Skip to content

Commit

Permalink
Release preparation for version 2.18.0
Browse files Browse the repository at this point in the history
  • Loading branch information
github-actions[bot] committed Jul 8, 2024
1 parent 31a5a7a commit b0d6778
Showing 157 changed files with 427 additions and 168 deletions.
12 changes: 12 additions & 0 deletions cpp/ql/lib/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,15 @@
## 1.2.0

### New Features

* The syntax for models-as-data rows has been extended to make it easier to select sources, sinks, and summaries that involve templated functions and classes. Additionally, the syntax has also been extended to make it easier to specify models with arbitrary levels of indirection. See `dataflow/ExternalFlow.qll` for the updated documentation and specification for the model format.
* It is now possible to extend the classes `AllocationFunction` and `DeallocationFunction` via data extensions. Extensions of these classes should be added to the `lib/ext/allocation` and `lib/ext/deallocation` directories respectively.

### Minor Analysis Improvements

* The queries "Potential double free" (`cpp/double-free`) and "Potential use after free" (`cpp/use-after-free`) now produce fewer false positives.
* The "Guards" library (`semmle.code.cpp.controlflow.Guards`) now also infers guards from calls to the builtin operation `__builtin_expect`. As a result, some queries may produce fewer false positives.

## 1.1.1

No user-facing changes.
4 changes: 0 additions & 4 deletions cpp/ql/lib/change-notes/2024-06-10-builtin-expect.md

This file was deleted.

4 changes: 0 additions & 4 deletions cpp/ql/lib/change-notes/2024-06-13-double-free.md

This file was deleted.

This file was deleted.

4 changes: 0 additions & 4 deletions cpp/ql/lib/change-notes/2024-07-03-extended-mad-syntax.md

This file was deleted.

11 changes: 11 additions & 0 deletions cpp/ql/lib/change-notes/released/1.2.0.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
## 1.2.0

### New Features

* The syntax for models-as-data rows has been extended to make it easier to select sources, sinks, and summaries that involve templated functions and classes. Additionally, the syntax has also been extended to make it easier to specify models with arbitrary levels of indirection. See `dataflow/ExternalFlow.qll` for the updated documentation and specification for the model format.
* It is now possible to extend the classes `AllocationFunction` and `DeallocationFunction` via data extensions. Extensions of these classes should be added to the `lib/ext/allocation` and `lib/ext/deallocation` directories respectively.

### Minor Analysis Improvements

* The queries "Potential double free" (`cpp/double-free`) and "Potential use after free" (`cpp/use-after-free`) now produce fewer false positives.
* The "Guards" library (`semmle.code.cpp.controlflow.Guards`) now also infers guards from calls to the builtin operation `__builtin_expect`. As a result, some queries may produce fewer false positives.
2 changes: 1 addition & 1 deletion cpp/ql/lib/codeql-pack.release.yml
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.1.1
lastReleaseVersion: 1.2.0
2 changes: 1 addition & 1 deletion cpp/ql/lib/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/cpp-all
version: 1.1.2-dev
version: 1.2.0
groups: cpp
dbscheme: semmlecode.cpp.dbscheme
extractor: cpp
4 changes: 4 additions & 0 deletions cpp/ql/src/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
## 1.0.3

No user-facing changes.

## 1.0.2

No user-facing changes.
3 changes: 3 additions & 0 deletions cpp/ql/src/change-notes/released/1.0.3.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
## 1.0.3

No user-facing changes.
2 changes: 1 addition & 1 deletion cpp/ql/src/codeql-pack.release.yml
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.0.2
lastReleaseVersion: 1.0.3
2 changes: 1 addition & 1 deletion cpp/ql/src/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/cpp-queries
version: 1.0.3-dev
version: 1.0.3
groups:
- cpp
- queries
4 changes: 4 additions & 0 deletions csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
## 1.7.20

No user-facing changes.

## 1.7.19

No user-facing changes.
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
## 1.7.20

No user-facing changes.
2 changes: 1 addition & 1 deletion csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.7.19
lastReleaseVersion: 1.7.20
2 changes: 1 addition & 1 deletion csharp/ql/campaigns/Solorigate/lib/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/csharp-solorigate-all
version: 1.7.20-dev
version: 1.7.20
groups:
- csharp
- solorigate
4 changes: 4 additions & 0 deletions csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
## 1.7.20

No user-facing changes.

## 1.7.19

No user-facing changes.
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
## 1.7.20

No user-facing changes.
2 changes: 1 addition & 1 deletion csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.7.19
lastReleaseVersion: 1.7.20
2 changes: 1 addition & 1 deletion csharp/ql/campaigns/Solorigate/src/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/csharp-solorigate-queries
version: 1.7.20-dev
version: 1.7.20
groups:
- csharp
- solorigate
4 changes: 4 additions & 0 deletions csharp/ql/lib/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
## 1.0.3

No user-facing changes.

## 1.0.2

No user-facing changes.
3 changes: 3 additions & 0 deletions csharp/ql/lib/change-notes/released/1.0.3.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
## 1.0.3

No user-facing changes.
2 changes: 1 addition & 1 deletion csharp/ql/lib/codeql-pack.release.yml
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.0.2
lastReleaseVersion: 1.0.3
2 changes: 1 addition & 1 deletion csharp/ql/lib/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/csharp-all
version: 1.0.3-dev
version: 1.0.3
groups: csharp
dbscheme: semmlecode.csharp.dbscheme
extractor: csharp
4 changes: 4 additions & 0 deletions csharp/ql/src/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
## 1.0.3

No user-facing changes.

## 1.0.2

No user-facing changes.
3 changes: 3 additions & 0 deletions csharp/ql/src/change-notes/released/1.0.3.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
## 1.0.3

No user-facing changes.
2 changes: 1 addition & 1 deletion csharp/ql/src/codeql-pack.release.yml
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.0.2
lastReleaseVersion: 1.0.3
2 changes: 1 addition & 1 deletion csharp/ql/src/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/csharp-queries
version: 1.0.3-dev
version: 1.0.3
groups:
- csharp
- queries
4 changes: 4 additions & 0 deletions go/ql/consistency-queries/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
## 1.0.3

No user-facing changes.

## 1.0.2

No user-facing changes.
3 changes: 3 additions & 0 deletions go/ql/consistency-queries/change-notes/released/1.0.3.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
## 1.0.3

No user-facing changes.
2 changes: 1 addition & 1 deletion go/ql/consistency-queries/codeql-pack.release.yml
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.0.2
lastReleaseVersion: 1.0.3
2 changes: 1 addition & 1 deletion go/ql/consistency-queries/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql-go-consistency-queries
version: 1.0.3-dev
version: 1.0.3
groups:
- go
- queries
11 changes: 11 additions & 0 deletions go/ql/lib/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,14 @@
## 1.1.2

### Minor Analysis Improvements

* DataFlow queries which previously used `RemoteFlowSource` to define their sources have been modified to instead use `ThreatModelFlowSource`. This means these queries will now respect threat model configurations. The default threat model configuration is equivalent to `RemoteFlowSource`, so there should be no change in results for users using the default.
* Added the `ThreatModelFlowSource` class to `FlowSources.qll`. The `ThreatModelFlowSource` class can be used to include sources which match the current *threat model* configuration. This is the first step in supporting threat modeling for Go.

### Bug Fixes

* Fixed dataflow via global variables other than via a direct write: for example, via a side-effect on a global, such as `io.copy(SomeGlobal, ...)` or via assignment to a field or array or slice cell of a global. This means that any data-flow query may return more results where global variables are involved.

## 1.1.1

No user-facing changes.

This file was deleted.

This file was deleted.

This file was deleted.

10 changes: 10 additions & 0 deletions go/ql/lib/change-notes/released/1.1.2.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
## 1.1.2

### Minor Analysis Improvements

* DataFlow queries which previously used `RemoteFlowSource` to define their sources have been modified to instead use `ThreatModelFlowSource`. This means these queries will now respect threat model configurations. The default threat model configuration is equivalent to `RemoteFlowSource`, so there should be no change in results for users using the default.
* Added the `ThreatModelFlowSource` class to `FlowSources.qll`. The `ThreatModelFlowSource` class can be used to include sources which match the current *threat model* configuration. This is the first step in supporting threat modeling for Go.

### Bug Fixes

* Fixed dataflow via global variables other than via a direct write: for example, via a side-effect on a global, such as `io.copy(SomeGlobal, ...)` or via assignment to a field or array or slice cell of a global. This means that any data-flow query may return more results where global variables are involved.
2 changes: 1 addition & 1 deletion go/ql/lib/codeql-pack.release.yml
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.1.1
lastReleaseVersion: 1.1.2
2 changes: 1 addition & 1 deletion go/ql/lib/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/go-all
version: 1.1.2-dev
version: 1.1.2
groups: go
dbscheme: go.dbscheme
extractor: go
4 changes: 4 additions & 0 deletions go/ql/src/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
## 1.0.3

No user-facing changes.

## 1.0.2

No user-facing changes.
3 changes: 3 additions & 0 deletions go/ql/src/change-notes/released/1.0.3.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
## 1.0.3

No user-facing changes.
2 changes: 1 addition & 1 deletion go/ql/src/codeql-pack.release.yml
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.0.2
lastReleaseVersion: 1.0.3
2 changes: 1 addition & 1 deletion go/ql/src/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/go-queries
version: 1.0.3-dev
version: 1.0.3
groups:
- go
- queries
4 changes: 4 additions & 0 deletions java/ql/automodel/src/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
## 1.0.3

No user-facing changes.

## 1.0.2

No user-facing changes.
3 changes: 3 additions & 0 deletions java/ql/automodel/src/change-notes/released/1.0.3.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
## 1.0.3

No user-facing changes.
2 changes: 1 addition & 1 deletion java/ql/automodel/src/codeql-pack.release.yml
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.0.2
lastReleaseVersion: 1.0.3
2 changes: 1 addition & 1 deletion java/ql/automodel/src/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/java-automodel-queries
version: 1.0.3-dev
version: 1.0.3
groups:
- java
- automodel
22 changes: 22 additions & 0 deletions java/ql/lib/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,25 @@
## 1.1.2

### Minor Analysis Improvements

* Added models for the following packages:

* io.undertow.server.handlers.resource
* jakarta.faces.context
* javax.faces.context
* javax.servlet
* org.jboss.vfs
* org.springframework.core.io
* A bug has been fixed in the heuristic identification of uncertain control
flow, which is used to filter data flow in order to improve performance and
reduce false positives. This fix means that slightly more code is identified
and hence pruned from data flow.
* Excluded reverse DNS from the loopback address as a source of untrusted data.

### Bug Fixes

* Support for `codeql test run` for Kotlin sources has been fixed.

## 1.1.1

No user-facing changes.
5 changes: 0 additions & 5 deletions java/ql/lib/change-notes/2024-06-13-kotlin-qltest-support.md

This file was deleted.

This file was deleted.

7 changes: 0 additions & 7 deletions java/ql/lib/change-notes/2024-06-17-ffbl-implicit-this.md

This file was deleted.

11 changes: 0 additions & 11 deletions java/ql/lib/change-notes/2024-06-28-resource-models.md

This file was deleted.

21 changes: 21 additions & 0 deletions java/ql/lib/change-notes/released/1.1.2.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
## 1.1.2

### Minor Analysis Improvements

* Added models for the following packages:

* io.undertow.server.handlers.resource
* jakarta.faces.context
* javax.faces.context
* javax.servlet
* org.jboss.vfs
* org.springframework.core.io
* A bug has been fixed in the heuristic identification of uncertain control
flow, which is used to filter data flow in order to improve performance and
reduce false positives. This fix means that slightly more code is identified
and hence pruned from data flow.
* Excluded reverse DNS from the loopback address as a source of untrusted data.

### Bug Fixes

* Support for `codeql test run` for Kotlin sources has been fixed.
2 changes: 1 addition & 1 deletion java/ql/lib/codeql-pack.release.yml
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.1.1
lastReleaseVersion: 1.1.2
2 changes: 1 addition & 1 deletion java/ql/lib/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/java-all
version: 1.1.2-dev
version: 1.1.2
groups: java
dbscheme: config/semmlecode.dbscheme
extractor: java
Loading

0 comments on commit b0d6778

Please sign in to comment.