yml index 6abd14b1ef83..5274e27ed522 100644 --- a/swift/ql/src/codeql-pack.release.yml +++ b/swift/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.2 +lastReleaseVersion: 0.2.0 diff --git a/swift/ql/src/qlpack.yml b/swift/ql/src/qlpack.yml index a7bf867738f7..80416ee1ddd5 100644 --- a/swift/ql/src/qlpack.yml +++ b/swift/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-queries -version: 0.2.0-dev +version: 0.2.0 groups: - swift - queries