diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md index 98666dfbbdb8..827d7ded490b 100644 --- a/cpp/ql/lib/CHANGELOG.md +++ b/cpp/ql/lib/CHANGELOG.md @@ -1,3 +1,13 @@ +## 0.10.0 + +### Minor Analysis Improvements + +* Functions that do not return due to calling functions that don't return (e.g. `exit`) are now detected as + non-returning in the IR and dataflow. +* Treat functions that reach the end of the function as returning in the IR. + They used to be treated as unreachable but it is allowed in C. +* The `DataFlow::asDefiningArgument` predicate now takes its argument from the range starting at `1` instead of `2`. Queries that depend on the single-parameter version of `DataFlow::asDefiningArgument` should have their arguments updated accordingly. + ## 0.9.3 No user-facing changes. diff --git a/cpp/ql/lib/change-notes/2023-09-06-as-defining-argument-off-by-one-fix.md b/cpp/ql/lib/change-notes/2023-09-06-as-defining-argument-off-by-one-fix.md deleted file mode 100644 index 11c3b7366821..000000000000 --- a/cpp/ql/lib/change-notes/2023-09-06-as-defining-argument-off-by-one-fix.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The `DataFlow::asDefiningArgument` predicate now takes its argument from the range starting at `1` instead of `2`. Queries that depend on the single-parameter version of `DataFlow::asDefiningArgument` should have their arguments updated accordingly. diff --git a/cpp/ql/lib/change-notes/2023-09-07-return-from-end.md b/cpp/ql/lib/change-notes/2023-09-07-return-from-end.md deleted file mode 100644 index 8f1b8e9be888..000000000000 --- a/cpp/ql/lib/change-notes/2023-09-07-return-from-end.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- -* Treat functions that reach the end of the function as returning in the IR. - They used to be treated as unreachable but it is allowed in C. \ No newline at end of file diff --git a/cpp/ql/lib/change-notes/2023-09-08-more-unreachble.md b/cpp/ql/lib/change-notes/2023-09-08-more-unreachble.md deleted file mode 100644 index 6b2fff3d1767..000000000000 --- a/cpp/ql/lib/change-notes/2023-09-08-more-unreachble.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- -* Functions that do not return due to calling functions that don't return (e.g. `exit`) are now detected as - non-returning in the IR and dataflow. \ No newline at end of file diff --git a/cpp/ql/lib/change-notes/released/0.10.0.md b/cpp/ql/lib/change-notes/released/0.10.0.md new file mode 100644 index 000000000000..9c4b95e37e09 --- /dev/null +++ b/cpp/ql/lib/change-notes/released/0.10.0.md @@ -0,0 +1,9 @@ +## 0.10.0 + +### Minor Analysis Improvements + +* Functions that do not return due to calling functions that don't return (e.g. `exit`) are now detected as + non-returning in the IR and dataflow. +* Treat functions that reach the end of the function as returning in the IR. + They used to be treated as unreachable but it is allowed in C. +* The `DataFlow::asDefiningArgument` predicate now takes its argument from the range starting at `1` instead of `2`. Queries that depend on the single-parameter version of `DataFlow::asDefiningArgument` should have their arguments updated accordingly. diff --git a/cpp/ql/lib/codeql-pack.release.yml b/cpp/ql/lib/codeql-pack.release.yml index 7af7247cbb0a..b21db6232459 100644 --- a/cpp/ql/lib/codeql-pack.release.yml +++ b/cpp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.9.3 +lastReleaseVersion: 0.10.0 diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index 0a60a2153e9b..7eabe585fa85 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 0.10.0-dev +version: 0.10.0 groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md index 700c0e331dd0..cf5256e244d0 100644 --- a/cpp/ql/src/CHANGELOG.md +++ b/cpp/ql/src/CHANGELOG.md @@ -1,3 +1,16 @@ +## 0.8.0 + +### Query Metadata Changes + +* The `cpp/double-free` query has been further improved to reduce false positives and its precision has been increased from `medium` to `high`. +* The `cpp/use-after-free` query has been further improved to reduce false positives and its precision has been increased from `medium` to `high`. + +### Minor Analysis Improvements + +* The queries `cpp/double-free` and `cpp/use-after-free` find fewer false positives + in cases where a non-returning function is called. +* The number of duplicated dataflow paths reported by queries has been significantly reduced. + ## 0.7.5 No user-facing changes. diff --git a/cpp/ql/src/change-notes/2023-09-06-deduplicated-results.md b/cpp/ql/src/change-notes/2023-09-06-deduplicated-results.md deleted file mode 100644 index e8a2160f4c25..000000000000 --- a/cpp/ql/src/change-notes/2023-09-06-deduplicated-results.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The number of duplicated dataflow paths reported by queries has been significantly reduced. \ No newline at end of file diff --git a/cpp/ql/src/change-notes/2023-09-08-unreachble-edges.md b/cpp/ql/src/change-notes/2023-09-08-unreachble-edges.md deleted file mode 100644 index 1839120619b0..000000000000 --- a/cpp/ql/src/change-notes/2023-09-08-unreachble-edges.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- -* The queries `cpp/double-free` and `cpp/use-after-free` find fewer false positives - in cases where a non-returning function is called. \ No newline at end of file diff --git a/cpp/ql/src/change-notes/2023-10-03-double-free.md b/cpp/ql/src/change-notes/2023-10-03-double-free.md deleted file mode 100644 index ebe6674320d6..000000000000 --- a/cpp/ql/src/change-notes/2023-10-03-double-free.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: queryMetadata ---- -* The `cpp/double-free` query has been further improved to reduce false positives and its precision has been increased from `medium` to `high`. \ No newline at end of file diff --git a/cpp/ql/src/change-notes/2023-10-03-use-after-free.md b/cpp/ql/src/change-notes/2023-10-03-use-after-free.md deleted file mode 100644 index 6c1165edb343..000000000000 --- a/cpp/ql/src/change-notes/2023-10-03-use-after-free.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: queryMetadata ---- -* The `cpp/use-after-free` query has been further improved to reduce false positives and its precision has been increased from `medium` to `high`. \ No newline at end of file diff --git a/cpp/ql/src/change-notes/released/0.8.0.md b/cpp/ql/src/change-notes/released/0.8.0.md new file mode 100644 index 000000000000..664e8760f48e --- /dev/null +++ b/cpp/ql/src/change-notes/released/0.8.0.md @@ -0,0 +1,12 @@ +## 0.8.0 + +### Query Metadata Changes + +* The `cpp/double-free` query has been further improved to reduce false positives and its precision has been increased from `medium` to `high`. +* The `cpp/use-after-free` query has been further improved to reduce false positives and its precision has been increased from `medium` to `high`. + +### Minor Analysis Improvements + +* The queries `cpp/double-free` and `cpp/use-after-free` find fewer false positives + in cases where a non-returning function is called. +* The number of duplicated dataflow paths reported by queries has been significantly reduced. diff --git a/cpp/ql/src/codeql-pack.release.yml b/cpp/ql/src/codeql-pack.release.yml index b5108ee0bda8..37eab3197dcb 100644 --- a/cpp/ql/src/codeql-pack.release.yml +++ b/cpp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.5 +lastReleaseVersion: 0.8.0 diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index 88e5026c939f..9bdad36cc468 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 0.8.0-dev +version: 0.8.0 groups: - cpp - queries diff --git a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md index cc79b182da60..61606368e4c6 100644 --- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.0 + +No user-facing changes. + ## 1.6.5 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.0.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.0.md new file mode 100644 index 000000000000..07492eebff7c --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.0.md @@ -0,0 +1,3 @@ +## 1.7.0 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml index 031532705578..d1184cc67507 100644 --- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.6.5 +lastReleaseVersion: 1.7.0 diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index 8d400fbbaa4b..7f888b9458a2 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.7.0-dev +version: 1.7.0 groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md index cc79b182da60..61606368e4c6 100644 --- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.0 + +No user-facing changes. + ## 1.6.5 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.0.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.0.md new file mode 100644 index 000000000000..07492eebff7c --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.0.md @@ -0,0 +1,3 @@ +## 1.7.0 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml index 031532705578..d1184cc67507 100644 --- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.6.5 +lastReleaseVersion: 1.7.0 diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index ddf6820236ff..1364ecc5b305 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.7.0-dev +version: 1.7.0 groups: - csharp - solorigate diff --git a/csharp/ql/lib/CHANGELOG.md b/csharp/ql/lib/CHANGELOG.md index 1d2703e856e2..de8d30425f77 100644 --- a/csharp/ql/lib/CHANGELOG.md +++ b/csharp/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.8.0 + +No user-facing changes. + ## 0.7.5 No user-facing changes. diff --git a/csharp/ql/lib/change-notes/released/0.8.0.md b/csharp/ql/lib/change-notes/released/0.8.0.md new file mode 100644 index 000000000000..16ea5f603735 --- /dev/null +++ b/csharp/ql/lib/change-notes/released/0.8.0.md @@ -0,0 +1,3 @@ +## 0.8.0 + +No user-facing changes. diff --git a/csharp/ql/lib/codeql-pack.release.yml b/csharp/ql/lib/codeql-pack.release.yml index b5108ee0bda8..37eab3197dcb 100644 --- a/csharp/ql/lib/codeql-pack.release.yml +++ b/csharp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.5 +lastReleaseVersion: 0.8.0 diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index 1f96818bb7fe..77cf000182e1 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 0.8.0-dev +version: 0.8.0 groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/CHANGELOG.md b/csharp/ql/src/CHANGELOG.md index d391679c5dfc..4b03f57bd9e8 100644 --- a/csharp/ql/src/CHANGELOG.md +++ b/csharp/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.8.0 + +### New Queries + +* Added a new query, `cs/web/insecure-direct-object-reference`, to find instances of missing authorization checks for resources selected by an ID parameter. + ## 0.7.5 No user-facing changes. diff --git a/csharp/ql/src/change-notes/2023-08-21-insecure-direct-object-reference.md b/csharp/ql/src/change-notes/released/0.8.0.md similarity index 69% rename from csharp/ql/src/change-notes/2023-08-21-insecure-direct-object-reference.md rename to csharp/ql/src/change-notes/released/0.8.0.md index edbb11347390..caef33b6a935 100644 --- a/csharp/ql/src/change-notes/2023-08-21-insecure-direct-object-reference.md +++ b/csharp/ql/src/change-notes/released/0.8.0.md @@ -1,4 +1,5 @@ ---- -category: newQuery ---- -* Added a new query, `cs/web/insecure-direct-object-reference`, to find instances of missing authorization checks for resources selected by an ID parameter. \ No newline at end of file +## 0.8.0 + +### New Queries + +* Added a new query, `cs/web/insecure-direct-object-reference`, to find instances of missing authorization checks for resources selected by an ID parameter. diff --git a/csharp/ql/src/codeql-pack.release.yml b/csharp/ql/src/codeql-pack.release.yml index b5108ee0bda8..37eab3197dcb 100644 --- a/csharp/ql/src/codeql-pack.release.yml +++ b/csharp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.5 +lastReleaseVersion: 0.8.0 diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index 7690ae016fc5..3e9b759fdacd 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 0.8.0-dev +version: 0.8.0 groups: - csharp - queries diff --git a/go/ql/lib/CHANGELOG.md b/go/ql/lib/CHANGELOG.md index fba37b581ac0..5b4530cd2a97 100644 --- a/go/ql/lib/CHANGELOG.md +++ b/go/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.7.0 + +### Minor Analysis Improvements + +* Added Numeric and Boolean types to SQL injection sanitzers. + ## 0.6.5 No user-facing changes. diff --git a/go/ql/lib/change-notes/2023-09-12-add-int&bool-sanitizer-for-sql.md b/go/ql/lib/change-notes/2023-09-12-add-int&bool-sanitizer-for-sql.md deleted file mode 100644 index 26751edf2fe7..000000000000 --- a/go/ql/lib/change-notes/2023-09-12-add-int&bool-sanitizer-for-sql.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added Numeric and Boolean types to SQL injection sanitzers. \ No newline at end of file diff --git a/go/ql/lib/change-notes/released/0.7.0.md b/go/ql/lib/change-notes/released/0.7.0.md new file mode 100644 index 000000000000..6df2bd55237a --- /dev/null +++ b/go/ql/lib/change-notes/released/0.7.0.md @@ -0,0 +1,5 @@ +## 0.7.0 + +### Minor Analysis Improvements + +* Added Numeric and Boolean types to SQL injection sanitzers. diff --git a/go/ql/lib/codeql-pack.release.yml b/go/ql/lib/codeql-pack.release.yml index 86780fb61480..c761f3e7ab44 100644 --- a/go/ql/lib/codeql-pack.release.yml +++ b/go/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.5 +lastReleaseVersion: 0.7.0 diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index cdacb07367df..596fddbb443e 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 0.7.0-dev +version: 0.7.0 groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/src/CHANGELOG.md b/go/ql/src/CHANGELOG.md index 4b7c6babedc1..0e1e2c030977 100644 --- a/go/ql/src/CHANGELOG.md +++ b/go/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.7.0 + +No user-facing changes. + ## 0.6.5 No user-facing changes. diff --git a/go/ql/src/change-notes/released/0.7.0.md b/go/ql/src/change-notes/released/0.7.0.md new file mode 100644 index 000000000000..80d3864a0f98 --- /dev/null +++ b/go/ql/src/change-notes/released/0.7.0.md @@ -0,0 +1,3 @@ +## 0.7.0 + +No user-facing changes. diff --git a/go/ql/src/codeql-pack.release.yml b/go/ql/src/codeql-pack.release.yml index 86780fb61480..c761f3e7ab44 100644 --- a/go/ql/src/codeql-pack.release.yml +++ b/go/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.5 +lastReleaseVersion: 0.7.0 diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index 8a187f1080e0..087af0984baf 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 0.7.0-dev +version: 0.7.0 groups: - go - queries diff --git a/java/ql/automodel/src/CHANGELOG.md b/java/ql/automodel/src/CHANGELOG.md index a78acd769605..ee2610f9bd65 100644 --- a/java/ql/automodel/src/CHANGELOG.md +++ b/java/ql/automodel/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.5 + +No user-facing changes. + ## 0.0.4 No user-facing changes. diff --git a/java/ql/automodel/src/change-notes/released/0.0.5.md b/java/ql/automodel/src/change-notes/released/0.0.5.md new file mode 100644 index 000000000000..766ec2723b56 --- /dev/null +++ b/java/ql/automodel/src/change-notes/released/0.0.5.md @@ -0,0 +1,3 @@ +## 0.0.5 + +No user-facing changes. diff --git a/java/ql/automodel/src/codeql-pack.release.yml b/java/ql/automodel/src/codeql-pack.release.yml index ec411a674bcd..bb45a1ab0182 100644 --- a/java/ql/automodel/src/codeql-pack.release.yml +++ b/java/ql/automodel/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.4 +lastReleaseVersion: 0.0.5 diff --git a/java/ql/automodel/src/qlpack.yml b/java/ql/automodel/src/qlpack.yml index d41368cab933..12786005dc15 100644 --- a/java/ql/automodel/src/qlpack.yml +++ b/java/ql/automodel/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-automodel-queries -version: 0.0.5-dev +version: 0.0.5 groups: - java - automodel diff --git a/java/ql/lib/CHANGELOG.md b/java/ql/lib/CHANGELOG.md index c5d72b195012..34b1f5487a91 100644 --- a/java/ql/lib/CHANGELOG.md +++ b/java/ql/lib/CHANGELOG.md @@ -1,3 +1,21 @@ +## 0.8.0 + +### New Features + +* Kotlin versions up to 1.9.20 are now supported. + +### Minor Analysis Improvements + +* Fixed a control-flow bug where case rule statements would incorrectly include a fall-through edge. +* Added support for default cases as proper guards in switch expressions to match switch statements. +* Improved the class `ArithExpr` of the `Overflow.qll` module to also include compound operators. Because of this, new alerts may be raised in queries related to overflows/underflows. +* Added new dataflow models for the Apache CXF framework. +* Regular expressions containing multiple parse mode flags are now interpretted correctly. For example `"(?is)abc.*"` with both the `i` and `s` flags. + +### Bug Fixes + +* The regular expressions library no longer incorrectly matches mode flag characters against the input. + ## 0.7.5 No user-facing changes. diff --git a/java/ql/lib/change-notes/2023-07-20-regex-parse-modes.md b/java/ql/lib/change-notes/2023-07-20-regex-parse-modes.md deleted file mode 100644 index 2d6762274910..000000000000 --- a/java/ql/lib/change-notes/2023-07-20-regex-parse-modes.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Regular expressions containing multiple parse mode flags are now interpretted correctly. For example `"(?is)abc.*"` with both the `i` and `s` flags. diff --git a/java/ql/lib/change-notes/2023-08-23-apache-cxf-models.md b/java/ql/lib/change-notes/2023-08-23-apache-cxf-models.md deleted file mode 100644 index fbd0fef3b7f0..000000000000 --- a/java/ql/lib/change-notes/2023-08-23-apache-cxf-models.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added new dataflow models for the Apache CXF framework. diff --git a/java/ql/lib/change-notes/2023-09-12-kotlin-1.9.20.md b/java/ql/lib/change-notes/2023-09-12-kotlin-1.9.20.md deleted file mode 100644 index 275c72fdf6bd..000000000000 --- a/java/ql/lib/change-notes/2023-09-12-kotlin-1.9.20.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* Kotlin versions up to 1.9.20 are now supported. diff --git a/java/ql/lib/change-notes/2023-09-12-regex-mode-flag-groups.md b/java/ql/lib/change-notes/2023-09-12-regex-mode-flag-groups.md deleted file mode 100644 index d13350726a82..000000000000 --- a/java/ql/lib/change-notes/2023-09-12-regex-mode-flag-groups.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: fix ---- -* The regular expressions library no longer incorrectly matches mode flag characters against the input. diff --git a/java/ql/lib/change-notes/2023-09-19-arithexpr-assignop.md b/java/ql/lib/change-notes/2023-09-19-arithexpr-assignop.md deleted file mode 100644 index 389015002263..000000000000 --- a/java/ql/lib/change-notes/2023-09-19-arithexpr-assignop.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Improved the class `ArithExpr` of the `Overflow.qll` module to also include compound operators. Because of this, new alerts may be raised in queries related to overflows/underflows. diff --git a/java/ql/lib/change-notes/2023-09-28-case-rule-stmt-cfg-fix.md b/java/ql/lib/change-notes/2023-09-28-case-rule-stmt-cfg-fix.md deleted file mode 100644 index 5e99335aba7c..000000000000 --- a/java/ql/lib/change-notes/2023-09-28-case-rule-stmt-cfg-fix.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- -* Fixed a control-flow bug where case rule statements would incorrectly include a fall-through edge. -* Added support for default cases as proper guards in switch expressions to match switch statements. diff --git a/java/ql/lib/change-notes/released/0.8.0.md b/java/ql/lib/change-notes/released/0.8.0.md new file mode 100644 index 000000000000..16f020fa7dfa --- /dev/null +++ b/java/ql/lib/change-notes/released/0.8.0.md @@ -0,0 +1,17 @@ +## 0.8.0 + +### New Features + +* Kotlin versions up to 1.9.20 are now supported. + +### Minor Analysis Improvements + +* Fixed a control-flow bug where case rule statements would incorrectly include a fall-through edge. +* Added support for default cases as proper guards in switch expressions to match switch statements. +* Improved the class `ArithExpr` of the `Overflow.qll` module to also include compound operators. Because of this, new alerts may be raised in queries related to overflows/underflows. +* Added new dataflow models for the Apache CXF framework. +* Regular expressions containing multiple parse mode flags are now interpretted correctly. For example `"(?is)abc.*"` with both the `i` and `s` flags. + +### Bug Fixes + +* The regular expressions library no longer incorrectly matches mode flag characters against the input. diff --git a/java/ql/lib/codeql-pack.release.yml b/java/ql/lib/codeql-pack.release.yml index b5108ee0bda8..37eab3197dcb 100644 --- a/java/ql/lib/codeql-pack.release.yml +++ b/java/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.5 +lastReleaseVersion: 0.8.0 diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index df095807bd53..32d6741f8295 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 0.8.0-dev +version: 0.8.0 groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/CHANGELOG.md b/java/ql/src/CHANGELOG.md index 956a81d7802d..ea706bfd0559 100644 --- a/java/ql/src/CHANGELOG.md +++ b/java/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.8.0 + +No user-facing changes. + ## 0.7.5 No user-facing changes. diff --git a/java/ql/src/change-notes/released/0.8.0.md b/java/ql/src/change-notes/released/0.8.0.md new file mode 100644 index 000000000000..16ea5f603735 --- /dev/null +++ b/java/ql/src/change-notes/released/0.8.0.md @@ -0,0 +1,3 @@ +## 0.8.0 + +No user-facing changes. diff --git a/java/ql/src/codeql-pack.release.yml b/java/ql/src/codeql-pack.release.yml index b5108ee0bda8..37eab3197dcb 100644 --- a/java/ql/src/codeql-pack.release.yml +++ b/java/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.5 +lastReleaseVersion: 0.8.0 diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index f09f03cb987a..c95a7deccac1 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 0.8.0-dev +version: 0.8.0 groups: - java - queries diff --git a/javascript/ql/lib/CHANGELOG.md b/javascript/ql/lib/CHANGELOG.md index 022aebbd6932..f1aac73b5777 100644 --- a/javascript/ql/lib/CHANGELOG.md +++ b/javascript/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.8.0 + +No user-facing changes. + ## 0.7.5 No user-facing changes. diff --git a/javascript/ql/lib/change-notes/released/0.8.0.md b/javascript/ql/lib/change-notes/released/0.8.0.md new file mode 100644 index 000000000000..16ea5f603735 --- /dev/null +++ b/javascript/ql/lib/change-notes/released/0.8.0.md @@ -0,0 +1,3 @@ +## 0.8.0 + +No user-facing changes. diff --git a/javascript/ql/lib/codeql-pack.release.yml b/javascript/ql/lib/codeql-pack.release.yml index b5108ee0bda8..37eab3197dcb 100644 --- a/javascript/ql/lib/codeql-pack.release.yml +++ b/javascript/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.5 +lastReleaseVersion: 0.8.0 diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index 2b5b69eccf94..9be13574db56 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 0.8.0-dev +version: 0.8.0 groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/CHANGELOG.md b/javascript/ql/src/CHANGELOG.md index c67be888c57e..8c0e3b427e98 100644 --- a/javascript/ql/src/CHANGELOG.md +++ b/javascript/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.8.0 + +No user-facing changes. + ## 0.7.5 ### Bug Fixes diff --git a/javascript/ql/src/change-notes/released/0.8.0.md b/javascript/ql/src/change-notes/released/0.8.0.md new file mode 100644 index 000000000000..16ea5f603735 --- /dev/null +++ b/javascript/ql/src/change-notes/released/0.8.0.md @@ -0,0 +1,3 @@ +## 0.8.0 + +No user-facing changes. diff --git a/javascript/ql/src/codeql-pack.release.yml b/javascript/ql/src/codeql-pack.release.yml index b5108ee0bda8..37eab3197dcb 100644 --- a/javascript/ql/src/codeql-pack.release.yml +++ b/javascript/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.5 +lastReleaseVersion: 0.8.0 diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index 831f4e9aa57b..d1af553f05ed 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 0.8.0-dev +version: 0.8.0 groups: - javascript - queries diff --git a/misc/suite-helpers/CHANGELOG.md b/misc/suite-helpers/CHANGELOG.md index 9435d172e6f3..7467add73bad 100644 --- a/misc/suite-helpers/CHANGELOG.md +++ b/misc/suite-helpers/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.7.0 + +No user-facing changes. + ## 0.6.5 No user-facing changes. diff --git a/misc/suite-helpers/change-notes/released/0.7.0.md b/misc/suite-helpers/change-notes/released/0.7.0.md new file mode 100644 index 000000000000..80d3864a0f98 --- /dev/null +++ b/misc/suite-helpers/change-notes/released/0.7.0.md @@ -0,0 +1,3 @@ +## 0.7.0 + +No user-facing changes. diff --git a/misc/suite-helpers/codeql-pack.release.yml b/misc/suite-helpers/codeql-pack.release.yml index 86780fb61480..c761f3e7ab44 100644 --- a/misc/suite-helpers/codeql-pack.release.yml +++ b/misc/suite-helpers/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.5 +lastReleaseVersion: 0.7.0 diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml index 820c1bfc571e..696cb8eac329 100644 --- a/misc/suite-helpers/qlpack.yml +++ b/misc/suite-helpers/qlpack.yml @@ -1,4 +1,4 @@ name: codeql/suite-helpers -version: 0.7.0-dev +version: 0.7.0 groups: shared warnOnImplicitThis: true diff --git a/python/ql/lib/CHANGELOG.md b/python/ql/lib/CHANGELOG.md index 0f7d9c299758..630309929990 100644 --- a/python/ql/lib/CHANGELOG.md +++ b/python/ql/lib/CHANGELOG.md @@ -1,3 +1,14 @@ +## 0.11.0 + +### Minor Analysis Improvements + +* Django Rest Framework better handles custom `ModelViewSet` classes functions +* Regular expression fragments residing inside implicitly concatenated strings now have better location information. + +### Bug Fixes + +* Subterms of regular expressions encoded as single-line string literals now have better source-location information. + ## 0.10.5 No user-facing changes. diff --git a/python/ql/lib/change-notes/2023-09-22-regex-prefix.md b/python/ql/lib/change-notes/2023-09-22-regex-prefix.md deleted file mode 100644 index 20affaaab4ee..000000000000 --- a/python/ql/lib/change-notes/2023-09-22-regex-prefix.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: fix ---- -* Subterms of regular expressions encoded as single-line string literals now have better source-location information. \ No newline at end of file diff --git a/python/ql/lib/change-notes/2023-09-26-regex-locations-in-string-parts.md b/python/ql/lib/change-notes/2023-09-26-regex-locations-in-string-parts.md deleted file mode 100644 index 32bdc1db15c3..000000000000 --- a/python/ql/lib/change-notes/2023-09-26-regex-locations-in-string-parts.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Regular expression fragments residing inside implicitly concatenated strings now have better location information. diff --git a/python/ql/lib/change-notes/2023-09-29-django-restframework-improvements.md b/python/ql/lib/change-notes/2023-09-29-django-restframework-improvements.md deleted file mode 100644 index cf0c93fca2be..000000000000 --- a/python/ql/lib/change-notes/2023-09-29-django-restframework-improvements.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Django Rest Framework better handles custom `ModelViewSet` classes functions \ No newline at end of file diff --git a/python/ql/lib/change-notes/released/0.11.0.md b/python/ql/lib/change-notes/released/0.11.0.md new file mode 100644 index 000000000000..bf689298b4cf --- /dev/null +++ b/python/ql/lib/change-notes/released/0.11.0.md @@ -0,0 +1,10 @@ +## 0.11.0 + +### Minor Analysis Improvements + +* Django Rest Framework better handles custom `ModelViewSet` classes functions +* Regular expression fragments residing inside implicitly concatenated strings now have better location information. + +### Bug Fixes + +* Subterms of regular expressions encoded as single-line string literals now have better source-location information. diff --git a/python/ql/lib/codeql-pack.release.yml b/python/ql/lib/codeql-pack.release.yml index 2e5e2af8307c..fce68697d682 100644 --- a/python/ql/lib/codeql-pack.release.yml +++ b/python/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.10.5 +lastReleaseVersion: 0.11.0 diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index 9f2da148abf0..272b8418d7cf 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 0.11.0-dev +version: 0.11.0 groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/CHANGELOG.md b/python/ql/src/CHANGELOG.md index ca2dfaae5460..230f54ce6454 100644 --- a/python/ql/src/CHANGELOG.md +++ b/python/ql/src/CHANGELOG.md @@ -1,3 +1,14 @@ +## 0.9.0 + +### New Queries + +* The query `py/nosql-injection` for finding NoSQL injection vulnerabilities is now available in the default security suite. + +### Minor Analysis Improvements + +* Improved _URL redirection from remote source_ (`py/url-redirection`) query to not alert when URL has been checked with `django.utils.http. url_has_allowed_host_and_scheme`. +* Extended the `py/command-line-injection` query with sinks from Python's `asyncio` module. + ## 0.8.5 No user-facing changes. diff --git a/python/ql/src/change-notes/2023-09-05-asyncio-cmdi-sinks.md b/python/ql/src/change-notes/2023-09-05-asyncio-cmdi-sinks.md deleted file mode 100644 index 6a05b201d6b7..000000000000 --- a/python/ql/src/change-notes/2023-09-05-asyncio-cmdi-sinks.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Extended the `py/command-line-injection` query with sinks from Python's `asyncio` module. diff --git a/python/ql/src/change-notes/2023-09-13-django-url-allowed-host.md b/python/ql/src/change-notes/2023-09-13-django-url-allowed-host.md deleted file mode 100644 index 3ba166559d21..000000000000 --- a/python/ql/src/change-notes/2023-09-13-django-url-allowed-host.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Improved _URL redirection from remote source_ (`py/url-redirection`) query to not alert when URL has been checked with `django.utils.http. url_has_allowed_host_and_scheme`. diff --git a/python/ql/src/change-notes/2023-09-18-promoted-nosql-injection-query.md b/python/ql/src/change-notes/2023-09-18-promoted-nosql-injection-query.md deleted file mode 100644 index 2b30fd492d53..000000000000 --- a/python/ql/src/change-notes/2023-09-18-promoted-nosql-injection-query.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: newQuery ---- -* The query `py/nosql-injection` for finding NoSQL injection vulnerabilities is now available in the default security suite. diff --git a/python/ql/src/change-notes/released/0.9.0.md b/python/ql/src/change-notes/released/0.9.0.md new file mode 100644 index 000000000000..12e30a0f8381 --- /dev/null +++ b/python/ql/src/change-notes/released/0.9.0.md @@ -0,0 +1,10 @@ +## 0.9.0 + +### New Queries + +* The query `py/nosql-injection` for finding NoSQL injection vulnerabilities is now available in the default security suite. + +### Minor Analysis Improvements + +* Improved _URL redirection from remote source_ (`py/url-redirection`) query to not alert when URL has been checked with `django.utils.http. url_has_allowed_host_and_scheme`. +* Extended the `py/command-line-injection` query with sinks from Python's `asyncio` module. diff --git a/python/ql/src/codeql-pack.release.yml b/python/ql/src/codeql-pack.release.yml index cbe6bc6b7c62..8b9fc185202d 100644 --- a/python/ql/src/codeql-pack.release.yml +++ b/python/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.5 +lastReleaseVersion: 0.9.0 diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index 7790d40858b6..c4ad3ab33284 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 0.9.0-dev +version: 0.9.0 groups: - python - queries diff --git a/ruby/ql/lib/CHANGELOG.md b/ruby/ql/lib/CHANGELOG.md index 60cc08a923dd..f44809f63d2d 100644 --- a/ruby/ql/lib/CHANGELOG.md +++ b/ruby/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.8.0 + +### Major Analysis Improvements + +* Improved support for flow through captured variables that properly adheres to inter-procedural control flow. + ## 0.7.5 No user-facing changes. diff --git a/ruby/ql/lib/change-notes/2023-08-23-variable-capture-flow.md b/ruby/ql/lib/change-notes/2023-08-23-variable-capture-flow.md deleted file mode 100644 index 66ab65083dc3..000000000000 --- a/ruby/ql/lib/change-notes/2023-08-23-variable-capture-flow.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: majorAnalysis ---- -* Improved support for flow through captured variables that properly adheres to inter-procedural control flow. \ No newline at end of file diff --git a/ruby/ql/lib/change-notes/released/0.8.0.md b/ruby/ql/lib/change-notes/released/0.8.0.md new file mode 100644 index 000000000000..a139654ebbe6 --- /dev/null +++ b/ruby/ql/lib/change-notes/released/0.8.0.md @@ -0,0 +1,5 @@ +## 0.8.0 + +### Major Analysis Improvements + +* Improved support for flow through captured variables that properly adheres to inter-procedural control flow. diff --git a/ruby/ql/lib/codeql-pack.release.yml b/ruby/ql/lib/codeql-pack.release.yml index b5108ee0bda8..37eab3197dcb 100644 --- a/ruby/ql/lib/codeql-pack.release.yml +++ b/ruby/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.5 +lastReleaseVersion: 0.8.0 diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index d90c77225c7e..e14ffb64092b 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 0.8.0-dev +version: 0.8.0 groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/CHANGELOG.md b/ruby/ql/src/CHANGELOG.md index f69f774d1711..6694814c95fc 100644 --- a/ruby/ql/src/CHANGELOG.md +++ b/ruby/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.8.0 + +### Minor Analysis Improvements + +* Built-in Ruby queries now use the new DataFlow API. + ## 0.7.5 No user-facing changes. diff --git a/ruby/ql/src/change-notes/2023-09-03-use-new-dataflow-api.md b/ruby/ql/src/change-notes/released/0.8.0.md similarity index 55% rename from ruby/ql/src/change-notes/2023-09-03-use-new-dataflow-api.md rename to ruby/ql/src/change-notes/released/0.8.0.md index 2cde6336ae47..14b7dd8b830c 100644 --- a/ruby/ql/src/change-notes/2023-09-03-use-new-dataflow-api.md +++ b/ruby/ql/src/change-notes/released/0.8.0.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 0.8.0 + +### Minor Analysis Improvements + * Built-in Ruby queries now use the new DataFlow API. diff --git a/ruby/ql/src/codeql-pack.release.yml b/ruby/ql/src/codeql-pack.release.yml index b5108ee0bda8..37eab3197dcb 100644 --- a/ruby/ql/src/codeql-pack.release.yml +++ b/ruby/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.5 +lastReleaseVersion: 0.8.0 diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index 86ea5c3b18d7..a6f51d02bd1d 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 0.8.0-dev +version: 0.8.0 groups: - ruby - queries diff --git a/shared/controlflow/CHANGELOG.md b/shared/controlflow/CHANGELOG.md index 3370a04b28cc..1a5a17a4456c 100644 --- a/shared/controlflow/CHANGELOG.md +++ b/shared/controlflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.0 + +No user-facing changes. + ## 0.0.4 No user-facing changes. diff --git a/shared/controlflow/change-notes/released/0.1.0.md b/shared/controlflow/change-notes/released/0.1.0.md new file mode 100644 index 000000000000..7b4d4fc699c0 --- /dev/null +++ b/shared/controlflow/change-notes/released/0.1.0.md @@ -0,0 +1,3 @@ +## 0.1.0 + +No user-facing changes. diff --git a/shared/controlflow/codeql-pack.release.yml b/shared/controlflow/codeql-pack.release.yml index ec411a674bcd..2e08f40f6aa3 100644 --- a/shared/controlflow/codeql-pack.release.yml +++ b/shared/controlflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.4 +lastReleaseVersion: 0.1.0 diff --git a/shared/controlflow/qlpack.yml b/shared/controlflow/qlpack.yml index 075a5632883e..2e6d396ba4ed 100644 --- a/shared/controlflow/qlpack.yml +++ b/shared/controlflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/controlflow -version: 0.1.0-dev +version: 0.1.0 groups: shared library: true dependencies: diff --git a/shared/dataflow/CHANGELOG.md b/shared/dataflow/CHANGELOG.md index e18f52c02373..e72f0484bcb2 100644 --- a/shared/dataflow/CHANGELOG.md +++ b/shared/dataflow/CHANGELOG.md @@ -1,3 +1,13 @@ +## 0.1.0 + +### Major Analysis Improvements + +* Added support for type-based call edge pruning. This removes data flow call edges that are incompatible with the set of flow paths that reach it based on type information. This improves dispatch precision for constructs like lambdas, `Object.toString()` calls, and the visitor pattern. For now this is only enabled for Java and C#. + +### Minor Analysis Improvements + +* The `isBarrierIn` and `isBarrierOut` predicates in `DataFlow::StateConfigSig` now have overloaded variants that block a specific `FlowState`. + ## 0.0.4 No user-facing changes. diff --git a/shared/dataflow/change-notes/2023-09-26-inout-barrier-flow-state.md b/shared/dataflow/change-notes/2023-09-26-inout-barrier-flow-state.md deleted file mode 100644 index c7ea9638ee86..000000000000 --- a/shared/dataflow/change-notes/2023-09-26-inout-barrier-flow-state.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The `isBarrierIn` and `isBarrierOut` predicates in `DataFlow::StateConfigSig` now have overloaded variants that block a specific `FlowState`. diff --git a/shared/dataflow/change-notes/2023-09-12-typeflow.md b/shared/dataflow/change-notes/released/0.1.0.md similarity index 60% rename from shared/dataflow/change-notes/2023-09-12-typeflow.md rename to shared/dataflow/change-notes/released/0.1.0.md index e5f010354789..df05aff26c55 100644 --- a/shared/dataflow/change-notes/2023-09-12-typeflow.md +++ b/shared/dataflow/change-notes/released/0.1.0.md @@ -1,4 +1,9 @@ ---- -category: majorAnalysis ---- +## 0.1.0 + +### Major Analysis Improvements + * Added support for type-based call edge pruning. This removes data flow call edges that are incompatible with the set of flow paths that reach it based on type information. This improves dispatch precision for constructs like lambdas, `Object.toString()` calls, and the visitor pattern. For now this is only enabled for Java and C#. + +### Minor Analysis Improvements + +* The `isBarrierIn` and `isBarrierOut` predicates in `DataFlow::StateConfigSig` now have overloaded variants that block a specific `FlowState`. diff --git a/shared/dataflow/codeql-pack.release.yml b/shared/dataflow/codeql-pack.release.yml index ec411a674bcd..2e08f40f6aa3 100644 --- a/shared/dataflow/codeql-pack.release.yml +++ b/shared/dataflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.4 +lastReleaseVersion: 0.1.0 diff --git a/shared/dataflow/qlpack.yml b/shared/dataflow/qlpack.yml index 3ed09bbbbd91..e751fef6b149 100644 --- a/shared/dataflow/qlpack.yml +++ b/shared/dataflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/dataflow -version: 0.1.0-dev +version: 0.1.0 groups: shared library: true dependencies: diff --git a/shared/mad/CHANGELOG.md b/shared/mad/CHANGELOG.md index 85c1fc61056f..0df0d4f14e38 100644 --- a/shared/mad/CHANGELOG.md +++ b/shared/mad/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.0 + +No user-facing changes. + ## 0.1.5 No user-facing changes. diff --git a/shared/mad/change-notes/released/0.2.0.md b/shared/mad/change-notes/released/0.2.0.md new file mode 100644 index 000000000000..eb192b7a61b1 --- /dev/null +++ b/shared/mad/change-notes/released/0.2.0.md @@ -0,0 +1,3 @@ +## 0.2.0 + +No user-facing changes. diff --git a/shared/mad/codeql-pack.release.yml b/shared/mad/codeql-pack.release.yml index 157cff8108d3..5274e27ed522 100644 --- a/shared/mad/codeql-pack.release.yml +++ b/shared/mad/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.5 +lastReleaseVersion: 0.2.0 diff --git a/shared/mad/qlpack.yml b/shared/mad/qlpack.yml index df8815691e0a..5e427add5a51 100644 --- a/shared/mad/qlpack.yml +++ b/shared/mad/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/mad -version: 0.2.0-dev +version: 0.2.0 groups: shared library: true dependencies: null diff --git a/shared/regex/CHANGELOG.md b/shared/regex/CHANGELOG.md index 52d8a94f585f..9dc3e22056f6 100644 --- a/shared/regex/CHANGELOG.md +++ b/shared/regex/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.0 + +No user-facing changes. + ## 0.1.5 No user-facing changes. diff --git a/shared/regex/change-notes/released/0.2.0.md b/shared/regex/change-notes/released/0.2.0.md new file mode 100644 index 000000000000..eb192b7a61b1 --- /dev/null +++ b/shared/regex/change-notes/released/0.2.0.md @@ -0,0 +1,3 @@ +## 0.2.0 + +No user-facing changes. diff --git a/shared/regex/codeql-pack.release.yml b/shared/regex/codeql-pack.release.yml index 157cff8108d3..5274e27ed522 100644 --- a/shared/regex/codeql-pack.release.yml +++ b/shared/regex/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.5 +lastReleaseVersion: 0.2.0 diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml index a844c6216f0d..456b7242bbec 100644 --- a/shared/regex/qlpack.yml +++ b/shared/regex/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/regex -version: 0.2.0-dev +version: 0.2.0 groups: shared library: true dependencies: diff --git a/shared/ssa/CHANGELOG.md b/shared/ssa/CHANGELOG.md index c9857f9ad971..193121409899 100644 --- a/shared/ssa/CHANGELOG.md +++ b/shared/ssa/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.0 + +No user-facing changes. + ## 0.1.5 No user-facing changes. diff --git a/shared/ssa/change-notes/released/0.2.0.md b/shared/ssa/change-notes/released/0.2.0.md new file mode 100644 index 000000000000..eb192b7a61b1 --- /dev/null +++ b/shared/ssa/change-notes/released/0.2.0.md @@ -0,0 +1,3 @@ +## 0.2.0 + +No user-facing changes. diff --git a/shared/ssa/codeql-pack.release.yml b/shared/ssa/codeql-pack.release.yml index 157cff8108d3..5274e27ed522 100644 --- a/shared/ssa/codeql-pack.release.yml +++ b/shared/ssa/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.5 +lastReleaseVersion: 0.2.0 diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml index 767b14897070..05e1e783ebba 100644 --- a/shared/ssa/qlpack.yml +++ b/shared/ssa/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ssa -version: 0.2.0-dev +version: 0.2.0 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/tutorial/CHANGELOG.md b/shared/tutorial/CHANGELOG.md index 9466e4c6a087..e1eddb1ead08 100644 --- a/shared/tutorial/CHANGELOG.md +++ b/shared/tutorial/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.0 + +No user-facing changes. + ## 0.1.5 No user-facing changes. diff --git a/shared/tutorial/change-notes/released/0.2.0.md b/shared/tutorial/change-notes/released/0.2.0.md new file mode 100644 index 000000000000..eb192b7a61b1 --- /dev/null +++ b/shared/tutorial/change-notes/released/0.2.0.md @@ -0,0 +1,3 @@ +## 0.2.0 + +No user-facing changes. diff --git a/shared/tutorial/codeql-pack.release.yml b/shared/tutorial/codeql-pack.release.yml index 157cff8108d3..5274e27ed522 100644 --- a/shared/tutorial/codeql-pack.release.yml +++ b/shared/tutorial/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.5 +lastReleaseVersion: 0.2.0 diff --git a/shared/tutorial/qlpack.yml b/shared/tutorial/qlpack.yml index 7e247846603f..cf03db4f2dc5 100644 --- a/shared/tutorial/qlpack.yml +++ b/shared/tutorial/qlpack.yml @@ -1,7 +1,7 @@ name: codeql/tutorial description: Library for the CodeQL detective tutorials, helping new users learn to write CodeQL queries. -version: 0.2.0-dev +version: 0.2.0 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/typetracking/CHANGELOG.md b/shared/typetracking/CHANGELOG.md index 30f8294e16af..37615bfd8d47 100644 --- a/shared/typetracking/CHANGELOG.md +++ b/shared/typetracking/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.0 + +No user-facing changes. + ## 0.1.5 No user-facing changes. diff --git a/shared/typetracking/change-notes/released/0.2.0.md b/shared/typetracking/change-notes/released/0.2.0.md new file mode 100644 index 000000000000..eb192b7a61b1 --- /dev/null +++ b/shared/typetracking/change-notes/released/0.2.0.md @@ -0,0 +1,3 @@ +## 0.2.0 + +No user-facing changes. diff --git a/shared/typetracking/codeql-pack.release.yml b/shared/typetracking/codeql-pack.release.yml index 157cff8108d3..5274e27ed522 100644 --- a/shared/typetracking/codeql-pack.release.yml +++ b/shared/typetracking/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.5 +lastReleaseVersion: 0.2.0 diff --git a/shared/typetracking/qlpack.yml b/shared/typetracking/qlpack.yml index ab4805633996..0224995750d4 100644 --- a/shared/typetracking/qlpack.yml +++ b/shared/typetracking/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typetracking -version: 0.2.0-dev +version: 0.2.0 groups: shared library: true dependencies: diff --git a/shared/typos/CHANGELOG.md b/shared/typos/CHANGELOG.md index 73d10ecca5bb..d77fa94eb253 100644 --- a/shared/typos/CHANGELOG.md +++ b/shared/typos/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.0 + +No user-facing changes. + ## 0.1.5 No user-facing changes. diff --git a/shared/typos/change-notes/released/0.2.0.md b/shared/typos/change-notes/released/0.2.0.md new file mode 100644 index 000000000000..eb192b7a61b1 --- /dev/null +++ b/shared/typos/change-notes/released/0.2.0.md @@ -0,0 +1,3 @@ +## 0.2.0 + +No user-facing changes. diff --git a/shared/typos/codeql-pack.release.yml b/shared/typos/codeql-pack.release.yml index 157cff8108d3..5274e27ed522 100644 --- a/shared/typos/codeql-pack.release.yml +++ b/shared/typos/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.5 +lastReleaseVersion: 0.2.0 diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml index 1d226cca2df4..690127e7968f 100644 --- a/shared/typos/qlpack.yml +++ b/shared/typos/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typos -version: 0.2.0-dev +version: 0.2.0 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/util/CHANGELOG.md b/shared/util/CHANGELOG.md index 5d4ee4dd27f4..02134dcfd4f8 100644 --- a/shared/util/CHANGELOG.md +++ b/shared/util/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.0 + +No user-facing changes. + ## 0.1.5 No user-facing changes. diff --git a/shared/util/change-notes/released/0.2.0.md b/shared/util/change-notes/released/0.2.0.md new file mode 100644 index 000000000000..eb192b7a61b1 --- /dev/null +++ b/shared/util/change-notes/released/0.2.0.md @@ -0,0 +1,3 @@ +## 0.2.0 + +No user-facing changes. diff --git a/shared/util/codeql-pack.release.yml b/shared/util/codeql-pack.release.yml index 157cff8108d3..5274e27ed522 100644 --- a/shared/util/codeql-pack.release.yml +++ b/shared/util/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.5 +lastReleaseVersion: 0.2.0 diff --git a/shared/util/qlpack.yml b/shared/util/qlpack.yml index 56e7751a8daa..4dbdef82dbc0 100644 --- a/shared/util/qlpack.yml +++ b/shared/util/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/util -version: 0.2.0-dev +version: 0.2.0 groups: shared library: true dependencies: null diff --git a/shared/yaml/CHANGELOG.md b/shared/yaml/CHANGELOG.md index b6247037fd48..4e844168d15c 100644 --- a/shared/yaml/CHANGELOG.md +++ b/shared/yaml/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.0 + +No user-facing changes. + ## 0.1.5 No user-facing changes. diff --git a/shared/yaml/change-notes/released/0.2.0.md b/shared/yaml/change-notes/released/0.2.0.md new file mode 100644 index 000000000000..eb192b7a61b1 --- /dev/null +++ b/shared/yaml/change-notes/released/0.2.0.md @@ -0,0 +1,3 @@ +## 0.2.0 + +No user-facing changes. diff --git a/shared/yaml/codeql-pack.release.yml b/shared/yaml/codeql-pack.release.yml index 157cff8108d3..5274e27ed522 100644 --- a/shared/yaml/codeql-pack.release.yml +++ b/shared/yaml/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.5 +lastReleaseVersion: 0.2.0 diff --git a/shared/yaml/qlpack.yml b/shared/yaml/qlpack.yml index efef7197a428..5fb05420a3fc 100644 --- a/shared/yaml/qlpack.yml +++ b/shared/yaml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/yaml -version: 0.2.0-dev +version: 0.2.0 groups: shared library: true warnOnImplicitThis: true diff --git a/swift/ql/lib/CHANGELOG.md b/swift/ql/lib/CHANGELOG.md index e159bf2fbfc2..6011d2aa60d1 100644 --- a/swift/ql/lib/CHANGELOG.md +++ b/swift/ql/lib/CHANGELOG.md @@ -1,3 +1,32 @@ +## 0.3.0 + +### Deprecated APIs + +* The `ArrayContent` type in the data flow library has been deprecated and made an alias for the `CollectionContent` type, to better reflect the hierarchy of the Swift standard library. Uses of `ArrayElement` in model files will be interpreted as referring to `CollectionContent`. + +### Major Analysis Improvements + +* The predicates `getABaseType`, `getABaseTypeDecl`, `getADerivedType` and `getADerivedTypeDecl` on `Type` and `TypeDecl` now behave more usefully and consistently. They now explore through type aliases used in base class declarations, and include protocols added in extensions. + +To examine base class declarations at a low level without these enhancements, use `TypeDecl.getInheritedType`. + +`Type.getABaseType` (only) previously resolved a type alias it was called directly on. This behaviour no longer exists. To find any base type of a type that could be an alias, the construct `Type.getUnderlyingType().getABaseType*()` is recommended. + +### Minor Analysis Improvements + +* Modelled varargs function in `NSString` more accurately. +* Modelled `CustomStringConvertible.description` and `CustomDebugStringConvertible.debugDescription`, replacing ad-hoc models of these properties on derived classes. +* The regular expressions library now accepts a wider range of mode flags in a regular expression mode flag group (such as `(?u)`). The `(?w`) flag has been renamed from "UNICODE" to "UNICODEBOUNDARY", and the `(?u)` flag is called "UNICODE" in the libraries. +* Renamed `TypeDecl.getBaseType/1` to `getInheritedType`. +* Flow through writes via keypaths is now supported by the data flow library. +* Added flow through variadic arguments, and the `getVaList` function. +* Added flow steps through `Dictionary` keys and values. +* Added taint models for `Numeric` conversions. + +### Bug Fixes + +* The regular expressions library no longer incorrectly matches mode flag characters against the input. + ## 0.2.5 No user-facing changes. diff --git a/swift/ql/lib/change-notes/2023-08-10-numeric-models.md b/swift/ql/lib/change-notes/2023-08-10-numeric-models.md deleted file mode 100644 index 85812d99c103..000000000000 --- a/swift/ql/lib/change-notes/2023-08-10-numeric-models.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- - -* Added taint models for `Numeric` conversions. diff --git a/swift/ql/lib/change-notes/2023-08-11-dictionary-flow.md b/swift/ql/lib/change-notes/2023-08-11-dictionary-flow.md deleted file mode 100644 index 6496777f9e5e..000000000000 --- a/swift/ql/lib/change-notes/2023-08-11-dictionary-flow.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added flow steps through `Dictionary` keys and values. diff --git a/swift/ql/lib/change-notes/2023-08-16-varargs.md b/swift/ql/lib/change-notes/2023-08-16-varargs.md deleted file mode 100644 index 324c43f3e217..000000000000 --- a/swift/ql/lib/change-notes/2023-08-16-varargs.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- - -* Added flow through variadic arguments, and the `getVaList` function. diff --git a/swift/ql/lib/change-notes/2023-09-12-keypath-writes.md b/swift/ql/lib/change-notes/2023-09-12-keypath-writes.md deleted file mode 100644 index 5d0c97e47e3b..000000000000 --- a/swift/ql/lib/change-notes/2023-09-12-keypath-writes.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- - -* Flow through writes via keypaths is now supported by the data flow library. diff --git a/swift/ql/lib/change-notes/2023-09-12-regex-mode-flag-groups.md b/swift/ql/lib/change-notes/2023-09-12-regex-mode-flag-groups.md deleted file mode 100644 index d13350726a82..000000000000 --- a/swift/ql/lib/change-notes/2023-09-12-regex-mode-flag-groups.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: fix ---- -* The regular expressions library no longer incorrectly matches mode flag characters against the input. diff --git a/swift/ql/lib/change-notes/2023-09-13-array-content-unification.md b/swift/ql/lib/change-notes/2023-09-13-array-content-unification.md deleted file mode 100644 index 4185581839dc..000000000000 --- a/swift/ql/lib/change-notes/2023-09-13-array-content-unification.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: deprecated ---- - -* The `ArrayContent` type in the data flow library has been deprecated and made an alias for the `CollectionContent` type, to better reflect the hierarchy of the Swift standard library. Uses of `ArrayElement` in model files will be interpreted as referring to `CollectionContent`. diff --git a/swift/ql/lib/change-notes/2023-09-14-rename-base-types.md b/swift/ql/lib/change-notes/2023-09-14-rename-base-types.md deleted file mode 100644 index c0f7d24f8e51..000000000000 --- a/swift/ql/lib/change-notes/2023-09-14-rename-base-types.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- - -* Renamed `TypeDecl.getBaseType/1` to `getInheritedType`. diff --git a/swift/ql/lib/change-notes/2023-09-18-get-a-base-type.md b/swift/ql/lib/change-notes/2023-09-18-get-a-base-type.md deleted file mode 100644 index 482b8346b64d..000000000000 --- a/swift/ql/lib/change-notes/2023-09-18-get-a-base-type.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -category: majorAnalysis ---- - -* The predicates `getABaseType`, `getABaseTypeDecl`, `getADerivedType` and `getADerivedTypeDecl` on `Type` and `TypeDecl` now behave more usefully and consistently. They now explore through type aliases used in base class declarations, and include protocols added in extensions. - -To examine base class declarations at a low level without these enhancements, use `TypeDecl.getInheritedType`. - -`Type.getABaseType` (only) previously resolved a type alias it was called directly on. This behaviour no longer exists. To find any base type of a type that could be an alias, the construct `Type.getUnderlyingType().getABaseType*()` is recommended. diff --git a/swift/ql/lib/change-notes/2023-09-26-regex-mode-flags.md b/swift/ql/lib/change-notes/2023-09-26-regex-mode-flags.md deleted file mode 100644 index f55bfe567a6f..000000000000 --- a/swift/ql/lib/change-notes/2023-09-26-regex-mode-flags.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The regular expressions library now accepts a wider range of mode flags in a regular expression mode flag group (such as `(?u)`). The `(?w`) flag has been renamed from "UNICODE" to "UNICODEBOUNDARY", and the `(?u)` flag is called "UNICODE" in the libraries. diff --git a/swift/ql/lib/change-notes/2023-09-27-debugdesc.md b/swift/ql/lib/change-notes/2023-09-27-debugdesc.md deleted file mode 100644 index 41416a921248..000000000000 --- a/swift/ql/lib/change-notes/2023-09-27-debugdesc.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- - -* Modelled `CustomStringConvertible.description` and `CustomDebugStringConvertible.debugDescription`, replacing ad-hoc models of these properties on derived classes. diff --git a/swift/ql/lib/change-notes/2023-09-29-nsstring.md b/swift/ql/lib/change-notes/2023-09-29-nsstring.md deleted file mode 100644 index b1c806532268..000000000000 --- a/swift/ql/lib/change-notes/2023-09-29-nsstring.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- - -* Modelled varargs function in `NSString` more accurately. diff --git a/swift/ql/lib/change-notes/released/0.3.0.md b/swift/ql/lib/change-notes/released/0.3.0.md new file mode 100644 index 000000000000..606afb574dca --- /dev/null +++ b/swift/ql/lib/change-notes/released/0.3.0.md @@ -0,0 +1,28 @@ +## 0.3.0 + +### Deprecated APIs + +* The `ArrayContent` type in the data flow library has been deprecated and made an alias for the `CollectionContent` type, to better reflect the hierarchy of the Swift standard library. Uses of `ArrayElement` in model files will be interpreted as referring to `CollectionContent`. + +### Major Analysis Improvements + +* The predicates `getABaseType`, `getABaseTypeDecl`, `getADerivedType` and `getADerivedTypeDecl` on `Type` and `TypeDecl` now behave more usefully and consistently. They now explore through type aliases used in base class declarations, and include protocols added in extensions. + +To examine base class declarations at a low level without these enhancements, use `TypeDecl.getInheritedType`. + +`Type.getABaseType` (only) previously resolved a type alias it was called directly on. This behaviour no longer exists. To find any base type of a type that could be an alias, the construct `Type.getUnderlyingType().getABaseType*()` is recommended. + +### Minor Analysis Improvements + +* Modelled varargs function in `NSString` more accurately. +* Modelled `CustomStringConvertible.description` and `CustomDebugStringConvertible.debugDescription`, replacing ad-hoc models of these properties on derived classes. +* The regular expressions library now accepts a wider range of mode flags in a regular expression mode flag group (such as `(?u)`). The `(?w`) flag has been renamed from "UNICODE" to "UNICODEBOUNDARY", and the `(?u)` flag is called "UNICODE" in the libraries. +* Renamed `TypeDecl.getBaseType/1` to `getInheritedType`. +* Flow through writes via keypaths is now supported by the data flow library. +* Added flow through variadic arguments, and the `getVaList` function. +* Added flow steps through `Dictionary` keys and values. +* Added taint models for `Numeric` conversions. + +### Bug Fixes + +* The regular expressions library no longer incorrectly matches mode flag characters against the input. diff --git a/swift/ql/lib/codeql-pack.release.yml b/swift/ql/lib/codeql-pack.release.yml index 211454ed3064..95f6e3a0ba6d 100644 --- a/swift/ql/lib/codeql-pack.release.yml +++ b/swift/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.5 +lastReleaseVersion: 0.3.0 diff --git a/swift/ql/lib/qlpack.yml b/swift/ql/lib/qlpack.yml index 22634a946371..b210ae8d5721 100644 --- a/swift/ql/lib/qlpack.yml +++ b/swift/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-all -version: 0.3.0-dev +version: 0.3.0 groups: swift extractor: swift dbscheme: swift.dbscheme diff --git a/swift/ql/src/CHANGELOG.md b/swift/ql/src/CHANGELOG.md index 18a68d6c8757..492dfbf8bb9b 100644 --- a/swift/ql/src/CHANGELOG.md +++ b/swift/ql/src/CHANGELOG.md @@ -1,3 +1,12 @@ +## 0.3.0 + +### Minor Analysis Improvements + +* Adder barriers for numeric type values to the injection-like queries, to reduce false positive results where the user input that can be injected is constrainted to a numerical value. The queries updated by this change are: "Predicate built from user-controlled sources" (`swift/predicate-injection`), "Database query built from user-controlled sources" (`swift/sql-injection`), "Uncontrolled format string" (`swift/uncontrolled-format-string`), "JavaScript Injection" (`swift/unsafe-js-eval`) and "Regular expression injection" (`swift/regex-injection`). +* Added additional taint steps to the `swift/cleartext-transmission`, `swift/cleartext-logging` and `swift/cleartext-storage-preferences` queries to identify data within sensitive containers. This is similar to an existing additional taint step in the `swift/cleartext-storage-database` query. +* Added new logging sinks to the `swift/cleartext-logging` query. +* Added sqlite3 and SQLite.swift path injection sinks for the `swift/path-injection` query. + ## 0.2.5 No user-facing changes. diff --git a/swift/ql/src/change-notes/2023-05-23-path-injection-sinks.md b/swift/ql/src/change-notes/2023-05-23-path-injection-sinks.md deleted file mode 100644 index 609041d2e757..000000000000 --- a/swift/ql/src/change-notes/2023-05-23-path-injection-sinks.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added sqlite3 and SQLite.swift path injection sinks for the `swift/path-injection` query. \ No newline at end of file diff --git a/swift/ql/src/change-notes/2023-08-16-cleartext-logging.md b/swift/ql/src/change-notes/2023-08-16-cleartext-logging.md deleted file mode 100644 index 4462b378dd4b..000000000000 --- a/swift/ql/src/change-notes/2023-08-16-cleartext-logging.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- - -* Added new logging sinks to the `swift/cleartext-logging` query. diff --git a/swift/ql/src/change-notes/2023-09-12-cleartext.md b/swift/ql/src/change-notes/2023-09-12-cleartext.md deleted file mode 100644 index 312ab00ca0b8..000000000000 --- a/swift/ql/src/change-notes/2023-09-12-cleartext.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- - -* Added additional taint steps to the `swift/cleartext-transmission`, `swift/cleartext-logging` and `swift/cleartext-storage-preferences` queries to identify data within sensitive containers. This is similar to an existing additional taint step in the `swift/cleartext-storage-database` query. diff --git a/swift/ql/src/change-notes/2023-09-19-numeric-barriers.md b/swift/ql/src/change-notes/released/0.3.0.md similarity index 52% rename from swift/ql/src/change-notes/2023-09-19-numeric-barriers.md rename to swift/ql/src/change-notes/released/0.3.0.md index 0fd9989afe13..cf67625e164a 100644 --- a/swift/ql/src/change-notes/2023-09-19-numeric-barriers.md +++ b/swift/ql/src/change-notes/released/0.3.0.md @@ -1,4 +1,8 @@ ---- -category: minorAnalysis ---- +## 0.3.0 + +### Minor Analysis Improvements + * Adder barriers for numeric type values to the injection-like queries, to reduce false positive results where the user input that can be injected is constrainted to a numerical value. The queries updated by this change are: "Predicate built from user-controlled sources" (`swift/predicate-injection`), "Database query built from user-controlled sources" (`swift/sql-injection`), "Uncontrolled format string" (`swift/uncontrolled-format-string`), "JavaScript Injection" (`swift/unsafe-js-eval`) and "Regular expression injection" (`swift/regex-injection`). +* Added additional taint steps to the `swift/cleartext-transmission`, `swift/cleartext-logging` and `swift/cleartext-storage-preferences` queries to identify data within sensitive containers. This is similar to an existing additional taint step in the `swift/cleartext-storage-database` query. +* Added new logging sinks to the `swift/cleartext-logging` query. +* Added sqlite3 and SQLite.swift path injection sinks for the `swift/path-injection` query. diff --git a/swift/ql/src/codeql-pack.release.yml b/swift/ql/src/codeql-pack.release.yml index 211454ed3064..95f6e3a0ba6d 100644 --- a/swift/ql/src/codeql-pack.release.yml +++ b/swift/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.5 +lastReleaseVersion: 0.3.0 diff --git a/swift/ql/src/qlpack.yml b/swift/ql/src/qlpack.yml index 6649542b2c59..7f499e58f431 100644 --- a/swift/ql/src/qlpack.yml +++ b/swift/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-queries -version: 0.3.0-dev +version: 0.3.0 groups: - swift - queries