diff --git a/actions/ql/lib/CHANGELOG.md b/actions/ql/lib/CHANGELOG.md new file mode 100644 index 000000000000..7ad10899ce1c --- /dev/null +++ b/actions/ql/lib/CHANGELOG.md @@ -0,0 +1,5 @@ +## 0.4.0 + +### New Features + +* Initial public preview release diff --git a/actions/ql/lib/change-notes/released/0.4.0.md b/actions/ql/lib/change-notes/released/0.4.0.md new file mode 100644 index 000000000000..7ad10899ce1c --- /dev/null +++ b/actions/ql/lib/change-notes/released/0.4.0.md @@ -0,0 +1,5 @@ +## 0.4.0 + +### New Features + +* Initial public preview release diff --git a/actions/ql/lib/codeql-pack.release.yml b/actions/ql/lib/codeql-pack.release.yml new file mode 100644 index 000000000000..458bfbeccffd --- /dev/null +++ b/actions/ql/lib/codeql-pack.release.yml @@ -0,0 +1,2 @@ +--- +lastReleaseVersion: 0.4.0 diff --git a/actions/ql/lib/qlpack.yml b/actions/ql/lib/qlpack.yml index 83cdaabc80dd..56654cd7eab4 100644 --- a/actions/ql/lib/qlpack.yml +++ b/actions/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/actions-all -version: 0.4.0-dev +version: 0.4.1-dev library: true warnOnImplicitThis: true dependencies: diff --git a/actions/ql/lib/change-notes/2024-12-19-initial-release.md b/actions/ql/src/CHANGELOG.md similarity index 55% rename from actions/ql/lib/change-notes/2024-12-19-initial-release.md rename to actions/ql/src/CHANGELOG.md index 09263f5089d2..caa8feca5585 100644 --- a/actions/ql/lib/change-notes/2024-12-19-initial-release.md +++ b/actions/ql/src/CHANGELOG.md @@ -1,4 +1,5 @@ ---- -category: feature ---- +## 0.4.0 + +### New Queries + * Initial public preview release diff --git a/actions/ql/src/change-notes/2024-12-19-initial-release.md b/actions/ql/src/change-notes/released/0.4.0.md similarity index 55% rename from actions/ql/src/change-notes/2024-12-19-initial-release.md rename to actions/ql/src/change-notes/released/0.4.0.md index e02078ea2731..caa8feca5585 100644 --- a/actions/ql/src/change-notes/2024-12-19-initial-release.md +++ b/actions/ql/src/change-notes/released/0.4.0.md @@ -1,4 +1,5 @@ ---- -category: newQuery ---- +## 0.4.0 + +### New Queries + * Initial public preview release diff --git a/actions/ql/src/codeql-pack.release.yml b/actions/ql/src/codeql-pack.release.yml new file mode 100644 index 000000000000..458bfbeccffd --- /dev/null +++ b/actions/ql/src/codeql-pack.release.yml @@ -0,0 +1,2 @@ +--- +lastReleaseVersion: 0.4.0 diff --git a/actions/ql/src/qlpack.yml b/actions/ql/src/qlpack.yml index f822a516e569..7c4d7dde27bd 100644 --- a/actions/ql/src/qlpack.yml +++ b/actions/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/actions-queries -version: 0.4.0-dev +version: 0.4.1-dev library: false warnOnImplicitThis: true groups: [actions, queries] diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md index 19784b530e7a..919bd905e73b 100644 --- a/cpp/ql/lib/CHANGELOG.md +++ b/cpp/ql/lib/CHANGELOG.md @@ -1,3 +1,22 @@ +## 3.1.0 + +### Deprecated APIs + +* The `TemplateParameter` class, representing C++ type template parameters has been deprecated. Use `TypeTemplateParameter` instead. + +### New Features + +* New classes `SizeofPackExprOperator` and `SizeofPackTypeOperator` were introduced, which represent the C++ `sizeof...` operator taking expressions and type arguments, respectively. +* A new class `TemplateTemplateParameterInstantiation` was introduced, which represents instantiations of template template parameters. +* A new predicate `getAnInstantiation` was added to the `TemplateTemplateParameter` class, which yields instantiations of template template parameters. +* The `getTemplateArgumentType` and `getTemplateArgumentValue` predicates of the `Declaration` class now also yield template arguments of template template parameters. +* A new class `NonTypeTemplateParameter` was introduced, which represents C++ non-type template parameters. +* A new class `TemplateParameterBase` was introduced, which represents C++ non-type template parameters, type template parameters, and template template parameters. + +### Minor Analysis Improvements + +* The `Guards` library (`semmle.code.cpp.controlflow.Guards`) has been improved to recognize more guard conditions. + ## 3.0.0 ### Breaking Changes diff --git a/cpp/ql/lib/change-notes/2024-12-04-guard-conditions.md b/cpp/ql/lib/change-notes/2024-12-04-guard-conditions.md deleted file mode 100644 index f60a6a2970a6..000000000000 --- a/cpp/ql/lib/change-notes/2024-12-04-guard-conditions.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The `Guards` library (`semmle.code.cpp.controlflow.Guards`) has been improved to recognize more guard conditions. \ No newline at end of file diff --git a/cpp/ql/lib/change-notes/2024-12-17-template-parameter-base.md b/cpp/ql/lib/change-notes/2024-12-17-template-parameter-base.md deleted file mode 100644 index 6fec6d5f4f55..000000000000 --- a/cpp/ql/lib/change-notes/2024-12-17-template-parameter-base.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* A new class `TemplateParameterBase` was introduced, which represents C++ non-type template parameters, type template parameters, and template template parameters. \ No newline at end of file diff --git a/cpp/ql/lib/change-notes/2024-12-17-template-parameter.md b/cpp/ql/lib/change-notes/2024-12-17-template-parameter.md deleted file mode 100644 index 0ac7085b371b..000000000000 --- a/cpp/ql/lib/change-notes/2024-12-17-template-parameter.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: deprecated ---- -* The `TemplateParameter` class, representing C++ type template parameters has been deprecated. Use `TypeTemplateParameter` instead. diff --git a/cpp/ql/lib/change-notes/2024-12-18-non-type-template-parameter.md b/cpp/ql/lib/change-notes/2024-12-18-non-type-template-parameter.md deleted file mode 100644 index 41fe400ed66a..000000000000 --- a/cpp/ql/lib/change-notes/2024-12-18-non-type-template-parameter.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* A new class `NonTypeTemplateParameter` was introduced, which represents C++ non-type template parameters. diff --git a/cpp/ql/lib/change-notes/2024-12-20-sizeof-pack.md b/cpp/ql/lib/change-notes/2024-12-20-sizeof-pack.md deleted file mode 100644 index bd912e4fb2e2..000000000000 --- a/cpp/ql/lib/change-notes/2024-12-20-sizeof-pack.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* New classes `SizeofPackExprOperator` and `SizeofPackTypeOperator` were introduced, which represent the C++ `sizeof...` operator taking expressions and type arguments, respectively. diff --git a/cpp/ql/lib/change-notes/2024-12-20-template-template-instantiation.md b/cpp/ql/lib/change-notes/2024-12-20-template-template-instantiation.md deleted file mode 100644 index 6e3ecd3468c1..000000000000 --- a/cpp/ql/lib/change-notes/2024-12-20-template-template-instantiation.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -category: feature ---- -* A new class `TemplateTemplateParameterInstantiation` was introduced, which represents instantiations of template template parameters. -* A new predicate `getAnInstantiation` was added to the `TemplateTemplateParameter` class, which yields instantiations of template template parameters. -* The `getTemplateArgumentType` and `getTemplateArgumentValue` predicates of the `Declaration` class now also yield template arguments of template template parameters. diff --git a/cpp/ql/lib/change-notes/released/3.1.0.md b/cpp/ql/lib/change-notes/released/3.1.0.md new file mode 100644 index 000000000000..3c7f181f60a4 --- /dev/null +++ b/cpp/ql/lib/change-notes/released/3.1.0.md @@ -0,0 +1,18 @@ +## 3.1.0 + +### Deprecated APIs + +* The `TemplateParameter` class, representing C++ type template parameters has been deprecated. Use `TypeTemplateParameter` instead. + +### New Features + +* New classes `SizeofPackExprOperator` and `SizeofPackTypeOperator` were introduced, which represent the C++ `sizeof...` operator taking expressions and type arguments, respectively. +* A new class `TemplateTemplateParameterInstantiation` was introduced, which represents instantiations of template template parameters. +* A new predicate `getAnInstantiation` was added to the `TemplateTemplateParameter` class, which yields instantiations of template template parameters. +* The `getTemplateArgumentType` and `getTemplateArgumentValue` predicates of the `Declaration` class now also yield template arguments of template template parameters. +* A new class `NonTypeTemplateParameter` was introduced, which represents C++ non-type template parameters. +* A new class `TemplateParameterBase` was introduced, which represents C++ non-type template parameters, type template parameters, and template template parameters. + +### Minor Analysis Improvements + +* The `Guards` library (`semmle.code.cpp.controlflow.Guards`) has been improved to recognize more guard conditions. diff --git a/cpp/ql/lib/codeql-pack.release.yml b/cpp/ql/lib/codeql-pack.release.yml index 33d3a2cd1139..82f62960aa3b 100644 --- a/cpp/ql/lib/codeql-pack.release.yml +++ b/cpp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 3.0.0 +lastReleaseVersion: 3.1.0 diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index 4bb4b04e02fd..6ffc77714d47 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 3.0.1-dev +version: 3.1.1-dev groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md index db16fe6f8b35..7d957e42696c 100644 --- a/cpp/ql/src/CHANGELOG.md +++ b/cpp/ql/src/CHANGELOG.md @@ -1,3 +1,13 @@ +## 1.3.1 + +### Minor Analysis Improvements + +* The "Returning stack-allocated memory" query (`cpp/return-stack-allocated-memory`) no longer produces results if there is an extraction error in the returned expression. +* The "Badly bounded write" query (`cpp/badly-bounded-write`) no longer produces results if there is an extraction error in the type of the output buffer. +* The "Too few arguments to formatting function" query (`cpp/wrong-number-format-arguments`) no longer produces results if an argument has an extraction error. +* The "Wrong type of arguments to formatting function" query (`cpp/wrong-type-format-argument`) no longer produces results when an argument type has an extraction error. +* Added dataflow models and flow sources for Microsoft's Active Template Library (ATL). + ## 1.3.0 ### New Queries diff --git a/cpp/ql/src/change-notes/2024-11-27-active-template-library.md b/cpp/ql/src/change-notes/2024-11-27-active-template-library.md deleted file mode 100644 index a677ac661077..000000000000 --- a/cpp/ql/src/change-notes/2024-11-27-active-template-library.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added dataflow models and flow sources for Microsoft's Active Template Library (ATL). \ No newline at end of file diff --git a/cpp/ql/src/change-notes/2024-12-05-badly-bounded-write.md b/cpp/ql/src/change-notes/2024-12-05-badly-bounded-write.md deleted file mode 100644 index c7ddd104ad0e..000000000000 --- a/cpp/ql/src/change-notes/2024-12-05-badly-bounded-write.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The "Badly bounded write" query (`cpp/badly-bounded-write`) no longer produces results if there is an extraction error in the type of the output buffer. diff --git a/cpp/ql/src/change-notes/2024-12-05-wrong-number-format-arguments.md b/cpp/ql/src/change-notes/2024-12-05-wrong-number-format-arguments.md deleted file mode 100644 index 6b41378f5569..000000000000 --- a/cpp/ql/src/change-notes/2024-12-05-wrong-number-format-arguments.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The "Too few arguments to formatting function" query (`cpp/wrong-number-format-arguments`) no longer produces results if an argument has an extraction error. diff --git a/cpp/ql/src/change-notes/2024-12-05-wrong-type-format-args.md b/cpp/ql/src/change-notes/2024-12-05-wrong-type-format-args.md deleted file mode 100644 index 1bf77d55a618..000000000000 --- a/cpp/ql/src/change-notes/2024-12-05-wrong-type-format-args.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The "Wrong type of arguments to formatting function" query (`cpp/wrong-type-format-argument`) no longer produces results when an argument type has an extraction error. diff --git a/cpp/ql/src/change-notes/2024-12-18-return-stack-allocated-memory.md b/cpp/ql/src/change-notes/2024-12-18-return-stack-allocated-memory.md deleted file mode 100644 index 76f5b9d7eaed..000000000000 --- a/cpp/ql/src/change-notes/2024-12-18-return-stack-allocated-memory.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The "Returning stack-allocated memory" query (`cpp/return-stack-allocated-memory`) no longer produces results if there is an extraction error in the returned expression. diff --git a/cpp/ql/src/change-notes/released/1.3.1.md b/cpp/ql/src/change-notes/released/1.3.1.md new file mode 100644 index 000000000000..bb3b2bf16c73 --- /dev/null +++ b/cpp/ql/src/change-notes/released/1.3.1.md @@ -0,0 +1,9 @@ +## 1.3.1 + +### Minor Analysis Improvements + +* The "Returning stack-allocated memory" query (`cpp/return-stack-allocated-memory`) no longer produces results if there is an extraction error in the returned expression. +* The "Badly bounded write" query (`cpp/badly-bounded-write`) no longer produces results if there is an extraction error in the type of the output buffer. +* The "Too few arguments to formatting function" query (`cpp/wrong-number-format-arguments`) no longer produces results if an argument has an extraction error. +* The "Wrong type of arguments to formatting function" query (`cpp/wrong-type-format-argument`) no longer produces results when an argument type has an extraction error. +* Added dataflow models and flow sources for Microsoft's Active Template Library (ATL). diff --git a/cpp/ql/src/codeql-pack.release.yml b/cpp/ql/src/codeql-pack.release.yml index ec16350ed6fd..e71b6d081f15 100644 --- a/cpp/ql/src/codeql-pack.release.yml +++ b/cpp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.3.0 +lastReleaseVersion: 1.3.1 diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index 940c3e2a4cba..5f0e63bfec48 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 1.3.1-dev +version: 1.3.2-dev groups: - cpp - queries diff --git a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md index a71f93aacd46..0a74ff6d7d08 100644 --- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.31 + +No user-facing changes. + ## 1.7.30 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.31.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.31.md new file mode 100644 index 000000000000..17df0436207f --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.31.md @@ -0,0 +1,3 @@ +## 1.7.31 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml index c0346e526b94..908f8a00a39b 100644 --- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.30 +lastReleaseVersion: 1.7.31 diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index 781915bf1a15..39d5520bf764 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.7.31-dev +version: 1.7.32-dev groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md index a71f93aacd46..0a74ff6d7d08 100644 --- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.31 + +No user-facing changes. + ## 1.7.30 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.31.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.31.md new file mode 100644 index 000000000000..17df0436207f --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.31.md @@ -0,0 +1,3 @@ +## 1.7.31 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml index c0346e526b94..908f8a00a39b 100644 --- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.30 +lastReleaseVersion: 1.7.31 diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index 979d8e6c6615..23f5eddd1419 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.7.31-dev +version: 1.7.32-dev groups: - csharp - solorigate diff --git a/csharp/ql/lib/CHANGELOG.md b/csharp/ql/lib/CHANGELOG.md index 86f279365f09..857acdec93a9 100644 --- a/csharp/ql/lib/CHANGELOG.md +++ b/csharp/ql/lib/CHANGELOG.md @@ -1,3 +1,16 @@ +## 4.0.1 + +### Minor Analysis Improvements + +* C# 13: Added QL library support for *collection* like type `params` parameters. +* Added `remote` flow source models for properties of Blazor components annotated with any of the following attributes from `Microsoft.AspNetCore.Components`: + - `[SupplyParameterFromForm]` + - `[SupplyParameterFromQuery]` +* Added the constructor and explicit cast operator of `Microsoft.AspNetCore.Components.MarkupString` as an `html-injection` sink. This will help catch cross-site scripting resulting from using `MarkupString`. +* Added flow summaries for the `Microsoft.AspNetCore.Mvc.Controller::View` method. +* The data flow library has been updated to track types in a slightly different way: The type of the tainted data (which may be stored into fields, etc.) is tracked more precisely, while the types of intermediate containers for nested contents is tracked less precisely. This may have a slight effect on false positives for complex flow paths. +* The C# extractor now supports *basic* extraction of .NET 9 projects. There might be limited support for extraction of code using the new C# 13 language features. + ## 4.0.0 ### Breaking Changes diff --git a/csharp/ql/lib/change-notes/2024-12-04-dataflow-type-pruning-tweak.md b/csharp/ql/lib/change-notes/2024-12-04-dataflow-type-pruning-tweak.md deleted file mode 100644 index 258c0e5326bc..000000000000 --- a/csharp/ql/lib/change-notes/2024-12-04-dataflow-type-pruning-tweak.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The data flow library has been updated to track types in a slightly different way: The type of the tainted data (which may be stored into fields, etc.) is tracked more precisely, while the types of intermediate containers for nested contents is tracked less precisely. This may have a slight effect on false positives for complex flow paths. diff --git a/csharp/ql/lib/change-notes/2024-12-04-dotnet9.md b/csharp/ql/lib/change-notes/2024-12-04-dotnet9.md deleted file mode 100644 index e166040e1551..000000000000 --- a/csharp/ql/lib/change-notes/2024-12-04-dotnet9.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The C# extractor now supports *basic* extraction of .NET 9 projects. There might be limited support for extraction of code using the new C# 13 language features. diff --git a/csharp/ql/lib/change-notes/2024-12-05-aspnetcore-mvc-model.md b/csharp/ql/lib/change-notes/2024-12-05-aspnetcore-mvc-model.md deleted file mode 100644 index 04afe96522b0..000000000000 --- a/csharp/ql/lib/change-notes/2024-12-05-aspnetcore-mvc-model.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added flow summaries for the `Microsoft.AspNetCore.Mvc.Controller::View` method. \ No newline at end of file diff --git a/csharp/ql/lib/change-notes/2024-12-12-add-markupstring-as-html-injection-sink.md b/csharp/ql/lib/change-notes/2024-12-12-add-markupstring-as-html-injection-sink.md deleted file mode 100644 index 032edbb1f102..000000000000 --- a/csharp/ql/lib/change-notes/2024-12-12-add-markupstring-as-html-injection-sink.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added the constructor and explicit cast operator of `Microsoft.AspNetCore.Components.MarkupString` as an `html-injection` sink. This will help catch cross-site scripting resulting from using `MarkupString`. diff --git a/csharp/ql/lib/change-notes/2024-12-18-blazor-attribute-sources.md b/csharp/ql/lib/change-notes/2024-12-18-blazor-attribute-sources.md deleted file mode 100644 index 5a48753b259f..000000000000 --- a/csharp/ql/lib/change-notes/2024-12-18-blazor-attribute-sources.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -category: minorAnalysis ---- -* Added `remote` flow source models for properties of Blazor components annotated with any of the following attributes from `Microsoft.AspNetCore.Components`: - - `[SupplyParameterFromForm]` - - `[SupplyParameterFromQuery]` diff --git a/csharp/ql/lib/change-notes/2024-12-20-collection-params.md b/csharp/ql/lib/change-notes/2024-12-20-collection-params.md deleted file mode 100644 index bb5ea26c6d45..000000000000 --- a/csharp/ql/lib/change-notes/2024-12-20-collection-params.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* C# 13: Added QL library support for *collection* like type `params` parameters. diff --git a/csharp/ql/lib/change-notes/released/4.0.1.md b/csharp/ql/lib/change-notes/released/4.0.1.md new file mode 100644 index 000000000000..703439b4cfed --- /dev/null +++ b/csharp/ql/lib/change-notes/released/4.0.1.md @@ -0,0 +1,12 @@ +## 4.0.1 + +### Minor Analysis Improvements + +* C# 13: Added QL library support for *collection* like type `params` parameters. +* Added `remote` flow source models for properties of Blazor components annotated with any of the following attributes from `Microsoft.AspNetCore.Components`: + - `[SupplyParameterFromForm]` + - `[SupplyParameterFromQuery]` +* Added the constructor and explicit cast operator of `Microsoft.AspNetCore.Components.MarkupString` as an `html-injection` sink. This will help catch cross-site scripting resulting from using `MarkupString`. +* Added flow summaries for the `Microsoft.AspNetCore.Mvc.Controller::View` method. +* The data flow library has been updated to track types in a slightly different way: The type of the tainted data (which may be stored into fields, etc.) is tracked more precisely, while the types of intermediate containers for nested contents is tracked less precisely. This may have a slight effect on false positives for complex flow paths. +* The C# extractor now supports *basic* extraction of .NET 9 projects. There might be limited support for extraction of code using the new C# 13 language features. diff --git a/csharp/ql/lib/codeql-pack.release.yml b/csharp/ql/lib/codeql-pack.release.yml index 49fe3eef6973..c0db4dcc0b33 100644 --- a/csharp/ql/lib/codeql-pack.release.yml +++ b/csharp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 4.0.0 +lastReleaseVersion: 4.0.1 diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index 81a55470a4dd..e32376ee2706 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 4.0.1-dev +version: 4.0.2-dev groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/CHANGELOG.md b/csharp/ql/src/CHANGELOG.md index 370a9cf4a6a2..1adfe6e1822c 100644 --- a/csharp/ql/src/CHANGELOG.md +++ b/csharp/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 1.0.14 + +### Minor Analysis Improvements + +* The `ExternalApi` and `TestLibrary` modules have been moved to the library pack. + ## 1.0.13 ### Minor Analysis Improvements diff --git a/csharp/ql/src/change-notes/2024-12-17-move-libraries.md b/csharp/ql/src/change-notes/released/1.0.14.md similarity index 65% rename from csharp/ql/src/change-notes/2024-12-17-move-libraries.md rename to csharp/ql/src/change-notes/released/1.0.14.md index 07bf61b7e355..d49594169df1 100644 --- a/csharp/ql/src/change-notes/2024-12-17-move-libraries.md +++ b/csharp/ql/src/change-notes/released/1.0.14.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 1.0.14 + +### Minor Analysis Improvements + * The `ExternalApi` and `TestLibrary` modules have been moved to the library pack. diff --git a/csharp/ql/src/codeql-pack.release.yml b/csharp/ql/src/codeql-pack.release.yml index c3be7eb77163..3b484f28dfab 100644 --- a/csharp/ql/src/codeql-pack.release.yml +++ b/csharp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.13 +lastReleaseVersion: 1.0.14 diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index e4d9400d96d3..0034f69ef874 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 1.0.14-dev +version: 1.0.15-dev groups: - csharp - queries diff --git a/go/ql/consistency-queries/CHANGELOG.md b/go/ql/consistency-queries/CHANGELOG.md index 3c6fa155a322..2d5ba191d2eb 100644 --- a/go/ql/consistency-queries/CHANGELOG.md +++ b/go/ql/consistency-queries/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.14 + +No user-facing changes. + ## 1.0.13 No user-facing changes. diff --git a/go/ql/consistency-queries/change-notes/released/1.0.14.md b/go/ql/consistency-queries/change-notes/released/1.0.14.md new file mode 100644 index 000000000000..84f6736f1a1b --- /dev/null +++ b/go/ql/consistency-queries/change-notes/released/1.0.14.md @@ -0,0 +1,3 @@ +## 1.0.14 + +No user-facing changes. diff --git a/go/ql/consistency-queries/codeql-pack.release.yml b/go/ql/consistency-queries/codeql-pack.release.yml index c3be7eb77163..3b484f28dfab 100644 --- a/go/ql/consistency-queries/codeql-pack.release.yml +++ b/go/ql/consistency-queries/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.13 +lastReleaseVersion: 1.0.14 diff --git a/go/ql/consistency-queries/qlpack.yml b/go/ql/consistency-queries/qlpack.yml index 1812705438ca..47d3802ccdbf 100644 --- a/go/ql/consistency-queries/qlpack.yml +++ b/go/ql/consistency-queries/qlpack.yml @@ -1,5 +1,5 @@ name: codeql-go-consistency-queries -version: 1.0.14-dev +version: 1.0.15-dev groups: - go - queries diff --git a/go/ql/lib/CHANGELOG.md b/go/ql/lib/CHANGELOG.md index 83052b3a1d9b..b48a4098866f 100644 --- a/go/ql/lib/CHANGELOG.md +++ b/go/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 3.0.1 + +### Minor Analysis Improvements + +* Added a `commandargs` local source model for the `os.Args` variable. + ## 3.0.0 ### Breaking Changes diff --git a/go/ql/lib/change-notes/2024-12-06-improve-flow-out-of-variadic-parameter.md b/go/ql/lib/change-notes/2024-12-06-improve-flow-out-of-variadic-parameter.md deleted file mode 100644 index 8244ba069943..000000000000 --- a/go/ql/lib/change-notes/2024-12-06-improve-flow-out-of-variadic-parameter.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Data flow out of variadic parameters now works in more situations. Summary models defined using models-as-data work. Source models defined using models-as-data do not work yet. diff --git a/go/ql/lib/change-notes/2024-12-12-variadic-parameter-sources.md b/go/ql/lib/change-notes/2024-12-12-variadic-parameter-sources.md deleted file mode 100644 index 38d5ad2783f1..000000000000 --- a/go/ql/lib/change-notes/2024-12-12-variadic-parameter-sources.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Source models defined using models-as-data now work for variadic parameters. diff --git a/go/ql/lib/change-notes/2024-12-13-os-args-model.md b/go/ql/lib/change-notes/released/3.0.1.md similarity index 63% rename from go/ql/lib/change-notes/2024-12-13-os-args-model.md rename to go/ql/lib/change-notes/released/3.0.1.md index 20a16d222e44..a2bce4d06cfe 100644 --- a/go/ql/lib/change-notes/2024-12-13-os-args-model.md +++ b/go/ql/lib/change-notes/released/3.0.1.md @@ -1,5 +1,5 @@ ---- -category: minorAnalysis ---- -* Added a `commandargs` local source model for the `os.Args` variable. +## 3.0.1 + +### Minor Analysis Improvements +* Added a `commandargs` local source model for the `os.Args` variable. diff --git a/go/ql/lib/codeql-pack.release.yml b/go/ql/lib/codeql-pack.release.yml index 33d3a2cd1139..e3b15d965db6 100644 --- a/go/ql/lib/codeql-pack.release.yml +++ b/go/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 3.0.0 +lastReleaseVersion: 3.0.1 diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index 4e72aa3857b5..23156a6939f3 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 3.0.1-dev +version: 3.0.2-dev groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/lib/semmle/go/dataflow/internal/ContainerFlow.qll b/go/ql/lib/semmle/go/dataflow/internal/ContainerFlow.qll index bbef53935ad9..9f07693b7ea2 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/ContainerFlow.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/ContainerFlow.qll @@ -66,11 +66,6 @@ predicate containerReadStep(Node node1, Node node2, Content c) { ( node2.(Read).readsElement(node1, _) or - exists(ImplicitVarargsSlice ivs | - node1.(PostUpdateNode).getPreUpdateNode() = ivs and - node2.(PostUpdateNode).getPreUpdateNode() = ivs.getCallNode().getAnImplicitVarargsArgument() - ) - or node2.(RangeElementNode).getBase() = node1 or // To model data flow from array elements of the base of a `SliceNode` to diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll index 05283454cff0..cc353ab64df5 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll @@ -845,9 +845,6 @@ module Public { or preupd = getAWrittenNode() or - preupd instanceof ImplicitVarargsSlice and - mutableType(preupd.(ImplicitVarargsSlice).getType().(SliceType).getElementType()) - or preupd = any(ArgumentNode arg).getACorrespondingSyntacticArgument() and mutableType(preupd.getType()) ) and diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll index 032196312483..2fcbf2d350f2 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll @@ -458,13 +458,3 @@ class ContentApprox = Unit; /** Gets an approximated value for content `c`. */ pragma[inline] ContentApprox getContentApprox(Content c) { any() } - -/** - * Holds if the the content `c` is a container. - */ -predicate containerContent(ContentSet c) { - c instanceof ArrayContent or - c instanceof CollectionContent or - c instanceof MapKeyContent or - c instanceof MapValueContent -} diff --git a/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll b/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll index 2605dd326c3c..5365228e2310 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll @@ -27,21 +27,11 @@ predicate localExprTaint(Expr src, Expr sink) { * Holds if taint can flow in one local step from `src` to `sink`. */ predicate localTaintStep(DataFlow::Node src, DataFlow::Node sink) { - DataFlow::localFlowStep(src, sink) - or - localAdditionalTaintStep(src, sink, _) - or + DataFlow::localFlowStep(src, sink) or + localAdditionalTaintStep(src, sink, _) or // Simple flow through library code is included in the exposed local // step relation, even though flow is technically inter-procedural FlowSummaryImpl::Private::Steps::summaryThroughStepTaint(src, sink, _) - or - // Treat container flow as taint for the local taint flow relation - exists(DataFlow::Content c | DataFlowPrivate::containerContent(c) | - DataFlowPrivate::readStep(src, c, sink) or - DataFlowPrivate::storeStep(src, c, sink) or - FlowSummaryImpl::Private::Steps::summaryGetterStep(src, c, sink, _) or - FlowSummaryImpl::Private::Steps::summarySetterStep(src, c, sink, _) - ) } private Type getElementType(Type containerType) { @@ -98,18 +88,12 @@ class AdditionalTaintStep extends Unit { */ predicate localAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ, string model) { ( - referenceStep(pred, succ) - or - elementWriteStep(pred, succ) - or - fieldReadStep(pred, succ) - or - elementStep(pred, succ) - or - tupleStep(pred, succ) - or - stringConcatStep(pred, succ) - or + referenceStep(pred, succ) or + elementWriteStep(pred, succ) or + fieldReadStep(pred, succ) or + elementStep(pred, succ) or + tupleStep(pred, succ) or + stringConcatStep(pred, succ) or sliceStep(pred, succ) ) and model = "" @@ -179,12 +163,6 @@ predicate elementStep(DataFlow::Node pred, DataFlow::Node succ) { // only step into the value, not the index succ.asInstruction() = IR::extractTupleElement(nextEntry, 1) ) - or - exists(DataFlow::ImplicitVarargsSlice ivs | - pred.(DataFlow::PostUpdateNode).getPreUpdateNode() = ivs and - succ.(DataFlow::PostUpdateNode).getPreUpdateNode() = - ivs.getCallNode().getAnImplicitVarargsArgument() - ) } /** Holds if taint flows from `pred` to `succ` via an extract tuple operation. */ diff --git a/go/ql/src/CHANGELOG.md b/go/ql/src/CHANGELOG.md index c9044e55cdcb..838a8bce5eaa 100644 --- a/go/ql/src/CHANGELOG.md +++ b/go/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.1.5 + +No user-facing changes. + ## 1.1.4 ### Minor Analysis Improvements diff --git a/go/ql/src/change-notes/released/1.1.5.md b/go/ql/src/change-notes/released/1.1.5.md new file mode 100644 index 000000000000..11a52a121d13 --- /dev/null +++ b/go/ql/src/change-notes/released/1.1.5.md @@ -0,0 +1,3 @@ +## 1.1.5 + +No user-facing changes. diff --git a/go/ql/src/codeql-pack.release.yml b/go/ql/src/codeql-pack.release.yml index 26cbcd3f123b..df39a9de059d 100644 --- a/go/ql/src/codeql-pack.release.yml +++ b/go/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.1.4 +lastReleaseVersion: 1.1.5 diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index 36775d0d8620..e33da9a8c914 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 1.1.5-dev +version: 1.1.6-dev groups: - go - queries diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/completetest.ql b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/completetest.ql index a5dedbeacf47..6bbf16c2020e 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/completetest.ql +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/completetest.ql @@ -9,9 +9,9 @@ import semmle.go.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl import utils.test.InlineFlowTest module Config implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { sourceNode(source, "qltest") } + predicate isSource(DataFlow::Node src) { sourceNode(src, "qltest") } - predicate isSink(DataFlow::Node sink) { sinkNode(sink, "qltest") } + predicate isSink(DataFlow::Node src) { sinkNode(src, "qltest") } } import ValueFlowTest diff --git a/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalTaintStep.expected b/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalTaintStep.expected index abe37122ba6b..6fadcdaabe63 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalTaintStep.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalTaintStep.expected @@ -5,36 +5,24 @@ | main.go:38:19:38:19 | 3 | main.go:38:7:38:20 | slice literal | | main.go:39:8:39:25 | []type{args} | main.go:39:8:39:25 | call to append | | main.go:39:15:39:15 | s | main.go:39:8:39:25 | call to append | -| main.go:39:18:39:18 | 4 | main.go:39:8:39:25 | []type{args} | -| main.go:39:21:39:21 | 5 | main.go:39:8:39:25 | []type{args} | -| main.go:39:24:39:24 | 6 | main.go:39:8:39:25 | []type{args} | | main.go:40:15:40:15 | s | main.go:40:8:40:23 | call to append | | main.go:40:18:40:19 | s1 | main.go:40:8:40:23 | call to append | | main.go:42:10:42:11 | s4 | main.go:38:2:38:2 | definition of s | | main.go:47:20:47:21 | next key-value pair in range | main.go:47:2:50:2 | range statement[0] | | main.go:47:20:47:21 | next key-value pair in range | main.go:47:2:50:2 | range statement[1] | | main.go:47:20:47:21 | xs | main.go:47:2:50:2 | range statement[1] | -| main.go:56:8:56:11 | true | main.go:56:2:56:3 | ch | -| main.go:57:4:57:5 | ch | main.go:57:2:57:5 | <-... | | strings.go:9:24:9:24 | s | strings.go:9:8:9:38 | call to Replace | | strings.go:9:32:9:34 | "_" | strings.go:9:8:9:38 | call to Replace | | strings.go:10:27:10:27 | s | strings.go:10:8:10:42 | call to ReplaceAll | | strings.go:10:35:10:41 | "&" | strings.go:10:8:10:42 | call to ReplaceAll | -| strings.go:11:9:11:26 | []type{args} | strings.go:11:9:11:26 | call to Sprint | | strings.go:11:9:11:26 | call to Sprint | strings.go:11:9:11:50 | ...+... | | strings.go:11:9:11:50 | ...+... | strings.go:11:9:11:69 | ...+... | -| strings.go:11:20:11:21 | s2 | strings.go:11:9:11:26 | []type{args} | | strings.go:11:20:11:21 | s2 | strings.go:11:9:11:26 | call to Sprint | -| strings.go:11:24:11:25 | s3 | strings.go:11:9:11:26 | []type{args} | | strings.go:11:24:11:25 | s3 | strings.go:11:9:11:26 | call to Sprint | -| strings.go:11:30:11:50 | []type{args} | strings.go:11:30:11:50 | call to Sprintf | | strings.go:11:30:11:50 | call to Sprintf | strings.go:11:9:11:50 | ...+... | | strings.go:11:42:11:45 | "%q" | strings.go:11:30:11:50 | call to Sprintf | -| strings.go:11:48:11:49 | s2 | strings.go:11:30:11:50 | []type{args} | | strings.go:11:48:11:49 | s2 | strings.go:11:30:11:50 | call to Sprintf | -| strings.go:11:54:11:69 | []type{args} | strings.go:11:54:11:69 | call to Sprintln | | strings.go:11:54:11:69 | call to Sprintln | strings.go:11:9:11:69 | ...+... | -| strings.go:11:67:11:68 | s3 | strings.go:11:54:11:69 | []type{args} | | strings.go:11:67:11:68 | s3 | strings.go:11:54:11:69 | call to Sprintln | | url.go:12:14:12:48 | call to PathUnescape | url.go:12:3:12:48 | ... = ...[0] | | url.go:12:14:12:48 | call to PathUnescape | url.go:12:3:12:48 | ... = ...[1] | @@ -51,25 +39,17 @@ | url.go:27:9:27:30 | call to ParseRequestURI | url.go:27:2:27:30 | ... = ...[1] | | url.go:27:29:27:29 | s | url.go:27:2:27:30 | ... = ...[0] | | url.go:28:14:28:14 | u | url.go:28:14:28:28 | call to EscapedPath | -| url.go:28:14:28:28 | call to EscapedPath | url.go:28:2:28:29 | []type{args} | | url.go:29:14:29:14 | u | url.go:29:14:29:25 | call to Hostname | -| url.go:29:14:29:25 | call to Hostname | url.go:29:2:29:26 | []type{args} | | url.go:30:11:30:11 | u | url.go:30:2:30:27 | ... := ...[0] | | url.go:30:11:30:27 | call to MarshalBinary | url.go:30:2:30:27 | ... := ...[0] | | url.go:30:11:30:27 | call to MarshalBinary | url.go:30:2:30:27 | ... := ...[1] | -| url.go:31:2:31:16 | []type{args} | url.go:30:2:30:3 | definition of bs | -| url.go:31:14:31:15 | bs | url.go:31:2:31:16 | []type{args} | | url.go:32:9:32:9 | u | url.go:32:2:32:23 | ... = ...[0] | | url.go:32:9:32:23 | call to Parse | url.go:32:2:32:23 | ... = ...[0] | | url.go:32:9:32:23 | call to Parse | url.go:32:2:32:23 | ... = ...[1] | | url.go:32:17:32:22 | "/foo" | url.go:32:2:32:23 | ... = ...[0] | | url.go:33:14:33:14 | u | url.go:33:14:33:21 | call to Port | -| url.go:33:14:33:21 | call to Port | url.go:33:2:33:22 | []type{args} | -| url.go:34:2:34:23 | []type{args} | url.go:34:14:34:22 | call to Query | | url.go:34:14:34:14 | u | url.go:34:14:34:22 | call to Query | -| url.go:34:14:34:22 | call to Query | url.go:34:2:34:23 | []type{args} | | url.go:35:14:35:14 | u | url.go:35:14:35:27 | call to RequestURI | -| url.go:35:14:35:27 | call to RequestURI | url.go:35:2:35:28 | []type{args} | | url.go:36:6:36:6 | u | url.go:36:6:36:26 | call to ResolveReference | | url.go:36:25:36:25 | u | url.go:36:6:36:26 | call to ResolveReference | | url.go:41:17:41:20 | "me" | url.go:41:8:41:21 | call to User | @@ -78,35 +58,27 @@ | url.go:43:11:43:12 | ui | url.go:43:2:43:23 | ... := ...[0] | | url.go:43:11:43:23 | call to Password | url.go:43:2:43:23 | ... := ...[0] | | url.go:43:11:43:23 | call to Password | url.go:43:2:43:23 | ... := ...[1] | -| url.go:44:14:44:15 | pw | url.go:44:2:44:16 | []type{args} | | url.go:45:14:45:15 | ui | url.go:45:14:45:26 | call to Username | -| url.go:45:14:45:26 | call to Username | url.go:45:2:45:27 | []type{args} | | url.go:50:10:50:26 | call to ParseQuery | url.go:50:2:50:26 | ... := ...[0] | | url.go:50:10:50:26 | call to ParseQuery | url.go:50:2:50:26 | ... := ...[1] | | url.go:50:25:50:25 | q | url.go:50:2:50:26 | ... := ...[0] | | url.go:51:14:51:14 | v | url.go:51:14:51:23 | call to Encode | -| url.go:51:14:51:23 | call to Encode | url.go:51:2:51:24 | []type{args} | | url.go:52:14:52:14 | v | url.go:52:14:52:26 | call to Get | -| url.go:52:14:52:26 | call to Get | url.go:52:2:52:27 | []type{args} | | url.go:57:16:57:39 | call to JoinPath | url.go:57:2:57:39 | ... := ...[0] | | url.go:57:16:57:39 | call to JoinPath | url.go:57:2:57:39 | ... := ...[1] | | url.go:57:29:57:29 | q | url.go:57:2:57:39 | ... := ...[0] | | url.go:57:32:57:38 | "clean" | url.go:57:2:57:39 | ... := ...[0] | -| url.go:57:32:57:38 | "clean" | url.go:57:16:57:39 | []type{args} | | url.go:58:16:58:45 | call to JoinPath | url.go:58:2:58:45 | ... := ...[0] | | url.go:58:16:58:45 | call to JoinPath | url.go:58:2:58:45 | ... := ...[1] | | url.go:58:29:58:35 | "clean" | url.go:58:2:58:45 | ... := ...[0] | | url.go:58:38:58:44 | joined1 | url.go:58:2:58:45 | ... := ...[0] | -| url.go:58:38:58:44 | joined1 | url.go:58:16:58:45 | []type{args} | | url.go:59:14:59:31 | call to Parse | url.go:59:2:59:31 | ... := ...[0] | | url.go:59:14:59:31 | call to Parse | url.go:59:2:59:31 | ... := ...[1] | | url.go:59:24:59:30 | joined2 | url.go:59:2:59:31 | ... := ...[0] | | url.go:60:15:60:19 | asUrl | url.go:60:15:60:37 | call to JoinPath | -| url.go:60:30:60:36 | "clean" | url.go:60:15:60:37 | []type{args} | | url.go:60:30:60:36 | "clean" | url.go:60:15:60:37 | call to JoinPath | | url.go:65:17:65:48 | call to Parse | url.go:65:2:65:48 | ... := ...[0] | | url.go:65:17:65:48 | call to Parse | url.go:65:2:65:48 | ... := ...[1] | | url.go:65:27:65:47 | "http://harmless.org" | url.go:65:2:65:48 | ... := ...[0] | | url.go:66:9:66:16 | cleanUrl | url.go:66:9:66:28 | call to JoinPath | -| url.go:66:27:66:27 | q | url.go:66:9:66:28 | []type{args} | | url.go:66:27:66:27 | q | url.go:66:9:66:28 | call to JoinPath | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/VarArgs/main.go b/go/ql/test/library-tests/semmle/go/dataflow/VarArgs/main.go index 84e769659806..8e3a498656af 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/VarArgs/main.go +++ b/go/ql/test/library-tests/semmle/go/dataflow/VarArgs/main.go @@ -4,7 +4,7 @@ func source() string { return "untrusted data" } -func sink(any) { +func sink(string) { } type A struct { @@ -19,10 +19,6 @@ func functionWithVarArgsParameter(s ...string) string { return s[1] } -func functionWithVarArgsOutParameter(in string, out ...*string) { - *out[0] = in -} - func functionWithSliceOfStructsParameter(s []A) string { return s[1].f } @@ -42,12 +38,6 @@ func main() { sink(functionWithVarArgsParameter(sSlice...)) // $ hasValueFlow="call to functionWithVarArgsParameter" sink(functionWithVarArgsParameter(s0, s1)) // $ hasValueFlow="call to functionWithVarArgsParameter" - var out1 *string - var out2 *string - functionWithVarArgsOutParameter(source(), out1, out2) - sink(out1) // $ MISSING: hasValueFlow="out1" - sink(out2) // $ MISSING: hasValueFlow="out2" - sliceOfStructs := []A{{f: source()}} sink(sliceOfStructs[0].f) // $ hasValueFlow="selection of f" diff --git a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/Flows.expected b/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/Flows.expected deleted file mode 100644 index 55e9aed2e93c..000000000000 --- a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/Flows.expected +++ /dev/null @@ -1,2 +0,0 @@ -testFailures -invalidModelRow diff --git a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/Flows.ext.yml b/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/Flows.ext.yml deleted file mode 100644 index ca3f9559536a..000000000000 --- a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/Flows.ext.yml +++ /dev/null @@ -1,21 +0,0 @@ -extensions: - - addsTo: - pack: codeql/go-all - extensible: summaryModel - data: - - ["github.com/nonexistent/test", "", False, "FunctionWithParameter", "", "", "Argument[0]", "ReturnValue", "value", "manual"] - - ["github.com/nonexistent/test", "", False, "FunctionWithSliceParameter", "", "", "Argument[0].ArrayElement", "ReturnValue", "value", "manual"] - - ["github.com/nonexistent/test", "", False, "FunctionWithVarArgsParameter", "", "", "Argument[0].ArrayElement", "ReturnValue", "value", "manual"] - - ["github.com/nonexistent/test", "", False, "FunctionWithVarArgsOutParameter", "", "", "Argument[0]", "Argument[1].ArrayElement", "value", "manual"] - - ["github.com/nonexistent/test", "", False, "FunctionWithSliceOfStructsParameter", "", "", "Argument[0].ArrayElement.Field[github.com/nonexistent/test.A.Field]", "ReturnValue", "value", "manual"] - - ["github.com/nonexistent/test", "", False, "FunctionWithVarArgsOfStructsParameter", "", "", "Argument[0].ArrayElement.Field[github.com/nonexistent/test.A.Field]", "ReturnValue", "value", "manual"] - - addsTo: - pack: codeql/go-all - extensible: sourceModel - data: - - ["github.com/nonexistent/test", "", False, "VariadicSource", "", "", "Argument[0]", "qltest", "manual"] - - addsTo: - pack: codeql/go-all - extensible: sinkModel - data: - - ["github.com/nonexistent/test", "", False, "VariadicSink", "", "", "Argument[0]", "qltest", "manual"] diff --git a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/Flows.ql b/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/Flows.ql deleted file mode 100644 index 873143a6f81c..000000000000 --- a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/Flows.ql +++ /dev/null @@ -1,22 +0,0 @@ -import go -import semmle.go.dataflow.ExternalFlow -import ModelValidation -import utils.test.InlineFlowTest - -module Config implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { - sourceNode(source, "qltest") - or - exists(Function fn | fn.hasQualifiedName(_, ["source", "taint"]) | - source = fn.getACall().getResult() - ) - } - - predicate isSink(DataFlow::Node sink) { - sinkNode(sink, "qltest") - or - exists(Function fn | fn.hasQualifiedName(_, "sink") | sink = fn.getACall().getAnArgument()) - } -} - -import FlowTest diff --git a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/go.mod b/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/go.mod deleted file mode 100644 index cdb11f2ee6cf..000000000000 --- a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/go.mod +++ /dev/null @@ -1,5 +0,0 @@ -module semmle.go.Packages - -go 1.23 - -require github.com/nonexistent/test v0.0.0-20200203000000-0000000000000 diff --git a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/main.go b/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/main.go deleted file mode 100644 index 9d978553d449..000000000000 --- a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/main.go +++ /dev/null @@ -1,57 +0,0 @@ -package main - -import ( - "github.com/nonexistent/test" -) - -func source() string { - return "untrusted data" -} - -func sink(any) { -} - -func main() { - s := source() - sink(test.FunctionWithParameter(s)) // $ hasValueFlow="call to FunctionWithParameter" - - stringSlice := []string{source()} - sink(stringSlice[0]) // $ hasValueFlow="index expression" - - s0 := "" - s1 := source() - sSlice := []string{s0, s1} - sink(test.FunctionWithParameter(sSlice[1])) // $ hasValueFlow="call to FunctionWithParameter" - sink(test.FunctionWithSliceParameter(sSlice)) // $ hasValueFlow="call to FunctionWithSliceParameter" - sink(test.FunctionWithVarArgsParameter(sSlice...)) // $ hasValueFlow="call to FunctionWithVarArgsParameter" - sink(test.FunctionWithVarArgsParameter(s0, s1)) // $ hasValueFlow="call to FunctionWithVarArgsParameter" - - var out1 *string - var out2 *string - test.FunctionWithVarArgsOutParameter(source(), out1, out2) - sink(out1) // $ hasValueFlow="out1" - sink(out2) // $ hasValueFlow="out2" - - sliceOfStructs := []test.A{{Field: source()}} - sink(sliceOfStructs[0].Field) // $ hasValueFlow="selection of Field" - - a0 := test.A{Field: ""} - a1 := test.A{Field: source()} - aSlice := []test.A{a0, a1} - sink(test.FunctionWithSliceOfStructsParameter(aSlice)) // $ hasValueFlow="call to FunctionWithSliceOfStructsParameter" - sink(test.FunctionWithVarArgsOfStructsParameter(aSlice...)) // $ hasValueFlow="call to FunctionWithVarArgsOfStructsParameter" - sink(test.FunctionWithVarArgsOfStructsParameter(a0, a1)) // $ hasValueFlow="call to FunctionWithVarArgsOfStructsParameter" - - var variadicSource string - test.VariadicSource(&variadicSource) - sink(variadicSource) // $ hasTaintFlow="variadicSource" - sink(&variadicSource) // $ hasTaintFlow="&..." - - var variadicSourcePtr *string - test.VariadicSource(variadicSourcePtr) - sink(variadicSourcePtr) // $ hasTaintFlow="variadicSourcePtr" - sink(*variadicSourcePtr) // $ hasTaintFlow="star expression" - - test.VariadicSink(source()) // $ hasTaintFlow="[]type{args}" - -} diff --git a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/vendor/github.com/nonexistent/test/stub.go b/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/vendor/github.com/nonexistent/test/stub.go deleted file mode 100644 index f23bc1d04814..000000000000 --- a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/vendor/github.com/nonexistent/test/stub.go +++ /dev/null @@ -1,31 +0,0 @@ -package test - -type A struct { - Field string -} - -func FunctionWithParameter(s string) string { - return "" -} - -func FunctionWithSliceParameter(s []string) string { - return "" -} - -func FunctionWithVarArgsParameter(s ...string) string { - return "" -} -func FunctionWithVarArgsOutParameter(in string, out ...*string) { -} - -func FunctionWithSliceOfStructsParameter(s []A) string { - return "" -} - -func FunctionWithVarArgsOfStructsParameter(s ...A) string { - return "" -} - -func VariadicSource(s ...*string) {} - -func VariadicSink(s ...string) {} diff --git a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/vendor/modules.txt deleted file mode 100644 index b62dbf8819b5..000000000000 --- a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/vendor/modules.txt +++ /dev/null @@ -1,3 +0,0 @@ -# github.com/nonexistent/test v0.0.0-20200203000000-0000000000000 -## explicit -github.com/nonexistent/test diff --git a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/Flows.ql b/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/Flows.ql index 884e67cfb063..78e21d534e09 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/Flows.ql +++ b/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/Flows.ql @@ -19,9 +19,6 @@ class SummaryModelTest extends DataFlow::FunctionModel { this.hasQualifiedName("github.com/nonexistent/test", "FunctionWithVarArgsParameter") and (inp.isParameter(_) and outp.isResult()) or - this.hasQualifiedName("github.com/nonexistent/test", "FunctionWithVarArgsOutParameter") and - (inp.isParameter(0) and outp.isParameter(any(int i | i >= 1))) - or this.hasQualifiedName("github.com/nonexistent/test", "FunctionWithSliceOfStructsParameter") and (inp.isParameter(0) and outp.isResult()) or diff --git a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/go.mod b/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/go.mod index cdb11f2ee6cf..ed18764ed282 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/go.mod +++ b/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/go.mod @@ -1,5 +1,5 @@ module semmle.go.Packages -go 1.23 +go 1.17 require github.com/nonexistent/test v0.0.0-20200203000000-0000000000000 diff --git a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/main.go b/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/main.go index e8d53eb9b288..c561de0da2f0 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/main.go +++ b/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/main.go @@ -8,7 +8,7 @@ func source() string { return "untrusted data" } -func sink(any) { +func sink(string) { } func main() { @@ -21,17 +21,10 @@ func main() { s0 := "" s1 := source() sSlice := []string{s0, s1} - sink(test.FunctionWithParameter(sSlice[1])) // $ hasValueFlow="call to FunctionWithParameter" - sink(test.FunctionWithSliceParameter(sSlice)) // $ hasTaintFlow="call to FunctionWithSliceParameter" MISSING: hasValueFlow="call to FunctionWithSliceParameter" - sink(test.FunctionWithVarArgsParameter(sSlice...)) // $ hasTaintFlow="call to FunctionWithVarArgsParameter" MISSING: hasValueFlow="call to FunctionWithVarArgsParameter" - randomFunctionWithMoreThanOneParameter(1, 2, 3, 4, 5) // This is needed to make the next line pass, because we need to have seen a call to a function with at least 2 parameters for ParameterInput to exist with index 1. - sink(test.FunctionWithVarArgsParameter(s0, s1)) // $ hasValueFlow="call to FunctionWithVarArgsParameter" - - var out1 *string - var out2 *string - test.FunctionWithVarArgsOutParameter(source(), out1, out2) - sink(out1) // $ hasValueFlow="out1" - sink(out2) // $ hasValueFlow="out2" + sink(test.FunctionWithParameter(sSlice[1])) // $ hasValueFlow="call to FunctionWithParameter" + sink(test.FunctionWithSliceParameter(sSlice)) // $ hasTaintFlow="call to FunctionWithSliceParameter" MISSING: hasValueFlow="call to FunctionWithSliceParameter" + sink(test.FunctionWithVarArgsParameter(sSlice...)) // $ hasTaintFlow="call to FunctionWithVarArgsParameter" MISSING: hasValueFlow="call to FunctionWithVarArgsParameter" + sink(test.FunctionWithVarArgsParameter(s0, s1)) // $ MISSING: hasValueFlow="call to FunctionWithVarArgsParameter" sliceOfStructs := []test.A{{Field: source()}} sink(sliceOfStructs[0].Field) // $ hasValueFlow="selection of Field" @@ -44,6 +37,3 @@ func main() { sink(test.FunctionWithVarArgsOfStructsParameter(aSlice...)) // $ MISSING: hasValueFlow="call to FunctionWithVarArgsOfStructsParameter" sink(test.FunctionWithVarArgsOfStructsParameter(a0, a1)) // $ MISSING: hasValueFlow="call to FunctionWithVarArgsOfStructsParameter" } - -func randomFunctionWithMoreThanOneParameter(i1, i2, i3, i4, i5 int) { -} diff --git a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/semmle.go.Packages b/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/semmle.go.Packages new file mode 100755 index 000000000000..e3880ac8d5d9 Binary files /dev/null and b/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/semmle.go.Packages differ diff --git a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/vendor/github.com/nonexistent/test/stub.go b/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/vendor/github.com/nonexistent/test/stub.go index b3e407fcaa7c..66f3da7d6591 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/vendor/github.com/nonexistent/test/stub.go +++ b/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/vendor/github.com/nonexistent/test/stub.go @@ -15,8 +15,6 @@ func FunctionWithSliceParameter(s []string) string { func FunctionWithVarArgsParameter(s ...string) string { return "" } -func FunctionWithVarArgsOutParameter(in string, out ...*string) { -} func FunctionWithSliceOfStructsParameter(s []A) string { return "" diff --git a/go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/StoredXss.expected b/go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/StoredXss.expected index 7524dd0f4108..861e3e97ed14 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/StoredXss.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/StoredXss.expected @@ -24,11 +24,7 @@ edges | test.go:148:16:148:23 | &... | test.go:149:13:149:39 | type conversion | provenance | | | test.go:152:15:152:24 | &... | test.go:153:13:153:47 | type conversion | provenance | | | test.go:156:18:156:30 | &... | test.go:157:13:157:38 | type conversion | provenance | | -| test.go:160:2:160:23 | []type{args} [array] | test.go:160:14:160:22 | &... | provenance | | -| test.go:160:14:160:22 | &... | test.go:160:2:160:23 | []type{args} [array] | provenance | | | test.go:160:14:160:22 | &... | test.go:161:13:161:28 | type conversion | provenance | | -| test.go:164:2:164:25 | []type{args} [array] | test.go:164:15:164:24 | &... | provenance | | -| test.go:164:15:164:24 | &... | test.go:164:2:164:25 | []type{args} [array] | provenance | | | test.go:164:15:164:24 | &... | test.go:165:13:165:32 | type conversion | provenance | | nodes | test.go:80:13:80:16 | &... | semmle.label | &... | @@ -80,10 +76,8 @@ nodes | test.go:153:13:153:47 | type conversion | semmle.label | type conversion | | test.go:156:18:156:30 | &... | semmle.label | &... | | test.go:157:13:157:38 | type conversion | semmle.label | type conversion | -| test.go:160:2:160:23 | []type{args} [array] | semmle.label | []type{args} [array] | | test.go:160:14:160:22 | &... | semmle.label | &... | | test.go:161:13:161:28 | type conversion | semmle.label | type conversion | -| test.go:164:2:164:25 | []type{args} [array] | semmle.label | []type{args} [array] | | test.go:164:15:164:24 | &... | semmle.label | &... | | test.go:165:13:165:32 | type conversion | semmle.label | type conversion | subpaths diff --git a/go/ql/test/library-tests/semmle/go/frameworks/TaintSteps/TaintStep.expected b/go/ql/test/library-tests/semmle/go/frameworks/TaintSteps/TaintStep.expected index 1e140bf28b15..b7c6f703cf51 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/TaintSteps/TaintStep.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/TaintSteps/TaintStep.expected @@ -10,13 +10,9 @@ invalidModelRow | io.go:14:31:14:43 | "some string" | io.go:14:13:14:44 | call to NewReader | | io.go:16:3:16:3 | definition of w | io.go:16:23:16:27 | &... | | io.go:16:3:16:3 | definition of w | io.go:16:30:16:34 | &... | -| io.go:16:8:16:35 | []type{args} | io.go:16:23:16:27 | &... | -| io.go:16:8:16:35 | []type{args} | io.go:16:30:16:34 | &... | | io.go:16:23:16:27 | &... | io.go:15:7:15:10 | definition of buf1 | -| io.go:16:23:16:27 | &... | io.go:16:8:16:35 | []type{args} | | io.go:16:24:16:27 | buf1 | io.go:16:23:16:27 | &... | | io.go:16:30:16:34 | &... | io.go:15:13:15:16 | definition of buf2 | -| io.go:16:30:16:34 | &... | io.go:16:8:16:35 | []type{args} | | io.go:16:31:16:34 | buf2 | io.go:16:30:16:34 | &... | | io.go:18:14:18:19 | reader | io.go:16:3:16:3 | definition of w | | io.go:22:31:22:43 | "some string" | io.go:22:13:22:44 | call to NewReader | @@ -31,10 +27,8 @@ invalidModelRow | io.go:39:11:39:19 | call to Pipe | io.go:39:3:39:19 | ... := ...[0] | | io.go:39:11:39:19 | call to Pipe | io.go:39:3:39:19 | ... := ...[1] | | io.go:40:17:40:31 | "some string\\n" | io.go:39:6:39:6 | definition of w | -| io.go:40:17:40:31 | "some string\\n" | io.go:40:3:40:32 | []type{args} | | io.go:43:16:43:16 | r | io.go:42:3:42:5 | definition of buf | | io.go:44:13:44:15 | buf | io.go:44:13:44:24 | call to String | -| io.go:44:13:44:24 | call to String | io.go:44:3:44:25 | []type{args} | | io.go:48:31:48:43 | "some string" | io.go:48:13:48:44 | call to NewReader | | io.go:50:18:50:23 | reader | io.go:49:3:49:5 | definition of buf | | io.go:54:31:54:43 | "some string" | io.go:54:13:54:44 | call to NewReader | @@ -52,14 +46,8 @@ invalidModelRow | io.go:82:27:82:36 | "reader1 " | io.go:82:9:82:37 | call to NewReader | | io.go:83:27:83:36 | "reader2 " | io.go:83:9:83:37 | call to NewReader | | io.go:84:27:84:35 | "reader3" | io.go:84:9:84:36 | call to NewReader | -| io.go:85:8:85:33 | []type{args} | io.go:82:3:82:4 | definition of r1 | -| io.go:85:8:85:33 | []type{args} | io.go:83:3:83:4 | definition of r2 | -| io.go:85:8:85:33 | []type{args} | io.go:84:3:84:4 | definition of r3 | -| io.go:85:23:85:24 | r1 | io.go:85:8:85:33 | []type{args} | | io.go:85:23:85:24 | r1 | io.go:85:8:85:33 | call to MultiReader | -| io.go:85:27:85:28 | r2 | io.go:85:8:85:33 | []type{args} | | io.go:85:27:85:28 | r2 | io.go:85:8:85:33 | call to MultiReader | -| io.go:85:31:85:32 | r3 | io.go:85:8:85:33 | []type{args} | | io.go:85:31:85:32 | r3 | io.go:85:8:85:33 | call to MultiReader | | io.go:86:22:86:22 | r | io.go:86:11:86:19 | selection of Stdout | | io.go:89:26:89:38 | "some string" | io.go:89:8:89:39 | call to NewReader | diff --git a/go/ql/test/query-tests/Security/CWE-078/StoredCommand.expected b/go/ql/test/query-tests/Security/CWE-078/StoredCommand.expected index 59369e97597d..c274067926a6 100644 --- a/go/ql/test/query-tests/Security/CWE-078/StoredCommand.expected +++ b/go/ql/test/query-tests/Security/CWE-078/StoredCommand.expected @@ -3,8 +3,6 @@ edges | StoredCommand.go:11:2:11:27 | ... := ...[0] | StoredCommand.go:13:2:13:5 | rows | provenance | Src:MaD:2 | | StoredCommand.go:13:2:13:5 | rows | StoredCommand.go:13:12:13:19 | &... | provenance | FunctionModel | -| StoredCommand.go:13:2:13:20 | []type{args} [array] | StoredCommand.go:13:12:13:19 | &... | provenance | | -| StoredCommand.go:13:12:13:19 | &... | StoredCommand.go:13:2:13:20 | []type{args} [array] | provenance | | | StoredCommand.go:13:12:13:19 | &... | StoredCommand.go:14:22:14:28 | cmdName | provenance | Sink:MaD:1 | models | 1 | Sink: os/exec; ; false; Command; ; ; Argument[0]; command-injection; manual | @@ -12,7 +10,6 @@ models nodes | StoredCommand.go:11:2:11:27 | ... := ...[0] | semmle.label | ... := ...[0] | | StoredCommand.go:13:2:13:5 | rows | semmle.label | rows | -| StoredCommand.go:13:2:13:20 | []type{args} [array] | semmle.label | []type{args} [array] | | StoredCommand.go:13:12:13:19 | &... | semmle.label | &... | | StoredCommand.go:14:22:14:28 | cmdName | semmle.label | cmdName | subpaths diff --git a/go/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected b/go/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected index 321b1740c23b..647113f3c6b5 100644 --- a/go/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected +++ b/go/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected @@ -32,10 +32,8 @@ edges | contenttype.go:113:10:113:28 | call to FormValue | contenttype.go:114:50:114:53 | data | provenance | Src:MaD:8 | | reflectedxsstest.go:31:2:31:44 | ... := ...[0] | reflectedxsstest.go:32:34:32:37 | file | provenance | Src:MaD:7 | | reflectedxsstest.go:31:2:31:44 | ... := ...[1] | reflectedxsstest.go:34:46:34:60 | selection of Filename | provenance | Src:MaD:7 | -| reflectedxsstest.go:32:2:32:8 | definition of content | reflectedxsstest.go:33:49:33:55 | content | provenance | | | reflectedxsstest.go:32:2:32:38 | ... := ...[0] | reflectedxsstest.go:33:49:33:55 | content | provenance | | | reflectedxsstest.go:32:34:32:37 | file | reflectedxsstest.go:32:2:32:38 | ... := ...[0] | provenance | MaD:13 | -| reflectedxsstest.go:33:17:33:56 | []type{args} [array] | reflectedxsstest.go:32:2:32:8 | definition of content | provenance | | | reflectedxsstest.go:33:17:33:56 | []type{args} [array] | reflectedxsstest.go:33:17:33:56 | call to Sprintf | provenance | MaD:12 | | reflectedxsstest.go:33:17:33:56 | call to Sprintf | reflectedxsstest.go:33:10:33:57 | type conversion | provenance | | | reflectedxsstest.go:33:49:33:55 | content | reflectedxsstest.go:33:17:33:56 | []type{args} [array] | provenance | | @@ -65,33 +63,11 @@ edges | tst.go:48:14:48:19 | selection of Form | tst.go:48:14:48:34 | call to Get | provenance | Src:MaD:6 MaD:18 | | tst.go:48:14:48:34 | call to Get | tst.go:53:12:53:26 | type conversion | provenance | | | websocketXss.go:30:7:30:10 | definition of xnet | websocketXss.go:32:24:32:27 | xnet | provenance | Src:MaD:5 | -| websocketXss.go:30:7:30:10 | definition of xnet | websocketXss.go:32:24:32:27 | xnet | provenance | Src:MaD:5 | -| websocketXss.go:32:3:32:28 | []type{args} [array] | websocketXss.go:30:7:30:10 | definition of xnet | provenance | | -| websocketXss.go:32:24:32:27 | xnet | websocketXss.go:32:3:32:28 | []type{args} [array] | provenance | | -| websocketXss.go:34:3:34:7 | definition of xnet2 | websocketXss.go:36:24:36:28 | xnet2 | provenance | Src:MaD:4 | | websocketXss.go:34:3:34:7 | definition of xnet2 | websocketXss.go:36:24:36:28 | xnet2 | provenance | Src:MaD:4 | -| websocketXss.go:36:3:36:29 | []type{args} [array] | websocketXss.go:34:3:34:7 | definition of xnet2 | provenance | | -| websocketXss.go:36:24:36:28 | xnet2 | websocketXss.go:36:3:36:29 | []type{args} [array] | provenance | | -| websocketXss.go:40:3:40:40 | ... := ...[1] | websocketXss.go:41:24:41:29 | nhooyr | provenance | Src:MaD:11 | | websocketXss.go:40:3:40:40 | ... := ...[1] | websocketXss.go:41:24:41:29 | nhooyr | provenance | Src:MaD:11 | -| websocketXss.go:40:6:40:11 | definition of nhooyr | websocketXss.go:41:24:41:29 | nhooyr | provenance | | -| websocketXss.go:40:6:40:11 | definition of nhooyr | websocketXss.go:41:24:41:29 | nhooyr | provenance | | -| websocketXss.go:41:3:41:30 | []type{args} [array] | websocketXss.go:40:6:40:11 | definition of nhooyr | provenance | | -| websocketXss.go:41:24:41:29 | nhooyr | websocketXss.go:41:3:41:30 | []type{args} [array] | provenance | | | websocketXss.go:46:7:46:16 | definition of gorillaMsg | websocketXss.go:48:24:48:33 | gorillaMsg | provenance | Src:MaD:1 | -| websocketXss.go:46:7:46:16 | definition of gorillaMsg | websocketXss.go:48:24:48:33 | gorillaMsg | provenance | Src:MaD:1 | -| websocketXss.go:48:3:48:34 | []type{args} [array] | websocketXss.go:46:7:46:16 | definition of gorillaMsg | provenance | | -| websocketXss.go:48:24:48:33 | gorillaMsg | websocketXss.go:48:3:48:34 | []type{args} [array] | provenance | | -| websocketXss.go:50:3:50:10 | definition of gorilla2 | websocketXss.go:52:24:52:31 | gorilla2 | provenance | Src:MaD:2 | | websocketXss.go:50:3:50:10 | definition of gorilla2 | websocketXss.go:52:24:52:31 | gorilla2 | provenance | Src:MaD:2 | -| websocketXss.go:52:3:52:32 | []type{args} [array] | websocketXss.go:50:3:50:10 | definition of gorilla2 | provenance | | -| websocketXss.go:52:24:52:31 | gorilla2 | websocketXss.go:52:3:52:32 | []type{args} [array] | provenance | | -| websocketXss.go:54:3:54:38 | ... := ...[1] | websocketXss.go:55:24:55:31 | gorilla3 | provenance | Src:MaD:3 | | websocketXss.go:54:3:54:38 | ... := ...[1] | websocketXss.go:55:24:55:31 | gorilla3 | provenance | Src:MaD:3 | -| websocketXss.go:54:6:54:13 | definition of gorilla3 | websocketXss.go:55:24:55:31 | gorilla3 | provenance | | -| websocketXss.go:54:6:54:13 | definition of gorilla3 | websocketXss.go:55:24:55:31 | gorilla3 | provenance | | -| websocketXss.go:55:3:55:32 | []type{args} [array] | websocketXss.go:54:6:54:13 | definition of gorilla3 | provenance | | -| websocketXss.go:55:24:55:31 | gorilla3 | websocketXss.go:55:3:55:32 | []type{args} [array] | provenance | | models | 1 | Source: github.com/gorilla/websocket; ; false; ReadJSON; ; ; Argument[1]; remote; manual | | 2 | Source: github.com/gorilla/websocket; Conn; true; ReadJSON; ; ; Argument[0]; remote; manual | @@ -132,7 +108,6 @@ nodes | contenttype.go:114:50:114:53 | data | semmle.label | data | | reflectedxsstest.go:31:2:31:44 | ... := ...[0] | semmle.label | ... := ...[0] | | reflectedxsstest.go:31:2:31:44 | ... := ...[1] | semmle.label | ... := ...[1] | -| reflectedxsstest.go:32:2:32:8 | definition of content | semmle.label | definition of content | | reflectedxsstest.go:32:2:32:38 | ... := ...[0] | semmle.label | ... := ...[0] | | reflectedxsstest.go:32:34:32:37 | file | semmle.label | file | | reflectedxsstest.go:33:10:33:57 | type conversion | semmle.label | type conversion | @@ -167,29 +142,15 @@ nodes | tst.go:48:14:48:34 | call to Get | semmle.label | call to Get | | tst.go:53:12:53:26 | type conversion | semmle.label | type conversion | | websocketXss.go:30:7:30:10 | definition of xnet | semmle.label | definition of xnet | -| websocketXss.go:32:3:32:28 | []type{args} [array] | semmle.label | []type{args} [array] | -| websocketXss.go:32:24:32:27 | xnet | semmle.label | xnet | | websocketXss.go:32:24:32:27 | xnet | semmle.label | xnet | | websocketXss.go:34:3:34:7 | definition of xnet2 | semmle.label | definition of xnet2 | -| websocketXss.go:36:3:36:29 | []type{args} [array] | semmle.label | []type{args} [array] | -| websocketXss.go:36:24:36:28 | xnet2 | semmle.label | xnet2 | | websocketXss.go:36:24:36:28 | xnet2 | semmle.label | xnet2 | | websocketXss.go:40:3:40:40 | ... := ...[1] | semmle.label | ... := ...[1] | -| websocketXss.go:40:6:40:11 | definition of nhooyr | semmle.label | definition of nhooyr | -| websocketXss.go:41:3:41:30 | []type{args} [array] | semmle.label | []type{args} [array] | -| websocketXss.go:41:24:41:29 | nhooyr | semmle.label | nhooyr | | websocketXss.go:41:24:41:29 | nhooyr | semmle.label | nhooyr | | websocketXss.go:46:7:46:16 | definition of gorillaMsg | semmle.label | definition of gorillaMsg | -| websocketXss.go:48:3:48:34 | []type{args} [array] | semmle.label | []type{args} [array] | -| websocketXss.go:48:24:48:33 | gorillaMsg | semmle.label | gorillaMsg | | websocketXss.go:48:24:48:33 | gorillaMsg | semmle.label | gorillaMsg | | websocketXss.go:50:3:50:10 | definition of gorilla2 | semmle.label | definition of gorilla2 | -| websocketXss.go:52:3:52:32 | []type{args} [array] | semmle.label | []type{args} [array] | -| websocketXss.go:52:24:52:31 | gorilla2 | semmle.label | gorilla2 | | websocketXss.go:52:24:52:31 | gorilla2 | semmle.label | gorilla2 | | websocketXss.go:54:3:54:38 | ... := ...[1] | semmle.label | ... := ...[1] | -| websocketXss.go:54:6:54:13 | definition of gorilla3 | semmle.label | definition of gorilla3 | -| websocketXss.go:55:3:55:32 | []type{args} [array] | semmle.label | []type{args} [array] | -| websocketXss.go:55:24:55:31 | gorilla3 | semmle.label | gorilla3 | | websocketXss.go:55:24:55:31 | gorilla3 | semmle.label | gorilla3 | subpaths diff --git a/go/ql/test/query-tests/Security/CWE-079/StoredXss.expected b/go/ql/test/query-tests/Security/CWE-079/StoredXss.expected index 5a6051e8dd62..89612f9722b7 100644 --- a/go/ql/test/query-tests/Security/CWE-079/StoredXss.expected +++ b/go/ql/test/query-tests/Security/CWE-079/StoredXss.expected @@ -5,12 +5,7 @@ edges | StoredXss.go:13:21:13:31 | call to Name | StoredXss.go:13:21:13:36 | ...+... | provenance | | | stored.go:18:3:18:28 | ... := ...[0] | stored.go:25:14:25:17 | rows | provenance | Src:MaD:1 | -| stored.go:25:14:25:17 | rows | stored.go:25:24:25:26 | &... | provenance | FunctionModel | | stored.go:25:14:25:17 | rows | stored.go:25:29:25:33 | &... | provenance | FunctionModel | -| stored.go:25:14:25:34 | []type{args} [array] | stored.go:25:24:25:26 | &... | provenance | | -| stored.go:25:14:25:34 | []type{args} [array] | stored.go:25:29:25:33 | &... | provenance | | -| stored.go:25:24:25:26 | &... | stored.go:25:14:25:34 | []type{args} [array] | provenance | | -| stored.go:25:29:25:33 | &... | stored.go:25:14:25:34 | []type{args} [array] | provenance | | | stored.go:25:29:25:33 | &... | stored.go:30:22:30:25 | name | provenance | | | stored.go:59:30:59:33 | definition of path | stored.go:61:22:61:25 | path | provenance | | models @@ -20,8 +15,6 @@ nodes | StoredXss.go:13:21:13:36 | ...+... | semmle.label | ...+... | | stored.go:18:3:18:28 | ... := ...[0] | semmle.label | ... := ...[0] | | stored.go:25:14:25:17 | rows | semmle.label | rows | -| stored.go:25:14:25:34 | []type{args} [array] | semmle.label | []type{args} [array] | -| stored.go:25:24:25:26 | &... | semmle.label | &... | | stored.go:25:29:25:33 | &... | semmle.label | &... | | stored.go:30:22:30:25 | name | semmle.label | name | | stored.go:59:30:59:33 | definition of path | semmle.label | definition of path | diff --git a/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected b/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected index 9a7084ac8369..1ce8c3d1dcf6 100644 --- a/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected +++ b/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected @@ -26,7 +26,6 @@ | mongoDB.go:81:18:81:25 | pipeline | mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:81:18:81:25 | pipeline | This query depends on a $@. | mongoDB.go:40:20:40:30 | call to Referer | user-provided value | edges | SqlInjection.go:10:7:11:30 | []type{args} [array] | SqlInjection.go:10:7:11:30 | call to Sprintf | provenance | MaD:23 | -| SqlInjection.go:10:7:11:30 | []type{args} [array] | SqlInjection.go:11:3:11:29 | index expression | provenance | | | SqlInjection.go:10:7:11:30 | call to Sprintf | SqlInjection.go:12:11:12:11 | q | provenance | Sink:MaD:1 | | SqlInjection.go:11:3:11:9 | selection of URL | SqlInjection.go:11:3:11:17 | call to Query | provenance | Src:MaD:21 MaD:26 | | SqlInjection.go:11:3:11:17 | call to Query | SqlInjection.go:11:3:11:29 | index expression | provenance | | @@ -37,7 +36,6 @@ edges | issue48.go:18:17:18:17 | b | issue48.go:18:20:18:39 | &... | provenance | MaD:22 | | issue48.go:18:20:18:39 | &... | issue48.go:21:3:21:33 | index expression | provenance | | | issue48.go:20:8:21:34 | []type{args} [array] | issue48.go:20:8:21:34 | call to Sprintf | provenance | MaD:23 | -| issue48.go:20:8:21:34 | []type{args} [array] | issue48.go:21:3:21:33 | index expression | provenance | | | issue48.go:20:8:21:34 | call to Sprintf | issue48.go:22:11:22:12 | q3 | provenance | Sink:MaD:1 | | issue48.go:21:3:21:33 | index expression | issue48.go:20:8:21:34 | []type{args} [array] | provenance | | | issue48.go:21:3:21:33 | index expression | issue48.go:20:8:21:34 | call to Sprintf | provenance | FunctionModel | @@ -46,7 +44,6 @@ edges | issue48.go:28:17:28:18 | b2 | issue48.go:28:21:28:41 | &... | provenance | MaD:22 | | issue48.go:28:21:28:41 | &... | issue48.go:31:3:31:31 | selection of Category | provenance | | | issue48.go:30:8:31:32 | []type{args} [array] | issue48.go:30:8:31:32 | call to Sprintf | provenance | MaD:23 | -| issue48.go:30:8:31:32 | []type{args} [array] | issue48.go:31:3:31:31 | selection of Category | provenance | | | issue48.go:30:8:31:32 | call to Sprintf | issue48.go:32:11:32:12 | q4 | provenance | Sink:MaD:1 | | issue48.go:31:3:31:31 | selection of Category | issue48.go:30:8:31:32 | []type{args} [array] | provenance | | | issue48.go:31:3:31:31 | selection of Category | issue48.go:30:8:31:32 | call to Sprintf | provenance | FunctionModel | @@ -55,13 +52,11 @@ edges | issue48.go:37:24:37:38 | call to Query | issue48.go:37:17:37:50 | type conversion | provenance | | | issue48.go:37:53:37:73 | &... | issue48.go:40:3:40:31 | selection of Category | provenance | | | issue48.go:39:8:40:32 | []type{args} [array] | issue48.go:39:8:40:32 | call to Sprintf | provenance | MaD:23 | -| issue48.go:39:8:40:32 | []type{args} [array] | issue48.go:40:3:40:31 | selection of Category | provenance | | | issue48.go:39:8:40:32 | call to Sprintf | issue48.go:41:11:41:12 | q5 | provenance | Sink:MaD:1 | | issue48.go:40:3:40:31 | selection of Category | issue48.go:39:8:40:32 | []type{args} [array] | provenance | | | issue48.go:40:3:40:31 | selection of Category | issue48.go:39:8:40:32 | call to Sprintf | provenance | FunctionModel | | main.go:11:11:11:16 | selection of Form | main.go:11:11:11:28 | index expression | provenance | Src:MaD:18 Sink:MaD:1 | | main.go:15:11:15:84 | []type{args} [array] | main.go:15:11:15:84 | call to Sprintf | provenance | MaD:23 Sink:MaD:2 | -| main.go:15:11:15:84 | []type{args} [array] | main.go:15:63:15:83 | index expression | provenance | | | main.go:15:63:15:67 | selection of URL | main.go:15:63:15:75 | call to Query | provenance | Src:MaD:21 MaD:26 | | main.go:15:63:15:75 | call to Query | main.go:15:63:15:83 | index expression | provenance | | | main.go:15:63:15:83 | index expression | main.go:15:11:15:84 | []type{args} [array] | provenance | | @@ -76,7 +71,6 @@ edges | main.go:30:13:30:27 | call to Query | main.go:30:13:30:39 | index expression | provenance | | | main.go:30:13:30:39 | index expression | main.go:28:18:31:2 | struct literal [Category] | provenance | | | main.go:33:7:34:23 | []type{args} [array] | main.go:33:7:34:23 | call to Sprintf | provenance | MaD:23 | -| main.go:33:7:34:23 | []type{args} [array] | main.go:34:3:34:22 | selection of Category | provenance | | | main.go:33:7:34:23 | call to Sprintf | main.go:35:11:35:11 | q | provenance | Sink:MaD:1 | | main.go:34:3:34:13 | RequestData [pointer, Category] | main.go:34:3:34:13 | implicit dereference [Category] | provenance | | | main.go:34:3:34:13 | implicit dereference [Category] | main.go:34:3:34:22 | selection of Category | provenance | | @@ -90,7 +84,6 @@ edges | main.go:40:25:40:39 | call to Query | main.go:40:25:40:51 | index expression | provenance | | | main.go:40:25:40:51 | index expression | main.go:40:2:40:12 | implicit dereference [Category] | provenance | | | main.go:42:7:43:23 | []type{args} [array] | main.go:42:7:43:23 | call to Sprintf | provenance | MaD:23 | -| main.go:42:7:43:23 | []type{args} [array] | main.go:43:3:43:22 | selection of Category | provenance | | | main.go:42:7:43:23 | call to Sprintf | main.go:44:11:44:11 | q | provenance | Sink:MaD:1 | | main.go:43:3:43:13 | RequestData [pointer, Category] | main.go:43:3:43:13 | implicit dereference [Category] | provenance | | | main.go:43:3:43:13 | implicit dereference [Category] | main.go:43:3:43:22 | selection of Category | provenance | | @@ -104,7 +97,6 @@ edges | main.go:49:28:49:42 | call to Query | main.go:49:28:49:54 | index expression | provenance | | | main.go:49:28:49:54 | index expression | main.go:49:3:49:14 | star expression [Category] | provenance | | | main.go:51:7:52:23 | []type{args} [array] | main.go:51:7:52:23 | call to Sprintf | provenance | MaD:23 | -| main.go:51:7:52:23 | []type{args} [array] | main.go:52:3:52:22 | selection of Category | provenance | | | main.go:51:7:52:23 | call to Sprintf | main.go:53:11:53:11 | q | provenance | Sink:MaD:1 | | main.go:52:3:52:13 | RequestData [pointer, Category] | main.go:52:3:52:13 | implicit dereference [Category] | provenance | | | main.go:52:3:52:13 | implicit dereference [Category] | main.go:52:3:52:22 | selection of Category | provenance | | @@ -118,7 +110,6 @@ edges | main.go:58:28:58:42 | call to Query | main.go:58:28:58:54 | index expression | provenance | | | main.go:58:28:58:54 | index expression | main.go:58:3:58:14 | star expression [Category] | provenance | | | main.go:60:7:61:26 | []type{args} [array] | main.go:60:7:61:26 | call to Sprintf | provenance | MaD:23 | -| main.go:60:7:61:26 | []type{args} [array] | main.go:61:3:61:25 | selection of Category | provenance | | | main.go:60:7:61:26 | call to Sprintf | main.go:62:11:62:11 | q | provenance | Sink:MaD:1 | | main.go:61:3:61:25 | selection of Category | main.go:60:7:61:26 | []type{args} [array] | provenance | | | main.go:61:3:61:25 | selection of Category | main.go:60:7:61:26 | call to Sprintf | provenance | FunctionModel | diff --git a/go/ql/test/query-tests/Security/CWE-089/StringBreak.expected b/go/ql/test/query-tests/Security/CWE-089/StringBreak.expected index a3d0c59798f5..5deab249337e 100644 --- a/go/ql/test/query-tests/Security/CWE-089/StringBreak.expected +++ b/go/ql/test/query-tests/Security/CWE-089/StringBreak.expected @@ -3,12 +3,7 @@ | StringBreakMismatched.go:17:26:17:32 | escaped | StringBreakMismatched.go:12:2:12:40 | ... := ...[0] | StringBreakMismatched.go:17:26:17:32 | escaped | If this $@ contains a single quote, it could break out of the enclosing quotes. | StringBreakMismatched.go:12:2:12:40 | ... := ...[0] | JSON value | | StringBreakMismatched.go:29:27:29:33 | escaped | StringBreakMismatched.go:24:2:24:40 | ... := ...[0] | StringBreakMismatched.go:29:27:29:33 | escaped | If this $@ contains a double quote, it could break out of the enclosing quotes. | StringBreakMismatched.go:24:2:24:40 | ... := ...[0] | JSON value | edges -| StringBreak.go:10:2:10:12 | definition of versionJSON | StringBreak.go:14:47:14:57 | versionJSON | provenance | | -| StringBreak.go:10:2:10:12 | definition of versionJSON | StringBreak.go:14:47:14:57 | versionJSON | provenance | | | StringBreak.go:10:2:10:40 | ... := ...[0] | StringBreak.go:14:47:14:57 | versionJSON | provenance | | -| StringBreak.go:10:2:10:40 | ... := ...[0] | StringBreak.go:14:47:14:57 | versionJSON | provenance | | -| StringBreak.go:14:22:14:58 | []type{args} [array] | StringBreak.go:10:2:10:12 | definition of versionJSON | provenance | | -| StringBreak.go:14:47:14:57 | versionJSON | StringBreak.go:14:22:14:58 | []type{args} [array] | provenance | | | StringBreakMismatched.go:12:2:12:40 | ... := ...[0] | StringBreakMismatched.go:13:29:13:47 | type conversion | provenance | | | StringBreakMismatched.go:13:13:13:62 | call to Replace | StringBreakMismatched.go:17:26:17:32 | escaped | provenance | | | StringBreakMismatched.go:13:29:13:47 | type conversion | StringBreakMismatched.go:13:13:13:62 | call to Replace | provenance | MaD:1 | @@ -18,10 +13,7 @@ edges models | 1 | Summary: strings; ; false; Replace; ; ; Argument[0]; ReturnValue; taint; manual | nodes -| StringBreak.go:10:2:10:12 | definition of versionJSON | semmle.label | definition of versionJSON | | StringBreak.go:10:2:10:40 | ... := ...[0] | semmle.label | ... := ...[0] | -| StringBreak.go:14:22:14:58 | []type{args} [array] | semmle.label | []type{args} [array] | -| StringBreak.go:14:47:14:57 | versionJSON | semmle.label | versionJSON | | StringBreak.go:14:47:14:57 | versionJSON | semmle.label | versionJSON | | StringBreakMismatched.go:12:2:12:40 | ... := ...[0] | semmle.label | ... := ...[0] | | StringBreakMismatched.go:13:13:13:62 | call to Replace | semmle.label | call to Replace | diff --git a/go/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected b/go/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected index b3396e7451b5..c62c6126648c 100644 --- a/go/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected +++ b/go/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected @@ -1,16 +1,8 @@ edges | test.go:14:2:14:4 | definition of buf | test.go:17:10:17:12 | buf | provenance | | -| test.go:14:2:14:4 | definition of buf | test.go:20:29:20:31 | buf | provenance | | -| test.go:15:2:15:4 | definition of buf | test.go:17:10:17:12 | buf | provenance | | -| test.go:15:2:15:4 | definition of buf | test.go:20:29:20:31 | buf | provenance | | -| test.go:20:2:20:32 | []type{args} [array] | test.go:15:2:15:4 | definition of buf | provenance | | -| test.go:20:29:20:31 | buf | test.go:20:2:20:32 | []type{args} [array] | provenance | | nodes | test.go:14:2:14:4 | definition of buf | semmle.label | definition of buf | -| test.go:15:2:15:4 | definition of buf | semmle.label | definition of buf | | test.go:17:10:17:12 | buf | semmle.label | buf | -| test.go:20:2:20:32 | []type{args} [array] | semmle.label | []type{args} [array] | -| test.go:20:29:20:31 | buf | semmle.label | buf | subpaths #select | test.go:17:10:17:12 | buf | test.go:14:2:14:4 | definition of buf | test.go:17:10:17:12 | buf | HTTP response depends on $@ and may be exposed to an external user. | test.go:14:2:14:4 | definition of buf | stack trace information | diff --git a/go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected b/go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected index 98c98dbf331f..3435eff77754 100644 --- a/go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected +++ b/go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected @@ -64,55 +64,28 @@ edges | passwords.go:8:12:8:12 | definition of x | passwords.go:9:14:9:14 | x | provenance | | | passwords.go:30:8:30:15 | password | passwords.go:8:12:8:12 | definition of x | provenance | | | passwords.go:34:28:34:35 | password | passwords.go:34:14:34:35 | ...+... | provenance | Config | -| passwords.go:36:2:36:5 | definition of obj1 | passwords.go:39:14:39:17 | obj1 | provenance | | -| passwords.go:36:2:36:5 | definition of obj1 | passwords.go:39:14:39:17 | obj1 | provenance | | -| passwords.go:36:10:38:2 | struct literal | passwords.go:36:2:36:5 | definition of obj1 | provenance | | +| passwords.go:36:10:38:2 | struct literal | passwords.go:39:14:39:17 | obj1 | provenance | | | passwords.go:37:13:37:13 | x | passwords.go:36:10:38:2 | struct literal | provenance | Config | -| passwords.go:39:2:39:18 | []type{args} [array] | passwords.go:36:2:36:5 | definition of obj1 | provenance | | -| passwords.go:39:14:39:17 | obj1 | passwords.go:39:2:39:18 | []type{args} [array] | provenance | | -| passwords.go:41:2:41:5 | definition of obj2 | passwords.go:44:14:44:17 | obj2 | provenance | | -| passwords.go:41:2:41:5 | definition of obj2 | passwords.go:44:14:44:17 | obj2 | provenance | | -| passwords.go:41:10:43:2 | struct literal | passwords.go:41:2:41:5 | definition of obj2 | provenance | | +| passwords.go:41:10:43:2 | struct literal | passwords.go:44:14:44:17 | obj2 | provenance | | | passwords.go:42:6:42:13 | password | passwords.go:41:10:43:2 | struct literal | provenance | Config | -| passwords.go:44:2:44:18 | []type{args} [array] | passwords.go:41:2:41:5 | definition of obj2 | provenance | | -| passwords.go:44:14:44:17 | obj2 | passwords.go:44:2:44:18 | []type{args} [array] | provenance | | | passwords.go:46:6:46:9 | definition of obj3 | passwords.go:47:14:47:17 | obj3 | provenance | | -| passwords.go:46:6:46:9 | definition of obj3 | passwords.go:47:14:47:17 | obj3 | provenance | | -| passwords.go:47:2:47:18 | []type{args} [array] | passwords.go:46:6:46:9 | definition of obj3 | provenance | | -| passwords.go:47:14:47:17 | obj3 | passwords.go:47:2:47:18 | []type{args} [array] | provenance | | | passwords.go:48:11:48:18 | password | passwords.go:46:6:46:9 | definition of obj3 | provenance | Config | -| passwords.go:85:2:85:14 | definition of utilityObject | passwords.go:88:14:88:26 | utilityObject | provenance | | -| passwords.go:85:2:85:14 | definition of utilityObject | passwords.go:88:14:88:26 | utilityObject | provenance | | -| passwords.go:85:19:87:2 | struct literal | passwords.go:85:2:85:14 | definition of utilityObject | provenance | | +| passwords.go:85:19:87:2 | struct literal | passwords.go:88:14:88:26 | utilityObject | provenance | | | passwords.go:86:16:86:36 | call to make | passwords.go:85:19:87:2 | struct literal | provenance | Config | -| passwords.go:88:2:88:27 | []type{args} [array] | passwords.go:85:2:85:14 | definition of utilityObject | provenance | | -| passwords.go:88:14:88:26 | utilityObject | passwords.go:88:2:88:27 | []type{args} [array] | provenance | | | passwords.go:90:12:90:19 | password | passwords.go:91:23:91:28 | secret | provenance | | | passwords.go:101:33:101:40 | password | passwords.go:101:15:101:40 | ...+... | provenance | Config | | passwords.go:107:34:107:41 | password | passwords.go:107:16:107:41 | ...+... | provenance | Config | | passwords.go:112:33:112:40 | password | passwords.go:112:15:112:40 | ...+... | provenance | Config | | passwords.go:116:28:116:36 | password1 | passwords.go:116:28:116:45 | call to String | provenance | Config | | passwords.go:116:28:116:45 | call to String | passwords.go:116:14:116:45 | ...+... | provenance | Config | -| passwords.go:118:2:118:7 | definition of config | passwords.go:125:14:125:19 | config | provenance | | -| passwords.go:118:2:118:7 | definition of config | passwords.go:125:14:125:19 | config | provenance | | -| passwords.go:118:2:118:7 | definition of config [x] | passwords.go:125:14:125:19 | config [x] | provenance | | -| passwords.go:118:2:118:7 | definition of config [x] | passwords.go:126:14:126:19 | config [x] | provenance | | -| passwords.go:118:2:118:7 | definition of config [y] | passwords.go:125:14:125:19 | config [y] | provenance | | -| passwords.go:118:2:118:7 | definition of config [y] | passwords.go:127:14:127:19 | config [y] | provenance | | -| passwords.go:118:12:123:2 | struct literal | passwords.go:118:2:118:7 | definition of config | provenance | | -| passwords.go:118:12:123:2 | struct literal [x] | passwords.go:118:2:118:7 | definition of config [x] | provenance | | -| passwords.go:118:12:123:2 | struct literal [y] | passwords.go:118:2:118:7 | definition of config [y] | provenance | | +| passwords.go:118:12:123:2 | struct literal | passwords.go:125:14:125:19 | config | provenance | | +| passwords.go:118:12:123:2 | struct literal [x] | passwords.go:126:14:126:19 | config [x] | provenance | | +| passwords.go:118:12:123:2 | struct literal [y] | passwords.go:127:14:127:19 | config [y] | provenance | | | passwords.go:119:13:119:13 | x | passwords.go:118:12:123:2 | struct literal | provenance | Config | | passwords.go:121:13:121:20 | password | passwords.go:118:12:123:2 | struct literal | provenance | Config | | passwords.go:121:13:121:20 | password | passwords.go:118:12:123:2 | struct literal [x] | provenance | | | passwords.go:122:13:122:25 | call to getPassword | passwords.go:118:12:123:2 | struct literal | provenance | Config | | passwords.go:122:13:122:25 | call to getPassword | passwords.go:118:12:123:2 | struct literal [y] | provenance | | -| passwords.go:125:2:125:20 | []type{args} [array, x] | passwords.go:118:2:118:7 | definition of config [x] | provenance | | -| passwords.go:125:2:125:20 | []type{args} [array, y] | passwords.go:118:2:118:7 | definition of config [y] | provenance | | -| passwords.go:125:2:125:20 | []type{args} [array] | passwords.go:118:2:118:7 | definition of config | provenance | | -| passwords.go:125:14:125:19 | config | passwords.go:125:2:125:20 | []type{args} [array] | provenance | | -| passwords.go:125:14:125:19 | config [x] | passwords.go:125:2:125:20 | []type{args} [array, x] | provenance | | -| passwords.go:125:14:125:19 | config [y] | passwords.go:125:2:125:20 | []type{args} [array, y] | provenance | | | passwords.go:126:14:126:19 | config [x] | passwords.go:126:14:126:21 | selection of x | provenance | | | passwords.go:127:14:127:19 | config [y] | passwords.go:127:14:127:21 | selection of y | provenance | | | protobuf.go:11:2:11:6 | definition of query [pointer, Description] | protobuf.go:12:2:12:6 | query [pointer, Description] | provenance | | @@ -176,29 +149,18 @@ nodes | passwords.go:32:12:32:19 | password | semmle.label | password | | passwords.go:34:14:34:35 | ...+... | semmle.label | ...+... | | passwords.go:34:28:34:35 | password | semmle.label | password | -| passwords.go:36:2:36:5 | definition of obj1 | semmle.label | definition of obj1 | | passwords.go:36:10:38:2 | struct literal | semmle.label | struct literal | | passwords.go:37:13:37:13 | x | semmle.label | x | -| passwords.go:39:2:39:18 | []type{args} [array] | semmle.label | []type{args} [array] | -| passwords.go:39:14:39:17 | obj1 | semmle.label | obj1 | | passwords.go:39:14:39:17 | obj1 | semmle.label | obj1 | -| passwords.go:41:2:41:5 | definition of obj2 | semmle.label | definition of obj2 | | passwords.go:41:10:43:2 | struct literal | semmle.label | struct literal | | passwords.go:42:6:42:13 | password | semmle.label | password | -| passwords.go:44:2:44:18 | []type{args} [array] | semmle.label | []type{args} [array] | -| passwords.go:44:14:44:17 | obj2 | semmle.label | obj2 | | passwords.go:44:14:44:17 | obj2 | semmle.label | obj2 | | passwords.go:46:6:46:9 | definition of obj3 | semmle.label | definition of obj3 | -| passwords.go:47:2:47:18 | []type{args} [array] | semmle.label | []type{args} [array] | -| passwords.go:47:14:47:17 | obj3 | semmle.label | obj3 | | passwords.go:47:14:47:17 | obj3 | semmle.label | obj3 | | passwords.go:48:11:48:18 | password | semmle.label | password | | passwords.go:51:14:51:27 | fixed_password | semmle.label | fixed_password | -| passwords.go:85:2:85:14 | definition of utilityObject | semmle.label | definition of utilityObject | | passwords.go:85:19:87:2 | struct literal | semmle.label | struct literal | | passwords.go:86:16:86:36 | call to make | semmle.label | call to make | -| passwords.go:88:2:88:27 | []type{args} [array] | semmle.label | []type{args} [array] | -| passwords.go:88:14:88:26 | utilityObject | semmle.label | utilityObject | | passwords.go:88:14:88:26 | utilityObject | semmle.label | utilityObject | | passwords.go:90:12:90:19 | password | semmle.label | password | | passwords.go:91:23:91:28 | secret | semmle.label | secret | @@ -211,22 +173,13 @@ nodes | passwords.go:116:14:116:45 | ...+... | semmle.label | ...+... | | passwords.go:116:28:116:36 | password1 | semmle.label | password1 | | passwords.go:116:28:116:45 | call to String | semmle.label | call to String | -| passwords.go:118:2:118:7 | definition of config | semmle.label | definition of config | -| passwords.go:118:2:118:7 | definition of config [x] | semmle.label | definition of config [x] | -| passwords.go:118:2:118:7 | definition of config [y] | semmle.label | definition of config [y] | | passwords.go:118:12:123:2 | struct literal | semmle.label | struct literal | | passwords.go:118:12:123:2 | struct literal [x] | semmle.label | struct literal [x] | | passwords.go:118:12:123:2 | struct literal [y] | semmle.label | struct literal [y] | | passwords.go:119:13:119:13 | x | semmle.label | x | | passwords.go:121:13:121:20 | password | semmle.label | password | | passwords.go:122:13:122:25 | call to getPassword | semmle.label | call to getPassword | -| passwords.go:125:2:125:20 | []type{args} [array, x] | semmle.label | []type{args} [array, x] | -| passwords.go:125:2:125:20 | []type{args} [array, y] | semmle.label | []type{args} [array, y] | -| passwords.go:125:2:125:20 | []type{args} [array] | semmle.label | []type{args} [array] | -| passwords.go:125:14:125:19 | config | semmle.label | config | | passwords.go:125:14:125:19 | config | semmle.label | config | -| passwords.go:125:14:125:19 | config [x] | semmle.label | config [x] | -| passwords.go:125:14:125:19 | config [y] | semmle.label | config [y] | | passwords.go:126:14:126:19 | config [x] | semmle.label | config [x] | | passwords.go:126:14:126:21 | selection of x | semmle.label | selection of x | | passwords.go:127:14:127:19 | config [y] | semmle.label | config [y] | diff --git a/go/ql/test/query-tests/Security/CWE-640/EmailInjection.expected b/go/ql/test/query-tests/Security/CWE-640/EmailInjection.expected index b729c7baf83c..ac5985f110d9 100644 --- a/go/ql/test/query-tests/Security/CWE-640/EmailInjection.expected +++ b/go/ql/test/query-tests/Security/CWE-640/EmailInjection.expected @@ -19,41 +19,17 @@ edges | main.go:46:21:46:31 | call to Referer | main.go:52:46:52:59 | untrustedInput | provenance | Src:MaD:2 | | main.go:46:21:46:31 | call to Referer | main.go:53:52:53:65 | untrustedInput | provenance | Src:MaD:2 | | main.go:58:21:58:31 | call to Referer | main.go:60:47:60:60 | untrustedInput | provenance | Src:MaD:2 | -| main.go:60:3:60:9 | definition of content | main.go:63:16:63:22 | content | provenance | | -| main.go:60:3:60:9 | definition of content | main.go:63:16:63:22 | content | provenance | | -| main.go:60:14:60:61 | call to NewContent | main.go:63:16:63:22 | content | provenance | | | main.go:60:14:60:61 | call to NewContent | main.go:63:16:63:22 | content | provenance | | | main.go:60:47:60:60 | untrustedInput | main.go:60:14:60:61 | call to NewContent | provenance | MaD:3 | -| main.go:63:3:63:23 | []type{args} [array] | main.go:60:3:60:9 | definition of content | provenance | | -| main.go:63:16:63:22 | content | main.go:63:3:63:23 | []type{args} [array] | provenance | | | main.go:68:21:68:31 | call to Referer | main.go:74:47:74:60 | untrustedInput | provenance | Src:MaD:2 | -| main.go:74:3:74:9 | definition of content | main.go:76:50:76:56 | content | provenance | | -| main.go:74:3:74:9 | definition of content | main.go:76:50:76:56 | content | provenance | | -| main.go:74:3:74:9 | definition of content | main.go:76:59:76:65 | content | provenance | | -| main.go:74:3:74:9 | definition of content | main.go:76:59:76:65 | content | provenance | | -| main.go:74:3:74:9 | definition of content | main.go:77:16:77:22 | content | provenance | | -| main.go:74:3:74:9 | definition of content | main.go:77:16:77:22 | content | provenance | | -| main.go:74:14:74:61 | call to NewContent | main.go:76:50:76:56 | content | provenance | | | main.go:74:14:74:61 | call to NewContent | main.go:76:50:76:56 | content | provenance | | | main.go:74:14:74:61 | call to NewContent | main.go:76:59:76:65 | content | provenance | | -| main.go:74:14:74:61 | call to NewContent | main.go:76:59:76:65 | content | provenance | | -| main.go:74:14:74:61 | call to NewContent | main.go:77:16:77:22 | content | provenance | | | main.go:74:14:74:61 | call to NewContent | main.go:77:16:77:22 | content | provenance | | | main.go:74:47:74:60 | untrustedInput | main.go:74:14:74:61 | call to NewContent | provenance | MaD:3 | -| main.go:76:8:76:66 | []type{args} [array] | main.go:74:3:74:9 | definition of content | provenance | | -| main.go:76:50:76:56 | content | main.go:76:8:76:66 | []type{args} [array] | provenance | | -| main.go:76:59:76:65 | content | main.go:76:8:76:66 | []type{args} [array] | provenance | | -| main.go:77:3:77:23 | []type{args} [array] | main.go:74:3:74:9 | definition of content | provenance | | -| main.go:77:16:77:22 | content | main.go:77:3:77:23 | []type{args} [array] | provenance | | | main.go:82:21:82:31 | call to Referer | main.go:89:37:89:50 | untrustedInput | provenance | Src:MaD:2 | | main.go:82:21:82:31 | call to Referer | main.go:91:48:91:61 | untrustedInput | provenance | Src:MaD:2 | -| main.go:91:3:91:10 | definition of content2 | main.go:93:16:93:23 | content2 | provenance | | -| main.go:91:3:91:10 | definition of content2 | main.go:93:16:93:23 | content2 | provenance | | -| main.go:91:15:91:62 | call to NewContent | main.go:93:16:93:23 | content2 | provenance | | | main.go:91:15:91:62 | call to NewContent | main.go:93:16:93:23 | content2 | provenance | | | main.go:91:48:91:61 | untrustedInput | main.go:91:15:91:62 | call to NewContent | provenance | MaD:3 | -| main.go:93:3:93:24 | []type{args} [array] | main.go:91:3:91:10 | definition of content2 | provenance | | -| main.go:93:16:93:23 | content2 | main.go:93:3:93:24 | []type{args} [array] | provenance | | models | 1 | Source: net/http; Request; true; Header; ; ; ; remote; manual | | 2 | Source: net/http; Request; true; Referer; ; ; ReturnValue; remote; manual | @@ -73,30 +49,18 @@ nodes | main.go:52:46:52:59 | untrustedInput | semmle.label | untrustedInput | | main.go:53:52:53:65 | untrustedInput | semmle.label | untrustedInput | | main.go:58:21:58:31 | call to Referer | semmle.label | call to Referer | -| main.go:60:3:60:9 | definition of content | semmle.label | definition of content | | main.go:60:14:60:61 | call to NewContent | semmle.label | call to NewContent | | main.go:60:47:60:60 | untrustedInput | semmle.label | untrustedInput | -| main.go:63:3:63:23 | []type{args} [array] | semmle.label | []type{args} [array] | -| main.go:63:16:63:22 | content | semmle.label | content | | main.go:63:16:63:22 | content | semmle.label | content | | main.go:68:21:68:31 | call to Referer | semmle.label | call to Referer | -| main.go:74:3:74:9 | definition of content | semmle.label | definition of content | | main.go:74:14:74:61 | call to NewContent | semmle.label | call to NewContent | | main.go:74:47:74:60 | untrustedInput | semmle.label | untrustedInput | -| main.go:76:8:76:66 | []type{args} [array] | semmle.label | []type{args} [array] | -| main.go:76:50:76:56 | content | semmle.label | content | | main.go:76:50:76:56 | content | semmle.label | content | | main.go:76:59:76:65 | content | semmle.label | content | -| main.go:76:59:76:65 | content | semmle.label | content | -| main.go:77:3:77:23 | []type{args} [array] | semmle.label | []type{args} [array] | -| main.go:77:16:77:22 | content | semmle.label | content | | main.go:77:16:77:22 | content | semmle.label | content | | main.go:82:21:82:31 | call to Referer | semmle.label | call to Referer | | main.go:89:37:89:50 | untrustedInput | semmle.label | untrustedInput | -| main.go:91:3:91:10 | definition of content2 | semmle.label | definition of content2 | | main.go:91:15:91:62 | call to NewContent | semmle.label | call to NewContent | | main.go:91:48:91:61 | untrustedInput | semmle.label | untrustedInput | -| main.go:93:3:93:24 | []type{args} [array] | semmle.label | []type{args} [array] | -| main.go:93:16:93:23 | content2 | semmle.label | content2 | | main.go:93:16:93:23 | content2 | semmle.label | content2 | subpaths diff --git a/java/ql/lib/CHANGELOG.md b/java/ql/lib/CHANGELOG.md index 09ee80087e8b..e7aa3c152dea 100644 --- a/java/ql/lib/CHANGELOG.md +++ b/java/ql/lib/CHANGELOG.md @@ -1,3 +1,24 @@ +## 6.0.0 + +### Breaking Changes + +* The class `ControlFlowNode` (and by extension `BasicBlock`) is no longer + directly equatable to `Expr` and `Stmt`. Any queries that have been + exploiting these equalities, for example by using casts, will need minor + updates in order to fix any compilation errors. Conversions can be inserted + in either direction depending on what is most convenient. Available + conversions include `Expr.getControlFlowNode()`, `Stmt.getControlFlowNode()`, + `ControlFlowNode.asExpr()`, `ControlFlowNode.asStmt()`, and + `ControlFlowNode.asCall()`. Exit nodes were until now modelled as a + `ControlFlowNode` equal to its enclosing `Callable`; these are now instead + modelled by the class `ControlFlow::ExitNode`. + +### Minor Analysis Improvements + +* Added `java.io.File.getName()` as a path injection sanitizer. +* The data flow library has been updated to track types in a slightly different way: The type of the tainted data (which may be stored into fields, etc.) is tracked more precisely, while the types of intermediate containers for nested contents is tracked less precisely. This may have a slight effect on false positives for complex flow paths. +* Added a sink for "Server-side request forgery" (`java/ssrf`) for the third parameter to org.springframework.web.client.RestTemplate.getForObject, when we cannot statically determine that it does not affect the host in the URL. + ## 5.0.0 ### Breaking Changes diff --git a/java/ql/lib/change-notes/2024-11-28-model-resttemplate-getforobject-third-parameter.md b/java/ql/lib/change-notes/2024-11-28-model-resttemplate-getforobject-third-parameter.md deleted file mode 100644 index 4f45d19e5e8c..000000000000 --- a/java/ql/lib/change-notes/2024-11-28-model-resttemplate-getforobject-third-parameter.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added a sink for "Server-side request forgery" (`java/ssrf`) for the third parameter to org.springframework.web.client.RestTemplate.getForObject, when we cannot statically determine that it does not affect the host in the URL. diff --git a/java/ql/lib/change-notes/2024-12-04-dataflow-type-pruning-tweak.md b/java/ql/lib/change-notes/2024-12-04-dataflow-type-pruning-tweak.md deleted file mode 100644 index 258c0e5326bc..000000000000 --- a/java/ql/lib/change-notes/2024-12-04-dataflow-type-pruning-tweak.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The data flow library has been updated to track types in a slightly different way: The type of the tainted data (which may be stored into fields, etc.) is tracked more precisely, while the types of intermediate containers for nested contents is tracked less precisely. This may have a slight effect on false positives for complex flow paths. diff --git a/java/ql/lib/change-notes/2024-12-06-file-getname.md b/java/ql/lib/change-notes/2024-12-06-file-getname.md deleted file mode 100644 index b2d1d271ab55..000000000000 --- a/java/ql/lib/change-notes/2024-12-06-file-getname.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added `java.io.File.getName()` as a path injection sanitizer. diff --git a/java/ql/lib/change-notes/2024-11-14-control-flow-graph-lightweight-IR-layer.md b/java/ql/lib/change-notes/released/6.0.0.md similarity index 50% rename from java/ql/lib/change-notes/2024-11-14-control-flow-graph-lightweight-IR-layer.md rename to java/ql/lib/change-notes/released/6.0.0.md index 2fbb6a537c7d..f66dd1b2bbf9 100644 --- a/java/ql/lib/change-notes/2024-11-14-control-flow-graph-lightweight-IR-layer.md +++ b/java/ql/lib/change-notes/released/6.0.0.md @@ -1,6 +1,7 @@ ---- -category: breaking ---- +## 6.0.0 + +### Breaking Changes + * The class `ControlFlowNode` (and by extension `BasicBlock`) is no longer directly equatable to `Expr` and `Stmt`. Any queries that have been exploiting these equalities, for example by using casts, will need minor @@ -11,3 +12,9 @@ category: breaking `ControlFlowNode.asCall()`. Exit nodes were until now modelled as a `ControlFlowNode` equal to its enclosing `Callable`; these are now instead modelled by the class `ControlFlow::ExitNode`. + +### Minor Analysis Improvements + +* Added `java.io.File.getName()` as a path injection sanitizer. +* The data flow library has been updated to track types in a slightly different way: The type of the tainted data (which may be stored into fields, etc.) is tracked more precisely, while the types of intermediate containers for nested contents is tracked less precisely. This may have a slight effect on false positives for complex flow paths. +* Added a sink for "Server-side request forgery" (`java/ssrf`) for the third parameter to org.springframework.web.client.RestTemplate.getForObject, when we cannot statically determine that it does not affect the host in the URL. diff --git a/java/ql/lib/codeql-pack.release.yml b/java/ql/lib/codeql-pack.release.yml index c9e54136ca5c..f8c4fa43ccb7 100644 --- a/java/ql/lib/codeql-pack.release.yml +++ b/java/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 5.0.0 +lastReleaseVersion: 6.0.0 diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index f892ca1c4500..18b74a919dd2 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 5.0.1-dev +version: 6.0.1-dev groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/CHANGELOG.md b/java/ql/src/CHANGELOG.md index 0bb38874b82f..c7148cba8d86 100644 --- a/java/ql/src/CHANGELOG.md +++ b/java/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.1.11 + +No user-facing changes. + ## 1.1.10 ### Minor Analysis Improvements diff --git a/java/ql/src/change-notes/released/1.1.11.md b/java/ql/src/change-notes/released/1.1.11.md new file mode 100644 index 000000000000..c94f527264ea --- /dev/null +++ b/java/ql/src/change-notes/released/1.1.11.md @@ -0,0 +1,3 @@ +## 1.1.11 + +No user-facing changes. diff --git a/java/ql/src/codeql-pack.release.yml b/java/ql/src/codeql-pack.release.yml index 4c01918d4144..121f8cf035d3 100644 --- a/java/ql/src/codeql-pack.release.yml +++ b/java/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.1.10 +lastReleaseVersion: 1.1.11 diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index 8ee211fb536f..c808e5db6b00 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 1.1.11-dev +version: 1.1.12-dev groups: - java - queries diff --git a/javascript/ql/lib/CHANGELOG.md b/javascript/ql/lib/CHANGELOG.md index ebe424935eb9..7aa60446f0e6 100644 --- a/javascript/ql/lib/CHANGELOG.md +++ b/javascript/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.2.1 + +No user-facing changes. + ## 2.2.0 ### Major Analysis Improvements diff --git a/javascript/ql/lib/change-notes/released/2.2.1.md b/javascript/ql/lib/change-notes/released/2.2.1.md new file mode 100644 index 000000000000..62b48f9d2e87 --- /dev/null +++ b/javascript/ql/lib/change-notes/released/2.2.1.md @@ -0,0 +1,3 @@ +## 2.2.1 + +No user-facing changes. diff --git a/javascript/ql/lib/codeql-pack.release.yml b/javascript/ql/lib/codeql-pack.release.yml index 2f3083541950..863e3cd380d9 100644 --- a/javascript/ql/lib/codeql-pack.release.yml +++ b/javascript/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.2.0 +lastReleaseVersion: 2.2.1 diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index 4d568ff48132..6b86693b913e 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 2.2.1-dev +version: 2.2.2-dev groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/CHANGELOG.md b/javascript/ql/src/CHANGELOG.md index 195298ec89f1..5bf4466796e9 100644 --- a/javascript/ql/src/CHANGELOG.md +++ b/javascript/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.2.6 + +No user-facing changes. + ## 1.2.5 No user-facing changes. diff --git a/javascript/ql/src/change-notes/released/1.2.6.md b/javascript/ql/src/change-notes/released/1.2.6.md new file mode 100644 index 000000000000..0832850ff8c2 --- /dev/null +++ b/javascript/ql/src/change-notes/released/1.2.6.md @@ -0,0 +1,3 @@ +## 1.2.6 + +No user-facing changes. diff --git a/javascript/ql/src/codeql-pack.release.yml b/javascript/ql/src/codeql-pack.release.yml index 40355f0807f9..24962f7ba24b 100644 --- a/javascript/ql/src/codeql-pack.release.yml +++ b/javascript/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.2.5 +lastReleaseVersion: 1.2.6 diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index 78f0585027b5..152a266ef965 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 1.2.6-dev +version: 1.2.7-dev groups: - javascript - queries diff --git a/misc/suite-helpers/CHANGELOG.md b/misc/suite-helpers/CHANGELOG.md index 5d46c57bf4e2..490b5dc360a0 100644 --- a/misc/suite-helpers/CHANGELOG.md +++ b/misc/suite-helpers/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.14 + +No user-facing changes. + ## 1.0.13 No user-facing changes. diff --git a/misc/suite-helpers/change-notes/released/1.0.14.md b/misc/suite-helpers/change-notes/released/1.0.14.md new file mode 100644 index 000000000000..84f6736f1a1b --- /dev/null +++ b/misc/suite-helpers/change-notes/released/1.0.14.md @@ -0,0 +1,3 @@ +## 1.0.14 + +No user-facing changes. diff --git a/misc/suite-helpers/codeql-pack.release.yml b/misc/suite-helpers/codeql-pack.release.yml index c3be7eb77163..3b484f28dfab 100644 --- a/misc/suite-helpers/codeql-pack.release.yml +++ b/misc/suite-helpers/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.13 +lastReleaseVersion: 1.0.14 diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml index eeb8f762b131..26c6f3aee9cc 100644 --- a/misc/suite-helpers/qlpack.yml +++ b/misc/suite-helpers/qlpack.yml @@ -1,4 +1,4 @@ name: codeql/suite-helpers -version: 1.0.14-dev +version: 1.0.15-dev groups: shared warnOnImplicitThis: true diff --git a/python/ql/lib/CHANGELOG.md b/python/ql/lib/CHANGELOG.md index 81c7659c4edd..aabefe63a420 100644 --- a/python/ql/lib/CHANGELOG.md +++ b/python/ql/lib/CHANGELOG.md @@ -1,3 +1,14 @@ +## 3.1.0 + +### New Features + +* Added support for parameter annotations in API graphs. This means that in a function definition such as `def foo(x: Bar): ...`, you can now use the `getInstanceFromAnnotation()` method to step from `Bar` to `x`. In addition to this, the `getAnInstance` method now also includes instances arising from parameter annotations. + +### Minor Analysis Improvements + +* Added modeling of `fastapi.Request` and `starlette.requests.Request` as sources of untrusted input, + and modeling of tainted data flow out of these request objects. + ## 3.0.0 ### Breaking Changes diff --git a/python/ql/lib/change-notes/2024-11-26-parameter-annotation-api-graph-support.md b/python/ql/lib/change-notes/2024-11-26-parameter-annotation-api-graph-support.md deleted file mode 100644 index 57bb1b4a0780..000000000000 --- a/python/ql/lib/change-notes/2024-11-26-parameter-annotation-api-graph-support.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: feature ---- - -- Added support for parameter annotations in API graphs. This means that in a function definition such as `def foo(x: Bar): ...`, you can now use the `getInstanceFromAnnotation()` method to step from `Bar` to `x`. In addition to this, the `getAnInstance` method now also includes instances arising from parameter annotations. diff --git a/python/ql/lib/change-notes/2024-12-18-fastapi-request-modeling.md b/python/ql/lib/change-notes/2024-12-18-fastapi-request-modeling.md deleted file mode 100644 index adc7d39653f7..000000000000 --- a/python/ql/lib/change-notes/2024-12-18-fastapi-request-modeling.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- -* Added modeling of `fastapi.Request` and `starlette.requests.Request` as sources of untrusted input, - and modeling of tainted data flow out of these request objects. diff --git a/python/ql/lib/change-notes/released/3.1.0.md b/python/ql/lib/change-notes/released/3.1.0.md new file mode 100644 index 000000000000..4b135bae79c4 --- /dev/null +++ b/python/ql/lib/change-notes/released/3.1.0.md @@ -0,0 +1,10 @@ +## 3.1.0 + +### New Features + +* Added support for parameter annotations in API graphs. This means that in a function definition such as `def foo(x: Bar): ...`, you can now use the `getInstanceFromAnnotation()` method to step from `Bar` to `x`. In addition to this, the `getAnInstance` method now also includes instances arising from parameter annotations. + +### Minor Analysis Improvements + +* Added modeling of `fastapi.Request` and `starlette.requests.Request` as sources of untrusted input, + and modeling of tainted data flow out of these request objects. diff --git a/python/ql/lib/codeql-pack.release.yml b/python/ql/lib/codeql-pack.release.yml index 33d3a2cd1139..82f62960aa3b 100644 --- a/python/ql/lib/codeql-pack.release.yml +++ b/python/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 3.0.0 +lastReleaseVersion: 3.1.0 diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index 147933b96fe8..2c1d49af4c46 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 3.0.1-dev +version: 3.1.1-dev groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/CHANGELOG.md b/python/ql/src/CHANGELOG.md index c247e217acf3..d5cacfc84018 100644 --- a/python/ql/src/CHANGELOG.md +++ b/python/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 1.4.0 + +### New Queries + +* The Server Side Template Injection query (`py/template-injection`), originally contributed to the experimental query pack by @porcupineyhairs, has been promoted to the main query suite. This query finds instances of templates for a template engine such as Jinja being constructed with user input. + ## 1.3.4 No user-facing changes. diff --git a/python/ql/src/change-notes/2024-11-21-template-injection.md b/python/ql/src/change-notes/released/1.4.0.md similarity index 78% rename from python/ql/src/change-notes/2024-11-21-template-injection.md rename to python/ql/src/change-notes/released/1.4.0.md index 7c604e9c9936..02acaabcb984 100644 --- a/python/ql/src/change-notes/2024-11-21-template-injection.md +++ b/python/ql/src/change-notes/released/1.4.0.md @@ -1,4 +1,5 @@ ---- -category: newQuery ---- -* The Server Side Template Injection query (`py/template-injection`), originally contributed to the experimental query pack by @porcupineyhairs, has been promoted to the main query suite. This query finds instances of templates for a template engine such as Jinja being constructed with user input. \ No newline at end of file +## 1.4.0 + +### New Queries + +* The Server Side Template Injection query (`py/template-injection`), originally contributed to the experimental query pack by @porcupineyhairs, has been promoted to the main query suite. This query finds instances of templates for a template engine such as Jinja being constructed with user input. diff --git a/python/ql/src/codeql-pack.release.yml b/python/ql/src/codeql-pack.release.yml index 8263ddf2c8b8..b8b2e97d5086 100644 --- a/python/ql/src/codeql-pack.release.yml +++ b/python/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.3.4 +lastReleaseVersion: 1.4.0 diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index d83b6433ac64..daed42ec94b7 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 1.3.5-dev +version: 1.4.1-dev groups: - python - queries diff --git a/ruby/ql/lib/CHANGELOG.md b/ruby/ql/lib/CHANGELOG.md index 737903a3232f..9179de3b7d5f 100644 --- a/ruby/ql/lib/CHANGELOG.md +++ b/ruby/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 3.0.1 + +No user-facing changes. + ## 3.0.0 ### Breaking Changes diff --git a/ruby/ql/lib/change-notes/released/3.0.1.md b/ruby/ql/lib/change-notes/released/3.0.1.md new file mode 100644 index 000000000000..ac5998ace618 --- /dev/null +++ b/ruby/ql/lib/change-notes/released/3.0.1.md @@ -0,0 +1,3 @@ +## 3.0.1 + +No user-facing changes. diff --git a/ruby/ql/lib/codeql-pack.release.yml b/ruby/ql/lib/codeql-pack.release.yml index 33d3a2cd1139..e3b15d965db6 100644 --- a/ruby/ql/lib/codeql-pack.release.yml +++ b/ruby/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 3.0.0 +lastReleaseVersion: 3.0.1 diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index ddf106c95bfa..fa3b6fbd3c36 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 3.0.1-dev +version: 3.0.2-dev groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/CHANGELOG.md b/ruby/ql/src/CHANGELOG.md index 5fe04780136b..7d341c3f8086 100644 --- a/ruby/ql/src/CHANGELOG.md +++ b/ruby/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.1.9 + +No user-facing changes. + ## 1.1.8 No user-facing changes. diff --git a/ruby/ql/src/change-notes/released/1.1.9.md b/ruby/ql/src/change-notes/released/1.1.9.md new file mode 100644 index 000000000000..f9d367d4248c --- /dev/null +++ b/ruby/ql/src/change-notes/released/1.1.9.md @@ -0,0 +1,3 @@ +## 1.1.9 + +No user-facing changes. diff --git a/ruby/ql/src/codeql-pack.release.yml b/ruby/ql/src/codeql-pack.release.yml index 64972659c426..6f4795f3ea0b 100644 --- a/ruby/ql/src/codeql-pack.release.yml +++ b/ruby/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.1.8 +lastReleaseVersion: 1.1.9 diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index 43bfe75f566d..6ece819a2d6e 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 1.1.9-dev +version: 1.1.10-dev groups: - ruby - queries diff --git a/shared/controlflow/CHANGELOG.md b/shared/controlflow/CHANGELOG.md index 285b39a43598..5f4501ed1e3d 100644 --- a/shared/controlflow/CHANGELOG.md +++ b/shared/controlflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.14 + +No user-facing changes. + ## 1.0.13 No user-facing changes. diff --git a/shared/controlflow/change-notes/released/1.0.14.md b/shared/controlflow/change-notes/released/1.0.14.md new file mode 100644 index 000000000000..84f6736f1a1b --- /dev/null +++ b/shared/controlflow/change-notes/released/1.0.14.md @@ -0,0 +1,3 @@ +## 1.0.14 + +No user-facing changes. diff --git a/shared/controlflow/codeql-pack.release.yml b/shared/controlflow/codeql-pack.release.yml index c3be7eb77163..3b484f28dfab 100644 --- a/shared/controlflow/codeql-pack.release.yml +++ b/shared/controlflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.13 +lastReleaseVersion: 1.0.14 diff --git a/shared/controlflow/qlpack.yml b/shared/controlflow/qlpack.yml index 268f142bd1be..900e7ad73550 100644 --- a/shared/controlflow/qlpack.yml +++ b/shared/controlflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/controlflow -version: 1.0.14-dev +version: 1.0.15-dev groups: shared library: true dependencies: diff --git a/shared/dataflow/CHANGELOG.md b/shared/dataflow/CHANGELOG.md index df038524d2d2..949660e33811 100644 --- a/shared/dataflow/CHANGELOG.md +++ b/shared/dataflow/CHANGELOG.md @@ -1,3 +1,9 @@ +## 1.1.8 + +### Minor Analysis Improvements + +* Added a module `DataFlow::DeduplicatePathGraph` that can be used to avoid generating duplicate path explanations in queries that use flow state. + ## 1.1.7 No user-facing changes. diff --git a/shared/dataflow/change-notes/2023-10-02-deduplicate-path-graph.md b/shared/dataflow/change-notes/released/1.1.8.md similarity index 77% rename from shared/dataflow/change-notes/2023-10-02-deduplicate-path-graph.md rename to shared/dataflow/change-notes/released/1.1.8.md index 30e71ade6afd..d951e6bf0c73 100644 --- a/shared/dataflow/change-notes/2023-10-02-deduplicate-path-graph.md +++ b/shared/dataflow/change-notes/released/1.1.8.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 1.1.8 + +### Minor Analysis Improvements + * Added a module `DataFlow::DeduplicatePathGraph` that can be used to avoid generating duplicate path explanations in queries that use flow state. diff --git a/shared/dataflow/codeql-pack.release.yml b/shared/dataflow/codeql-pack.release.yml index 759105565166..64972659c426 100644 --- a/shared/dataflow/codeql-pack.release.yml +++ b/shared/dataflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.1.7 +lastReleaseVersion: 1.1.8 diff --git a/shared/dataflow/qlpack.yml b/shared/dataflow/qlpack.yml index 6a8e8c3a4ae8..93379260c463 100644 --- a/shared/dataflow/qlpack.yml +++ b/shared/dataflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/dataflow -version: 1.1.8-dev +version: 1.1.9-dev groups: shared library: true dependencies: diff --git a/shared/mad/CHANGELOG.md b/shared/mad/CHANGELOG.md index 93a528a4f3c8..1b2146927e53 100644 --- a/shared/mad/CHANGELOG.md +++ b/shared/mad/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.14 + +No user-facing changes. + ## 1.0.13 No user-facing changes. diff --git a/shared/mad/change-notes/released/1.0.14.md b/shared/mad/change-notes/released/1.0.14.md new file mode 100644 index 000000000000..84f6736f1a1b --- /dev/null +++ b/shared/mad/change-notes/released/1.0.14.md @@ -0,0 +1,3 @@ +## 1.0.14 + +No user-facing changes. diff --git a/shared/mad/codeql-pack.release.yml b/shared/mad/codeql-pack.release.yml index c3be7eb77163..3b484f28dfab 100644 --- a/shared/mad/codeql-pack.release.yml +++ b/shared/mad/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.13 +lastReleaseVersion: 1.0.14 diff --git a/shared/mad/qlpack.yml b/shared/mad/qlpack.yml index 125bcad622d8..c77998a779ff 100644 --- a/shared/mad/qlpack.yml +++ b/shared/mad/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/mad -version: 1.0.14-dev +version: 1.0.15-dev groups: shared library: true dependencies: diff --git a/shared/rangeanalysis/CHANGELOG.md b/shared/rangeanalysis/CHANGELOG.md index 6b25d16e0f73..993922ecc49d 100644 --- a/shared/rangeanalysis/CHANGELOG.md +++ b/shared/rangeanalysis/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.14 + +No user-facing changes. + ## 1.0.13 No user-facing changes. diff --git a/shared/rangeanalysis/change-notes/released/1.0.14.md b/shared/rangeanalysis/change-notes/released/1.0.14.md new file mode 100644 index 000000000000..84f6736f1a1b --- /dev/null +++ b/shared/rangeanalysis/change-notes/released/1.0.14.md @@ -0,0 +1,3 @@ +## 1.0.14 + +No user-facing changes. diff --git a/shared/rangeanalysis/codeql-pack.release.yml b/shared/rangeanalysis/codeql-pack.release.yml index c3be7eb77163..3b484f28dfab 100644 --- a/shared/rangeanalysis/codeql-pack.release.yml +++ b/shared/rangeanalysis/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.13 +lastReleaseVersion: 1.0.14 diff --git a/shared/rangeanalysis/qlpack.yml b/shared/rangeanalysis/qlpack.yml index 62c8c1e46b6f..012485481395 100644 --- a/shared/rangeanalysis/qlpack.yml +++ b/shared/rangeanalysis/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rangeanalysis -version: 1.0.14-dev +version: 1.0.15-dev groups: shared library: true dependencies: diff --git a/shared/regex/CHANGELOG.md b/shared/regex/CHANGELOG.md index 54c3ed2b3070..45bb8da81db2 100644 --- a/shared/regex/CHANGELOG.md +++ b/shared/regex/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.14 + +No user-facing changes. + ## 1.0.13 No user-facing changes. diff --git a/shared/regex/change-notes/released/1.0.14.md b/shared/regex/change-notes/released/1.0.14.md new file mode 100644 index 000000000000..84f6736f1a1b --- /dev/null +++ b/shared/regex/change-notes/released/1.0.14.md @@ -0,0 +1,3 @@ +## 1.0.14 + +No user-facing changes. diff --git a/shared/regex/codeql-pack.release.yml b/shared/regex/codeql-pack.release.yml index c3be7eb77163..3b484f28dfab 100644 --- a/shared/regex/codeql-pack.release.yml +++ b/shared/regex/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.13 +lastReleaseVersion: 1.0.14 diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml index e2cda264dc86..2598750f3b61 100644 --- a/shared/regex/qlpack.yml +++ b/shared/regex/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/regex -version: 1.0.14-dev +version: 1.0.15-dev groups: shared library: true dependencies: diff --git a/shared/ssa/CHANGELOG.md b/shared/ssa/CHANGELOG.md index 01c19388c92f..d31fb6c6120c 100644 --- a/shared/ssa/CHANGELOG.md +++ b/shared/ssa/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.14 + +No user-facing changes. + ## 1.0.13 No user-facing changes. diff --git a/shared/ssa/change-notes/released/1.0.14.md b/shared/ssa/change-notes/released/1.0.14.md new file mode 100644 index 000000000000..84f6736f1a1b --- /dev/null +++ b/shared/ssa/change-notes/released/1.0.14.md @@ -0,0 +1,3 @@ +## 1.0.14 + +No user-facing changes. diff --git a/shared/ssa/codeql-pack.release.yml b/shared/ssa/codeql-pack.release.yml index c3be7eb77163..3b484f28dfab 100644 --- a/shared/ssa/codeql-pack.release.yml +++ b/shared/ssa/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.13 +lastReleaseVersion: 1.0.14 diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml index b146ce5bc913..b535eee60563 100644 --- a/shared/ssa/qlpack.yml +++ b/shared/ssa/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ssa -version: 1.0.14-dev +version: 1.0.15-dev groups: shared library: true dependencies: diff --git a/shared/threat-models/CHANGELOG.md b/shared/threat-models/CHANGELOG.md index 3c6fa155a322..2d5ba191d2eb 100644 --- a/shared/threat-models/CHANGELOG.md +++ b/shared/threat-models/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.14 + +No user-facing changes. + ## 1.0.13 No user-facing changes. diff --git a/shared/threat-models/change-notes/released/1.0.14.md b/shared/threat-models/change-notes/released/1.0.14.md new file mode 100644 index 000000000000..84f6736f1a1b --- /dev/null +++ b/shared/threat-models/change-notes/released/1.0.14.md @@ -0,0 +1,3 @@ +## 1.0.14 + +No user-facing changes. diff --git a/shared/threat-models/codeql-pack.release.yml b/shared/threat-models/codeql-pack.release.yml index c3be7eb77163..3b484f28dfab 100644 --- a/shared/threat-models/codeql-pack.release.yml +++ b/shared/threat-models/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.13 +lastReleaseVersion: 1.0.14 diff --git a/shared/threat-models/qlpack.yml b/shared/threat-models/qlpack.yml index 6ec41bbcc04b..903324ab6e70 100644 --- a/shared/threat-models/qlpack.yml +++ b/shared/threat-models/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/threat-models -version: 1.0.14-dev +version: 1.0.15-dev library: true groups: shared dataExtensions: diff --git a/shared/tutorial/CHANGELOG.md b/shared/tutorial/CHANGELOG.md index 1f4e7ad4ed3d..cc4652e04fff 100644 --- a/shared/tutorial/CHANGELOG.md +++ b/shared/tutorial/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.14 + +No user-facing changes. + ## 1.0.13 No user-facing changes. diff --git a/shared/tutorial/change-notes/released/1.0.14.md b/shared/tutorial/change-notes/released/1.0.14.md new file mode 100644 index 000000000000..84f6736f1a1b --- /dev/null +++ b/shared/tutorial/change-notes/released/1.0.14.md @@ -0,0 +1,3 @@ +## 1.0.14 + +No user-facing changes. diff --git a/shared/tutorial/codeql-pack.release.yml b/shared/tutorial/codeql-pack.release.yml index c3be7eb77163..3b484f28dfab 100644 --- a/shared/tutorial/codeql-pack.release.yml +++ b/shared/tutorial/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.13 +lastReleaseVersion: 1.0.14 diff --git a/shared/tutorial/qlpack.yml b/shared/tutorial/qlpack.yml index 6677c74eed4e..9268c70aa43c 100644 --- a/shared/tutorial/qlpack.yml +++ b/shared/tutorial/qlpack.yml @@ -1,7 +1,7 @@ name: codeql/tutorial description: Library for the CodeQL detective tutorials, helping new users learn to write CodeQL queries. -version: 1.0.14-dev +version: 1.0.15-dev groups: shared library: true warnOnImplicitThis: true diff --git a/shared/typeflow/CHANGELOG.md b/shared/typeflow/CHANGELOG.md index dd8fb7a60b2a..ac6192fd7d8b 100644 --- a/shared/typeflow/CHANGELOG.md +++ b/shared/typeflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.14 + +No user-facing changes. + ## 1.0.13 No user-facing changes. diff --git a/shared/typeflow/change-notes/released/1.0.14.md b/shared/typeflow/change-notes/released/1.0.14.md new file mode 100644 index 000000000000..84f6736f1a1b --- /dev/null +++ b/shared/typeflow/change-notes/released/1.0.14.md @@ -0,0 +1,3 @@ +## 1.0.14 + +No user-facing changes. diff --git a/shared/typeflow/codeql-pack.release.yml b/shared/typeflow/codeql-pack.release.yml index c3be7eb77163..3b484f28dfab 100644 --- a/shared/typeflow/codeql-pack.release.yml +++ b/shared/typeflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.13 +lastReleaseVersion: 1.0.14 diff --git a/shared/typeflow/qlpack.yml b/shared/typeflow/qlpack.yml index cd9e70bba8c4..10306beaf685 100644 --- a/shared/typeflow/qlpack.yml +++ b/shared/typeflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typeflow -version: 1.0.14-dev +version: 1.0.15-dev groups: shared library: true dependencies: diff --git a/shared/typetracking/CHANGELOG.md b/shared/typetracking/CHANGELOG.md index 0ab05873af4d..f651b953118f 100644 --- a/shared/typetracking/CHANGELOG.md +++ b/shared/typetracking/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.14 + +No user-facing changes. + ## 1.0.13 No user-facing changes. diff --git a/shared/typetracking/change-notes/released/1.0.14.md b/shared/typetracking/change-notes/released/1.0.14.md new file mode 100644 index 000000000000..84f6736f1a1b --- /dev/null +++ b/shared/typetracking/change-notes/released/1.0.14.md @@ -0,0 +1,3 @@ +## 1.0.14 + +No user-facing changes. diff --git a/shared/typetracking/codeql-pack.release.yml b/shared/typetracking/codeql-pack.release.yml index c3be7eb77163..3b484f28dfab 100644 --- a/shared/typetracking/codeql-pack.release.yml +++ b/shared/typetracking/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.13 +lastReleaseVersion: 1.0.14 diff --git a/shared/typetracking/qlpack.yml b/shared/typetracking/qlpack.yml index fbe63f0da01a..5f4f23526b6f 100644 --- a/shared/typetracking/qlpack.yml +++ b/shared/typetracking/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typetracking -version: 1.0.14-dev +version: 1.0.15-dev groups: shared library: true dependencies: diff --git a/shared/typos/CHANGELOG.md b/shared/typos/CHANGELOG.md index c0c3cea39485..924a3fc0a7bf 100644 --- a/shared/typos/CHANGELOG.md +++ b/shared/typos/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.14 + +No user-facing changes. + ## 1.0.13 No user-facing changes. diff --git a/shared/typos/change-notes/released/1.0.14.md b/shared/typos/change-notes/released/1.0.14.md new file mode 100644 index 000000000000..84f6736f1a1b --- /dev/null +++ b/shared/typos/change-notes/released/1.0.14.md @@ -0,0 +1,3 @@ +## 1.0.14 + +No user-facing changes. diff --git a/shared/typos/codeql-pack.release.yml b/shared/typos/codeql-pack.release.yml index c3be7eb77163..3b484f28dfab 100644 --- a/shared/typos/codeql-pack.release.yml +++ b/shared/typos/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.13 +lastReleaseVersion: 1.0.14 diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml index 250f729ab5f5..665e3ab8d14b 100644 --- a/shared/typos/qlpack.yml +++ b/shared/typos/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typos -version: 1.0.14-dev +version: 1.0.15-dev groups: shared library: true warnOnImplicitThis: true diff --git a/shared/util/CHANGELOG.md b/shared/util/CHANGELOG.md index e03d990b7471..9dd6c05d40a1 100644 --- a/shared/util/CHANGELOG.md +++ b/shared/util/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.1 + +No user-facing changes. + ## 2.0.0 ### Breaking Changes diff --git a/shared/util/change-notes/released/2.0.1.md b/shared/util/change-notes/released/2.0.1.md new file mode 100644 index 000000000000..b5b6d0dee915 --- /dev/null +++ b/shared/util/change-notes/released/2.0.1.md @@ -0,0 +1,3 @@ +## 2.0.1 + +No user-facing changes. diff --git a/shared/util/codeql-pack.release.yml b/shared/util/codeql-pack.release.yml index 0abe6ccede0f..fe974a4dbf37 100644 --- a/shared/util/codeql-pack.release.yml +++ b/shared/util/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.0 +lastReleaseVersion: 2.0.1 diff --git a/shared/util/qlpack.yml b/shared/util/qlpack.yml index b327c25a3d90..372d7a95b70a 100644 --- a/shared/util/qlpack.yml +++ b/shared/util/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/util -version: 2.0.1-dev +version: 2.0.2-dev groups: shared library: true dependencies: null diff --git a/shared/xml/CHANGELOG.md b/shared/xml/CHANGELOG.md index c3ebc31994b2..6837f7507d85 100644 --- a/shared/xml/CHANGELOG.md +++ b/shared/xml/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.14 + +No user-facing changes. + ## 1.0.13 No user-facing changes. diff --git a/shared/xml/change-notes/released/1.0.14.md b/shared/xml/change-notes/released/1.0.14.md new file mode 100644 index 000000000000..84f6736f1a1b --- /dev/null +++ b/shared/xml/change-notes/released/1.0.14.md @@ -0,0 +1,3 @@ +## 1.0.14 + +No user-facing changes. diff --git a/shared/xml/codeql-pack.release.yml b/shared/xml/codeql-pack.release.yml index c3be7eb77163..3b484f28dfab 100644 --- a/shared/xml/codeql-pack.release.yml +++ b/shared/xml/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.13 +lastReleaseVersion: 1.0.14 diff --git a/shared/xml/qlpack.yml b/shared/xml/qlpack.yml index 76c408c29202..e87c526b006c 100644 --- a/shared/xml/qlpack.yml +++ b/shared/xml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/xml -version: 1.0.14-dev +version: 1.0.15-dev groups: shared library: true dependencies: diff --git a/shared/yaml/CHANGELOG.md b/shared/yaml/CHANGELOG.md index 28fcbceec8ef..6e940e8d264a 100644 --- a/shared/yaml/CHANGELOG.md +++ b/shared/yaml/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.14 + +No user-facing changes. + ## 1.0.13 No user-facing changes. diff --git a/shared/yaml/change-notes/released/1.0.14.md b/shared/yaml/change-notes/released/1.0.14.md new file mode 100644 index 000000000000..84f6736f1a1b --- /dev/null +++ b/shared/yaml/change-notes/released/1.0.14.md @@ -0,0 +1,3 @@ +## 1.0.14 + +No user-facing changes. diff --git a/shared/yaml/codeql-pack.release.yml b/shared/yaml/codeql-pack.release.yml index c3be7eb77163..3b484f28dfab 100644 --- a/shared/yaml/codeql-pack.release.yml +++ b/shared/yaml/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.13 +lastReleaseVersion: 1.0.14 diff --git a/shared/yaml/qlpack.yml b/shared/yaml/qlpack.yml index 0c756e1edbbe..3f800572c973 100644 --- a/shared/yaml/qlpack.yml +++ b/shared/yaml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/yaml -version: 1.0.14-dev +version: 1.0.15-dev groups: shared library: true warnOnImplicitThis: true diff --git a/swift/ql/lib/CHANGELOG.md b/swift/ql/lib/CHANGELOG.md index ba76b51c80e3..c976d0c85143 100644 --- a/swift/ql/lib/CHANGELOG.md +++ b/swift/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 3.1.0 + +### Major Analysis Improvements + +* Upgraded to allow analysis of Swift 6.0.2. + ## 3.0.0 ### Breaking Changes diff --git a/swift/ql/lib/change-notes/2024-12-09-swift-6.md b/swift/ql/lib/change-notes/released/3.1.0.md similarity index 51% rename from swift/ql/lib/change-notes/2024-12-09-swift-6.md rename to swift/ql/lib/change-notes/released/3.1.0.md index e32344b28d83..655a8ad323a6 100644 --- a/swift/ql/lib/change-notes/2024-12-09-swift-6.md +++ b/swift/ql/lib/change-notes/released/3.1.0.md @@ -1,4 +1,5 @@ ---- -category: majorAnalysis ---- +## 3.1.0 + +### Major Analysis Improvements + * Upgraded to allow analysis of Swift 6.0.2. diff --git a/swift/ql/lib/codeql-pack.release.yml b/swift/ql/lib/codeql-pack.release.yml index 33d3a2cd1139..82f62960aa3b 100644 --- a/swift/ql/lib/codeql-pack.release.yml +++ b/swift/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 3.0.0 +lastReleaseVersion: 3.1.0 diff --git a/swift/ql/lib/qlpack.yml b/swift/ql/lib/qlpack.yml index 7752975faea0..2d7ecc9e029b 100644 --- a/swift/ql/lib/qlpack.yml +++ b/swift/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-all -version: 3.0.1-dev +version: 3.1.1-dev groups: swift extractor: swift dbscheme: swift.dbscheme diff --git a/swift/ql/src/CHANGELOG.md b/swift/ql/src/CHANGELOG.md index 73ac6bef86d7..a26a68434ebf 100644 --- a/swift/ql/src/CHANGELOG.md +++ b/swift/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.14 + +No user-facing changes. + ## 1.0.13 No user-facing changes. diff --git a/swift/ql/src/change-notes/released/1.0.14.md b/swift/ql/src/change-notes/released/1.0.14.md new file mode 100644 index 000000000000..84f6736f1a1b --- /dev/null +++ b/swift/ql/src/change-notes/released/1.0.14.md @@ -0,0 +1,3 @@ +## 1.0.14 + +No user-facing changes. diff --git a/swift/ql/src/codeql-pack.release.yml b/swift/ql/src/codeql-pack.release.yml index c3be7eb77163..3b484f28dfab 100644 --- a/swift/ql/src/codeql-pack.release.yml +++ b/swift/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.13 +lastReleaseVersion: 1.0.14 diff --git a/swift/ql/src/qlpack.yml b/swift/ql/src/qlpack.yml index ec8e2cb9932b..a99bde028caa 100644 --- a/swift/ql/src/qlpack.yml +++ b/swift/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-queries -version: 1.0.14-dev +version: 1.0.15-dev groups: - swift - queries