Post-release preparation for codeql-cli-2.15.1

cpp/ql/lib/CHANGELOG.md

@@ -1,3 +1,10 @@
+## 0.10.1
+
+### Minor Analysis Improvements
+
+* Deleted the deprecated `AnalysedString` class, use the new name `AnalyzedString`.
+* Deleted the deprecated `isBarrierGuard` predicate from the dataflow library and its uses, use `isBarrier` and the `BarrierGuard` module instead.
+
 ## 0.10.0
 
 ### Minor Analysis Improvements

cpp/ql/lib/change-notes/2023-10-09-outdated-deprecations.md → cpp/ql/lib/change-notes/released/0.10.1.md

@@ -1,5 +1,6 @@
----
-category: minorAnalysis
----
+## 0.10.1
+
+### Minor Analysis Improvements
+
 * Deleted the deprecated `AnalysedString` class, use the new name `AnalyzedString`.
 * Deleted the deprecated `isBarrierGuard` predicate from the dataflow library and its uses, use `isBarrier` and the `BarrierGuard` module instead.

cpp/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.10.0
+lastReleaseVersion: 0.10.1

cpp/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 0.10.1-dev
+version: 0.10.2-dev
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp

cpp/ql/src/CHANGELOG.md

@@ -1,3 +1,11 @@
+## 0.8.1
+
+### New Queries
+
+* The query `cpp/redundant-null-check-simple` has been promoted to Code Scanning. The query finds cases where a pointer is compared to null after it has already been dereferenced. Such comparisons likely indicate a bug at the place where the pointer is dereferenced, or where the pointer is compared to null.
+
+  Note: This query was incorrectly noted as being promoted to Code Scanning in CodeQL version 2.14.6.
+
 ## 0.8.0
 
 ### Query Metadata Changes

cpp/ql/src/change-notes/2023-10-16-redundant-null-check-simple.md → cpp/ql/src/change-notes/released/0.8.1.md

@@ -1,6 +1,7 @@
----
-category: newQuery
----
+## 0.8.1
+
+### New Queries
+
 * The query `cpp/redundant-null-check-simple` has been promoted to Code Scanning. The query finds cases where a pointer is compared to null after it has already been dereferenced. Such comparisons likely indicate a bug at the place where the pointer is dereferenced, or where the pointer is compared to null.
 
   Note: This query was incorrectly noted as being promoted to Code Scanning in CodeQL version 2.14.6.

cpp/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.0
+lastReleaseVersion: 0.8.1

cpp/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 0.8.1-dev
+version: 0.8.2-dev
 groups:
   - cpp
   - queries

csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 1.7.1
+
+No user-facing changes.
+
 ## 1.7.0
 
 No user-facing changes.

csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.1.md

@@ -0,0 +1,3 @@
+## 1.7.1
+
+No user-facing changes.

csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.0
+lastReleaseVersion: 1.7.1

csharp/ql/campaigns/Solorigate/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.7.1-dev
+version: 1.7.2-dev
 groups:
   - csharp
   - solorigate

csharp/ql/campaigns/Solorigate/src/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 1.7.1
+
+No user-facing changes.
+
 ## 1.7.0
 
 No user-facing changes.

csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.1.md

@@ -0,0 +1,3 @@
+## 1.7.1
+
+No user-facing changes.

csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.0
+lastReleaseVersion: 1.7.1

csharp/ql/campaigns/Solorigate/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.7.1-dev
+version: 1.7.2-dev
 groups:
   - csharp
   - solorigate

csharp/ql/lib/CHANGELOG.md

@@ -1,3 +1,9 @@
+## 0.8.1
+
+### Minor Analysis Improvements
+
+* Deleted the deprecated `isBarrierGuard` predicate from the dataflow library and its uses, use `isBarrier` and the `BarrierGuard` module instead.
+
 ## 0.8.0
 
 No user-facing changes.

go/ql/lib/change-notes/2023-10-09-outdated-deprecations.md → csharp/ql/lib/change-notes/released/0.8.1.md

@@ -1,4 +1,5 @@
----
-category: minorAnalysis
----
+## 0.8.1
+
+### Minor Analysis Improvements
+
 * Deleted the deprecated `isBarrierGuard` predicate from the dataflow library and its uses, use `isBarrier` and the `BarrierGuard` module instead.

csharp/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.0
+lastReleaseVersion: 0.8.1

csharp/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 0.8.1-dev
+version: 0.8.2-dev
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp

csharp/ql/src/CHANGELOG.md

@@ -1,3 +1,9 @@
+## 0.8.1
+
+### Minor Analysis Improvements
+
+* The `cs/web/insecure-direct-object-reference` and `cs/web/missing-function-level-access-control` have been improved to better recognize attributes on generic classes.
+
 ## 0.8.0
 
 ### New Queries

csharp/ql/src/change-notes/2023-10-13-accesscontrol-idor-updates.md → csharp/ql/src/change-notes/released/0.8.1.md

@@ -1,4 +1,5 @@
----
-category: minorAnalysis
----
-* The `cs/web/insecure-direct-object-reference` and `cs/web/missing-function-level-access-control` have been improved to better recognize attributes on generic classes.
+## 0.8.1
+
+### Minor Analysis Improvements
+
+* The `cs/web/insecure-direct-object-reference` and `cs/web/missing-function-level-access-control` have been improved to better recognize attributes on generic classes.

csharp/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.0
+lastReleaseVersion: 0.8.1

csharp/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 0.8.1-dev
+version: 0.8.2-dev
 groups:
   - csharp
   - queries

go/ql/lib/CHANGELOG.md

@@ -1,3 +1,11 @@
+## 0.7.1
+
+### Minor Analysis Improvements
+
+* Deleted the deprecated `isBarrierGuard` predicate from the dataflow library and its uses, use `isBarrier` and the `BarrierGuard` module instead.
+* Support has been added for file system access sinks in the following libraries: [net/http](https://pkg.go.dev/net/http), [Afero](https://github.com/spf13/afero), [beego](https://pkg.go.dev/github.com/astaxie/beego), [Echo](https://pkg.go.dev/github.com/labstack/echo), [Fiber](https://github.com/kataras/iris), [Gin](https://pkg.go.dev/github.com/gin-gonic/gin), [Iris](https://github.com/kataras/iris).
+* Added `GoKit.qll` to `go.qll` enabling the GoKit framework by default
+
 ## 0.7.0
 
 ### Minor Analysis Improvements

go/ql/lib/change-notes/2023-09-25-add-new-file-system-access-sinks.md → go/ql/lib/change-notes/released/0.7.1.md

@@ -1,4 +1,7 @@
----
-category: minorAnalysis
----
-* Support has been added for file system access sinks in the following libraries: [net/http](https://pkg.go.dev/net/http), [Afero](https://github.com/spf13/afero), [beego](https://pkg.go.dev/github.com/astaxie/beego), [Echo](https://pkg.go.dev/github.com/labstack/echo), [Fiber](https://github.com/kataras/iris), [Gin](https://pkg.go.dev/github.com/gin-gonic/gin), [Iris](https://github.com/kataras/iris).
+## 0.7.1
+
+### Minor Analysis Improvements
+
+* Deleted the deprecated `isBarrierGuard` predicate from the dataflow library and its uses, use `isBarrier` and the `BarrierGuard` module instead.
+* Support has been added for file system access sinks in the following libraries: [net/http](https://pkg.go.dev/net/http), [Afero](https://github.com/spf13/afero), [beego](https://pkg.go.dev/github.com/astaxie/beego), [Echo](https://pkg.go.dev/github.com/labstack/echo), [Fiber](https://github.com/kataras/iris), [Gin](https://pkg.go.dev/github.com/gin-gonic/gin), [Iris](https://github.com/kataras/iris).
+* Added `GoKit.qll` to `go.qll` enabling the GoKit framework by default

go/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.0
+lastReleaseVersion: 0.7.1

go/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 0.7.1-dev
+version: 0.7.2-dev
 groups: go
 dbscheme: go.dbscheme
 extractor: go

go/ql/src/CHANGELOG.md

@@ -1,3 +1,9 @@
+## 0.7.1
+
+### Minor Analysis Improvements
+
+* The query "Incorrect conversion between integer types" (`go/incorrect-integer-conversion`) has been improved. It can now detect parsing an unsigned integer type (like `uint32`) and converting it to the signed integer type of the same size (like `int32`), which may lead to more results. It also treats `int` and `uint` more carefully, which may lead to more results or fewer incorrect results.
+
 ## 0.7.0
 
 No user-facing changes.

go/ql/src/change-notes/2023-10-03-incorrect-integer-conversion-improved.md → go/ql/src/change-notes/released/0.7.1.md

@@ -1,4 +1,5 @@
----
-category: minorAnalysis
----
+## 0.7.1
+
+### Minor Analysis Improvements
+
 * The query "Incorrect conversion between integer types" (`go/incorrect-integer-conversion`) has been improved. It can now detect parsing an unsigned integer type (like `uint32`) and converting it to the signed integer type of the same size (like `int32`), which may lead to more results. It also treats `int` and `uint` more carefully, which may lead to more results or fewer incorrect results.

go/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.0
+lastReleaseVersion: 0.7.1

go/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 0.7.1-dev
+version: 0.7.2-dev
 groups:
   - go
   - queries

java/ql/automodel/src/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.0.6
+
+No user-facing changes.
+
 ## 0.0.5
 
 No user-facing changes.

java/ql/automodel/src/change-notes/released/0.0.6.md

@@ -0,0 +1,3 @@
+## 0.0.6
+
+No user-facing changes.

java/ql/automodel/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.5
+lastReleaseVersion: 0.0.6

java/ql/automodel/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/java-automodel-queries
-version: 0.0.6-dev
+version: 0.0.7-dev
 groups:
     - java
     - automodel

java/ql/lib/CHANGELOG.md

@@ -1,3 +1,41 @@
+## 0.8.1
+
+### New Features
+
+* Added predicate `MemberRefExpr::getReceiverExpr`
+
+### Minor Analysis Improvements
+
+* The `isBarrier`, `isBarrierIn`, `isBarrierOut`, and `isAdditionalFlowStep` methods of the taint-tracking configurations for local queries in the `ArithmeticTaintedLocalQuery`, `ExternallyControlledFormatStringLocalQuery`, `ImproperValidationOfArrayIndexQuery`, `NumericCastTaintedQuery`, `ResponseSplittingLocalQuery`, `SqlTaintedLocalQuery`, and `XssLocalQuery` libraries have been changed to match their remote counterpart configurations.
+* Deleted the deprecated `isBarrierGuard` predicate from the dataflow library and its uses, use `isBarrier` and the `BarrierGuard` module instead.
+* Deleted the deprecated `getAValue` predicate from the `Annotation` class.
+* Deleted the deprecated alias `FloatingPointLiteral`, use `FloatLiteral` instead.
+* Deleted the deprecated `getASuppressedWarningLiteral` predicate from the `SuppressWarningsAnnotation` class.
+* Deleted the deprecated `getATargetExpression` predicate form the `TargetAnnotation` class.
+* Deleted the deprecated `getRetentionPolicyExpression` predicate from the `RetentionAnnotation` class.
+* Deleted the deprecated `conditionCheck` predicate from `Preconditions.qll`.
+* Deleted the deprecated `semmle.code.java.security.performance` folder, use `semmle.code.java.security.regexp` instead.
+* Deleted the deprecated `ExternalAPI` class from `ExternalApi.qll`, use `ExternalApi` instead.
+* Modified the `EnvInput` class in `semmle.code.java.dataflow.FlowSources` to include `environment` and `file` source nodes.
+  There are no changes to results unless you add source models using the `environment` or `file` source kinds.
+* Added `environment` source models for the following methods:
+  * `java.lang.System#getenv`
+  * `java.lang.System#getProperties`
+  * `java.lang.System#getProperty`
+  * `java.util.Properties#get`
+  * `java.util.Properties#getProperty`
+* Added `file` source models for the following methods:
+  * the `java.io.FileInputStream` constructor
+  * `hudson.FilePath#newInputStreamDenyingSymlinkAsNeeded`
+  * `hudson.FilePath#openInputStream`
+  * `hudson.FilePath#read`
+  * `hudson.FilePath#readFromOffset`
+  * `hudson.FilePath#readToString`
+* Modified the `DatabaseInput` class in `semmle.code.java.dataflow.FlowSources` to include `database` source nodes.
+  There are no changes to results unless you add source models using the `database` source kind.
+* Added `database` source models for the following method:
+  * `java.sql.ResultSet#getString`
+
 ## 0.8.0
 
 ### New Features

java/ql/lib/change-notes/released/0.8.1.md

@@ -0,0 +1,37 @@
+## 0.8.1
+
+### New Features
+
+* Added predicate `MemberRefExpr::getReceiverExpr`
+
+### Minor Analysis Improvements
+
+* The `isBarrier`, `isBarrierIn`, `isBarrierOut`, and `isAdditionalFlowStep` methods of the taint-tracking configurations for local queries in the `ArithmeticTaintedLocalQuery`, `ExternallyControlledFormatStringLocalQuery`, `ImproperValidationOfArrayIndexQuery`, `NumericCastTaintedQuery`, `ResponseSplittingLocalQuery`, `SqlTaintedLocalQuery`, and `XssLocalQuery` libraries have been changed to match their remote counterpart configurations.
+* Deleted the deprecated `isBarrierGuard` predicate from the dataflow library and its uses, use `isBarrier` and the `BarrierGuard` module instead.
+* Deleted the deprecated `getAValue` predicate from the `Annotation` class.
+* Deleted the deprecated alias `FloatingPointLiteral`, use `FloatLiteral` instead.
+* Deleted the deprecated `getASuppressedWarningLiteral` predicate from the `SuppressWarningsAnnotation` class.
+* Deleted the deprecated `getATargetExpression` predicate form the `TargetAnnotation` class.
+* Deleted the deprecated `getRetentionPolicyExpression` predicate from the `RetentionAnnotation` class.
+* Deleted the deprecated `conditionCheck` predicate from `Preconditions.qll`.
+* Deleted the deprecated `semmle.code.java.security.performance` folder, use `semmle.code.java.security.regexp` instead.
+* Deleted the deprecated `ExternalAPI` class from `ExternalApi.qll`, use `ExternalApi` instead.
+* Modified the `EnvInput` class in `semmle.code.java.dataflow.FlowSources` to include `environment` and `file` source nodes.
+  There are no changes to results unless you add source models using the `environment` or `file` source kinds.
+* Added `environment` source models for the following methods:
+  * `java.lang.System#getenv`
+  * `java.lang.System#getProperties`
+  * `java.lang.System#getProperty`
+  * `java.util.Properties#get`
+  * `java.util.Properties#getProperty`
+* Added `file` source models for the following methods:
+  * the `java.io.FileInputStream` constructor
+  * `hudson.FilePath#newInputStreamDenyingSymlinkAsNeeded`
+  * `hudson.FilePath#openInputStream`
+  * `hudson.FilePath#read`
+  * `hudson.FilePath#readFromOffset`
+  * `hudson.FilePath#readToString`
+* Modified the `DatabaseInput` class in `semmle.code.java.dataflow.FlowSources` to include `database` source nodes.
+  There are no changes to results unless you add source models using the `database` source kind.
+* Added `database` source models for the following method:
+  * `java.sql.ResultSet#getString`