Skip to content

Commit

Permalink
Merge pull request #17176 from github/release-prep/2.18.2
Browse files Browse the repository at this point in the history
Release preparation for version 2.18.2
  • Loading branch information
alexet authored Aug 7, 2024
2 parents eea9df8 + 019da8c commit a1b3ea5
Show file tree
Hide file tree
Showing 163 changed files with 425 additions and 180 deletions.
15 changes: 15 additions & 0 deletions cpp/ql/lib/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,18 @@
## 1.4.0

### New Features

* A `getTemplateClass` predicate was added to the `DeductionGuide` class to get the class template for which the deduction guide is a guide.
* An `isExplicit` predicate was added to the `Function` class that determines whether the function was declared as explicit.
* A `getExplicitExpr` predicate was added to the `Function` class that yields the constant boolean expression (if any) that conditionally determines whether the function is explicit.
* A `isDestroyingDeleteDeallocation` predicate was added to the `NewOrNewArrayExpr` and `DeleteOrDeleteArrayExpr` classes to indicate whether the deallocation function is a destroying delete.

### Minor Analysis Improvements

* The controlling expression of a `constexpr if` is now always recognized as an unevaluated expression.
* Improved performance of alias analysis of large function bodies. In rare cases, alerts that depend on alias analysis of large function bodies may be affected.
* A `UsingEnumDeclarationEntry` class has been added for C++ `using enum` declarations. As part of this, synthesized `UsingDeclarationEntry`s are no longer emitted for individual enumerators of the referenced enumeration.

## 1.3.0

### New Features
Expand Down
4 changes: 0 additions & 4 deletions cpp/ql/lib/change-notes/2024-07-23-destroying-delete.md

This file was deleted.

4 changes: 0 additions & 4 deletions cpp/ql/lib/change-notes/2024-07-23-using-enum-declaration.md

This file was deleted.

4 changes: 0 additions & 4 deletions cpp/ql/lib/change-notes/2024-07-25-alias-analysis-perf.md

This file was deleted.

4 changes: 0 additions & 4 deletions cpp/ql/lib/change-notes/2024-07-31-constexpr-if.md

This file was deleted.

4 changes: 0 additions & 4 deletions cpp/ql/lib/change-notes/2024-08-01-deduction-guide.md

This file was deleted.

5 changes: 0 additions & 5 deletions cpp/ql/lib/change-notes/2024-08-01-explicit-bool.md

This file was deleted.

14 changes: 14 additions & 0 deletions cpp/ql/lib/change-notes/released/1.4.0.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
## 1.4.0

### New Features

* A `getTemplateClass` predicate was added to the `DeductionGuide` class to get the class template for which the deduction guide is a guide.
* An `isExplicit` predicate was added to the `Function` class that determines whether the function was declared as explicit.
* A `getExplicitExpr` predicate was added to the `Function` class that yields the constant boolean expression (if any) that conditionally determines whether the function is explicit.
* A `isDestroyingDeleteDeallocation` predicate was added to the `NewOrNewArrayExpr` and `DeleteOrDeleteArrayExpr` classes to indicate whether the deallocation function is a destroying delete.

### Minor Analysis Improvements

* The controlling expression of a `constexpr if` is now always recognized as an unevaluated expression.
* Improved performance of alias analysis of large function bodies. In rare cases, alerts that depend on alias analysis of large function bodies may be affected.
* A `UsingEnumDeclarationEntry` class has been added for C++ `using enum` declarations. As part of this, synthesized `UsingDeclarationEntry`s are no longer emitted for individual enumerators of the referenced enumeration.
2 changes: 1 addition & 1 deletion cpp/ql/lib/codeql-pack.release.yml
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.3.0
lastReleaseVersion: 1.4.0
2 changes: 1 addition & 1 deletion cpp/ql/lib/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/cpp-all
version: 1.3.1-dev
version: 1.4.0
groups: cpp
dbscheme: semmlecode.cpp.dbscheme
extractor: cpp
Expand Down
13 changes: 13 additions & 0 deletions cpp/ql/src/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,16 @@
## 1.2.0

### Query Metadata Changes

* The precision of `cpp/unsigned-difference-expression-compared-zero` ("Unsigned difference expression compared to zero") has been increased to `high`. As a result, it will be run by default as part of the Code Scanning suite.

### Minor Analysis Improvements

* Fixed false positives in the `cpp/memory-may-not-be-freed` ("Memory may not be freed") query involving class methods that returned an allocated field of that class being misidentified as allocators.
* The `cpp/incorrectly-checked-scanf` ("Incorrect return-value check for a 'scanf'-like function") query now produces fewer false positive results.
* The `cpp/incorrect-allocation-error-handling` ("Incorrect allocation-error handling") query no longer produces occasional false positive results inside template instantiations.
* The `cpp/suspicious-allocation-size` ("Not enough memory allocated for array of pointer type") query no longer produces false positives on "variable size" `struct`s.

## 1.1.0

### Query Metadata Changes
Expand Down

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

4 changes: 0 additions & 4 deletions cpp/ql/src/change-notes/2024-07-31-memory-may-not-be-freed.md

This file was deleted.

12 changes: 12 additions & 0 deletions cpp/ql/src/change-notes/released/1.2.0.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
## 1.2.0

### Query Metadata Changes

* The precision of `cpp/unsigned-difference-expression-compared-zero` ("Unsigned difference expression compared to zero") has been increased to `high`. As a result, it will be run by default as part of the Code Scanning suite.

### Minor Analysis Improvements

* Fixed false positives in the `cpp/memory-may-not-be-freed` ("Memory may not be freed") query involving class methods that returned an allocated field of that class being misidentified as allocators.
* The `cpp/incorrectly-checked-scanf` ("Incorrect return-value check for a 'scanf'-like function") query now produces fewer false positive results.
* The `cpp/incorrect-allocation-error-handling` ("Incorrect allocation-error handling") query no longer produces occasional false positive results inside template instantiations.
* The `cpp/suspicious-allocation-size` ("Not enough memory allocated for array of pointer type") query no longer produces false positives on "variable size" `struct`s.
2 changes: 1 addition & 1 deletion cpp/ql/src/codeql-pack.release.yml
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.1.0
lastReleaseVersion: 1.2.0
2 changes: 1 addition & 1 deletion cpp/ql/src/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/cpp-queries
version: 1.1.1-dev
version: 1.2.0
groups:
- cpp
- queries
Expand Down
4 changes: 4 additions & 0 deletions csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
## 1.7.22

No user-facing changes.

## 1.7.21

No user-facing changes.
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
## 1.7.22

No user-facing changes.
2 changes: 1 addition & 1 deletion csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.7.21
lastReleaseVersion: 1.7.22
2 changes: 1 addition & 1 deletion csharp/ql/campaigns/Solorigate/lib/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/csharp-solorigate-all
version: 1.7.22-dev
version: 1.7.22
groups:
- csharp
- solorigate
Expand Down
4 changes: 4 additions & 0 deletions csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
## 1.7.22

No user-facing changes.

## 1.7.21

No user-facing changes.
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
## 1.7.22

No user-facing changes.
2 changes: 1 addition & 1 deletion csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.7.21
lastReleaseVersion: 1.7.22
2 changes: 1 addition & 1 deletion csharp/ql/campaigns/Solorigate/src/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/csharp-solorigate-queries
version: 1.7.22-dev
version: 1.7.22
groups:
- csharp
- solorigate
Expand Down
4 changes: 4 additions & 0 deletions csharp/ql/lib/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
## 1.0.5

No user-facing changes.

## 1.0.4

No user-facing changes.
Expand Down
3 changes: 3 additions & 0 deletions csharp/ql/lib/change-notes/released/1.0.5.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
## 1.0.5

No user-facing changes.
2 changes: 1 addition & 1 deletion csharp/ql/lib/codeql-pack.release.yml
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.0.4
lastReleaseVersion: 1.0.5
2 changes: 1 addition & 1 deletion csharp/ql/lib/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/csharp-all
version: 1.0.5-dev
version: 1.0.5
groups: csharp
dbscheme: semmlecode.csharp.dbscheme
extractor: csharp
Expand Down
4 changes: 4 additions & 0 deletions csharp/ql/src/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
## 1.0.5

No user-facing changes.

## 1.0.4

No user-facing changes.
Expand Down
3 changes: 3 additions & 0 deletions csharp/ql/src/change-notes/released/1.0.5.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
## 1.0.5

No user-facing changes.
2 changes: 1 addition & 1 deletion csharp/ql/src/codeql-pack.release.yml
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.0.4
lastReleaseVersion: 1.0.5
2 changes: 1 addition & 1 deletion csharp/ql/src/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/csharp-queries
version: 1.0.5-dev
version: 1.0.5
groups:
- csharp
- queries
Expand Down
4 changes: 4 additions & 0 deletions go/ql/consistency-queries/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
## 1.0.5

No user-facing changes.

## 1.0.4

No user-facing changes.
Expand Down
3 changes: 3 additions & 0 deletions go/ql/consistency-queries/change-notes/released/1.0.5.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
## 1.0.5

No user-facing changes.
2 changes: 1 addition & 1 deletion go/ql/consistency-queries/codeql-pack.release.yml
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.0.4
lastReleaseVersion: 1.0.5
2 changes: 1 addition & 1 deletion go/ql/consistency-queries/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql-go-consistency-queries
version: 1.0.5-dev
version: 1.0.5
groups:
- go
- queries
Expand Down
4 changes: 4 additions & 0 deletions go/ql/lib/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
## 1.1.4

No user-facing changes.

## 1.1.3

### Minor Analysis Improvements
Expand Down
3 changes: 3 additions & 0 deletions go/ql/lib/change-notes/released/1.1.4.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
## 1.1.4

No user-facing changes.
2 changes: 1 addition & 1 deletion go/ql/lib/codeql-pack.release.yml
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.1.3
lastReleaseVersion: 1.1.4
2 changes: 1 addition & 1 deletion go/ql/lib/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/go-all
version: 1.1.4-dev
version: 1.1.4
groups: go
dbscheme: go.dbscheme
extractor: go
Expand Down
4 changes: 4 additions & 0 deletions go/ql/src/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
## 1.0.5

No user-facing changes.

## 1.0.4

No user-facing changes.
Expand Down
3 changes: 3 additions & 0 deletions go/ql/src/change-notes/released/1.0.5.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
## 1.0.5

No user-facing changes.
2 changes: 1 addition & 1 deletion go/ql/src/codeql-pack.release.yml
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.0.4
lastReleaseVersion: 1.0.5
2 changes: 1 addition & 1 deletion go/ql/src/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/go-queries
version: 1.0.5-dev
version: 1.0.5
groups:
- go
- queries
Expand Down
4 changes: 4 additions & 0 deletions java/ql/automodel/src/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
## 1.0.5

No user-facing changes.

## 1.0.4

No user-facing changes.
Expand Down
3 changes: 3 additions & 0 deletions java/ql/automodel/src/change-notes/released/1.0.5.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
## 1.0.5

No user-facing changes.
2 changes: 1 addition & 1 deletion java/ql/automodel/src/codeql-pack.release.yml
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.0.4
lastReleaseVersion: 1.0.5
2 changes: 1 addition & 1 deletion java/ql/automodel/src/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/java-automodel-queries
version: 1.0.5-dev
version: 1.0.5
groups:
- java
- automodel
Expand Down
20 changes: 20 additions & 0 deletions java/ql/lib/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,23 @@
## 3.0.0

### Breaking Changes

* The Java and Kotlin extractors no longer support the `SOURCE_ARCHIVE` and `TRAP_FOLDER` legacy environment variable.

### New Features

* Java support for `build-mode: none` is now out of beta, and generally available.

### Major Analysis Improvements

* We previously considered reverse DNS resolutions (IP address -> domain name) as sources of untrusted data, since compromised/malicious DNS servers could potentially return malicious responses to arbitrary requests. We have now removed this source from the default set of untrusted sources and made a new threat model kind for them, called "reverse-dns". You can optionally include other threat models as appropriate when using the CodeQL CLI and in GitHub code scanning. For more information, see [Analyzing your code with CodeQL queries](https://docs.github.com/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries#including-model-packs-to-add-potential-sources-of-tainted-data>) and [Customizing your advanced setup for code scanning](https://docs.github.com/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#extending-codeql-coverage-with-threat-models).

### Minor Analysis Improvements

* Added flow through some methods of the class `java.net.URL` by ensuring that the fields of a URL are tainted.
* Added path-injection sinks for `org.apache.tools.ant.taskdefs.Property.setFile` and `org.apache.tools.ant.taskdefs.Property.setResource`.
* Adds models for request handlers using the `org.lastaflute.web` web framework.

## 2.0.0

### Breaking Changes
Expand Down

This file was deleted.

This file was deleted.

This file was deleted.

4 changes: 0 additions & 4 deletions java/ql/lib/change-notes/2024-07-25-env-vars.md

This file was deleted.

4 changes: 0 additions & 4 deletions java/ql/lib/change-notes/2024-08-02-buildless-ga.md

This file was deleted.

Original file line number Diff line number Diff line change
@@ -1,4 +1,19 @@
---
category: majorAnalysis
---
## 3.0.0

### Breaking Changes

* The Java and Kotlin extractors no longer support the `SOURCE_ARCHIVE` and `TRAP_FOLDER` legacy environment variable.

### New Features

* Java support for `build-mode: none` is now out of beta, and generally available.

### Major Analysis Improvements

* We previously considered reverse DNS resolutions (IP address -> domain name) as sources of untrusted data, since compromised/malicious DNS servers could potentially return malicious responses to arbitrary requests. We have now removed this source from the default set of untrusted sources and made a new threat model kind for them, called "reverse-dns". You can optionally include other threat models as appropriate when using the CodeQL CLI and in GitHub code scanning. For more information, see [Analyzing your code with CodeQL queries](https://docs.github.com/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries#including-model-packs-to-add-potential-sources-of-tainted-data>) and [Customizing your advanced setup for code scanning](https://docs.github.com/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#extending-codeql-coverage-with-threat-models).

### Minor Analysis Improvements

* Added flow through some methods of the class `java.net.URL` by ensuring that the fields of a URL are tainted.
* Added path-injection sinks for `org.apache.tools.ant.taskdefs.Property.setFile` and `org.apache.tools.ant.taskdefs.Property.setResource`.
* Adds models for request handlers using the `org.lastaflute.web` web framework.
Loading

0 comments on commit a1b3ea5

Please sign in to comment.