From 572c773345314f4d4de6b80ea975f6d4e4838590 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Tue, 6 Aug 2024 13:13:39 +0100 Subject: [PATCH 01/12] Change provenance for MaD models that use package grouping --- go/ql/lib/semmle/go/dataflow/ExternalFlow.qll | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/go/ql/lib/semmle/go/dataflow/ExternalFlow.qll b/go/ql/lib/semmle/go/dataflow/ExternalFlow.qll index 94b5dd708b2c..0c346b3f9e09 100644 --- a/go/ql/lib/semmle/go/dataflow/ExternalFlow.qll +++ b/go/ql/lib/semmle/go/dataflow/ExternalFlow.qll @@ -183,7 +183,8 @@ predicate interpretModelForTest(QlBuiltins::ExtensionId madId, string model) { string package, string type, boolean subtypes, string name, string signature, string ext, string output, string kind, string provenance | - sourceModel(package, type, subtypes, name, signature, ext, output, kind, provenance, madId) and + FlowExtensions::sourceModel(package, type, subtypes, name, signature, ext, output, kind, + provenance, madId) and model = "Source: " + package + "; " + type + "; " + subtypes + "; " + name + "; " + signature + "; " + ext + "; " + output + "; " + kind + "; " + provenance @@ -193,7 +194,8 @@ predicate interpretModelForTest(QlBuiltins::ExtensionId madId, string model) { string package, string type, boolean subtypes, string name, string signature, string ext, string input, string kind, string provenance | - sinkModel(package, type, subtypes, name, signature, ext, input, kind, provenance, madId) and + FlowExtensions::sinkModel(package, type, subtypes, name, signature, ext, input, kind, + provenance, madId) and model = "Sink: " + package + "; " + type + "; " + subtypes + "; " + name + "; " + signature + "; " + ext + "; " + input + "; " + kind + "; " + provenance @@ -203,8 +205,8 @@ predicate interpretModelForTest(QlBuiltins::ExtensionId madId, string model) { string package, string type, boolean subtypes, string name, string signature, string ext, string input, string output, string kind, string provenance | - summaryModel(package, type, subtypes, name, signature, ext, input, output, kind, provenance, - madId) and + FlowExtensions::summaryModel(package, type, subtypes, name, signature, ext, input, output, kind, + provenance, madId) and model = "Summary: " + package + "; " + type + "; " + subtypes + "; " + name + "; " + signature + "; " + ext + "; " + input + "; " + output + "; " + kind + "; " + provenance From c14ba0e4bd22af76940ad9e27373e9975a3e36c3 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Tue, 6 Aug 2024 12:46:15 +0000 Subject: [PATCH 02/12] Release preparation for version 2.18.2 --- cpp/ql/lib/CHANGELOG.md | 15 +++++++++++++ .../2024-07-23-destroying-delete.md | 4 ---- .../2024-07-23-using-enum-declaration.md | 4 ---- .../2024-07-25-alias-analysis-perf.md | 4 ---- .../change-notes/2024-07-31-constexpr-if.md | 4 ---- .../2024-08-01-deduction-guide.md | 4 ---- .../change-notes/2024-08-01-explicit-bool.md | 5 ----- cpp/ql/lib/change-notes/released/1.4.0.md | 14 +++++++++++++ cpp/ql/lib/codeql-pack.release.yml | 2 +- cpp/ql/lib/qlpack.yml | 2 +- cpp/ql/src/CHANGELOG.md | 13 ++++++++++++ ...fference-expression-compared-zero-query.md | 4 ---- ...-22-incorrect-allocation-error-handling.md | 4 ---- .../2024-07-22-suspicious-allocation-size.md | 4 ---- .../2024-07-23-incorrectly-checked-scanf.md | 4 ---- .../2024-07-31-memory-may-not-be-freed.md | 4 ---- cpp/ql/src/change-notes/released/1.2.0.md | 12 +++++++++++ cpp/ql/src/codeql-pack.release.yml | 2 +- cpp/ql/src/qlpack.yml | 2 +- .../ql/campaigns/Solorigate/lib/CHANGELOG.md | 4 ++++ .../lib/change-notes/released/1.7.22.md | 3 +++ .../Solorigate/lib/codeql-pack.release.yml | 2 +- csharp/ql/campaigns/Solorigate/lib/qlpack.yml | 2 +- .../ql/campaigns/Solorigate/src/CHANGELOG.md | 4 ++++ .../src/change-notes/released/1.7.22.md | 3 +++ .../Solorigate/src/codeql-pack.release.yml | 2 +- csharp/ql/campaigns/Solorigate/src/qlpack.yml | 2 +- csharp/ql/lib/CHANGELOG.md | 4 ++++ csharp/ql/lib/change-notes/released/1.0.5.md | 3 +++ csharp/ql/lib/codeql-pack.release.yml | 2 +- csharp/ql/lib/qlpack.yml | 2 +- csharp/ql/src/CHANGELOG.md | 4 ++++ csharp/ql/src/change-notes/released/1.0.5.md | 3 +++ csharp/ql/src/codeql-pack.release.yml | 2 +- csharp/ql/src/qlpack.yml | 2 +- go/ql/consistency-queries/CHANGELOG.md | 4 ++++ .../change-notes/released/1.0.5.md | 3 +++ .../codeql-pack.release.yml | 2 +- go/ql/consistency-queries/qlpack.yml | 2 +- go/ql/lib/CHANGELOG.md | 4 ++++ go/ql/lib/change-notes/released/1.1.4.md | 3 +++ go/ql/lib/codeql-pack.release.yml | 2 +- go/ql/lib/qlpack.yml | 2 +- go/ql/src/CHANGELOG.md | 4 ++++ go/ql/src/change-notes/released/1.0.5.md | 3 +++ go/ql/src/codeql-pack.release.yml | 2 +- go/ql/src/qlpack.yml | 2 +- java/ql/automodel/src/CHANGELOG.md | 4 ++++ .../src/change-notes/released/1.0.5.md | 3 +++ java/ql/automodel/src/codeql-pack.release.yml | 2 +- java/ql/automodel/src/qlpack.yml | 2 +- java/ql/lib/CHANGELOG.md | 20 ++++++++++++++++++ ...add-models-for-the-lastaflute-framework.md | 4 ---- .../2024-07-19-apache-ant-property-sinks.md | 4 ---- .../2024-07-24-url-fields-inherit-taint.md | 4 ---- .../lib/change-notes/2024-07-25-env-vars.md | 4 ---- .../change-notes/2024-08-02-buildless-ga.md | 4 ---- .../3.0.0.md} | 21 ++++++++++++++++--- java/ql/lib/codeql-pack.release.yml | 2 +- java/ql/lib/qlpack.yml | 2 +- java/ql/src/CHANGELOG.md | 11 +++++++++- ...2024-07-23-java-sensitivelogging-source.md | 4 ---- .../2024-07-25-java-error-message-exposure.md | 4 ---- ...07-30-sensitive-log-whitelist-tokenizer.md | 4 ---- java/ql/src/change-notes/2024-07-30-unused.md | 4 ---- java/ql/src/change-notes/released/1.1.2.md | 8 +++++++ java/ql/src/codeql-pack.release.yml | 2 +- java/ql/src/qlpack.yml | 2 +- javascript/ql/lib/CHANGELOG.md | 4 ++++ .../ql/lib/change-notes/released/1.1.2.md | 3 +++ javascript/ql/lib/codeql-pack.release.yml | 2 +- javascript/ql/lib/qlpack.yml | 2 +- javascript/ql/src/CHANGELOG.md | 4 ++++ .../ql/src/change-notes/released/1.1.1.md | 3 +++ javascript/ql/src/codeql-pack.release.yml | 2 +- javascript/ql/src/qlpack.yml | 2 +- misc/suite-helpers/CHANGELOG.md | 4 ++++ .../change-notes/released/1.0.5.md | 3 +++ misc/suite-helpers/codeql-pack.release.yml | 2 +- misc/suite-helpers/qlpack.yml | 2 +- python/ql/lib/CHANGELOG.md | 6 ++++++ .../1.0.5.md} | 7 ++++--- python/ql/lib/codeql-pack.release.yml | 2 +- python/ql/lib/qlpack.yml | 2 +- python/ql/src/CHANGELOG.md | 10 +++++++++ .../2024-07-26-streamlit-models.md | 4 ---- .../1.1.0.md} | 13 ++++++++---- python/ql/src/codeql-pack.release.yml | 2 +- python/ql/src/qlpack.yml | 2 +- ruby/ql/lib/CHANGELOG.md | 4 ++++ ruby/ql/lib/change-notes/released/1.0.5.md | 3 +++ ruby/ql/lib/codeql-pack.release.yml | 2 +- ruby/ql/lib/qlpack.yml | 2 +- ruby/ql/src/CHANGELOG.md | 6 ++++++ .../1.1.0.md} | 7 ++++--- ruby/ql/src/codeql-pack.release.yml | 2 +- ruby/ql/src/qlpack.yml | 2 +- shared/controlflow/CHANGELOG.md | 4 ++++ .../change-notes/released/1.0.5.md | 3 +++ shared/controlflow/codeql-pack.release.yml | 2 +- shared/controlflow/qlpack.yml | 2 +- shared/dataflow/CHANGELOG.md | 4 ++++ .../dataflow/change-notes/released/1.0.5.md | 3 +++ shared/dataflow/codeql-pack.release.yml | 2 +- shared/dataflow/qlpack.yml | 2 +- shared/mad/CHANGELOG.md | 4 ++++ shared/mad/change-notes/released/1.0.5.md | 3 +++ shared/mad/codeql-pack.release.yml | 2 +- shared/mad/qlpack.yml | 2 +- shared/rangeanalysis/CHANGELOG.md | 4 ++++ .../change-notes/released/1.0.5.md | 3 +++ shared/rangeanalysis/codeql-pack.release.yml | 2 +- shared/rangeanalysis/qlpack.yml | 2 +- shared/regex/CHANGELOG.md | 4 ++++ shared/regex/change-notes/released/1.0.5.md | 3 +++ shared/regex/codeql-pack.release.yml | 2 +- shared/regex/qlpack.yml | 2 +- shared/ssa/CHANGELOG.md | 4 ++++ shared/ssa/change-notes/released/1.0.5.md | 3 +++ shared/ssa/codeql-pack.release.yml | 2 +- shared/ssa/qlpack.yml | 2 +- shared/threat-models/CHANGELOG.md | 4 ++++ .../change-notes/released/1.0.5.md | 3 +++ shared/threat-models/codeql-pack.release.yml | 2 +- shared/threat-models/qlpack.yml | 2 +- shared/tutorial/CHANGELOG.md | 4 ++++ .../tutorial/change-notes/released/1.0.5.md | 3 +++ shared/tutorial/codeql-pack.release.yml | 2 +- shared/tutorial/qlpack.yml | 2 +- shared/typeflow/CHANGELOG.md | 4 ++++ .../typeflow/change-notes/released/1.0.5.md | 3 +++ shared/typeflow/codeql-pack.release.yml | 2 +- shared/typeflow/qlpack.yml | 2 +- shared/typetracking/CHANGELOG.md | 4 ++++ .../change-notes/released/1.0.5.md | 3 +++ shared/typetracking/codeql-pack.release.yml | 2 +- shared/typetracking/qlpack.yml | 2 +- shared/typos/CHANGELOG.md | 4 ++++ shared/typos/change-notes/released/1.0.5.md | 3 +++ shared/typos/codeql-pack.release.yml | 2 +- shared/typos/qlpack.yml | 2 +- shared/util/CHANGELOG.md | 4 ++++ shared/util/change-notes/released/1.0.5.md | 3 +++ shared/util/codeql-pack.release.yml | 2 +- shared/util/qlpack.yml | 2 +- shared/xml/CHANGELOG.md | 4 ++++ shared/xml/change-notes/released/1.0.5.md | 3 +++ shared/xml/codeql-pack.release.yml | 2 +- shared/xml/qlpack.yml | 2 +- shared/yaml/CHANGELOG.md | 4 ++++ shared/yaml/change-notes/released/1.0.5.md | 3 +++ shared/yaml/codeql-pack.release.yml | 2 +- shared/yaml/qlpack.yml | 2 +- swift/ql/lib/CHANGELOG.md | 7 +++++++ .../lib/change-notes/2024-07-24-url-model.md | 4 ---- .../2024-08-01-filemanager-model.md | 4 ---- swift/ql/lib/change-notes/released/1.1.1.md | 6 ++++++ swift/ql/lib/codeql-pack.release.yml | 2 +- swift/ql/lib/qlpack.yml | 2 +- swift/ql/src/CHANGELOG.md | 7 +++++++ .../1.0.5.md} | 7 ++++--- swift/ql/src/codeql-pack.release.yml | 2 +- swift/ql/src/qlpack.yml | 2 +- 163 files changed, 425 insertions(+), 180 deletions(-) delete mode 100644 cpp/ql/lib/change-notes/2024-07-23-destroying-delete.md delete mode 100644 cpp/ql/lib/change-notes/2024-07-23-using-enum-declaration.md delete mode 100644 cpp/ql/lib/change-notes/2024-07-25-alias-analysis-perf.md delete mode 100644 cpp/ql/lib/change-notes/2024-07-31-constexpr-if.md delete mode 100644 cpp/ql/lib/change-notes/2024-08-01-deduction-guide.md delete mode 100644 cpp/ql/lib/change-notes/2024-08-01-explicit-bool.md create mode 100644 cpp/ql/lib/change-notes/released/1.4.0.md delete mode 100644 cpp/ql/src/change-notes/2024-07-11-unsigned-difference-expression-compared-zero-query.md delete mode 100644 cpp/ql/src/change-notes/2024-07-22-incorrect-allocation-error-handling.md delete mode 100644 cpp/ql/src/change-notes/2024-07-22-suspicious-allocation-size.md delete mode 100644 cpp/ql/src/change-notes/2024-07-23-incorrectly-checked-scanf.md delete mode 100644 cpp/ql/src/change-notes/2024-07-31-memory-may-not-be-freed.md create mode 100644 cpp/ql/src/change-notes/released/1.2.0.md create mode 100644 csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.22.md create mode 100644 csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.22.md create mode 100644 csharp/ql/lib/change-notes/released/1.0.5.md create mode 100644 csharp/ql/src/change-notes/released/1.0.5.md create mode 100644 go/ql/consistency-queries/change-notes/released/1.0.5.md create mode 100644 go/ql/lib/change-notes/released/1.1.4.md create mode 100644 go/ql/src/change-notes/released/1.0.5.md create mode 100644 java/ql/automodel/src/change-notes/released/1.0.5.md delete mode 100644 java/ql/lib/change-notes/2024-07-16-add-models-for-the-lastaflute-framework.md delete mode 100644 java/ql/lib/change-notes/2024-07-19-apache-ant-property-sinks.md delete mode 100644 java/ql/lib/change-notes/2024-07-24-url-fields-inherit-taint.md delete mode 100644 java/ql/lib/change-notes/2024-07-25-env-vars.md delete mode 100644 java/ql/lib/change-notes/2024-08-02-buildless-ga.md rename java/ql/lib/change-notes/{2024-06-14-reverse-dns-separate-threat-model-kind.md => released/3.0.0.md} (60%) delete mode 100644 java/ql/src/change-notes/2024-07-23-java-sensitivelogging-source.md delete mode 100644 java/ql/src/change-notes/2024-07-25-java-error-message-exposure.md delete mode 100644 java/ql/src/change-notes/2024-07-30-sensitive-log-whitelist-tokenizer.md delete mode 100644 java/ql/src/change-notes/2024-07-30-unused.md create mode 100644 java/ql/src/change-notes/released/1.1.2.md create mode 100644 javascript/ql/lib/change-notes/released/1.1.2.md create mode 100644 javascript/ql/src/change-notes/released/1.1.1.md create mode 100644 misc/suite-helpers/change-notes/released/1.0.5.md rename python/ql/lib/change-notes/{2024-07-12-mad-dict-sources.md => released/1.0.5.md} (83%) delete mode 100644 python/ql/src/change-notes/2024-07-26-streamlit-models.md rename python/ql/src/change-notes/{2024-07-19-cookie-injection.md => released/1.1.0.md} (59%) create mode 100644 ruby/ql/lib/change-notes/released/1.0.5.md rename ruby/ql/src/change-notes/{2024-06-18-weak-sensitive-data-hashing-query.md => released/1.1.0.md} (84%) create mode 100644 shared/controlflow/change-notes/released/1.0.5.md create mode 100644 shared/dataflow/change-notes/released/1.0.5.md create mode 100644 shared/mad/change-notes/released/1.0.5.md create mode 100644 shared/rangeanalysis/change-notes/released/1.0.5.md create mode 100644 shared/regex/change-notes/released/1.0.5.md create mode 100644 shared/ssa/change-notes/released/1.0.5.md create mode 100644 shared/threat-models/change-notes/released/1.0.5.md create mode 100644 shared/tutorial/change-notes/released/1.0.5.md create mode 100644 shared/typeflow/change-notes/released/1.0.5.md create mode 100644 shared/typetracking/change-notes/released/1.0.5.md create mode 100644 shared/typos/change-notes/released/1.0.5.md create mode 100644 shared/util/change-notes/released/1.0.5.md create mode 100644 shared/xml/change-notes/released/1.0.5.md create mode 100644 shared/yaml/change-notes/released/1.0.5.md delete mode 100644 swift/ql/lib/change-notes/2024-07-24-url-model.md delete mode 100644 swift/ql/lib/change-notes/2024-08-01-filemanager-model.md create mode 100644 swift/ql/lib/change-notes/released/1.1.1.md rename swift/ql/src/change-notes/{2024-08-01-constant-salt.md => released/1.0.5.md} (88%) diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md index 9f01040830c1..646199bb39c8 100644 --- a/cpp/ql/lib/CHANGELOG.md +++ b/cpp/ql/lib/CHANGELOG.md @@ -1,3 +1,18 @@ +## 1.4.0 + +### New Features + +* A `getTemplateClass` predicate was added to the `DeductionGuide` class to get the class template for which the deduction guide is a guide. +* An `isExplicit` predicate was added to the `Function` class that determines whether the function was declared as explicit. +* A `getExplicitExpr` predicate was added to the `Function` class that yields the constant boolean expression (if any) that conditionally determines whether the function is explicit. +* A `isDestroyingDeleteDeallocation` predicate was added to the `NewOrNewArrayExpr` and `DeleteOrDeleteArrayExpr` classes to indicate whether the deallocation function is a destroying delete. + +### Minor Analysis Improvements + +* The controlling expression of a `constexpr if` is now always recognized as an unevaluated expression. +* Improved performance of alias analysis of large function bodies. In rare cases, alerts that depend on alias analysis of large function bodies may be affected. +* A `UsingEnumDeclarationEntry` class has been added for C++ `using enum` declarations. As part of this, synthesized `UsingDeclarationEntry`s are no longer emitted for individual enumerators of the referenced enumeration. + ## 1.3.0 ### New Features diff --git a/cpp/ql/lib/change-notes/2024-07-23-destroying-delete.md b/cpp/ql/lib/change-notes/2024-07-23-destroying-delete.md deleted file mode 100644 index eb2a69f5bac6..000000000000 --- a/cpp/ql/lib/change-notes/2024-07-23-destroying-delete.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* A `isDestroyingDeleteDeallocation` predicate was added to the `NewOrNewArrayExpr` and `DeleteOrDeleteArrayExpr` classes to indicate whether the deallocation function is a destroying delete. diff --git a/cpp/ql/lib/change-notes/2024-07-23-using-enum-declaration.md b/cpp/ql/lib/change-notes/2024-07-23-using-enum-declaration.md deleted file mode 100644 index cf85b3cef4e8..000000000000 --- a/cpp/ql/lib/change-notes/2024-07-23-using-enum-declaration.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* A `UsingEnumDeclarationEntry` class has been added for C++ `using enum` declarations. As part of this, synthesized `UsingDeclarationEntry`s are no longer emitted for individual enumerators of the referenced enumeration. diff --git a/cpp/ql/lib/change-notes/2024-07-25-alias-analysis-perf.md b/cpp/ql/lib/change-notes/2024-07-25-alias-analysis-perf.md deleted file mode 100644 index 585e824e6f19..000000000000 --- a/cpp/ql/lib/change-notes/2024-07-25-alias-analysis-perf.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Improved performance of alias analysis of large function bodies. In rare cases, alerts that depend on alias analysis of large function bodies may be affected. diff --git a/cpp/ql/lib/change-notes/2024-07-31-constexpr-if.md b/cpp/ql/lib/change-notes/2024-07-31-constexpr-if.md deleted file mode 100644 index 09e27337bd11..000000000000 --- a/cpp/ql/lib/change-notes/2024-07-31-constexpr-if.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The controlling expression of a `constexpr if` is now always recognized as an unevaluated expression. \ No newline at end of file diff --git a/cpp/ql/lib/change-notes/2024-08-01-deduction-guide.md b/cpp/ql/lib/change-notes/2024-08-01-deduction-guide.md deleted file mode 100644 index b2d18d5994f5..000000000000 --- a/cpp/ql/lib/change-notes/2024-08-01-deduction-guide.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* A `getTemplateClass` predicate was added to the `DeductionGuide` class to get the class template for which the deduction guide is a guide. diff --git a/cpp/ql/lib/change-notes/2024-08-01-explicit-bool.md b/cpp/ql/lib/change-notes/2024-08-01-explicit-bool.md deleted file mode 100644 index f6ff9d19e8b3..000000000000 --- a/cpp/ql/lib/change-notes/2024-08-01-explicit-bool.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: feature ---- -* An `isExplicit` predicate was added to the `Function` class that determines whether the function was declared as explicit. -* A `getExplicitExpr` predicate was added to the `Function` class that yields the constant boolean expression (if any) that conditionally determines whether the function is explicit. diff --git a/cpp/ql/lib/change-notes/released/1.4.0.md b/cpp/ql/lib/change-notes/released/1.4.0.md new file mode 100644 index 000000000000..a8466b0ef11c --- /dev/null +++ b/cpp/ql/lib/change-notes/released/1.4.0.md @@ -0,0 +1,14 @@ +## 1.4.0 + +### New Features + +* A `getTemplateClass` predicate was added to the `DeductionGuide` class to get the class template for which the deduction guide is a guide. +* An `isExplicit` predicate was added to the `Function` class that determines whether the function was declared as explicit. +* A `getExplicitExpr` predicate was added to the `Function` class that yields the constant boolean expression (if any) that conditionally determines whether the function is explicit. +* A `isDestroyingDeleteDeallocation` predicate was added to the `NewOrNewArrayExpr` and `DeleteOrDeleteArrayExpr` classes to indicate whether the deallocation function is a destroying delete. + +### Minor Analysis Improvements + +* The controlling expression of a `constexpr if` is now always recognized as an unevaluated expression. +* Improved performance of alias analysis of large function bodies. In rare cases, alerts that depend on alias analysis of large function bodies may be affected. +* A `UsingEnumDeclarationEntry` class has been added for C++ `using enum` declarations. As part of this, synthesized `UsingDeclarationEntry`s are no longer emitted for individual enumerators of the referenced enumeration. diff --git a/cpp/ql/lib/codeql-pack.release.yml b/cpp/ql/lib/codeql-pack.release.yml index ec16350ed6fd..b8b2e97d5086 100644 --- a/cpp/ql/lib/codeql-pack.release.yml +++ b/cpp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.3.0 +lastReleaseVersion: 1.4.0 diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index 5ef613e94c00..002da21daec9 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 1.3.1-dev +version: 1.4.0 groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md index 9f10be7db909..25e322a99b75 100644 --- a/cpp/ql/src/CHANGELOG.md +++ b/cpp/ql/src/CHANGELOG.md @@ -1,3 +1,16 @@ +## 1.2.0 + +### Query Metadata Changes + +* The precision of `cpp/unsigned-difference-expression-compared-zero` ("Unsigned difference expression compared to zero") has been increased to `high`. As a result, it will be run by default as part of the Code Scanning suite. + +### Minor Analysis Improvements + +* Fixed false positives in the `cpp/memory-may-not-be-freed` ("Memory may not be freed") query involving class methods that returned an allocated field of that class being misidentified as allocators. +* The `cpp/incorrectly-checked-scanf` ("Incorrect return-value check for a 'scanf'-like function") query now produces fewer false positive results. +* The `cpp/incorrect-allocation-error-handling` ("Incorrect allocation-error handling") query no longer produces occasional false positive results inside template instantiations. +* The `cpp/suspicious-allocation-size` ("Not enough memory allocated for array of pointer type") query no longer produces false positives on "variable size" `struct`s. + ## 1.1.0 ### Query Metadata Changes diff --git a/cpp/ql/src/change-notes/2024-07-11-unsigned-difference-expression-compared-zero-query.md b/cpp/ql/src/change-notes/2024-07-11-unsigned-difference-expression-compared-zero-query.md deleted file mode 100644 index 7a1469464c27..000000000000 --- a/cpp/ql/src/change-notes/2024-07-11-unsigned-difference-expression-compared-zero-query.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: queryMetadata ---- -* The precision of `cpp/unsigned-difference-expression-compared-zero` ("Unsigned difference expression compared to zero") has been increased to `high`. As a result, it will be run by default as part of the Code Scanning suite. diff --git a/cpp/ql/src/change-notes/2024-07-22-incorrect-allocation-error-handling.md b/cpp/ql/src/change-notes/2024-07-22-incorrect-allocation-error-handling.md deleted file mode 100644 index 5e95cd05678e..000000000000 --- a/cpp/ql/src/change-notes/2024-07-22-incorrect-allocation-error-handling.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The `cpp/incorrect-allocation-error-handling` ("Incorrect allocation-error handling") query no longer produces occasional false positive results inside template instantiations. diff --git a/cpp/ql/src/change-notes/2024-07-22-suspicious-allocation-size.md b/cpp/ql/src/change-notes/2024-07-22-suspicious-allocation-size.md deleted file mode 100644 index 8b55e61e85a7..000000000000 --- a/cpp/ql/src/change-notes/2024-07-22-suspicious-allocation-size.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The `cpp/suspicious-allocation-size` ("Not enough memory allocated for array of pointer type") query no longer produces false positives on "variable size" `struct`s. diff --git a/cpp/ql/src/change-notes/2024-07-23-incorrectly-checked-scanf.md b/cpp/ql/src/change-notes/2024-07-23-incorrectly-checked-scanf.md deleted file mode 100644 index 9149c7611f5b..000000000000 --- a/cpp/ql/src/change-notes/2024-07-23-incorrectly-checked-scanf.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The `cpp/incorrectly-checked-scanf` ("Incorrect return-value check for a 'scanf'-like function") query now produces fewer false positive results. diff --git a/cpp/ql/src/change-notes/2024-07-31-memory-may-not-be-freed.md b/cpp/ql/src/change-notes/2024-07-31-memory-may-not-be-freed.md deleted file mode 100644 index a0ce19ccf694..000000000000 --- a/cpp/ql/src/change-notes/2024-07-31-memory-may-not-be-freed.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Fixed false positives in the `cpp/memory-may-not-be-freed` ("Memory may not be freed") query involving class methods that returned an allocated field of that class being misidentified as allocators. diff --git a/cpp/ql/src/change-notes/released/1.2.0.md b/cpp/ql/src/change-notes/released/1.2.0.md new file mode 100644 index 000000000000..f23e2b92eec6 --- /dev/null +++ b/cpp/ql/src/change-notes/released/1.2.0.md @@ -0,0 +1,12 @@ +## 1.2.0 + +### Query Metadata Changes + +* The precision of `cpp/unsigned-difference-expression-compared-zero` ("Unsigned difference expression compared to zero") has been increased to `high`. As a result, it will be run by default as part of the Code Scanning suite. + +### Minor Analysis Improvements + +* Fixed false positives in the `cpp/memory-may-not-be-freed` ("Memory may not be freed") query involving class methods that returned an allocated field of that class being misidentified as allocators. +* The `cpp/incorrectly-checked-scanf` ("Incorrect return-value check for a 'scanf'-like function") query now produces fewer false positive results. +* The `cpp/incorrect-allocation-error-handling` ("Incorrect allocation-error handling") query no longer produces occasional false positive results inside template instantiations. +* The `cpp/suspicious-allocation-size` ("Not enough memory allocated for array of pointer type") query no longer produces false positives on "variable size" `struct`s. diff --git a/cpp/ql/src/codeql-pack.release.yml b/cpp/ql/src/codeql-pack.release.yml index 2ac15439f561..75430e73d1c4 100644 --- a/cpp/ql/src/codeql-pack.release.yml +++ b/cpp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.1.0 +lastReleaseVersion: 1.2.0 diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index 97b40ad7de2d..a26e3b68c6de 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 1.1.1-dev +version: 1.2.0 groups: - cpp - queries diff --git a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md index 503822fbd684..eb7af5234e3c 100644 --- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.22 + +No user-facing changes. + ## 1.7.21 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.22.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.22.md new file mode 100644 index 000000000000..7d6f39f3ce21 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.22.md @@ -0,0 +1,3 @@ +## 1.7.22 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml index 87eff681b88a..6a79a0ec163e 100644 --- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.21 +lastReleaseVersion: 1.7.22 diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index f8c5a6f14a29..a13c44628162 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.7.22-dev +version: 1.7.22 groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md index 503822fbd684..eb7af5234e3c 100644 --- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.22 + +No user-facing changes. + ## 1.7.21 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.22.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.22.md new file mode 100644 index 000000000000..7d6f39f3ce21 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.22.md @@ -0,0 +1,3 @@ +## 1.7.22 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml index 87eff681b88a..6a79a0ec163e 100644 --- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.21 +lastReleaseVersion: 1.7.22 diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index f8e6ff0dc93a..d6062ac903d3 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.7.22-dev +version: 1.7.22 groups: - csharp - solorigate diff --git a/csharp/ql/lib/CHANGELOG.md b/csharp/ql/lib/CHANGELOG.md index e8db03319514..50a19e99d36a 100644 --- a/csharp/ql/lib/CHANGELOG.md +++ b/csharp/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/csharp/ql/lib/change-notes/released/1.0.5.md b/csharp/ql/lib/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/csharp/ql/lib/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/csharp/ql/lib/codeql-pack.release.yml b/csharp/ql/lib/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/csharp/ql/lib/codeql-pack.release.yml +++ b/csharp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index 7c679023e56f..6df287fb5e1c 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 1.0.5-dev +version: 1.0.5 groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/CHANGELOG.md b/csharp/ql/src/CHANGELOG.md index 0b2583745f1e..bd25f8118dd5 100644 --- a/csharp/ql/src/CHANGELOG.md +++ b/csharp/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/csharp/ql/src/change-notes/released/1.0.5.md b/csharp/ql/src/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/csharp/ql/src/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/csharp/ql/src/codeql-pack.release.yml b/csharp/ql/src/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/csharp/ql/src/codeql-pack.release.yml +++ b/csharp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index d1efd4cbf183..1f6b695454dc 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 1.0.5-dev +version: 1.0.5 groups: - csharp - queries diff --git a/go/ql/consistency-queries/CHANGELOG.md b/go/ql/consistency-queries/CHANGELOG.md index bdc66d513224..2e7162889c38 100644 --- a/go/ql/consistency-queries/CHANGELOG.md +++ b/go/ql/consistency-queries/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/go/ql/consistency-queries/change-notes/released/1.0.5.md b/go/ql/consistency-queries/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/go/ql/consistency-queries/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/go/ql/consistency-queries/codeql-pack.release.yml b/go/ql/consistency-queries/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/go/ql/consistency-queries/codeql-pack.release.yml +++ b/go/ql/consistency-queries/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/go/ql/consistency-queries/qlpack.yml b/go/ql/consistency-queries/qlpack.yml index 84c6cd451e2e..62d6836c3c35 100644 --- a/go/ql/consistency-queries/qlpack.yml +++ b/go/ql/consistency-queries/qlpack.yml @@ -1,5 +1,5 @@ name: codeql-go-consistency-queries -version: 1.0.5-dev +version: 1.0.5 groups: - go - queries diff --git a/go/ql/lib/CHANGELOG.md b/go/ql/lib/CHANGELOG.md index ed4e9b3750f8..41cfec4595ef 100644 --- a/go/ql/lib/CHANGELOG.md +++ b/go/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.1.4 + +No user-facing changes. + ## 1.1.3 ### Minor Analysis Improvements diff --git a/go/ql/lib/change-notes/released/1.1.4.md b/go/ql/lib/change-notes/released/1.1.4.md new file mode 100644 index 000000000000..b95051903c5a --- /dev/null +++ b/go/ql/lib/change-notes/released/1.1.4.md @@ -0,0 +1,3 @@ +## 1.1.4 + +No user-facing changes. diff --git a/go/ql/lib/codeql-pack.release.yml b/go/ql/lib/codeql-pack.release.yml index 35e710ab1bf0..26cbcd3f123b 100644 --- a/go/ql/lib/codeql-pack.release.yml +++ b/go/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.1.3 +lastReleaseVersion: 1.1.4 diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index 0393983bbc1e..574d34df3c58 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 1.1.4-dev +version: 1.1.4 groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/src/CHANGELOG.md b/go/ql/src/CHANGELOG.md index 7248057e4089..36470f89ebab 100644 --- a/go/ql/src/CHANGELOG.md +++ b/go/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/go/ql/src/change-notes/released/1.0.5.md b/go/ql/src/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/go/ql/src/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/go/ql/src/codeql-pack.release.yml b/go/ql/src/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/go/ql/src/codeql-pack.release.yml +++ b/go/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index 36f79d28b5b4..2d492bd3eaa7 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 1.0.5-dev +version: 1.0.5 groups: - go - queries diff --git a/java/ql/automodel/src/CHANGELOG.md b/java/ql/automodel/src/CHANGELOG.md index 7ef174ca56a5..7dc759d1ac6f 100644 --- a/java/ql/automodel/src/CHANGELOG.md +++ b/java/ql/automodel/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/java/ql/automodel/src/change-notes/released/1.0.5.md b/java/ql/automodel/src/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/java/ql/automodel/src/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/java/ql/automodel/src/codeql-pack.release.yml b/java/ql/automodel/src/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/java/ql/automodel/src/codeql-pack.release.yml +++ b/java/ql/automodel/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/java/ql/automodel/src/qlpack.yml b/java/ql/automodel/src/qlpack.yml index 59878324d3d2..77cfa34c6dbe 100644 --- a/java/ql/automodel/src/qlpack.yml +++ b/java/ql/automodel/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-automodel-queries -version: 1.0.5-dev +version: 1.0.5 groups: - java - automodel diff --git a/java/ql/lib/CHANGELOG.md b/java/ql/lib/CHANGELOG.md index 07b324f259c5..2dd89daf33f6 100644 --- a/java/ql/lib/CHANGELOG.md +++ b/java/ql/lib/CHANGELOG.md @@ -1,3 +1,23 @@ +## 3.0.0 + +### Breaking Changes + +* The Java and Kotlin extractors no longer support the `SOURCE_ARCHIVE` and `TRAP_FOLDER` legacy environment variable. + +### New Features + +* Java support for `build-mode: none` is now out of beta, and generally available. + +### Major Analysis Improvements + +* We previously considered reverse DNS resolutions (IP address -> domain name) as sources of untrusted data, since compromised/malicious DNS servers could potentially return malicious responses to arbitrary requests. We have now removed this source from the default set of untrusted sources and made a new threat model kind for them, called "reverse-dns". You can optionally include other threat models as appropriate when using the CodeQL CLI and in GitHub code scanning. For more information, see [Analyzing your code with CodeQL queries](https://docs.github.com/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries#including-model-packs-to-add-potential-sources-of-tainted-data>) and [Customizing your advanced setup for code scanning](https://docs.github.com/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#extending-codeql-coverage-with-threat-models). + +### Minor Analysis Improvements + +* Added flow through some methods of the class `java.net.URL` by ensuring that the fields of a URL are tainted. +* Added path-injection sinks for `org.apache.tools.ant.taskdefs.Property.setFile` and `org.apache.tools.ant.taskdefs.Property.setResource`. +* Adds models for request handlers using the `org.lastaflute.web` web framework. + ## 2.0.0 ### Breaking Changes diff --git a/java/ql/lib/change-notes/2024-07-16-add-models-for-the-lastaflute-framework.md b/java/ql/lib/change-notes/2024-07-16-add-models-for-the-lastaflute-framework.md deleted file mode 100644 index b5f924cdb676..000000000000 --- a/java/ql/lib/change-notes/2024-07-16-add-models-for-the-lastaflute-framework.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Adds models for request handlers using the `org.lastaflute.web` web framework. diff --git a/java/ql/lib/change-notes/2024-07-19-apache-ant-property-sinks.md b/java/ql/lib/change-notes/2024-07-19-apache-ant-property-sinks.md deleted file mode 100644 index 11d84d15e3f2..000000000000 --- a/java/ql/lib/change-notes/2024-07-19-apache-ant-property-sinks.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added path-injection sinks for `org.apache.tools.ant.taskdefs.Property.setFile` and `org.apache.tools.ant.taskdefs.Property.setResource`. diff --git a/java/ql/lib/change-notes/2024-07-24-url-fields-inherit-taint.md b/java/ql/lib/change-notes/2024-07-24-url-fields-inherit-taint.md deleted file mode 100644 index 80851dbc6559..000000000000 --- a/java/ql/lib/change-notes/2024-07-24-url-fields-inherit-taint.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added flow through some methods of the class `java.net.URL` by ensuring that the fields of a URL are tainted. diff --git a/java/ql/lib/change-notes/2024-07-25-env-vars.md b/java/ql/lib/change-notes/2024-07-25-env-vars.md deleted file mode 100644 index 8c58be3b4126..000000000000 --- a/java/ql/lib/change-notes/2024-07-25-env-vars.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: breaking ---- -* The Java and Kotlin extractors no longer support the `SOURCE_ARCHIVE` and `TRAP_FOLDER` legacy environment variable. diff --git a/java/ql/lib/change-notes/2024-08-02-buildless-ga.md b/java/ql/lib/change-notes/2024-08-02-buildless-ga.md deleted file mode 100644 index 8d2d8b6255d4..000000000000 --- a/java/ql/lib/change-notes/2024-08-02-buildless-ga.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* Java support for `build-mode: none` is now out of beta, and generally available. diff --git a/java/ql/lib/change-notes/2024-06-14-reverse-dns-separate-threat-model-kind.md b/java/ql/lib/change-notes/released/3.0.0.md similarity index 60% rename from java/ql/lib/change-notes/2024-06-14-reverse-dns-separate-threat-model-kind.md rename to java/ql/lib/change-notes/released/3.0.0.md index f5e39a0b5ea5..be106b16574c 100644 --- a/java/ql/lib/change-notes/2024-06-14-reverse-dns-separate-threat-model-kind.md +++ b/java/ql/lib/change-notes/released/3.0.0.md @@ -1,4 +1,19 @@ ---- -category: majorAnalysis ---- +## 3.0.0 + +### Breaking Changes + +* The Java and Kotlin extractors no longer support the `SOURCE_ARCHIVE` and `TRAP_FOLDER` legacy environment variable. + +### New Features + +* Java support for `build-mode: none` is now out of beta, and generally available. + +### Major Analysis Improvements + * We previously considered reverse DNS resolutions (IP address -> domain name) as sources of untrusted data, since compromised/malicious DNS servers could potentially return malicious responses to arbitrary requests. We have now removed this source from the default set of untrusted sources and made a new threat model kind for them, called "reverse-dns". You can optionally include other threat models as appropriate when using the CodeQL CLI and in GitHub code scanning. For more information, see [Analyzing your code with CodeQL queries](https://docs.github.com/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries#including-model-packs-to-add-potential-sources-of-tainted-data>) and [Customizing your advanced setup for code scanning](https://docs.github.com/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#extending-codeql-coverage-with-threat-models). + +### Minor Analysis Improvements + +* Added flow through some methods of the class `java.net.URL` by ensuring that the fields of a URL are tainted. +* Added path-injection sinks for `org.apache.tools.ant.taskdefs.Property.setFile` and `org.apache.tools.ant.taskdefs.Property.setResource`. +* Adds models for request handlers using the `org.lastaflute.web` web framework. diff --git a/java/ql/lib/codeql-pack.release.yml b/java/ql/lib/codeql-pack.release.yml index 0abe6ccede0f..33d3a2cd1139 100644 --- a/java/ql/lib/codeql-pack.release.yml +++ b/java/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.0 +lastReleaseVersion: 3.0.0 diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index 470dfa198988..74bb47b0b8d0 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 2.0.1-dev +version: 3.0.0 groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/CHANGELOG.md b/java/ql/src/CHANGELOG.md index 79a69c7ed9b6..464768e3a7fc 100644 --- a/java/ql/src/CHANGELOG.md +++ b/java/ql/src/CHANGELOG.md @@ -1,3 +1,12 @@ +## 1.1.2 + +### Minor Analysis Improvements + +* Variables names containing the string "tokenizer" (case-insensitively) are no longer sources for the `java/sensitive-log` query. They normally relate to things like `java.util.StringTokenizer`, which are not sensitive information. This should fix some false positive alerts. +* The query "Unused classes and interfaces" (`java/unused-reference-type`) now recognizes that if a method of a class has an annotation then it may be accessed reflectively. This should remove false positive alerts, especially for JUnit 4-style tests annotated with `@test`. +* Alerts about exposing `exception.getMessage()` in servlet responses are now split out of `java/stack-trace-exposure` into its own query `java/error-message-exposure`. +* Added the extensible abstract class `SensitiveLoggerSource`. Now this class can be extended to add more sources to the `java/sensitive-log` query or for customizations overrides. + ## 1.1.1 ### Minor Analysis Improvements @@ -325,7 +334,7 @@ No user-facing changes. ### New Queries * Added a new query, `java/android/incomplete-provider-permissions`, to detect if an Android ContentProvider is not protected with a correct set of permissions. -* A new query "Uncontrolled data used in content resolution" (`java/android/unsafe-content-uri-resolution`) has been added. This query finds paths from user-provided data to URI resolution operations in Android's `ContentResolver` without previous validation or sanitization. +* A new query "Uncontrolled data used in content resolution" (`java/androd/unsafe-content-uri-resolution`) has been added. This query finds paths from user-provided data to URI resolution operations in Android's `ContentResolver` without previous validation or sanitization. ## 0.4.1 diff --git a/java/ql/src/change-notes/2024-07-23-java-sensitivelogging-source.md b/java/ql/src/change-notes/2024-07-23-java-sensitivelogging-source.md deleted file mode 100644 index ff8a3e12ee4a..000000000000 --- a/java/ql/src/change-notes/2024-07-23-java-sensitivelogging-source.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added the extensible abstract class `SensitiveLoggerSource`. Now this class can be extended to add more sources to the `java/sensitive-log` query or for customizations overrides. \ No newline at end of file diff --git a/java/ql/src/change-notes/2024-07-25-java-error-message-exposure.md b/java/ql/src/change-notes/2024-07-25-java-error-message-exposure.md deleted file mode 100644 index 2cc18cc1c644..000000000000 --- a/java/ql/src/change-notes/2024-07-25-java-error-message-exposure.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Alerts about exposing `exception.getMessage()` in servlet responses are now split out of `java/stack-trace-exposure` into its own query `java/error-message-exposure`. \ No newline at end of file diff --git a/java/ql/src/change-notes/2024-07-30-sensitive-log-whitelist-tokenizer.md b/java/ql/src/change-notes/2024-07-30-sensitive-log-whitelist-tokenizer.md deleted file mode 100644 index a9a2bf2a9e0c..000000000000 --- a/java/ql/src/change-notes/2024-07-30-sensitive-log-whitelist-tokenizer.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Variables names containing the string "tokenizer" (case-insensitively) are no longer sources for the `java/sensitive-log` query. They normally relate to things like `java.util.StringTokenizer`, which are not sensitive information. This should fix some false positive alerts. diff --git a/java/ql/src/change-notes/2024-07-30-unused.md b/java/ql/src/change-notes/2024-07-30-unused.md deleted file mode 100644 index 44eaaf515e5f..000000000000 --- a/java/ql/src/change-notes/2024-07-30-unused.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The query "Unused classes and interfaces" (`java/unused-reference-type`) now recognizes that if a method of a class has an annotation then it may be accessed reflectively. This should remove false positive alerts, especially for JUnit 4-style tests annotated with `@test`. diff --git a/java/ql/src/change-notes/released/1.1.2.md b/java/ql/src/change-notes/released/1.1.2.md new file mode 100644 index 000000000000..f14365cfdd3a --- /dev/null +++ b/java/ql/src/change-notes/released/1.1.2.md @@ -0,0 +1,8 @@ +## 1.1.2 + +### Minor Analysis Improvements + +* Variables names containing the string "tokenizer" (case-insensitively) are no longer sources for the `java/sensitive-log` query. They normally relate to things like `java.util.StringTokenizer`, which are not sensitive information. This should fix some false positive alerts. +* The query "Unused classes and interfaces" (`java/unused-reference-type`) now recognizes that if a method of a class has an annotation then it may be accessed reflectively. This should remove false positive alerts, especially for JUnit 4-style tests annotated with `@test`. +* Alerts about exposing `exception.getMessage()` in servlet responses are now split out of `java/stack-trace-exposure` into its own query `java/error-message-exposure`. +* Added the extensible abstract class `SensitiveLoggerSource`. Now this class can be extended to add more sources to the `java/sensitive-log` query or for customizations overrides. diff --git a/java/ql/src/codeql-pack.release.yml b/java/ql/src/codeql-pack.release.yml index 1a19084be3f7..53ab127707fc 100644 --- a/java/ql/src/codeql-pack.release.yml +++ b/java/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.1.1 +lastReleaseVersion: 1.1.2 diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index e34220277ab7..2b82652c07ed 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 1.1.2-dev +version: 1.1.2 groups: - java - queries diff --git a/javascript/ql/lib/CHANGELOG.md b/javascript/ql/lib/CHANGELOG.md index 182f9a9685c5..134bbe39a693 100644 --- a/javascript/ql/lib/CHANGELOG.md +++ b/javascript/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.1.2 + +No user-facing changes. + ## 1.1.1 No user-facing changes. diff --git a/javascript/ql/lib/change-notes/released/1.1.2.md b/javascript/ql/lib/change-notes/released/1.1.2.md new file mode 100644 index 000000000000..ce8d2c1a4f37 --- /dev/null +++ b/javascript/ql/lib/change-notes/released/1.1.2.md @@ -0,0 +1,3 @@ +## 1.1.2 + +No user-facing changes. diff --git a/javascript/ql/lib/codeql-pack.release.yml b/javascript/ql/lib/codeql-pack.release.yml index 1a19084be3f7..53ab127707fc 100644 --- a/javascript/ql/lib/codeql-pack.release.yml +++ b/javascript/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.1.1 +lastReleaseVersion: 1.1.2 diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index f7bdd033b1c9..55728be6e206 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 1.1.2-dev +version: 1.1.2 groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/CHANGELOG.md b/javascript/ql/src/CHANGELOG.md index 0f30798ecd18..af1e040cc44a 100644 --- a/javascript/ql/src/CHANGELOG.md +++ b/javascript/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.1.1 + +No user-facing changes. + ## 1.1.0 ### New Queries diff --git a/javascript/ql/src/change-notes/released/1.1.1.md b/javascript/ql/src/change-notes/released/1.1.1.md new file mode 100644 index 000000000000..7fb56d366105 --- /dev/null +++ b/javascript/ql/src/change-notes/released/1.1.1.md @@ -0,0 +1,3 @@ +## 1.1.1 + +No user-facing changes. diff --git a/javascript/ql/src/codeql-pack.release.yml b/javascript/ql/src/codeql-pack.release.yml index 2ac15439f561..1a19084be3f7 100644 --- a/javascript/ql/src/codeql-pack.release.yml +++ b/javascript/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.1.0 +lastReleaseVersion: 1.1.1 diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index bd70dd01c26f..930347d58bc4 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 1.1.1-dev +version: 1.1.1 groups: - javascript - queries diff --git a/misc/suite-helpers/CHANGELOG.md b/misc/suite-helpers/CHANGELOG.md index 9f92ac20b255..5e4196ac3372 100644 --- a/misc/suite-helpers/CHANGELOG.md +++ b/misc/suite-helpers/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/misc/suite-helpers/change-notes/released/1.0.5.md b/misc/suite-helpers/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/misc/suite-helpers/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/misc/suite-helpers/codeql-pack.release.yml b/misc/suite-helpers/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/misc/suite-helpers/codeql-pack.release.yml +++ b/misc/suite-helpers/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml index b09efa35a30e..530d81be5a7a 100644 --- a/misc/suite-helpers/qlpack.yml +++ b/misc/suite-helpers/qlpack.yml @@ -1,4 +1,4 @@ name: codeql/suite-helpers -version: 1.0.5-dev +version: 1.0.5 groups: shared warnOnImplicitThis: true diff --git a/python/ql/lib/CHANGELOG.md b/python/ql/lib/CHANGELOG.md index 382efff551c6..87cbf5bfda15 100644 --- a/python/ql/lib/CHANGELOG.md +++ b/python/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 1.0.5 + +### Minor Analysis Improvements + +* Added support for `DictionaryElement[]` and `DictionaryElementAny` when Customizing Library Models for `sourceModel` (see https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-python/) + ## 1.0.4 ### Minor Analysis Improvements diff --git a/python/ql/lib/change-notes/2024-07-12-mad-dict-sources.md b/python/ql/lib/change-notes/released/1.0.5.md similarity index 83% rename from python/ql/lib/change-notes/2024-07-12-mad-dict-sources.md rename to python/ql/lib/change-notes/released/1.0.5.md index 1cc64bc5e7f3..f65ec74a0951 100644 --- a/python/ql/lib/change-notes/2024-07-12-mad-dict-sources.md +++ b/python/ql/lib/change-notes/released/1.0.5.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 1.0.5 + +### Minor Analysis Improvements + * Added support for `DictionaryElement[]` and `DictionaryElementAny` when Customizing Library Models for `sourceModel` (see https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-python/) diff --git a/python/ql/lib/codeql-pack.release.yml b/python/ql/lib/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/python/ql/lib/codeql-pack.release.yml +++ b/python/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index f25441dbef5e..d43d4386a88e 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 1.0.5-dev +version: 1.0.5 groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/CHANGELOG.md b/python/ql/src/CHANGELOG.md index b386509bd979..318971129253 100644 --- a/python/ql/src/CHANGELOG.md +++ b/python/ql/src/CHANGELOG.md @@ -1,3 +1,13 @@ +## 1.1.0 + +### New Queries + +* The `py/cookie-injection` query, originally contributed to the experimental query pack by @jorgectf, has been promoted to the main query pack. This query finds instances of cookies being constructed from user input. + +### Minor Analysis Improvements + +* Added models of `streamlit` PyPI package. + ## 1.0.4 No user-facing changes. diff --git a/python/ql/src/change-notes/2024-07-26-streamlit-models.md b/python/ql/src/change-notes/2024-07-26-streamlit-models.md deleted file mode 100644 index 7deba7dffed6..000000000000 --- a/python/ql/src/change-notes/2024-07-26-streamlit-models.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added models of `streamlit` PyPI package. diff --git a/python/ql/src/change-notes/2024-07-19-cookie-injection.md b/python/ql/src/change-notes/released/1.1.0.md similarity index 59% rename from python/ql/src/change-notes/2024-07-19-cookie-injection.md rename to python/ql/src/change-notes/released/1.1.0.md index ceefa99c886b..9ced8370f539 100644 --- a/python/ql/src/change-notes/2024-07-19-cookie-injection.md +++ b/python/ql/src/change-notes/released/1.1.0.md @@ -1,4 +1,9 @@ ---- -category: newQuery ---- -* The `py/cookie-injection` query, originally contributed to the experimental query pack by @jorgectf, has been promoted to the main query pack. This query finds instances of cookies being constructed from user input. \ No newline at end of file +## 1.1.0 + +### New Queries + +* The `py/cookie-injection` query, originally contributed to the experimental query pack by @jorgectf, has been promoted to the main query pack. This query finds instances of cookies being constructed from user input. + +### Minor Analysis Improvements + +* Added models of `streamlit` PyPI package. diff --git a/python/ql/src/codeql-pack.release.yml b/python/ql/src/codeql-pack.release.yml index 03f7ea71b58e..2ac15439f561 100644 --- a/python/ql/src/codeql-pack.release.yml +++ b/python/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.1.0 diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index 6c6bf5f7798f..d994d8744a18 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 1.0.5-dev +version: 1.1.0 groups: - python - queries diff --git a/ruby/ql/lib/CHANGELOG.md b/ruby/ql/lib/CHANGELOG.md index 865dc997f3a6..4d575d4ef0f3 100644 --- a/ruby/ql/lib/CHANGELOG.md +++ b/ruby/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/ruby/ql/lib/change-notes/released/1.0.5.md b/ruby/ql/lib/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/ruby/ql/lib/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/ruby/ql/lib/codeql-pack.release.yml b/ruby/ql/lib/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/ruby/ql/lib/codeql-pack.release.yml +++ b/ruby/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index 6cee97698704..5a94c2c93d3c 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 1.0.5-dev +version: 1.0.5 groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/CHANGELOG.md b/ruby/ql/src/CHANGELOG.md index ac5d0c7525c0..37101f41c704 100644 --- a/ruby/ql/src/CHANGELOG.md +++ b/ruby/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 1.1.0 + +### New Queries + +* Added a new query, `rb/weak-sensitive-data-hashing`, to detect cases where sensitive data is hashed using a weak cryptographic hashing algorithm. + ## 1.0.4 No user-facing changes. diff --git a/ruby/ql/src/change-notes/2024-06-18-weak-sensitive-data-hashing-query.md b/ruby/ql/src/change-notes/released/1.1.0.md similarity index 84% rename from ruby/ql/src/change-notes/2024-06-18-weak-sensitive-data-hashing-query.md rename to ruby/ql/src/change-notes/released/1.1.0.md index 6fffd21d616c..17dcb0b1237f 100644 --- a/ruby/ql/src/change-notes/2024-06-18-weak-sensitive-data-hashing-query.md +++ b/ruby/ql/src/change-notes/released/1.1.0.md @@ -1,4 +1,5 @@ ---- -category: newQuery ---- +## 1.1.0 + +### New Queries + * Added a new query, `rb/weak-sensitive-data-hashing`, to detect cases where sensitive data is hashed using a weak cryptographic hashing algorithm. diff --git a/ruby/ql/src/codeql-pack.release.yml b/ruby/ql/src/codeql-pack.release.yml index 03f7ea71b58e..2ac15439f561 100644 --- a/ruby/ql/src/codeql-pack.release.yml +++ b/ruby/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.1.0 diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index c1c895167bcd..675736868034 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 1.0.5-dev +version: 1.1.0 groups: - ruby - queries diff --git a/shared/controlflow/CHANGELOG.md b/shared/controlflow/CHANGELOG.md index 047afa97e510..f62d99b8a599 100644 --- a/shared/controlflow/CHANGELOG.md +++ b/shared/controlflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/shared/controlflow/change-notes/released/1.0.5.md b/shared/controlflow/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/shared/controlflow/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/shared/controlflow/codeql-pack.release.yml b/shared/controlflow/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/shared/controlflow/codeql-pack.release.yml +++ b/shared/controlflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/shared/controlflow/qlpack.yml b/shared/controlflow/qlpack.yml index e981c2fed5dc..411b43b82cc4 100644 --- a/shared/controlflow/qlpack.yml +++ b/shared/controlflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/controlflow -version: 1.0.5-dev +version: 1.0.5 groups: shared library: true dependencies: diff --git a/shared/dataflow/CHANGELOG.md b/shared/dataflow/CHANGELOG.md index ca6c7165b9bf..0a94e1b80ec2 100644 --- a/shared/dataflow/CHANGELOG.md +++ b/shared/dataflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/shared/dataflow/change-notes/released/1.0.5.md b/shared/dataflow/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/shared/dataflow/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/shared/dataflow/codeql-pack.release.yml b/shared/dataflow/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/shared/dataflow/codeql-pack.release.yml +++ b/shared/dataflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/shared/dataflow/qlpack.yml b/shared/dataflow/qlpack.yml index 4302341cb3b5..bfec0e93a53a 100644 --- a/shared/dataflow/qlpack.yml +++ b/shared/dataflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/dataflow -version: 1.0.5-dev +version: 1.0.5 groups: shared library: true dependencies: diff --git a/shared/mad/CHANGELOG.md b/shared/mad/CHANGELOG.md index 8680f86e786b..0bf218b96568 100644 --- a/shared/mad/CHANGELOG.md +++ b/shared/mad/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/shared/mad/change-notes/released/1.0.5.md b/shared/mad/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/shared/mad/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/shared/mad/codeql-pack.release.yml b/shared/mad/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/shared/mad/codeql-pack.release.yml +++ b/shared/mad/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/shared/mad/qlpack.yml b/shared/mad/qlpack.yml index 0c16b8a9bddb..21aa9dc3cb74 100644 --- a/shared/mad/qlpack.yml +++ b/shared/mad/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/mad -version: 1.0.5-dev +version: 1.0.5 groups: shared library: true dependencies: diff --git a/shared/rangeanalysis/CHANGELOG.md b/shared/rangeanalysis/CHANGELOG.md index a33a857c9057..f445578246d1 100644 --- a/shared/rangeanalysis/CHANGELOG.md +++ b/shared/rangeanalysis/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/shared/rangeanalysis/change-notes/released/1.0.5.md b/shared/rangeanalysis/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/shared/rangeanalysis/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/shared/rangeanalysis/codeql-pack.release.yml b/shared/rangeanalysis/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/shared/rangeanalysis/codeql-pack.release.yml +++ b/shared/rangeanalysis/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/shared/rangeanalysis/qlpack.yml b/shared/rangeanalysis/qlpack.yml index c2f65e2931f0..0a0b326205c1 100644 --- a/shared/rangeanalysis/qlpack.yml +++ b/shared/rangeanalysis/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rangeanalysis -version: 1.0.5-dev +version: 1.0.5 groups: shared library: true dependencies: diff --git a/shared/regex/CHANGELOG.md b/shared/regex/CHANGELOG.md index d78925faba07..78f8369e7396 100644 --- a/shared/regex/CHANGELOG.md +++ b/shared/regex/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/shared/regex/change-notes/released/1.0.5.md b/shared/regex/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/shared/regex/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/shared/regex/codeql-pack.release.yml b/shared/regex/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/shared/regex/codeql-pack.release.yml +++ b/shared/regex/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml index 930dfbf4098b..d0b658524fe6 100644 --- a/shared/regex/qlpack.yml +++ b/shared/regex/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/regex -version: 1.0.5-dev +version: 1.0.5 groups: shared library: true dependencies: diff --git a/shared/ssa/CHANGELOG.md b/shared/ssa/CHANGELOG.md index 1a64a39471c8..f41fc9a7fe7e 100644 --- a/shared/ssa/CHANGELOG.md +++ b/shared/ssa/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/shared/ssa/change-notes/released/1.0.5.md b/shared/ssa/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/shared/ssa/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/shared/ssa/codeql-pack.release.yml b/shared/ssa/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/shared/ssa/codeql-pack.release.yml +++ b/shared/ssa/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml index e59f7a2e601d..6ff39d141cdc 100644 --- a/shared/ssa/qlpack.yml +++ b/shared/ssa/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ssa -version: 1.0.5-dev +version: 1.0.5 groups: shared library: true dependencies: diff --git a/shared/threat-models/CHANGELOG.md b/shared/threat-models/CHANGELOG.md index bdc66d513224..2e7162889c38 100644 --- a/shared/threat-models/CHANGELOG.md +++ b/shared/threat-models/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/shared/threat-models/change-notes/released/1.0.5.md b/shared/threat-models/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/shared/threat-models/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/shared/threat-models/codeql-pack.release.yml b/shared/threat-models/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/shared/threat-models/codeql-pack.release.yml +++ b/shared/threat-models/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/shared/threat-models/qlpack.yml b/shared/threat-models/qlpack.yml index 819206dd32a6..fdd405e20961 100644 --- a/shared/threat-models/qlpack.yml +++ b/shared/threat-models/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/threat-models -version: 1.0.5-dev +version: 1.0.5 library: true groups: shared dataExtensions: diff --git a/shared/tutorial/CHANGELOG.md b/shared/tutorial/CHANGELOG.md index ad8f62a4e9d5..f20cfe347d73 100644 --- a/shared/tutorial/CHANGELOG.md +++ b/shared/tutorial/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/shared/tutorial/change-notes/released/1.0.5.md b/shared/tutorial/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/shared/tutorial/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/shared/tutorial/codeql-pack.release.yml b/shared/tutorial/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/shared/tutorial/codeql-pack.release.yml +++ b/shared/tutorial/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/shared/tutorial/qlpack.yml b/shared/tutorial/qlpack.yml index c542374804d8..502519631d05 100644 --- a/shared/tutorial/qlpack.yml +++ b/shared/tutorial/qlpack.yml @@ -1,7 +1,7 @@ name: codeql/tutorial description: Library for the CodeQL detective tutorials, helping new users learn to write CodeQL queries. -version: 1.0.5-dev +version: 1.0.5 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/typeflow/CHANGELOG.md b/shared/typeflow/CHANGELOG.md index b9366dadb5c1..7ba137cbf536 100644 --- a/shared/typeflow/CHANGELOG.md +++ b/shared/typeflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/shared/typeflow/change-notes/released/1.0.5.md b/shared/typeflow/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/shared/typeflow/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/shared/typeflow/codeql-pack.release.yml b/shared/typeflow/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/shared/typeflow/codeql-pack.release.yml +++ b/shared/typeflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/shared/typeflow/qlpack.yml b/shared/typeflow/qlpack.yml index 9dbfd6533f47..95557584bfee 100644 --- a/shared/typeflow/qlpack.yml +++ b/shared/typeflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typeflow -version: 1.0.5-dev +version: 1.0.5 groups: shared library: true dependencies: diff --git a/shared/typetracking/CHANGELOG.md b/shared/typetracking/CHANGELOG.md index d17f150b27b2..77d9b6f4fcf5 100644 --- a/shared/typetracking/CHANGELOG.md +++ b/shared/typetracking/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/shared/typetracking/change-notes/released/1.0.5.md b/shared/typetracking/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/shared/typetracking/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/shared/typetracking/codeql-pack.release.yml b/shared/typetracking/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/shared/typetracking/codeql-pack.release.yml +++ b/shared/typetracking/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/shared/typetracking/qlpack.yml b/shared/typetracking/qlpack.yml index c2a176796e89..0c31e5be9a1b 100644 --- a/shared/typetracking/qlpack.yml +++ b/shared/typetracking/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typetracking -version: 1.0.5-dev +version: 1.0.5 groups: shared library: true dependencies: diff --git a/shared/typos/CHANGELOG.md b/shared/typos/CHANGELOG.md index d323c0974fe2..f8ac1347b0f9 100644 --- a/shared/typos/CHANGELOG.md +++ b/shared/typos/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/shared/typos/change-notes/released/1.0.5.md b/shared/typos/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/shared/typos/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/shared/typos/codeql-pack.release.yml b/shared/typos/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/shared/typos/codeql-pack.release.yml +++ b/shared/typos/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml index 5bbc01323a88..97b3f34bd045 100644 --- a/shared/typos/qlpack.yml +++ b/shared/typos/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typos -version: 1.0.5-dev +version: 1.0.5 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/util/CHANGELOG.md b/shared/util/CHANGELOG.md index 6042620d77cb..e44386743adc 100644 --- a/shared/util/CHANGELOG.md +++ b/shared/util/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/shared/util/change-notes/released/1.0.5.md b/shared/util/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/shared/util/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/shared/util/codeql-pack.release.yml b/shared/util/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/shared/util/codeql-pack.release.yml +++ b/shared/util/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/shared/util/qlpack.yml b/shared/util/qlpack.yml index 964747c8c599..8b6247e151db 100644 --- a/shared/util/qlpack.yml +++ b/shared/util/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/util -version: 1.0.5-dev +version: 1.0.5 groups: shared library: true dependencies: null diff --git a/shared/xml/CHANGELOG.md b/shared/xml/CHANGELOG.md index 1323436e6b2f..1b292c168764 100644 --- a/shared/xml/CHANGELOG.md +++ b/shared/xml/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/shared/xml/change-notes/released/1.0.5.md b/shared/xml/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/shared/xml/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/shared/xml/codeql-pack.release.yml b/shared/xml/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/shared/xml/codeql-pack.release.yml +++ b/shared/xml/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/shared/xml/qlpack.yml b/shared/xml/qlpack.yml index edaeefea948c..1a7f307050be 100644 --- a/shared/xml/qlpack.yml +++ b/shared/xml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/xml -version: 1.0.5-dev +version: 1.0.5 groups: shared library: true dependencies: diff --git a/shared/yaml/CHANGELOG.md b/shared/yaml/CHANGELOG.md index cd2c2e92ddfd..064f83a6efd6 100644 --- a/shared/yaml/CHANGELOG.md +++ b/shared/yaml/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/shared/yaml/change-notes/released/1.0.5.md b/shared/yaml/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/shared/yaml/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/shared/yaml/codeql-pack.release.yml b/shared/yaml/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/shared/yaml/codeql-pack.release.yml +++ b/shared/yaml/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/shared/yaml/qlpack.yml b/shared/yaml/qlpack.yml index da7d8b2956ae..790d2dc1caed 100644 --- a/shared/yaml/qlpack.yml +++ b/shared/yaml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/yaml -version: 1.0.5-dev +version: 1.0.5 groups: shared library: true warnOnImplicitThis: true diff --git a/swift/ql/lib/CHANGELOG.md b/swift/ql/lib/CHANGELOG.md index 21e8b74bb023..b8e0122e0a0e 100644 --- a/swift/ql/lib/CHANGELOG.md +++ b/swift/ql/lib/CHANGELOG.md @@ -1,3 +1,10 @@ +## 1.1.1 + +### Minor Analysis Improvements + +* The model for `FileManager` no longer considers methods that return paths on the file system as taint sources. This is because these sources have been found to produce results of low value. +* An error in the model for `URL.withUnsafeFileSystemRepresentation(_:)` has been corrected. This may result in new data flow paths being found during analysis. + ## 1.1.0 ### New Features diff --git a/swift/ql/lib/change-notes/2024-07-24-url-model.md b/swift/ql/lib/change-notes/2024-07-24-url-model.md deleted file mode 100644 index ab831ab4593c..000000000000 --- a/swift/ql/lib/change-notes/2024-07-24-url-model.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* An error in the model for `URL.withUnsafeFileSystemRepresentation(_:)` has been corrected. This may result in new data flow paths being found during analysis. diff --git a/swift/ql/lib/change-notes/2024-08-01-filemanager-model.md b/swift/ql/lib/change-notes/2024-08-01-filemanager-model.md deleted file mode 100644 index e4630d38f2c1..000000000000 --- a/swift/ql/lib/change-notes/2024-08-01-filemanager-model.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The model for `FileManager` no longer considers methods that return paths on the file system as taint sources. This is because these sources have been found to produce results of low value. diff --git a/swift/ql/lib/change-notes/released/1.1.1.md b/swift/ql/lib/change-notes/released/1.1.1.md new file mode 100644 index 000000000000..50bd8dff3ce0 --- /dev/null +++ b/swift/ql/lib/change-notes/released/1.1.1.md @@ -0,0 +1,6 @@ +## 1.1.1 + +### Minor Analysis Improvements + +* The model for `FileManager` no longer considers methods that return paths on the file system as taint sources. This is because these sources have been found to produce results of low value. +* An error in the model for `URL.withUnsafeFileSystemRepresentation(_:)` has been corrected. This may result in new data flow paths being found during analysis. diff --git a/swift/ql/lib/codeql-pack.release.yml b/swift/ql/lib/codeql-pack.release.yml index 2ac15439f561..1a19084be3f7 100644 --- a/swift/ql/lib/codeql-pack.release.yml +++ b/swift/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.1.0 +lastReleaseVersion: 1.1.1 diff --git a/swift/ql/lib/qlpack.yml b/swift/ql/lib/qlpack.yml index 2b14c18b1283..2878c24bc555 100644 --- a/swift/ql/lib/qlpack.yml +++ b/swift/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-all -version: 1.1.1-dev +version: 1.1.1 groups: swift extractor: swift dbscheme: swift.dbscheme diff --git a/swift/ql/src/CHANGELOG.md b/swift/ql/src/CHANGELOG.md index ca26ff94f225..e33d96f63f5a 100644 --- a/swift/ql/src/CHANGELOG.md +++ b/swift/ql/src/CHANGELOG.md @@ -1,3 +1,10 @@ +## 1.0.5 + +### Minor Analysis Improvements + +* The `swift/constant-salt` ("Use of constant salts") query now considers string concatenation and interpolation as a barrier. As a result, there will be fewer false positive results from this query involving constructed strings. +* The `swift/constant-salt` ("Use of constant salts") query message now contains a link to the source node. + ## 1.0.4 No user-facing changes. diff --git a/swift/ql/src/change-notes/2024-08-01-constant-salt.md b/swift/ql/src/change-notes/released/1.0.5.md similarity index 88% rename from swift/ql/src/change-notes/2024-08-01-constant-salt.md rename to swift/ql/src/change-notes/released/1.0.5.md index 5ead3f3c9844..f2169e0059f5 100644 --- a/swift/ql/src/change-notes/2024-08-01-constant-salt.md +++ b/swift/ql/src/change-notes/released/1.0.5.md @@ -1,5 +1,6 @@ ---- -category: minorAnalysis ---- +## 1.0.5 + +### Minor Analysis Improvements + * The `swift/constant-salt` ("Use of constant salts") query now considers string concatenation and interpolation as a barrier. As a result, there will be fewer false positive results from this query involving constructed strings. * The `swift/constant-salt` ("Use of constant salts") query message now contains a link to the source node. diff --git a/swift/ql/src/codeql-pack.release.yml b/swift/ql/src/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/swift/ql/src/codeql-pack.release.yml +++ b/swift/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/swift/ql/src/qlpack.yml b/swift/ql/src/qlpack.yml index a6a4598cc743..c88cab945eb3 100644 --- a/swift/ql/src/qlpack.yml +++ b/swift/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-queries -version: 1.0.5-dev +version: 1.0.5 groups: - swift - queries From f0d1740ff8c1c20d29f83b1efa578865b1857744 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Tue, 6 Aug 2024 13:48:45 +0100 Subject: [PATCH 03/12] Update text expectations --- .../go/frameworks/Beego/ReflectedXss.expected | 156 +++++------------- .../go/frameworks/Beego/TaintedPath.expected | 8 +- .../go/frameworks/Revel/OpenRedirect.expected | 3 +- .../go/frameworks/Revel/ReflectedXss.expected | 3 +- .../go/frameworks/Revel/TaintedPath.expected | 3 +- .../CWE-347/MissingJwtSignatureCheck.expected | 10 +- .../Security/CWE-643/XPathInjection.expected | 31 +--- 7 files changed, 53 insertions(+), 161 deletions(-) diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected b/go/ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected index 4ec7a2210fd4..be6bc68e8777 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected @@ -155,123 +155,45 @@ edges | test.go:312:21:312:24 | bMap | test.go:312:21:312:32 | call to Items | provenance | MaD:12 | | test.go:312:21:312:32 | call to Items | test.go:312:21:312:52 | type assertion | provenance | | models -| 1 | Summary: github.com/astaxie/beego/utils; ; false; SliceChunk; ; ; Argument[0]; ReturnValue; taint; manual | -| 1 | Summary: github.com/beego/beego/core/utils; ; false; SliceChunk; ; ; Argument[0]; ReturnValue; taint; manual | -| 1 | Summary: github.com/beego/beego/utils; ; false; SliceChunk; ; ; Argument[0]; ReturnValue; taint; manual | -| 2 | Summary: github.com/astaxie/beego/utils; ; false; SliceDiff; ; ; Argument[0]; ReturnValue; taint; manual | -| 2 | Summary: github.com/beego/beego/core/utils; ; false; SliceDiff; ; ; Argument[0]; ReturnValue; taint; manual | -| 2 | Summary: github.com/beego/beego/utils; ; false; SliceDiff; ; ; Argument[0]; ReturnValue; taint; manual | -| 3 | Summary: github.com/astaxie/beego/utils; ; false; SliceFilter; ; ; Argument[0]; ReturnValue; taint; manual | -| 3 | Summary: github.com/beego/beego/core/utils; ; false; SliceFilter; ; ; Argument[0]; ReturnValue; taint; manual | -| 3 | Summary: github.com/beego/beego/utils; ; false; SliceFilter; ; ; Argument[0]; ReturnValue; taint; manual | -| 4 | Summary: github.com/astaxie/beego/utils; ; false; SliceIntersect; ; ; Argument[0..1]; ReturnValue; taint; manual | -| 4 | Summary: github.com/beego/beego/core/utils; ; false; SliceIntersect; ; ; Argument[0..1]; ReturnValue; taint; manual | -| 4 | Summary: github.com/beego/beego/utils; ; false; SliceIntersect; ; ; Argument[0..1]; ReturnValue; taint; manual | -| 5 | Summary: github.com/astaxie/beego/utils; ; false; SliceMerge; ; ; Argument[0..1]; ReturnValue; taint; manual | -| 5 | Summary: github.com/beego/beego/core/utils; ; false; SliceMerge; ; ; Argument[0..1]; ReturnValue; taint; manual | -| 5 | Summary: github.com/beego/beego/utils; ; false; SliceMerge; ; ; Argument[0..1]; ReturnValue; taint; manual | -| 6 | Summary: github.com/astaxie/beego/utils; ; false; SlicePad; ; ; Argument[0..2]; ReturnValue; taint; manual | -| 6 | Summary: github.com/beego/beego/core/utils; ; false; SlicePad; ; ; Argument[0..2]; ReturnValue; taint; manual | -| 6 | Summary: github.com/beego/beego/utils; ; false; SlicePad; ; ; Argument[0..2]; ReturnValue; taint; manual | -| 7 | Summary: github.com/astaxie/beego/utils; ; false; SliceRand; ; ; Argument[0]; ReturnValue; taint; manual | -| 7 | Summary: github.com/beego/beego/core/utils; ; false; SliceRand; ; ; Argument[0]; ReturnValue; taint; manual | -| 7 | Summary: github.com/beego/beego/utils; ; false; SliceRand; ; ; Argument[0]; ReturnValue; taint; manual | -| 8 | Summary: github.com/astaxie/beego/utils; ; false; SliceReduce; ; ; Argument[0]; ReturnValue; taint; manual | -| 8 | Summary: github.com/beego/beego/core/utils; ; false; SliceReduce; ; ; Argument[0]; ReturnValue; taint; manual | -| 8 | Summary: github.com/beego/beego/utils; ; false; SliceReduce; ; ; Argument[0]; ReturnValue; taint; manual | -| 9 | Summary: github.com/astaxie/beego/utils; ; false; SliceShuffle; ; ; Argument[0]; ReturnValue; taint; manual | -| 9 | Summary: github.com/beego/beego/core/utils; ; false; SliceShuffle; ; ; Argument[0]; ReturnValue; taint; manual | -| 9 | Summary: github.com/beego/beego/utils; ; false; SliceShuffle; ; ; Argument[0]; ReturnValue; taint; manual | -| 10 | Summary: github.com/astaxie/beego/utils; ; false; SliceUnique; ; ; Argument[0]; ReturnValue; taint; manual | -| 10 | Summary: github.com/beego/beego/core/utils; ; false; SliceUnique; ; ; Argument[0]; ReturnValue; taint; manual | -| 10 | Summary: github.com/beego/beego/utils; ; false; SliceUnique; ; ; Argument[0]; ReturnValue; taint; manual | -| 11 | Summary: github.com/astaxie/beego/utils; BeeMap; true; Get; ; ; Argument[receiver]; ReturnValue; taint; manual | -| 11 | Summary: github.com/beego/beego/core/utils; BeeMap; true; Get; ; ; Argument[receiver]; ReturnValue; taint; manual | -| 11 | Summary: github.com/beego/beego/utils; BeeMap; true; Get; ; ; Argument[receiver]; ReturnValue; taint; manual | -| 12 | Summary: github.com/astaxie/beego/utils; BeeMap; true; Items; ; ; Argument[receiver]; ReturnValue; taint; manual | -| 12 | Summary: github.com/beego/beego/core/utils; BeeMap; true; Items; ; ; Argument[receiver]; ReturnValue; taint; manual | -| 12 | Summary: github.com/beego/beego/utils; BeeMap; true; Items; ; ; Argument[receiver]; ReturnValue; taint; manual | -| 13 | Summary: github.com/astaxie/beego/utils; BeeMap; true; Set; ; ; Argument[1]; Argument[receiver]; taint; manual | -| 13 | Summary: github.com/beego/beego/core/utils; BeeMap; true; Set; ; ; Argument[1]; Argument[receiver]; taint; manual | -| 13 | Summary: github.com/beego/beego/utils; BeeMap; true; Set; ; ; Argument[1]; Argument[receiver]; taint; manual | -| 14 | Source: github.com/astaxie/beego/context; BeegoInput; true; Bind; ; ; Argument[0]; remote; manual | -| 14 | Source: github.com/beego/beego/context; BeegoInput; true; Bind; ; ; Argument[0]; remote; manual | -| 14 | Source: github.com/beego/beego/server/web/context; BeegoInput; true; Bind; ; ; Argument[0]; remote; manual | -| 15 | Source: github.com/astaxie/beego/context; BeegoInput; true; Cookie; ; ; ReturnValue[0]; remote; manual | -| 15 | Source: github.com/beego/beego/context; BeegoInput; true; Cookie; ; ; ReturnValue[0]; remote; manual | -| 15 | Source: github.com/beego/beego/server/web/context; BeegoInput; true; Cookie; ; ; ReturnValue[0]; remote; manual | -| 16 | Source: github.com/astaxie/beego/context; BeegoInput; true; Data; ; ; ReturnValue[0]; remote; manual | -| 16 | Source: github.com/beego/beego/context; BeegoInput; true; Data; ; ; ReturnValue[0]; remote; manual | -| 16 | Source: github.com/beego/beego/server/web/context; BeegoInput; true; Data; ; ; ReturnValue[0]; remote; manual | -| 17 | Source: github.com/astaxie/beego/context; BeegoInput; true; GetData; ; ; ReturnValue[0]; remote; manual | -| 17 | Source: github.com/beego/beego/context; BeegoInput; true; GetData; ; ; ReturnValue[0]; remote; manual | -| 17 | Source: github.com/beego/beego/server/web/context; BeegoInput; true; GetData; ; ; ReturnValue[0]; remote; manual | -| 18 | Source: github.com/astaxie/beego/context; BeegoInput; true; Header; ; ; ReturnValue[0]; remote; manual | -| 18 | Source: github.com/beego/beego/context; BeegoInput; true; Header; ; ; ReturnValue[0]; remote; manual | -| 18 | Source: github.com/beego/beego/server/web/context; BeegoInput; true; Header; ; ; ReturnValue[0]; remote; manual | -| 19 | Source: github.com/astaxie/beego/context; BeegoInput; true; Param; ; ; ReturnValue[0]; remote; manual | -| 19 | Source: github.com/beego/beego/context; BeegoInput; true; Param; ; ; ReturnValue[0]; remote; manual | -| 19 | Source: github.com/beego/beego/server/web/context; BeegoInput; true; Param; ; ; ReturnValue[0]; remote; manual | -| 20 | Source: github.com/astaxie/beego/context; BeegoInput; true; Params; ; ; ReturnValue[0]; remote; manual | -| 20 | Source: github.com/beego/beego/context; BeegoInput; true; Params; ; ; ReturnValue[0]; remote; manual | -| 20 | Source: github.com/beego/beego/server/web/context; BeegoInput; true; Params; ; ; ReturnValue[0]; remote; manual | -| 21 | Source: github.com/astaxie/beego/context; BeegoInput; true; Query; ; ; ReturnValue[0]; remote; manual | -| 21 | Source: github.com/beego/beego/context; BeegoInput; true; Query; ; ; ReturnValue[0]; remote; manual | -| 21 | Source: github.com/beego/beego/server/web/context; BeegoInput; true; Query; ; ; ReturnValue[0]; remote; manual | -| 22 | Source: github.com/astaxie/beego/context; BeegoInput; true; Refer; ; ; ReturnValue[0]; remote; manual | -| 22 | Source: github.com/beego/beego/context; BeegoInput; true; Refer; ; ; ReturnValue[0]; remote; manual | -| 22 | Source: github.com/beego/beego/server/web/context; BeegoInput; true; Refer; ; ; ReturnValue[0]; remote; manual | -| 23 | Source: github.com/astaxie/beego/context; BeegoInput; true; Referer; ; ; ReturnValue[0]; remote; manual | -| 23 | Source: github.com/beego/beego/context; BeegoInput; true; Referer; ; ; ReturnValue[0]; remote; manual | -| 23 | Source: github.com/beego/beego/server/web/context; BeegoInput; true; Referer; ; ; ReturnValue[0]; remote; manual | -| 24 | Source: github.com/astaxie/beego/context; BeegoInput; true; URI; ; ; ReturnValue[0]; remote; manual | -| 24 | Source: github.com/beego/beego/context; BeegoInput; true; URI; ; ; ReturnValue[0]; remote; manual | -| 24 | Source: github.com/beego/beego/server/web/context; BeegoInput; true; URI; ; ; ReturnValue[0]; remote; manual | -| 25 | Source: github.com/astaxie/beego/context; BeegoInput; true; URL; ; ; ReturnValue[0]; remote; manual | -| 25 | Source: github.com/beego/beego/context; BeegoInput; true; URL; ; ; ReturnValue[0]; remote; manual | -| 25 | Source: github.com/beego/beego/server/web/context; BeegoInput; true; URL; ; ; ReturnValue[0]; remote; manual | -| 26 | Source: github.com/astaxie/beego/context; BeegoInput; true; UserAgent; ; ; ReturnValue[0]; remote; manual | -| 26 | Source: github.com/beego/beego/context; BeegoInput; true; UserAgent; ; ; ReturnValue[0]; remote; manual | -| 26 | Source: github.com/beego/beego/server/web/context; BeegoInput; true; UserAgent; ; ; ReturnValue[0]; remote; manual | -| 27 | Source: github.com/astaxie/beego/context; Context; true; GetCookie; ; ; ReturnValue; remote; manual | -| 27 | Source: github.com/beego/beego/context; Context; true; GetCookie; ; ; ReturnValue; remote; manual | -| 27 | Source: github.com/beego/beego/server/web/context; Context; true; GetCookie; ; ; ReturnValue; remote; manual | -| 28 | Summary: github.com/astaxie/beego; ; false; HTML2str; ; ; Argument[0]; ReturnValue; taint; manual | -| 28 | Summary: github.com/beego/beego/server/web; ; false; HTML2str; ; ; Argument[0]; ReturnValue; taint; manual | -| 28 | Summary: github.com/beego/beego; ; false; HTML2str; ; ; Argument[0]; ReturnValue; taint; manual | -| 29 | Summary: github.com/astaxie/beego; ; false; Htmlunquote; ; ; Argument[0]; ReturnValue; taint; manual | -| 29 | Summary: github.com/beego/beego/server/web; ; false; Htmlunquote; ; ; Argument[0]; ReturnValue; taint; manual | -| 29 | Summary: github.com/beego/beego; ; false; Htmlunquote; ; ; Argument[0]; ReturnValue; taint; manual | -| 30 | Summary: github.com/astaxie/beego; ; false; MapGet; ; ; Argument[0]; ReturnValue[0]; taint; manual | -| 30 | Summary: github.com/beego/beego/server/web; ; false; MapGet; ; ; Argument[0]; ReturnValue[0]; taint; manual | -| 30 | Summary: github.com/beego/beego; ; false; MapGet; ; ; Argument[0]; ReturnValue[0]; taint; manual | -| 31 | Summary: github.com/astaxie/beego; ; false; ParseForm; ; ; Argument[0]; Argument[1]; taint; manual | -| 31 | Summary: github.com/beego/beego/server/web; ; false; ParseForm; ; ; Argument[0]; Argument[1]; taint; manual | -| 31 | Summary: github.com/beego/beego; ; false; ParseForm; ; ; Argument[0]; Argument[1]; taint; manual | -| 32 | Summary: github.com/astaxie/beego; ; false; Str2html; ; ; Argument[0]; ReturnValue; taint; manual | -| 32 | Summary: github.com/beego/beego/server/web; ; false; Str2html; ; ; Argument[0]; ReturnValue; taint; manual | -| 32 | Summary: github.com/beego/beego; ; false; Str2html; ; ; Argument[0]; ReturnValue; taint; manual | -| 33 | Summary: github.com/astaxie/beego; ; false; Substr; ; ; Argument[0]; ReturnValue; taint; manual | -| 33 | Summary: github.com/beego/beego/server/web; ; false; Substr; ; ; Argument[0]; ReturnValue; taint; manual | -| 33 | Summary: github.com/beego/beego; ; false; Substr; ; ; Argument[0]; ReturnValue; taint; manual | -| 34 | Source: github.com/astaxie/beego; Controller; true; ParseForm; ; ; Argument[0]; remote; manual | -| 34 | Source: github.com/beego/beego/server/web; Controller; true; ParseForm; ; ; Argument[0]; remote; manual | -| 34 | Source: github.com/beego/beego; Controller; true; ParseForm; ; ; Argument[0]; remote; manual | -| 35 | Source: github.com/astaxie/beego; Controller; true; GetFile; ; ; ReturnValue[0..1]; remote; manual | -| 35 | Source: github.com/beego/beego/server/web; Controller; true; GetFile; ; ; ReturnValue[0..1]; remote; manual | -| 35 | Source: github.com/beego/beego; Controller; true; GetFile; ; ; ReturnValue[0..1]; remote; manual | -| 36 | Source: github.com/astaxie/beego; Controller; true; GetFiles; ; ; ReturnValue[0]; remote; manual | -| 36 | Source: github.com/beego/beego/server/web; Controller; true; GetFiles; ; ; ReturnValue[0]; remote; manual | -| 36 | Source: github.com/beego/beego; Controller; true; GetFiles; ; ; ReturnValue[0]; remote; manual | -| 37 | Source: github.com/astaxie/beego; Controller; true; GetString; ; ; ReturnValue[0]; remote; manual | -| 37 | Source: github.com/beego/beego/server/web; Controller; true; GetString; ; ; ReturnValue[0]; remote; manual | -| 37 | Source: github.com/beego/beego; Controller; true; GetString; ; ; ReturnValue[0]; remote; manual | -| 38 | Source: github.com/astaxie/beego; Controller; true; GetStrings; ; ; ReturnValue[0]; remote; manual | -| 38 | Source: github.com/beego/beego/server/web; Controller; true; GetStrings; ; ; ReturnValue[0]; remote; manual | -| 38 | Source: github.com/beego/beego; Controller; true; GetStrings; ; ; ReturnValue[0]; remote; manual | -| 39 | Source: github.com/astaxie/beego; Controller; true; Input; ; ; ReturnValue[0]; remote; manual | -| 39 | Source: github.com/beego/beego/server/web; Controller; true; Input; ; ; ReturnValue[0]; remote; manual | -| 39 | Source: github.com/beego/beego; Controller; true; Input; ; ; ReturnValue[0]; remote; manual | +| 1 | Summary: group:beego-utils; ; false; SliceChunk; ; ; Argument[0]; ReturnValue; taint; manual | +| 2 | Summary: group:beego-utils; ; false; SliceDiff; ; ; Argument[0]; ReturnValue; taint; manual | +| 3 | Summary: group:beego-utils; ; false; SliceFilter; ; ; Argument[0]; ReturnValue; taint; manual | +| 4 | Summary: group:beego-utils; ; false; SliceIntersect; ; ; Argument[0..1]; ReturnValue; taint; manual | +| 5 | Summary: group:beego-utils; ; false; SliceMerge; ; ; Argument[0..1]; ReturnValue; taint; manual | +| 6 | Summary: group:beego-utils; ; false; SlicePad; ; ; Argument[0..2]; ReturnValue; taint; manual | +| 7 | Summary: group:beego-utils; ; false; SliceRand; ; ; Argument[0]; ReturnValue; taint; manual | +| 8 | Summary: group:beego-utils; ; false; SliceReduce; ; ; Argument[0]; ReturnValue; taint; manual | +| 9 | Summary: group:beego-utils; ; false; SliceShuffle; ; ; Argument[0]; ReturnValue; taint; manual | +| 10 | Summary: group:beego-utils; ; false; SliceUnique; ; ; Argument[0]; ReturnValue; taint; manual | +| 11 | Summary: group:beego-utils; BeeMap; true; Get; ; ; Argument[receiver]; ReturnValue; taint; manual | +| 12 | Summary: group:beego-utils; BeeMap; true; Items; ; ; Argument[receiver]; ReturnValue; taint; manual | +| 13 | Summary: group:beego-utils; BeeMap; true; Set; ; ; Argument[1]; Argument[receiver]; taint; manual | +| 14 | Source: group:beego-context; BeegoInput; true; Bind; ; ; Argument[0]; remote; manual | +| 15 | Source: group:beego-context; BeegoInput; true; Cookie; ; ; ReturnValue[0]; remote; manual | +| 16 | Source: group:beego-context; BeegoInput; true; Data; ; ; ReturnValue[0]; remote; manual | +| 17 | Source: group:beego-context; BeegoInput; true; GetData; ; ; ReturnValue[0]; remote; manual | +| 18 | Source: group:beego-context; BeegoInput; true; Header; ; ; ReturnValue[0]; remote; manual | +| 19 | Source: group:beego-context; BeegoInput; true; Param; ; ; ReturnValue[0]; remote; manual | +| 20 | Source: group:beego-context; BeegoInput; true; Params; ; ; ReturnValue[0]; remote; manual | +| 21 | Source: group:beego-context; BeegoInput; true; Query; ; ; ReturnValue[0]; remote; manual | +| 22 | Source: group:beego-context; BeegoInput; true; Refer; ; ; ReturnValue[0]; remote; manual | +| 23 | Source: group:beego-context; BeegoInput; true; Referer; ; ; ReturnValue[0]; remote; manual | +| 24 | Source: group:beego-context; BeegoInput; true; URI; ; ; ReturnValue[0]; remote; manual | +| 25 | Source: group:beego-context; BeegoInput; true; URL; ; ; ReturnValue[0]; remote; manual | +| 26 | Source: group:beego-context; BeegoInput; true; UserAgent; ; ; ReturnValue[0]; remote; manual | +| 27 | Source: group:beego-context; Context; true; GetCookie; ; ; ReturnValue; remote; manual | +| 28 | Summary: group:beego; ; false; HTML2str; ; ; Argument[0]; ReturnValue; taint; manual | +| 29 | Summary: group:beego; ; false; Htmlunquote; ; ; Argument[0]; ReturnValue; taint; manual | +| 30 | Summary: group:beego; ; false; MapGet; ; ; Argument[0]; ReturnValue[0]; taint; manual | +| 31 | Summary: group:beego; ; false; ParseForm; ; ; Argument[0]; Argument[1]; taint; manual | +| 32 | Summary: group:beego; ; false; Str2html; ; ; Argument[0]; ReturnValue; taint; manual | +| 33 | Summary: group:beego; ; false; Substr; ; ; Argument[0]; ReturnValue; taint; manual | +| 34 | Source: group:beego; Controller; true; ParseForm; ; ; Argument[0]; remote; manual | +| 35 | Source: group:beego; Controller; true; GetFile; ; ; ReturnValue[0..1]; remote; manual | +| 36 | Source: group:beego; Controller; true; GetFiles; ; ; ReturnValue[0]; remote; manual | +| 37 | Source: group:beego; Controller; true; GetString; ; ; ReturnValue[0]; remote; manual | +| 38 | Source: group:beego; Controller; true; GetStrings; ; ; ReturnValue[0]; remote; manual | +| 39 | Source: group:beego; Controller; true; Input; ; ; ReturnValue[0]; remote; manual | | 40 | Summary: io/ioutil; ; false; ReadAll; ; ; Argument[0]; ReturnValue[0]; taint; manual | | 41 | Source: net/http; Request; true; Form; ; ; ; remote; manual | nodes diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Beego/TaintedPath.expected b/go/ql/test/library-tests/semmle/go/frameworks/Beego/TaintedPath.expected index 5b6213e6e857..420f2105dce2 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Beego/TaintedPath.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Beego/TaintedPath.expected @@ -17,12 +17,8 @@ edges | test.go:340:15:340:26 | call to Data | test.go:344:23:344:31 | untrusted | provenance | Src:MaD:2 | models | 1 | Summary: encoding/json; ; false; Unmarshal; ; ; Argument[0]; Argument[1]; taint; manual | -| 2 | Source: github.com/astaxie/beego/context; BeegoInput; true; Data; ; ; ReturnValue[0]; remote; manual | -| 2 | Source: github.com/beego/beego/context; BeegoInput; true; Data; ; ; ReturnValue[0]; remote; manual | -| 2 | Source: github.com/beego/beego/server/web/context; BeegoInput; true; Data; ; ; ReturnValue[0]; remote; manual | -| 3 | Source: github.com/astaxie/beego/context; BeegoInput; true; RequestBody; ; ; ; remote; manual | -| 3 | Source: github.com/beego/beego/context; BeegoInput; true; RequestBody; ; ; ; remote; manual | -| 3 | Source: github.com/beego/beego/server/web/context; BeegoInput; true; RequestBody; ; ; ; remote; manual | +| 2 | Source: group:beego-context; BeegoInput; true; Data; ; ; ReturnValue[0]; remote; manual | +| 3 | Source: group:beego-context; BeegoInput; true; RequestBody; ; ; ; remote; manual | nodes | test.go:215:15:215:26 | call to Data | semmle.label | call to Data | | test.go:216:18:216:26 | untrusted | semmle.label | untrusted | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Revel/OpenRedirect.expected b/go/ql/test/library-tests/semmle/go/frameworks/Revel/OpenRedirect.expected index 0312e5cdeee6..41ec583b6e0c 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Revel/OpenRedirect.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Revel/OpenRedirect.expected @@ -7,8 +7,7 @@ edges | EndToEnd.go:94:20:94:27 | selection of Params | EndToEnd.go:94:20:94:32 | selection of Form | provenance | Src:MaD:1 Config | | EndToEnd.go:94:20:94:32 | selection of Form | EndToEnd.go:94:20:94:49 | call to Get | provenance | Config | models -| 1 | Source: github.com/revel/revel; Controller; true; Params; ; ; ; remote; manual | -| 1 | Source: github.com/robfig/revel; Controller; true; Params; ; ; ; remote; manual | +| 1 | Source: group:revel; Controller; true; Params; ; ; ; remote; manual | nodes | EndToEnd.go:94:20:94:27 | implicit dereference | semmle.label | implicit dereference | | EndToEnd.go:94:20:94:27 | selection of Params | semmle.label | selection of Params | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Revel/ReflectedXss.expected b/go/ql/test/library-tests/semmle/go/frameworks/Revel/ReflectedXss.expected index 418e722e2ac4..a53d2914fd1a 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Revel/ReflectedXss.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Revel/ReflectedXss.expected @@ -15,8 +15,7 @@ edges | examples/booking/app/init.go:36:44:36:48 | selection of URL | examples/booking/app/init.go:36:44:36:53 | selection of Path | provenance | Src:MaD:3 | | examples/booking/app/init.go:40:49:40:53 | selection of URL | examples/booking/app/init.go:40:49:40:58 | selection of Path | provenance | Src:MaD:3 | models -| 1 | Source: github.com/revel/revel; Controller; true; Params; ; ; ; remote; manual | -| 1 | Source: github.com/robfig/revel; Controller; true; Params; ; ; ; remote; manual | +| 1 | Source: group:revel; Controller; true; Params; ; ; ; remote; manual | | 2 | Summary: io; StringWriter; true; WriteString; ; ; Argument[0]; Argument[receiver]; taint; manual | | 3 | Source: net/http; Request; true; URL; ; ; ; remote; manual | | 4 | Summary: net/url; Values; true; Get; ; ; Argument[receiver]; ReturnValue; taint; manual | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Revel/TaintedPath.expected b/go/ql/test/library-tests/semmle/go/frameworks/Revel/TaintedPath.expected index 977b90affab9..1dd758c931ac 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Revel/TaintedPath.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Revel/TaintedPath.expected @@ -7,8 +7,7 @@ edges | EndToEnd.go:64:26:64:33 | selection of Params | EndToEnd.go:64:26:64:38 | selection of Form | provenance | Src:MaD:1 | | EndToEnd.go:64:26:64:38 | selection of Form | EndToEnd.go:64:26:64:55 | call to Get | provenance | MaD:2 | models -| 1 | Source: github.com/revel/revel; Controller; true; Params; ; ; ; remote; manual | -| 1 | Source: github.com/robfig/revel; Controller; true; Params; ; ; ; remote; manual | +| 1 | Source: group:revel; Controller; true; Params; ; ; ; remote; manual | | 2 | Summary: net/url; Values; true; Get; ; ; Argument[receiver]; ReturnValue; taint; manual | nodes | EndToEnd.go:58:18:58:25 | selection of Params | semmle.label | selection of Params | diff --git a/go/ql/test/query-tests/Security/CWE-347/MissingJwtSignatureCheck.expected b/go/ql/test/query-tests/Security/CWE-347/MissingJwtSignatureCheck.expected index 2b5c40da258f..3d3321f09477 100644 --- a/go/ql/test/query-tests/Security/CWE-347/MissingJwtSignatureCheck.expected +++ b/go/ql/test/query-tests/Security/CWE-347/MissingJwtSignatureCheck.expected @@ -15,14 +15,8 @@ edges | golang-jwt-v5.go:29:25:29:35 | signedToken | golang-jwt-v5.go:32:29:32:39 | definition of signedToken | provenance | | | golang-jwt-v5.go:32:29:32:39 | definition of signedToken | golang-jwt-v5.go:34:58:34:68 | signedToken | provenance | Sink:MaD:3 | models -| 1 | Sink: github.com/go-jose/go-jose/jwt; JSONWebToken; true; UnsafeClaimsWithoutVerification; ; ; Argument[receiver]; jwt; manual | -| 1 | Sink: github.com/square/go-jose/jwt; JSONWebToken; true; UnsafeClaimsWithoutVerification; ; ; Argument[receiver]; jwt; manual | -| 1 | Sink: gopkg.in/go-jose/go-jose/jwt; JSONWebToken; true; UnsafeClaimsWithoutVerification; ; ; Argument[receiver]; jwt; manual | -| 1 | Sink: gopkg.in/square/go-jose/jwt; JSONWebToken; true; UnsafeClaimsWithoutVerification; ; ; Argument[receiver]; jwt; manual | -| 2 | Summary: github.com/go-jose/go-jose/jwt; ; true; ParseSigned; ; ; Argument[0]; ReturnValue[0]; taint; manual | -| 2 | Summary: github.com/square/go-jose/jwt; ; true; ParseSigned; ; ; Argument[0]; ReturnValue[0]; taint; manual | -| 2 | Summary: gopkg.in/go-jose/go-jose/jwt; ; true; ParseSigned; ; ; Argument[0]; ReturnValue[0]; taint; manual | -| 2 | Summary: gopkg.in/square/go-jose/jwt; ; true; ParseSigned; ; ; Argument[0]; ReturnValue[0]; taint; manual | +| 1 | Sink: group:go-jose/jwt; JSONWebToken; true; UnsafeClaimsWithoutVerification; ; ; Argument[receiver]; jwt; manual | +| 2 | Summary: group:go-jose/jwt; ; true; ParseSigned; ; ; Argument[0]; ReturnValue[0]; taint; manual | | 3 | Sink: github.com/golang-jwt/jwt; Parser; true; ParseUnverified; ; ; Argument[0]; jwt; manual | | 4 | Source: net/http; Request; true; URL; ; ; ; remote; manual | | 5 | Summary: net/url; URL; true; Query; ; ; Argument[receiver]; ReturnValue; taint; manual | diff --git a/go/ql/test/query-tests/Security/CWE-643/XPathInjection.expected b/go/ql/test/query-tests/Security/CWE-643/XPathInjection.expected index 157c1b65222a..ae3c205ead67 100644 --- a/go/ql/test/query-tests/Security/CWE-643/XPathInjection.expected +++ b/go/ql/test/query-tests/Security/CWE-643/XPathInjection.expected @@ -124,33 +124,16 @@ models | 21 | Sink: github.com/ChrisTrenkamp/goxpath; ; true; MustParse; ; ; Argument[0]; xpath-injection; manual | | 22 | Sink: github.com/ChrisTrenkamp/goxpath; ; true; Parse; ; ; Argument[0]; xpath-injection; manual | | 23 | Sink: github.com/ChrisTrenkamp/goxpath; ; true; ParseExec; ; ; Argument[0]; xpath-injection; manual | -| 24 | Sink: github.com/crankycoder/xmlpath; ; true; Compile; ; ; Argument[0]; xpath-injection; manual | -| 24 | Sink: github.com/go-xmlpath/xmlpath; ; true; Compile; ; ; Argument[0]; xpath-injection; manual | -| 24 | Sink: github.com/going/toolkit/xmlpath; ; true; Compile; ; ; Argument[0]; xpath-injection; manual | -| 24 | Sink: github.com/masterzen/xmlpath; ; true; Compile; ; ; Argument[0]; xpath-injection; manual | -| 24 | Sink: gopkg.in/go-xmlpath/xmlpath; ; true; Compile; ; ; Argument[0]; xpath-injection; manual | -| 24 | Sink: gopkg.in/xmlpath; ; true; Compile; ; ; Argument[0]; xpath-injection; manual | -| 24 | Sink: launchpad.net/xmlpath; ; true; Compile; ; ; Argument[0]; xpath-injection; manual | -| 25 | Sink: github.com/crankycoder/xmlpath; ; true; MustCompile; ; ; Argument[0]; xpath-injection; manual | -| 25 | Sink: github.com/go-xmlpath/xmlpath; ; true; MustCompile; ; ; Argument[0]; xpath-injection; manual | -| 25 | Sink: github.com/going/toolkit/xmlpath; ; true; MustCompile; ; ; Argument[0]; xpath-injection; manual | -| 25 | Sink: github.com/masterzen/xmlpath; ; true; MustCompile; ; ; Argument[0]; xpath-injection; manual | -| 25 | Sink: gopkg.in/go-xmlpath/xmlpath; ; true; MustCompile; ; ; Argument[0]; xpath-injection; manual | -| 25 | Sink: gopkg.in/xmlpath; ; true; MustCompile; ; ; Argument[0]; xpath-injection; manual | -| 25 | Sink: launchpad.net/xmlpath; ; true; MustCompile; ; ; Argument[0]; xpath-injection; manual | +| 24 | Sink: group:xmlpath; ; true; Compile; ; ; Argument[0]; xpath-injection; manual | +| 25 | Sink: group:xmlpath; ; true; MustCompile; ; ; Argument[0]; xpath-injection; manual | | 26 | Sink: github.com/lestrrat-go/libxml2/parser; Parser; true; Parse; ; ; Argument[0]; xpath-injection; manual | | 27 | Sink: github.com/lestrrat-go/libxml2/parser; Parser; true; ParseReader; ; ; Argument[0]; xpath-injection; manual | | 28 | Sink: github.com/lestrrat-go/libxml2/parser; Parser; true; ParseString; ; ; Argument[0]; xpath-injection; manual | -| 29 | Sink: github.com/jbowtie/gokogiri/xml; Node; true; Search; ; ; Argument[0]; xpath-injection; manual | -| 29 | Sink: github.com/moovweb/gokogiri/xml; Node; true; Search; ; ; Argument[0]; xpath-injection; manual | -| 30 | Sink: github.com/jbowtie/gokogiri/xml; Node; true; SearchWithVariables; ; ; Argument[0]; xpath-injection; manual | -| 30 | Sink: github.com/moovweb/gokogiri/xml; Node; true; SearchWithVariables; ; ; Argument[0]; xpath-injection; manual | -| 31 | Sink: github.com/jbowtie/gokogiri/xml; Node; true; EvalXPath; ; ; Argument[0]; xpath-injection; manual | -| 31 | Sink: github.com/moovweb/gokogiri/xml; Node; true; EvalXPath; ; ; Argument[0]; xpath-injection; manual | -| 32 | Sink: github.com/jbowtie/gokogiri/xml; Node; true; EvalXPathAsBoolean; ; ; Argument[0]; xpath-injection; manual | -| 32 | Sink: github.com/moovweb/gokogiri/xml; Node; true; EvalXPathAsBoolean; ; ; Argument[0]; xpath-injection; manual | -| 33 | Sink: github.com/jbowtie/gokogiri/xpath; ; true; Compile; ; ; Argument[0]; xpath-injection; manual | -| 33 | Sink: github.com/moovweb/gokogiri/xpath; ; true; Compile; ; ; Argument[0]; xpath-injection; manual | +| 29 | Sink: group:gokogiri/xml; Node; true; Search; ; ; Argument[0]; xpath-injection; manual | +| 30 | Sink: group:gokogiri/xml; Node; true; SearchWithVariables; ; ; Argument[0]; xpath-injection; manual | +| 31 | Sink: group:gokogiri/xml; Node; true; EvalXPath; ; ; Argument[0]; xpath-injection; manual | +| 32 | Sink: group:gokogiri/xml; Node; true; EvalXPathAsBoolean; ; ; Argument[0]; xpath-injection; manual | +| 33 | Sink: group:gokogiri/xpath; ; true; Compile; ; ; Argument[0]; xpath-injection; manual | | 34 | Sink: github.com/santhosh-tekuri/xpathparser; ; true; Parse; ; ; Argument[0]; xpath-injection; manual | | 35 | Sink: github.com/santhosh-tekuri/xpathparser; ; true; MustParse; ; ; Argument[0]; xpath-injection; manual | | 36 | Source: net/http; Request; true; Form; ; ; ; remote; manual | From d704fd9682a858f04c56a2a2011302fc39735441 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 6 Aug 2024 16:45:48 +0100 Subject: [PATCH 04/12] C++: Accept test changes caused by new CLI version. --- .../dataflow/external-models/flow.expected | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/cpp/ql/test/library-tests/dataflow/external-models/flow.expected b/cpp/ql/test/library-tests/dataflow/external-models/flow.expected index 4343816afaa8..cbeabc52c5d5 100644 --- a/cpp/ql/test/library-tests/dataflow/external-models/flow.expected +++ b/cpp/ql/test/library-tests/dataflow/external-models/flow.expected @@ -11,14 +11,14 @@ edges | asio_streams.cpp:100:44:100:62 | call to buffer | asio_streams.cpp:103:29:103:39 | *send_buffer | provenance | Sink:MaD:6 | | asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | provenance | | | asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:100:44:100:62 | call to buffer | provenance | MaD:10 | -| test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | test.cpp:4:5:4:11 | [summary] to write: ReturnValue in ymlStep | provenance | MaD:2 | -| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:7:10:7:18 | call to ymlSource | provenance | Src:MaD:0 | -| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:11:10:11:10 | x | provenance | Sink:MaD:1 | +| test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | test.cpp:4:5:4:11 | [summary] to write: ReturnValue in ymlStep | provenance | MaD:644 | +| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:7:10:7:18 | call to ymlSource | provenance | Src:MaD:642 | +| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:11:10:11:10 | x | provenance | Sink:MaD:643 | | test.cpp:7:10:7:18 | call to ymlSource | test.cpp:13:18:13:18 | x | provenance | | | test.cpp:13:10:13:16 | call to ymlStep | test.cpp:13:10:13:16 | call to ymlStep | provenance | | -| test.cpp:13:10:13:16 | call to ymlStep | test.cpp:15:10:15:10 | y | provenance | Sink:MaD:1 | +| test.cpp:13:10:13:16 | call to ymlStep | test.cpp:15:10:15:10 | y | provenance | Sink:MaD:643 | | test.cpp:13:18:13:18 | x | test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | provenance | | -| test.cpp:13:18:13:18 | x | test.cpp:13:10:13:16 | call to ymlStep | provenance | MaD:2 | +| test.cpp:13:18:13:18 | x | test.cpp:13:10:13:16 | call to ymlStep | provenance | MaD:644 | nodes | asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | semmle.label | [summary param] *0 in buffer | | asio_streams.cpp:56:18:56:23 | [summary] to write: ReturnValue in buffer | semmle.label | [summary] to write: ReturnValue in buffer | From 78cd3d83326eeece6d204968fb96970559642545 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Tue, 6 Aug 2024 15:43:08 +0200 Subject: [PATCH 05/12] C#: Update expected test output --- .../external-models/ExternalFlow.expected | 54 +++++++++---------- .../threat-models-flowtest2.expected | 2 +- .../threat-models-flowtest3.expected | 6 +-- .../threat-models-flowtest4.expected | 8 +-- .../threat-models-flowtest5.expected | 4 +- .../threat-models-flowtest6.expected | 4 +- 6 files changed, 39 insertions(+), 39 deletions(-) diff --git a/csharp/ql/test/library-tests/dataflow/external-models/ExternalFlow.expected b/csharp/ql/test/library-tests/dataflow/external-models/ExternalFlow.expected index 6e294f0300f6..794ac23ce6b5 100644 --- a/csharp/ql/test/library-tests/dataflow/external-models/ExternalFlow.expected +++ b/csharp/ql/test/library-tests/dataflow/external-models/ExternalFlow.expected @@ -2,100 +2,100 @@ invalidModelRow edges | ExternalFlow.cs:9:20:9:23 | access to local variable arg1 : Object | ExternalFlow.cs:10:29:10:32 | access to local variable arg1 : Object | provenance | | | ExternalFlow.cs:9:27:9:38 | object creation of type Object : Object | ExternalFlow.cs:9:20:9:23 | access to local variable arg1 : Object | provenance | | -| ExternalFlow.cs:10:29:10:32 | access to local variable arg1 : Object | ExternalFlow.cs:10:18:10:33 | call to method StepArgRes | provenance | MaD:0 | +| ExternalFlow.cs:10:29:10:32 | access to local variable arg1 : Object | ExternalFlow.cs:10:18:10:33 | call to method StepArgRes | provenance | MaD:52966 | | ExternalFlow.cs:15:20:15:25 | access to local variable argIn1 : Object | ExternalFlow.cs:17:24:17:29 | access to local variable argIn1 : Object | provenance | | | ExternalFlow.cs:15:29:15:40 | object creation of type Object : Object | ExternalFlow.cs:15:20:15:25 | access to local variable argIn1 : Object | provenance | | | ExternalFlow.cs:16:20:16:26 | access to local variable argOut1 : Object | ExternalFlow.cs:18:18:18:24 | access to local variable argOut1 | provenance | | | ExternalFlow.cs:16:30:16:41 | object creation of type Object : Object | ExternalFlow.cs:16:20:16:26 | access to local variable argOut1 : Object | provenance | | -| ExternalFlow.cs:17:24:17:29 | access to local variable argIn1 : Object | ExternalFlow.cs:17:32:17:38 | [post] access to local variable argOut1 : Object | provenance | MaD:1 | +| ExternalFlow.cs:17:24:17:29 | access to local variable argIn1 : Object | ExternalFlow.cs:17:32:17:38 | [post] access to local variable argOut1 : Object | provenance | MaD:52967 | | ExternalFlow.cs:17:32:17:38 | [post] access to local variable argOut1 : Object | ExternalFlow.cs:18:18:18:24 | access to local variable argOut1 | provenance | | | ExternalFlow.cs:23:20:23:23 | access to local variable arg2 : Object | ExternalFlow.cs:24:25:24:28 | access to local variable arg2 : Object | provenance | | | ExternalFlow.cs:23:27:23:38 | object creation of type Object : Object | ExternalFlow.cs:23:20:23:23 | access to local variable arg2 : Object | provenance | | | ExternalFlow.cs:24:13:24:29 | [post] this access : D | ExternalFlow.cs:25:18:25:21 | this access | provenance | | -| ExternalFlow.cs:24:25:24:28 | access to local variable arg2 : Object | ExternalFlow.cs:24:13:24:29 | [post] this access : D | provenance | MaD:2 | +| ExternalFlow.cs:24:25:24:28 | access to local variable arg2 : Object | ExternalFlow.cs:24:13:24:29 | [post] this access : D | provenance | MaD:52968 | | ExternalFlow.cs:30:13:30:16 | [post] this access : D [field Field] : Object | ExternalFlow.cs:31:18:31:21 | this access : D [field Field] : Object | provenance | | | ExternalFlow.cs:30:26:30:37 | object creation of type Object : Object | ExternalFlow.cs:30:13:30:16 | [post] this access : D [field Field] : Object | provenance | | -| ExternalFlow.cs:31:18:31:21 | this access : D [field Field] : Object | ExternalFlow.cs:31:18:31:39 | call to method StepFieldGetter | provenance | MaD:3 | +| ExternalFlow.cs:31:18:31:21 | this access : D [field Field] : Object | ExternalFlow.cs:31:18:31:39 | call to method StepFieldGetter | provenance | MaD:52969 | | ExternalFlow.cs:36:19:36:62 | (...) ... : D [field Field] : Object | ExternalFlow.cs:36:18:36:69 | access to field Field | provenance | | | ExternalFlow.cs:36:22:36:25 | [post] this access : D [field Field] : Object | ExternalFlow.cs:37:18:37:21 | this access : D [field Field] : Object | provenance | | | ExternalFlow.cs:36:22:36:55 | call to method StepFieldSetter : D [field Field2, field Field] : Object | ExternalFlow.cs:36:22:36:62 | access to field Field2 : Object [field Field] : Object | provenance | | | ExternalFlow.cs:36:22:36:62 | access to field Field2 : Object [field Field] : Object | ExternalFlow.cs:36:19:36:62 | (...) ... : D [field Field] : Object | provenance | | -| ExternalFlow.cs:36:43:36:54 | object creation of type Object : Object | ExternalFlow.cs:36:22:36:25 | [post] this access : D [field Field] : Object | provenance | MaD:4 | -| ExternalFlow.cs:36:43:36:54 | object creation of type Object : Object | ExternalFlow.cs:36:22:36:55 | call to method StepFieldSetter : D [field Field2, field Field] : Object | provenance | MaD:4+MaD:5 | +| ExternalFlow.cs:36:43:36:54 | object creation of type Object : Object | ExternalFlow.cs:36:22:36:25 | [post] this access : D [field Field] : Object | provenance | MaD:52970 | +| ExternalFlow.cs:36:43:36:54 | object creation of type Object : Object | ExternalFlow.cs:36:22:36:55 | call to method StepFieldSetter : D [field Field2, field Field] : Object | provenance | MaD:52970+MaD:52971 | | ExternalFlow.cs:37:18:37:21 | this access : D [field Field] : Object | ExternalFlow.cs:37:18:37:27 | access to field Field | provenance | | | ExternalFlow.cs:42:13:42:16 | [post] this access : D [property Property] : Object | ExternalFlow.cs:43:18:43:21 | this access : D [property Property] : Object | provenance | | | ExternalFlow.cs:42:29:42:40 | object creation of type Object : Object | ExternalFlow.cs:42:13:42:16 | [post] this access : D [property Property] : Object | provenance | | -| ExternalFlow.cs:43:18:43:21 | this access : D [property Property] : Object | ExternalFlow.cs:43:18:43:42 | call to method StepPropertyGetter | provenance | MaD:6 | +| ExternalFlow.cs:43:18:43:21 | this access : D [property Property] : Object | ExternalFlow.cs:43:18:43:42 | call to method StepPropertyGetter | provenance | MaD:52972 | | ExternalFlow.cs:48:13:48:16 | [post] this access : D [property Property] : Object | ExternalFlow.cs:49:18:49:21 | this access : D [property Property] : Object | provenance | | -| ExternalFlow.cs:48:37:48:48 | object creation of type Object : Object | ExternalFlow.cs:48:13:48:16 | [post] this access : D [property Property] : Object | provenance | MaD:7 | +| ExternalFlow.cs:48:37:48:48 | object creation of type Object : Object | ExternalFlow.cs:48:13:48:16 | [post] this access : D [property Property] : Object | provenance | MaD:52973 | | ExternalFlow.cs:49:18:49:21 | this access : D [property Property] : Object | ExternalFlow.cs:49:18:49:30 | access to property Property | provenance | | | ExternalFlow.cs:54:13:54:16 | [post] this access : D [element] : Object | ExternalFlow.cs:55:18:55:21 | this access : D [element] : Object | provenance | | -| ExternalFlow.cs:54:36:54:47 | object creation of type Object : Object | ExternalFlow.cs:54:13:54:16 | [post] this access : D [element] : Object | provenance | MaD:9 | -| ExternalFlow.cs:55:18:55:21 | this access : D [element] : Object | ExternalFlow.cs:55:18:55:41 | call to method StepElementGetter | provenance | MaD:8 | +| ExternalFlow.cs:54:36:54:47 | object creation of type Object : Object | ExternalFlow.cs:54:13:54:16 | [post] this access : D [element] : Object | provenance | MaD:52975 | +| ExternalFlow.cs:55:18:55:21 | this access : D [element] : Object | ExternalFlow.cs:55:18:55:41 | call to method StepElementGetter | provenance | MaD:52974 | | ExternalFlow.cs:60:35:60:35 | o : Object | ExternalFlow.cs:60:47:60:47 | access to parameter o | provenance | | -| ExternalFlow.cs:60:64:60:75 | object creation of type Object : Object | ExternalFlow.cs:60:35:60:35 | o : Object | provenance | MaD:10 | +| ExternalFlow.cs:60:64:60:75 | object creation of type Object : Object | ExternalFlow.cs:60:35:60:35 | o : Object | provenance | MaD:52976 | | ExternalFlow.cs:65:17:65:17 | access to local variable o : Object | ExternalFlow.cs:66:18:66:18 | access to local variable o | provenance | | | ExternalFlow.cs:65:21:65:60 | call to method Apply : Object | ExternalFlow.cs:65:17:65:17 | access to local variable o : Object | provenance | | -| ExternalFlow.cs:65:45:65:56 | object creation of type Object : Object | ExternalFlow.cs:65:21:65:60 | call to method Apply : Object | provenance | MaD:11 | +| ExternalFlow.cs:65:45:65:56 | object creation of type Object : Object | ExternalFlow.cs:65:21:65:60 | call to method Apply : Object | provenance | MaD:52977 | | ExternalFlow.cs:71:17:71:20 | access to local variable objs : null [element] : Object | ExternalFlow.cs:72:17:72:20 | access to local variable objs : null [element] : Object | provenance | | | ExternalFlow.cs:71:30:71:45 | { ..., ... } : null [element] : Object | ExternalFlow.cs:71:17:71:20 | access to local variable objs : null [element] : Object | provenance | | | ExternalFlow.cs:71:32:71:43 | object creation of type Object : Object | ExternalFlow.cs:71:30:71:45 | { ..., ... } : null [element] : Object | provenance | | -| ExternalFlow.cs:72:17:72:20 | access to local variable objs : null [element] : Object | ExternalFlow.cs:72:23:72:23 | o : Object | provenance | MaD:14 | +| ExternalFlow.cs:72:17:72:20 | access to local variable objs : null [element] : Object | ExternalFlow.cs:72:23:72:23 | o : Object | provenance | MaD:52980 | | ExternalFlow.cs:72:23:72:23 | o : Object | ExternalFlow.cs:72:35:72:35 | access to parameter o | provenance | | | ExternalFlow.cs:77:17:77:20 | access to local variable objs : T[] [element] : Object | ExternalFlow.cs:78:18:78:21 | access to local variable objs : T[] [element] : Object | provenance | | | ExternalFlow.cs:77:24:77:58 | call to method Map : T[] [element] : Object | ExternalFlow.cs:77:17:77:20 | access to local variable objs : T[] [element] : Object | provenance | | -| ExternalFlow.cs:77:46:77:57 | object creation of type Object : Object | ExternalFlow.cs:77:24:77:58 | call to method Map : T[] [element] : Object | provenance | MaD:15 | +| ExternalFlow.cs:77:46:77:57 | object creation of type Object : Object | ExternalFlow.cs:77:24:77:58 | call to method Map : T[] [element] : Object | provenance | MaD:52981 | | ExternalFlow.cs:78:18:78:21 | access to local variable objs : T[] [element] : Object | ExternalFlow.cs:78:18:78:24 | access to array element | provenance | | | ExternalFlow.cs:83:17:83:20 | access to local variable objs : null [element] : Object | ExternalFlow.cs:84:29:84:32 | access to local variable objs : null [element] : Object | provenance | | | ExternalFlow.cs:83:30:83:45 | { ..., ... } : null [element] : Object | ExternalFlow.cs:83:17:83:20 | access to local variable objs : null [element] : Object | provenance | | | ExternalFlow.cs:83:32:83:43 | object creation of type Object : Object | ExternalFlow.cs:83:30:83:45 | { ..., ... } : null [element] : Object | provenance | | | ExternalFlow.cs:84:17:84:21 | access to local variable objs2 : T[] [element] : Object | ExternalFlow.cs:85:18:85:22 | access to local variable objs2 : T[] [element] : Object | provenance | | | ExternalFlow.cs:84:25:84:41 | call to method Map : T[] [element] : Object | ExternalFlow.cs:84:17:84:21 | access to local variable objs2 : T[] [element] : Object | provenance | | -| ExternalFlow.cs:84:29:84:32 | access to local variable objs : null [element] : Object | ExternalFlow.cs:84:25:84:41 | call to method Map : T[] [element] : Object | provenance | MaD:14 | -| ExternalFlow.cs:84:29:84:32 | access to local variable objs : null [element] : Object | ExternalFlow.cs:84:35:84:35 | o : Object | provenance | MaD:14 | +| ExternalFlow.cs:84:29:84:32 | access to local variable objs : null [element] : Object | ExternalFlow.cs:84:25:84:41 | call to method Map : T[] [element] : Object | provenance | MaD:52980 | +| ExternalFlow.cs:84:29:84:32 | access to local variable objs : null [element] : Object | ExternalFlow.cs:84:35:84:35 | o : Object | provenance | MaD:52980 | | ExternalFlow.cs:84:35:84:35 | o : Object | ExternalFlow.cs:84:40:84:40 | access to parameter o : Object | provenance | | | ExternalFlow.cs:85:18:85:22 | access to local variable objs2 : T[] [element] : Object | ExternalFlow.cs:85:18:85:25 | access to array element | provenance | | | ExternalFlow.cs:90:17:90:17 | access to local variable s : String | ExternalFlow.cs:91:19:91:19 | access to local variable s : String | provenance | | | ExternalFlow.cs:90:21:90:34 | object creation of type String : String | ExternalFlow.cs:90:17:90:17 | access to local variable s : String | provenance | | -| ExternalFlow.cs:91:19:91:19 | access to local variable s : String | ExternalFlow.cs:91:30:91:30 | Int32 i : Int32 | provenance | MaD:16 | +| ExternalFlow.cs:91:19:91:19 | access to local variable s : String | ExternalFlow.cs:91:30:91:30 | Int32 i : Int32 | provenance | MaD:52982 | | ExternalFlow.cs:91:30:91:30 | Int32 i : Int32 | ExternalFlow.cs:92:18:92:18 | (...) ... | provenance | | | ExternalFlow.cs:98:13:98:14 | [post] access to local variable d1 : D [field Field] : Object | ExternalFlow.cs:103:16:103:17 | access to local variable d1 : D [field Field] : Object | provenance | | | ExternalFlow.cs:98:13:98:14 | [post] access to local variable d1 : D [field Field] : Object | ExternalFlow.cs:104:18:104:19 | access to local variable d1 : D [field Field] : Object | provenance | | | ExternalFlow.cs:98:24:98:35 | object creation of type Object : Object | ExternalFlow.cs:98:13:98:14 | [post] access to local variable d1 : D [field Field] : Object | provenance | | | ExternalFlow.cs:100:20:100:20 | d : Object | ExternalFlow.cs:102:22:102:22 | access to parameter d | provenance | | -| ExternalFlow.cs:103:16:103:17 | access to local variable d1 : D [field Field] : Object | ExternalFlow.cs:100:20:100:20 | d : Object | provenance | MaD:12 | +| ExternalFlow.cs:103:16:103:17 | access to local variable d1 : D [field Field] : Object | ExternalFlow.cs:100:20:100:20 | d : Object | provenance | MaD:52978 | | ExternalFlow.cs:104:18:104:19 | access to local variable d1 : D [field Field] : Object | ExternalFlow.cs:104:18:104:25 | access to field Field | provenance | | | ExternalFlow.cs:111:13:111:13 | [post] access to local variable f : F [field MyField] : Object | ExternalFlow.cs:112:18:112:18 | access to local variable f : F [field MyField] : Object | provenance | | -| ExternalFlow.cs:111:24:111:35 | object creation of type Object : Object | ExternalFlow.cs:111:13:111:13 | [post] access to local variable f : F [field MyField] : Object | provenance | MaD:19 | -| ExternalFlow.cs:112:18:112:18 | access to local variable f : F [field MyField] : Object | ExternalFlow.cs:112:18:112:25 | access to property MyProp | provenance | MaD:18 | +| ExternalFlow.cs:111:24:111:35 | object creation of type Object : Object | ExternalFlow.cs:111:13:111:13 | [post] access to local variable f : F [field MyField] : Object | provenance | MaD:52985 | +| ExternalFlow.cs:112:18:112:18 | access to local variable f : F [field MyField] : Object | ExternalFlow.cs:112:18:112:25 | access to property MyProp | provenance | MaD:52984 | | ExternalFlow.cs:117:17:117:17 | access to local variable a : null [element] : Object | ExternalFlow.cs:118:29:118:29 | access to local variable a : null [element] : Object | provenance | | | ExternalFlow.cs:117:34:117:49 | { ..., ... } : null [element] : Object | ExternalFlow.cs:117:17:117:17 | access to local variable a : null [element] : Object | provenance | | | ExternalFlow.cs:117:36:117:47 | object creation of type Object : Object | ExternalFlow.cs:117:34:117:49 | { ..., ... } : null [element] : Object | provenance | | | ExternalFlow.cs:118:17:118:17 | access to local variable b : null [element] : Object | ExternalFlow.cs:120:18:120:18 | access to local variable b : null [element] : Object | provenance | | | ExternalFlow.cs:118:21:118:30 | call to method Reverse : null [element] : Object | ExternalFlow.cs:118:17:118:17 | access to local variable b : null [element] : Object | provenance | | -| ExternalFlow.cs:118:29:118:29 | access to local variable a : null [element] : Object | ExternalFlow.cs:118:21:118:30 | call to method Reverse : null [element] : Object | provenance | MaD:17 | +| ExternalFlow.cs:118:29:118:29 | access to local variable a : null [element] : Object | ExternalFlow.cs:118:21:118:30 | call to method Reverse : null [element] : Object | provenance | MaD:52983 | | ExternalFlow.cs:120:18:120:18 | access to local variable b : null [element] : Object | ExternalFlow.cs:120:18:120:21 | access to array element | provenance | | | ExternalFlow.cs:205:17:205:18 | access to local variable o2 : Object | ExternalFlow.cs:206:46:206:47 | access to local variable o2 : Object | provenance | | | ExternalFlow.cs:205:22:205:33 | object creation of type Object : Object | ExternalFlow.cs:205:17:205:18 | access to local variable o2 : Object | provenance | | -| ExternalFlow.cs:206:46:206:47 | access to local variable o2 : Object | ExternalFlow.cs:206:18:206:48 | call to method MixedFlowArgs | provenance | MaD:24 | +| ExternalFlow.cs:206:46:206:47 | access to local variable o2 : Object | ExternalFlow.cs:206:18:206:48 | call to method MixedFlowArgs | provenance | MaD:52990 | | ExternalFlow.cs:211:17:211:18 | access to local variable o1 : Object | ExternalFlow.cs:212:60:212:61 | access to local variable o1 : Object | provenance | | | ExternalFlow.cs:211:22:211:33 | object creation of type Object : Object | ExternalFlow.cs:211:17:211:18 | access to local variable o1 : Object | provenance | | -| ExternalFlow.cs:212:60:212:61 | access to local variable o1 : Object | ExternalFlow.cs:212:18:212:62 | call to method GeneratedFlowWithGeneratedNeutral | provenance | MaD:25 | +| ExternalFlow.cs:212:60:212:61 | access to local variable o1 : Object | ExternalFlow.cs:212:18:212:62 | call to method GeneratedFlowWithGeneratedNeutral | provenance | MaD:52991 | | ExternalFlow.cs:238:17:238:17 | access to local variable h : HC | ExternalFlow.cs:239:21:239:21 | access to local variable h : HC | provenance | | | ExternalFlow.cs:238:21:238:28 | object creation of type HC : HC | ExternalFlow.cs:238:17:238:17 | access to local variable h : HC | provenance | | | ExternalFlow.cs:239:17:239:17 | access to local variable o : HC | ExternalFlow.cs:240:18:240:18 | access to local variable o | provenance | | -| ExternalFlow.cs:239:21:239:21 | access to local variable h : HC | ExternalFlow.cs:239:21:239:39 | call to method ExtensionMethod : HC | provenance | MaD:27 | +| ExternalFlow.cs:239:21:239:21 | access to local variable h : HC | ExternalFlow.cs:239:21:239:39 | call to method ExtensionMethod : HC | provenance | MaD:52993 | | ExternalFlow.cs:239:21:239:39 | call to method ExtensionMethod : HC | ExternalFlow.cs:239:17:239:17 | access to local variable o : HC | provenance | | | ExternalFlow.cs:256:13:256:13 | [post] access to parameter a : MyInlineArray [element] : Object | ExternalFlow.cs:257:30:257:30 | access to parameter a : MyInlineArray [element] : Object | provenance | | | ExternalFlow.cs:256:20:256:31 | object creation of type Object : Object | ExternalFlow.cs:256:13:256:13 | [post] access to parameter a : MyInlineArray [element] : Object | provenance | | | ExternalFlow.cs:257:17:257:17 | access to local variable b : Object | ExternalFlow.cs:258:18:258:18 | access to local variable b | provenance | | | ExternalFlow.cs:257:21:257:31 | call to method GetFirst : Object | ExternalFlow.cs:257:17:257:17 | access to local variable b : Object | provenance | | -| ExternalFlow.cs:257:30:257:30 | access to parameter a : MyInlineArray [element] : Object | ExternalFlow.cs:257:21:257:31 | call to method GetFirst : Object | provenance | MaD:28 | +| ExternalFlow.cs:257:30:257:30 | access to parameter a : MyInlineArray [element] : Object | ExternalFlow.cs:257:21:257:31 | call to method GetFirst : Object | provenance | MaD:52994 | | ExternalFlow.cs:278:17:278:17 | access to local variable j : Object | ExternalFlow.cs:279:22:279:22 | access to local variable j : Object | provenance | | | ExternalFlow.cs:278:21:278:32 | object creation of type Object : Object | ExternalFlow.cs:278:17:278:17 | access to local variable j : Object | provenance | | | ExternalFlow.cs:279:13:279:23 | [post] this access : J | ExternalFlow.cs:281:18:281:21 | this access : J | provenance | | -| ExternalFlow.cs:279:22:279:22 | access to local variable j : Object | ExternalFlow.cs:279:13:279:23 | [post] this access : J | provenance | MaD:30 | -| ExternalFlow.cs:281:18:281:21 | this access : J | ExternalFlow.cs:281:18:281:27 | access to property Prop1 | provenance | MaD:29 | +| ExternalFlow.cs:279:22:279:22 | access to local variable j : Object | ExternalFlow.cs:279:13:279:23 | [post] this access : J | provenance | MaD:52996 | +| ExternalFlow.cs:281:18:281:21 | this access : J | ExternalFlow.cs:281:18:281:27 | access to property Prop1 | provenance | MaD:52995 | nodes | ExternalFlow.cs:9:20:9:23 | access to local variable arg1 : Object | semmle.label | access to local variable arg1 : Object | | ExternalFlow.cs:9:27:9:38 | object creation of type Object : Object | semmle.label | object creation of type Object : Object | diff --git a/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest2.expected b/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest2.expected index 37eedffeaa50..ba0906cf7add 100644 --- a/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest2.expected +++ b/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest2.expected @@ -9,7 +9,7 @@ edges | Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | provenance | | | Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:28:85:28:105 | call to method BytesToString : String | provenance | | | Test.cs:34:20:34:25 | access to local variable result : String | Test.cs:37:42:37:96 | ... + ... | provenance | Sink:MaD:948 | -| Test.cs:34:29:34:69 | call to method ExecuteQuery : String | Test.cs:34:20:34:25 | access to local variable result : String | provenance | Src:MaD:1 | +| Test.cs:34:29:34:69 | call to method ExecuteQuery : String | Test.cs:34:20:34:25 | access to local variable result : String | provenance | Src:MaD:52967 | nodes | Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | semmle.label | bytes : Byte[] [element] : Object | | Test.cs:15:20:15:61 | call to method GetString : String | semmle.label | call to method GetString : String | diff --git a/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest3.expected b/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest3.expected index dede7b6904d4..0ef37510a073 100644 --- a/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest3.expected +++ b/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest3.expected @@ -9,11 +9,11 @@ edges | Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | provenance | | | Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:28:85:28:105 | call to method BytesToString : String | provenance | | | Test.cs:34:20:34:25 | access to local variable result : String | Test.cs:37:42:37:96 | ... + ... | provenance | Sink:MaD:948 | -| Test.cs:34:29:34:69 | call to method ExecuteQuery : String | Test.cs:34:20:34:25 | access to local variable result : String | provenance | Src:MaD:1 | +| Test.cs:34:29:34:69 | call to method ExecuteQuery : String | Test.cs:34:20:34:25 | access to local variable result : String | provenance | Src:MaD:52967 | | Test.cs:43:20:43:25 | access to local variable result : String | Test.cs:46:42:46:96 | ... + ... | provenance | Sink:MaD:948 | -| Test.cs:43:29:43:50 | call to method ReadEnv : String | Test.cs:43:20:43:25 | access to local variable result : String | provenance | Src:MaD:2 | +| Test.cs:43:29:43:50 | call to method ReadEnv : String | Test.cs:43:20:43:25 | access to local variable result : String | provenance | Src:MaD:52968 | | Test.cs:62:20:62:25 | access to local variable result : String | Test.cs:65:42:65:96 | ... + ... | provenance | Sink:MaD:948 | -| Test.cs:62:29:62:48 | call to method GetCliArg : String | Test.cs:62:20:62:25 | access to local variable result : String | provenance | Src:MaD:4 | +| Test.cs:62:29:62:48 | call to method GetCliArg : String | Test.cs:62:20:62:25 | access to local variable result : String | provenance | Src:MaD:52970 | nodes | Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | semmle.label | bytes : Byte[] [element] : Object | | Test.cs:15:20:15:61 | call to method GetString : String | semmle.label | call to method GetString : String | diff --git a/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest4.expected b/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest4.expected index e5e8dda6f688..0a221cc76476 100644 --- a/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest4.expected +++ b/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest4.expected @@ -9,13 +9,13 @@ edges | Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | provenance | | | Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:28:85:28:105 | call to method BytesToString : String | provenance | | | Test.cs:34:20:34:25 | access to local variable result : String | Test.cs:37:42:37:96 | ... + ... | provenance | Sink:MaD:948 | -| Test.cs:34:29:34:69 | call to method ExecuteQuery : String | Test.cs:34:20:34:25 | access to local variable result : String | provenance | Src:MaD:1 | +| Test.cs:34:29:34:69 | call to method ExecuteQuery : String | Test.cs:34:20:34:25 | access to local variable result : String | provenance | Src:MaD:52967 | | Test.cs:43:20:43:25 | access to local variable result : String | Test.cs:46:42:46:96 | ... + ... | provenance | Sink:MaD:948 | -| Test.cs:43:29:43:50 | call to method ReadEnv : String | Test.cs:43:20:43:25 | access to local variable result : String | provenance | Src:MaD:2 | +| Test.cs:43:29:43:50 | call to method ReadEnv : String | Test.cs:43:20:43:25 | access to local variable result : String | provenance | Src:MaD:52968 | | Test.cs:53:20:53:25 | access to local variable result : String | Test.cs:56:42:56:96 | ... + ... | provenance | Sink:MaD:948 | -| Test.cs:53:29:53:52 | call to method GetCustom : String | Test.cs:53:20:53:25 | access to local variable result : String | provenance | Src:MaD:3 | +| Test.cs:53:29:53:52 | call to method GetCustom : String | Test.cs:53:20:53:25 | access to local variable result : String | provenance | Src:MaD:52969 | | Test.cs:62:20:62:25 | access to local variable result : String | Test.cs:65:42:65:96 | ... + ... | provenance | Sink:MaD:948 | -| Test.cs:62:29:62:48 | call to method GetCliArg : String | Test.cs:62:20:62:25 | access to local variable result : String | provenance | Src:MaD:4 | +| Test.cs:62:29:62:48 | call to method GetCliArg : String | Test.cs:62:20:62:25 | access to local variable result : String | provenance | Src:MaD:52970 | nodes | Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | semmle.label | bytes : Byte[] [element] : Object | | Test.cs:15:20:15:61 | call to method GetString : String | semmle.label | call to method GetString : String | diff --git a/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest5.expected b/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest5.expected index 1c05532daceb..1c2199af7967 100644 --- a/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest5.expected +++ b/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest5.expected @@ -9,9 +9,9 @@ edges | Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | provenance | | | Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:28:85:28:105 | call to method BytesToString : String | provenance | | | Test.cs:43:20:43:25 | access to local variable result : String | Test.cs:46:42:46:96 | ... + ... | provenance | Sink:MaD:948 | -| Test.cs:43:29:43:50 | call to method ReadEnv : String | Test.cs:43:20:43:25 | access to local variable result : String | provenance | Src:MaD:3 | +| Test.cs:43:29:43:50 | call to method ReadEnv : String | Test.cs:43:20:43:25 | access to local variable result : String | provenance | Src:MaD:52969 | | Test.cs:62:20:62:25 | access to local variable result : String | Test.cs:65:42:65:96 | ... + ... | provenance | Sink:MaD:948 | -| Test.cs:62:29:62:48 | call to method GetCliArg : String | Test.cs:62:20:62:25 | access to local variable result : String | provenance | Src:MaD:5 | +| Test.cs:62:29:62:48 | call to method GetCliArg : String | Test.cs:62:20:62:25 | access to local variable result : String | provenance | Src:MaD:52971 | nodes | Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | semmle.label | bytes : Byte[] [element] : Object | | Test.cs:15:20:15:61 | call to method GetString : String | semmle.label | call to method GetString : String | diff --git a/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest6.expected b/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest6.expected index dca3482010d3..dbef600b9e3e 100644 --- a/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest6.expected +++ b/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest6.expected @@ -9,9 +9,9 @@ edges | Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | provenance | | | Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:28:85:28:105 | call to method BytesToString : String | provenance | | | Test.cs:34:20:34:25 | access to local variable result : String | Test.cs:37:42:37:96 | ... + ... | provenance | Sink:MaD:948 | -| Test.cs:34:29:34:69 | call to method ExecuteQuery : String | Test.cs:34:20:34:25 | access to local variable result : String | provenance | Src:MaD:2 | +| Test.cs:34:29:34:69 | call to method ExecuteQuery : String | Test.cs:34:20:34:25 | access to local variable result : String | provenance | Src:MaD:52968 | | Test.cs:62:20:62:25 | access to local variable result : String | Test.cs:65:42:65:96 | ... + ... | provenance | Sink:MaD:948 | -| Test.cs:62:29:62:48 | call to method GetCliArg : String | Test.cs:62:20:62:25 | access to local variable result : String | provenance | Src:MaD:5 | +| Test.cs:62:29:62:48 | call to method GetCliArg : String | Test.cs:62:20:62:25 | access to local variable result : String | provenance | Src:MaD:52971 | nodes | Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | semmle.label | bytes : Byte[] [element] : Object | | Test.cs:15:20:15:61 | call to method GetString : String | semmle.label | call to method GetString : String | From 46577b585e23ebbab79188339dabe141a1c1347a Mon Sep 17 00:00:00 2001 From: Alexander Eyers-Taylor Date: Wed, 7 Aug 2024 14:24:37 +0100 Subject: [PATCH 06/12] Revert "Release preparation for version 2.18.2" --- cpp/ql/lib/CHANGELOG.md | 15 ------------- .../2024-07-23-destroying-delete.md | 4 ++++ .../2024-07-23-using-enum-declaration.md | 4 ++++ .../2024-07-25-alias-analysis-perf.md | 4 ++++ .../change-notes/2024-07-31-constexpr-if.md | 4 ++++ .../2024-08-01-deduction-guide.md | 4 ++++ .../change-notes/2024-08-01-explicit-bool.md | 5 +++++ cpp/ql/lib/change-notes/released/1.4.0.md | 14 ------------- cpp/ql/lib/codeql-pack.release.yml | 2 +- cpp/ql/lib/qlpack.yml | 2 +- cpp/ql/src/CHANGELOG.md | 13 ------------ ...fference-expression-compared-zero-query.md | 4 ++++ ...-22-incorrect-allocation-error-handling.md | 4 ++++ .../2024-07-22-suspicious-allocation-size.md | 4 ++++ .../2024-07-23-incorrectly-checked-scanf.md | 4 ++++ .../2024-07-31-memory-may-not-be-freed.md | 4 ++++ cpp/ql/src/change-notes/released/1.2.0.md | 12 ----------- cpp/ql/src/codeql-pack.release.yml | 2 +- cpp/ql/src/qlpack.yml | 2 +- .../ql/campaigns/Solorigate/lib/CHANGELOG.md | 4 ---- .../lib/change-notes/released/1.7.22.md | 3 --- .../Solorigate/lib/codeql-pack.release.yml | 2 +- csharp/ql/campaigns/Solorigate/lib/qlpack.yml | 2 +- .../ql/campaigns/Solorigate/src/CHANGELOG.md | 4 ---- .../src/change-notes/released/1.7.22.md | 3 --- .../Solorigate/src/codeql-pack.release.yml | 2 +- csharp/ql/campaigns/Solorigate/src/qlpack.yml | 2 +- csharp/ql/lib/CHANGELOG.md | 4 ---- csharp/ql/lib/change-notes/released/1.0.5.md | 3 --- csharp/ql/lib/codeql-pack.release.yml | 2 +- csharp/ql/lib/qlpack.yml | 2 +- csharp/ql/src/CHANGELOG.md | 4 ---- csharp/ql/src/change-notes/released/1.0.5.md | 3 --- csharp/ql/src/codeql-pack.release.yml | 2 +- csharp/ql/src/qlpack.yml | 2 +- go/ql/consistency-queries/CHANGELOG.md | 4 ---- .../change-notes/released/1.0.5.md | 3 --- .../codeql-pack.release.yml | 2 +- go/ql/consistency-queries/qlpack.yml | 2 +- go/ql/lib/CHANGELOG.md | 4 ---- go/ql/lib/change-notes/released/1.1.4.md | 3 --- go/ql/lib/codeql-pack.release.yml | 2 +- go/ql/lib/qlpack.yml | 2 +- go/ql/src/CHANGELOG.md | 4 ---- go/ql/src/change-notes/released/1.0.5.md | 3 --- go/ql/src/codeql-pack.release.yml | 2 +- go/ql/src/qlpack.yml | 2 +- java/ql/automodel/src/CHANGELOG.md | 4 ---- .../src/change-notes/released/1.0.5.md | 3 --- java/ql/automodel/src/codeql-pack.release.yml | 2 +- java/ql/automodel/src/qlpack.yml | 2 +- java/ql/lib/CHANGELOG.md | 20 ------------------ ...reverse-dns-separate-threat-model-kind.md} | 21 +++---------------- ...add-models-for-the-lastaflute-framework.md | 4 ++++ .../2024-07-19-apache-ant-property-sinks.md | 4 ++++ .../2024-07-24-url-fields-inherit-taint.md | 4 ++++ .../lib/change-notes/2024-07-25-env-vars.md | 4 ++++ .../change-notes/2024-08-02-buildless-ga.md | 4 ++++ java/ql/lib/codeql-pack.release.yml | 2 +- java/ql/lib/qlpack.yml | 2 +- java/ql/src/CHANGELOG.md | 11 +--------- ...2024-07-23-java-sensitivelogging-source.md | 4 ++++ .../2024-07-25-java-error-message-exposure.md | 4 ++++ ...07-30-sensitive-log-whitelist-tokenizer.md | 4 ++++ java/ql/src/change-notes/2024-07-30-unused.md | 4 ++++ java/ql/src/change-notes/released/1.1.2.md | 8 ------- java/ql/src/codeql-pack.release.yml | 2 +- java/ql/src/qlpack.yml | 2 +- javascript/ql/lib/CHANGELOG.md | 4 ---- .../ql/lib/change-notes/released/1.1.2.md | 3 --- javascript/ql/lib/codeql-pack.release.yml | 2 +- javascript/ql/lib/qlpack.yml | 2 +- javascript/ql/src/CHANGELOG.md | 4 ---- .../ql/src/change-notes/released/1.1.1.md | 3 --- javascript/ql/src/codeql-pack.release.yml | 2 +- javascript/ql/src/qlpack.yml | 2 +- misc/suite-helpers/CHANGELOG.md | 4 ---- .../change-notes/released/1.0.5.md | 3 --- misc/suite-helpers/codeql-pack.release.yml | 2 +- misc/suite-helpers/qlpack.yml | 2 +- python/ql/lib/CHANGELOG.md | 6 ------ ....0.5.md => 2024-07-12-mad-dict-sources.md} | 7 +++---- python/ql/lib/codeql-pack.release.yml | 2 +- python/ql/lib/qlpack.yml | 2 +- python/ql/src/CHANGELOG.md | 10 --------- ....1.0.md => 2024-07-19-cookie-injection.md} | 13 ++++-------- .../2024-07-26-streamlit-models.md | 4 ++++ python/ql/src/codeql-pack.release.yml | 2 +- python/ql/src/qlpack.yml | 2 +- ruby/ql/lib/CHANGELOG.md | 4 ---- ruby/ql/lib/change-notes/released/1.0.5.md | 3 --- ruby/ql/lib/codeql-pack.release.yml | 2 +- ruby/ql/lib/qlpack.yml | 2 +- ruby/ql/src/CHANGELOG.md | 6 ------ ...6-18-weak-sensitive-data-hashing-query.md} | 7 +++---- ruby/ql/src/codeql-pack.release.yml | 2 +- ruby/ql/src/qlpack.yml | 2 +- shared/controlflow/CHANGELOG.md | 4 ---- .../change-notes/released/1.0.5.md | 3 --- shared/controlflow/codeql-pack.release.yml | 2 +- shared/controlflow/qlpack.yml | 2 +- shared/dataflow/CHANGELOG.md | 4 ---- .../dataflow/change-notes/released/1.0.5.md | 3 --- shared/dataflow/codeql-pack.release.yml | 2 +- shared/dataflow/qlpack.yml | 2 +- shared/mad/CHANGELOG.md | 4 ---- shared/mad/change-notes/released/1.0.5.md | 3 --- shared/mad/codeql-pack.release.yml | 2 +- shared/mad/qlpack.yml | 2 +- shared/rangeanalysis/CHANGELOG.md | 4 ---- .../change-notes/released/1.0.5.md | 3 --- shared/rangeanalysis/codeql-pack.release.yml | 2 +- shared/rangeanalysis/qlpack.yml | 2 +- shared/regex/CHANGELOG.md | 4 ---- shared/regex/change-notes/released/1.0.5.md | 3 --- shared/regex/codeql-pack.release.yml | 2 +- shared/regex/qlpack.yml | 2 +- shared/ssa/CHANGELOG.md | 4 ---- shared/ssa/change-notes/released/1.0.5.md | 3 --- shared/ssa/codeql-pack.release.yml | 2 +- shared/ssa/qlpack.yml | 2 +- shared/threat-models/CHANGELOG.md | 4 ---- .../change-notes/released/1.0.5.md | 3 --- shared/threat-models/codeql-pack.release.yml | 2 +- shared/threat-models/qlpack.yml | 2 +- shared/tutorial/CHANGELOG.md | 4 ---- .../tutorial/change-notes/released/1.0.5.md | 3 --- shared/tutorial/codeql-pack.release.yml | 2 +- shared/tutorial/qlpack.yml | 2 +- shared/typeflow/CHANGELOG.md | 4 ---- .../typeflow/change-notes/released/1.0.5.md | 3 --- shared/typeflow/codeql-pack.release.yml | 2 +- shared/typeflow/qlpack.yml | 2 +- shared/typetracking/CHANGELOG.md | 4 ---- .../change-notes/released/1.0.5.md | 3 --- shared/typetracking/codeql-pack.release.yml | 2 +- shared/typetracking/qlpack.yml | 2 +- shared/typos/CHANGELOG.md | 4 ---- shared/typos/change-notes/released/1.0.5.md | 3 --- shared/typos/codeql-pack.release.yml | 2 +- shared/typos/qlpack.yml | 2 +- shared/util/CHANGELOG.md | 4 ---- shared/util/change-notes/released/1.0.5.md | 3 --- shared/util/codeql-pack.release.yml | 2 +- shared/util/qlpack.yml | 2 +- shared/xml/CHANGELOG.md | 4 ---- shared/xml/change-notes/released/1.0.5.md | 3 --- shared/xml/codeql-pack.release.yml | 2 +- shared/xml/qlpack.yml | 2 +- shared/yaml/CHANGELOG.md | 4 ---- shared/yaml/change-notes/released/1.0.5.md | 3 --- shared/yaml/codeql-pack.release.yml | 2 +- shared/yaml/qlpack.yml | 2 +- swift/ql/lib/CHANGELOG.md | 7 ------- .../lib/change-notes/2024-07-24-url-model.md | 4 ++++ .../2024-08-01-filemanager-model.md | 4 ++++ swift/ql/lib/change-notes/released/1.1.1.md | 6 ------ swift/ql/lib/codeql-pack.release.yml | 2 +- swift/ql/lib/qlpack.yml | 2 +- swift/ql/src/CHANGELOG.md | 7 ------- .../1.0.5.md => 2024-08-01-constant-salt.md} | 7 +++---- swift/ql/src/codeql-pack.release.yml | 2 +- swift/ql/src/qlpack.yml | 2 +- 163 files changed, 180 insertions(+), 425 deletions(-) create mode 100644 cpp/ql/lib/change-notes/2024-07-23-destroying-delete.md create mode 100644 cpp/ql/lib/change-notes/2024-07-23-using-enum-declaration.md create mode 100644 cpp/ql/lib/change-notes/2024-07-25-alias-analysis-perf.md create mode 100644 cpp/ql/lib/change-notes/2024-07-31-constexpr-if.md create mode 100644 cpp/ql/lib/change-notes/2024-08-01-deduction-guide.md create mode 100644 cpp/ql/lib/change-notes/2024-08-01-explicit-bool.md delete mode 100644 cpp/ql/lib/change-notes/released/1.4.0.md create mode 100644 cpp/ql/src/change-notes/2024-07-11-unsigned-difference-expression-compared-zero-query.md create mode 100644 cpp/ql/src/change-notes/2024-07-22-incorrect-allocation-error-handling.md create mode 100644 cpp/ql/src/change-notes/2024-07-22-suspicious-allocation-size.md create mode 100644 cpp/ql/src/change-notes/2024-07-23-incorrectly-checked-scanf.md create mode 100644 cpp/ql/src/change-notes/2024-07-31-memory-may-not-be-freed.md delete mode 100644 cpp/ql/src/change-notes/released/1.2.0.md delete mode 100644 csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.22.md delete mode 100644 csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.22.md delete mode 100644 csharp/ql/lib/change-notes/released/1.0.5.md delete mode 100644 csharp/ql/src/change-notes/released/1.0.5.md delete mode 100644 go/ql/consistency-queries/change-notes/released/1.0.5.md delete mode 100644 go/ql/lib/change-notes/released/1.1.4.md delete mode 100644 go/ql/src/change-notes/released/1.0.5.md delete mode 100644 java/ql/automodel/src/change-notes/released/1.0.5.md rename java/ql/lib/change-notes/{released/3.0.0.md => 2024-06-14-reverse-dns-separate-threat-model-kind.md} (60%) create mode 100644 java/ql/lib/change-notes/2024-07-16-add-models-for-the-lastaflute-framework.md create mode 100644 java/ql/lib/change-notes/2024-07-19-apache-ant-property-sinks.md create mode 100644 java/ql/lib/change-notes/2024-07-24-url-fields-inherit-taint.md create mode 100644 java/ql/lib/change-notes/2024-07-25-env-vars.md create mode 100644 java/ql/lib/change-notes/2024-08-02-buildless-ga.md create mode 100644 java/ql/src/change-notes/2024-07-23-java-sensitivelogging-source.md create mode 100644 java/ql/src/change-notes/2024-07-25-java-error-message-exposure.md create mode 100644 java/ql/src/change-notes/2024-07-30-sensitive-log-whitelist-tokenizer.md create mode 100644 java/ql/src/change-notes/2024-07-30-unused.md delete mode 100644 java/ql/src/change-notes/released/1.1.2.md delete mode 100644 javascript/ql/lib/change-notes/released/1.1.2.md delete mode 100644 javascript/ql/src/change-notes/released/1.1.1.md delete mode 100644 misc/suite-helpers/change-notes/released/1.0.5.md rename python/ql/lib/change-notes/{released/1.0.5.md => 2024-07-12-mad-dict-sources.md} (83%) rename python/ql/src/change-notes/{released/1.1.0.md => 2024-07-19-cookie-injection.md} (59%) create mode 100644 python/ql/src/change-notes/2024-07-26-streamlit-models.md delete mode 100644 ruby/ql/lib/change-notes/released/1.0.5.md rename ruby/ql/src/change-notes/{released/1.1.0.md => 2024-06-18-weak-sensitive-data-hashing-query.md} (84%) delete mode 100644 shared/controlflow/change-notes/released/1.0.5.md delete mode 100644 shared/dataflow/change-notes/released/1.0.5.md delete mode 100644 shared/mad/change-notes/released/1.0.5.md delete mode 100644 shared/rangeanalysis/change-notes/released/1.0.5.md delete mode 100644 shared/regex/change-notes/released/1.0.5.md delete mode 100644 shared/ssa/change-notes/released/1.0.5.md delete mode 100644 shared/threat-models/change-notes/released/1.0.5.md delete mode 100644 shared/tutorial/change-notes/released/1.0.5.md delete mode 100644 shared/typeflow/change-notes/released/1.0.5.md delete mode 100644 shared/typetracking/change-notes/released/1.0.5.md delete mode 100644 shared/typos/change-notes/released/1.0.5.md delete mode 100644 shared/util/change-notes/released/1.0.5.md delete mode 100644 shared/xml/change-notes/released/1.0.5.md delete mode 100644 shared/yaml/change-notes/released/1.0.5.md create mode 100644 swift/ql/lib/change-notes/2024-07-24-url-model.md create mode 100644 swift/ql/lib/change-notes/2024-08-01-filemanager-model.md delete mode 100644 swift/ql/lib/change-notes/released/1.1.1.md rename swift/ql/src/change-notes/{released/1.0.5.md => 2024-08-01-constant-salt.md} (88%) diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md index 646199bb39c8..9f01040830c1 100644 --- a/cpp/ql/lib/CHANGELOG.md +++ b/cpp/ql/lib/CHANGELOG.md @@ -1,18 +1,3 @@ -## 1.4.0 - -### New Features - -* A `getTemplateClass` predicate was added to the `DeductionGuide` class to get the class template for which the deduction guide is a guide. -* An `isExplicit` predicate was added to the `Function` class that determines whether the function was declared as explicit. -* A `getExplicitExpr` predicate was added to the `Function` class that yields the constant boolean expression (if any) that conditionally determines whether the function is explicit. -* A `isDestroyingDeleteDeallocation` predicate was added to the `NewOrNewArrayExpr` and `DeleteOrDeleteArrayExpr` classes to indicate whether the deallocation function is a destroying delete. - -### Minor Analysis Improvements - -* The controlling expression of a `constexpr if` is now always recognized as an unevaluated expression. -* Improved performance of alias analysis of large function bodies. In rare cases, alerts that depend on alias analysis of large function bodies may be affected. -* A `UsingEnumDeclarationEntry` class has been added for C++ `using enum` declarations. As part of this, synthesized `UsingDeclarationEntry`s are no longer emitted for individual enumerators of the referenced enumeration. - ## 1.3.0 ### New Features diff --git a/cpp/ql/lib/change-notes/2024-07-23-destroying-delete.md b/cpp/ql/lib/change-notes/2024-07-23-destroying-delete.md new file mode 100644 index 000000000000..eb2a69f5bac6 --- /dev/null +++ b/cpp/ql/lib/change-notes/2024-07-23-destroying-delete.md @@ -0,0 +1,4 @@ +--- +category: feature +--- +* A `isDestroyingDeleteDeallocation` predicate was added to the `NewOrNewArrayExpr` and `DeleteOrDeleteArrayExpr` classes to indicate whether the deallocation function is a destroying delete. diff --git a/cpp/ql/lib/change-notes/2024-07-23-using-enum-declaration.md b/cpp/ql/lib/change-notes/2024-07-23-using-enum-declaration.md new file mode 100644 index 000000000000..cf85b3cef4e8 --- /dev/null +++ b/cpp/ql/lib/change-notes/2024-07-23-using-enum-declaration.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* A `UsingEnumDeclarationEntry` class has been added for C++ `using enum` declarations. As part of this, synthesized `UsingDeclarationEntry`s are no longer emitted for individual enumerators of the referenced enumeration. diff --git a/cpp/ql/lib/change-notes/2024-07-25-alias-analysis-perf.md b/cpp/ql/lib/change-notes/2024-07-25-alias-analysis-perf.md new file mode 100644 index 000000000000..585e824e6f19 --- /dev/null +++ b/cpp/ql/lib/change-notes/2024-07-25-alias-analysis-perf.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Improved performance of alias analysis of large function bodies. In rare cases, alerts that depend on alias analysis of large function bodies may be affected. diff --git a/cpp/ql/lib/change-notes/2024-07-31-constexpr-if.md b/cpp/ql/lib/change-notes/2024-07-31-constexpr-if.md new file mode 100644 index 000000000000..09e27337bd11 --- /dev/null +++ b/cpp/ql/lib/change-notes/2024-07-31-constexpr-if.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* The controlling expression of a `constexpr if` is now always recognized as an unevaluated expression. \ No newline at end of file diff --git a/cpp/ql/lib/change-notes/2024-08-01-deduction-guide.md b/cpp/ql/lib/change-notes/2024-08-01-deduction-guide.md new file mode 100644 index 000000000000..b2d18d5994f5 --- /dev/null +++ b/cpp/ql/lib/change-notes/2024-08-01-deduction-guide.md @@ -0,0 +1,4 @@ +--- +category: feature +--- +* A `getTemplateClass` predicate was added to the `DeductionGuide` class to get the class template for which the deduction guide is a guide. diff --git a/cpp/ql/lib/change-notes/2024-08-01-explicit-bool.md b/cpp/ql/lib/change-notes/2024-08-01-explicit-bool.md new file mode 100644 index 000000000000..f6ff9d19e8b3 --- /dev/null +++ b/cpp/ql/lib/change-notes/2024-08-01-explicit-bool.md @@ -0,0 +1,5 @@ +--- +category: feature +--- +* An `isExplicit` predicate was added to the `Function` class that determines whether the function was declared as explicit. +* A `getExplicitExpr` predicate was added to the `Function` class that yields the constant boolean expression (if any) that conditionally determines whether the function is explicit. diff --git a/cpp/ql/lib/change-notes/released/1.4.0.md b/cpp/ql/lib/change-notes/released/1.4.0.md deleted file mode 100644 index a8466b0ef11c..000000000000 --- a/cpp/ql/lib/change-notes/released/1.4.0.md +++ /dev/null @@ -1,14 +0,0 @@ -## 1.4.0 - -### New Features - -* A `getTemplateClass` predicate was added to the `DeductionGuide` class to get the class template for which the deduction guide is a guide. -* An `isExplicit` predicate was added to the `Function` class that determines whether the function was declared as explicit. -* A `getExplicitExpr` predicate was added to the `Function` class that yields the constant boolean expression (if any) that conditionally determines whether the function is explicit. -* A `isDestroyingDeleteDeallocation` predicate was added to the `NewOrNewArrayExpr` and `DeleteOrDeleteArrayExpr` classes to indicate whether the deallocation function is a destroying delete. - -### Minor Analysis Improvements - -* The controlling expression of a `constexpr if` is now always recognized as an unevaluated expression. -* Improved performance of alias analysis of large function bodies. In rare cases, alerts that depend on alias analysis of large function bodies may be affected. -* A `UsingEnumDeclarationEntry` class has been added for C++ `using enum` declarations. As part of this, synthesized `UsingDeclarationEntry`s are no longer emitted for individual enumerators of the referenced enumeration. diff --git a/cpp/ql/lib/codeql-pack.release.yml b/cpp/ql/lib/codeql-pack.release.yml index b8b2e97d5086..ec16350ed6fd 100644 --- a/cpp/ql/lib/codeql-pack.release.yml +++ b/cpp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.4.0 +lastReleaseVersion: 1.3.0 diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index 002da21daec9..5ef613e94c00 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 1.4.0 +version: 1.3.1-dev groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md index 25e322a99b75..9f10be7db909 100644 --- a/cpp/ql/src/CHANGELOG.md +++ b/cpp/ql/src/CHANGELOG.md @@ -1,16 +1,3 @@ -## 1.2.0 - -### Query Metadata Changes - -* The precision of `cpp/unsigned-difference-expression-compared-zero` ("Unsigned difference expression compared to zero") has been increased to `high`. As a result, it will be run by default as part of the Code Scanning suite. - -### Minor Analysis Improvements - -* Fixed false positives in the `cpp/memory-may-not-be-freed` ("Memory may not be freed") query involving class methods that returned an allocated field of that class being misidentified as allocators. -* The `cpp/incorrectly-checked-scanf` ("Incorrect return-value check for a 'scanf'-like function") query now produces fewer false positive results. -* The `cpp/incorrect-allocation-error-handling` ("Incorrect allocation-error handling") query no longer produces occasional false positive results inside template instantiations. -* The `cpp/suspicious-allocation-size` ("Not enough memory allocated for array of pointer type") query no longer produces false positives on "variable size" `struct`s. - ## 1.1.0 ### Query Metadata Changes diff --git a/cpp/ql/src/change-notes/2024-07-11-unsigned-difference-expression-compared-zero-query.md b/cpp/ql/src/change-notes/2024-07-11-unsigned-difference-expression-compared-zero-query.md new file mode 100644 index 000000000000..7a1469464c27 --- /dev/null +++ b/cpp/ql/src/change-notes/2024-07-11-unsigned-difference-expression-compared-zero-query.md @@ -0,0 +1,4 @@ +--- +category: queryMetadata +--- +* The precision of `cpp/unsigned-difference-expression-compared-zero` ("Unsigned difference expression compared to zero") has been increased to `high`. As a result, it will be run by default as part of the Code Scanning suite. diff --git a/cpp/ql/src/change-notes/2024-07-22-incorrect-allocation-error-handling.md b/cpp/ql/src/change-notes/2024-07-22-incorrect-allocation-error-handling.md new file mode 100644 index 000000000000..5e95cd05678e --- /dev/null +++ b/cpp/ql/src/change-notes/2024-07-22-incorrect-allocation-error-handling.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* The `cpp/incorrect-allocation-error-handling` ("Incorrect allocation-error handling") query no longer produces occasional false positive results inside template instantiations. diff --git a/cpp/ql/src/change-notes/2024-07-22-suspicious-allocation-size.md b/cpp/ql/src/change-notes/2024-07-22-suspicious-allocation-size.md new file mode 100644 index 000000000000..8b55e61e85a7 --- /dev/null +++ b/cpp/ql/src/change-notes/2024-07-22-suspicious-allocation-size.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* The `cpp/suspicious-allocation-size` ("Not enough memory allocated for array of pointer type") query no longer produces false positives on "variable size" `struct`s. diff --git a/cpp/ql/src/change-notes/2024-07-23-incorrectly-checked-scanf.md b/cpp/ql/src/change-notes/2024-07-23-incorrectly-checked-scanf.md new file mode 100644 index 000000000000..9149c7611f5b --- /dev/null +++ b/cpp/ql/src/change-notes/2024-07-23-incorrectly-checked-scanf.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* The `cpp/incorrectly-checked-scanf` ("Incorrect return-value check for a 'scanf'-like function") query now produces fewer false positive results. diff --git a/cpp/ql/src/change-notes/2024-07-31-memory-may-not-be-freed.md b/cpp/ql/src/change-notes/2024-07-31-memory-may-not-be-freed.md new file mode 100644 index 000000000000..a0ce19ccf694 --- /dev/null +++ b/cpp/ql/src/change-notes/2024-07-31-memory-may-not-be-freed.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Fixed false positives in the `cpp/memory-may-not-be-freed` ("Memory may not be freed") query involving class methods that returned an allocated field of that class being misidentified as allocators. diff --git a/cpp/ql/src/change-notes/released/1.2.0.md b/cpp/ql/src/change-notes/released/1.2.0.md deleted file mode 100644 index f23e2b92eec6..000000000000 --- a/cpp/ql/src/change-notes/released/1.2.0.md +++ /dev/null @@ -1,12 +0,0 @@ -## 1.2.0 - -### Query Metadata Changes - -* The precision of `cpp/unsigned-difference-expression-compared-zero` ("Unsigned difference expression compared to zero") has been increased to `high`. As a result, it will be run by default as part of the Code Scanning suite. - -### Minor Analysis Improvements - -* Fixed false positives in the `cpp/memory-may-not-be-freed` ("Memory may not be freed") query involving class methods that returned an allocated field of that class being misidentified as allocators. -* The `cpp/incorrectly-checked-scanf` ("Incorrect return-value check for a 'scanf'-like function") query now produces fewer false positive results. -* The `cpp/incorrect-allocation-error-handling` ("Incorrect allocation-error handling") query no longer produces occasional false positive results inside template instantiations. -* The `cpp/suspicious-allocation-size` ("Not enough memory allocated for array of pointer type") query no longer produces false positives on "variable size" `struct`s. diff --git a/cpp/ql/src/codeql-pack.release.yml b/cpp/ql/src/codeql-pack.release.yml index 75430e73d1c4..2ac15439f561 100644 --- a/cpp/ql/src/codeql-pack.release.yml +++ b/cpp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.2.0 +lastReleaseVersion: 1.1.0 diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index a26e3b68c6de..97b40ad7de2d 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 1.2.0 +version: 1.1.1-dev groups: - cpp - queries diff --git a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md index eb7af5234e3c..503822fbd684 100644 --- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md @@ -1,7 +1,3 @@ -## 1.7.22 - -No user-facing changes. - ## 1.7.21 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.22.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.22.md deleted file mode 100644 index 7d6f39f3ce21..000000000000 --- a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.22.md +++ /dev/null @@ -1,3 +0,0 @@ -## 1.7.22 - -No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml index 6a79a0ec163e..87eff681b88a 100644 --- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.22 +lastReleaseVersion: 1.7.21 diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index a13c44628162..f8c5a6f14a29 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.7.22 +version: 1.7.22-dev groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md index eb7af5234e3c..503822fbd684 100644 --- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md @@ -1,7 +1,3 @@ -## 1.7.22 - -No user-facing changes. - ## 1.7.21 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.22.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.22.md deleted file mode 100644 index 7d6f39f3ce21..000000000000 --- a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.22.md +++ /dev/null @@ -1,3 +0,0 @@ -## 1.7.22 - -No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml index 6a79a0ec163e..87eff681b88a 100644 --- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.22 +lastReleaseVersion: 1.7.21 diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index d6062ac903d3..f8e6ff0dc93a 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.7.22 +version: 1.7.22-dev groups: - csharp - solorigate diff --git a/csharp/ql/lib/CHANGELOG.md b/csharp/ql/lib/CHANGELOG.md index 50a19e99d36a..e8db03319514 100644 --- a/csharp/ql/lib/CHANGELOG.md +++ b/csharp/ql/lib/CHANGELOG.md @@ -1,7 +1,3 @@ -## 1.0.5 - -No user-facing changes. - ## 1.0.4 No user-facing changes. diff --git a/csharp/ql/lib/change-notes/released/1.0.5.md b/csharp/ql/lib/change-notes/released/1.0.5.md deleted file mode 100644 index 56907442d251..000000000000 --- a/csharp/ql/lib/change-notes/released/1.0.5.md +++ /dev/null @@ -1,3 +0,0 @@ -## 1.0.5 - -No user-facing changes. diff --git a/csharp/ql/lib/codeql-pack.release.yml b/csharp/ql/lib/codeql-pack.release.yml index 42da17b38415..03f7ea71b58e 100644 --- a/csharp/ql/lib/codeql-pack.release.yml +++ b/csharp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.5 +lastReleaseVersion: 1.0.4 diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index 6df287fb5e1c..7c679023e56f 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 1.0.5 +version: 1.0.5-dev groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/CHANGELOG.md b/csharp/ql/src/CHANGELOG.md index bd25f8118dd5..0b2583745f1e 100644 --- a/csharp/ql/src/CHANGELOG.md +++ b/csharp/ql/src/CHANGELOG.md @@ -1,7 +1,3 @@ -## 1.0.5 - -No user-facing changes. - ## 1.0.4 No user-facing changes. diff --git a/csharp/ql/src/change-notes/released/1.0.5.md b/csharp/ql/src/change-notes/released/1.0.5.md deleted file mode 100644 index 56907442d251..000000000000 --- a/csharp/ql/src/change-notes/released/1.0.5.md +++ /dev/null @@ -1,3 +0,0 @@ -## 1.0.5 - -No user-facing changes. diff --git a/csharp/ql/src/codeql-pack.release.yml b/csharp/ql/src/codeql-pack.release.yml index 42da17b38415..03f7ea71b58e 100644 --- a/csharp/ql/src/codeql-pack.release.yml +++ b/csharp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.5 +lastReleaseVersion: 1.0.4 diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index 1f6b695454dc..d1efd4cbf183 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 1.0.5 +version: 1.0.5-dev groups: - csharp - queries diff --git a/go/ql/consistency-queries/CHANGELOG.md b/go/ql/consistency-queries/CHANGELOG.md index 2e7162889c38..bdc66d513224 100644 --- a/go/ql/consistency-queries/CHANGELOG.md +++ b/go/ql/consistency-queries/CHANGELOG.md @@ -1,7 +1,3 @@ -## 1.0.5 - -No user-facing changes. - ## 1.0.4 No user-facing changes. diff --git a/go/ql/consistency-queries/change-notes/released/1.0.5.md b/go/ql/consistency-queries/change-notes/released/1.0.5.md deleted file mode 100644 index 56907442d251..000000000000 --- a/go/ql/consistency-queries/change-notes/released/1.0.5.md +++ /dev/null @@ -1,3 +0,0 @@ -## 1.0.5 - -No user-facing changes. diff --git a/go/ql/consistency-queries/codeql-pack.release.yml b/go/ql/consistency-queries/codeql-pack.release.yml index 42da17b38415..03f7ea71b58e 100644 --- a/go/ql/consistency-queries/codeql-pack.release.yml +++ b/go/ql/consistency-queries/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.5 +lastReleaseVersion: 1.0.4 diff --git a/go/ql/consistency-queries/qlpack.yml b/go/ql/consistency-queries/qlpack.yml index 62d6836c3c35..84c6cd451e2e 100644 --- a/go/ql/consistency-queries/qlpack.yml +++ b/go/ql/consistency-queries/qlpack.yml @@ -1,5 +1,5 @@ name: codeql-go-consistency-queries -version: 1.0.5 +version: 1.0.5-dev groups: - go - queries diff --git a/go/ql/lib/CHANGELOG.md b/go/ql/lib/CHANGELOG.md index 41cfec4595ef..ed4e9b3750f8 100644 --- a/go/ql/lib/CHANGELOG.md +++ b/go/ql/lib/CHANGELOG.md @@ -1,7 +1,3 @@ -## 1.1.4 - -No user-facing changes. - ## 1.1.3 ### Minor Analysis Improvements diff --git a/go/ql/lib/change-notes/released/1.1.4.md b/go/ql/lib/change-notes/released/1.1.4.md deleted file mode 100644 index b95051903c5a..000000000000 --- a/go/ql/lib/change-notes/released/1.1.4.md +++ /dev/null @@ -1,3 +0,0 @@ -## 1.1.4 - -No user-facing changes. diff --git a/go/ql/lib/codeql-pack.release.yml b/go/ql/lib/codeql-pack.release.yml index 26cbcd3f123b..35e710ab1bf0 100644 --- a/go/ql/lib/codeql-pack.release.yml +++ b/go/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.1.4 +lastReleaseVersion: 1.1.3 diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index 574d34df3c58..0393983bbc1e 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 1.1.4 +version: 1.1.4-dev groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/src/CHANGELOG.md b/go/ql/src/CHANGELOG.md index 36470f89ebab..7248057e4089 100644 --- a/go/ql/src/CHANGELOG.md +++ b/go/ql/src/CHANGELOG.md @@ -1,7 +1,3 @@ -## 1.0.5 - -No user-facing changes. - ## 1.0.4 No user-facing changes. diff --git a/go/ql/src/change-notes/released/1.0.5.md b/go/ql/src/change-notes/released/1.0.5.md deleted file mode 100644 index 56907442d251..000000000000 --- a/go/ql/src/change-notes/released/1.0.5.md +++ /dev/null @@ -1,3 +0,0 @@ -## 1.0.5 - -No user-facing changes. diff --git a/go/ql/src/codeql-pack.release.yml b/go/ql/src/codeql-pack.release.yml index 42da17b38415..03f7ea71b58e 100644 --- a/go/ql/src/codeql-pack.release.yml +++ b/go/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.5 +lastReleaseVersion: 1.0.4 diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index 2d492bd3eaa7..36f79d28b5b4 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 1.0.5 +version: 1.0.5-dev groups: - go - queries diff --git a/java/ql/automodel/src/CHANGELOG.md b/java/ql/automodel/src/CHANGELOG.md index 7dc759d1ac6f..7ef174ca56a5 100644 --- a/java/ql/automodel/src/CHANGELOG.md +++ b/java/ql/automodel/src/CHANGELOG.md @@ -1,7 +1,3 @@ -## 1.0.5 - -No user-facing changes. - ## 1.0.4 No user-facing changes. diff --git a/java/ql/automodel/src/change-notes/released/1.0.5.md b/java/ql/automodel/src/change-notes/released/1.0.5.md deleted file mode 100644 index 56907442d251..000000000000 --- a/java/ql/automodel/src/change-notes/released/1.0.5.md +++ /dev/null @@ -1,3 +0,0 @@ -## 1.0.5 - -No user-facing changes. diff --git a/java/ql/automodel/src/codeql-pack.release.yml b/java/ql/automodel/src/codeql-pack.release.yml index 42da17b38415..03f7ea71b58e 100644 --- a/java/ql/automodel/src/codeql-pack.release.yml +++ b/java/ql/automodel/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.5 +lastReleaseVersion: 1.0.4 diff --git a/java/ql/automodel/src/qlpack.yml b/java/ql/automodel/src/qlpack.yml index 77cfa34c6dbe..59878324d3d2 100644 --- a/java/ql/automodel/src/qlpack.yml +++ b/java/ql/automodel/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-automodel-queries -version: 1.0.5 +version: 1.0.5-dev groups: - java - automodel diff --git a/java/ql/lib/CHANGELOG.md b/java/ql/lib/CHANGELOG.md index 2dd89daf33f6..07b324f259c5 100644 --- a/java/ql/lib/CHANGELOG.md +++ b/java/ql/lib/CHANGELOG.md @@ -1,23 +1,3 @@ -## 3.0.0 - -### Breaking Changes - -* The Java and Kotlin extractors no longer support the `SOURCE_ARCHIVE` and `TRAP_FOLDER` legacy environment variable. - -### New Features - -* Java support for `build-mode: none` is now out of beta, and generally available. - -### Major Analysis Improvements - -* We previously considered reverse DNS resolutions (IP address -> domain name) as sources of untrusted data, since compromised/malicious DNS servers could potentially return malicious responses to arbitrary requests. We have now removed this source from the default set of untrusted sources and made a new threat model kind for them, called "reverse-dns". You can optionally include other threat models as appropriate when using the CodeQL CLI and in GitHub code scanning. For more information, see [Analyzing your code with CodeQL queries](https://docs.github.com/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries#including-model-packs-to-add-potential-sources-of-tainted-data>) and [Customizing your advanced setup for code scanning](https://docs.github.com/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#extending-codeql-coverage-with-threat-models). - -### Minor Analysis Improvements - -* Added flow through some methods of the class `java.net.URL` by ensuring that the fields of a URL are tainted. -* Added path-injection sinks for `org.apache.tools.ant.taskdefs.Property.setFile` and `org.apache.tools.ant.taskdefs.Property.setResource`. -* Adds models for request handlers using the `org.lastaflute.web` web framework. - ## 2.0.0 ### Breaking Changes diff --git a/java/ql/lib/change-notes/released/3.0.0.md b/java/ql/lib/change-notes/2024-06-14-reverse-dns-separate-threat-model-kind.md similarity index 60% rename from java/ql/lib/change-notes/released/3.0.0.md rename to java/ql/lib/change-notes/2024-06-14-reverse-dns-separate-threat-model-kind.md index be106b16574c..f5e39a0b5ea5 100644 --- a/java/ql/lib/change-notes/released/3.0.0.md +++ b/java/ql/lib/change-notes/2024-06-14-reverse-dns-separate-threat-model-kind.md @@ -1,19 +1,4 @@ -## 3.0.0 - -### Breaking Changes - -* The Java and Kotlin extractors no longer support the `SOURCE_ARCHIVE` and `TRAP_FOLDER` legacy environment variable. - -### New Features - -* Java support for `build-mode: none` is now out of beta, and generally available. - -### Major Analysis Improvements - +--- +category: majorAnalysis +--- * We previously considered reverse DNS resolutions (IP address -> domain name) as sources of untrusted data, since compromised/malicious DNS servers could potentially return malicious responses to arbitrary requests. We have now removed this source from the default set of untrusted sources and made a new threat model kind for them, called "reverse-dns". You can optionally include other threat models as appropriate when using the CodeQL CLI and in GitHub code scanning. For more information, see [Analyzing your code with CodeQL queries](https://docs.github.com/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries#including-model-packs-to-add-potential-sources-of-tainted-data>) and [Customizing your advanced setup for code scanning](https://docs.github.com/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#extending-codeql-coverage-with-threat-models). - -### Minor Analysis Improvements - -* Added flow through some methods of the class `java.net.URL` by ensuring that the fields of a URL are tainted. -* Added path-injection sinks for `org.apache.tools.ant.taskdefs.Property.setFile` and `org.apache.tools.ant.taskdefs.Property.setResource`. -* Adds models for request handlers using the `org.lastaflute.web` web framework. diff --git a/java/ql/lib/change-notes/2024-07-16-add-models-for-the-lastaflute-framework.md b/java/ql/lib/change-notes/2024-07-16-add-models-for-the-lastaflute-framework.md new file mode 100644 index 000000000000..b5f924cdb676 --- /dev/null +++ b/java/ql/lib/change-notes/2024-07-16-add-models-for-the-lastaflute-framework.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Adds models for request handlers using the `org.lastaflute.web` web framework. diff --git a/java/ql/lib/change-notes/2024-07-19-apache-ant-property-sinks.md b/java/ql/lib/change-notes/2024-07-19-apache-ant-property-sinks.md new file mode 100644 index 000000000000..11d84d15e3f2 --- /dev/null +++ b/java/ql/lib/change-notes/2024-07-19-apache-ant-property-sinks.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Added path-injection sinks for `org.apache.tools.ant.taskdefs.Property.setFile` and `org.apache.tools.ant.taskdefs.Property.setResource`. diff --git a/java/ql/lib/change-notes/2024-07-24-url-fields-inherit-taint.md b/java/ql/lib/change-notes/2024-07-24-url-fields-inherit-taint.md new file mode 100644 index 000000000000..80851dbc6559 --- /dev/null +++ b/java/ql/lib/change-notes/2024-07-24-url-fields-inherit-taint.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Added flow through some methods of the class `java.net.URL` by ensuring that the fields of a URL are tainted. diff --git a/java/ql/lib/change-notes/2024-07-25-env-vars.md b/java/ql/lib/change-notes/2024-07-25-env-vars.md new file mode 100644 index 000000000000..8c58be3b4126 --- /dev/null +++ b/java/ql/lib/change-notes/2024-07-25-env-vars.md @@ -0,0 +1,4 @@ +--- +category: breaking +--- +* The Java and Kotlin extractors no longer support the `SOURCE_ARCHIVE` and `TRAP_FOLDER` legacy environment variable. diff --git a/java/ql/lib/change-notes/2024-08-02-buildless-ga.md b/java/ql/lib/change-notes/2024-08-02-buildless-ga.md new file mode 100644 index 000000000000..8d2d8b6255d4 --- /dev/null +++ b/java/ql/lib/change-notes/2024-08-02-buildless-ga.md @@ -0,0 +1,4 @@ +--- +category: feature +--- +* Java support for `build-mode: none` is now out of beta, and generally available. diff --git a/java/ql/lib/codeql-pack.release.yml b/java/ql/lib/codeql-pack.release.yml index 33d3a2cd1139..0abe6ccede0f 100644 --- a/java/ql/lib/codeql-pack.release.yml +++ b/java/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 3.0.0 +lastReleaseVersion: 2.0.0 diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index 74bb47b0b8d0..470dfa198988 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 3.0.0 +version: 2.0.1-dev groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/CHANGELOG.md b/java/ql/src/CHANGELOG.md index 464768e3a7fc..79a69c7ed9b6 100644 --- a/java/ql/src/CHANGELOG.md +++ b/java/ql/src/CHANGELOG.md @@ -1,12 +1,3 @@ -## 1.1.2 - -### Minor Analysis Improvements - -* Variables names containing the string "tokenizer" (case-insensitively) are no longer sources for the `java/sensitive-log` query. They normally relate to things like `java.util.StringTokenizer`, which are not sensitive information. This should fix some false positive alerts. -* The query "Unused classes and interfaces" (`java/unused-reference-type`) now recognizes that if a method of a class has an annotation then it may be accessed reflectively. This should remove false positive alerts, especially for JUnit 4-style tests annotated with `@test`. -* Alerts about exposing `exception.getMessage()` in servlet responses are now split out of `java/stack-trace-exposure` into its own query `java/error-message-exposure`. -* Added the extensible abstract class `SensitiveLoggerSource`. Now this class can be extended to add more sources to the `java/sensitive-log` query or for customizations overrides. - ## 1.1.1 ### Minor Analysis Improvements @@ -334,7 +325,7 @@ No user-facing changes. ### New Queries * Added a new query, `java/android/incomplete-provider-permissions`, to detect if an Android ContentProvider is not protected with a correct set of permissions. -* A new query "Uncontrolled data used in content resolution" (`java/androd/unsafe-content-uri-resolution`) has been added. This query finds paths from user-provided data to URI resolution operations in Android's `ContentResolver` without previous validation or sanitization. +* A new query "Uncontrolled data used in content resolution" (`java/android/unsafe-content-uri-resolution`) has been added. This query finds paths from user-provided data to URI resolution operations in Android's `ContentResolver` without previous validation or sanitization. ## 0.4.1 diff --git a/java/ql/src/change-notes/2024-07-23-java-sensitivelogging-source.md b/java/ql/src/change-notes/2024-07-23-java-sensitivelogging-source.md new file mode 100644 index 000000000000..ff8a3e12ee4a --- /dev/null +++ b/java/ql/src/change-notes/2024-07-23-java-sensitivelogging-source.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Added the extensible abstract class `SensitiveLoggerSource`. Now this class can be extended to add more sources to the `java/sensitive-log` query or for customizations overrides. \ No newline at end of file diff --git a/java/ql/src/change-notes/2024-07-25-java-error-message-exposure.md b/java/ql/src/change-notes/2024-07-25-java-error-message-exposure.md new file mode 100644 index 000000000000..2cc18cc1c644 --- /dev/null +++ b/java/ql/src/change-notes/2024-07-25-java-error-message-exposure.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Alerts about exposing `exception.getMessage()` in servlet responses are now split out of `java/stack-trace-exposure` into its own query `java/error-message-exposure`. \ No newline at end of file diff --git a/java/ql/src/change-notes/2024-07-30-sensitive-log-whitelist-tokenizer.md b/java/ql/src/change-notes/2024-07-30-sensitive-log-whitelist-tokenizer.md new file mode 100644 index 000000000000..a9a2bf2a9e0c --- /dev/null +++ b/java/ql/src/change-notes/2024-07-30-sensitive-log-whitelist-tokenizer.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Variables names containing the string "tokenizer" (case-insensitively) are no longer sources for the `java/sensitive-log` query. They normally relate to things like `java.util.StringTokenizer`, which are not sensitive information. This should fix some false positive alerts. diff --git a/java/ql/src/change-notes/2024-07-30-unused.md b/java/ql/src/change-notes/2024-07-30-unused.md new file mode 100644 index 000000000000..44eaaf515e5f --- /dev/null +++ b/java/ql/src/change-notes/2024-07-30-unused.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* The query "Unused classes and interfaces" (`java/unused-reference-type`) now recognizes that if a method of a class has an annotation then it may be accessed reflectively. This should remove false positive alerts, especially for JUnit 4-style tests annotated with `@test`. diff --git a/java/ql/src/change-notes/released/1.1.2.md b/java/ql/src/change-notes/released/1.1.2.md deleted file mode 100644 index f14365cfdd3a..000000000000 --- a/java/ql/src/change-notes/released/1.1.2.md +++ /dev/null @@ -1,8 +0,0 @@ -## 1.1.2 - -### Minor Analysis Improvements - -* Variables names containing the string "tokenizer" (case-insensitively) are no longer sources for the `java/sensitive-log` query. They normally relate to things like `java.util.StringTokenizer`, which are not sensitive information. This should fix some false positive alerts. -* The query "Unused classes and interfaces" (`java/unused-reference-type`) now recognizes that if a method of a class has an annotation then it may be accessed reflectively. This should remove false positive alerts, especially for JUnit 4-style tests annotated with `@test`. -* Alerts about exposing `exception.getMessage()` in servlet responses are now split out of `java/stack-trace-exposure` into its own query `java/error-message-exposure`. -* Added the extensible abstract class `SensitiveLoggerSource`. Now this class can be extended to add more sources to the `java/sensitive-log` query or for customizations overrides. diff --git a/java/ql/src/codeql-pack.release.yml b/java/ql/src/codeql-pack.release.yml index 53ab127707fc..1a19084be3f7 100644 --- a/java/ql/src/codeql-pack.release.yml +++ b/java/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.1.2 +lastReleaseVersion: 1.1.1 diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index 2b82652c07ed..e34220277ab7 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 1.1.2 +version: 1.1.2-dev groups: - java - queries diff --git a/javascript/ql/lib/CHANGELOG.md b/javascript/ql/lib/CHANGELOG.md index 134bbe39a693..182f9a9685c5 100644 --- a/javascript/ql/lib/CHANGELOG.md +++ b/javascript/ql/lib/CHANGELOG.md @@ -1,7 +1,3 @@ -## 1.1.2 - -No user-facing changes. - ## 1.1.1 No user-facing changes. diff --git a/javascript/ql/lib/change-notes/released/1.1.2.md b/javascript/ql/lib/change-notes/released/1.1.2.md deleted file mode 100644 index ce8d2c1a4f37..000000000000 --- a/javascript/ql/lib/change-notes/released/1.1.2.md +++ /dev/null @@ -1,3 +0,0 @@ -## 1.1.2 - -No user-facing changes. diff --git a/javascript/ql/lib/codeql-pack.release.yml b/javascript/ql/lib/codeql-pack.release.yml index 53ab127707fc..1a19084be3f7 100644 --- a/javascript/ql/lib/codeql-pack.release.yml +++ b/javascript/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.1.2 +lastReleaseVersion: 1.1.1 diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index 55728be6e206..f7bdd033b1c9 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 1.1.2 +version: 1.1.2-dev groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/CHANGELOG.md b/javascript/ql/src/CHANGELOG.md index af1e040cc44a..0f30798ecd18 100644 --- a/javascript/ql/src/CHANGELOG.md +++ b/javascript/ql/src/CHANGELOG.md @@ -1,7 +1,3 @@ -## 1.1.1 - -No user-facing changes. - ## 1.1.0 ### New Queries diff --git a/javascript/ql/src/change-notes/released/1.1.1.md b/javascript/ql/src/change-notes/released/1.1.1.md deleted file mode 100644 index 7fb56d366105..000000000000 --- a/javascript/ql/src/change-notes/released/1.1.1.md +++ /dev/null @@ -1,3 +0,0 @@ -## 1.1.1 - -No user-facing changes. diff --git a/javascript/ql/src/codeql-pack.release.yml b/javascript/ql/src/codeql-pack.release.yml index 1a19084be3f7..2ac15439f561 100644 --- a/javascript/ql/src/codeql-pack.release.yml +++ b/javascript/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.1.1 +lastReleaseVersion: 1.1.0 diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index 930347d58bc4..bd70dd01c26f 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 1.1.1 +version: 1.1.1-dev groups: - javascript - queries diff --git a/misc/suite-helpers/CHANGELOG.md b/misc/suite-helpers/CHANGELOG.md index 5e4196ac3372..9f92ac20b255 100644 --- a/misc/suite-helpers/CHANGELOG.md +++ b/misc/suite-helpers/CHANGELOG.md @@ -1,7 +1,3 @@ -## 1.0.5 - -No user-facing changes. - ## 1.0.4 No user-facing changes. diff --git a/misc/suite-helpers/change-notes/released/1.0.5.md b/misc/suite-helpers/change-notes/released/1.0.5.md deleted file mode 100644 index 56907442d251..000000000000 --- a/misc/suite-helpers/change-notes/released/1.0.5.md +++ /dev/null @@ -1,3 +0,0 @@ -## 1.0.5 - -No user-facing changes. diff --git a/misc/suite-helpers/codeql-pack.release.yml b/misc/suite-helpers/codeql-pack.release.yml index 42da17b38415..03f7ea71b58e 100644 --- a/misc/suite-helpers/codeql-pack.release.yml +++ b/misc/suite-helpers/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.5 +lastReleaseVersion: 1.0.4 diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml index 530d81be5a7a..b09efa35a30e 100644 --- a/misc/suite-helpers/qlpack.yml +++ b/misc/suite-helpers/qlpack.yml @@ -1,4 +1,4 @@ name: codeql/suite-helpers -version: 1.0.5 +version: 1.0.5-dev groups: shared warnOnImplicitThis: true diff --git a/python/ql/lib/CHANGELOG.md b/python/ql/lib/CHANGELOG.md index 87cbf5bfda15..382efff551c6 100644 --- a/python/ql/lib/CHANGELOG.md +++ b/python/ql/lib/CHANGELOG.md @@ -1,9 +1,3 @@ -## 1.0.5 - -### Minor Analysis Improvements - -* Added support for `DictionaryElement[]` and `DictionaryElementAny` when Customizing Library Models for `sourceModel` (see https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-python/) - ## 1.0.4 ### Minor Analysis Improvements diff --git a/python/ql/lib/change-notes/released/1.0.5.md b/python/ql/lib/change-notes/2024-07-12-mad-dict-sources.md similarity index 83% rename from python/ql/lib/change-notes/released/1.0.5.md rename to python/ql/lib/change-notes/2024-07-12-mad-dict-sources.md index f65ec74a0951..1cc64bc5e7f3 100644 --- a/python/ql/lib/change-notes/released/1.0.5.md +++ b/python/ql/lib/change-notes/2024-07-12-mad-dict-sources.md @@ -1,5 +1,4 @@ -## 1.0.5 - -### Minor Analysis Improvements - +--- +category: minorAnalysis +--- * Added support for `DictionaryElement[]` and `DictionaryElementAny` when Customizing Library Models for `sourceModel` (see https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-python/) diff --git a/python/ql/lib/codeql-pack.release.yml b/python/ql/lib/codeql-pack.release.yml index 42da17b38415..03f7ea71b58e 100644 --- a/python/ql/lib/codeql-pack.release.yml +++ b/python/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.5 +lastReleaseVersion: 1.0.4 diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index d43d4386a88e..f25441dbef5e 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 1.0.5 +version: 1.0.5-dev groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/CHANGELOG.md b/python/ql/src/CHANGELOG.md index 318971129253..b386509bd979 100644 --- a/python/ql/src/CHANGELOG.md +++ b/python/ql/src/CHANGELOG.md @@ -1,13 +1,3 @@ -## 1.1.0 - -### New Queries - -* The `py/cookie-injection` query, originally contributed to the experimental query pack by @jorgectf, has been promoted to the main query pack. This query finds instances of cookies being constructed from user input. - -### Minor Analysis Improvements - -* Added models of `streamlit` PyPI package. - ## 1.0.4 No user-facing changes. diff --git a/python/ql/src/change-notes/released/1.1.0.md b/python/ql/src/change-notes/2024-07-19-cookie-injection.md similarity index 59% rename from python/ql/src/change-notes/released/1.1.0.md rename to python/ql/src/change-notes/2024-07-19-cookie-injection.md index 9ced8370f539..ceefa99c886b 100644 --- a/python/ql/src/change-notes/released/1.1.0.md +++ b/python/ql/src/change-notes/2024-07-19-cookie-injection.md @@ -1,9 +1,4 @@ -## 1.1.0 - -### New Queries - -* The `py/cookie-injection` query, originally contributed to the experimental query pack by @jorgectf, has been promoted to the main query pack. This query finds instances of cookies being constructed from user input. - -### Minor Analysis Improvements - -* Added models of `streamlit` PyPI package. +--- +category: newQuery +--- +* The `py/cookie-injection` query, originally contributed to the experimental query pack by @jorgectf, has been promoted to the main query pack. This query finds instances of cookies being constructed from user input. \ No newline at end of file diff --git a/python/ql/src/change-notes/2024-07-26-streamlit-models.md b/python/ql/src/change-notes/2024-07-26-streamlit-models.md new file mode 100644 index 000000000000..7deba7dffed6 --- /dev/null +++ b/python/ql/src/change-notes/2024-07-26-streamlit-models.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Added models of `streamlit` PyPI package. diff --git a/python/ql/src/codeql-pack.release.yml b/python/ql/src/codeql-pack.release.yml index 2ac15439f561..03f7ea71b58e 100644 --- a/python/ql/src/codeql-pack.release.yml +++ b/python/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.1.0 +lastReleaseVersion: 1.0.4 diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index d994d8744a18..6c6bf5f7798f 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 1.1.0 +version: 1.0.5-dev groups: - python - queries diff --git a/ruby/ql/lib/CHANGELOG.md b/ruby/ql/lib/CHANGELOG.md index 4d575d4ef0f3..865dc997f3a6 100644 --- a/ruby/ql/lib/CHANGELOG.md +++ b/ruby/ql/lib/CHANGELOG.md @@ -1,7 +1,3 @@ -## 1.0.5 - -No user-facing changes. - ## 1.0.4 No user-facing changes. diff --git a/ruby/ql/lib/change-notes/released/1.0.5.md b/ruby/ql/lib/change-notes/released/1.0.5.md deleted file mode 100644 index 56907442d251..000000000000 --- a/ruby/ql/lib/change-notes/released/1.0.5.md +++ /dev/null @@ -1,3 +0,0 @@ -## 1.0.5 - -No user-facing changes. diff --git a/ruby/ql/lib/codeql-pack.release.yml b/ruby/ql/lib/codeql-pack.release.yml index 42da17b38415..03f7ea71b58e 100644 --- a/ruby/ql/lib/codeql-pack.release.yml +++ b/ruby/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.5 +lastReleaseVersion: 1.0.4 diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index 5a94c2c93d3c..6cee97698704 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 1.0.5 +version: 1.0.5-dev groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/CHANGELOG.md b/ruby/ql/src/CHANGELOG.md index 37101f41c704..ac5d0c7525c0 100644 --- a/ruby/ql/src/CHANGELOG.md +++ b/ruby/ql/src/CHANGELOG.md @@ -1,9 +1,3 @@ -## 1.1.0 - -### New Queries - -* Added a new query, `rb/weak-sensitive-data-hashing`, to detect cases where sensitive data is hashed using a weak cryptographic hashing algorithm. - ## 1.0.4 No user-facing changes. diff --git a/ruby/ql/src/change-notes/released/1.1.0.md b/ruby/ql/src/change-notes/2024-06-18-weak-sensitive-data-hashing-query.md similarity index 84% rename from ruby/ql/src/change-notes/released/1.1.0.md rename to ruby/ql/src/change-notes/2024-06-18-weak-sensitive-data-hashing-query.md index 17dcb0b1237f..6fffd21d616c 100644 --- a/ruby/ql/src/change-notes/released/1.1.0.md +++ b/ruby/ql/src/change-notes/2024-06-18-weak-sensitive-data-hashing-query.md @@ -1,5 +1,4 @@ -## 1.1.0 - -### New Queries - +--- +category: newQuery +--- * Added a new query, `rb/weak-sensitive-data-hashing`, to detect cases where sensitive data is hashed using a weak cryptographic hashing algorithm. diff --git a/ruby/ql/src/codeql-pack.release.yml b/ruby/ql/src/codeql-pack.release.yml index 2ac15439f561..03f7ea71b58e 100644 --- a/ruby/ql/src/codeql-pack.release.yml +++ b/ruby/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.1.0 +lastReleaseVersion: 1.0.4 diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index 675736868034..c1c895167bcd 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 1.1.0 +version: 1.0.5-dev groups: - ruby - queries diff --git a/shared/controlflow/CHANGELOG.md b/shared/controlflow/CHANGELOG.md index f62d99b8a599..047afa97e510 100644 --- a/shared/controlflow/CHANGELOG.md +++ b/shared/controlflow/CHANGELOG.md @@ -1,7 +1,3 @@ -## 1.0.5 - -No user-facing changes. - ## 1.0.4 No user-facing changes. diff --git a/shared/controlflow/change-notes/released/1.0.5.md b/shared/controlflow/change-notes/released/1.0.5.md deleted file mode 100644 index 56907442d251..000000000000 --- a/shared/controlflow/change-notes/released/1.0.5.md +++ /dev/null @@ -1,3 +0,0 @@ -## 1.0.5 - -No user-facing changes. diff --git a/shared/controlflow/codeql-pack.release.yml b/shared/controlflow/codeql-pack.release.yml index 42da17b38415..03f7ea71b58e 100644 --- a/shared/controlflow/codeql-pack.release.yml +++ b/shared/controlflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.5 +lastReleaseVersion: 1.0.4 diff --git a/shared/controlflow/qlpack.yml b/shared/controlflow/qlpack.yml index 411b43b82cc4..e981c2fed5dc 100644 --- a/shared/controlflow/qlpack.yml +++ b/shared/controlflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/controlflow -version: 1.0.5 +version: 1.0.5-dev groups: shared library: true dependencies: diff --git a/shared/dataflow/CHANGELOG.md b/shared/dataflow/CHANGELOG.md index 0a94e1b80ec2..ca6c7165b9bf 100644 --- a/shared/dataflow/CHANGELOG.md +++ b/shared/dataflow/CHANGELOG.md @@ -1,7 +1,3 @@ -## 1.0.5 - -No user-facing changes. - ## 1.0.4 No user-facing changes. diff --git a/shared/dataflow/change-notes/released/1.0.5.md b/shared/dataflow/change-notes/released/1.0.5.md deleted file mode 100644 index 56907442d251..000000000000 --- a/shared/dataflow/change-notes/released/1.0.5.md +++ /dev/null @@ -1,3 +0,0 @@ -## 1.0.5 - -No user-facing changes. diff --git a/shared/dataflow/codeql-pack.release.yml b/shared/dataflow/codeql-pack.release.yml index 42da17b38415..03f7ea71b58e 100644 --- a/shared/dataflow/codeql-pack.release.yml +++ b/shared/dataflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.5 +lastReleaseVersion: 1.0.4 diff --git a/shared/dataflow/qlpack.yml b/shared/dataflow/qlpack.yml index bfec0e93a53a..4302341cb3b5 100644 --- a/shared/dataflow/qlpack.yml +++ b/shared/dataflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/dataflow -version: 1.0.5 +version: 1.0.5-dev groups: shared library: true dependencies: diff --git a/shared/mad/CHANGELOG.md b/shared/mad/CHANGELOG.md index 0bf218b96568..8680f86e786b 100644 --- a/shared/mad/CHANGELOG.md +++ b/shared/mad/CHANGELOG.md @@ -1,7 +1,3 @@ -## 1.0.5 - -No user-facing changes. - ## 1.0.4 No user-facing changes. diff --git a/shared/mad/change-notes/released/1.0.5.md b/shared/mad/change-notes/released/1.0.5.md deleted file mode 100644 index 56907442d251..000000000000 --- a/shared/mad/change-notes/released/1.0.5.md +++ /dev/null @@ -1,3 +0,0 @@ -## 1.0.5 - -No user-facing changes. diff --git a/shared/mad/codeql-pack.release.yml b/shared/mad/codeql-pack.release.yml index 42da17b38415..03f7ea71b58e 100644 --- a/shared/mad/codeql-pack.release.yml +++ b/shared/mad/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.5 +lastReleaseVersion: 1.0.4 diff --git a/shared/mad/qlpack.yml b/shared/mad/qlpack.yml index 21aa9dc3cb74..0c16b8a9bddb 100644 --- a/shared/mad/qlpack.yml +++ b/shared/mad/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/mad -version: 1.0.5 +version: 1.0.5-dev groups: shared library: true dependencies: diff --git a/shared/rangeanalysis/CHANGELOG.md b/shared/rangeanalysis/CHANGELOG.md index f445578246d1..a33a857c9057 100644 --- a/shared/rangeanalysis/CHANGELOG.md +++ b/shared/rangeanalysis/CHANGELOG.md @@ -1,7 +1,3 @@ -## 1.0.5 - -No user-facing changes. - ## 1.0.4 No user-facing changes. diff --git a/shared/rangeanalysis/change-notes/released/1.0.5.md b/shared/rangeanalysis/change-notes/released/1.0.5.md deleted file mode 100644 index 56907442d251..000000000000 --- a/shared/rangeanalysis/change-notes/released/1.0.5.md +++ /dev/null @@ -1,3 +0,0 @@ -## 1.0.5 - -No user-facing changes. diff --git a/shared/rangeanalysis/codeql-pack.release.yml b/shared/rangeanalysis/codeql-pack.release.yml index 42da17b38415..03f7ea71b58e 100644 --- a/shared/rangeanalysis/codeql-pack.release.yml +++ b/shared/rangeanalysis/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.5 +lastReleaseVersion: 1.0.4 diff --git a/shared/rangeanalysis/qlpack.yml b/shared/rangeanalysis/qlpack.yml index 0a0b326205c1..c2f65e2931f0 100644 --- a/shared/rangeanalysis/qlpack.yml +++ b/shared/rangeanalysis/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rangeanalysis -version: 1.0.5 +version: 1.0.5-dev groups: shared library: true dependencies: diff --git a/shared/regex/CHANGELOG.md b/shared/regex/CHANGELOG.md index 78f8369e7396..d78925faba07 100644 --- a/shared/regex/CHANGELOG.md +++ b/shared/regex/CHANGELOG.md @@ -1,7 +1,3 @@ -## 1.0.5 - -No user-facing changes. - ## 1.0.4 No user-facing changes. diff --git a/shared/regex/change-notes/released/1.0.5.md b/shared/regex/change-notes/released/1.0.5.md deleted file mode 100644 index 56907442d251..000000000000 --- a/shared/regex/change-notes/released/1.0.5.md +++ /dev/null @@ -1,3 +0,0 @@ -## 1.0.5 - -No user-facing changes. diff --git a/shared/regex/codeql-pack.release.yml b/shared/regex/codeql-pack.release.yml index 42da17b38415..03f7ea71b58e 100644 --- a/shared/regex/codeql-pack.release.yml +++ b/shared/regex/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.5 +lastReleaseVersion: 1.0.4 diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml index d0b658524fe6..930dfbf4098b 100644 --- a/shared/regex/qlpack.yml +++ b/shared/regex/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/regex -version: 1.0.5 +version: 1.0.5-dev groups: shared library: true dependencies: diff --git a/shared/ssa/CHANGELOG.md b/shared/ssa/CHANGELOG.md index f41fc9a7fe7e..1a64a39471c8 100644 --- a/shared/ssa/CHANGELOG.md +++ b/shared/ssa/CHANGELOG.md @@ -1,7 +1,3 @@ -## 1.0.5 - -No user-facing changes. - ## 1.0.4 No user-facing changes. diff --git a/shared/ssa/change-notes/released/1.0.5.md b/shared/ssa/change-notes/released/1.0.5.md deleted file mode 100644 index 56907442d251..000000000000 --- a/shared/ssa/change-notes/released/1.0.5.md +++ /dev/null @@ -1,3 +0,0 @@ -## 1.0.5 - -No user-facing changes. diff --git a/shared/ssa/codeql-pack.release.yml b/shared/ssa/codeql-pack.release.yml index 42da17b38415..03f7ea71b58e 100644 --- a/shared/ssa/codeql-pack.release.yml +++ b/shared/ssa/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.5 +lastReleaseVersion: 1.0.4 diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml index 6ff39d141cdc..e59f7a2e601d 100644 --- a/shared/ssa/qlpack.yml +++ b/shared/ssa/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ssa -version: 1.0.5 +version: 1.0.5-dev groups: shared library: true dependencies: diff --git a/shared/threat-models/CHANGELOG.md b/shared/threat-models/CHANGELOG.md index 2e7162889c38..bdc66d513224 100644 --- a/shared/threat-models/CHANGELOG.md +++ b/shared/threat-models/CHANGELOG.md @@ -1,7 +1,3 @@ -## 1.0.5 - -No user-facing changes. - ## 1.0.4 No user-facing changes. diff --git a/shared/threat-models/change-notes/released/1.0.5.md b/shared/threat-models/change-notes/released/1.0.5.md deleted file mode 100644 index 56907442d251..000000000000 --- a/shared/threat-models/change-notes/released/1.0.5.md +++ /dev/null @@ -1,3 +0,0 @@ -## 1.0.5 - -No user-facing changes. diff --git a/shared/threat-models/codeql-pack.release.yml b/shared/threat-models/codeql-pack.release.yml index 42da17b38415..03f7ea71b58e 100644 --- a/shared/threat-models/codeql-pack.release.yml +++ b/shared/threat-models/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.5 +lastReleaseVersion: 1.0.4 diff --git a/shared/threat-models/qlpack.yml b/shared/threat-models/qlpack.yml index fdd405e20961..819206dd32a6 100644 --- a/shared/threat-models/qlpack.yml +++ b/shared/threat-models/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/threat-models -version: 1.0.5 +version: 1.0.5-dev library: true groups: shared dataExtensions: diff --git a/shared/tutorial/CHANGELOG.md b/shared/tutorial/CHANGELOG.md index f20cfe347d73..ad8f62a4e9d5 100644 --- a/shared/tutorial/CHANGELOG.md +++ b/shared/tutorial/CHANGELOG.md @@ -1,7 +1,3 @@ -## 1.0.5 - -No user-facing changes. - ## 1.0.4 No user-facing changes. diff --git a/shared/tutorial/change-notes/released/1.0.5.md b/shared/tutorial/change-notes/released/1.0.5.md deleted file mode 100644 index 56907442d251..000000000000 --- a/shared/tutorial/change-notes/released/1.0.5.md +++ /dev/null @@ -1,3 +0,0 @@ -## 1.0.5 - -No user-facing changes. diff --git a/shared/tutorial/codeql-pack.release.yml b/shared/tutorial/codeql-pack.release.yml index 42da17b38415..03f7ea71b58e 100644 --- a/shared/tutorial/codeql-pack.release.yml +++ b/shared/tutorial/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.5 +lastReleaseVersion: 1.0.4 diff --git a/shared/tutorial/qlpack.yml b/shared/tutorial/qlpack.yml index 502519631d05..c542374804d8 100644 --- a/shared/tutorial/qlpack.yml +++ b/shared/tutorial/qlpack.yml @@ -1,7 +1,7 @@ name: codeql/tutorial description: Library for the CodeQL detective tutorials, helping new users learn to write CodeQL queries. -version: 1.0.5 +version: 1.0.5-dev groups: shared library: true warnOnImplicitThis: true diff --git a/shared/typeflow/CHANGELOG.md b/shared/typeflow/CHANGELOG.md index 7ba137cbf536..b9366dadb5c1 100644 --- a/shared/typeflow/CHANGELOG.md +++ b/shared/typeflow/CHANGELOG.md @@ -1,7 +1,3 @@ -## 1.0.5 - -No user-facing changes. - ## 1.0.4 No user-facing changes. diff --git a/shared/typeflow/change-notes/released/1.0.5.md b/shared/typeflow/change-notes/released/1.0.5.md deleted file mode 100644 index 56907442d251..000000000000 --- a/shared/typeflow/change-notes/released/1.0.5.md +++ /dev/null @@ -1,3 +0,0 @@ -## 1.0.5 - -No user-facing changes. diff --git a/shared/typeflow/codeql-pack.release.yml b/shared/typeflow/codeql-pack.release.yml index 42da17b38415..03f7ea71b58e 100644 --- a/shared/typeflow/codeql-pack.release.yml +++ b/shared/typeflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.5 +lastReleaseVersion: 1.0.4 diff --git a/shared/typeflow/qlpack.yml b/shared/typeflow/qlpack.yml index 95557584bfee..9dbfd6533f47 100644 --- a/shared/typeflow/qlpack.yml +++ b/shared/typeflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typeflow -version: 1.0.5 +version: 1.0.5-dev groups: shared library: true dependencies: diff --git a/shared/typetracking/CHANGELOG.md b/shared/typetracking/CHANGELOG.md index 77d9b6f4fcf5..d17f150b27b2 100644 --- a/shared/typetracking/CHANGELOG.md +++ b/shared/typetracking/CHANGELOG.md @@ -1,7 +1,3 @@ -## 1.0.5 - -No user-facing changes. - ## 1.0.4 No user-facing changes. diff --git a/shared/typetracking/change-notes/released/1.0.5.md b/shared/typetracking/change-notes/released/1.0.5.md deleted file mode 100644 index 56907442d251..000000000000 --- a/shared/typetracking/change-notes/released/1.0.5.md +++ /dev/null @@ -1,3 +0,0 @@ -## 1.0.5 - -No user-facing changes. diff --git a/shared/typetracking/codeql-pack.release.yml b/shared/typetracking/codeql-pack.release.yml index 42da17b38415..03f7ea71b58e 100644 --- a/shared/typetracking/codeql-pack.release.yml +++ b/shared/typetracking/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.5 +lastReleaseVersion: 1.0.4 diff --git a/shared/typetracking/qlpack.yml b/shared/typetracking/qlpack.yml index 0c31e5be9a1b..c2a176796e89 100644 --- a/shared/typetracking/qlpack.yml +++ b/shared/typetracking/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typetracking -version: 1.0.5 +version: 1.0.5-dev groups: shared library: true dependencies: diff --git a/shared/typos/CHANGELOG.md b/shared/typos/CHANGELOG.md index f8ac1347b0f9..d323c0974fe2 100644 --- a/shared/typos/CHANGELOG.md +++ b/shared/typos/CHANGELOG.md @@ -1,7 +1,3 @@ -## 1.0.5 - -No user-facing changes. - ## 1.0.4 No user-facing changes. diff --git a/shared/typos/change-notes/released/1.0.5.md b/shared/typos/change-notes/released/1.0.5.md deleted file mode 100644 index 56907442d251..000000000000 --- a/shared/typos/change-notes/released/1.0.5.md +++ /dev/null @@ -1,3 +0,0 @@ -## 1.0.5 - -No user-facing changes. diff --git a/shared/typos/codeql-pack.release.yml b/shared/typos/codeql-pack.release.yml index 42da17b38415..03f7ea71b58e 100644 --- a/shared/typos/codeql-pack.release.yml +++ b/shared/typos/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.5 +lastReleaseVersion: 1.0.4 diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml index 97b3f34bd045..5bbc01323a88 100644 --- a/shared/typos/qlpack.yml +++ b/shared/typos/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typos -version: 1.0.5 +version: 1.0.5-dev groups: shared library: true warnOnImplicitThis: true diff --git a/shared/util/CHANGELOG.md b/shared/util/CHANGELOG.md index e44386743adc..6042620d77cb 100644 --- a/shared/util/CHANGELOG.md +++ b/shared/util/CHANGELOG.md @@ -1,7 +1,3 @@ -## 1.0.5 - -No user-facing changes. - ## 1.0.4 No user-facing changes. diff --git a/shared/util/change-notes/released/1.0.5.md b/shared/util/change-notes/released/1.0.5.md deleted file mode 100644 index 56907442d251..000000000000 --- a/shared/util/change-notes/released/1.0.5.md +++ /dev/null @@ -1,3 +0,0 @@ -## 1.0.5 - -No user-facing changes. diff --git a/shared/util/codeql-pack.release.yml b/shared/util/codeql-pack.release.yml index 42da17b38415..03f7ea71b58e 100644 --- a/shared/util/codeql-pack.release.yml +++ b/shared/util/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.5 +lastReleaseVersion: 1.0.4 diff --git a/shared/util/qlpack.yml b/shared/util/qlpack.yml index 8b6247e151db..964747c8c599 100644 --- a/shared/util/qlpack.yml +++ b/shared/util/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/util -version: 1.0.5 +version: 1.0.5-dev groups: shared library: true dependencies: null diff --git a/shared/xml/CHANGELOG.md b/shared/xml/CHANGELOG.md index 1b292c168764..1323436e6b2f 100644 --- a/shared/xml/CHANGELOG.md +++ b/shared/xml/CHANGELOG.md @@ -1,7 +1,3 @@ -## 1.0.5 - -No user-facing changes. - ## 1.0.4 No user-facing changes. diff --git a/shared/xml/change-notes/released/1.0.5.md b/shared/xml/change-notes/released/1.0.5.md deleted file mode 100644 index 56907442d251..000000000000 --- a/shared/xml/change-notes/released/1.0.5.md +++ /dev/null @@ -1,3 +0,0 @@ -## 1.0.5 - -No user-facing changes. diff --git a/shared/xml/codeql-pack.release.yml b/shared/xml/codeql-pack.release.yml index 42da17b38415..03f7ea71b58e 100644 --- a/shared/xml/codeql-pack.release.yml +++ b/shared/xml/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.5 +lastReleaseVersion: 1.0.4 diff --git a/shared/xml/qlpack.yml b/shared/xml/qlpack.yml index 1a7f307050be..edaeefea948c 100644 --- a/shared/xml/qlpack.yml +++ b/shared/xml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/xml -version: 1.0.5 +version: 1.0.5-dev groups: shared library: true dependencies: diff --git a/shared/yaml/CHANGELOG.md b/shared/yaml/CHANGELOG.md index 064f83a6efd6..cd2c2e92ddfd 100644 --- a/shared/yaml/CHANGELOG.md +++ b/shared/yaml/CHANGELOG.md @@ -1,7 +1,3 @@ -## 1.0.5 - -No user-facing changes. - ## 1.0.4 No user-facing changes. diff --git a/shared/yaml/change-notes/released/1.0.5.md b/shared/yaml/change-notes/released/1.0.5.md deleted file mode 100644 index 56907442d251..000000000000 --- a/shared/yaml/change-notes/released/1.0.5.md +++ /dev/null @@ -1,3 +0,0 @@ -## 1.0.5 - -No user-facing changes. diff --git a/shared/yaml/codeql-pack.release.yml b/shared/yaml/codeql-pack.release.yml index 42da17b38415..03f7ea71b58e 100644 --- a/shared/yaml/codeql-pack.release.yml +++ b/shared/yaml/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.5 +lastReleaseVersion: 1.0.4 diff --git a/shared/yaml/qlpack.yml b/shared/yaml/qlpack.yml index 790d2dc1caed..da7d8b2956ae 100644 --- a/shared/yaml/qlpack.yml +++ b/shared/yaml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/yaml -version: 1.0.5 +version: 1.0.5-dev groups: shared library: true warnOnImplicitThis: true diff --git a/swift/ql/lib/CHANGELOG.md b/swift/ql/lib/CHANGELOG.md index b8e0122e0a0e..21e8b74bb023 100644 --- a/swift/ql/lib/CHANGELOG.md +++ b/swift/ql/lib/CHANGELOG.md @@ -1,10 +1,3 @@ -## 1.1.1 - -### Minor Analysis Improvements - -* The model for `FileManager` no longer considers methods that return paths on the file system as taint sources. This is because these sources have been found to produce results of low value. -* An error in the model for `URL.withUnsafeFileSystemRepresentation(_:)` has been corrected. This may result in new data flow paths being found during analysis. - ## 1.1.0 ### New Features diff --git a/swift/ql/lib/change-notes/2024-07-24-url-model.md b/swift/ql/lib/change-notes/2024-07-24-url-model.md new file mode 100644 index 000000000000..ab831ab4593c --- /dev/null +++ b/swift/ql/lib/change-notes/2024-07-24-url-model.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* An error in the model for `URL.withUnsafeFileSystemRepresentation(_:)` has been corrected. This may result in new data flow paths being found during analysis. diff --git a/swift/ql/lib/change-notes/2024-08-01-filemanager-model.md b/swift/ql/lib/change-notes/2024-08-01-filemanager-model.md new file mode 100644 index 000000000000..e4630d38f2c1 --- /dev/null +++ b/swift/ql/lib/change-notes/2024-08-01-filemanager-model.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* The model for `FileManager` no longer considers methods that return paths on the file system as taint sources. This is because these sources have been found to produce results of low value. diff --git a/swift/ql/lib/change-notes/released/1.1.1.md b/swift/ql/lib/change-notes/released/1.1.1.md deleted file mode 100644 index 50bd8dff3ce0..000000000000 --- a/swift/ql/lib/change-notes/released/1.1.1.md +++ /dev/null @@ -1,6 +0,0 @@ -## 1.1.1 - -### Minor Analysis Improvements - -* The model for `FileManager` no longer considers methods that return paths on the file system as taint sources. This is because these sources have been found to produce results of low value. -* An error in the model for `URL.withUnsafeFileSystemRepresentation(_:)` has been corrected. This may result in new data flow paths being found during analysis. diff --git a/swift/ql/lib/codeql-pack.release.yml b/swift/ql/lib/codeql-pack.release.yml index 1a19084be3f7..2ac15439f561 100644 --- a/swift/ql/lib/codeql-pack.release.yml +++ b/swift/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.1.1 +lastReleaseVersion: 1.1.0 diff --git a/swift/ql/lib/qlpack.yml b/swift/ql/lib/qlpack.yml index 2878c24bc555..2b14c18b1283 100644 --- a/swift/ql/lib/qlpack.yml +++ b/swift/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-all -version: 1.1.1 +version: 1.1.1-dev groups: swift extractor: swift dbscheme: swift.dbscheme diff --git a/swift/ql/src/CHANGELOG.md b/swift/ql/src/CHANGELOG.md index e33d96f63f5a..ca26ff94f225 100644 --- a/swift/ql/src/CHANGELOG.md +++ b/swift/ql/src/CHANGELOG.md @@ -1,10 +1,3 @@ -## 1.0.5 - -### Minor Analysis Improvements - -* The `swift/constant-salt` ("Use of constant salts") query now considers string concatenation and interpolation as a barrier. As a result, there will be fewer false positive results from this query involving constructed strings. -* The `swift/constant-salt` ("Use of constant salts") query message now contains a link to the source node. - ## 1.0.4 No user-facing changes. diff --git a/swift/ql/src/change-notes/released/1.0.5.md b/swift/ql/src/change-notes/2024-08-01-constant-salt.md similarity index 88% rename from swift/ql/src/change-notes/released/1.0.5.md rename to swift/ql/src/change-notes/2024-08-01-constant-salt.md index f2169e0059f5..5ead3f3c9844 100644 --- a/swift/ql/src/change-notes/released/1.0.5.md +++ b/swift/ql/src/change-notes/2024-08-01-constant-salt.md @@ -1,6 +1,5 @@ -## 1.0.5 - -### Minor Analysis Improvements - +--- +category: minorAnalysis +--- * The `swift/constant-salt` ("Use of constant salts") query now considers string concatenation and interpolation as a barrier. As a result, there will be fewer false positive results from this query involving constructed strings. * The `swift/constant-salt` ("Use of constant salts") query message now contains a link to the source node. diff --git a/swift/ql/src/codeql-pack.release.yml b/swift/ql/src/codeql-pack.release.yml index 42da17b38415..03f7ea71b58e 100644 --- a/swift/ql/src/codeql-pack.release.yml +++ b/swift/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.5 +lastReleaseVersion: 1.0.4 diff --git a/swift/ql/src/qlpack.yml b/swift/ql/src/qlpack.yml index c88cab945eb3..a6a4598cc743 100644 --- a/swift/ql/src/qlpack.yml +++ b/swift/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-queries -version: 1.0.5 +version: 1.0.5-dev groups: - swift - queries From 019da8c287e7f4e107c28f145eced7097f8b95a6 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Wed, 7 Aug 2024 14:02:38 +0000 Subject: [PATCH 07/12] Release preparation for version 2.18.2 --- cpp/ql/lib/CHANGELOG.md | 15 +++++++++++++ .../2024-07-23-destroying-delete.md | 4 ---- .../2024-07-23-using-enum-declaration.md | 4 ---- .../2024-07-25-alias-analysis-perf.md | 4 ---- .../change-notes/2024-07-31-constexpr-if.md | 4 ---- .../2024-08-01-deduction-guide.md | 4 ---- .../change-notes/2024-08-01-explicit-bool.md | 5 ----- cpp/ql/lib/change-notes/released/1.4.0.md | 14 +++++++++++++ cpp/ql/lib/codeql-pack.release.yml | 2 +- cpp/ql/lib/qlpack.yml | 2 +- cpp/ql/src/CHANGELOG.md | 13 ++++++++++++ ...fference-expression-compared-zero-query.md | 4 ---- ...-22-incorrect-allocation-error-handling.md | 4 ---- .../2024-07-22-suspicious-allocation-size.md | 4 ---- .../2024-07-23-incorrectly-checked-scanf.md | 4 ---- .../2024-07-31-memory-may-not-be-freed.md | 4 ---- cpp/ql/src/change-notes/released/1.2.0.md | 12 +++++++++++ cpp/ql/src/codeql-pack.release.yml | 2 +- cpp/ql/src/qlpack.yml | 2 +- .../ql/campaigns/Solorigate/lib/CHANGELOG.md | 4 ++++ .../lib/change-notes/released/1.7.22.md | 3 +++ .../Solorigate/lib/codeql-pack.release.yml | 2 +- csharp/ql/campaigns/Solorigate/lib/qlpack.yml | 2 +- .../ql/campaigns/Solorigate/src/CHANGELOG.md | 4 ++++ .../src/change-notes/released/1.7.22.md | 3 +++ .../Solorigate/src/codeql-pack.release.yml | 2 +- csharp/ql/campaigns/Solorigate/src/qlpack.yml | 2 +- csharp/ql/lib/CHANGELOG.md | 4 ++++ csharp/ql/lib/change-notes/released/1.0.5.md | 3 +++ csharp/ql/lib/codeql-pack.release.yml | 2 +- csharp/ql/lib/qlpack.yml | 2 +- csharp/ql/src/CHANGELOG.md | 4 ++++ csharp/ql/src/change-notes/released/1.0.5.md | 3 +++ csharp/ql/src/codeql-pack.release.yml | 2 +- csharp/ql/src/qlpack.yml | 2 +- go/ql/consistency-queries/CHANGELOG.md | 4 ++++ .../change-notes/released/1.0.5.md | 3 +++ .../codeql-pack.release.yml | 2 +- go/ql/consistency-queries/qlpack.yml | 2 +- go/ql/lib/CHANGELOG.md | 4 ++++ go/ql/lib/change-notes/released/1.1.4.md | 3 +++ go/ql/lib/codeql-pack.release.yml | 2 +- go/ql/lib/qlpack.yml | 2 +- go/ql/src/CHANGELOG.md | 4 ++++ go/ql/src/change-notes/released/1.0.5.md | 3 +++ go/ql/src/codeql-pack.release.yml | 2 +- go/ql/src/qlpack.yml | 2 +- java/ql/automodel/src/CHANGELOG.md | 4 ++++ .../src/change-notes/released/1.0.5.md | 3 +++ java/ql/automodel/src/codeql-pack.release.yml | 2 +- java/ql/automodel/src/qlpack.yml | 2 +- java/ql/lib/CHANGELOG.md | 20 ++++++++++++++++++ ...add-models-for-the-lastaflute-framework.md | 4 ---- .../2024-07-19-apache-ant-property-sinks.md | 4 ---- .../2024-07-24-url-fields-inherit-taint.md | 4 ---- .../lib/change-notes/2024-07-25-env-vars.md | 4 ---- .../change-notes/2024-08-02-buildless-ga.md | 4 ---- .../3.0.0.md} | 21 ++++++++++++++++--- java/ql/lib/codeql-pack.release.yml | 2 +- java/ql/lib/qlpack.yml | 2 +- java/ql/src/CHANGELOG.md | 11 +++++++++- ...2024-07-23-java-sensitivelogging-source.md | 4 ---- .../2024-07-25-java-error-message-exposure.md | 4 ---- ...07-30-sensitive-log-whitelist-tokenizer.md | 4 ---- java/ql/src/change-notes/2024-07-30-unused.md | 4 ---- java/ql/src/change-notes/released/1.1.2.md | 8 +++++++ java/ql/src/codeql-pack.release.yml | 2 +- java/ql/src/qlpack.yml | 2 +- javascript/ql/lib/CHANGELOG.md | 4 ++++ .../ql/lib/change-notes/released/1.1.2.md | 3 +++ javascript/ql/lib/codeql-pack.release.yml | 2 +- javascript/ql/lib/qlpack.yml | 2 +- javascript/ql/src/CHANGELOG.md | 4 ++++ .../ql/src/change-notes/released/1.1.1.md | 3 +++ javascript/ql/src/codeql-pack.release.yml | 2 +- javascript/ql/src/qlpack.yml | 2 +- misc/suite-helpers/CHANGELOG.md | 4 ++++ .../change-notes/released/1.0.5.md | 3 +++ misc/suite-helpers/codeql-pack.release.yml | 2 +- misc/suite-helpers/qlpack.yml | 2 +- python/ql/lib/CHANGELOG.md | 6 ++++++ .../1.0.5.md} | 7 ++++--- python/ql/lib/codeql-pack.release.yml | 2 +- python/ql/lib/qlpack.yml | 2 +- python/ql/src/CHANGELOG.md | 10 +++++++++ .../2024-07-26-streamlit-models.md | 4 ---- .../1.1.0.md} | 13 ++++++++---- python/ql/src/codeql-pack.release.yml | 2 +- python/ql/src/qlpack.yml | 2 +- ruby/ql/lib/CHANGELOG.md | 4 ++++ ruby/ql/lib/change-notes/released/1.0.5.md | 3 +++ ruby/ql/lib/codeql-pack.release.yml | 2 +- ruby/ql/lib/qlpack.yml | 2 +- ruby/ql/src/CHANGELOG.md | 6 ++++++ .../1.1.0.md} | 7 ++++--- ruby/ql/src/codeql-pack.release.yml | 2 +- ruby/ql/src/qlpack.yml | 2 +- shared/controlflow/CHANGELOG.md | 4 ++++ .../change-notes/released/1.0.5.md | 3 +++ shared/controlflow/codeql-pack.release.yml | 2 +- shared/controlflow/qlpack.yml | 2 +- shared/dataflow/CHANGELOG.md | 4 ++++ .../dataflow/change-notes/released/1.0.5.md | 3 +++ shared/dataflow/codeql-pack.release.yml | 2 +- shared/dataflow/qlpack.yml | 2 +- shared/mad/CHANGELOG.md | 4 ++++ shared/mad/change-notes/released/1.0.5.md | 3 +++ shared/mad/codeql-pack.release.yml | 2 +- shared/mad/qlpack.yml | 2 +- shared/rangeanalysis/CHANGELOG.md | 4 ++++ .../change-notes/released/1.0.5.md | 3 +++ shared/rangeanalysis/codeql-pack.release.yml | 2 +- shared/rangeanalysis/qlpack.yml | 2 +- shared/regex/CHANGELOG.md | 4 ++++ shared/regex/change-notes/released/1.0.5.md | 3 +++ shared/regex/codeql-pack.release.yml | 2 +- shared/regex/qlpack.yml | 2 +- shared/ssa/CHANGELOG.md | 4 ++++ shared/ssa/change-notes/released/1.0.5.md | 3 +++ shared/ssa/codeql-pack.release.yml | 2 +- shared/ssa/qlpack.yml | 2 +- shared/threat-models/CHANGELOG.md | 4 ++++ .../change-notes/released/1.0.5.md | 3 +++ shared/threat-models/codeql-pack.release.yml | 2 +- shared/threat-models/qlpack.yml | 2 +- shared/tutorial/CHANGELOG.md | 4 ++++ .../tutorial/change-notes/released/1.0.5.md | 3 +++ shared/tutorial/codeql-pack.release.yml | 2 +- shared/tutorial/qlpack.yml | 2 +- shared/typeflow/CHANGELOG.md | 4 ++++ .../typeflow/change-notes/released/1.0.5.md | 3 +++ shared/typeflow/codeql-pack.release.yml | 2 +- shared/typeflow/qlpack.yml | 2 +- shared/typetracking/CHANGELOG.md | 4 ++++ .../change-notes/released/1.0.5.md | 3 +++ shared/typetracking/codeql-pack.release.yml | 2 +- shared/typetracking/qlpack.yml | 2 +- shared/typos/CHANGELOG.md | 4 ++++ shared/typos/change-notes/released/1.0.5.md | 3 +++ shared/typos/codeql-pack.release.yml | 2 +- shared/typos/qlpack.yml | 2 +- shared/util/CHANGELOG.md | 4 ++++ shared/util/change-notes/released/1.0.5.md | 3 +++ shared/util/codeql-pack.release.yml | 2 +- shared/util/qlpack.yml | 2 +- shared/xml/CHANGELOG.md | 4 ++++ shared/xml/change-notes/released/1.0.5.md | 3 +++ shared/xml/codeql-pack.release.yml | 2 +- shared/xml/qlpack.yml | 2 +- shared/yaml/CHANGELOG.md | 4 ++++ shared/yaml/change-notes/released/1.0.5.md | 3 +++ shared/yaml/codeql-pack.release.yml | 2 +- shared/yaml/qlpack.yml | 2 +- swift/ql/lib/CHANGELOG.md | 7 +++++++ .../lib/change-notes/2024-07-24-url-model.md | 4 ---- .../2024-08-01-filemanager-model.md | 4 ---- swift/ql/lib/change-notes/released/1.1.1.md | 6 ++++++ swift/ql/lib/codeql-pack.release.yml | 2 +- swift/ql/lib/qlpack.yml | 2 +- swift/ql/src/CHANGELOG.md | 7 +++++++ .../1.0.5.md} | 7 ++++--- swift/ql/src/codeql-pack.release.yml | 2 +- swift/ql/src/qlpack.yml | 2 +- 163 files changed, 425 insertions(+), 180 deletions(-) delete mode 100644 cpp/ql/lib/change-notes/2024-07-23-destroying-delete.md delete mode 100644 cpp/ql/lib/change-notes/2024-07-23-using-enum-declaration.md delete mode 100644 cpp/ql/lib/change-notes/2024-07-25-alias-analysis-perf.md delete mode 100644 cpp/ql/lib/change-notes/2024-07-31-constexpr-if.md delete mode 100644 cpp/ql/lib/change-notes/2024-08-01-deduction-guide.md delete mode 100644 cpp/ql/lib/change-notes/2024-08-01-explicit-bool.md create mode 100644 cpp/ql/lib/change-notes/released/1.4.0.md delete mode 100644 cpp/ql/src/change-notes/2024-07-11-unsigned-difference-expression-compared-zero-query.md delete mode 100644 cpp/ql/src/change-notes/2024-07-22-incorrect-allocation-error-handling.md delete mode 100644 cpp/ql/src/change-notes/2024-07-22-suspicious-allocation-size.md delete mode 100644 cpp/ql/src/change-notes/2024-07-23-incorrectly-checked-scanf.md delete mode 100644 cpp/ql/src/change-notes/2024-07-31-memory-may-not-be-freed.md create mode 100644 cpp/ql/src/change-notes/released/1.2.0.md create mode 100644 csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.22.md create mode 100644 csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.22.md create mode 100644 csharp/ql/lib/change-notes/released/1.0.5.md create mode 100644 csharp/ql/src/change-notes/released/1.0.5.md create mode 100644 go/ql/consistency-queries/change-notes/released/1.0.5.md create mode 100644 go/ql/lib/change-notes/released/1.1.4.md create mode 100644 go/ql/src/change-notes/released/1.0.5.md create mode 100644 java/ql/automodel/src/change-notes/released/1.0.5.md delete mode 100644 java/ql/lib/change-notes/2024-07-16-add-models-for-the-lastaflute-framework.md delete mode 100644 java/ql/lib/change-notes/2024-07-19-apache-ant-property-sinks.md delete mode 100644 java/ql/lib/change-notes/2024-07-24-url-fields-inherit-taint.md delete mode 100644 java/ql/lib/change-notes/2024-07-25-env-vars.md delete mode 100644 java/ql/lib/change-notes/2024-08-02-buildless-ga.md rename java/ql/lib/change-notes/{2024-06-14-reverse-dns-separate-threat-model-kind.md => released/3.0.0.md} (60%) delete mode 100644 java/ql/src/change-notes/2024-07-23-java-sensitivelogging-source.md delete mode 100644 java/ql/src/change-notes/2024-07-25-java-error-message-exposure.md delete mode 100644 java/ql/src/change-notes/2024-07-30-sensitive-log-whitelist-tokenizer.md delete mode 100644 java/ql/src/change-notes/2024-07-30-unused.md create mode 100644 java/ql/src/change-notes/released/1.1.2.md create mode 100644 javascript/ql/lib/change-notes/released/1.1.2.md create mode 100644 javascript/ql/src/change-notes/released/1.1.1.md create mode 100644 misc/suite-helpers/change-notes/released/1.0.5.md rename python/ql/lib/change-notes/{2024-07-12-mad-dict-sources.md => released/1.0.5.md} (83%) delete mode 100644 python/ql/src/change-notes/2024-07-26-streamlit-models.md rename python/ql/src/change-notes/{2024-07-19-cookie-injection.md => released/1.1.0.md} (59%) create mode 100644 ruby/ql/lib/change-notes/released/1.0.5.md rename ruby/ql/src/change-notes/{2024-06-18-weak-sensitive-data-hashing-query.md => released/1.1.0.md} (84%) create mode 100644 shared/controlflow/change-notes/released/1.0.5.md create mode 100644 shared/dataflow/change-notes/released/1.0.5.md create mode 100644 shared/mad/change-notes/released/1.0.5.md create mode 100644 shared/rangeanalysis/change-notes/released/1.0.5.md create mode 100644 shared/regex/change-notes/released/1.0.5.md create mode 100644 shared/ssa/change-notes/released/1.0.5.md create mode 100644 shared/threat-models/change-notes/released/1.0.5.md create mode 100644 shared/tutorial/change-notes/released/1.0.5.md create mode 100644 shared/typeflow/change-notes/released/1.0.5.md create mode 100644 shared/typetracking/change-notes/released/1.0.5.md create mode 100644 shared/typos/change-notes/released/1.0.5.md create mode 100644 shared/util/change-notes/released/1.0.5.md create mode 100644 shared/xml/change-notes/released/1.0.5.md create mode 100644 shared/yaml/change-notes/released/1.0.5.md delete mode 100644 swift/ql/lib/change-notes/2024-07-24-url-model.md delete mode 100644 swift/ql/lib/change-notes/2024-08-01-filemanager-model.md create mode 100644 swift/ql/lib/change-notes/released/1.1.1.md rename swift/ql/src/change-notes/{2024-08-01-constant-salt.md => released/1.0.5.md} (88%) diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md index 9f01040830c1..646199bb39c8 100644 --- a/cpp/ql/lib/CHANGELOG.md +++ b/cpp/ql/lib/CHANGELOG.md @@ -1,3 +1,18 @@ +## 1.4.0 + +### New Features + +* A `getTemplateClass` predicate was added to the `DeductionGuide` class to get the class template for which the deduction guide is a guide. +* An `isExplicit` predicate was added to the `Function` class that determines whether the function was declared as explicit. +* A `getExplicitExpr` predicate was added to the `Function` class that yields the constant boolean expression (if any) that conditionally determines whether the function is explicit. +* A `isDestroyingDeleteDeallocation` predicate was added to the `NewOrNewArrayExpr` and `DeleteOrDeleteArrayExpr` classes to indicate whether the deallocation function is a destroying delete. + +### Minor Analysis Improvements + +* The controlling expression of a `constexpr if` is now always recognized as an unevaluated expression. +* Improved performance of alias analysis of large function bodies. In rare cases, alerts that depend on alias analysis of large function bodies may be affected. +* A `UsingEnumDeclarationEntry` class has been added for C++ `using enum` declarations. As part of this, synthesized `UsingDeclarationEntry`s are no longer emitted for individual enumerators of the referenced enumeration. + ## 1.3.0 ### New Features diff --git a/cpp/ql/lib/change-notes/2024-07-23-destroying-delete.md b/cpp/ql/lib/change-notes/2024-07-23-destroying-delete.md deleted file mode 100644 index eb2a69f5bac6..000000000000 --- a/cpp/ql/lib/change-notes/2024-07-23-destroying-delete.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* A `isDestroyingDeleteDeallocation` predicate was added to the `NewOrNewArrayExpr` and `DeleteOrDeleteArrayExpr` classes to indicate whether the deallocation function is a destroying delete. diff --git a/cpp/ql/lib/change-notes/2024-07-23-using-enum-declaration.md b/cpp/ql/lib/change-notes/2024-07-23-using-enum-declaration.md deleted file mode 100644 index cf85b3cef4e8..000000000000 --- a/cpp/ql/lib/change-notes/2024-07-23-using-enum-declaration.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* A `UsingEnumDeclarationEntry` class has been added for C++ `using enum` declarations. As part of this, synthesized `UsingDeclarationEntry`s are no longer emitted for individual enumerators of the referenced enumeration. diff --git a/cpp/ql/lib/change-notes/2024-07-25-alias-analysis-perf.md b/cpp/ql/lib/change-notes/2024-07-25-alias-analysis-perf.md deleted file mode 100644 index 585e824e6f19..000000000000 --- a/cpp/ql/lib/change-notes/2024-07-25-alias-analysis-perf.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Improved performance of alias analysis of large function bodies. In rare cases, alerts that depend on alias analysis of large function bodies may be affected. diff --git a/cpp/ql/lib/change-notes/2024-07-31-constexpr-if.md b/cpp/ql/lib/change-notes/2024-07-31-constexpr-if.md deleted file mode 100644 index 09e27337bd11..000000000000 --- a/cpp/ql/lib/change-notes/2024-07-31-constexpr-if.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The controlling expression of a `constexpr if` is now always recognized as an unevaluated expression. \ No newline at end of file diff --git a/cpp/ql/lib/change-notes/2024-08-01-deduction-guide.md b/cpp/ql/lib/change-notes/2024-08-01-deduction-guide.md deleted file mode 100644 index b2d18d5994f5..000000000000 --- a/cpp/ql/lib/change-notes/2024-08-01-deduction-guide.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* A `getTemplateClass` predicate was added to the `DeductionGuide` class to get the class template for which the deduction guide is a guide. diff --git a/cpp/ql/lib/change-notes/2024-08-01-explicit-bool.md b/cpp/ql/lib/change-notes/2024-08-01-explicit-bool.md deleted file mode 100644 index f6ff9d19e8b3..000000000000 --- a/cpp/ql/lib/change-notes/2024-08-01-explicit-bool.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: feature ---- -* An `isExplicit` predicate was added to the `Function` class that determines whether the function was declared as explicit. -* A `getExplicitExpr` predicate was added to the `Function` class that yields the constant boolean expression (if any) that conditionally determines whether the function is explicit. diff --git a/cpp/ql/lib/change-notes/released/1.4.0.md b/cpp/ql/lib/change-notes/released/1.4.0.md new file mode 100644 index 000000000000..a8466b0ef11c --- /dev/null +++ b/cpp/ql/lib/change-notes/released/1.4.0.md @@ -0,0 +1,14 @@ +## 1.4.0 + +### New Features + +* A `getTemplateClass` predicate was added to the `DeductionGuide` class to get the class template for which the deduction guide is a guide. +* An `isExplicit` predicate was added to the `Function` class that determines whether the function was declared as explicit. +* A `getExplicitExpr` predicate was added to the `Function` class that yields the constant boolean expression (if any) that conditionally determines whether the function is explicit. +* A `isDestroyingDeleteDeallocation` predicate was added to the `NewOrNewArrayExpr` and `DeleteOrDeleteArrayExpr` classes to indicate whether the deallocation function is a destroying delete. + +### Minor Analysis Improvements + +* The controlling expression of a `constexpr if` is now always recognized as an unevaluated expression. +* Improved performance of alias analysis of large function bodies. In rare cases, alerts that depend on alias analysis of large function bodies may be affected. +* A `UsingEnumDeclarationEntry` class has been added for C++ `using enum` declarations. As part of this, synthesized `UsingDeclarationEntry`s are no longer emitted for individual enumerators of the referenced enumeration. diff --git a/cpp/ql/lib/codeql-pack.release.yml b/cpp/ql/lib/codeql-pack.release.yml index ec16350ed6fd..b8b2e97d5086 100644 --- a/cpp/ql/lib/codeql-pack.release.yml +++ b/cpp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.3.0 +lastReleaseVersion: 1.4.0 diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index 5ef613e94c00..002da21daec9 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 1.3.1-dev +version: 1.4.0 groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md index 9f10be7db909..25e322a99b75 100644 --- a/cpp/ql/src/CHANGELOG.md +++ b/cpp/ql/src/CHANGELOG.md @@ -1,3 +1,16 @@ +## 1.2.0 + +### Query Metadata Changes + +* The precision of `cpp/unsigned-difference-expression-compared-zero` ("Unsigned difference expression compared to zero") has been increased to `high`. As a result, it will be run by default as part of the Code Scanning suite. + +### Minor Analysis Improvements + +* Fixed false positives in the `cpp/memory-may-not-be-freed` ("Memory may not be freed") query involving class methods that returned an allocated field of that class being misidentified as allocators. +* The `cpp/incorrectly-checked-scanf` ("Incorrect return-value check for a 'scanf'-like function") query now produces fewer false positive results. +* The `cpp/incorrect-allocation-error-handling` ("Incorrect allocation-error handling") query no longer produces occasional false positive results inside template instantiations. +* The `cpp/suspicious-allocation-size` ("Not enough memory allocated for array of pointer type") query no longer produces false positives on "variable size" `struct`s. + ## 1.1.0 ### Query Metadata Changes diff --git a/cpp/ql/src/change-notes/2024-07-11-unsigned-difference-expression-compared-zero-query.md b/cpp/ql/src/change-notes/2024-07-11-unsigned-difference-expression-compared-zero-query.md deleted file mode 100644 index 7a1469464c27..000000000000 --- a/cpp/ql/src/change-notes/2024-07-11-unsigned-difference-expression-compared-zero-query.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: queryMetadata ---- -* The precision of `cpp/unsigned-difference-expression-compared-zero` ("Unsigned difference expression compared to zero") has been increased to `high`. As a result, it will be run by default as part of the Code Scanning suite. diff --git a/cpp/ql/src/change-notes/2024-07-22-incorrect-allocation-error-handling.md b/cpp/ql/src/change-notes/2024-07-22-incorrect-allocation-error-handling.md deleted file mode 100644 index 5e95cd05678e..000000000000 --- a/cpp/ql/src/change-notes/2024-07-22-incorrect-allocation-error-handling.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The `cpp/incorrect-allocation-error-handling` ("Incorrect allocation-error handling") query no longer produces occasional false positive results inside template instantiations. diff --git a/cpp/ql/src/change-notes/2024-07-22-suspicious-allocation-size.md b/cpp/ql/src/change-notes/2024-07-22-suspicious-allocation-size.md deleted file mode 100644 index 8b55e61e85a7..000000000000 --- a/cpp/ql/src/change-notes/2024-07-22-suspicious-allocation-size.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The `cpp/suspicious-allocation-size` ("Not enough memory allocated for array of pointer type") query no longer produces false positives on "variable size" `struct`s. diff --git a/cpp/ql/src/change-notes/2024-07-23-incorrectly-checked-scanf.md b/cpp/ql/src/change-notes/2024-07-23-incorrectly-checked-scanf.md deleted file mode 100644 index 9149c7611f5b..000000000000 --- a/cpp/ql/src/change-notes/2024-07-23-incorrectly-checked-scanf.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The `cpp/incorrectly-checked-scanf` ("Incorrect return-value check for a 'scanf'-like function") query now produces fewer false positive results. diff --git a/cpp/ql/src/change-notes/2024-07-31-memory-may-not-be-freed.md b/cpp/ql/src/change-notes/2024-07-31-memory-may-not-be-freed.md deleted file mode 100644 index a0ce19ccf694..000000000000 --- a/cpp/ql/src/change-notes/2024-07-31-memory-may-not-be-freed.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Fixed false positives in the `cpp/memory-may-not-be-freed` ("Memory may not be freed") query involving class methods that returned an allocated field of that class being misidentified as allocators. diff --git a/cpp/ql/src/change-notes/released/1.2.0.md b/cpp/ql/src/change-notes/released/1.2.0.md new file mode 100644 index 000000000000..f23e2b92eec6 --- /dev/null +++ b/cpp/ql/src/change-notes/released/1.2.0.md @@ -0,0 +1,12 @@ +## 1.2.0 + +### Query Metadata Changes + +* The precision of `cpp/unsigned-difference-expression-compared-zero` ("Unsigned difference expression compared to zero") has been increased to `high`. As a result, it will be run by default as part of the Code Scanning suite. + +### Minor Analysis Improvements + +* Fixed false positives in the `cpp/memory-may-not-be-freed` ("Memory may not be freed") query involving class methods that returned an allocated field of that class being misidentified as allocators. +* The `cpp/incorrectly-checked-scanf` ("Incorrect return-value check for a 'scanf'-like function") query now produces fewer false positive results. +* The `cpp/incorrect-allocation-error-handling` ("Incorrect allocation-error handling") query no longer produces occasional false positive results inside template instantiations. +* The `cpp/suspicious-allocation-size` ("Not enough memory allocated for array of pointer type") query no longer produces false positives on "variable size" `struct`s. diff --git a/cpp/ql/src/codeql-pack.release.yml b/cpp/ql/src/codeql-pack.release.yml index 2ac15439f561..75430e73d1c4 100644 --- a/cpp/ql/src/codeql-pack.release.yml +++ b/cpp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.1.0 +lastReleaseVersion: 1.2.0 diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index 97b40ad7de2d..a26e3b68c6de 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 1.1.1-dev +version: 1.2.0 groups: - cpp - queries diff --git a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md index 503822fbd684..eb7af5234e3c 100644 --- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.22 + +No user-facing changes. + ## 1.7.21 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.22.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.22.md new file mode 100644 index 000000000000..7d6f39f3ce21 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.22.md @@ -0,0 +1,3 @@ +## 1.7.22 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml index 87eff681b88a..6a79a0ec163e 100644 --- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.21 +lastReleaseVersion: 1.7.22 diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index f8c5a6f14a29..a13c44628162 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.7.22-dev +version: 1.7.22 groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md index 503822fbd684..eb7af5234e3c 100644 --- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.22 + +No user-facing changes. + ## 1.7.21 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.22.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.22.md new file mode 100644 index 000000000000..7d6f39f3ce21 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.22.md @@ -0,0 +1,3 @@ +## 1.7.22 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml index 87eff681b88a..6a79a0ec163e 100644 --- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.21 +lastReleaseVersion: 1.7.22 diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index f8e6ff0dc93a..d6062ac903d3 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.7.22-dev +version: 1.7.22 groups: - csharp - solorigate diff --git a/csharp/ql/lib/CHANGELOG.md b/csharp/ql/lib/CHANGELOG.md index e8db03319514..50a19e99d36a 100644 --- a/csharp/ql/lib/CHANGELOG.md +++ b/csharp/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/csharp/ql/lib/change-notes/released/1.0.5.md b/csharp/ql/lib/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/csharp/ql/lib/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/csharp/ql/lib/codeql-pack.release.yml b/csharp/ql/lib/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/csharp/ql/lib/codeql-pack.release.yml +++ b/csharp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index 7c679023e56f..6df287fb5e1c 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 1.0.5-dev +version: 1.0.5 groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/CHANGELOG.md b/csharp/ql/src/CHANGELOG.md index 0b2583745f1e..bd25f8118dd5 100644 --- a/csharp/ql/src/CHANGELOG.md +++ b/csharp/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/csharp/ql/src/change-notes/released/1.0.5.md b/csharp/ql/src/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/csharp/ql/src/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/csharp/ql/src/codeql-pack.release.yml b/csharp/ql/src/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/csharp/ql/src/codeql-pack.release.yml +++ b/csharp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index d1efd4cbf183..1f6b695454dc 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 1.0.5-dev +version: 1.0.5 groups: - csharp - queries diff --git a/go/ql/consistency-queries/CHANGELOG.md b/go/ql/consistency-queries/CHANGELOG.md index bdc66d513224..2e7162889c38 100644 --- a/go/ql/consistency-queries/CHANGELOG.md +++ b/go/ql/consistency-queries/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/go/ql/consistency-queries/change-notes/released/1.0.5.md b/go/ql/consistency-queries/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/go/ql/consistency-queries/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/go/ql/consistency-queries/codeql-pack.release.yml b/go/ql/consistency-queries/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/go/ql/consistency-queries/codeql-pack.release.yml +++ b/go/ql/consistency-queries/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/go/ql/consistency-queries/qlpack.yml b/go/ql/consistency-queries/qlpack.yml index 84c6cd451e2e..62d6836c3c35 100644 --- a/go/ql/consistency-queries/qlpack.yml +++ b/go/ql/consistency-queries/qlpack.yml @@ -1,5 +1,5 @@ name: codeql-go-consistency-queries -version: 1.0.5-dev +version: 1.0.5 groups: - go - queries diff --git a/go/ql/lib/CHANGELOG.md b/go/ql/lib/CHANGELOG.md index ed4e9b3750f8..41cfec4595ef 100644 --- a/go/ql/lib/CHANGELOG.md +++ b/go/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.1.4 + +No user-facing changes. + ## 1.1.3 ### Minor Analysis Improvements diff --git a/go/ql/lib/change-notes/released/1.1.4.md b/go/ql/lib/change-notes/released/1.1.4.md new file mode 100644 index 000000000000..b95051903c5a --- /dev/null +++ b/go/ql/lib/change-notes/released/1.1.4.md @@ -0,0 +1,3 @@ +## 1.1.4 + +No user-facing changes. diff --git a/go/ql/lib/codeql-pack.release.yml b/go/ql/lib/codeql-pack.release.yml index 35e710ab1bf0..26cbcd3f123b 100644 --- a/go/ql/lib/codeql-pack.release.yml +++ b/go/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.1.3 +lastReleaseVersion: 1.1.4 diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index 0393983bbc1e..574d34df3c58 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 1.1.4-dev +version: 1.1.4 groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/src/CHANGELOG.md b/go/ql/src/CHANGELOG.md index 7248057e4089..36470f89ebab 100644 --- a/go/ql/src/CHANGELOG.md +++ b/go/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/go/ql/src/change-notes/released/1.0.5.md b/go/ql/src/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/go/ql/src/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/go/ql/src/codeql-pack.release.yml b/go/ql/src/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/go/ql/src/codeql-pack.release.yml +++ b/go/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index 36f79d28b5b4..2d492bd3eaa7 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 1.0.5-dev +version: 1.0.5 groups: - go - queries diff --git a/java/ql/automodel/src/CHANGELOG.md b/java/ql/automodel/src/CHANGELOG.md index 7ef174ca56a5..7dc759d1ac6f 100644 --- a/java/ql/automodel/src/CHANGELOG.md +++ b/java/ql/automodel/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/java/ql/automodel/src/change-notes/released/1.0.5.md b/java/ql/automodel/src/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/java/ql/automodel/src/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/java/ql/automodel/src/codeql-pack.release.yml b/java/ql/automodel/src/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/java/ql/automodel/src/codeql-pack.release.yml +++ b/java/ql/automodel/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/java/ql/automodel/src/qlpack.yml b/java/ql/automodel/src/qlpack.yml index 59878324d3d2..77cfa34c6dbe 100644 --- a/java/ql/automodel/src/qlpack.yml +++ b/java/ql/automodel/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-automodel-queries -version: 1.0.5-dev +version: 1.0.5 groups: - java - automodel diff --git a/java/ql/lib/CHANGELOG.md b/java/ql/lib/CHANGELOG.md index 07b324f259c5..2dd89daf33f6 100644 --- a/java/ql/lib/CHANGELOG.md +++ b/java/ql/lib/CHANGELOG.md @@ -1,3 +1,23 @@ +## 3.0.0 + +### Breaking Changes + +* The Java and Kotlin extractors no longer support the `SOURCE_ARCHIVE` and `TRAP_FOLDER` legacy environment variable. + +### New Features + +* Java support for `build-mode: none` is now out of beta, and generally available. + +### Major Analysis Improvements + +* We previously considered reverse DNS resolutions (IP address -> domain name) as sources of untrusted data, since compromised/malicious DNS servers could potentially return malicious responses to arbitrary requests. We have now removed this source from the default set of untrusted sources and made a new threat model kind for them, called "reverse-dns". You can optionally include other threat models as appropriate when using the CodeQL CLI and in GitHub code scanning. For more information, see [Analyzing your code with CodeQL queries](https://docs.github.com/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries#including-model-packs-to-add-potential-sources-of-tainted-data>) and [Customizing your advanced setup for code scanning](https://docs.github.com/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#extending-codeql-coverage-with-threat-models). + +### Minor Analysis Improvements + +* Added flow through some methods of the class `java.net.URL` by ensuring that the fields of a URL are tainted. +* Added path-injection sinks for `org.apache.tools.ant.taskdefs.Property.setFile` and `org.apache.tools.ant.taskdefs.Property.setResource`. +* Adds models for request handlers using the `org.lastaflute.web` web framework. + ## 2.0.0 ### Breaking Changes diff --git a/java/ql/lib/change-notes/2024-07-16-add-models-for-the-lastaflute-framework.md b/java/ql/lib/change-notes/2024-07-16-add-models-for-the-lastaflute-framework.md deleted file mode 100644 index b5f924cdb676..000000000000 --- a/java/ql/lib/change-notes/2024-07-16-add-models-for-the-lastaflute-framework.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Adds models for request handlers using the `org.lastaflute.web` web framework. diff --git a/java/ql/lib/change-notes/2024-07-19-apache-ant-property-sinks.md b/java/ql/lib/change-notes/2024-07-19-apache-ant-property-sinks.md deleted file mode 100644 index 11d84d15e3f2..000000000000 --- a/java/ql/lib/change-notes/2024-07-19-apache-ant-property-sinks.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added path-injection sinks for `org.apache.tools.ant.taskdefs.Property.setFile` and `org.apache.tools.ant.taskdefs.Property.setResource`. diff --git a/java/ql/lib/change-notes/2024-07-24-url-fields-inherit-taint.md b/java/ql/lib/change-notes/2024-07-24-url-fields-inherit-taint.md deleted file mode 100644 index 80851dbc6559..000000000000 --- a/java/ql/lib/change-notes/2024-07-24-url-fields-inherit-taint.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added flow through some methods of the class `java.net.URL` by ensuring that the fields of a URL are tainted. diff --git a/java/ql/lib/change-notes/2024-07-25-env-vars.md b/java/ql/lib/change-notes/2024-07-25-env-vars.md deleted file mode 100644 index 8c58be3b4126..000000000000 --- a/java/ql/lib/change-notes/2024-07-25-env-vars.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: breaking ---- -* The Java and Kotlin extractors no longer support the `SOURCE_ARCHIVE` and `TRAP_FOLDER` legacy environment variable. diff --git a/java/ql/lib/change-notes/2024-08-02-buildless-ga.md b/java/ql/lib/change-notes/2024-08-02-buildless-ga.md deleted file mode 100644 index 8d2d8b6255d4..000000000000 --- a/java/ql/lib/change-notes/2024-08-02-buildless-ga.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* Java support for `build-mode: none` is now out of beta, and generally available. diff --git a/java/ql/lib/change-notes/2024-06-14-reverse-dns-separate-threat-model-kind.md b/java/ql/lib/change-notes/released/3.0.0.md similarity index 60% rename from java/ql/lib/change-notes/2024-06-14-reverse-dns-separate-threat-model-kind.md rename to java/ql/lib/change-notes/released/3.0.0.md index f5e39a0b5ea5..be106b16574c 100644 --- a/java/ql/lib/change-notes/2024-06-14-reverse-dns-separate-threat-model-kind.md +++ b/java/ql/lib/change-notes/released/3.0.0.md @@ -1,4 +1,19 @@ ---- -category: majorAnalysis ---- +## 3.0.0 + +### Breaking Changes + +* The Java and Kotlin extractors no longer support the `SOURCE_ARCHIVE` and `TRAP_FOLDER` legacy environment variable. + +### New Features + +* Java support for `build-mode: none` is now out of beta, and generally available. + +### Major Analysis Improvements + * We previously considered reverse DNS resolutions (IP address -> domain name) as sources of untrusted data, since compromised/malicious DNS servers could potentially return malicious responses to arbitrary requests. We have now removed this source from the default set of untrusted sources and made a new threat model kind for them, called "reverse-dns". You can optionally include other threat models as appropriate when using the CodeQL CLI and in GitHub code scanning. For more information, see [Analyzing your code with CodeQL queries](https://docs.github.com/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries#including-model-packs-to-add-potential-sources-of-tainted-data>) and [Customizing your advanced setup for code scanning](https://docs.github.com/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#extending-codeql-coverage-with-threat-models). + +### Minor Analysis Improvements + +* Added flow through some methods of the class `java.net.URL` by ensuring that the fields of a URL are tainted. +* Added path-injection sinks for `org.apache.tools.ant.taskdefs.Property.setFile` and `org.apache.tools.ant.taskdefs.Property.setResource`. +* Adds models for request handlers using the `org.lastaflute.web` web framework. diff --git a/java/ql/lib/codeql-pack.release.yml b/java/ql/lib/codeql-pack.release.yml index 0abe6ccede0f..33d3a2cd1139 100644 --- a/java/ql/lib/codeql-pack.release.yml +++ b/java/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.0 +lastReleaseVersion: 3.0.0 diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index 470dfa198988..74bb47b0b8d0 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 2.0.1-dev +version: 3.0.0 groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/CHANGELOG.md b/java/ql/src/CHANGELOG.md index 79a69c7ed9b6..464768e3a7fc 100644 --- a/java/ql/src/CHANGELOG.md +++ b/java/ql/src/CHANGELOG.md @@ -1,3 +1,12 @@ +## 1.1.2 + +### Minor Analysis Improvements + +* Variables names containing the string "tokenizer" (case-insensitively) are no longer sources for the `java/sensitive-log` query. They normally relate to things like `java.util.StringTokenizer`, which are not sensitive information. This should fix some false positive alerts. +* The query "Unused classes and interfaces" (`java/unused-reference-type`) now recognizes that if a method of a class has an annotation then it may be accessed reflectively. This should remove false positive alerts, especially for JUnit 4-style tests annotated with `@test`. +* Alerts about exposing `exception.getMessage()` in servlet responses are now split out of `java/stack-trace-exposure` into its own query `java/error-message-exposure`. +* Added the extensible abstract class `SensitiveLoggerSource`. Now this class can be extended to add more sources to the `java/sensitive-log` query or for customizations overrides. + ## 1.1.1 ### Minor Analysis Improvements @@ -325,7 +334,7 @@ No user-facing changes. ### New Queries * Added a new query, `java/android/incomplete-provider-permissions`, to detect if an Android ContentProvider is not protected with a correct set of permissions. -* A new query "Uncontrolled data used in content resolution" (`java/android/unsafe-content-uri-resolution`) has been added. This query finds paths from user-provided data to URI resolution operations in Android's `ContentResolver` without previous validation or sanitization. +* A new query "Uncontrolled data used in content resolution" (`java/androd/unsafe-content-uri-resolution`) has been added. This query finds paths from user-provided data to URI resolution operations in Android's `ContentResolver` without previous validation or sanitization. ## 0.4.1 diff --git a/java/ql/src/change-notes/2024-07-23-java-sensitivelogging-source.md b/java/ql/src/change-notes/2024-07-23-java-sensitivelogging-source.md deleted file mode 100644 index ff8a3e12ee4a..000000000000 --- a/java/ql/src/change-notes/2024-07-23-java-sensitivelogging-source.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added the extensible abstract class `SensitiveLoggerSource`. Now this class can be extended to add more sources to the `java/sensitive-log` query or for customizations overrides. \ No newline at end of file diff --git a/java/ql/src/change-notes/2024-07-25-java-error-message-exposure.md b/java/ql/src/change-notes/2024-07-25-java-error-message-exposure.md deleted file mode 100644 index 2cc18cc1c644..000000000000 --- a/java/ql/src/change-notes/2024-07-25-java-error-message-exposure.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Alerts about exposing `exception.getMessage()` in servlet responses are now split out of `java/stack-trace-exposure` into its own query `java/error-message-exposure`. \ No newline at end of file diff --git a/java/ql/src/change-notes/2024-07-30-sensitive-log-whitelist-tokenizer.md b/java/ql/src/change-notes/2024-07-30-sensitive-log-whitelist-tokenizer.md deleted file mode 100644 index a9a2bf2a9e0c..000000000000 --- a/java/ql/src/change-notes/2024-07-30-sensitive-log-whitelist-tokenizer.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Variables names containing the string "tokenizer" (case-insensitively) are no longer sources for the `java/sensitive-log` query. They normally relate to things like `java.util.StringTokenizer`, which are not sensitive information. This should fix some false positive alerts. diff --git a/java/ql/src/change-notes/2024-07-30-unused.md b/java/ql/src/change-notes/2024-07-30-unused.md deleted file mode 100644 index 44eaaf515e5f..000000000000 --- a/java/ql/src/change-notes/2024-07-30-unused.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The query "Unused classes and interfaces" (`java/unused-reference-type`) now recognizes that if a method of a class has an annotation then it may be accessed reflectively. This should remove false positive alerts, especially for JUnit 4-style tests annotated with `@test`. diff --git a/java/ql/src/change-notes/released/1.1.2.md b/java/ql/src/change-notes/released/1.1.2.md new file mode 100644 index 000000000000..f14365cfdd3a --- /dev/null +++ b/java/ql/src/change-notes/released/1.1.2.md @@ -0,0 +1,8 @@ +## 1.1.2 + +### Minor Analysis Improvements + +* Variables names containing the string "tokenizer" (case-insensitively) are no longer sources for the `java/sensitive-log` query. They normally relate to things like `java.util.StringTokenizer`, which are not sensitive information. This should fix some false positive alerts. +* The query "Unused classes and interfaces" (`java/unused-reference-type`) now recognizes that if a method of a class has an annotation then it may be accessed reflectively. This should remove false positive alerts, especially for JUnit 4-style tests annotated with `@test`. +* Alerts about exposing `exception.getMessage()` in servlet responses are now split out of `java/stack-trace-exposure` into its own query `java/error-message-exposure`. +* Added the extensible abstract class `SensitiveLoggerSource`. Now this class can be extended to add more sources to the `java/sensitive-log` query or for customizations overrides. diff --git a/java/ql/src/codeql-pack.release.yml b/java/ql/src/codeql-pack.release.yml index 1a19084be3f7..53ab127707fc 100644 --- a/java/ql/src/codeql-pack.release.yml +++ b/java/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.1.1 +lastReleaseVersion: 1.1.2 diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index e34220277ab7..2b82652c07ed 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 1.1.2-dev +version: 1.1.2 groups: - java - queries diff --git a/javascript/ql/lib/CHANGELOG.md b/javascript/ql/lib/CHANGELOG.md index 182f9a9685c5..134bbe39a693 100644 --- a/javascript/ql/lib/CHANGELOG.md +++ b/javascript/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.1.2 + +No user-facing changes. + ## 1.1.1 No user-facing changes. diff --git a/javascript/ql/lib/change-notes/released/1.1.2.md b/javascript/ql/lib/change-notes/released/1.1.2.md new file mode 100644 index 000000000000..ce8d2c1a4f37 --- /dev/null +++ b/javascript/ql/lib/change-notes/released/1.1.2.md @@ -0,0 +1,3 @@ +## 1.1.2 + +No user-facing changes. diff --git a/javascript/ql/lib/codeql-pack.release.yml b/javascript/ql/lib/codeql-pack.release.yml index 1a19084be3f7..53ab127707fc 100644 --- a/javascript/ql/lib/codeql-pack.release.yml +++ b/javascript/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.1.1 +lastReleaseVersion: 1.1.2 diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index f7bdd033b1c9..55728be6e206 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 1.1.2-dev +version: 1.1.2 groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/CHANGELOG.md b/javascript/ql/src/CHANGELOG.md index 0f30798ecd18..af1e040cc44a 100644 --- a/javascript/ql/src/CHANGELOG.md +++ b/javascript/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.1.1 + +No user-facing changes. + ## 1.1.0 ### New Queries diff --git a/javascript/ql/src/change-notes/released/1.1.1.md b/javascript/ql/src/change-notes/released/1.1.1.md new file mode 100644 index 000000000000..7fb56d366105 --- /dev/null +++ b/javascript/ql/src/change-notes/released/1.1.1.md @@ -0,0 +1,3 @@ +## 1.1.1 + +No user-facing changes. diff --git a/javascript/ql/src/codeql-pack.release.yml b/javascript/ql/src/codeql-pack.release.yml index 2ac15439f561..1a19084be3f7 100644 --- a/javascript/ql/src/codeql-pack.release.yml +++ b/javascript/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.1.0 +lastReleaseVersion: 1.1.1 diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index bd70dd01c26f..930347d58bc4 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 1.1.1-dev +version: 1.1.1 groups: - javascript - queries diff --git a/misc/suite-helpers/CHANGELOG.md b/misc/suite-helpers/CHANGELOG.md index 9f92ac20b255..5e4196ac3372 100644 --- a/misc/suite-helpers/CHANGELOG.md +++ b/misc/suite-helpers/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/misc/suite-helpers/change-notes/released/1.0.5.md b/misc/suite-helpers/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/misc/suite-helpers/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/misc/suite-helpers/codeql-pack.release.yml b/misc/suite-helpers/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/misc/suite-helpers/codeql-pack.release.yml +++ b/misc/suite-helpers/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml index b09efa35a30e..530d81be5a7a 100644 --- a/misc/suite-helpers/qlpack.yml +++ b/misc/suite-helpers/qlpack.yml @@ -1,4 +1,4 @@ name: codeql/suite-helpers -version: 1.0.5-dev +version: 1.0.5 groups: shared warnOnImplicitThis: true diff --git a/python/ql/lib/CHANGELOG.md b/python/ql/lib/CHANGELOG.md index 382efff551c6..87cbf5bfda15 100644 --- a/python/ql/lib/CHANGELOG.md +++ b/python/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 1.0.5 + +### Minor Analysis Improvements + +* Added support for `DictionaryElement[]` and `DictionaryElementAny` when Customizing Library Models for `sourceModel` (see https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-python/) + ## 1.0.4 ### Minor Analysis Improvements diff --git a/python/ql/lib/change-notes/2024-07-12-mad-dict-sources.md b/python/ql/lib/change-notes/released/1.0.5.md similarity index 83% rename from python/ql/lib/change-notes/2024-07-12-mad-dict-sources.md rename to python/ql/lib/change-notes/released/1.0.5.md index 1cc64bc5e7f3..f65ec74a0951 100644 --- a/python/ql/lib/change-notes/2024-07-12-mad-dict-sources.md +++ b/python/ql/lib/change-notes/released/1.0.5.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 1.0.5 + +### Minor Analysis Improvements + * Added support for `DictionaryElement[]` and `DictionaryElementAny` when Customizing Library Models for `sourceModel` (see https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-python/) diff --git a/python/ql/lib/codeql-pack.release.yml b/python/ql/lib/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/python/ql/lib/codeql-pack.release.yml +++ b/python/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index f25441dbef5e..d43d4386a88e 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 1.0.5-dev +version: 1.0.5 groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/CHANGELOG.md b/python/ql/src/CHANGELOG.md index b386509bd979..318971129253 100644 --- a/python/ql/src/CHANGELOG.md +++ b/python/ql/src/CHANGELOG.md @@ -1,3 +1,13 @@ +## 1.1.0 + +### New Queries + +* The `py/cookie-injection` query, originally contributed to the experimental query pack by @jorgectf, has been promoted to the main query pack. This query finds instances of cookies being constructed from user input. + +### Minor Analysis Improvements + +* Added models of `streamlit` PyPI package. + ## 1.0.4 No user-facing changes. diff --git a/python/ql/src/change-notes/2024-07-26-streamlit-models.md b/python/ql/src/change-notes/2024-07-26-streamlit-models.md deleted file mode 100644 index 7deba7dffed6..000000000000 --- a/python/ql/src/change-notes/2024-07-26-streamlit-models.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added models of `streamlit` PyPI package. diff --git a/python/ql/src/change-notes/2024-07-19-cookie-injection.md b/python/ql/src/change-notes/released/1.1.0.md similarity index 59% rename from python/ql/src/change-notes/2024-07-19-cookie-injection.md rename to python/ql/src/change-notes/released/1.1.0.md index ceefa99c886b..9ced8370f539 100644 --- a/python/ql/src/change-notes/2024-07-19-cookie-injection.md +++ b/python/ql/src/change-notes/released/1.1.0.md @@ -1,4 +1,9 @@ ---- -category: newQuery ---- -* The `py/cookie-injection` query, originally contributed to the experimental query pack by @jorgectf, has been promoted to the main query pack. This query finds instances of cookies being constructed from user input. \ No newline at end of file +## 1.1.0 + +### New Queries + +* The `py/cookie-injection` query, originally contributed to the experimental query pack by @jorgectf, has been promoted to the main query pack. This query finds instances of cookies being constructed from user input. + +### Minor Analysis Improvements + +* Added models of `streamlit` PyPI package. diff --git a/python/ql/src/codeql-pack.release.yml b/python/ql/src/codeql-pack.release.yml index 03f7ea71b58e..2ac15439f561 100644 --- a/python/ql/src/codeql-pack.release.yml +++ b/python/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.1.0 diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index 6c6bf5f7798f..d994d8744a18 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 1.0.5-dev +version: 1.1.0 groups: - python - queries diff --git a/ruby/ql/lib/CHANGELOG.md b/ruby/ql/lib/CHANGELOG.md index 865dc997f3a6..4d575d4ef0f3 100644 --- a/ruby/ql/lib/CHANGELOG.md +++ b/ruby/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/ruby/ql/lib/change-notes/released/1.0.5.md b/ruby/ql/lib/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/ruby/ql/lib/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/ruby/ql/lib/codeql-pack.release.yml b/ruby/ql/lib/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/ruby/ql/lib/codeql-pack.release.yml +++ b/ruby/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index 6cee97698704..5a94c2c93d3c 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 1.0.5-dev +version: 1.0.5 groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/CHANGELOG.md b/ruby/ql/src/CHANGELOG.md index ac5d0c7525c0..37101f41c704 100644 --- a/ruby/ql/src/CHANGELOG.md +++ b/ruby/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 1.1.0 + +### New Queries + +* Added a new query, `rb/weak-sensitive-data-hashing`, to detect cases where sensitive data is hashed using a weak cryptographic hashing algorithm. + ## 1.0.4 No user-facing changes. diff --git a/ruby/ql/src/change-notes/2024-06-18-weak-sensitive-data-hashing-query.md b/ruby/ql/src/change-notes/released/1.1.0.md similarity index 84% rename from ruby/ql/src/change-notes/2024-06-18-weak-sensitive-data-hashing-query.md rename to ruby/ql/src/change-notes/released/1.1.0.md index 6fffd21d616c..17dcb0b1237f 100644 --- a/ruby/ql/src/change-notes/2024-06-18-weak-sensitive-data-hashing-query.md +++ b/ruby/ql/src/change-notes/released/1.1.0.md @@ -1,4 +1,5 @@ ---- -category: newQuery ---- +## 1.1.0 + +### New Queries + * Added a new query, `rb/weak-sensitive-data-hashing`, to detect cases where sensitive data is hashed using a weak cryptographic hashing algorithm. diff --git a/ruby/ql/src/codeql-pack.release.yml b/ruby/ql/src/codeql-pack.release.yml index 03f7ea71b58e..2ac15439f561 100644 --- a/ruby/ql/src/codeql-pack.release.yml +++ b/ruby/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.1.0 diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index c1c895167bcd..675736868034 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 1.0.5-dev +version: 1.1.0 groups: - ruby - queries diff --git a/shared/controlflow/CHANGELOG.md b/shared/controlflow/CHANGELOG.md index 047afa97e510..f62d99b8a599 100644 --- a/shared/controlflow/CHANGELOG.md +++ b/shared/controlflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/shared/controlflow/change-notes/released/1.0.5.md b/shared/controlflow/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/shared/controlflow/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/shared/controlflow/codeql-pack.release.yml b/shared/controlflow/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/shared/controlflow/codeql-pack.release.yml +++ b/shared/controlflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/shared/controlflow/qlpack.yml b/shared/controlflow/qlpack.yml index e981c2fed5dc..411b43b82cc4 100644 --- a/shared/controlflow/qlpack.yml +++ b/shared/controlflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/controlflow -version: 1.0.5-dev +version: 1.0.5 groups: shared library: true dependencies: diff --git a/shared/dataflow/CHANGELOG.md b/shared/dataflow/CHANGELOG.md index ca6c7165b9bf..0a94e1b80ec2 100644 --- a/shared/dataflow/CHANGELOG.md +++ b/shared/dataflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/shared/dataflow/change-notes/released/1.0.5.md b/shared/dataflow/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/shared/dataflow/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/shared/dataflow/codeql-pack.release.yml b/shared/dataflow/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/shared/dataflow/codeql-pack.release.yml +++ b/shared/dataflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/shared/dataflow/qlpack.yml b/shared/dataflow/qlpack.yml index 4302341cb3b5..bfec0e93a53a 100644 --- a/shared/dataflow/qlpack.yml +++ b/shared/dataflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/dataflow -version: 1.0.5-dev +version: 1.0.5 groups: shared library: true dependencies: diff --git a/shared/mad/CHANGELOG.md b/shared/mad/CHANGELOG.md index 8680f86e786b..0bf218b96568 100644 --- a/shared/mad/CHANGELOG.md +++ b/shared/mad/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/shared/mad/change-notes/released/1.0.5.md b/shared/mad/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/shared/mad/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/shared/mad/codeql-pack.release.yml b/shared/mad/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/shared/mad/codeql-pack.release.yml +++ b/shared/mad/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/shared/mad/qlpack.yml b/shared/mad/qlpack.yml index 0c16b8a9bddb..21aa9dc3cb74 100644 --- a/shared/mad/qlpack.yml +++ b/shared/mad/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/mad -version: 1.0.5-dev +version: 1.0.5 groups: shared library: true dependencies: diff --git a/shared/rangeanalysis/CHANGELOG.md b/shared/rangeanalysis/CHANGELOG.md index a33a857c9057..f445578246d1 100644 --- a/shared/rangeanalysis/CHANGELOG.md +++ b/shared/rangeanalysis/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/shared/rangeanalysis/change-notes/released/1.0.5.md b/shared/rangeanalysis/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/shared/rangeanalysis/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/shared/rangeanalysis/codeql-pack.release.yml b/shared/rangeanalysis/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/shared/rangeanalysis/codeql-pack.release.yml +++ b/shared/rangeanalysis/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/shared/rangeanalysis/qlpack.yml b/shared/rangeanalysis/qlpack.yml index c2f65e2931f0..0a0b326205c1 100644 --- a/shared/rangeanalysis/qlpack.yml +++ b/shared/rangeanalysis/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rangeanalysis -version: 1.0.5-dev +version: 1.0.5 groups: shared library: true dependencies: diff --git a/shared/regex/CHANGELOG.md b/shared/regex/CHANGELOG.md index d78925faba07..78f8369e7396 100644 --- a/shared/regex/CHANGELOG.md +++ b/shared/regex/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/shared/regex/change-notes/released/1.0.5.md b/shared/regex/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/shared/regex/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/shared/regex/codeql-pack.release.yml b/shared/regex/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/shared/regex/codeql-pack.release.yml +++ b/shared/regex/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml index 930dfbf4098b..d0b658524fe6 100644 --- a/shared/regex/qlpack.yml +++ b/shared/regex/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/regex -version: 1.0.5-dev +version: 1.0.5 groups: shared library: true dependencies: diff --git a/shared/ssa/CHANGELOG.md b/shared/ssa/CHANGELOG.md index 1a64a39471c8..f41fc9a7fe7e 100644 --- a/shared/ssa/CHANGELOG.md +++ b/shared/ssa/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/shared/ssa/change-notes/released/1.0.5.md b/shared/ssa/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/shared/ssa/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/shared/ssa/codeql-pack.release.yml b/shared/ssa/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/shared/ssa/codeql-pack.release.yml +++ b/shared/ssa/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml index e59f7a2e601d..6ff39d141cdc 100644 --- a/shared/ssa/qlpack.yml +++ b/shared/ssa/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ssa -version: 1.0.5-dev +version: 1.0.5 groups: shared library: true dependencies: diff --git a/shared/threat-models/CHANGELOG.md b/shared/threat-models/CHANGELOG.md index bdc66d513224..2e7162889c38 100644 --- a/shared/threat-models/CHANGELOG.md +++ b/shared/threat-models/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/shared/threat-models/change-notes/released/1.0.5.md b/shared/threat-models/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/shared/threat-models/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/shared/threat-models/codeql-pack.release.yml b/shared/threat-models/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/shared/threat-models/codeql-pack.release.yml +++ b/shared/threat-models/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/shared/threat-models/qlpack.yml b/shared/threat-models/qlpack.yml index 819206dd32a6..fdd405e20961 100644 --- a/shared/threat-models/qlpack.yml +++ b/shared/threat-models/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/threat-models -version: 1.0.5-dev +version: 1.0.5 library: true groups: shared dataExtensions: diff --git a/shared/tutorial/CHANGELOG.md b/shared/tutorial/CHANGELOG.md index ad8f62a4e9d5..f20cfe347d73 100644 --- a/shared/tutorial/CHANGELOG.md +++ b/shared/tutorial/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/shared/tutorial/change-notes/released/1.0.5.md b/shared/tutorial/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/shared/tutorial/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/shared/tutorial/codeql-pack.release.yml b/shared/tutorial/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/shared/tutorial/codeql-pack.release.yml +++ b/shared/tutorial/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/shared/tutorial/qlpack.yml b/shared/tutorial/qlpack.yml index c542374804d8..502519631d05 100644 --- a/shared/tutorial/qlpack.yml +++ b/shared/tutorial/qlpack.yml @@ -1,7 +1,7 @@ name: codeql/tutorial description: Library for the CodeQL detective tutorials, helping new users learn to write CodeQL queries. -version: 1.0.5-dev +version: 1.0.5 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/typeflow/CHANGELOG.md b/shared/typeflow/CHANGELOG.md index b9366dadb5c1..7ba137cbf536 100644 --- a/shared/typeflow/CHANGELOG.md +++ b/shared/typeflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/shared/typeflow/change-notes/released/1.0.5.md b/shared/typeflow/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/shared/typeflow/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/shared/typeflow/codeql-pack.release.yml b/shared/typeflow/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/shared/typeflow/codeql-pack.release.yml +++ b/shared/typeflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/shared/typeflow/qlpack.yml b/shared/typeflow/qlpack.yml index 9dbfd6533f47..95557584bfee 100644 --- a/shared/typeflow/qlpack.yml +++ b/shared/typeflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typeflow -version: 1.0.5-dev +version: 1.0.5 groups: shared library: true dependencies: diff --git a/shared/typetracking/CHANGELOG.md b/shared/typetracking/CHANGELOG.md index d17f150b27b2..77d9b6f4fcf5 100644 --- a/shared/typetracking/CHANGELOG.md +++ b/shared/typetracking/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/shared/typetracking/change-notes/released/1.0.5.md b/shared/typetracking/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/shared/typetracking/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/shared/typetracking/codeql-pack.release.yml b/shared/typetracking/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/shared/typetracking/codeql-pack.release.yml +++ b/shared/typetracking/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/shared/typetracking/qlpack.yml b/shared/typetracking/qlpack.yml index c2a176796e89..0c31e5be9a1b 100644 --- a/shared/typetracking/qlpack.yml +++ b/shared/typetracking/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typetracking -version: 1.0.5-dev +version: 1.0.5 groups: shared library: true dependencies: diff --git a/shared/typos/CHANGELOG.md b/shared/typos/CHANGELOG.md index d323c0974fe2..f8ac1347b0f9 100644 --- a/shared/typos/CHANGELOG.md +++ b/shared/typos/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/shared/typos/change-notes/released/1.0.5.md b/shared/typos/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/shared/typos/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/shared/typos/codeql-pack.release.yml b/shared/typos/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/shared/typos/codeql-pack.release.yml +++ b/shared/typos/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml index 5bbc01323a88..97b3f34bd045 100644 --- a/shared/typos/qlpack.yml +++ b/shared/typos/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typos -version: 1.0.5-dev +version: 1.0.5 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/util/CHANGELOG.md b/shared/util/CHANGELOG.md index 6042620d77cb..e44386743adc 100644 --- a/shared/util/CHANGELOG.md +++ b/shared/util/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/shared/util/change-notes/released/1.0.5.md b/shared/util/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/shared/util/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/shared/util/codeql-pack.release.yml b/shared/util/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/shared/util/codeql-pack.release.yml +++ b/shared/util/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/shared/util/qlpack.yml b/shared/util/qlpack.yml index 964747c8c599..8b6247e151db 100644 --- a/shared/util/qlpack.yml +++ b/shared/util/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/util -version: 1.0.5-dev +version: 1.0.5 groups: shared library: true dependencies: null diff --git a/shared/xml/CHANGELOG.md b/shared/xml/CHANGELOG.md index 1323436e6b2f..1b292c168764 100644 --- a/shared/xml/CHANGELOG.md +++ b/shared/xml/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/shared/xml/change-notes/released/1.0.5.md b/shared/xml/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/shared/xml/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/shared/xml/codeql-pack.release.yml b/shared/xml/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/shared/xml/codeql-pack.release.yml +++ b/shared/xml/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/shared/xml/qlpack.yml b/shared/xml/qlpack.yml index edaeefea948c..1a7f307050be 100644 --- a/shared/xml/qlpack.yml +++ b/shared/xml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/xml -version: 1.0.5-dev +version: 1.0.5 groups: shared library: true dependencies: diff --git a/shared/yaml/CHANGELOG.md b/shared/yaml/CHANGELOG.md index cd2c2e92ddfd..064f83a6efd6 100644 --- a/shared/yaml/CHANGELOG.md +++ b/shared/yaml/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.5 + +No user-facing changes. + ## 1.0.4 No user-facing changes. diff --git a/shared/yaml/change-notes/released/1.0.5.md b/shared/yaml/change-notes/released/1.0.5.md new file mode 100644 index 000000000000..56907442d251 --- /dev/null +++ b/shared/yaml/change-notes/released/1.0.5.md @@ -0,0 +1,3 @@ +## 1.0.5 + +No user-facing changes. diff --git a/shared/yaml/codeql-pack.release.yml b/shared/yaml/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/shared/yaml/codeql-pack.release.yml +++ b/shared/yaml/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/shared/yaml/qlpack.yml b/shared/yaml/qlpack.yml index da7d8b2956ae..790d2dc1caed 100644 --- a/shared/yaml/qlpack.yml +++ b/shared/yaml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/yaml -version: 1.0.5-dev +version: 1.0.5 groups: shared library: true warnOnImplicitThis: true diff --git a/swift/ql/lib/CHANGELOG.md b/swift/ql/lib/CHANGELOG.md index 21e8b74bb023..b8e0122e0a0e 100644 --- a/swift/ql/lib/CHANGELOG.md +++ b/swift/ql/lib/CHANGELOG.md @@ -1,3 +1,10 @@ +## 1.1.1 + +### Minor Analysis Improvements + +* The model for `FileManager` no longer considers methods that return paths on the file system as taint sources. This is because these sources have been found to produce results of low value. +* An error in the model for `URL.withUnsafeFileSystemRepresentation(_:)` has been corrected. This may result in new data flow paths being found during analysis. + ## 1.1.0 ### New Features diff --git a/swift/ql/lib/change-notes/2024-07-24-url-model.md b/swift/ql/lib/change-notes/2024-07-24-url-model.md deleted file mode 100644 index ab831ab4593c..000000000000 --- a/swift/ql/lib/change-notes/2024-07-24-url-model.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* An error in the model for `URL.withUnsafeFileSystemRepresentation(_:)` has been corrected. This may result in new data flow paths being found during analysis. diff --git a/swift/ql/lib/change-notes/2024-08-01-filemanager-model.md b/swift/ql/lib/change-notes/2024-08-01-filemanager-model.md deleted file mode 100644 index e4630d38f2c1..000000000000 --- a/swift/ql/lib/change-notes/2024-08-01-filemanager-model.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The model for `FileManager` no longer considers methods that return paths on the file system as taint sources. This is because these sources have been found to produce results of low value. diff --git a/swift/ql/lib/change-notes/released/1.1.1.md b/swift/ql/lib/change-notes/released/1.1.1.md new file mode 100644 index 000000000000..50bd8dff3ce0 --- /dev/null +++ b/swift/ql/lib/change-notes/released/1.1.1.md @@ -0,0 +1,6 @@ +## 1.1.1 + +### Minor Analysis Improvements + +* The model for `FileManager` no longer considers methods that return paths on the file system as taint sources. This is because these sources have been found to produce results of low value. +* An error in the model for `URL.withUnsafeFileSystemRepresentation(_:)` has been corrected. This may result in new data flow paths being found during analysis. diff --git a/swift/ql/lib/codeql-pack.release.yml b/swift/ql/lib/codeql-pack.release.yml index 2ac15439f561..1a19084be3f7 100644 --- a/swift/ql/lib/codeql-pack.release.yml +++ b/swift/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.1.0 +lastReleaseVersion: 1.1.1 diff --git a/swift/ql/lib/qlpack.yml b/swift/ql/lib/qlpack.yml index 2b14c18b1283..2878c24bc555 100644 --- a/swift/ql/lib/qlpack.yml +++ b/swift/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-all -version: 1.1.1-dev +version: 1.1.1 groups: swift extractor: swift dbscheme: swift.dbscheme diff --git a/swift/ql/src/CHANGELOG.md b/swift/ql/src/CHANGELOG.md index ca26ff94f225..e33d96f63f5a 100644 --- a/swift/ql/src/CHANGELOG.md +++ b/swift/ql/src/CHANGELOG.md @@ -1,3 +1,10 @@ +## 1.0.5 + +### Minor Analysis Improvements + +* The `swift/constant-salt` ("Use of constant salts") query now considers string concatenation and interpolation as a barrier. As a result, there will be fewer false positive results from this query involving constructed strings. +* The `swift/constant-salt` ("Use of constant salts") query message now contains a link to the source node. + ## 1.0.4 No user-facing changes. diff --git a/swift/ql/src/change-notes/2024-08-01-constant-salt.md b/swift/ql/src/change-notes/released/1.0.5.md similarity index 88% rename from swift/ql/src/change-notes/2024-08-01-constant-salt.md rename to swift/ql/src/change-notes/released/1.0.5.md index 5ead3f3c9844..f2169e0059f5 100644 --- a/swift/ql/src/change-notes/2024-08-01-constant-salt.md +++ b/swift/ql/src/change-notes/released/1.0.5.md @@ -1,5 +1,6 @@ ---- -category: minorAnalysis ---- +## 1.0.5 + +### Minor Analysis Improvements + * The `swift/constant-salt` ("Use of constant salts") query now considers string concatenation and interpolation as a barrier. As a result, there will be fewer false positive results from this query involving constructed strings. * The `swift/constant-salt` ("Use of constant salts") query message now contains a link to the source node. diff --git a/swift/ql/src/codeql-pack.release.yml b/swift/ql/src/codeql-pack.release.yml index 03f7ea71b58e..42da17b38415 100644 --- a/swift/ql/src/codeql-pack.release.yml +++ b/swift/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.4 +lastReleaseVersion: 1.0.5 diff --git a/swift/ql/src/qlpack.yml b/swift/ql/src/qlpack.yml index a6a4598cc743..c88cab945eb3 100644 --- a/swift/ql/src/qlpack.yml +++ b/swift/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-queries -version: 1.0.5-dev +version: 1.0.5 groups: - swift - queries From c1e242ecdafb6bf009dae66afdb8daf6683ddbf3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 8 Aug 2024 03:50:32 +0000 Subject: [PATCH 08/12] Bump golang.org/x/tools Bumps the extractor-dependencies group in /go/extractor with 1 update: [golang.org/x/tools](https://github.com/golang/tools). Updates `golang.org/x/tools` from 0.23.0 to 0.24.0 - [Release notes](https://github.com/golang/tools/releases) - [Commits](https://github.com/golang/tools/compare/v0.23.0...v0.24.0) --- updated-dependencies: - dependency-name: golang.org/x/tools dependency-type: direct:production update-type: version-update:semver-minor dependency-group: extractor-dependencies ... Signed-off-by: dependabot[bot] --- go/extractor/go.mod | 4 ++-- go/extractor/go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go/extractor/go.mod b/go/extractor/go.mod index c067db32f41c..42366f172863 100644 --- a/go/extractor/go.mod +++ b/go/extractor/go.mod @@ -8,7 +8,7 @@ go 1.22.0 // bazel mod tidy require ( golang.org/x/mod v0.20.0 - golang.org/x/tools v0.23.0 + golang.org/x/tools v0.24.0 ) -require golang.org/x/sync v0.7.0 // indirect +require golang.org/x/sync v0.8.0 // indirect diff --git a/go/extractor/go.sum b/go/extractor/go.sum index 06d792ebb01c..c48959824cdb 100644 --- a/go/extractor/go.sum +++ b/go/extractor/go.sum @@ -1,6 +1,6 @@ golang.org/x/mod v0.20.0 h1:utOm6MM3R3dnawAiJgn0y+xvuYRsm1RKM/4giyfDgV0= golang.org/x/mod v0.20.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= -golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/tools v0.23.0 h1:SGsXPZ+2l4JsgaCKkx+FQ9YZ5XEtA1GZYuoDjenLjvg= -golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI= +golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= +golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/tools v0.24.0 h1:J1shsA93PJUEVaUSaay7UXAyE8aimq3GW0pjlolpa24= +golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ= From 55de3511b07dab7d95a0ee90ae3e21019a9fe35b Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Wed, 7 Aug 2024 22:02:32 +0100 Subject: [PATCH 09/12] Fix frameworks.csv --- go/documentation/library-coverage/frameworks.csv | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go/documentation/library-coverage/frameworks.csv b/go/documentation/library-coverage/frameworks.csv index 21bc6d7aa177..4d1d3ebfb638 100644 --- a/go/documentation/library-coverage/frameworks.csv +++ b/go/documentation/library-coverage/frameworks.csv @@ -15,7 +15,7 @@ Go JOSE,https://github.com/go-jose/go-jose,github.com/go-jose/go-jose* github.co Go kit,https://gokit.io/,github.com/go-kit/kit* go-pg,https://pg.uptrace.dev/,github.com/go-pg/pg* go-restful,https://github.com/emicklei/go-restful,github.com/emicklei/go-restful* -Gokogiri,https://github.com/moovweb/gokogiri,github.com/jbowtie/gokogiri* github.com/jbowtie/moovweb* +Gokogiri,https://github.com/moovweb/gokogiri,github.com/jbowtie/gokogiri* github.com/moovweb/gokogiri* golang.org/x/net,https://pkg.go.dev/golang.org/x/net,golang.org/x/net* goproxy,https://github.com/elazarl/goproxy,github.com/elazarl/goproxy* gorilla/mux,https://github.com/gorilla/mux,github.com/gorilla/mux* From cc6d87c27692378df7a3dcb8abbe5a1dace500f0 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Thu, 8 Aug 2024 12:56:21 +0000 Subject: [PATCH 10/12] Post-release preparation for codeql-cli-2.18.2 --- cpp/ql/lib/qlpack.yml | 2 +- cpp/ql/src/qlpack.yml | 2 +- csharp/ql/campaigns/Solorigate/lib/qlpack.yml | 2 +- csharp/ql/campaigns/Solorigate/src/qlpack.yml | 2 +- csharp/ql/lib/qlpack.yml | 2 +- csharp/ql/src/qlpack.yml | 2 +- go/ql/consistency-queries/qlpack.yml | 2 +- go/ql/lib/qlpack.yml | 2 +- go/ql/src/qlpack.yml | 2 +- java/ql/automodel/src/qlpack.yml | 2 +- java/ql/lib/qlpack.yml | 2 +- java/ql/src/qlpack.yml | 2 +- javascript/ql/lib/qlpack.yml | 2 +- javascript/ql/src/qlpack.yml | 2 +- misc/suite-helpers/qlpack.yml | 2 +- python/ql/lib/qlpack.yml | 2 +- python/ql/src/qlpack.yml | 2 +- ruby/ql/lib/qlpack.yml | 2 +- ruby/ql/src/qlpack.yml | 2 +- shared/controlflow/qlpack.yml | 2 +- shared/dataflow/qlpack.yml | 2 +- shared/mad/qlpack.yml | 2 +- shared/rangeanalysis/qlpack.yml | 2 +- shared/regex/qlpack.yml | 2 +- shared/ssa/qlpack.yml | 2 +- shared/threat-models/qlpack.yml | 2 +- shared/tutorial/qlpack.yml | 2 +- shared/typeflow/qlpack.yml | 2 +- shared/typetracking/qlpack.yml | 2 +- shared/typos/qlpack.yml | 2 +- shared/util/qlpack.yml | 2 +- shared/xml/qlpack.yml | 2 +- shared/yaml/qlpack.yml | 2 +- swift/ql/lib/qlpack.yml | 2 +- swift/ql/src/qlpack.yml | 2 +- 35 files changed, 35 insertions(+), 35 deletions(-) diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index 002da21daec9..830e4f754084 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 1.4.0 +version: 1.4.1-dev groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index a26e3b68c6de..13d1448bf8d3 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 1.2.0 +version: 1.2.1-dev groups: - cpp - queries diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index a13c44628162..07db663f549d 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.7.22 +version: 1.7.23-dev groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index d6062ac903d3..880aae8371f4 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.7.22 +version: 1.7.23-dev groups: - csharp - solorigate diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index 6df287fb5e1c..2bba2984c8f7 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 1.0.5 +version: 1.0.6-dev groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index 1f6b695454dc..51699111e25f 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 1.0.5 +version: 1.0.6-dev groups: - csharp - queries diff --git a/go/ql/consistency-queries/qlpack.yml b/go/ql/consistency-queries/qlpack.yml index 62d6836c3c35..17f966d2c413 100644 --- a/go/ql/consistency-queries/qlpack.yml +++ b/go/ql/consistency-queries/qlpack.yml @@ -1,5 +1,5 @@ name: codeql-go-consistency-queries -version: 1.0.5 +version: 1.0.6-dev groups: - go - queries diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index 574d34df3c58..5d56d0ecc731 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 1.1.4 +version: 1.1.5-dev groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index 2d492bd3eaa7..4df9de83c212 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 1.0.5 +version: 1.0.6-dev groups: - go - queries diff --git a/java/ql/automodel/src/qlpack.yml b/java/ql/automodel/src/qlpack.yml index 77cfa34c6dbe..fd277afd1d7c 100644 --- a/java/ql/automodel/src/qlpack.yml +++ b/java/ql/automodel/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-automodel-queries -version: 1.0.5 +version: 1.0.6-dev groups: - java - automodel diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index 74bb47b0b8d0..3b1e06d84aec 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 3.0.0 +version: 3.0.1-dev groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index 2b82652c07ed..32442dbf4d62 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 1.1.2 +version: 1.1.3-dev groups: - java - queries diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index 55728be6e206..0a9adfd363ab 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 1.1.2 +version: 1.1.3-dev groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index 930347d58bc4..9932097414b7 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 1.1.1 +version: 1.1.2-dev groups: - javascript - queries diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml index 530d81be5a7a..baedc3f13a1e 100644 --- a/misc/suite-helpers/qlpack.yml +++ b/misc/suite-helpers/qlpack.yml @@ -1,4 +1,4 @@ name: codeql/suite-helpers -version: 1.0.5 +version: 1.0.6-dev groups: shared warnOnImplicitThis: true diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index d43d4386a88e..81d09c13b5d3 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 1.0.5 +version: 1.0.6-dev groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index d994d8744a18..d244f5dd13d7 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 1.1.0 +version: 1.1.1-dev groups: - python - queries diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index 5a94c2c93d3c..ecda3a78e654 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 1.0.5 +version: 1.0.6-dev groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index 675736868034..ada2d7236d09 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 1.1.0 +version: 1.1.1-dev groups: - ruby - queries diff --git a/shared/controlflow/qlpack.yml b/shared/controlflow/qlpack.yml index 411b43b82cc4..b610d434e33e 100644 --- a/shared/controlflow/qlpack.yml +++ b/shared/controlflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/controlflow -version: 1.0.5 +version: 1.0.6-dev groups: shared library: true dependencies: diff --git a/shared/dataflow/qlpack.yml b/shared/dataflow/qlpack.yml index bfec0e93a53a..6bc83bb51643 100644 --- a/shared/dataflow/qlpack.yml +++ b/shared/dataflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/dataflow -version: 1.0.5 +version: 1.0.6-dev groups: shared library: true dependencies: diff --git a/shared/mad/qlpack.yml b/shared/mad/qlpack.yml index 21aa9dc3cb74..8568e62a12b6 100644 --- a/shared/mad/qlpack.yml +++ b/shared/mad/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/mad -version: 1.0.5 +version: 1.0.6-dev groups: shared library: true dependencies: diff --git a/shared/rangeanalysis/qlpack.yml b/shared/rangeanalysis/qlpack.yml index 0a0b326205c1..4a9285c82ec6 100644 --- a/shared/rangeanalysis/qlpack.yml +++ b/shared/rangeanalysis/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rangeanalysis -version: 1.0.5 +version: 1.0.6-dev groups: shared library: true dependencies: diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml index d0b658524fe6..39a0ce407686 100644 --- a/shared/regex/qlpack.yml +++ b/shared/regex/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/regex -version: 1.0.5 +version: 1.0.6-dev groups: shared library: true dependencies: diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml index 6ff39d141cdc..ef726856cfb6 100644 --- a/shared/ssa/qlpack.yml +++ b/shared/ssa/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ssa -version: 1.0.5 +version: 1.0.6-dev groups: shared library: true dependencies: diff --git a/shared/threat-models/qlpack.yml b/shared/threat-models/qlpack.yml index fdd405e20961..aa7f4f989fdc 100644 --- a/shared/threat-models/qlpack.yml +++ b/shared/threat-models/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/threat-models -version: 1.0.5 +version: 1.0.6-dev library: true groups: shared dataExtensions: diff --git a/shared/tutorial/qlpack.yml b/shared/tutorial/qlpack.yml index 502519631d05..e0516acd41d9 100644 --- a/shared/tutorial/qlpack.yml +++ b/shared/tutorial/qlpack.yml @@ -1,7 +1,7 @@ name: codeql/tutorial description: Library for the CodeQL detective tutorials, helping new users learn to write CodeQL queries. -version: 1.0.5 +version: 1.0.6-dev groups: shared library: true warnOnImplicitThis: true diff --git a/shared/typeflow/qlpack.yml b/shared/typeflow/qlpack.yml index 95557584bfee..0681ba518257 100644 --- a/shared/typeflow/qlpack.yml +++ b/shared/typeflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typeflow -version: 1.0.5 +version: 1.0.6-dev groups: shared library: true dependencies: diff --git a/shared/typetracking/qlpack.yml b/shared/typetracking/qlpack.yml index 0c31e5be9a1b..da304ceb020f 100644 --- a/shared/typetracking/qlpack.yml +++ b/shared/typetracking/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typetracking -version: 1.0.5 +version: 1.0.6-dev groups: shared library: true dependencies: diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml index 97b3f34bd045..bc581f54edf7 100644 --- a/shared/typos/qlpack.yml +++ b/shared/typos/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typos -version: 1.0.5 +version: 1.0.6-dev groups: shared library: true warnOnImplicitThis: true diff --git a/shared/util/qlpack.yml b/shared/util/qlpack.yml index 8b6247e151db..38a2417c1c2f 100644 --- a/shared/util/qlpack.yml +++ b/shared/util/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/util -version: 1.0.5 +version: 1.0.6-dev groups: shared library: true dependencies: null diff --git a/shared/xml/qlpack.yml b/shared/xml/qlpack.yml index 1a7f307050be..6c62493a3c8d 100644 --- a/shared/xml/qlpack.yml +++ b/shared/xml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/xml -version: 1.0.5 +version: 1.0.6-dev groups: shared library: true dependencies: diff --git a/shared/yaml/qlpack.yml b/shared/yaml/qlpack.yml index 790d2dc1caed..5fc9dd318df7 100644 --- a/shared/yaml/qlpack.yml +++ b/shared/yaml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/yaml -version: 1.0.5 +version: 1.0.6-dev groups: shared library: true warnOnImplicitThis: true diff --git a/swift/ql/lib/qlpack.yml b/swift/ql/lib/qlpack.yml index 2878c24bc555..49920fff3037 100644 --- a/swift/ql/lib/qlpack.yml +++ b/swift/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-all -version: 1.1.1 +version: 1.1.2-dev groups: swift extractor: swift dbscheme: swift.dbscheme diff --git a/swift/ql/src/qlpack.yml b/swift/ql/src/qlpack.yml index c88cab945eb3..5941fbe1954d 100644 --- a/swift/ql/src/qlpack.yml +++ b/swift/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-queries -version: 1.0.5 +version: 1.0.6-dev groups: - swift - queries From 2109bba9282f3aab5e49a33c0ac9d7c811850d2d Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Thu, 8 Aug 2024 15:34:47 +0100 Subject: [PATCH 11/12] Go: Bump Go version in `ExternalValueFlow` test --- .../library-tests/semmle/go/dataflow/ExternalValueFlow/go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/go.mod b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/go.mod index f5b1162fa7a7..57813acac558 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/go.mod +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/go.mod @@ -1,5 +1,5 @@ module semmle.go.Packages -go 1.13 +go 1.21 require github.com/nonexistent/test v0.0.0-20200203000000-0000000000000 From 84f3b7322e048f2e1b7024564c89d7e80b71aad5 Mon Sep 17 00:00:00 2001 From: Chris Smowton Date: Wed, 31 Jul 2024 22:10:21 +0100 Subject: [PATCH 12/12] Add test for Gradle fetching a jar with a classifier --- .../.gitattributes | 9 + .../buildless-gradle-classifiers/.gitignore | 5 + .../buildless-gradle-classifiers/build.gradle | 17 ++ .../buildless-fetches.expected | 2 + .../diagnostics.expected | 70 +++++ .../force_sequential_test_execution | 3 + .../gradle/wrapper/gradle-wrapper.jar | Bin 0 -> 63721 bytes .../gradle/wrapper/gradle-wrapper.properties | 7 + .../java/buildless-gradle-classifiers/gradlew | 249 ++++++++++++++++++ .../buildless-gradle-classifiers/gradlew.bat | 92 +++++++ .../settings.gradle | 8 + .../main/java/com/fractestexample/Test.java | 9 + .../test.expected | 1 + .../java/buildless-gradle-classifiers/test.py | 8 + .../java/buildless-gradle-classifiers/test.ql | 5 + 15 files changed, 485 insertions(+) create mode 100644 java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/.gitattributes create mode 100644 java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/.gitignore create mode 100644 java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/build.gradle create mode 100644 java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/buildless-fetches.expected create mode 100644 java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/diagnostics.expected create mode 100644 java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/force_sequential_test_execution create mode 100644 java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/gradle/wrapper/gradle-wrapper.jar create mode 100644 java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/gradle/wrapper/gradle-wrapper.properties create mode 100755 java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/gradlew create mode 100644 java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/gradlew.bat create mode 100644 java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/settings.gradle create mode 100644 java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/src/main/java/com/fractestexample/Test.java create mode 100644 java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/test.expected create mode 100644 java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/test.py create mode 100644 java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/test.ql diff --git a/java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/.gitattributes b/java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/.gitattributes new file mode 100644 index 000000000000..097f9f98d9ee --- /dev/null +++ b/java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/.gitattributes @@ -0,0 +1,9 @@ +# +# https://help.github.com/articles/dealing-with-line-endings/ +# +# Linux start script should use lf +/gradlew text eol=lf + +# These are Windows script files and should use crlf +*.bat text eol=crlf + diff --git a/java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/.gitignore b/java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/.gitignore new file mode 100644 index 000000000000..1b6985c0094c --- /dev/null +++ b/java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/.gitignore @@ -0,0 +1,5 @@ +# Ignore Gradle project-specific cache directory +.gradle + +# Ignore Gradle build output directory +build diff --git a/java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/build.gradle b/java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/build.gradle new file mode 100644 index 000000000000..0e054886c3e2 --- /dev/null +++ b/java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/build.gradle @@ -0,0 +1,17 @@ +/* + * This file was generated by the Gradle 'init' task. + * + * This is a general purpose Gradle build. + * To learn more about Gradle by exploring our Samples at https://docs.gradle.org/8.3/samples + */ + +apply plugin: 'java-library' + +repositories { + mavenCentral() +} + +dependencies { + api 'org.apache.commons:commons-math3:3.6.1' + api 'joda-time:joda-time:2.12.7:no-tzdb' +} diff --git a/java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/buildless-fetches.expected b/java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/buildless-fetches.expected new file mode 100644 index 000000000000..7d15e175ca83 --- /dev/null +++ b/java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/buildless-fetches.expected @@ -0,0 +1,2 @@ +https://repo.maven.apache.org/maven2/joda-time/joda-time/2.12.7/joda-time-2.12.7-no-tzdb.jar +https://repo.maven.apache.org/maven2/org/apache/commons/commons-math3/3.6.1/commons-math3-3.6.1.jar diff --git a/java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/diagnostics.expected b/java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/diagnostics.expected new file mode 100644 index 000000000000..7312fdf95ec4 --- /dev/null +++ b/java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/diagnostics.expected @@ -0,0 +1,70 @@ +{ + "markdownMessage": "Java analysis used build tool Gradle to pick a JDK version and/or to recommend external dependencies.", + "severity": "unknown", + "source": { + "extractorName": "java", + "id": "java/autobuilder/buildless/using-build-tool-advice", + "name": "Java analysis used build tool Gradle to pick a JDK version and/or to recommend external dependencies" + }, + "visibility": { + "cliSummaryTable": true, + "statusPage": false, + "telemetry": true + } +} +{ + "markdownMessage": "Java analysis used the system default JDK.", + "severity": "unknown", + "source": { + "extractorName": "java", + "id": "java/autobuilder/buildless/jdk-system-default", + "name": "Java analysis used the system default JDK" + }, + "visibility": { + "cliSummaryTable": true, + "statusPage": false, + "telemetry": true + } +} +{ + "markdownMessage": "Java analysis with build-mode 'none' completed.", + "severity": "unknown", + "source": { + "extractorName": "java", + "id": "java/autobuilder/buildless/complete", + "name": "Java analysis with build-mode 'none' completed" + }, + "visibility": { + "cliSummaryTable": true, + "statusPage": false, + "telemetry": true + } +} +{ + "markdownMessage": "Java was extracted with build-mode set to 'none'. This means that all Java source in the working directory will be scanned, with build tools such as Maven and Gradle only contributing information about external dependencies.", + "severity": "note", + "source": { + "extractorName": "java", + "id": "java/autobuilder/buildless/mode-active", + "name": "Java was extracted with build-mode set to 'none'" + }, + "visibility": { + "cliSummaryTable": true, + "statusPage": true, + "telemetry": true + } +} +{ + "markdownMessage": "Reading the dependency graph from build files provided 2 classpath entries", + "severity": "unknown", + "source": { + "extractorName": "java", + "id": "java/autobuilder/buildless/depgraph-provided-by-gradle", + "name": "Java analysis extracted precise dependency graph information from tool Gradle" + }, + "visibility": { + "cliSummaryTable": true, + "statusPage": false, + "telemetry": true + } +} diff --git a/java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/force_sequential_test_execution b/java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/force_sequential_test_execution new file mode 100644 index 000000000000..b0e2500b259b --- /dev/null +++ b/java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/force_sequential_test_execution @@ -0,0 +1,3 @@ +# We currently have a bug where gradle tests become flaky when executed in parallel +# - sometimes, gradle fails to connect to the gradle daemon. +# Therefore, force this test to run sequentially. diff --git a/java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/gradle/wrapper/gradle-wrapper.jar b/java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/gradle/wrapper/gradle-wrapper.jar new file mode 100644 index 0000000000000000000000000000000000000000..7f93135c49b765f8051ef9d0a6055ff8e46073d8 GIT binary patch literal 63721 zcmb5Wb9gP!wgnp7wrv|bwr$&XvSZt}Z6`anZSUAlc9NHKf9JdJ;NJVr`=eI(_pMp0 zy1VAAG3FfAOI`{X1O)&90s;U4K;XLp008~hCjbEC_fbYfS%6kTR+JtXK>nW$ZR+`W ze|#J8f4A@M|F5BpfUJb5h>|j$jOe}0oE!`Zf6fM>CR?!y@zU(cL8NsKk`a z6tx5mAkdjD;J=LcJ;;Aw8p!v#ouk>mUDZF@ zK>yvw%+bKu+T{Nk@LZ;zkYy0HBKw06_IWcMHo*0HKpTsEFZhn5qCHH9j z)|XpN&{`!0a>Vl+PmdQc)Yg4A(AG-z!+@Q#eHr&g<9D?7E)_aEB?s_rx>UE9TUq|? z;(ggJt>9l?C|zoO@5)tu?EV0x_7T17q4fF-q3{yZ^ipUbKcRZ4Qftd!xO(#UGhb2y>?*@{xq%`(-`2T^vc=#< zx!+@4pRdk&*1ht2OWk^Z5IAQ0YTAXLkL{(D*$gENaD)7A%^XXrCchN&z2x+*>o2FwPFjWpeaL=!tzv#JOW#( z$B)Nel<+$bkH1KZv3&-}=SiG~w2sbDbAWarg%5>YbC|}*d9hBjBkR(@tyM0T)FO$# zPtRXukGPnOd)~z=?avu+4Co@wF}1T)-uh5jI<1$HLtyDrVak{gw`mcH@Q-@wg{v^c zRzu}hMKFHV<8w}o*yg6p@Sq%=gkd~;`_VGTS?L@yVu`xuGy+dH6YOwcP6ZE`_0rK% zAx5!FjDuss`FQ3eF|mhrWkjux(Pny^k$u_)dyCSEbAsecHsq#8B3n3kDU(zW5yE|( zgc>sFQywFj5}U*qtF9Y(bi*;>B7WJykcAXF86@)z|0-Vm@jt!EPoLA6>r)?@DIobIZ5Sx zsc@OC{b|3%vaMbyeM|O^UxEYlEMHK4r)V-{r)_yz`w1*xV0|lh-LQOP`OP`Pk1aW( z8DSlGN>Ts|n*xj+%If~+E_BxK)~5T#w6Q1WEKt{!Xtbd`J;`2a>8boRo;7u2M&iOop4qcy<)z023=oghSFV zST;?S;ye+dRQe>ygiJ6HCv4;~3DHtJ({fWeE~$H@mKn@Oh6Z(_sO>01JwH5oA4nvK zr5Sr^g+LC zLt(i&ecdmqsIJGNOSUyUpglvhhrY8lGkzO=0USEKNL%8zHshS>Qziu|`eyWP^5xL4 zRP122_dCJl>hZc~?58w~>`P_s18VoU|7(|Eit0-lZRgLTZKNq5{k zE?V=`7=R&ro(X%LTS*f+#H-mGo_j3dm@F_krAYegDLk6UV{`UKE;{YSsn$ z(yz{v1@p|p!0>g04!eRSrSVb>MQYPr8_MA|MpoGzqyd*$@4j|)cD_%^Hrd>SorF>@ zBX+V<@vEB5PRLGR(uP9&U&5=(HVc?6B58NJT_igiAH*q~Wb`dDZpJSKfy5#Aag4IX zj~uv74EQ_Q_1qaXWI!7Vf@ZrdUhZFE;L&P_Xr8l@GMkhc#=plV0+g(ki>+7fO%?Jb zl+bTy7q{w^pTb{>(Xf2q1BVdq?#f=!geqssXp z4pMu*q;iiHmA*IjOj4`4S&|8@gSw*^{|PT}Aw~}ZXU`6=vZB=GGeMm}V6W46|pU&58~P+?LUs%n@J}CSrICkeng6YJ^M? zS(W?K4nOtoBe4tvBXs@@`i?4G$S2W&;$z8VBSM;Mn9 zxcaEiQ9=vS|bIJ>*tf9AH~m&U%2+Dim<)E=}KORp+cZ^!@wI`h1NVBXu{@%hB2Cq(dXx_aQ9x3mr*fwL5!ZryQqi|KFJuzvP zK1)nrKZ7U+B{1ZmJub?4)Ln^J6k!i0t~VO#=q1{?T)%OV?MN}k5M{}vjyZu#M0_*u z8jwZKJ#Df~1jcLXZL7bnCEhB6IzQZ-GcoQJ!16I*39iazoVGugcKA{lhiHg4Ta2fD zk1Utyc5%QzZ$s3;p0N+N8VX{sd!~l*Ta3|t>lhI&G`sr6L~G5Lul`>m z{!^INm?J|&7X=;{XveF!(b*=?9NAp4y&r&N3(GKcW4rS(Ejk|Lzs1PrxPI_owB-`H zg3(Rruh^&)`TKA6+_!n>RdI6pw>Vt1_j&+bKIaMTYLiqhZ#y_=J8`TK{Jd<7l9&sY z^^`hmi7^14s16B6)1O;vJWOF$=$B5ONW;;2&|pUvJlmeUS&F;DbSHCrEb0QBDR|my zIs+pE0Y^`qJTyH-_mP=)Y+u^LHcuZhsM3+P||?+W#V!_6E-8boP#R-*na4!o-Q1 zVthtYhK{mDhF(&7Okzo9dTi03X(AE{8cH$JIg%MEQca`S zy@8{Fjft~~BdzWC(di#X{ny;!yYGK9b@=b|zcKZ{vv4D8i+`ilOPl;PJl{!&5-0!w z^fOl#|}vVg%=n)@_e1BrP)`A zKPgs`O0EO}Y2KWLuo`iGaKu1k#YR6BMySxQf2V++Wo{6EHmK>A~Q5o73yM z-RbxC7Qdh0Cz!nG+7BRZE>~FLI-?&W_rJUl-8FDIaXoNBL)@1hwKa^wOr1($*5h~T zF;%f^%<$p8Y_yu(JEg=c_O!aZ#)Gjh$n(hfJAp$C2he555W5zdrBqjFmo|VY+el;o z=*D_w|GXG|p0**hQ7~9-n|y5k%B}TAF0iarDM!q-jYbR^us(>&y;n^2l0C%@2B}KM zyeRT9)oMt97Agvc4sEKUEy%MpXr2vz*lb zh*L}}iG>-pqDRw7ud{=FvTD?}xjD)w{`KzjNom-$jS^;iw0+7nXSnt1R@G|VqoRhE%12nm+PH?9`(4rM0kfrZzIK9JU=^$YNyLvAIoxl#Q)xxDz!^0@zZ zSCs$nfcxK_vRYM34O<1}QHZ|hp4`ioX3x8(UV(FU$J@o%tw3t4k1QPmlEpZa2IujG&(roX_q*%e`Hq|);0;@k z0z=fZiFckp#JzW0p+2A+D$PC~IsakhJJkG(c;CqAgFfU0Z`u$PzG~-9I1oPHrCw&)@s^Dc~^)#HPW0Ra}J^=|h7Fs*<8|b13ZzG6MP*Q1dkoZ6&A^!}|hbjM{2HpqlSXv_UUg1U4gn z3Q)2VjU^ti1myodv+tjhSZp%D978m~p& z43uZUrraHs80Mq&vcetqfQpQP?m!CFj)44t8Z}k`E798wxg&~aCm+DBoI+nKq}&j^ zlPY3W$)K;KtEajks1`G?-@me7C>{PiiBu+41#yU_c(dITaqE?IQ(DBu+c^Ux!>pCj zLC|HJGU*v+!it1(;3e`6igkH(VA)-S+k(*yqxMgUah3$@C zz`7hEM47xr>j8^g`%*f=6S5n>z%Bt_Fg{Tvmr+MIsCx=0gsu_sF`q2hlkEmisz#Fy zj_0;zUWr;Gz}$BS%Y`meb(=$d%@Crs(OoJ|}m#<7=-A~PQbyN$x%2iXP2@e*nO0b7AwfH8cCUa*Wfu@b)D_>I*%uE4O3 z(lfnB`-Xf*LfC)E}e?%X2kK7DItK6Tf<+M^mX0Ijf_!IP>7c8IZX%8_#0060P{QMuV^B9i<^E`_Qf0pv9(P%_s8D`qvDE9LK9u-jB}J2S`(mCO&XHTS04Z5Ez*vl^T%!^$~EH8M-UdwhegL>3IQ*)(MtuH2Xt1p!fS4o~*rR?WLxlA!sjc2(O znjJn~wQ!Fp9s2e^IWP1C<4%sFF}T4omr}7+4asciyo3DntTgWIzhQpQirM$9{EbQd z3jz9vS@{aOqTQHI|l#aUV@2Q^Wko4T0T04Me4!2nsdrA8QY1%fnAYb~d2GDz@lAtfcHq(P7 zaMBAGo}+NcE-K*@9y;Vt3*(aCaMKXBB*BJcD_Qnxpt75r?GeAQ}*|>pYJE=uZb73 zC>sv)18)q#EGrTG6io*}JLuB_jP3AU1Uiu$D7r|2_zlIGb9 zjhst#ni)Y`$)!fc#reM*$~iaYoz~_Cy7J3ZTiPm)E?%`fbk`3Tu-F#`{i!l5pNEn5 zO-Tw-=TojYhzT{J=?SZj=Z8#|eoF>434b-DXiUsignxXNaR3 zm_}4iWU$gt2Mw5NvZ5(VpF`?X*f2UZDs1TEa1oZCif?Jdgr{>O~7}-$|BZ7I(IKW`{f;@|IZFX*R8&iT= zoWstN8&R;}@2Ka%d3vrLtR|O??ben;k8QbS-WB0VgiCz;<$pBmIZdN!aalyCSEm)crpS9dcD^Y@XT1a3+zpi-`D}e#HV<} z$Y(G&o~PvL-xSVD5D?JqF3?B9rxGWeb=oEGJ3vRp5xfBPlngh1O$yI95EL+T8{GC@ z98i1H9KhZGFl|;`)_=QpM6H?eDPpw~^(aFQWwyXZ8_EEE4#@QeT_URray*mEOGsGc z6|sdXtq!hVZo=d#+9^@lm&L5|q&-GDCyUx#YQiccq;spOBe3V+VKdjJA=IL=Zn%P} zNk=_8u}VhzFf{UYZV0`lUwcD&)9AFx0@Fc6LD9A6Rd1=ga>Mi0)_QxM2ddCVRmZ0d z+J=uXc(?5JLX3=)e)Jm$HS2yF`44IKhwRnm2*669_J=2LlwuF5$1tAo@ROSU@-y+;Foy2IEl2^V1N;fk~YR z?&EP8#t&m0B=?aJeuz~lHjAzRBX>&x=A;gIvb>MD{XEV zV%l-+9N-)i;YH%nKP?>f`=?#`>B(`*t`aiPLoQM(a6(qs4p5KFjDBN?8JGrf3z8>= zi7sD)c)Nm~x{e<^jy4nTx${P~cwz_*a>%0_;ULou3kHCAD7EYkw@l$8TN#LO9jC( z1BeFW`k+bu5e8Ns^a8dPcjEVHM;r6UX+cN=Uy7HU)j-myRU0wHd$A1fNI~`4;I~`zC)3ul#8#^rXVSO*m}Ag>c%_;nj=Nv$rCZ z*~L@C@OZg%Q^m)lc-kcX&a*a5`y&DaRxh6O*dfhLfF+fU5wKs(1v*!TkZidw*)YBP za@r`3+^IHRFeO%!ai%rxy;R;;V^Fr=OJlpBX;(b*3+SIw}7= zIq$*Thr(Zft-RlY)D3e8V;BmD&HOfX+E$H#Y@B3?UL5L~_fA-@*IB-!gItK7PIgG9 zgWuGZK_nuZjHVT_Fv(XxtU%)58;W39vzTI2n&)&4Dmq7&JX6G>XFaAR{7_3QB6zsT z?$L8c*WdN~nZGiscY%5KljQARN;`w$gho=p006z;n(qIQ*Zu<``TMO3n0{ARL@gYh zoRwS*|Niw~cR!?hE{m*y@F`1)vx-JRfqET=dJ5_(076st(=lFfjtKHoYg`k3oNmo_ zNbQEw8&sO5jAYmkD|Zaz_yUb0rC})U!rCHOl}JhbYIDLzLvrZVw0~JO`d*6f;X&?V=#T@ND*cv^I;`sFeq4 z##H5;gpZTb^0Hz@3C*~u0AqqNZ-r%rN3KD~%Gw`0XsIq$(^MEb<~H(2*5G^<2(*aI z%7}WB+TRlMIrEK#s0 z93xn*Ohb=kWFc)BNHG4I(~RPn-R8#0lqyBBz5OM6o5|>x9LK@%HaM}}Y5goCQRt2C z{j*2TtT4ne!Z}vh89mjwiSXG=%DURar~=kGNNaO_+Nkb+tRi~Rkf!7a$*QlavziD( z83s4GmQ^Wf*0Bd04f#0HX@ua_d8 z23~z*53ePD6@xwZ(vdl0DLc=>cPIOPOdca&MyR^jhhKrdQO?_jJh`xV3GKz&2lvP8 zEOwW6L*ufvK;TN{=S&R@pzV^U=QNk^Ec}5H z+2~JvEVA{`uMAr)?Kf|aW>33`)UL@bnfIUQc~L;TsTQ6>r-<^rB8uoNOJ>HWgqMI8 zSW}pZmp_;z_2O5_RD|fGyTxaxk53Hg_3Khc<8AUzV|ZeK{fp|Ne933=1&_^Dbv5^u zB9n=*)k*tjHDRJ@$bp9mrh}qFn*s}npMl5BMDC%Hs0M0g-hW~P*3CNG06G!MOPEQ_ zi}Qs-6M8aMt;sL$vlmVBR^+Ry<64jrm1EI1%#j?c?4b*7>)a{aDw#TfTYKq+SjEFA z(aJ&z_0?0JB83D-i3Vh+o|XV4UP+YJ$9Boid2^M2en@APw&wx7vU~t$r2V`F|7Qfo z>WKgI@eNBZ-+Og<{u2ZiG%>YvH2L3fNpV9J;WLJoBZda)01Rn;o@){01{7E#ke(7U zHK>S#qZ(N=aoae*4X!0A{)nu0R_sKpi1{)u>GVjC+b5Jyl6#AoQ-1_3UDovNSo`T> z?c-@7XX*2GMy?k?{g)7?Sv;SJkmxYPJPs!&QqB12ejq`Lee^-cDveVWL^CTUldb(G zjDGe(O4P=S{4fF=#~oAu>LG>wrU^z_?3yt24FOx>}{^lCGh8?vtvY$^hbZ)9I0E3r3NOlb9I?F-Yc=r$*~l`4N^xzlV~N zl~#oc>U)Yjl0BxV>O*Kr@lKT{Z09OXt2GlvE38nfs+DD7exl|&vT;)>VFXJVZp9Np zDK}aO;R3~ag$X*|hRVY3OPax|PG`@_ESc8E!mHRByJbZQRS38V2F__7MW~sgh!a>98Q2%lUNFO=^xU52|?D=IK#QjwBky-C>zOWlsiiM&1n z;!&1((Xn1$9K}xabq~222gYvx3hnZPg}VMF_GV~5ocE=-v>V=T&RsLBo&`)DOyIj* zLV{h)JU_y*7SdRtDajP_Y+rBkNN*1_TXiKwHH2&p51d(#zv~s#HwbNy?<+(=9WBvo zw2hkk2Dj%kTFhY+$T+W-b7@qD!bkfN#Z2ng@Pd=i3-i?xYfs5Z*1hO?kd7Sp^9`;Y zM2jeGg<-nJD1er@Pc_cSY7wo5dzQX44=%6rn}P_SRbpzsA{6B+!$3B0#;}qwO37G^ zL(V_5JK`XT?OHVk|{_$vQ|oNEpab*BO4F zUTNQ7RUhnRsU`TK#~`)$icsvKh~(pl=3p6m98@k3P#~upd=k*u20SNcb{l^1rUa)>qO997)pYRWMncC8A&&MHlbW?7i^7M`+B$hH~Y|J zd>FYOGQ;j>Zc2e7R{KK7)0>>nn_jYJy&o@sK!4G>-rLKM8Hv)f;hi1D2fAc$+six2 zyVZ@wZ6x|fJ!4KrpCJY=!Mq0;)X)OoS~{Lkh6u8J`eK%u0WtKh6B>GW_)PVc zl}-k`p09qwGtZ@VbYJC!>29V?Dr>>vk?)o(x?!z*9DJ||9qG-&G~#kXxbw{KKYy}J zQKa-dPt~M~E}V?PhW0R26xdA%1T*%ra6SguGu50YHngOTIv)@N|YttEXo#OZfgtP7;H?EeZZxo<}3YlYxtBq znJ!WFR^tmGf0Py}N?kZ(#=VtpC@%xJkDmfcCoBTxq zr_|5gP?u1@vJZbxPZ|G0AW4=tpb84gM2DpJU||(b8kMOV1S3|(yuwZJ&rIiFW(U;5 zUtAW`O6F6Zy+eZ1EDuP~AAHlSY-+A_eI5Gx)%*uro5tljy}kCZU*_d7)oJ>oQSZ3* zneTn`{gnNC&uJd)0aMBzAg021?YJ~b(fmkwZAd696a=0NzBAqBN54KuNDwa*no(^O z6p05bioXUR^uXjpTol*ppHp%1v9e)vkoUAUJyBx3lw0UO39b0?^{}yb!$yca(@DUn zCquRF?t=Zb9`Ed3AI6|L{eX~ijVH`VzSMheKoP7LSSf4g>md>`yi!TkoG5P>Ofp+n z(v~rW+(5L96L{vBb^g51B=(o)?%%xhvT*A5btOpw(TKh^g^4c zw>0%X!_0`{iN%RbVk+A^f{w-4-SSf*fu@FhruNL##F~sF24O~u zyYF<3el2b$$wZ_|uW#@Ak+VAGk#e|kS8nL1g>2B-SNMjMp^8;-FfeofY2fphFHO!{ z*!o4oTb{4e;S<|JEs<1_hPsmAlVNk?_5-Fp5KKU&d#FiNW~Y+pVFk@Cua1I{T+1|+ zHx6rFMor)7L)krbilqsWwy@T+g3DiH5MyVf8Wy}XbEaoFIDr~y;@r&I>FMW{ z?Q+(IgyebZ)-i4jNoXQhq4Muy9Fv+OxU;9_Jmn+<`mEC#%2Q_2bpcgzcinygNI!&^ z=V$)o2&Yz04~+&pPWWn`rrWxJ&}8khR)6B(--!9Q zubo}h+1T)>a@c)H^i``@<^j?|r4*{;tQf78(xn0g39IoZw0(CwY1f<%F>kEaJ zp9u|IeMY5mRdAlw*+gSN^5$Q)ShM<~E=(c8QM+T-Qk)FyKz#Sw0EJ*edYcuOtO#~Cx^(M7w5 z3)rl#L)rF|(Vun2LkFr!rg8Q@=r>9p>(t3Gf_auiJ2Xx9HmxYTa|=MH_SUlYL`mz9 zTTS$`%;D-|Jt}AP1&k7PcnfFNTH0A-*FmxstjBDiZX?}%u%Yq94$fUT&z6od+(Uk> zuqsld#G(b$G8tus=M!N#oPd|PVFX)?M?tCD0tS%2IGTfh}3YA3f&UM)W$_GNV8 zQo+a(ml2Km4o6O%gKTCSDNq+#zCTIQ1*`TIJh~k6Gp;htHBFnne))rlFdGqwC6dx2+La1&Mnko*352k0y z+tQcwndQlX`nc6nb$A9?<-o|r*%aWXV#=6PQic0Ok_D;q>wbv&j7cKc!w4~KF#-{6 z(S%6Za)WpGIWf7jZ3svNG5OLs0>vCL9{V7cgO%zevIVMH{WgP*^D9ws&OqA{yr|m| zKD4*07dGXshJHd#e%x%J+qmS^lS|0Bp?{drv;{@{l9ArPO&?Q5=?OO9=}h$oVe#3b z3Yofj&Cb}WC$PxmRRS)H%&$1-)z7jELS}!u!zQ?A^Y{Tv4QVt*vd@uj-^t2fYRzQj zfxGR>-q|o$3sGn^#VzZ!QQx?h9`njeJry}@x?|k0-GTTA4y3t2E`3DZ!A~D?GiJup z)8%PK2^9OVRlP(24P^4_<|D=H^7}WlWu#LgsdHzB%cPy|f8dD3|A^mh4WXxhLTVu_ z@abE{6Saz|Y{rXYPd4$tfPYo}ef(oQWZ=4Bct-=_9`#Qgp4ma$n$`tOwq#&E18$B; z@Bp)bn3&rEi0>fWWZ@7k5WazfoX`SCO4jQWwVuo+$PmSZn^Hz?O(-tW@*DGxuf)V1 zO_xm&;NVCaHD4dqt(-MlszI3F-p?0!-e$fbiCeuaw66h^TTDLWuaV<@C-`=Xe5WL) zwooG7h>4&*)p3pKMS3O!4>-4jQUN}iAMQ)2*70?hP~)TzzR?-f@?Aqy$$1Iy8VGG$ zMM?8;j!pUX7QQD$gRc_#+=raAS577ga-w?jd`vCiN5lu)dEUkkUPl9!?{$IJNxQys z*E4e$eF&n&+AMRQR2gcaFEjAy*r)G!s(P6D&TfoApMFC_*Ftx0|D0@E-=B7tezU@d zZ{hGiN;YLIoSeRS;9o%dEua4b%4R3;$SugDjP$x;Z!M!@QibuSBb)HY!3zJ7M;^jw zlx6AD50FD&p3JyP*>o+t9YWW8(7P2t!VQQ21pHJOcG_SXQD;(5aX#M6x##5H_Re>6lPyDCjxr*R(+HE%c&QN+b^tbT zXBJk?p)zhJj#I?&Y2n&~XiytG9!1ox;bw5Rbj~)7c(MFBb4>IiRATdhg zmiEFlj@S_hwYYI(ki{}&<;_7(Z0Qkfq>am z&LtL=2qc7rWguk3BtE4zL41@#S;NN*-jWw|7Kx7H7~_%7fPt;TIX}Ubo>;Rmj94V> zNB1=;-9AR7s`Pxn}t_6^3ahlq53e&!Lh85uG zec0vJY_6e`tg7LgfrJ3k!DjR)Bi#L@DHIrZ`sK=<5O0Ip!fxGf*OgGSpP@Hbbe&$9 z;ZI}8lEoC2_7;%L2=w?tb%1oL0V+=Z`7b=P&lNGY;yVBazXRYu;+cQDKvm*7NCxu&i;zub zAJh#11%?w>E2rf2e~C4+rAb-&$^vsdACs7 z@|Ra!OfVM(ke{vyiqh7puf&Yp6cd6{DptUteYfIRWG3pI+5< zBVBI_xkBAc<(pcb$!Y%dTW(b;B;2pOI-(QCsLv@U-D1XJ z(Gk8Q3l7Ws46Aktuj>|s{$6zA&xCPuXL-kB`CgYMs}4IeyG*P51IDwW?8UNQd+$i~ zlxOPtSi5L|gJcF@DwmJA5Ju8HEJ>o{{upwIpb!f{2(vLNBw`7xMbvcw<^{Fj@E~1( z?w`iIMieunS#>nXlmUcSMU+D3rX28f?s7z;X=se6bo8;5vM|O^(D6{A9*ChnGH!RG zP##3>LDC3jZPE4PH32AxrqPk|yIIrq~`aL-=}`okhNu9aT%q z1b)7iJ)CN=V#Ly84N_r7U^SH2FGdE5FpTO2 z630TF$P>GNMu8`rOytb(lB2};`;P4YNwW1<5d3Q~AX#P0aX}R2b2)`rgkp#zTxcGj zAV^cvFbhP|JgWrq_e`~exr~sIR$6p5V?o4Wym3kQ3HA+;Pr$bQ0(PmADVO%MKL!^q z?zAM8j1l4jrq|5X+V!8S*2Wl@=7*pPgciTVK6kS1Ge zMsd_u6DFK$jTnvVtE;qa+8(1sGBu~n&F%dh(&c(Zs4Fc#A=gG^^%^AyH}1^?|8quj zl@Z47h$){PlELJgYZCIHHL= z{U8O>Tw4x3<1{?$8>k-P<}1y9DmAZP_;(3Y*{Sk^H^A=_iSJ@+s5ktgwTXz_2$~W9>VVZsfwCm@s0sQ zeB50_yu@uS+e7QoPvdCwDz{prjo(AFwR%C?z`EL{1`|coJHQTk^nX=tvs1<0arUOJ z!^`*x&&BvTYmemyZ)2p~{%eYX=JVR?DYr(rNgqRMA5E1PR1Iw=prk=L2ldy3r3Vg@27IZx43+ywyzr-X*p*d@tZV+!U#~$-q=8c zgdSuh#r?b4GhEGNai)ayHQpk>5(%j5c@C1K3(W1pb~HeHpaqijJZa-e6vq_8t-^M^ zBJxq|MqZc?pjXPIH}70a5vt!IUh;l}<>VX<-Qcv^u@5(@@M2CHSe_hD$VG-eiV^V( zj7*9T0?di?P$FaD6oo?)<)QT>Npf6Og!GO^GmPV(Km0!=+dE&bk#SNI+C9RGQ|{~O*VC+tXK3!n`5 zHfl6>lwf_aEVV3`0T!aHNZLsj$paS$=LL(?b!Czaa5bbSuZ6#$_@LK<(7yrrl+80| z{tOFd=|ta2Z`^ssozD9BINn45NxUeCQis?-BKmU*Kt=FY-NJ+)8S1ecuFtN-M?&42 zl2$G>u!iNhAk*HoJ^4v^9#ORYp5t^wDj6|lx~5w45#E5wVqI1JQ~9l?nPp1YINf++ zMAdSif~_ETv@Er(EFBI^@L4BULFW>)NI+ejHFP*T}UhWNN`I)RRS8za? z*@`1>9ZB}An%aT5K=_2iQmfE;GcBVHLF!$`I99o5GO`O%O_zLr9AG18>&^HkG(;=V z%}c!OBQ~?MX(9h~tajX{=x)+!cbM7$YzTlmsPOdp2L-?GoW`@{lY9U3f;OUo*BwRB z8A+nv(br0-SH#VxGy#ZrgnGD(=@;HME;yd46EgWJ`EL%oXc&lFpc@Y}^>G(W>h_v_ zlN!`idhX+OjL+~T?19sroAFVGfa5tX-D49w$1g2g_-T|EpHL6}K_aX4$K=LTvwtlF zL*z}j{f+Uoe7{-px3_5iKPA<_7W=>Izkk)!l9ez2w%vi(?Y;i8AxRNLSOGDzNoqoI zP!1uAl}r=_871(G?y`i&)-7{u=%nxk7CZ_Qh#!|ITec zwQn`33GTUM`;D2POWnkqngqJhJRlM>CTONzTG}>^Q0wUunQyn|TAiHzyX2_%ATx%P z%7gW)%4rA9^)M<_%k@`Y?RbC<29sWU&5;@|9thf2#zf8z12$hRcZ!CSb>kUp=4N#y zl3hE#y6>kkA8VY2`W`g5Ip?2qC_BY$>R`iGQLhz2-S>x(RuWv)SPaGdl^)gGw7tjR zH@;jwk!jIaCgSg_*9iF|a);sRUTq30(8I(obh^|}S~}P4U^BIGYqcz;MPpC~Y@k_m zaw4WG1_vz2GdCAX!$_a%GHK**@IrHSkGoN>)e}>yzUTm52on`hYot7cB=oA-h1u|R ztH$11t?54Qg2L+i33FPFKKRm1aOjKST{l1*(nps`>sv%VqeVMWjl5+Gh+9);hIP8? zA@$?}Sc z3qIRpba+y5yf{R6G(u8Z^vkg0Fu&D-7?1s=QZU`Ub{-!Y`I?AGf1VNuc^L3v>)>i# z{DV9W$)>34wnzAXUiV^ZpYKw>UElrN_5Xj6{r_3| z$X5PK`e5$7>~9Dj7gK5ash(dvs`vwfk}&RD`>04;j62zoXESkFBklYaKm5seyiX(P zqQ-;XxlV*yg?Dhlx%xt!b0N3GHp@(p$A;8|%# zZ5m2KL|{on4nr>2_s9Yh=r5ScQ0;aMF)G$-9-Ca6%wA`Pa)i?NGFA|#Yi?{X-4ZO_ z^}%7%vkzvUHa$-^Y#aA+aiR5sa%S|Ebyn`EV<3Pc?ax_f>@sBZF1S;7y$CXd5t5=WGsTKBk8$OfH4v|0?0I=Yp}7c=WBSCg!{0n)XmiU;lfx)**zZaYqmDJelxk$)nZyx5`x$6R|fz(;u zEje5Dtm|a%zK!!tk3{i9$I2b{vXNFy%Bf{50X!x{98+BsDr_u9i>G5%*sqEX|06J0 z^IY{UcEbj6LDwuMh7cH`H@9sVt1l1#8kEQ(LyT@&+K}(ReE`ux8gb0r6L_#bDUo^P z3Ka2lRo52Hdtl_%+pwVs14=q`{d^L58PsU@AMf(hENumaxM{7iAT5sYmWh@hQCO^ zK&}ijo=`VqZ#a3vE?`7QW0ZREL17ZvDfdqKGD?0D4fg{7v%|Yj&_jcKJAB)>=*RS* zto8p6@k%;&^ZF>hvXm&$PCuEp{uqw3VPG$9VMdW5$w-fy2CNNT>E;>ejBgy-m_6`& z97L1p{%srn@O_JQgFpa_#f(_)eb#YS>o>q3(*uB;uZb605(iqM$=NK{nHY=+X2*G) zO3-_Xh%aG}fHWe*==58zBwp%&`mge<8uq8;xIxOd=P%9EK!34^E9sk|(Zq1QSz-JVeP12Fp)-`F|KY$LPwUE?rku zY@OJ)Z9A!ojfzfeyJ9;zv2EM7ZQB)AR5xGa-tMn^bl)FmoIiVyJ@!~@%{}qXXD&Ns zPnfe5U+&ohKefILu_1mPfLGuapX@btta5C#gPB2cjk5m4T}Nfi+Vfka!Yd(L?-c~5 z#ZK4VeQEXNPc4r$K00Fg>g#_W!YZ)cJ?JTS<&68_$#cZT-ME`}tcwqg3#``3M3UPvn+pi}(VNNx6y zFIMVb6OwYU(2`at$gHba*qrMVUl8xk5z-z~fb@Q3Y_+aXuEKH}L+>eW__!IAd@V}L zkw#s%H0v2k5-=vh$^vPCuAi22Luu3uKTf6fPo?*nvj$9(u)4$6tvF-%IM+3pt*cgs z_?wW}J7VAA{_~!?))?s6{M=KPpVhg4fNuU*|3THp@_(q!b*hdl{fjRVFWtu^1dV(f z6iOux9hi&+UK=|%M*~|aqFK{Urfl!TA}UWY#`w(0P!KMe1Si{8|o))Gy6d7;!JQYhgMYmXl?3FfOM2nQGN@~Ap6(G z3+d_5y@=nkpKAhRqf{qQ~k7Z$v&l&@m7Ppt#FSNzKPZM z8LhihcE6i=<(#87E|Wr~HKvVWhkll4iSK$^mUHaxgy8*K$_Zj;zJ`L$naPj+^3zTi z-3NTaaKnD5FPY-~?Tq6QHnmDDRxu0mh0D|zD~Y=vv_qig5r-cIbCpxlju&8Sya)@{ zsmv6XUSi)@(?PvItkiZEeN*)AE~I_?#+Ja-r8$(XiXei2d@Hi7Rx8+rZZb?ZLa{;@*EHeRQ-YDadz~M*YCM4&F-r;E#M+@CSJMJ0oU|PQ^ z=E!HBJDMQ2TN*Y(Ag(ynAL8%^v;=~q?s4plA_hig&5Z0x_^Oab!T)@6kRN$)qEJ6E zNuQjg|G7iwU(N8pI@_6==0CL;lRh1dQF#wePhmu@hADFd3B5KIH#dx(2A zp~K&;Xw}F_N6CU~0)QpQk7s$a+LcTOj1%=WXI(U=Dv!6 z{#<#-)2+gCyyv=Jw?Ab#PVkxPDeH|sAxyG`|Ys}A$PW4TdBv%zDz z^?lwrxWR<%Vzc8Sgt|?FL6ej_*e&rhqJZ3Y>k=X(^dytycR;XDU16}Pc9Vn0>_@H+ zQ;a`GSMEG64=JRAOg%~L)x*w{2re6DVprNp+FcNra4VdNjiaF0M^*>CdPkt(m150rCue?FVdL0nFL$V%5y6N z%eLr5%YN7D06k5ji5*p4v$UMM)G??Q%RB27IvH7vYr_^3>1D-M66#MN8tWGw>WED} z5AhlsanO=STFYFs)Il_0i)l)f<8qn|$DW7ZXhf5xI;m+7M5-%P63XFQrG9>DMqHc} zsgNU9nR`b}E^mL5=@7<1_R~j@q_2U^3h|+`7YH-?C=vme1C3m`Fe0HC>pjt6f_XMh zy~-i-8R46QNYneL4t@)<0VU7({aUO?aH`z4V2+kxgH5pYD5)wCh75JqQY)jIPN=U6 z+qi8cGiOtXG2tXm;_CfpH9ESCz#i5B(42}rBJJF$jh<1sbpj^8&L;gzGHb8M{of+} zzF^8VgML2O9nxBW7AvdEt90vp+#kZxWf@A)o9f9}vKJy9NDBjBW zSt=Hcs=YWCwnfY1UYx*+msp{g!w0HC<_SM!VL1(I2PE?CS}r(eh?{I)mQixmo5^p# zV?2R!R@3GV6hwTCrfHiK#3Orj>I!GS2kYhk1S;aFBD_}u2v;0HYFq}Iz1Z(I4oca4 zxquja8$+8JW_EagDHf$a1OTk5S97umGSDaj)gH=fLs9>_=XvVj^Xj9a#gLdk=&3tl zfmK9MNnIX9v{?%xdw7568 zNrZ|roYs(vC4pHB5RJ8>)^*OuyNC>x7ad)tB_}3SgQ96+-JT^Qi<`xi=)_=$Skwv~ zdqeT9Pa`LYvCAn&rMa2aCDV(TMI#PA5g#RtV|CWpgDYRA^|55LLN^uNh*gOU>Z=a06qJ;$C9z8;n-Pq=qZnc1zUwJ@t)L;&NN+E5m zRkQ(SeM8=l-aoAKGKD>!@?mWTW&~)uF2PYUJ;tB^my`r9n|Ly~0c%diYzqs9W#FTjy?h&X3TnH zXqA{QI82sdjPO->f=^K^f>N`+B`q9&rN0bOXO79S&a9XX8zund(kW7O76f4dcWhIu zER`XSMSFbSL>b;Rp#`CuGJ&p$s~G|76){d?xSA5wVg##_O0DrmyEYppyBr%fyWbbv zp`K84JwRNP$d-pJ!Qk|(RMr?*!wi1if-9G#0p>>1QXKXWFy)eB3ai)l3601q8!9JC zvU#ZWWDNKq9g6fYs?JQ)Q4C_cgTy3FhgKb8s&m)DdmL5zhNK#8wWg!J*7G7Qhe9VU zha?^AQTDpYcuN!B+#1dE*X{<#!M%zfUQbj=zLE{dW0XeQ7-oIsGY6RbkP2re@Q{}r_$iiH0xU%iN*ST`A)-EH6eaZB$GA#v)cLi z*MpA(3bYk$oBDKAzu^kJoSUsDd|856DApz={3u8sbQV@JnRkp2nC|)m;#T=DvIL-O zI4vh;g7824l}*`_p@MT4+d`JZ2%6NQh=N9bmgJ#q!hK@_<`HQq3}Z8Ij>3%~<*= zcv=!oT#5xmeGI92lqm9sGVE%#X$ls;St|F#u!?5Y7syhx6q#MVRa&lBmmn%$C0QzU z);*ldgwwCmzM3uglr}!Z2G+?& zf%Dpo&mD%2ZcNFiN-Z0f;c_Q;A%f@>26f?{d1kxIJD}LxsQkB47SAdwinfMILZdN3 zfj^HmTzS3Ku5BxY>ANutS8WPQ-G>v4^_Qndy==P3pDm+Xc?>rUHl-4+^%Sp5atOja z2oP}ftw-rqnb}+khR3CrRg^ibi6?QYk1*i^;kQGirQ=uB9Sd1NTfT-Rbv;hqnY4neE5H1YUrjS2m+2&@uXiAo- zrKUX|Ohg7(6F(AoP~tj;NZlV#xsfo-5reuQHB$&EIAhyZk;bL;k9ouDmJNBAun;H& zn;Of1z_Qj`x&M;5X;{s~iGzBQTY^kv-k{ksbE*Dl%Qf%N@hQCfY~iUw!=F-*$cpf2 z3wix|aLBV0b;W@z^%7S{>9Z^T^fLOI68_;l@+Qzaxo`nAI8emTV@rRhEKZ z?*z_{oGdI~R*#<2{bkz$G~^Qef}$*4OYTgtL$e9q!FY7EqxJ2`zk6SQc}M(k(_MaV zSLJnTXw&@djco1~a(vhBl^&w=$fa9{Sru>7g8SHahv$&Bl(D@(Zwxo_3r=;VH|uc5 zi1Ny)J!<(KN-EcQ(xlw%PNwK8U>4$9nVOhj(y0l9X^vP1TA>r_7WtSExIOsz`nDOP zs}d>Vxb2Vo2e5x8p(n~Y5ggAyvib>d)6?)|E@{FIz?G3PVGLf7-;BxaP;c?7ddH$z zA+{~k^V=bZuXafOv!RPsE1GrR3J2TH9uB=Z67gok+u`V#}BR86hB1xl}H4v`F+mRfr zYhortD%@IGfh!JB(NUNSDh+qDz?4ztEgCz&bIG-Wg7w-ua4ChgQR_c+z8dT3<1?uX z*G(DKy_LTl*Ea!%v!RhpCXW1WJO6F`bgS-SB;Xw9#! z<*K}=#wVu9$`Yo|e!z-CPYH!nj7s9dEPr-E`DXUBu0n!xX~&|%#G=BeM?X@shQQMf zMvr2!y7p_gD5-!Lnm|a@z8Of^EKboZsTMk%5VsJEm>VsJ4W7Kv{<|#4f-qDE$D-W>gWT%z-!qXnDHhOvLk=?^a1*|0j z{pW{M0{#1VcR5;F!!fIlLVNh_Gj zbnW(_j?0c2q$EHIi@fSMR{OUKBcLr{Y&$hrM8XhPByyZaXy|dd&{hYQRJ9@Fn%h3p7*VQolBIV@Eq`=y%5BU~3RPa^$a?ixp^cCg z+}Q*X+CW9~TL29@OOng(#OAOd!)e$d%sr}^KBJ-?-X&|4HTmtemxmp?cT3uA?md4% zT8yZ0U;6Rg6JHy3fJae{6TMGS?ZUX6+gGTT{Q{)SI85$5FD{g-eR%O0KMpWPY`4@O zx!hen1*8^E(*}{m^V_?}(b5k3hYo=T+$&M32+B`}81~KKZhY;2H{7O-M@vbCzuX0n zW-&HXeyr1%I3$@ns-V1~Lb@wIpkmx|8I~ob1Of7i6BTNysEwI}=!nU%q7(V_^+d*G z7G;07m(CRTJup!`cdYi93r^+LY+`M*>aMuHJm(A8_O8C#A*$!Xvddgpjx5)?_EB*q zgE8o5O>e~9IiSC@WtZpF{4Bj2J5eZ>uUzY%TgWF7wdDE!fSQIAWCP)V{;HsU3ap?4 znRsiiDbtN7i9hapO;(|Ew>Ip2TZSvK9Z^N21%J?OiA_&eP1{(Pu_=%JjKy|HOardq ze?zK^K zA%sjF64*Wufad%H<) z^|t>e*h+Z1#l=5wHexzt9HNDNXgM=-OPWKd^5p!~%SIl>Fo&7BvNpbf8{NXmH)o{r zO=aBJ;meX1^{O%q;kqdw*5k!Y7%t_30 zy{nGRVc&5qt?dBwLs+^Sfp;f`YVMSB#C>z^a9@fpZ!xb|b-JEz1LBX7ci)V@W+kvQ89KWA0T~Lj$aCcfW#nD5bt&Y_< z-q{4ZXDqVg?|0o)j1%l0^_it0WF*LCn-+)c!2y5yS7aZIN$>0LqNnkujV*YVes(v$ zY@_-!Q;!ZyJ}Bg|G-~w@or&u0RO?vlt5*9~yeoPV_UWrO2J54b4#{D(D>jF(R88u2 zo#B^@iF_%S>{iXSol8jpmsZuJ?+;epg>k=$d`?GSegAVp3n$`GVDvK${N*#L_1`44 z{w0fL{2%)0|E+qgZtjX}itZz^KJt4Y;*8uSK}Ft38+3>j|K(PxIXXR-t4VopXo#9# zt|F{LWr-?34y`$nLBVV_*UEgA6AUI65dYIbqpNq9cl&uLJ0~L}<=ESlOm?Y-S@L*d z<7vt}`)TW#f%Rp$Q}6@3=j$7Tze@_uZO@aMn<|si{?S}~maII`VTjs&?}jQ4_cut9$)PEqMukwoXobzaKx^MV z2fQwl+;LSZ$qy%Tys0oo^K=jOw$!YwCv^ei4NBVauL)tN%=wz9M{uf{IB(BxK|lT*pFkmNK_1tV`nb%jH=a0~VNq2RCKY(rG7jz!-D^k)Ec)yS%17pE#o6&eY+ z^qN(hQT$}5F(=4lgNQhlxj?nB4N6ntUY6(?+R#B?W3hY_a*)hnr4PA|vJ<6p`K3Z5Hy z{{8(|ux~NLUW=!?9Qe&WXMTAkQnLXg(g=I@(VG3{HE13OaUT|DljyWXPs2FE@?`iU z4GQlM&Q=T<4&v@Fe<+TuXiZQT3G~vZ&^POfmI1K2h6t4eD}Gk5XFGpbj1n_g*{qmD6Xy z`6Vv|lLZtLmrnv*{Q%xxtcWVj3K4M%$bdBk_a&ar{{GWyu#ljM;dII;*jP;QH z#+^o-A4np{@|Mz+LphTD0`FTyxYq#wY)*&Ls5o{0z9yg2K+K7ZN>j1>N&;r+Z`vI| zDzG1LJZ+sE?m?>x{5LJx^)g&pGEpY=fQ-4}{x=ru;}FL$inHemOg%|R*ZXPodU}Kh zFEd5#+8rGq$Y<_?k-}r5zgQ3jRV=ooHiF|@z_#D4pKVEmn5CGV(9VKCyG|sT9nc=U zEoT67R`C->KY8Wp-fEcjjFm^;Cg(ls|*ABVHq8clBE(;~K^b+S>6uj70g? z&{XQ5U&!Z$SO7zfP+y^8XBbiu*Cv-yJG|l-oe*!s5$@Lh_KpxYL2sx`B|V=dETN>5K+C+CU~a_3cI8{vbu$TNVdGf15*>D zz@f{zIlorkY>TRh7mKuAlN9A0>N>SV`X)+bEHms=mfYTMWt_AJtz_h+JMmrgH?mZt zm=lfdF`t^J*XLg7v+iS)XZROygK=CS@CvUaJo&w2W!Wb@aa?~Drtf`JV^cCMjngVZ zv&xaIBEo8EYWuML+vxCpjjY^s1-ahXJzAV6hTw%ZIy!FjI}aJ+{rE&u#>rs)vzuxz z+$5z=7W?zH2>Eb32dvgHYZtCAf!=OLY-pb4>Ae79rd68E2LkVPj-|jFeyqtBCCwiW zkB@kO_(3wFq)7qwV}bA=zD!*@UhT`geq}ITo%@O(Z5Y80nEX~;0-8kO{oB6|(4fQh z);73T!>3@{ZobPwRv*W?7m0Ml9GmJBCJd&6E?hdj9lV= z4flNfsc(J*DyPv?RCOx!MSvk(M952PJ-G|JeVxWVjN~SNS6n-_Ge3Q;TGE;EQvZg86%wZ`MB zSMQua(i*R8a75!6$QRO^(o7sGoomb+Y{OMy;m~Oa`;P9Yqo>?bJAhqXxLr7_3g_n>f#UVtxG!^F#1+y@os6x(sg z^28bsQ@8rw%Gxk-stAEPRbv^}5sLe=VMbkc@Jjimqjvmd!3E7+QnL>|(^3!R} zD-l1l7*Amu@j+PWLGHXXaFG0Ct2Q=}5YNUxEQHCAU7gA$sSC<5OGylNnQUa>>l%sM zyu}z6i&({U@x^hln**o6r2s-(C-L50tQvz|zHTqW!ir?w&V23tuYEDJVV#5pE|OJu z7^R!A$iM$YCe?8n67l*J-okwfZ+ZTkGvZ)tVPfR;|3gyFjF)8V zyXXN=!*bpyRg9#~Bg1+UDYCt0 ztp4&?t1X0q>uz;ann$OrZs{5*r`(oNvw=$7O#rD|Wuv*wIi)4b zGtq4%BX+kkagv3F9Id6~-c+1&?zny%w5j&nk9SQfo0k4LhdSU_kWGW7axkfpgR`8* z!?UTG*Zi_baA1^0eda8S|@&F z{)Rad0kiLjB|=}XFJhD(S3ssKlveFFmkN{Vl^_nb!o5M!RC=m)V&v2%e?ZoRC@h3> zJ(?pvToFd`*Zc@HFPL#=otWKwtuuQ_dT-Hr{S%pQX<6dqVJ8;f(o)4~VM_kEQkMR+ zs1SCVi~k>M`u1u2xc}>#D!V&6nOOh-E$O&SzYrjJdZpaDv1!R-QGA141WjQe2s0J~ zQ;AXG)F+K#K8_5HVqRoRM%^EduqOnS(j2)|ctA6Q^=|s_WJYU;Z%5bHp08HPL`YF2 zR)Ad1z{zh`=sDs^&V}J z%$Z$!jd7BY5AkT?j`eqMs%!Gm@T8)4w3GYEX~IwgE~`d|@T{WYHkudy(47brgHXx& zBL1yFG6!!!VOSmDxBpefy2{L_u5yTwja&HA!mYA#wg#bc-m%~8aRR|~AvMnind@zs zy>wkShe5&*un^zvSOdlVu%kHsEo>@puMQ`b1}(|)l~E{5)f7gC=E$fP(FC2=F<^|A zxeIm?{EE!3sO!Gr7e{w)Dx(uU#3WrFZ>ibmKSQ1tY?*-Nh1TDHLe+k*;{Rp!Bmd_m zb#^kh`Y*8l|9Cz2e{;RL%_lg{#^Ar+NH|3z*Zye>!alpt{z;4dFAw^^H!6ING*EFc z_yqhr8d!;%nHX9AKhFQZBGrSzfzYCi%C!(Q5*~hX>)0N`vbhZ@N|i;_972WSx*>LH z87?en(;2_`{_JHF`Sv6Wlps;dCcj+8IJ8ca6`DsOQCMb3n# z3)_w%FuJ3>fjeOOtWyq)ag|PmgQbC-s}KRHG~enBcIwqIiGW8R8jFeBNY9|YswRY5 zjGUxdGgUD26wOpwM#8a!Nuqg68*dG@VM~SbOroL_On0N6QdT9?)NeB3@0FCC?Z|E0 z6TPZj(AsPtwCw>*{eDEE}Gby>0q{*lI+g2e&(YQrsY&uGM{O~}(oM@YWmb*F zA0^rr5~UD^qmNljq$F#ARXRZ1igP`MQx4aS6*MS;Ot(1L5jF2NJ;de!NujUYg$dr# z=TEL_zTj2@>ZZN(NYCeVX2==~=aT)R30gETO{G&GM4XN<+!&W&(WcDP%oL8PyIVUC zs5AvMgh6qr-2?^unB@mXK*Dbil^y-GTC+>&N5HkzXtozVf93m~xOUHn8`HpX=$_v2 z61H;Z1qK9o;>->tb8y%#4H)765W4E>TQ1o0PFj)uTOPEvv&}%(_mG0ISmyhnQV33Z$#&yd{ zc{>8V8XK$3u8}04CmAQ#I@XvtmB*s4t8va?-IY4@CN>;)mLb_4!&P3XSw4pA_NzDb zORn!blT-aHk1%Jpi>T~oGLuh{DB)JIGZ9KOsciWs2N7mM1JWM+lna4vkDL?Q)z_Ct z`!mi0jtr+4*L&N7jk&LodVO#6?_qRGVaucqVB8*us6i3BTa^^EI0x%EREQSXV@f!lak6Wf1cNZ8>*artIJ(ADO*=<-an`3zB4d*oO*8D1K!f z*A@P1bZCNtU=p!742MrAj%&5v%Xp_dSX@4YCw%F|%Dk=u|1BOmo)HsVz)nD5USa zR~??e61sO(;PR)iaxK{M%QM_rIua9C^4ppVS$qCT9j2%?*em?`4Z;4@>I(c%M&#cH z>4}*;ej<4cKkbCAjjDsyKS8rIm90O)Jjgyxj5^venBx&7B!xLmzxW3jhj7sR(^3Fz z84EY|p1NauwXUr;FfZjdaAfh%ivyp+^!jBjJuAaKa!yCq=?T_)R!>16?{~p)FQ3LDoMyG%hL#pR!f@P%*;#90rs_y z@9}@r1BmM-SJ#DeuqCQk=J?ixDSwL*wh|G#us;dd{H}3*-Y7Tv5m=bQJMcH+_S`zVtf;!0kt*(zwJ zs+kedTm!A}cMiM!qv(c$o5K%}Yd0|nOd0iLjus&;s0Acvoi-PFrWm?+q9f^FslxGi z6ywB`QpL$rJzWDg(4)C4+!2cLE}UPCTBLa*_=c#*$b2PWrRN46$y~yST3a2$7hEH= zNjux+wna^AzQ=KEa_5#9Ph=G1{S0#hh1L3hQ`@HrVnCx{!fw_a0N5xV(iPdKZ-HOM za)LdgK}1ww*C_>V7hbQnTzjURJL`S%`6nTHcgS+dB6b_;PY1FsrdE8(2K6FN>37!62j_cBlui{jO^$dPkGHV>pXvW0EiOA zqW`YaSUBWg_v^Y5tPJfWLcLpsA8T zG)!x>pKMpt!lv3&KV!-um= zKCir6`bEL_LCFx4Z5bAFXW$g3Cq`?Q%)3q0r852XI*Der*JNuKUZ`C{cCuu8R8nkt z%pnF>R$uY8L+D!V{s^9>IC+bmt<05h**>49R*#vpM*4i0qRB2uPbg8{{s#9yC;Z18 zD7|4m<9qneQ84uX|J&f-g8a|nFKFt34@Bt{CU`v(SYbbn95Q67*)_Esl_;v291s=9 z+#2F2apZU4Tq=x+?V}CjwD(P=U~d<=mfEFuyPB`Ey82V9G#Sk8H_Ob_RnP3s?)S_3 zr%}Pb?;lt_)Nf>@zX~D~TBr;-LS<1I##8z`;0ZCvI_QbXNh8Iv)$LS=*gHr;}dgb=w5$3k2la1keIm|=7<-JD>)U%=Avl0Vj@+&vxn zt-)`vJxJr88D&!}2^{GPXc^nmRf#}nb$4MMkBA21GzB`-Or`-3lq^O^svO7Vs~FdM zv`NvzyG+0T!P8l_&8gH|pzE{N(gv_tgDU7SWeiI-iHC#0Ai%Ixn4&nt{5y3(GQs)i z&uA;~_0shP$0Wh0VooIeyC|lak__#KVJfxa7*mYmZ22@(<^W}FdKjd*U1CqSjNKW% z*z$5$=t^+;Ui=MoDW~A7;)Mj%ibX1_p4gu>RC}Z_pl`U*{_z@+HN?AF{_W z?M_X@o%w8fgFIJ$fIzBeK=v#*`mtY$HC3tqw7q^GCT!P$I%=2N4FY7j9nG8aIm$c9 zeKTxVKN!UJ{#W)zxW|Q^K!3s;(*7Gbn;e@pQBCDS(I|Y0euK#dSQ_W^)sv5pa%<^o zyu}3d?Lx`)3-n5Sy9r#`I{+t6x%I%G(iewGbvor&I^{lhu-!#}*Q3^itvY(^UWXgvthH52zLy&T+B)Pw;5>4D6>74 zO_EBS)>l!zLTVkX@NDqyN2cXTwsUVao7$HcqV2%t$YzdAC&T)dwzExa3*kt9d(}al zA~M}=%2NVNUjZiO7c>04YH)sRelXJYpWSn^aC$|Ji|E13a^-v2MB!Nc*b+=KY7MCm zqIteKfNkONq}uM;PB?vvgQvfKLPMB8u5+Am=d#>g+o&Ysb>dX9EC8q?D$pJH!MTAqa=DS5$cb+;hEvjwVfF{4;M{5U&^_+r zvZdu_rildI!*|*A$TzJ&apQWV@p{!W`=?t(o0{?9y&vM)V)ycGSlI3`;ps(vf2PUq zX745#`cmT*ra7XECC0gKkpu2eyhFEUb?;4@X7weEnLjXj_F~?OzL1U1L0|s6M+kIhmi%`n5vvDALMagi4`wMc=JV{XiO+^ z?s9i7;GgrRW{Mx)d7rj)?(;|b-`iBNPqdwtt%32se@?w4<^KU&585_kZ=`Wy^oLu9 z?DQAh5z%q;UkP48jgMFHTf#mj?#z|=w= z(q6~17Vn}P)J3M?O)x))%a5+>TFW3No~TgP;f}K$#icBh;rSS+R|}l鯊%1Et zwk~hMkhq;MOw^Q5`7oC{CUUyTw9x>^%*FHx^qJw(LB+E0WBX@{Ghw;)6aA-KyYg8p z7XDveQOpEr;B4je@2~usI5BlFadedX^ma{b{ypd|RNYqo#~d*mj&y`^iojR}s%~vF z(H!u`yx68D1Tj(3(m;Q+Ma}s2n#;O~bcB1`lYk%Irx60&-nWIUBr2x&@}@76+*zJ5 ze&4?q8?m%L9c6h=J$WBzbiTf1Z-0Eb5$IZs>lvm$>1n_Mezp*qw_pr8<8$6f)5f<@ zyV#tzMCs51nTv_5ca`x`yfE5YA^*%O_H?;tWYdM_kHPubA%vy47i=9>Bq) zRQ&0UwLQHeswmB1yP)+BiR;S+Vc-5TX84KUA;8VY9}yEj0eESSO`7HQ4lO z4(CyA8y1G7_C;6kd4U3K-aNOK!sHE}KL_-^EDl(vB42P$2Km7$WGqNy=%fqB+ zSLdrlcbEH=T@W8V4(TgoXZ*G1_aq$K^@ek=TVhoKRjw;HyI&coln|uRr5mMOy2GXP zwr*F^Y|!Sjr2YQXX(Fp^*`Wk905K%$bd03R4(igl0&7IIm*#f`A!DCarW9$h$z`kYk9MjjqN&5-DsH@8xh63!fTNPxWsFQhNv z#|3RjnP$Thdb#Ys7M+v|>AHm0BVTw)EH}>x@_f4zca&3tXJhTZ8pO}aN?(dHo)44Z z_5j+YP=jMlFqwvf3lq!57-SAuRV2_gJ*wsR_!Y4Z(trO}0wmB9%f#jNDHPdQGHFR; zZXzS-$`;7DQ5vF~oSgP3bNV$6Z(rwo6W(U07b1n3UHqml>{=6&-4PALATsH@Bh^W? z)ob%oAPaiw{?9HfMzpGb)@Kys^J$CN{uf*HX?)z=g`J(uK1YO^8~s1(ZIbG%Et(|q z$D@_QqltVZu9Py4R0Ld8!U|#`5~^M=b>fnHthzKBRr=i+w@0Vr^l|W;=zFT#PJ?*a zbC}G#It}rQP^Ait^W&aa6B;+0gNvz4cWUMzpv(1gvfw-X4xJ2Sv;mt;zb2Tsn|kSS zo*U9N?I{=-;a-OybL4r;PolCfiaL=y@o9{%`>+&FI#D^uy#>)R@b^1ue&AKKwuI*` zx%+6r48EIX6nF4o;>)zhV_8(IEX})NGU6Vs(yslrx{5fII}o3SMHW7wGtK9oIO4OM&@@ECtXSICLcPXoS|{;=_yj>hh*%hP27yZwOmj4&Lh z*Nd@OMkd!aKReoqNOkp5cW*lC)&C$P?+H3*%8)6HcpBg&IhGP^77XPZpc%WKYLX$T zsSQ$|ntaVVOoRat$6lvZO(G-QM5s#N4j*|N_;8cc2v_k4n6zx9c1L4JL*83F-C1Cn zaJhd;>rHXB%%ZN=3_o3&Qd2YOxrK~&?1=UuN9QhL$~OY-Qyg&})#ez*8NpQW_*a&kD&ANjedxT0Ar z<6r{eaVz3`d~+N~vkMaV8{F?RBVemN(jD@S8qO~L{rUw#=2a$V(7rLE+kGUZ<%pdr z?$DP|Vg#gZ9S}w((O2NbxzQ^zTot=89!0^~hE{|c9q1hVzv0?YC5s42Yx($;hAp*E zyoGuRyphQY{Q2ee0Xx`1&lv(l-SeC$NEyS~8iil3_aNlnqF_G|;zt#F%1;J)jnPT& z@iU0S;wHJ2$f!juqEzPZeZkjcQ+Pa@eERSLKsWf=`{R@yv7AuRh&ALRTAy z8=g&nxsSJCe!QLchJ=}6|LshnXIK)SNd zRkJNiqHwKK{SO;N5m5wdL&qK`v|d?5<4!(FAsDxR>Ky#0#t$8XCMptvNo?|SY?d8b z`*8dVBlXTUanlh6n)!EHf2&PDG8sXNAt6~u-_1EjPI1|<=33T8 zEnA00E!`4Ave0d&VVh0e>)Dc}=FfAFxpsC1u9ATfQ`-Cu;mhc8Z>2;uyXtqpLb7(P zd2F9<3cXS} znMg?{&8_YFTGRQZEPU-XPq55%51}RJpw@LO_|)CFAt62-_!u_Uq$csc+7|3+TV_!h z+2a7Yh^5AA{q^m|=KSJL+w-EWDBc&I_I1vOr^}P8i?cKMhGy$CP0XKrQzCheG$}G# zuglf8*PAFO8%xop7KSwI8||liTaQ9NCAFarr~psQt)g*pC@9bORZ>m`_GA`_K@~&% zijH0z;T$fd;-Liw8%EKZas>BH8nYTqsK7F;>>@YsE=Rqo?_8}UO-S#|6~CAW0Oz1} z3F(1=+#wrBJh4H)9jTQ_$~@#9|Bc1Pd3rAIA_&vOpvvbgDJOM(yNPhJJq2%PCcMaI zrbe~toYzvkZYQ{ea(Wiyu#4WB#RRN%bMe=SOk!CbJZv^m?Flo5p{W8|0i3`hI3Np# zvCZqY%o258CI=SGb+A3yJe~JH^i{uU`#U#fvSC~rWTq+K`E%J@ zasU07&pB6A4w3b?d?q}2=0rA#SA7D`X+zg@&zm^iA*HVi z009#PUH<%lk4z~p^l0S{lCJk1Uxi=F4e_DwlfHA`X`rv(|JqWKAA5nH+u4Da+E_p+ zVmH@lg^n4ixs~*@gm_dgQ&eDmE1mnw5wBz9Yg?QdZwF|an67Xd*x!He)Gc8&2!urh z4_uXzbYz-aX)X1>&iUjGp;P1u8&7TID0bTH-jCL&Xk8b&;;6p2op_=y^m@Nq*0{#o!!A;wNAFG@0%Z9rHo zcJs?Th>Ny6+hI`+1XoU*ED$Yf@9f91m9Y=#N(HJP^Y@ZEYR6I?oM{>&Wq4|v0IB(p zqX#Z<_3X(&{H+{3Tr|sFy}~=bv+l=P;|sBz$wk-n^R`G3p0(p>p=5ahpaD7>r|>pm zv;V`_IR@tvZreIuv2EM7ZQHhO+qUgw#kOs%*ekY^n|=1#x9&c;Ro&I~{rG-#_3ZB1 z?|9}IFdbP}^DneP*T-JaoYHt~r@EfvnPE5EKUwIxjPbsr$% zfWW83pgWST7*B(o=kmo)74$8UU)v0{@4DI+ci&%=#90}!CZz|rnH+Mz=HN~97G3~@ z;v5(9_2%eca(9iu@J@aqaMS6*$TMw!S>H(b z4(*B!|H|8&EuB%mITr~O?vVEf%(Gr)6E=>H~1VR z&1YOXluJSG1!?TnT)_*YmJ*o_Q@om~(GdrhI{$Fsx_zrkupc#y{DK1WOUR>tk>ZE) ziOLoBkhZZ?0Uf}cm>GsA>Rd6V8@JF)J*EQlQ<=JD@m<)hyElXR0`pTku*3MU`HJn| zIf7$)RlK^pW-$87U;431;Ye4Ie+l~_B3*bH1>*yKzn23cH0u(i5pXV! z4K?{3oF7ZavmmtTq((wtml)m6i)8X6ot_mrE-QJCW}Yn!(3~aUHYG=^fA<^~`e3yc z-NWTb{gR;DOUcK#zPbN^D*e=2eR^_!(!RKkiwMW@@yYtEoOp4XjOGgzi`;=8 zi3`Ccw1%L*y(FDj=C7Ro-V?q)-%p?Ob2ZElu`eZ99n14-ZkEV#y5C+{Pq87Gu3&>g zFy~Wk7^6v*)4pF3@F@rE__k3ikx(hzN3@e*^0=KNA6|jC^B5nf(XaoQaZN?Xi}Rn3 z$8&m*KmWvPaUQ(V<#J+S&zO|8P-#!f%7G+n_%sXp9=J%Z4&9OkWXeuZN}ssgQ#Tcj z8p6ErJQJWZ+fXLCco=RN8D{W%+*kko*2-LEb))xcHwNl~Xmir>kmAxW?eW50Osw3# zki8Fl$#fvw*7rqd?%E?}ZX4`c5-R&w!Y0#EBbelVXSng+kUfeUiqofPehl}$ormli zg%r)}?%=?_pHb9`Cq9Z|B`L8b>(!+8HSX?`5+5mm81AFXfnAt1*R3F z%b2RPIacKAddx%JfQ8l{3U|vK@W7KB$CdLqn@wP^?azRks@x8z59#$Q*7q!KilY-P zHUbs(IFYRGG1{~@RF;Lqyho$~7^hNC`NL3kn^Td%A7dRgr_&`2k=t+}D-o9&C!y^? z6MsQ=tc3g0xkK(O%DzR9nbNB(r@L;1zQrs8mzx&4dz}?3KNYozOW5;=w18U6$G4U2 z#2^qRLT*Mo4bV1Oeo1PKQ2WQS2Y-hv&S|C7`xh6=Pj7MNLC5K-zokZ67S)C;(F0Dd zloDK2_o1$Fmza>EMj3X9je7e%Q`$39Dk~GoOj89-6q9|_WJlSl!!+*{R=tGp z8u|MuSwm^t7K^nUe+^0G3dkGZr3@(X+TL5eah)K^Tn zXEtHmR9UIaEYgD5Nhh(s*fcG_lh-mfy5iUF3xxpRZ0q3nZ=1qAtUa?(LnT9I&~uxX z`pV?+=|-Gl(kz?w!zIieXT}o}7@`QO>;u$Z!QB${a08_bW0_o@&9cjJUXzVyNGCm8 zm=W+$H!;_Kzp6WQqxUI;JlPY&`V}9C$8HZ^m?NvI*JT@~BM=()T()Ii#+*$y@lTZBkmMMda>7s#O(1YZR+zTG@&}!EXFG{ zEWPSDI5bFi;NT>Yj*FjH((=oe%t%xYmE~AGaOc4#9K_XsVpl<4SP@E!TgC0qpe1oi zNpxU2b0(lEMcoibQ-G^cxO?ySVW26HoBNa;n0}CWL*{k)oBu1>F18X061$SP{Gu67 z-v-Fa=Fl^u3lnGY^o5v)Bux}bNZ~ z5pL+7F_Esoun8^5>z8NFoIdb$sNS&xT8_|`GTe8zSXQzs4r^g0kZjg(b0bJvz`g<70u9Z3fQILX1Lj@;@+##bP|FAOl)U^9U>0rx zGi)M1(Hce)LAvQO-pW!MN$;#ZMX?VE(22lTlJrk#pB0FJNqVwC+*%${Gt#r_tH9I_ z;+#)#8cWAl?d@R+O+}@1A^hAR1s3UcW{G+>;X4utD2d9X(jF555}!TVN-hByV6t+A zdFR^aE@GNNgSxxixS2p=on4(+*+f<8xrwAObC)D5)4!z7)}mTpb7&ofF3u&9&wPS< zB62WHLGMhmrmOAgmJ+|c>qEWTD#jd~lHNgT0?t-p{T=~#EMcB| z=AoDKOL+qXCfk~F)-Rv**V}}gWFl>liXOl7Uec_8v)(S#av99PX1sQIVZ9eNLkhq$ zt|qu0b?GW_uo}TbU8!jYn8iJeIP)r@;!Ze_7mj{AUV$GEz6bDSDO=D!&C9!M@*S2! zfGyA|EPlXGMjkH6x7OMF?gKL7{GvGfED=Jte^p=91FpCu)#{whAMw`vSLa`K#atdN zThnL+7!ZNmP{rc=Z>%$meH;Qi1=m1E3Lq2D_O1-X5C;!I0L>zur@tPAC9*7Jeh)`;eec}1`nkRP(%iv-`N zZ@ip-g|7l6Hz%j%gcAM}6-nrC8oA$BkOTz^?dakvX?`^=ZkYh%vUE z9+&)K1UTK=ahYiaNn&G5nHUY5niLGus@p5E2@RwZufRvF{@$hW{;{3QhjvEHMvduO z#Wf-@oYU4ht?#uP{N3utVzV49mEc9>*TV_W2TVC`6+oI)zAjy$KJrr=*q##&kobiQ z1vNbya&OVjK`2pdRrM?LuK6BgrLN7H_3m z!qpNKg~87XgCwb#I=Q&0rI*l$wM!qTkXrx1ko5q-f;=R2fImRMwt5Qs{P*p^z@9ex z`2#v(qE&F%MXlHpdO#QEZyZftn4f05ab^f2vjxuFaat2}jke{j?5GrF=WYBR?gS(^ z9SBiNi}anzBDBRc+QqizTTQuJrzm^bNA~A{j%ugXP7McZqJ}65l10({wk++$=e8O{ zxWjG!Qp#5OmI#XRQQM?n6?1ztl6^D40hDJr?4$Wc&O_{*OfMfxe)V0=e{|N?J#fgE>j9jAajze$iN!*yeF%jJU#G1c@@rm zolGW!j?W6Q8pP=lkctNFdfgUMg92wlM4E$aks1??M$~WQfzzzXtS)wKrr2sJeCN4X zY(X^H_c^PzfcO8Bq(Q*p4c_v@F$Y8cHLrH$`pJ2}=#*8%JYdqsqnGqEdBQMpl!Ot04tUGSXTQdsX&GDtjbWD=prcCT9(+ z&UM%lW%Q3yrl1yiYs;LxzIy>2G}EPY6|sBhL&X&RAQrSAV4Tlh2nITR?{6xO9ujGu zr*)^E`>o!c=gT*_@6S&>0POxcXYNQd&HMw6<|#{eSute2C3{&h?Ah|cw56-AP^f8l zT^kvZY$YiH8j)sk7_=;gx)vx-PW`hbSBXJGCTkpt;ap(}G2GY=2bbjABU5)ty%G#x zAi07{Bjhv}>OD#5zh#$0w;-vvC@^}F! z#X$@)zIs1L^E;2xDAwEjaXhTBw2<{&JkF*`;c3<1U@A4MaLPe{M5DGGkL}#{cHL%* zYMG+-Fm0#qzPL#V)TvQVI|?_M>=zVJr9>(6ib*#z8q@mYKXDP`k&A4A};xMK0h=yrMp~JW{L?mE~ph&1Y1a#4%SO)@{ zK2juwynUOC)U*hVlJU17%llUxAJFuKZh3K0gU`aP)pc~bE~mM!i1mi!~LTf>1Wp< zuG+ahp^gH8g8-M$u{HUWh0m^9Rg@cQ{&DAO{PTMudV6c?ka7+AO& z746QylZ&Oj`1aqfu?l&zGtJnpEQOt;OAFq19MXTcI~`ZcoZmyMrIKDFRIDi`FH)w; z8+*8tdevMDv*VtQi|e}CnB_JWs>fhLOH-+Os2Lh!&)Oh2utl{*AwR)QVLS49iTp{6 z;|172Jl!Ml17unF+pd+Ff@jIE-{Oxv)5|pOm@CkHW?{l}b@1>Pe!l}VccX#xp@xgJ zyE<&ep$=*vT=}7vtvif0B?9xw_3Gej7mN*dOHdQPtW5kA5_zGD zpA4tV2*0E^OUimSsV#?Tg#oiQ>%4D@1F5@AHwT8Kgen$bSMHD3sXCkq8^(uo7CWk`mT zuslYq`6Yz;L%wJh$3l1%SZv#QnG3=NZ=BK4yzk#HAPbqXa92;3K5?0kn4TQ`%E%X} z&>Lbt!!QclYKd6+J7Nl@xv!uD%)*bY-;p`y^ZCC<%LEHUi$l5biu!sT3TGGSTPA21 zT8@B&a0lJHVn1I$I3I1I{W9fJAYc+8 zVj8>HvD}&O`TqU2AAb={?eT;0hyL(R{|h23=4fDSZKC32;wWxsVj`P z3J3{M$PwdH!ro*Cn!D&=jnFR>BNGR<<|I8CI@+@658Dy(lhqbhXfPTVecY@L8%`3Q z1Fux2w?2C3th60jI~%OC9BtpNF$QPqcG+Pz96qZJ71_`0o0w_q7|h&O>`6U+^BA&5 zXd5Zp1Xkw~>M%RixTm&OqpNl8Q+ue=92Op_>T~_9UON?ZM2c0aGm=^A4ejrXj3dV9 zhh_bCt-b9`uOX#cFLj!vhZ#lS8Tc47OH>*)y#{O9?AT~KR9LntM|#l#Dlm^8{nZdk zjMl#>ZM%#^nK2TPzLcKxqx24P7R1FPlBy7LSBrRvx>fE$9AJ;7{PQm~^LBX^k#6Zq zw*Z(zJC|`!6_)EFR}8|n8&&Rbj8y028~P~sFXBFRt+tmqH-S3<%N;C&WGH!f3{7cm zy_fCAb9@HqaXa1Y5vFbxWf%#zg6SI$C+Uz5=CTO}e|2fjWkZ;Dx|84Ow~bkI=LW+U zuq;KSv9VMboRvs9)}2PAO|b(JCEC_A0wq{uEj|3x@}*=bOd zwr{TgeCGG>HT<@Zeq8y}vTpwDg#UBvD)BEs@1KP$^3$sh&_joQPn{hjBXmLPJ{tC) z*HS`*2+VtJO{|e$mM^|qv1R*8i(m1`%)}g=SU#T#0KlTM2RSvYUc1fP+va|4;5}Bfz98UvDCpq7}+SMV&;nX zQw~N6qOX{P55{#LQkrZk(e5YGzr|(B;Q;ju;2a`q+S9bsEH@i1{_Y0;hWYn1-79jl z5c&bytD*k)GqrVcHn6t-7kinadiD>B{Tl`ZY@`g|b~pvHh5!gKP4({rp?D0aFd_cN zhHRo4dd5^S6ViN(>(28qZT6E>??aRhc($kP`>@<+lIKS5HdhjVU;>f7<4))E*5|g{ z&d1}D|vpuV^eRj5j|xx9nwaCxXFG?Qbjn~_WSy=N}P0W>MP zG-F%70lX5Xr$a)2i6?i|iMyM|;Jtf*hO?=Jxj12oz&>P=1#h~lf%#fc73M2_(SUM- zf&qnjS80|_Y0lDgl&I?*eMumUklLe_=Td!9G@eR*tcPOgIShJipp3{A10u(4eT~DY zHezEj8V+7m!knn7)W!-5QI3=IvC^as5+TW1@Ern@yX| z7Nn~xVx&fGSr+L%4iohtS3w^{-H1A_5=r&x8}R!YZvp<2T^YFvj8G_vm}5q;^UOJf ztl=X3iL;;^^a#`t{Ae-%5Oq{?M#s6Npj+L(n-*LMI-yMR{)qki!~{5z{&`-iL}lgW zxo+tnvICK=lImjV$Z|O_cYj_PlEYCzu-XBz&XC-JVxUh9;6*z4fuBG+H{voCC;`~GYV|hj%j_&I zDZCj>Q_0RCwFauYoVMiUSB+*Mx`tg)bWmM^SwMA+?lBg12QUF_x2b)b?qb88K-YUd z0dO}3k#QirBV<5%jL$#wlf!60dizu;tsp(7XLdI=eQs?P`tOZYMjVq&jE)qK*6B^$ zBe>VvH5TO>s>izhwJJ$<`a8fakTL!yM^Zfr2hV9`f}}VVUXK39p@G|xYRz{fTI+Yq z20d=)iwjuG9RB$%$^&8#(c0_j0t_C~^|n+c`Apu|x7~;#cS-s=X1|C*YxX3ailhg_|0`g!E&GZJEr?bh#Tpb8siR=JxWKc{#w7g zWznLwi;zLFmM1g8V5-P#RsM@iX>TK$xsWuujcsVR^7TQ@!+vCD<>Bk9tdCo7Mzgq5 zv8d>dK9x8C@Qoh01u@3h0X_`SZluTb@5o;{4{{eF!-4405x8X7hewZWpz z2qEi4UTiXTvsa(0X7kQH{3VMF>W|6;6iTrrYD2fMggFA&-CBEfSqPlQDxqsa>{e2M z(R5PJ7uOooFc|9GU0ELA%m4&4Ja#cQpNw8i8ACAoK6?-px+oBl_yKmenZut#Xumjz zk8p^OV2KY&?5MUwGrBOo?ki`Sxo#?-Q4gw*Sh0k`@ zFTaYK2;}%Zk-68`#5DXU$2#=%YL#S&MTN8bF+!J2VT6x^XBci6O)Q#JfW{YMz) zOBM>t2rSj)n#0a3cjvu}r|k3od6W(SN}V-cL?bi*Iz-8uOcCcsX0L>ZXjLqk zZu2uHq5B|Kt>e+=pPKu=1P@1r9WLgYFq_TNV1p9pu0erHGd!+bBp!qGi+~4A(RsYN@CyXNrC&hxGmW)u5m35OmWwX`I+0yByglO`}HC4nGE^_HUs^&A(uaM zKPj^=qI{&ayOq#z=p&pnx@@k&I1JI>cttJcu@Ihljt?6p^6{|ds`0MoQwp+I{3l6` zB<9S((RpLG^>=Kic`1LnhpW2=Gu!x`m~=y;A`Qk!-w`IN;S8S930#vBVMv2vCKi}u z6<-VPrU0AnE&vzwV(CFC0gnZYcpa-l5T0ZS$P6(?9AM;`Aj~XDvt;Jua=jIgF=Fm? zdp=M$>`phx%+Gu};;-&7T|B1AcC#L4@mW5SV_^1BRbo6;2PWe$r+npRV`yc;T1mo& z+~_?7rA+(Um&o@Tddl zL_hxvWk~a)yY}%j`Y+200D%9$bWHy&;(yj{jpi?Rtz{J66ANw)UyPOm;t6FzY3$hx zcn)Ir79nhFvNa7^a{SHN7XH*|Vlsx`CddPnA&Qvh8aNhEA;mPVv;Ah=k<*u!Zq^7 z<=xs*iQTQOMMcg|(NA_auh@x`3#_LFt=)}%SQppP{E>mu_LgquAWvh<>L7tf9+~rO znwUDS52u)OtY<~!d$;m9+87aO+&`#2ICl@Y>&F{jI=H(K+@3M1$rr=*H^dye#~TyD z!){#Pyfn+|ugUu}G;a~!&&0aqQ59U@UT3|_JuBlYUpT$2+11;}JBJ`{+lQN9T@QFY z5+`t;6(TS0F?OlBTE!@7D`8#URDNqx2t6`GZ{ZgXeS@v%-eJzZOHz18aS|svxII$a zZeFjrJ*$IwX$f-Rzr_G>xbu@euGl)B7pC&S+CmDJBg$BoV~jxSO#>y z33`bupN#LDoW0feZe0%q8un0rYN|eRAnwDHQ6e_)xBTbtoZtTA=Fvk){q}9Os~6mQ zKB80VI_&6iSq`LnK7*kfHZoeX6?WE}8yjuDn=2#JG$+;-TOA1%^=DnXx%w{b=w}tS zQbU3XxtOI8E(!%`64r2`zog;5<0b4i)xBmGP^jiDZ2%HNSxIf3@wKs~uk4%3Mxz;~ zts_S~E4>W+YwI<-*-$U8*^HKDEa8oLbmqGg?3vewnaNg%Mm)W=)lcC_J+1ov^u*N3 zXJ?!BrH-+wGYziJq2Y#vyry6Z>NPgkEk+Ke`^DvNRdb>Q2Nlr#v%O@<5hbflI6EKE z9dWc0-ORk^T}jP!nkJ1imyjdVX@GrjOs%cpgA8-c&FH&$(4od#x6Y&=LiJZPINVyW z0snY$8JW@>tc2}DlrD3StQmA0Twck~@>8dSix9CyQOALcREdxoM$Sw*l!}bXKq9&r zysMWR@%OY24@e`?+#xV2bk{T^C_xSo8v2ZI=lBI*l{RciPwuE>L5@uhz@{!l)rtVlWC>)6(G)1~n=Q|S!{E9~6*fdpa*n z!()-8EpTdj=zr_Lswi;#{TxbtH$8*G=UM`I+icz7sr_SdnHXrv=?iEOF1UL+*6O;% zPw>t^kbW9X@oEXx<97%lBm-9?O_7L!DeD)Me#rwE54t~UBu9VZ zl_I1tBB~>jm@bw0Aljz8! zXBB6ATG6iByKIxs!qr%pz%wgqbg(l{65DP4#v(vqhhL{0b#0C8mq`bnqZ1OwFV z7mlZZJFMACm>h9v^2J9+^_zc1=JjL#qM5ZHaThH&n zXPTsR8(+)cj&>Un{6v*z?@VTLr{TmZ@-fY%*o2G}*G}#!bmqpoo*Ay@U!JI^Q@7gj;Kg-HIrLj4}#ec4~D2~X6vo;ghep-@&yOivYP zC19L0D`jjKy1Yi-SGPAn94(768Tcf$urAf{)1)9W58P`6MA{YG%O?|07!g9(b`8PXG1B1Sh0?HQmeJtP0M$O$hI z{5G`&9XzYhh|y@qsF1GnHN|~^ru~HVf#)lOTSrv=S@DyR$UKQk zjdEPFDz{uHM&UM;=mG!xKvp;xAGHOBo~>_=WFTmh$chpC7c`~7?36h)7$fF~Ii}8q zF|YXxH-Z?d+Q+27Rs3X9S&K3N+)OBxMHn1u(vlrUC6ckBY@@jl+mgr#KQUKo#VeFm zFwNYgv0<%~Wn}KeLeD9e1$S>jhOq&(e*I@L<=I5b(?G(zpqI*WBqf|Zge0&aoDUsC zngMRA_Kt0>La+Erl=Uv_J^p(z=!?XHpenzn$%EA`JIq#yYF?JLDMYiPfM(&Csr#f{ zdd+LJL1by?xz|D8+(fgzRs~(N1k9DSyK@LJygwaYX8dZl0W!I&c^K?7)z{2is;OkE zd$VK-(uH#AUaZrp=1z;O*n=b?QJkxu`Xsw&7yrX0?(CX=I-C#T;yi8a<{E~?vr3W> zQrpPqOW2M+AnZ&p{hqmHZU-;Q(7?- zP8L|Q0RM~sB0w1w53f&Kd*y}ofx@c z5Y6B8qGel+uT1JMot$nT1!Tim6{>oZzJXdyA+4euOLME?5Fd_85Uk%#E*ln%y{u8Q z$|?|R@Hpb~yTVK-Yr_S#%NUy7EBfYGAg>b({J|5b+j-PBpPy$Ns`PaJin4JdRfOaS zE|<HjH%NuJgsd2wOlv>~y=np%=2)$M9LS|>P)zJ+Fei5vYo_N~B0XCn+GM76 z)Xz3tg*FRVFgIl9zpESgdpWAavvVViGlU8|UFY{{gVJskg*I!ZjWyk~OW-Td4(mZ6 zB&SQreAAMqwp}rjy`HsG({l2&q5Y52<@AULVAu~rWI$UbFuZs>Sc*x+XI<+ez%$U)|a^unjpiW0l0 zj1!K0(b6$8LOjzRqQ~K&dfbMIE=TF}XFAi)$+h}5SD3lo z%%Qd>p9se=VtQG{kQ;N`sI)G^u|DN#7{aoEd zkksYP%_X$Rq08);-s6o>CGJ<}v`qs%eYf+J%DQ^2k68C%nvikRsN?$ap--f+vCS`K z#&~)f7!N^;sdUXu54gl3L=LN>FB^tuK=y2e#|hWiWUls__n@L|>xH{%8lIJTd5`w? zSwZbnS;W~DawT4OwSJVdAylbY+u5S+ZH{4hAi2&}Iv~W(UvHg(1GTZRPz`@{SOqzy z(8g&Dz=$PfRV=6FgxN~zo+G8OoPI&d-thcGVR*_^(R8COTM@bq?fDwY{}WhsQS1AK zF6R1t8!RdFmfocpJ6?9Yv~;WYi~XPgs(|>{5})j!AR!voO7y9&cMPo#80A(`za@t>cx<0;qxM@S*m(jYP)dMXr*?q0E`oL;12}VAep179uEr8c<=D zr5?A*C{eJ`z9Ee;E$8)MECqatHkbHH z&Y+ho0B$31MIB-xm&;xyaFCtg<{m~M-QDbY)fQ>Q*Xibb~8ytxZQ?QMf9!%cV zU0_X1@b4d+Pg#R!`OJ~DOrQz3@cpiGy~XSKjZQQ|^4J1puvwKeScrH8o{bscBsowomu z^f12kTvje`yEI3eEXDHJ6L+O{Jv$HVj%IKb|J{IvD*l6IG8WUgDJ*UGz z3!C%>?=dlfSJ>4U88)V+`U-!9r^@AxJBx8R;)J4Fn@`~k>8>v0M9xp90OJElWP&R5 zM#v*vtT}*Gm1^)Bv!s72T3PB0yVIjJW)H7a)ilkAvoaH?)jjb`MP>2z{%Y?}83 zUIwBKn`-MSg)=?R)1Q0z3b>dHE^)D8LFs}6ASG1|daDly_^lOSy&zIIhm*HXm1?VS=_iacG);_I9c zUQH1>i#*?oPIwBMJkzi_*>HoUe}_4o>2(SHWzqQ=;TyhAHS;Enr7!#8;sdlty&(>d zl%5cjri8`2X^Ds`jnw7>A`X|bl=U8n+3LKLy(1dAu8`g@9=5iw$R0qk)w8Vh_Dt^U zIglK}sn^)W7aB(Q>HvrX=rxB z+*L)3DiqpQ_%~|m=44LcD4-bxO3OO*LPjsh%p(k?&jvLp0py57oMH|*IMa(<|{m1(0S|x)?R-mqJ=I;_YUZA>J z62v*eSK;5w!h8J+6Z2~oyGdZ68waWfy09?4fU&m7%u~zi?YPHPgK6LDwphgaYu%0j zurtw)AYOpYKgHBrkX189mlJ`q)w-f|6>IER{5Lk97%P~a-JyCRFjejW@L>n4vt6#hq;!|m;hNE||LK3nw1{bJOy+eBJjK=QqNjI;Q6;Rp5 z&035pZDUZ#%Oa;&_7x0T<7!RW`#YBOj}F380Bq?MjjEhrvlCATPdkCTTl+2efTX$k zH&0zR1n^`C3ef~^sXzJK-)52(T}uTG%OF8yDhT76L~|^+hZ2hiSM*QA9*D5odI1>& z9kV9jC~twA5MwyOx(lsGD_ggYmztXPD`2=_V|ks_FOx!_J8!zM zTzh^cc+=VNZ&(OdN=y4Juw)@8-85lwf_#VMN!Ed(eQiRiLB2^2e`4dp286h@v@`O%_b)Y~A; zv}r6U?zs&@uD_+(_4bwoy7*uozNvp?bXFoB8?l8yG0qsm1JYzIvB_OH4_2G*IIOwT zVl%HX1562vLVcxM_RG*~w_`FbIc!(T=3>r528#%mwwMK}uEhJ()3MEby zQQjzqjWkwfI~;Fuj(Lj=Ug0y`>~C7`w&wzjK(rPw+Hpd~EvQ-ufQOiB4OMpyUKJhw zqEt~jle9d7S~LI~$6Z->J~QJ{Vdn3!c}g9}*KG^Kzr^(7VI5Gk(mHLL{itj_hG?&K4Ws0+T4gLfi3eu$N=`s36geNC?c zm!~}vG6lx9Uf^5M;bWntF<-{p^bruy~f?sk9 zcETAPQZLoJ8JzMMg<-=ju4keY@SY%Wo?u9Gx=j&dfa6LIAB|IrbORLV1-H==Z1zCM zeZcOYpm5>U2fU7V*h;%n`8 zN95QhfD994={1*<2vKLCNF)feKOGk`R#K~G=;rfq}|)s20&MCa65 zUM?xF5!&e0lF%|U!#rD@I{~OsS_?=;s_MQ_b_s=PuWdC)q|UQ&ea)DMRh5>fpQjXe z%9#*x=7{iRCtBKT#H>#v%>77|{4_slZ)XCY{s3j_r{tdpvb#|r|sbS^dU1x70$eJMU!h{Y7Kd{dl}9&vxQl6Jt1a` zHQZrWyY0?!vqf@u-fxU_@+}u(%Wm>0I#KP48tiAPYY!TdW(o|KtVI|EUB9V`CBBNaBLVih7+yMVF|GSoIQD0Jfb{ z!OXq;(>Z?O`1gap(L~bUcp>Lc@Jl-})^=6P%<~~9ywY=$iu8pJ0m*hOPzr~q`23eX zgbs;VOxxENe0UMVeN*>uCn9Gk!4siN-e>x)pIKAbQz!G)TcqIJ0`JBBaX>1-4_XO_-HCS^vr2vjv#7KltDZdyQ{tlWh4$Gm zB>|O1cBDC)yG(sbnc*@w6e%e}r*|IhpXckx&;sQCwGdKH+3oSG-2)Bf#x`@<4ETAr z0My%7RFh6ZLiZ_;X6Mu1YmXx7C$lSZ^}1h;j`EZd6@%JNUe=btBE z%s=Xmo1Ps?8G`}9+6>iaB8bgjUdXT?=trMu|4yLX^m0Dg{m7rpKNJey|EwHI+nN1e zL^>qN%5Fg)dGs4DO~uwIdXImN)QJ*Jhpj7$fq_^`{3fwpztL@WBB}OwQ#Epo-mqMO zsM$UgpFiG&d#)lzEQ{3Q;)&zTw;SzGOah-Dpm{!q7<8*)Ti_;xvV2TYXa}=faXZy? z3y?~GY@kl)>G&EvEijk9y1S`*=zBJSB1iet>0;x1Ai)*`^{pj0JMs)KAM=@UyOGtO z3y0BouW$N&TnwU6!%zS%nIrnANvZF&vB1~P5_d`x-giHuG zPJ;>XkVoghm#kZXRf>qxxEix;2;D1CC~NrbO6NBX!`&_$iXwP~P*c($EVV|669kDO zKoTLZNF4Cskh!Jz5ga9uZ`3o%7Pv`d^;a=cXI|>y;zC3rYPFLQkF*nv(r>SQvD*## z(Vo%^9g`%XwS0t#94zPq;mYGLKu4LU3;txF26?V~A0xZbU4Lmy`)>SoQX^m7fd^*E z+%{R4eN!rIk~K)M&UEzxp9dbY;_I^c} zOc{wlIrN_P(PPqi51k_$>Lt|X6A^|CGYgKAmoI#Li?;Wq%q~q*L7ehZkUrMxW67Jl zhsb~+U?33QS>eqyN{(odAkbopo=Q$Az?L+NZW>j;#~@wCDX?=L5SI|OxI~7!Pli;e zELMFcZtJY3!|=Gr2L4>z8yQ-{To>(f80*#;6`4IAiqUw`=Pg$%C?#1 z_g@hIGerILSU>=P>z{gM|DS91A4cT@PEIB^hSop!uhMo#2G;+tQSpDO_6nOnPWSLU zS;a9m^DFMXR4?*X=}d7l;nXuHk&0|m`NQn%d?8|Ab3A9l9Jh5s120ibWBdB z$5YwsK3;wvp!Kn@)Qae{ef`0#NwlRpQ}k^r>yos_Ne1;xyKLO?4)t_G4eK~wkUS2A&@_;)K0-03XGBzU+5f+uMDxC z(s8!8!RvdC#@`~fx$r)TKdLD6fWEVdEYtV#{ncT-ZMX~eI#UeQ-+H(Z43vVn%Yj9X zLdu9>o%wnWdvzA-#d6Z~vzj-}V3FQ5;axDIZ;i(95IIU=GQ4WuU{tl-{gk!5{l4_d zvvb&uE{%!iFwpymz{wh?bKr1*qzeZb5f6e6m_ozRF&zux2mlK=v_(_s^R6b5lu?_W4W3#<$zeG~Pd)^!4tzhs}-Sx$FJP>)ZGF(hVTH|C3(U zs0PO&*h_ zNA-&qZpTP$$LtIgfiCn07}XDbK#HIXdmv8zdz4TY;ifNIH-0jy(gMSByG2EF~Th#eb_TueZC` zE?3I>UTMpKQ})=C;6p!?G)M6w^u*A57bD?2X`m3X^6;&4%i_m(uGJ3Z5h`nwxM<)H z$I5m?wN>O~8`BGnZ=y^p6;0+%_0K}Dcg|K;+fEi|qoBqvHj(M&aHGqNF48~XqhtU? z^ogwBzRlOfpAJ+Rw7IED8lRbTdBdyEK$gPUpUG}j-M42xDj_&qEAQEtbs>D#dRd7Y z<&TpSZ(quQDHiCFn&0xsrz~4`4tz!CdL8m~HxZM_agu@IrBpyeL1Ft}V$HX_ZqDPm z-f89)pjuEzGdq-PRu`b1m+qBGY{zr_>{6Ss>F|xHZlJj9dt5HD$u`1*WZe)qEIuDSR)%z+|n zatVlhQ?$w#XRS7xUrFE;Y8vMGhQS5*T{ZnY=q1P?w5g$OKJ#M&e??tAmPWHMj3xhS ziGxapy?kn@$~2%ZY;M8Bc@%$pkl%Rvj!?o%agBvpQ-Q61n9kznC4ttrRNQ4%GFR5u zyv%Yo9~yxQJWJSfj z?#HY$y=O~F|2pZs22pu|_&Ajd+D(Mt!nPUG{|1nlvP`=R#kKH zO*s$r_%ss5h1YO7k0bHJ2CXN)Yd6CHn~W!R=SqkWe=&nAZu(Q1G!xgcUilM@YVei@2@a`8he z9@pM`)VB*=e7-MWgLlXlc)t;fF&-AwM{E-EX}pViFn0I0CNw2bNEnN2dj!^4(^zS3 zobUm1uQnpqk_4q{pl*n06=TfK_C>UgurKFjRXsK_LEn};=79`TB12tv6KzwSu*-C8 z;=~ohDLZylHQ|Mpx-?yql>|e=vI1Z!epyUpAcDCp4T|*RV&X`Q$0ogNwy6mFALo^@ z9=&(9txO8V@E!@6^(W0{*~CT>+-MA~vnJULBxCTUW>X5>r7*eXYUT0B6+w@lzw%n> z_VjJ<2qf|(d6jYq2(x$(ZDf!yVkfnbvNmb5c|hhZ^2TV_LBz`9w!e_V*W_(MiA7|= z&EeIIkw*+$Xd!)j8<@_<}A5;~A_>3JT*kX^@}cDoLd>Qj<`Se^wdUa(j0dp+Tl8EptwBm{9OGsdFEq zM`!pjf(Lm(`$e3FLOjqA5LnN5o!}z{ zNf}rJuZh@yUtq&ErjHeGzX4(!luV!jB&;FAP|!R_QHYw#^Z1LwTePAKJ6X&IDNO#; z)#I@Xnnzyij~C@UH~X51JCgQeF0&hTXnuoElz#m{heZRexWc0k4<>0+ClX7%0 zEBqCCld1tD9Zwkr4{?Nor19#E5-YKfB8d?qgR82-Ow2^AuNevly2*tHA|sK!ybYkX zm-sLQH72P&{vEAW6+z~O5d0qd=xW~rua~5a?ymYFSD@8&gV)E5@RNNBAj^C99+Z5Z zR@Pq55mbCQbz+Mn$d_CMW<-+?TU960agEk1J<>d>0K=pF19yN))a~4>m^G&tc*xR+yMD*S=yip-q=H zIlredHpsJV8H(32@Zxc@bX6a21dUV95Th--8pE6C&3F>pk=yv$yd6@Haw;$v4+Fcb zRwn{Qo@0`7aPa2LQOP}j9v>sjOo5Kqvn|`FLizX zB+@-u4Lw|jsvz{p^>n8Vo8H2peIqJJnMN}A)q6%$Tmig7eu^}K2 zrh$X?T|ZMsoh{6pdw1G$_T<`Ds-G=jc;qcGdK4{?dN2-XxjDNbb(7pk|3JUVCU4y; z)?LXR>f+AAu)JEiti_Zy#z5{RgsC}R(@jl%9YZ>zu~hKQ*AxbvhC378-I@{~#%Y`Z zy=a=9YpewPIC+gkEUUwtUL7|RU7=!^Aa}Mk^6uxOgRGA#JXjWLsjFUnix|Mau{hDT z7mn*z1m5g`vP(#tjT0Zy4eAY(br&!RiiXE=ZI!{sE1#^#%x^Z7t1U)b<;%Y}Q9=5v z;wpDCEZ@OE36TWT=|gxigT@VaW9BvHS05;_P(#s z8zI4XFQys}q)<`tkX$WnSarn{3e!s}4(J!=Yf>+Y>cP3f;vr63f2{|S^`_pWc)^5_!R z*(x-fuBxL51@xe!lnDBKi}Br$c$BMZ3%f2Sa6kLabiBS{pq*yj;q|k(86x`PiC{p6 z_bxCW{>Q2BA8~Ggz&0jkrcU+-$ANBsOop*ms>34K9lNYil@}jC;?cYP(m^P}nR6FV zk(M%48Z&%2Rx$A&FhOEirEhY0(dn;-k(qkTU)sFQ`+-ih+s@A8g?r8Pw+}2;35WYf zi}VO`jS`p(tc)$X$a>-#WXoW!phhatC*$}|rk>|wUU71eUJG^$c6_jwX?iSHM@6__ zvV|6%U*$sSXJu9SX?2%M^kK|}a2QJ8AhF{fuXrHZxXsI~O zGKX45!K7p*MCPEQ=gp?eu&#AW*pR{lhQR##P_*{c_DjMGL|3T3-bSJ(o$|M{ytU}> zAV>wq*uE*qFo9KvnA^@juy{x<-u*#2NvkV={Ly}ysKYB-k`K3@K#^S1Bb$8Y#0L0# z`6IkSG&|Z$ODy|VLS+y5pFJx&8tvPmMd8c9FhCyiU8~k6FwkakUd^(_ml8`rnl>JS zZV){9G*)xBqPz^LDqRwyS6w86#D^~xP4($150M)SOZRe9sn=>V#aG0Iy(_^YcPpIz8QYM-#s+n% z@Jd?xQq?Xk6=<3xSY7XYP$$yd&Spu{A#uafiIfy8gRC`o0nk{ezEDjb=q_qRAlR1d zFq^*9Gn)yTG4b}R{!+3hWQ+u3GT~8nwl2S1lpw`s0X_qpxv)g+JIkVKl${sYf_nV~B>Em>M;RlqGb5WVil(89 zs=ld@|#;dq1*vQGz=7--Br-|l) zZ%Xh@v8>B7P?~}?Cg$q9_={59l%m~O&*a6TKsCMAzG&vD>k2WDzJ6!tc!V)+oxF;h zJH;apM=wO?r_+*#;ulohuP=E>^zon}a$NnlcQ{1$SO*i=jnGVcQa^>QOILc)e6;eNTI>os=eaJ{*^DE+~jc zS}TYeOykDmJ=6O%>m`i*>&pO_S;qMySJIyP=}4E&J%#1zju$RpVAkZbEl+p%?ZP^C z*$$2b4t%a(e+%>a>d_f_<JjxI#J1x;=hPd1zFPx=6T$;;X1TD*2(edZ3f46zaAoW>L53vS_J*N8TMB|n+;LD| zC=GkQPpyDY#Am4l49chDv*gojhRj_?63&&8#doW`INATAo(qY#{q}%nf@eTIXmtU< zdB<7YWfyCmBs|c)cK>1)v&M#!yNj#4d$~pVfDWQc_ke1?fw{T1Nce_b`v|Vp5ig(H zJvRD^+ps46^hLX;=e2!2e;w9y1D@!D$c@Jc&%%%IL=+xzw55&2?darw=9g~>P z9>?Kdc$r?6c$m%x2S$sdpPl>GQZ{rC9mPS63*qjCVa?OIBj!fW zm|g?>CVfGXNjOfcyqImXR_(tXS(F{FcoNzKvG5R$IgGaxC@)i(e+$ME}vPVIhd|mx2IIE+f zM?9opQHIVgBWu)^A|RzXw!^??S!x)SZOwZaJkGjc<_}2l^eSBm!eAJG9T>EC6I_sy z?bxzDIAn&K5*mX)$RQzDA?s)-no-XF(g*yl4%+GBf`##bDXJ==AQk*xmnatI;SsLp zP9XTHq5mmS=iWu~9ES>b%Q=1aMa|ya^vj$@qz9S!ih{T8_PD%Sf_QrNKwgrXw9ldm zHRVR98*{C?_XNpJn{abA!oix_mowRMu^2lV-LPi;0+?-F(>^5#OHX-fPED zCu^l7u3E%STI}c4{J2!)9SUlGP_@!d?5W^QJXOI-Ea`hFMKjR7TluLvzC-ozCPn1`Tpy z!vlv@_Z58ILX6>nDjTp-1LlFMx~-%GA`aJvG$?8*Ihn;mH37eK**rmOEwqegf-Ccx zrIX4;{c~RK>XuTXxYo5kMiWMy)!IC{*DHG@E$hx?RwP@+wuad(P1{@%tRkyJRqD)3 zMHHHZ4boqDn>-=DgR5VlhQTpfVy182Gk;A_S8A1-;U1RR>+$62>(MUx@Nox$vTjHq z%QR=j!6Gdyb5wu7y(YUktwMuW5<@jl?m4cv4BODiT5o8qVdC0MBqGr@-YBIwnpZAY znX9(_uQjP}JJ=!~Ve9#5I~rUnN|P_3D$LqZcvBnywYhjlMSFHm`;u9GPla{5QD7(7*6Tb3Svr8;(nuAd81q$*uq6HC_&~je*Ca7hP4sJp0av{M8480wF zxASi7Qv+~@2U%Nu1Ud;s-G4CTVWIPyx!sg&8ZG0Wq zG_}i3C(6_1>q3w!EH7$Kwq8uBp2F2N7}l65mk1p*9v0&+;th=_E-W)E;w}P(j⁢ zv5o9#E7!G0XmdzfsS{efPNi`1b44~SZ4Z8fuX!I}#8g+(wxzQwUT#Xb2(tbY1+EUhGKoT@KEU9Ktl>_0 z%bjDJg;#*gtJZv!-Zs`?^}v5eKmnbjqlvnSzE@_SP|LG_PJ6CYU+6zY6>92%E+ z=j@TZf-iW4(%U{lnYxQA;7Q!b;^brF8n0D>)`q5>|WDDXLrqYU_tKN2>=#@~OE7grMnNh?UOz-O~6 z6%rHy{#h9K0AT+lDC7q4{hw^|q6*Ry;;L%Q@)Ga}$60_q%D)rv(CtS$CQbpq9|y1e zRSrN4;$Jyl{m5bZw`$8TGvb}(LpY{-cQ)fcyJv7l3S52TLXVDsphtv&aPuDk1OzCA z4A^QtC(!11`IsNx_HnSy?>EKpHJWT^wmS~hc^p^zIIh@9f6U@I2 zC=Mve{j2^)mS#U$e{@Q?SO6%LDsXz@SY+=cK_QMmXBIU)j!$ajc-zLx3V60EXJ!qC zi<%2x8Q24YN+&8U@CIlN zrZkcT9yh%LrlGS9`G)KdP(@9Eo-AQz@8GEFWcb7U=a0H^ZVbLmz{+&M7W(nXJ4sN8 zJLR7eeK(K8`2-}j(T7JsO`L!+CvbueT%izanm-^A1Dn{`1Nw`9P?cq;7no+XfC`K(GO9?O^5zNIt4M+M8LM0=7Gz8UA@Z0N+lg+cX)NfazRu z5D)~HA^(u%w^cz+@2@_#S|u>GpB+j4KzQ^&Wcl9f z&hG#bCA(Yk0D&t&aJE^xME^&E-&xGHhXn%}psEIj641H+Nl-}boj;)Zt*t(4wZ5DN z@GXF$bL=&pBq-#vkTkh>7hl%K5|3 z{`Vn9b$iR-SoGENp}bn4;fR3>9sA%X2@1L3aE9yTra;Wb#_`xWwLSLdfu+PAu+o3| zGVnpzPr=ch{uuoHjtw7+_!L_2;knQ!DuDl0R`|%jr+}jFzXtrHIKc323?JO{l&;VF z*L1+}JU7%QJOg|5|Tc|D8fN zJORAg=_vsy{ak|o);@)Yh8Lkcg@$FG3k@ep36BRa^>~UmnRPziS>Z=`Jb2x*Q#`%A zU*i3&Vg?TluO@X0O;r2Jl6LKLUOVhSqg1*qOt^|8*c7 zo(298@+r$k_wQNGHv{|$tW(T8L+4_`FQ{kEW5Jgg{yf7ey4ss_(SNKfz(N9lx&a;< je(UuV8hP?p&}TPdm1I$XmG#(RzlD&B2izSj9sl%y5~4qc literal 0 HcmV?d00001 diff --git a/java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/gradle/wrapper/gradle-wrapper.properties b/java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/gradle/wrapper/gradle-wrapper.properties new file mode 100644 index 000000000000..ac72c34e8acc --- /dev/null +++ b/java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/gradle/wrapper/gradle-wrapper.properties @@ -0,0 +1,7 @@ +distributionBase=GRADLE_USER_HOME +distributionPath=wrapper/dists +distributionUrl=https\://services.gradle.org/distributions/gradle-8.3-bin.zip +networkTimeout=10000 +validateDistributionUrl=true +zipStoreBase=GRADLE_USER_HOME +zipStorePath=wrapper/dists diff --git a/java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/gradlew b/java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/gradlew new file mode 100755 index 000000000000..0adc8e1a5321 --- /dev/null +++ b/java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/gradlew @@ -0,0 +1,249 @@ +#!/bin/sh + +# +# Copyright © 2015-2021 the original authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +############################################################################## +# +# Gradle start up script for POSIX generated by Gradle. +# +# Important for running: +# +# (1) You need a POSIX-compliant shell to run this script. If your /bin/sh is +# noncompliant, but you have some other compliant shell such as ksh or +# bash, then to run this script, type that shell name before the whole +# command line, like: +# +# ksh Gradle +# +# Busybox and similar reduced shells will NOT work, because this script +# requires all of these POSIX shell features: +# * functions; +# * expansions «$var», «${var}», «${var:-default}», «${var+SET}», +# «${var#prefix}», «${var%suffix}», and «$( cmd )»; +# * compound commands having a testable exit status, especially «case»; +# * various built-in commands including «command», «set», and «ulimit». +# +# Important for patching: +# +# (2) This script targets any POSIX shell, so it avoids extensions provided +# by Bash, Ksh, etc; in particular arrays are avoided. +# +# The "traditional" practice of packing multiple parameters into a +# space-separated string is a well documented source of bugs and security +# problems, so this is (mostly) avoided, by progressively accumulating +# options in "$@", and eventually passing that to Java. +# +# Where the inherited environment variables (DEFAULT_JVM_OPTS, JAVA_OPTS, +# and GRADLE_OPTS) rely on word-splitting, this is performed explicitly; +# see the in-line comments for details. +# +# There are tweaks for specific operating systems such as AIX, CygWin, +# Darwin, MinGW, and NonStop. +# +# (3) This script is generated from the Groovy template +# https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt +# within the Gradle project. +# +# You can find Gradle at https://github.com/gradle/gradle/. +# +############################################################################## + +# Attempt to set APP_HOME + +# Resolve links: $0 may be a link +app_path=$0 + +# Need this for daisy-chained symlinks. +while + APP_HOME=${app_path%"${app_path##*/}"} # leaves a trailing /; empty if no leading path + [ -h "$app_path" ] +do + ls=$( ls -ld "$app_path" ) + link=${ls#*' -> '} + case $link in #( + /*) app_path=$link ;; #( + *) app_path=$APP_HOME$link ;; + esac +done + +# This is normally unused +# shellcheck disable=SC2034 +APP_BASE_NAME=${0##*/} +# Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036) +APP_HOME=$( cd "${APP_HOME:-./}" > /dev/null && pwd -P ) || exit + +# Use the maximum available, or set MAX_FD != -1 to use that value. +MAX_FD=maximum + +warn () { + echo "$*" +} >&2 + +die () { + echo + echo "$*" + echo + exit 1 +} >&2 + +# OS specific support (must be 'true' or 'false'). +cygwin=false +msys=false +darwin=false +nonstop=false +case "$( uname )" in #( + CYGWIN* ) cygwin=true ;; #( + Darwin* ) darwin=true ;; #( + MSYS* | MINGW* ) msys=true ;; #( + NONSTOP* ) nonstop=true ;; +esac + +CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar + + +# Determine the Java command to use to start the JVM. +if [ -n "$JAVA_HOME" ] ; then + if [ -x "$JAVA_HOME/jre/sh/java" ] ; then + # IBM's JDK on AIX uses strange locations for the executables + JAVACMD=$JAVA_HOME/jre/sh/java + else + JAVACMD=$JAVA_HOME/bin/java + fi + if [ ! -x "$JAVACMD" ] ; then + die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME + +Please set the JAVA_HOME variable in your environment to match the +location of your Java installation." + fi +else + JAVACMD=java + if ! command -v java >/dev/null 2>&1 + then + die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. + +Please set the JAVA_HOME variable in your environment to match the +location of your Java installation." + fi +fi + +# Increase the maximum file descriptors if we can. +if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then + case $MAX_FD in #( + max*) + # In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked. + # shellcheck disable=SC3045 + MAX_FD=$( ulimit -H -n ) || + warn "Could not query maximum file descriptor limit" + esac + case $MAX_FD in #( + '' | soft) :;; #( + *) + # In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked. + # shellcheck disable=SC3045 + ulimit -n "$MAX_FD" || + warn "Could not set maximum file descriptor limit to $MAX_FD" + esac +fi + +# Collect all arguments for the java command, stacking in reverse order: +# * args from the command line +# * the main class name +# * -classpath +# * -D...appname settings +# * --module-path (only if needed) +# * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables. + +# For Cygwin or MSYS, switch paths to Windows format before running java +if "$cygwin" || "$msys" ; then + APP_HOME=$( cygpath --path --mixed "$APP_HOME" ) + CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" ) + + JAVACMD=$( cygpath --unix "$JAVACMD" ) + + # Now convert the arguments - kludge to limit ourselves to /bin/sh + for arg do + if + case $arg in #( + -*) false ;; # don't mess with options #( + /?*) t=${arg#/} t=/${t%%/*} # looks like a POSIX filepath + [ -e "$t" ] ;; #( + *) false ;; + esac + then + arg=$( cygpath --path --ignore --mixed "$arg" ) + fi + # Roll the args list around exactly as many times as the number of + # args, so each arg winds up back in the position where it started, but + # possibly modified. + # + # NB: a `for` loop captures its iteration list before it begins, so + # changing the positional parameters here affects neither the number of + # iterations, nor the values presented in `arg`. + shift # remove old arg + set -- "$@" "$arg" # push replacement arg + done +fi + + +# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"' + +# Collect all arguments for the java command; +# * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of +# shell script including quotes and variable substitutions, so put them in +# double quotes to make sure that they get re-expanded; and +# * put everything else in single quotes, so that it's not re-expanded. + +set -- \ + "-Dorg.gradle.appname=$APP_BASE_NAME" \ + -classpath "$CLASSPATH" \ + org.gradle.wrapper.GradleWrapperMain \ + "$@" + +# Stop when "xargs" is not available. +if ! command -v xargs >/dev/null 2>&1 +then + die "xargs is not available" +fi + +# Use "xargs" to parse quoted args. +# +# With -n1 it outputs one arg per line, with the quotes and backslashes removed. +# +# In Bash we could simply go: +# +# readarray ARGS < <( xargs -n1 <<<"$var" ) && +# set -- "${ARGS[@]}" "$@" +# +# but POSIX shell has neither arrays nor command substitution, so instead we +# post-process each arg (as a line of input to sed) to backslash-escape any +# character that might be a shell metacharacter, then use eval to reverse +# that process (while maintaining the separation between arguments), and wrap +# the whole thing up as a single "set" statement. +# +# This will of course break if any of these variables contains a newline or +# an unmatched quote. +# + +eval "set -- $( + printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" | + xargs -n1 | + sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' | + tr '\n' ' ' + )" '"$@"' + +exec "$JAVACMD" "$@" diff --git a/java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/gradlew.bat b/java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/gradlew.bat new file mode 100644 index 000000000000..93e3f59f135d --- /dev/null +++ b/java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/gradlew.bat @@ -0,0 +1,92 @@ +@rem +@rem Copyright 2015 the original author or authors. +@rem +@rem Licensed under the Apache License, Version 2.0 (the "License"); +@rem you may not use this file except in compliance with the License. +@rem You may obtain a copy of the License at +@rem +@rem https://www.apache.org/licenses/LICENSE-2.0 +@rem +@rem Unless required by applicable law or agreed to in writing, software +@rem distributed under the License is distributed on an "AS IS" BASIS, +@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +@rem See the License for the specific language governing permissions and +@rem limitations under the License. +@rem + +@if "%DEBUG%"=="" @echo off +@rem ########################################################################## +@rem +@rem Gradle startup script for Windows +@rem +@rem ########################################################################## + +@rem Set local scope for the variables with windows NT shell +if "%OS%"=="Windows_NT" setlocal + +set DIRNAME=%~dp0 +if "%DIRNAME%"=="" set DIRNAME=. +@rem This is normally unused +set APP_BASE_NAME=%~n0 +set APP_HOME=%DIRNAME% + +@rem Resolve any "." and ".." in APP_HOME to make it shorter. +for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi + +@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m" + +@rem Find java.exe +if defined JAVA_HOME goto findJavaFromJavaHome + +set JAVA_EXE=java.exe +%JAVA_EXE% -version >NUL 2>&1 +if %ERRORLEVEL% equ 0 goto execute + +echo. +echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. +echo. +echo Please set the JAVA_HOME variable in your environment to match the +echo location of your Java installation. + +goto fail + +:findJavaFromJavaHome +set JAVA_HOME=%JAVA_HOME:"=% +set JAVA_EXE=%JAVA_HOME%/bin/java.exe + +if exist "%JAVA_EXE%" goto execute + +echo. +echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% +echo. +echo Please set the JAVA_HOME variable in your environment to match the +echo location of your Java installation. + +goto fail + +:execute +@rem Setup the command line + +set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar + + +@rem Execute Gradle +"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %* + +:end +@rem End local scope for the variables with windows NT shell +if %ERRORLEVEL% equ 0 goto mainEnd + +:fail +rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of +rem the _cmd.exe /c_ return code! +set EXIT_CODE=%ERRORLEVEL% +if %EXIT_CODE% equ 0 set EXIT_CODE=1 +if not ""=="%GRADLE_EXIT_CONSOLE%" exit %EXIT_CODE% +exit /b %EXIT_CODE% + +:mainEnd +if "%OS%"=="Windows_NT" endlocal + +:omega diff --git a/java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/settings.gradle b/java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/settings.gradle new file mode 100644 index 000000000000..227c1aae87a1 --- /dev/null +++ b/java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/settings.gradle @@ -0,0 +1,8 @@ +/* + * This file was generated by the Gradle 'init' task. + * + * The settings file is used to specify which projects to include in your build. + * For more detailed information on multi-project builds, please refer to https://docs.gradle.org/8.3/userguide/building_swift_projects.html in the Gradle documentation. + */ + +rootProject.name = 'buildless-gradle' diff --git a/java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/src/main/java/com/fractestexample/Test.java b/java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/src/main/java/com/fractestexample/Test.java new file mode 100644 index 000000000000..f5698a14e5ae --- /dev/null +++ b/java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/src/main/java/com/fractestexample/Test.java @@ -0,0 +1,9 @@ +package com.fractestexample; + +import org.apache.commons.math3.fraction.Fraction; + +public class Test { + + public Fraction test() { return Fraction.ONE; } + +} diff --git a/java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/test.expected b/java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/test.expected new file mode 100644 index 000000000000..05792cb19fc1 --- /dev/null +++ b/java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/test.expected @@ -0,0 +1 @@ +| src/main/java/com/fractestexample/Test.java:0:0:0:0 | Test | diff --git a/java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/test.py b/java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/test.py new file mode 100644 index 000000000000..bfff65b2fc20 --- /dev/null +++ b/java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/test.py @@ -0,0 +1,8 @@ +from create_database_utils import * +from diagnostics_test_utils import * +from buildless_test_utils import * + +run_codeql_database_create([], lang="java", extra_env={"CODEQL_EXTRACTOR_JAVA_OPTION_BUILDLESS": "true", "CODEQL_EXTRACTOR_JAVA_OPTION_BUILDLESS_CLASSPATH_FROM_BUILD_FILES": "true"}) + +check_diagnostics() +check_buildless_fetches() diff --git a/java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/test.ql b/java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/test.ql new file mode 100644 index 000000000000..8317a5a022f0 --- /dev/null +++ b/java/ql/integration-tests/all-platforms/java/buildless-gradle-classifiers/test.ql @@ -0,0 +1,5 @@ +import java + +from File f +where f.isSourceFile() +select f