Releases: advanced-security/codeql-sap-js
Releases · advanced-security/codeql-sap-js
v2.23.8
What's Changed
- Upgrade CodeQL CLI dependency to v2.23.8 by @github-actions[bot] in #273
Full Changelog: v2.23.6...v2.23.8
v2.23.6
What's Changed
- Upgrade CodeQL CLI dependency to v2.23.6 by @github-actions[bot] in #262
- Add overlay[local?] to subclasses of TypeModel by @asgerf in #268
- ui5/webcomponents-react FP improvements for OOTB queries by @knewbury01 in #244
- Add extra documentation on test app by @knewbury01 in #269
- Add UI5 fragment support to cds extractor by @knewbury01 in #272
New Contributors
Full Changelog: v2.23.5...v2.23.6
Contributors
asgerf and knewbury01
Assets 2
v2.23.5
What's Changed
- Refactor CDS extractor for compatibility with upgraded CodeQL
v2.23.5by @github-actions[bot] in #254
Full Changelog: v2.5.0...v2.23.5
v2.5.0
What's Changed
- Fix CDS extractor database diagnostics to point to source-relative file paths by @data-douser in #239
- Add v4 support for ODataModel by @knewbury01 in #250
- Add UI5 missing models by @knewbury01 in #249
- Support dynamically instantiated UI5 controls placed at a DOM tree by @jeongsoolee09 in #240
- Bump tar from 7.5.1 to 7.5.2 in /javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example in the npm_and_yarn group across 1 directory by @dependabot[bot] in #251
- Update 'actions/*' versions to latest by @data-douser in #252
- feat(ci): Add QL-for-QL support by @GeekMasher in #164
- JS: align
ui5-xssquery severity with other XSS queries by @Napalys in #247 - Add to ui5 model by @knewbury01 in #253
New Contributors
- @GeekMasher made their first contribution in #164
- @Napalys made their first contribution in #247
Full Changelog: v2.4.0...v2.5.0
Contributors
GeekMasher, Napalys, and 4 other contributors
Assets 2
v2.4.0
What's Changed
- Update node dependencies for multiple subprojects by @data-douser in #237
- Fix shared flow step LogArgumentToListener by @knewbury01 in #242
- Bump the npm_and_yarn group across 2 directories with 1 update by @dependabot[bot] in #238
- Upgrade CodeQL CLI dependency to v2.23.3 by @github-actions[bot] in #246
Full Changelog: v2.3.0...v2.4.0
Contributors
knewbury01, dependabot, and data-douser
Assets 2
v2.3.0
What's Changed
- Bump the npm_and_yarn group across 1 directory with 3 updates by @dependabot[bot] in #204
- Bump tmp from 0.2.3 to 0.2.4 in /extractors/cds/tools in the npm_and_yarn group across 1 directory by @dependabot[bot] in #233
- Remove diagnostic query
ListXssPartialPathsby @jeongsoolee09 in #232 - Address deprecation of
PathExprand portZipSlipQueryby @jeongsoolee09 in #230 - Upgrade CodeQL CLI dependency to v2.23.1 by @github-actions[bot] in #234
- Bump qlpacks to 2.3.0 by @jeongsoolee09 in #235
- Address deprecation of
DbLocationby @jeongsoolee09 in #236
Full Changelog: v2.2.0...v2.3.0
Contributors
dependabot and jeongsoolee09
Assets 2
v2.2.0
What's Changed
- Add CDS Utils path injection query by @knewbury01 in #224
- Port
UI5PathGraphto use the newer data flow API by @jeongsoolee09 in #216 - Upgrade CodeQL CLI dependency to v2.23.0 by @github-actions[bot] in #228
- Bump qlpack versions to
2.2.0by @jeongsoolee09 in #231
Full Changelog: v2.1.0...v2.2.0
Contributors
knewbury01 and jeongsoolee09
Assets 2
v2.1.0
What's Changed
- Automatically open PR to upgrade CodeQL CLI dependencies by @lcartey in #215
- Update CodeQL CLI upgrade workflow to include GH_TOKEN by @lcartey in #217
- Upgrade CodeQL CLI dependency to v2.22.3 by @github-actions[bot] in #218
- Add cds utils modelling by @knewbury01 in #206
- Use CDS extractor diagnostics instead of exit error codes by @data-douser in #223
- Begin dataflow lib upgrade generic portions by @knewbury01 in #220
- Upgrade CodeQL CLI dependency to v2.22.4 by @github-actions[bot] in #225
- Address FN involving CAP remote flow sources by @jeongsoolee09 in #222
- Make CAP Log injection query more resilient and conservative by @jeongsoolee09 in #226
- Bump version to 2.1.0 from 2.0.0 by @jeongsoolee09 in #227
New Contributors
- @github-actions[bot] made their first contribution in #218
Full Changelog: v2.0.0...v2.1.0
Contributors
lcartey, knewbury01, and 2 other contributors
Assets 2
v2.0.0
What's Changed
- De-noise alert position by @jeongsoolee09 in #36
- Update expected results by @jeongsoolee09 in #38
- merge main by @mbaluda in #39
- Bump version: 1.0.0 and 1.0.1 by @jeongsoolee09 in #37
- Add first draft of
qhelpfor queries by @jeongsoolee09 in #33 - Improve test automation by @mbaluda in #41
- Prepare for 0.1.1 pack release by @jeongsoolee09 in #46
- Update UI5Clickjacking.ql precision by @mbaluda in #49
- Track dataflow through event handlers and their parameters by @mbaluda in #40
- Update codeql_tests.yml by @mbaluda in #47
- Avoid duplicate alerts by @mbaluda in #50
- Bump all versions to 0.2.0 by @jeongsoolee09 in #54
- Integrate QLT by @jsinglet in #53
- Delete codeql-sap-js.code-workspace by @mbaluda in #55
- Introduce new repository structure by @jeongsoolee09 in #56
- Add diagnostic queries by @rvermeulen in #60
- Generalize UI5 sources by @rvermeulen in #61
- Bump version to 0.3.0 by @jeongsoolee09 in #62
- Add diagnostic query to list partial paths by @rvermeulen in #63
- Broaden the requirements for an XML view by @rvermeulen in #65
- Upgrade CodeQL dependencies and bump pack versions by @rvermeulen in #68
- Add UI5 web app detection by @rvermeulen in #66
- Extend bindings modeling by @rvermeulen in #69
- Fix resource root resolve by @rvermeulen in #71
- Add heuristic model pack by @rvermeulen in #72
- Expand javascript bindings by @rvermeulen in #73
- Address CP between binding strings and static javascript binding by @rvermeulen in #75
- Remove tokens for QLT by @jsinglet in #76
- Cover CAP's Fluent API to construct
cds.qlqueries by @jeongsoolee09 in #29 - Trigger the unit test only on main by @rvermeulen in #74
- Detect XSS involving server-side models and controller handler parameters by @jeongsoolee09 in #67
- Bump version to
0.5.0by @jeongsoolee09 in #80 - CAP SQLi/LOGi queries by @mbaluda in #82
- Bump
codeql/javascript-allto^0.8.7by @jeongsoolee09 in #79 - Add cap cxn parse sink model and test by @knewbury01 in #83
- Path should not cross different apps by @mbaluda in #88
- Refine Code Scanning workflow configuration by @mbaluda in #85
- Implement CDS log sinks by @knewbury01 in #81
- Create query for vulnerability not specific to webapp security by @jeongsoolee09 in #78
- Add sarif-diff to Code Scanning workflow by @mbaluda in #58
- Optimize
UI5BindingPath.getNodeby @jeongsoolee09 in #92 - Edit dependencies, precision and suite file names by @jeongsoolee09 in #91
- Stylistic edits to help files by @jeongsoolee09 in #90
- Log-injection improvements by @mbaluda in #89
- Separate CAP from non-CAP alerts by @mbaluda in #96
- Upgrade QLT Version by @jsinglet in #97
- Cover missing XSS vulnerability by @jeongsoolee09 in #104
- Perform missing version ups from 0.5.0 to 0.6.0 by @jeongsoolee09 in #105
- fix paths for json files compiled from cds by @mbaluda in #106
- Cover multi-service log injection by @jeongsoolee09 in #94
- Bump remaining 0.5.0 to 0.6.0 by @jeongsoolee09 in #108
- Add authentication/authorization related PoCs by @jeongsoolee09 in #107
- Fix FN cap sources by @knewbury01 in #109
- Patch for cap remoteflowsource ServiceinCDSHandlerParameter by @knewbury01 in #110
- Bump CAP packs' version from 0.1.0 to 0.2.0 by @jeongsoolee09 in #114
- CodeQL version from
qlt.conf.jsonby @mbaluda in #119 - Add two log injection applications with custom listeners by @jeongsoolee09 in #116
- Remove
.expectedfiles by @jeongsoolee09 in #121 - Fix code-scanning workflow by @mbaluda in #122
- Adapt to modified
LGTM_env variables behavior by @mbaluda in #125 - Update urls for cql injection help file by @knewbury01 in #128
- Adjust cap log sinks by @knewbury01 in #130
- Use
qlt-actionfromadvanced-security/codeql-development-toolkitby @mbaluda in #131 - XSJS queries and CodeQL update by @mbaluda in #129
- Add sensitive information exposure query by @knewbury01 in #126
- Address CodeQL warnings by @mbaluda in #133
- Add fully qualified name matching on E2 sources by @knewbury01 in #137
- UI5 client side log-injection improvements by @mbaluda in #136
- Implement queries for authentication / authorization related issues by @jeongsoolee09 in #113
- Add help files to Authentication/Authorization queries by @jeongsoolee09 in #138
- Revert "Undo commit a79ebb-693132" by @mbaluda in #142
- Adds XSJS CSRF and authorization queries by @mbaluda in #144
- Implement
UnnecessarilyGrantedPrivilegedAccessRightsby @jeongsoolee09 in #139 - Add README for CAP and XSJS by @mbaluda in #147
- fix broken links by @mbaluda in #148
- Bump version of
qlpack.ymls for CAP release by @jeongsoolee09 in #149 - Deals with external .cds files by @mbaluda in #150
- Update README.md by @mbaluda in #151
- Prepare project for publishing by @mbaluda in #156
- Create SECURITY.md by @lcartey in #157
- Refine locations in the CDS file by @lcartey in #159
- Add a CodeQL extractor for SAP CAP cds files by @lcartey in #158
- Rename XSJS packs to remove
-async-qualifier by @lcartey in #160 - Remove cartesian product in
MkConstBindingPathComponentListby @lcartey in #161 - Capture and report CDS compilation errors by @lcartey in #162
- cds extractor: npm install in each
package.jsonby @lcartey in https://gi...
Contributors
rvermeulen, jsinglet, and 6 other contributors