github · codeql-ci · Oct 4, 2023 · Oct 4, 2023 · Oct 5, 2023 · Oct 6, 2023
@@ -1,3 +1,13 @@
+## 0.10.0
+
+### Minor Analysis Improvements
+
+* Functions that do not return due to calling functions that don't return (e.g. `exit`) are now detected as
+ non-returning in the IR and dataflow.
+* Treat functions that reach the end of the function as returning in the IR.
+  They used to be treated as unreachable but it is allowed in C. 
+* The `DataFlow::asDefiningArgument` predicate now takes its argument from the range starting at `1` instead of `2`. Queries that depend on the single-parameter version of `DataFlow::asDefiningArgument` should have their arguments updated accordingly.
+
 ## 0.9.3
 
 No user-facing changes.

@@ -0,0 +1,9 @@
+## 0.10.0
+
+### Minor Analysis Improvements
+
+* Functions that do not return due to calling functions that don't return (e.g. `exit`) are now detected as
+ non-returning in the IR and dataflow.
+* Treat functions that reach the end of the function as returning in the IR.
+  They used to be treated as unreachable but it is allowed in C. 
+* The `DataFlow::asDefiningArgument` predicate now takes its argument from the range starting at `1` instead of `2`. Queries that depend on the single-parameter version of `DataFlow::asDefiningArgument` should have their arguments updated accordingly.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.9.3
+lastReleaseVersion: 0.10.0
@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 0.10.0-dev
+version: 0.10.1-dev
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp

@@ -73,6 +73,10 @@ private int isSource(Expr bufferExpr, Element why) {
   )
 }
 
+/** Same as `getBufferSize`, but with the `why` column projected away to prevent large duplications. */
+pragma[nomagic]
+int getBufferSizeProj(Expr bufferExpr) { result = getBufferSize(bufferExpr, _) }
+
 /**
  * Get the size in bytes of the buffer pointed to by an expression (if this can be determined).
  */
@@ -87,15 +91,14 @@ int getBufferSize(Expr bufferExpr, Element why) {
     why = bufferVar and
     parentPtr = bufferExpr.(VariableAccess).getQualifier() and
     parentPtr.getTarget().getUnspecifiedType().(PointerType).getBaseType() = parentClass and
-    result = getBufferSize(parentPtr, _) + bufferSize - parentClass.getSize()
+    result = getBufferSizeProj(parentPtr) + bufferSize - parentClass.getSize()
   |
     if exists(bufferVar.getType().getSize())
     then bufferSize = bufferVar.getType().getSize()
     else bufferSize = 0
   )
   or
   // dataflow (all sources must be the same size)
-  result = unique(Expr def | DataFlow::localExprFlowStep(def, bufferExpr) | getBufferSize(def, _)) and
-  // find reason
+  result = unique(Expr def | DataFlow::localExprFlowStep(def, bufferExpr) | getBufferSizeProj(def)) and
   exists(Expr def | DataFlow::localExprFlowStep(def, bufferExpr) | exists(getBufferSize(def, why)))
 }
@@ -1,3 +1,16 @@
+## 0.8.0
+
+### Query Metadata Changes
+
+* The `cpp/double-free` query has been further improved to reduce false positives and its precision has been increased from `medium` to `high`.
+* The `cpp/use-after-free` query has been further improved to reduce false positives and its precision has been increased from `medium` to `high`.
+
+### Minor Analysis Improvements
+
+* The queries `cpp/double-free` and `cpp/use-after-free` find fewer false positives
+  in cases where a non-returning function is called.
+* The number of duplicated dataflow paths reported by queries has been significantly reduced.
+
 ## 0.7.5
 
 No user-facing changes.

@@ -0,0 +1,12 @@
+## 0.8.0
+
+### Query Metadata Changes
+
+* The `cpp/double-free` query has been further improved to reduce false positives and its precision has been increased from `medium` to `high`.
+* The `cpp/use-after-free` query has been further improved to reduce false positives and its precision has been increased from `medium` to `high`.
+
+### Minor Analysis Improvements
+
+* The queries `cpp/double-free` and `cpp/use-after-free` find fewer false positives
+  in cases where a non-returning function is called.
+* The number of duplicated dataflow paths reported by queries has been significantly reduced.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.5
+lastReleaseVersion: 0.8.0
@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 0.8.0-dev
+version: 0.8.1-dev
 groups:
   - cpp
   - queries

@@ -1,3 +1,7 @@
+## 1.7.0
+
+No user-facing changes.
+
 ## 1.6.5
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 1.7.0
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.6.5
+lastReleaseVersion: 1.7.0
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.7.0-dev
+version: 1.7.1-dev
 groups:
   - csharp
   - solorigate

@@ -1,3 +1,7 @@
+## 1.7.0
+
+No user-facing changes.
+
 ## 1.6.5
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 1.7.0
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.6.5
+lastReleaseVersion: 1.7.0
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.7.0-dev
+version: 1.7.1-dev
 groups:
   - csharp
   - solorigate

@@ -1,3 +1,7 @@
+## 0.8.0
+
+No user-facing changes.
+
 ## 0.7.5
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 0.8.0
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.5
+lastReleaseVersion: 0.8.0
@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 0.8.0-dev
+version: 0.8.1-dev
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp

@@ -1,3 +1,9 @@
+## 0.8.0
+
+### New Queries
+
+* Added a new query, `cs/web/insecure-direct-object-reference`, to find instances of missing authorization checks for resources selected by an ID parameter.
+
 ## 0.7.5
 
 No user-facing changes.

@@ -1,4 +1,5 @@
----
-category: newQuery
----
-* Added a new query, `cs/web/insecure-direct-object-reference`, to find instances of missing authorization checks for resources selected by an ID parameter.
+## 0.8.0
+
+### New Queries
+
+* Added a new query, `cs/web/insecure-direct-object-reference`, to find instances of missing authorization checks for resources selected by an ID parameter.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.5
+lastReleaseVersion: 0.8.0
@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 0.8.0-dev
+version: 0.8.1-dev
 groups:
   - csharp
   - queries

@@ -1,3 +1,9 @@
+## 0.7.0
+
+### Minor Analysis Improvements
+
+* Added Numeric and Boolean types to SQL injection sanitzers.
+
 ## 0.6.5
 
 No user-facing changes.

@@ -0,0 +1,5 @@
+## 0.7.0
+
+### Minor Analysis Improvements
+
+* Added Numeric and Boolean types to SQL injection sanitzers.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.5
+lastReleaseVersion: 0.7.0
@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 0.7.0-dev
+version: 0.7.1-dev
 groups: go
 dbscheme: go.dbscheme
 extractor: go

@@ -1,3 +1,7 @@
+## 0.7.0
+
+No user-facing changes.
+
 ## 0.6.5
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 0.7.0
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.5
+lastReleaseVersion: 0.7.0
@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 0.7.0-dev
+version: 0.7.1-dev
 groups:
   - go
   - queries

@@ -1,3 +1,7 @@
+## 0.0.5
+
+No user-facing changes.
+
 ## 0.0.4
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 0.0.5
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.4
+lastReleaseVersion: 0.0.5
@@ -1,5 +1,5 @@
 name: codeql/java-automodel-queries
-version: 0.0.5-dev
+version: 0.0.6-dev
 groups:
     - java
     - automodel

@@ -1,3 +1,21 @@
+## 0.8.0
+
+### New Features
+
+* Kotlin versions up to 1.9.20 are now supported.
+
+### Minor Analysis Improvements
+
+* Fixed a control-flow bug where case rule statements would incorrectly include a fall-through edge.
+* Added support for default cases as proper guards in switch expressions to match switch statements.
+* Improved the class `ArithExpr` of the `Overflow.qll` module to also include compound operators. Because of this, new alerts may be raised in queries related to overflows/underflows.
+* Added new dataflow models for the Apache CXF framework.
+* Regular expressions containing multiple parse mode flags are now interpretted correctly. For example `"(?is)abc.*"` with both the `i` and `s` flags.
+
+### Bug Fixes
+
+* The regular expressions library no longer incorrectly matches mode flag characters against the input.
+
 ## 0.7.5
 
 No user-facing changes.

@@ -0,0 +1,17 @@
+## 0.8.0
+
+### New Features
+
+* Kotlin versions up to 1.9.20 are now supported.
+
+### Minor Analysis Improvements
+
+* Fixed a control-flow bug where case rule statements would incorrectly include a fall-through edge.
+* Added support for default cases as proper guards in switch expressions to match switch statements.
+* Improved the class `ArithExpr` of the `Overflow.qll` module to also include compound operators. Because of this, new alerts may be raised in queries related to overflows/underflows.
+* Added new dataflow models for the Apache CXF framework.
+* Regular expressions containing multiple parse mode flags are now interpretted correctly. For example `"(?is)abc.*"` with both the `i` and `s` flags.
+
+### Bug Fixes
+
+* The regular expressions library no longer incorrectly matches mode flag characters against the input.