Release preparation for version 2.17.4

cpp/ql/lib/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 1.0.0
+
+No user-facing changes.
+
 ## 0.13.1
 
 No user-facing changes.

cpp/ql/lib/change-notes/released/1.0.0.md

@@ -0,0 +1,3 @@
+## 1.0.0
+
+No user-facing changes.

cpp/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.13.1
+lastReleaseVersion: 1.0.0

cpp/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 1.0.0-dev
+version: 1.0.0
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp

cpp/ql/src/CHANGELOG.md

@@ -1,3 +1,10 @@
+## 1.0.0
+
+### Minor Analysis Improvements
+
+* The "Use of unique pointer after lifetime ends" query (`cpp/use-of-unique-pointer-after-lifetime-ends`) no longer reports an alert when the pointer is converted to a boolean
+* The "Variable not initialized before use" query (`cpp/not-initialised`) no longer reports an alert on static variables.
+
 ## 0.9.12
 
 ### New Queries

cpp/ql/src/change-notes/released/1.0.0.md

@@ -0,0 +1,6 @@
+## 1.0.0
+
+### Minor Analysis Improvements
+
+* The "Use of unique pointer after lifetime ends" query (`cpp/use-of-unique-pointer-after-lifetime-ends`) no longer reports an alert when the pointer is converted to a boolean
+* The "Variable not initialized before use" query (`cpp/not-initialised`) no longer reports an alert on static variables.

cpp/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.9.12
+lastReleaseVersion: 1.0.0

cpp/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 1.0.0-dev
+version: 1.0.0
 groups:
   - cpp
   - queries

csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 1.7.17
+
+No user-facing changes.
+
 ## 1.7.16
 
 No user-facing changes.

csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.17.md

@@ -0,0 +1,3 @@
+## 1.7.17
+
+No user-facing changes.

csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.16
+lastReleaseVersion: 1.7.17

csharp/ql/campaigns/Solorigate/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.7.17-dev
+version: 1.7.17
 groups:
   - csharp
   - solorigate

csharp/ql/campaigns/Solorigate/src/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 1.7.17
+
+No user-facing changes.
+
 ## 1.7.16
 
 No user-facing changes.

csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.17.md

@@ -0,0 +1,3 @@
+## 1.7.17
+
+No user-facing changes.

csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.16
+lastReleaseVersion: 1.7.17

csharp/ql/campaigns/Solorigate/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.7.17-dev
+version: 1.7.17
 groups:
   - csharp
   - solorigate

csharp/ql/lib/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 1.0.0
+
+No user-facing changes.
+
 ## 0.10.1
 
 No user-facing changes.

csharp/ql/lib/change-notes/released/1.0.0.md

@@ -0,0 +1,3 @@
+## 1.0.0
+
+No user-facing changes.

csharp/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.10.1
+lastReleaseVersion: 1.0.0

csharp/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 1.0.0-dev
+version: 1.0.0
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp

csharp/ql/src/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 1.0.0
+
+No user-facing changes.
+
 ## 0.8.16
 
 No user-facing changes.

csharp/ql/src/change-notes/released/1.0.0.md

@@ -0,0 +1,3 @@
+## 1.0.0
+
+No user-facing changes.

csharp/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.16
+lastReleaseVersion: 1.0.0

csharp/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 1.0.0-dev
+version: 1.0.0
 groups:
   - csharp
   - queries

go/ql/consistency-queries/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 1.0.0
+
+No user-facing changes.
+
 ## 0.0.15
 
 No user-facing changes.

go/ql/consistency-queries/change-notes/released/1.0.0.md

@@ -0,0 +1,3 @@
+## 1.0.0
+
+No user-facing changes.

go/ql/consistency-queries/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.15
+lastReleaseVersion: 1.0.0

go/ql/consistency-queries/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql-go-consistency-queries
-version: 1.0.0-dev
+version: 1.0.0
 groups:
   - go
   - queries

go/ql/lib/CHANGELOG.md

@@ -1,3 +1,11 @@
+## 1.0.0
+
+### Minor Analysis Improvements
+
+* A bug has been fixed which meant that the query `go/incorrect-integer-conversion` did not consider type assertions and type switches which use a defined type whose underlying type is an integer type. This may lead to fewer false positive alerts.
+* A bug has been fixed which meant flow was not followed through some ranged for loops. This may lead to more alerts being found.
+* Converted the models for the built-in functions `append`, `copy`, `max` and `min` to value flow and Models-as-Data.
+
 ## 0.8.1
 
 ### Minor Analysis Improvements

go/ql/lib/change-notes/released/1.0.0.md

@@ -0,0 +1,7 @@
+## 1.0.0
+
+### Minor Analysis Improvements
+
+* A bug has been fixed which meant that the query `go/incorrect-integer-conversion` did not consider type assertions and type switches which use a defined type whose underlying type is an integer type. This may lead to fewer false positive alerts.
+* A bug has been fixed which meant flow was not followed through some ranged for loops. This may lead to more alerts being found.
+* Converted the models for the built-in functions `append`, `copy`, `max` and `min` to value flow and Models-as-Data.

go/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.1
+lastReleaseVersion: 1.0.0

go/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 1.0.0-dev
+version: 1.0.0
 groups: go
 dbscheme: go.dbscheme
 extractor: go

go/ql/src/CHANGELOG.md

@@ -1,3 +1,9 @@
+## 1.0.0
+
+### Minor Analysis Improvements
+
+* The query `go/incorrect-integer-conversion` has now been restricted to only use flow through value-preserving steps. This reduces false positives, especially around type switches.
+
 ## 0.7.16
 
 No user-facing changes.

go/ql/src/change-notes/2024-05-14-incorrect-integer-conversion.md → go/ql/src/change-notes/released/1.0.0.md

@@ -1,4 +1,5 @@
----
-category: minorAnalysis
----
+## 1.0.0
+
+### Minor Analysis Improvements
+
 * The query `go/incorrect-integer-conversion` has now been restricted to only use flow through value-preserving steps. This reduces false positives, especially around type switches.

go/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.16
+lastReleaseVersion: 1.0.0

go/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 1.0.0-dev
+version: 1.0.0
 groups:
   - go
   - queries

java/ql/automodel/src/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 1.0.0
+
+No user-facing changes.
+
 ## 0.0.23
 
 No user-facing changes.

java/ql/automodel/src/change-notes/released/1.0.0.md

@@ -0,0 +1,3 @@
+## 1.0.0
+
+No user-facing changes.

java/ql/automodel/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.23
+lastReleaseVersion: 1.0.0

java/ql/automodel/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/java-automodel-queries
-version: 1.0.0-dev
+version: 1.0.0
 groups:
     - java
     - automodel

java/ql/lib/CHANGELOG.md

@@ -1,3 +1,9 @@
+## 1.0.0
+
+### Minor Analysis Improvements
+
+* JDK version detection based on Gradle projects has been improved. Java extraction using build-modes `autobuild` or `none` is more likely to pick an appropriate JDK version, particularly when the Android Gradle Plugin or Spring Boot Plugin are in use.
+
 ## 0.11.0
 
 ### Breaking Changes

java/ql/lib/change-notes/2024-05-16-gradle-jdk-detection.md → java/ql/lib/change-notes/released/1.0.0.md

@@ -1,4 +1,5 @@
----
-category: minorAnalysis
----
+## 1.0.0
+
+### Minor Analysis Improvements
+
 * JDK version detection based on Gradle projects has been improved. Java extraction using build-modes `autobuild` or `none` is more likely to pick an appropriate JDK version, particularly when the Android Gradle Plugin or Spring Boot Plugin are in use.

java/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.11.0
+lastReleaseVersion: 1.0.0

java/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 1.0.0-dev
+version: 1.0.0
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java

java/ql/src/CHANGELOG.md

@@ -1,3 +1,13 @@
+## 1.0.0
+
+### Breaking Changes
+
+* Removed `local` query variants. The results pertaining to local sources can be found using the non-local counterpart query. As an example, the results previously found by `java/unvalidated-url-redirection-local` can be found by `java/unvalidated-url-redirection`, if the `local` threat model is enabled. The removed queries are `java/path-injection-local`, `java/command-line-injection-local`, `java/xss-local`, `java/sql-injection-local`, `java/http-response-splitting-local`, `java/improper-validation-of-array-construction-local`, `java/improper-validation-of-array-index-local`, `java/tainted-format-string-local`, `java/tainted-arithmetic-local`, `java/unvalidated-url-redirection-local`, `java/xxe-local` and `java/tainted-numeric-cast-local`.
+
+### Minor Analysis Improvements
+
+* The sanitizer of the query `java/zipslip` has been improved to include nodes that are safe due to having certain safe types. This reduces false positives. 
+
 ## 0.8.16
 
 No user-facing changes.

java/ql/src/change-notes/2024-05-01-remove-local-query-variants.md → java/ql/src/change-notes/released/1.0.0.md

@@ -1,4 +1,9 @@
----
-category: breaking
----
+## 1.0.0
+
+### Breaking Changes
+
 * Removed `local` query variants. The results pertaining to local sources can be found using the non-local counterpart query. As an example, the results previously found by `java/unvalidated-url-redirection-local` can be found by `java/unvalidated-url-redirection`, if the `local` threat model is enabled. The removed queries are `java/path-injection-local`, `java/command-line-injection-local`, `java/xss-local`, `java/sql-injection-local`, `java/http-response-splitting-local`, `java/improper-validation-of-array-construction-local`, `java/improper-validation-of-array-index-local`, `java/tainted-format-string-local`, `java/tainted-arithmetic-local`, `java/unvalidated-url-redirection-local`, `java/xxe-local` and `java/tainted-numeric-cast-local`.
+
+### Minor Analysis Improvements
+
+* The sanitizer of the query `java/zipslip` has been improved to include nodes that are safe due to having certain safe types. This reduces false positives. 

java/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.16
+lastReleaseVersion: 1.0.0

java/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 1.0.0-dev
+version: 1.0.0
 groups:
   - java
   - queries

javascript/ql/lib/CHANGELOG.md

@@ -1,3 +1,13 @@
+## 1.0.0
+
+### Minor Analysis Improvements
+
+* Additional heuristics for a new sensitive data classification for private information (e.g. credit card numbers) have been added to the shared `SensitiveDataHeuristics.qll` library. This may result in additional results for queries that use sensitive data such as `js/clear-text-storage-sensitive-data` and `js/clear-text-logging`.
+
+### Bug Fixes
+
+* Fixed a bug where very large TypeScript files would cause database creation to crash. Large files over 10MB were already excluded from analysis, but the file size check was not applied to TypeScript files.
+
 ## 0.9.1
 
 No user-facing changes.

javascript/ql/lib/change-notes/2024-05-09-sensitive-heuristics.md → javascript/ql/lib/change-notes/released/1.0.0.md

@@ -1,4 +1,9 @@
----
-category: minorAnalysis
----
-* Additional heuristics for a new sensitive data classification for private information (e.g. credit card numbers) have been added to the shared `SensitiveDataHeuristics.qll` library. This may result in additional results for queries that use sensitive data such as `js/clear-text-storage-sensitive-data` and `js/clear-text-logging`.
+## 1.0.0
+
+### Minor Analysis Improvements
+
+* Additional heuristics for a new sensitive data classification for private information (e.g. credit card numbers) have been added to the shared `SensitiveDataHeuristics.qll` library. This may result in additional results for queries that use sensitive data such as `js/clear-text-storage-sensitive-data` and `js/clear-text-logging`.
+
+### Bug Fixes
+
+* Fixed a bug where very large TypeScript files would cause database creation to crash. Large files over 10MB were already excluded from analysis, but the file size check was not applied to TypeScript files.

javascript/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.9.1
+lastReleaseVersion: 1.0.0

javascript/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/javascript-all
-version: 1.0.0-dev
+version: 1.0.0
 groups: javascript
 dbscheme: semmlecode.javascript.dbscheme
 extractor: javascript