From e089d00e66d135295442ce016338dd9603f3fead Mon Sep 17 00:00:00 2001 From: felickz <1760475+felickz@users.noreply.github.com> Date: Sat, 11 Jul 2026 01:54:41 +0000 Subject: [PATCH 1/5] chore: bump pinned CodeQL CLI to v2.24.3 and release v0.5.0 --- .codeqlversion | 2 +- .release.yml | 2 +- cpp/lib/codeql-pack.lock.yml | 24 ++++++++++----------- cpp/lib/qlpack.yml | 4 ++-- cpp/src/codeql-pack.lock.yml | 28 ++++++++++++------------- cpp/src/qlpack.yml | 6 +++--- cpp/test/codeql-pack.lock.yml | 28 ++++++++++++------------- cpp/test/qlpack.yml | 4 ++-- csharp/ext-library-sources/qlpack.yml | 4 ++-- csharp/ext/qlpack.yml | 4 ++-- csharp/lib/codeql-pack.lock.yml | 20 +++++++++--------- csharp/lib/qlpack.yml | 4 ++-- csharp/src/codeql-pack.lock.yml | 24 ++++++++++----------- csharp/src/qlpack.yml | 6 +++--- csharp/test/codeql-pack.lock.yml | 24 ++++++++++----------- csharp/test/qlpack.yml | 4 ++-- go/ext/qlpack.yml | 4 ++-- go/lib/codeql-pack.lock.yml | 20 +++++++++--------- go/lib/qlpack.yml | 4 ++-- go/src/codeql-pack.lock.yml | 20 +++++++++--------- go/src/qlpack.yml | 4 ++-- go/test/codeql-pack.lock.yml | 20 +++++++++--------- go/test/qlpack.yml | 2 +- java/ext-library-sources/qlpack.yml | 4 ++-- java/ext/qlpack.yml | 4 ++-- java/lib/codeql-pack.lock.yml | 28 ++++++++++++------------- java/lib/qlpack.yml | 4 ++-- java/src/codeql-pack.lock.yml | 28 ++++++++++++------------- java/src/qlpack.yml | 4 ++-- java/test/codeql-pack.lock.yml | 28 ++++++++++++------------- java/test/qlpack.yml | 2 +- javascript/lib/codeql-pack.lock.yml | 26 +++++++++++------------ javascript/lib/qlpack.yml | 4 ++-- javascript/src/codeql-pack.lock.yml | 26 +++++++++++------------ javascript/src/qlpack.yml | 4 ++-- javascript/test/codeql-pack.lock.yml | 26 +++++++++++------------ javascript/test/qlpack.yml | 2 +- python/ext/qlpack.yml | 4 ++-- python/lib/codeql-pack.lock.yml | 26 +++++++++++------------ python/lib/qlpack.yml | 4 ++-- python/src/codeql-pack.lock.yml | 26 +++++++++++------------ python/src/qlpack.yml | 4 ++-- python/test/codeql-pack.lock.yml | 30 +++++++++++++-------------- python/test/qlpack.yml | 4 ++-- ruby/lib/codeql-pack.lock.yml | 20 +++++++++--------- ruby/lib/qlpack.yml | 4 ++-- ruby/src/codeql-pack.lock.yml | 20 +++++++++--------- ruby/src/qlpack.yml | 4 ++-- ruby/test/codeql-pack.lock.yml | 24 ++++++++++----------- ruby/test/qlpack.yml | 4 ++-- 50 files changed, 313 insertions(+), 313 deletions(-) diff --git a/.codeqlversion b/.codeqlversion index eb43aa2c..29690d10 100644 --- a/.codeqlversion +++ b/.codeqlversion @@ -1 +1 @@ -2.23.9 +2.24.3 diff --git a/.release.yml b/.release.yml index 2843cada..8eef7625 100644 --- a/.release.yml +++ b/.release.yml @@ -1,6 +1,6 @@ name: "CodeQL Community Packs" repository: "githubsecuritylab/codeql-community-packs" -version: "0.4.0" +version: "0.5.0" prerelease: false ecosystem: CodeQL diff --git a/cpp/lib/codeql-pack.lock.yml b/cpp/lib/codeql-pack.lock.yml index bde92c18..51cf27b7 100644 --- a/cpp/lib/codeql-pack.lock.yml +++ b/cpp/lib/codeql-pack.lock.yml @@ -2,27 +2,27 @@ lockVersion: 1.0.0 dependencies: codeql/controlflow: - version: 2.0.23 + version: 2.0.27 codeql/cpp-all: - version: 6.1.4 + version: 8.0.0 codeql/dataflow: - version: 2.0.23 + version: 2.0.27 codeql/mad: - version: 1.0.39 + version: 1.0.43 codeql/quantum: - version: 0.0.17 + version: 0.0.21 codeql/rangeanalysis: - version: 1.0.39 + version: 1.0.43 codeql/ssa: - version: 2.0.15 + version: 2.0.19 codeql/tutorial: - version: 1.0.39 + version: 1.0.43 codeql/typeflow: - version: 1.0.39 + version: 1.0.43 codeql/typetracking: - version: 2.0.23 + version: 2.0.27 codeql/util: - version: 2.0.26 + version: 2.0.30 codeql/xml: - version: 1.0.39 + version: 1.0.43 compiled: false diff --git a/cpp/lib/qlpack.yml b/cpp/lib/qlpack.yml index 9f60be8b..7cda41c4 100644 --- a/cpp/lib/qlpack.yml +++ b/cpp/lib/qlpack.yml @@ -1,5 +1,5 @@ library: true name: githubsecuritylab/codeql-cpp-libs -version: 0.4.0 +version: 0.5.0 dependencies: - codeql/cpp-all: '6.1.4' + codeql/cpp-all: '8.0.0' diff --git a/cpp/src/codeql-pack.lock.yml b/cpp/src/codeql-pack.lock.yml index 8aaff64e..04bd0c8a 100644 --- a/cpp/src/codeql-pack.lock.yml +++ b/cpp/src/codeql-pack.lock.yml @@ -2,31 +2,31 @@ lockVersion: 1.0.0 dependencies: codeql/controlflow: - version: 2.0.23 + version: 2.0.27 codeql/cpp-all: - version: 6.1.4 + version: 8.0.0 codeql/cpp-queries: - version: 1.5.8 + version: 1.5.12 codeql/dataflow: - version: 2.0.23 + version: 2.0.27 codeql/mad: - version: 1.0.39 + version: 1.0.43 codeql/quantum: - version: 0.0.17 + version: 0.0.21 codeql/rangeanalysis: - version: 1.0.39 + version: 1.0.43 codeql/ssa: - version: 2.0.15 + version: 2.0.19 codeql/suite-helpers: - version: 1.0.39 + version: 1.0.43 codeql/tutorial: - version: 1.0.39 + version: 1.0.43 codeql/typeflow: - version: 1.0.39 + version: 1.0.43 codeql/typetracking: - version: 2.0.23 + version: 2.0.27 codeql/util: - version: 2.0.26 + version: 2.0.30 codeql/xml: - version: 1.0.39 + version: 1.0.43 compiled: false diff --git a/cpp/src/qlpack.yml b/cpp/src/qlpack.yml index bc23ff5a..bad8856c 100644 --- a/cpp/src/qlpack.yml +++ b/cpp/src/qlpack.yml @@ -1,9 +1,9 @@ library: false name: githubsecuritylab/codeql-cpp-queries -version: 0.4.0 +version: 0.5.0 suites: suites defaultSuiteFile: suites/cpp.qls dependencies: - codeql/cpp-all: '6.1.4' - codeql/cpp-queries: '1.5.8' + codeql/cpp-all: '8.0.0' + codeql/cpp-queries: '1.5.12' githubsecuritylab/codeql-cpp-libs: '*' diff --git a/cpp/test/codeql-pack.lock.yml b/cpp/test/codeql-pack.lock.yml index 8aaff64e..04bd0c8a 100644 --- a/cpp/test/codeql-pack.lock.yml +++ b/cpp/test/codeql-pack.lock.yml @@ -2,31 +2,31 @@ lockVersion: 1.0.0 dependencies: codeql/controlflow: - version: 2.0.23 + version: 2.0.27 codeql/cpp-all: - version: 6.1.4 + version: 8.0.0 codeql/cpp-queries: - version: 1.5.8 + version: 1.5.12 codeql/dataflow: - version: 2.0.23 + version: 2.0.27 codeql/mad: - version: 1.0.39 + version: 1.0.43 codeql/quantum: - version: 0.0.17 + version: 0.0.21 codeql/rangeanalysis: - version: 1.0.39 + version: 1.0.43 codeql/ssa: - version: 2.0.15 + version: 2.0.19 codeql/suite-helpers: - version: 1.0.39 + version: 1.0.43 codeql/tutorial: - version: 1.0.39 + version: 1.0.43 codeql/typeflow: - version: 1.0.39 + version: 1.0.43 codeql/typetracking: - version: 2.0.23 + version: 2.0.27 codeql/util: - version: 2.0.26 + version: 2.0.30 codeql/xml: - version: 1.0.39 + version: 1.0.43 compiled: false diff --git a/cpp/test/qlpack.yml b/cpp/test/qlpack.yml index 8bf0f5f3..48d70103 100644 --- a/cpp/test/qlpack.yml +++ b/cpp/test/qlpack.yml @@ -1,8 +1,8 @@ name: githubsecurtylab/codeql-cpp-tests groups: [cpp, test] dependencies: - codeql/cpp-all: '6.1.4' - codeql/cpp-queries: '1.5.8' + codeql/cpp-all: '8.0.0' + codeql/cpp-queries: '1.5.12' githubsecuritylab/codeql-cpp-queries: '*' githubsecuritylab/codeql-cpp-libs: '*' extractor: cpp diff --git a/csharp/ext-library-sources/qlpack.yml b/csharp/ext-library-sources/qlpack.yml index 66cce996..12dd08f6 100644 --- a/csharp/ext-library-sources/qlpack.yml +++ b/csharp/ext-library-sources/qlpack.yml @@ -1,8 +1,8 @@ library: true name: githubsecuritylab/codeql-csharp-library-sources -version: 0.4.0 +version: 0.5.0 extensionTargets: - codeql/csharp-all: '5.4.4' + codeql/csharp-all: '5.4.8' dataExtensions: - 'manual/*.yml' - 'manual/**/*.yml' diff --git a/csharp/ext/qlpack.yml b/csharp/ext/qlpack.yml index e5ad844d..625b5e48 100644 --- a/csharp/ext/qlpack.yml +++ b/csharp/ext/qlpack.yml @@ -1,8 +1,8 @@ library: true name: githubsecuritylab/codeql-csharp-extensions -version: 0.4.0 +version: 0.5.0 extensionTargets: - codeql/csharp-all: '5.4.4' + codeql/csharp-all: '5.4.8' dataExtensions: - 'manual/*.yml' - 'manual/**/*.yml' diff --git a/csharp/lib/codeql-pack.lock.yml b/csharp/lib/codeql-pack.lock.yml index 0580cdfb..316713e2 100644 --- a/csharp/lib/codeql-pack.lock.yml +++ b/csharp/lib/codeql-pack.lock.yml @@ -2,23 +2,23 @@ lockVersion: 1.0.0 dependencies: codeql/controlflow: - version: 2.0.23 + version: 2.0.27 codeql/csharp-all: - version: 5.4.4 + version: 5.4.8 codeql/dataflow: - version: 2.0.23 + version: 2.0.27 codeql/mad: - version: 1.0.39 + version: 1.0.43 codeql/ssa: - version: 2.0.15 + version: 2.0.19 codeql/threat-models: - version: 1.0.39 + version: 1.0.43 codeql/tutorial: - version: 1.0.39 + version: 1.0.43 codeql/typetracking: - version: 2.0.23 + version: 2.0.27 codeql/util: - version: 2.0.26 + version: 2.0.30 codeql/xml: - version: 1.0.39 + version: 1.0.43 compiled: false diff --git a/csharp/lib/qlpack.yml b/csharp/lib/qlpack.yml index 79d1fb97..c4d5e223 100644 --- a/csharp/lib/qlpack.yml +++ b/csharp/lib/qlpack.yml @@ -1,5 +1,5 @@ library: true name: githubsecuritylab/codeql-csharp-libs -version: 0.4.0 +version: 0.5.0 dependencies: - codeql/csharp-all: "5.4.4" + codeql/csharp-all: "5.4.8" diff --git a/csharp/src/codeql-pack.lock.yml b/csharp/src/codeql-pack.lock.yml index b31e6644..1955b2f0 100644 --- a/csharp/src/codeql-pack.lock.yml +++ b/csharp/src/codeql-pack.lock.yml @@ -2,27 +2,27 @@ lockVersion: 1.0.0 dependencies: codeql/controlflow: - version: 2.0.23 + version: 2.0.27 codeql/csharp-all: - version: 5.4.4 + version: 5.4.8 codeql/csharp-queries: - version: 1.5.4 + version: 1.6.3 codeql/dataflow: - version: 2.0.23 + version: 2.0.27 codeql/mad: - version: 1.0.39 + version: 1.0.43 codeql/ssa: - version: 2.0.15 + version: 2.0.19 codeql/suite-helpers: - version: 1.0.39 + version: 1.0.43 codeql/threat-models: - version: 1.0.39 + version: 1.0.43 codeql/tutorial: - version: 1.0.39 + version: 1.0.43 codeql/typetracking: - version: 2.0.23 + version: 2.0.27 codeql/util: - version: 2.0.26 + version: 2.0.30 codeql/xml: - version: 1.0.39 + version: 1.0.43 compiled: false diff --git a/csharp/src/qlpack.yml b/csharp/src/qlpack.yml index 6dd5353b..3d68ada7 100644 --- a/csharp/src/qlpack.yml +++ b/csharp/src/qlpack.yml @@ -1,9 +1,9 @@ library: false name: githubsecuritylab/codeql-csharp-queries -version: 0.4.0 +version: 0.5.0 suites: suites defaultSuiteFile: suites/csharp.qls dependencies: - codeql/csharp-all: "5.4.4" - codeql/csharp-queries: "1.5.4" # Required for Dependencies.ql + codeql/csharp-all: "5.4.8" + codeql/csharp-queries: "1.6.3" # Required for Dependencies.ql githubsecuritylab/codeql-csharp-libs: "*" diff --git a/csharp/test/codeql-pack.lock.yml b/csharp/test/codeql-pack.lock.yml index b31e6644..1955b2f0 100644 --- a/csharp/test/codeql-pack.lock.yml +++ b/csharp/test/codeql-pack.lock.yml @@ -2,27 +2,27 @@ lockVersion: 1.0.0 dependencies: codeql/controlflow: - version: 2.0.23 + version: 2.0.27 codeql/csharp-all: - version: 5.4.4 + version: 5.4.8 codeql/csharp-queries: - version: 1.5.4 + version: 1.6.3 codeql/dataflow: - version: 2.0.23 + version: 2.0.27 codeql/mad: - version: 1.0.39 + version: 1.0.43 codeql/ssa: - version: 2.0.15 + version: 2.0.19 codeql/suite-helpers: - version: 1.0.39 + version: 1.0.43 codeql/threat-models: - version: 1.0.39 + version: 1.0.43 codeql/tutorial: - version: 1.0.39 + version: 1.0.43 codeql/typetracking: - version: 2.0.23 + version: 2.0.27 codeql/util: - version: 2.0.26 + version: 2.0.30 codeql/xml: - version: 1.0.39 + version: 1.0.43 compiled: false diff --git a/csharp/test/qlpack.yml b/csharp/test/qlpack.yml index 04082172..ad8f44c2 100644 --- a/csharp/test/qlpack.yml +++ b/csharp/test/qlpack.yml @@ -1,8 +1,8 @@ name: githubsecurtylab/codeql-csharp-tests groups: [csharp, test] dependencies: - codeql/csharp-all: "5.4.4" - codeql/csharp-queries: "1.5.4" + codeql/csharp-all: "5.4.8" + codeql/csharp-queries: "1.6.3" githubsecuritylab/codeql-csharp-extensions: "*" githubsecuritylab/codeql-csharp-library-sources: "*" githubsecuritylab/codeql-csharp-libs: "*" diff --git a/go/ext/qlpack.yml b/go/ext/qlpack.yml index 5d983e4f..48c96a2a 100644 --- a/go/ext/qlpack.yml +++ b/go/ext/qlpack.yml @@ -1,8 +1,8 @@ library: true name: githubsecuritylab/codeql-go-extensions -version: 0.4.0 +version: 0.5.0 extensionTargets: - codeql/go-all: '5.0.6' + codeql/go-all: '7.0.1' dataExtensions: - 'manual/*.yml' - 'manual/**/*.yml' diff --git a/go/lib/codeql-pack.lock.yml b/go/lib/codeql-pack.lock.yml index a662ba02..213af3bc 100644 --- a/go/lib/codeql-pack.lock.yml +++ b/go/lib/codeql-pack.lock.yml @@ -2,23 +2,23 @@ lockVersion: 1.0.0 dependencies: codeql/concepts: - version: 0.0.13 + version: 0.0.17 codeql/controlflow: - version: 2.0.23 + version: 2.0.27 codeql/dataflow: - version: 2.0.23 + version: 2.0.27 codeql/go-all: - version: 5.0.6 + version: 7.0.1 codeql/mad: - version: 1.0.39 + version: 1.0.43 codeql/ssa: - version: 2.0.15 + version: 2.0.19 codeql/threat-models: - version: 1.0.39 + version: 1.0.43 codeql/tutorial: - version: 1.0.39 + version: 1.0.43 codeql/typetracking: - version: 2.0.23 + version: 2.0.27 codeql/util: - version: 2.0.26 + version: 2.0.30 compiled: false diff --git a/go/lib/qlpack.yml b/go/lib/qlpack.yml index 372cbb53..6132c96e 100644 --- a/go/lib/qlpack.yml +++ b/go/lib/qlpack.yml @@ -1,5 +1,5 @@ library: true name: githubsecuritylab/codeql-go-libs -version: 0.4.0 +version: 0.5.0 dependencies: - codeql/go-all: '5.0.6' + codeql/go-all: '7.0.1' diff --git a/go/src/codeql-pack.lock.yml b/go/src/codeql-pack.lock.yml index a662ba02..213af3bc 100644 --- a/go/src/codeql-pack.lock.yml +++ b/go/src/codeql-pack.lock.yml @@ -2,23 +2,23 @@ lockVersion: 1.0.0 dependencies: codeql/concepts: - version: 0.0.13 + version: 0.0.17 codeql/controlflow: - version: 2.0.23 + version: 2.0.27 codeql/dataflow: - version: 2.0.23 + version: 2.0.27 codeql/go-all: - version: 5.0.6 + version: 7.0.1 codeql/mad: - version: 1.0.39 + version: 1.0.43 codeql/ssa: - version: 2.0.15 + version: 2.0.19 codeql/threat-models: - version: 1.0.39 + version: 1.0.43 codeql/tutorial: - version: 1.0.39 + version: 1.0.43 codeql/typetracking: - version: 2.0.23 + version: 2.0.27 codeql/util: - version: 2.0.26 + version: 2.0.30 compiled: false diff --git a/go/src/qlpack.yml b/go/src/qlpack.yml index 6a5818f5..a1bf23e1 100644 --- a/go/src/qlpack.yml +++ b/go/src/qlpack.yml @@ -1,8 +1,8 @@ library: false name: githubsecuritylab/codeql-go-queries -version: 0.4.0 +version: 0.5.0 suites: suites defaultSuiteFile: suites/go.qls dependencies: - codeql/go-all: '5.0.6' + codeql/go-all: '7.0.1' githubsecuritylab/codeql-go-libs: '*' diff --git a/go/test/codeql-pack.lock.yml b/go/test/codeql-pack.lock.yml index a662ba02..213af3bc 100644 --- a/go/test/codeql-pack.lock.yml +++ b/go/test/codeql-pack.lock.yml @@ -2,23 +2,23 @@ lockVersion: 1.0.0 dependencies: codeql/concepts: - version: 0.0.13 + version: 0.0.17 codeql/controlflow: - version: 2.0.23 + version: 2.0.27 codeql/dataflow: - version: 2.0.23 + version: 2.0.27 codeql/go-all: - version: 5.0.6 + version: 7.0.1 codeql/mad: - version: 1.0.39 + version: 1.0.43 codeql/ssa: - version: 2.0.15 + version: 2.0.19 codeql/threat-models: - version: 1.0.39 + version: 1.0.43 codeql/tutorial: - version: 1.0.39 + version: 1.0.43 codeql/typetracking: - version: 2.0.23 + version: 2.0.27 codeql/util: - version: 2.0.26 + version: 2.0.30 compiled: false diff --git a/go/test/qlpack.yml b/go/test/qlpack.yml index a3a94a6b..9c4f25f2 100644 --- a/go/test/qlpack.yml +++ b/go/test/qlpack.yml @@ -1,7 +1,7 @@ name: githubsecurtylab/codeql-go-tests groups: [go, test] dependencies: - codeql/go-all: '5.0.6' + codeql/go-all: '7.0.1' # codeql/go-queries: '*' githubsecuritylab/codeql-go-queries: '*' githubsecuritylab/codeql-go-libs: '*' diff --git a/java/ext-library-sources/qlpack.yml b/java/ext-library-sources/qlpack.yml index 30657b78..72d8db23 100644 --- a/java/ext-library-sources/qlpack.yml +++ b/java/ext-library-sources/qlpack.yml @@ -1,8 +1,8 @@ library: true name: githubsecuritylab/codeql-java-library-sources -version: 0.4.0 +version: 0.5.0 extensionTargets: - codeql/java-all: '7.8.3' + codeql/java-all: '8.1.1' dataExtensions: - 'manual/*.yml' - 'manual/**/*.yml' diff --git a/java/ext/qlpack.yml b/java/ext/qlpack.yml index 4f31f5bb..4599b495 100644 --- a/java/ext/qlpack.yml +++ b/java/ext/qlpack.yml @@ -1,8 +1,8 @@ library: true name: githubsecuritylab/codeql-java-extensions -version: 0.4.0 +version: 0.5.0 extensionTargets: - codeql/java-all: '7.8.3' + codeql/java-all: '8.1.1' dataExtensions: - 'manual/*.yml' - 'manual/**/*.yml' diff --git a/java/lib/codeql-pack.lock.yml b/java/lib/codeql-pack.lock.yml index 9fd01008..27a0468d 100644 --- a/java/lib/codeql-pack.lock.yml +++ b/java/lib/codeql-pack.lock.yml @@ -2,31 +2,31 @@ lockVersion: 1.0.0 dependencies: codeql/controlflow: - version: 2.0.23 + version: 2.0.27 codeql/dataflow: - version: 2.0.23 + version: 2.0.27 codeql/java-all: - version: 7.8.3 + version: 8.1.1 codeql/mad: - version: 1.0.39 + version: 1.0.43 codeql/quantum: - version: 0.0.17 + version: 0.0.21 codeql/rangeanalysis: - version: 1.0.39 + version: 1.0.43 codeql/regex: - version: 1.0.39 + version: 1.0.43 codeql/ssa: - version: 2.0.15 + version: 2.0.19 codeql/threat-models: - version: 1.0.39 + version: 1.0.43 codeql/tutorial: - version: 1.0.39 + version: 1.0.43 codeql/typeflow: - version: 1.0.39 + version: 1.0.43 codeql/typetracking: - version: 2.0.23 + version: 2.0.27 codeql/util: - version: 2.0.26 + version: 2.0.30 codeql/xml: - version: 1.0.39 + version: 1.0.43 compiled: false diff --git a/java/lib/qlpack.yml b/java/lib/qlpack.yml index 722baed3..c5de4a12 100644 --- a/java/lib/qlpack.yml +++ b/java/lib/qlpack.yml @@ -1,5 +1,5 @@ library: true name: githubsecuritylab/codeql-java-libs -version: 0.4.0 +version: 0.5.0 dependencies: - codeql/java-all: '7.8.3' + codeql/java-all: '8.1.1' diff --git a/java/src/codeql-pack.lock.yml b/java/src/codeql-pack.lock.yml index 9fd01008..27a0468d 100644 --- a/java/src/codeql-pack.lock.yml +++ b/java/src/codeql-pack.lock.yml @@ -2,31 +2,31 @@ lockVersion: 1.0.0 dependencies: codeql/controlflow: - version: 2.0.23 + version: 2.0.27 codeql/dataflow: - version: 2.0.23 + version: 2.0.27 codeql/java-all: - version: 7.8.3 + version: 8.1.1 codeql/mad: - version: 1.0.39 + version: 1.0.43 codeql/quantum: - version: 0.0.17 + version: 0.0.21 codeql/rangeanalysis: - version: 1.0.39 + version: 1.0.43 codeql/regex: - version: 1.0.39 + version: 1.0.43 codeql/ssa: - version: 2.0.15 + version: 2.0.19 codeql/threat-models: - version: 1.0.39 + version: 1.0.43 codeql/tutorial: - version: 1.0.39 + version: 1.0.43 codeql/typeflow: - version: 1.0.39 + version: 1.0.43 codeql/typetracking: - version: 2.0.23 + version: 2.0.27 codeql/util: - version: 2.0.26 + version: 2.0.30 codeql/xml: - version: 1.0.39 + version: 1.0.43 compiled: false diff --git a/java/src/qlpack.yml b/java/src/qlpack.yml index fa87b7c1..9c78bb2d 100644 --- a/java/src/qlpack.yml +++ b/java/src/qlpack.yml @@ -1,8 +1,8 @@ library: false name: githubsecuritylab/codeql-java-queries -version: 0.4.0 +version: 0.5.0 suites: suites defaultSuiteFile: suites/java.qls dependencies: - codeql/java-all: '7.8.3' + codeql/java-all: '8.1.1' githubsecuritylab/codeql-java-libs: '*' diff --git a/java/test/codeql-pack.lock.yml b/java/test/codeql-pack.lock.yml index 9fd01008..27a0468d 100644 --- a/java/test/codeql-pack.lock.yml +++ b/java/test/codeql-pack.lock.yml @@ -2,31 +2,31 @@ lockVersion: 1.0.0 dependencies: codeql/controlflow: - version: 2.0.23 + version: 2.0.27 codeql/dataflow: - version: 2.0.23 + version: 2.0.27 codeql/java-all: - version: 7.8.3 + version: 8.1.1 codeql/mad: - version: 1.0.39 + version: 1.0.43 codeql/quantum: - version: 0.0.17 + version: 0.0.21 codeql/rangeanalysis: - version: 1.0.39 + version: 1.0.43 codeql/regex: - version: 1.0.39 + version: 1.0.43 codeql/ssa: - version: 2.0.15 + version: 2.0.19 codeql/threat-models: - version: 1.0.39 + version: 1.0.43 codeql/tutorial: - version: 1.0.39 + version: 1.0.43 codeql/typeflow: - version: 1.0.39 + version: 1.0.43 codeql/typetracking: - version: 2.0.23 + version: 2.0.27 codeql/util: - version: 2.0.26 + version: 2.0.30 codeql/xml: - version: 1.0.39 + version: 1.0.43 compiled: false diff --git a/java/test/qlpack.yml b/java/test/qlpack.yml index c8f4d2f7..6f110187 100644 --- a/java/test/qlpack.yml +++ b/java/test/qlpack.yml @@ -1,7 +1,7 @@ name: githubsecurtylab/codeql-java-tests groups: [java, test] dependencies: - codeql/java-all: '7.8.3' + codeql/java-all: '8.1.1' githubsecuritylab/codeql-java-queries: '*' githubsecuritylab/codeql-java-libs: '*' githubsecuritylab/codeql-java-library-sources: '*' diff --git a/javascript/lib/codeql-pack.lock.yml b/javascript/lib/codeql-pack.lock.yml index 2fc85485..8aba5a52 100644 --- a/javascript/lib/codeql-pack.lock.yml +++ b/javascript/lib/codeql-pack.lock.yml @@ -2,29 +2,29 @@ lockVersion: 1.0.0 dependencies: codeql/concepts: - version: 0.0.13 + version: 0.0.17 codeql/controlflow: - version: 2.0.23 + version: 2.0.27 codeql/dataflow: - version: 2.0.23 + version: 2.0.27 codeql/javascript-all: - version: 2.6.19 + version: 2.6.23 codeql/mad: - version: 1.0.39 + version: 1.0.43 codeql/regex: - version: 1.0.39 + version: 1.0.43 codeql/ssa: - version: 2.0.15 + version: 2.0.19 codeql/threat-models: - version: 1.0.39 + version: 1.0.43 codeql/tutorial: - version: 1.0.39 + version: 1.0.43 codeql/typetracking: - version: 2.0.23 + version: 2.0.27 codeql/util: - version: 2.0.26 + version: 2.0.30 codeql/xml: - version: 1.0.39 + version: 1.0.43 codeql/yaml: - version: 1.0.39 + version: 1.0.43 compiled: false diff --git a/javascript/lib/qlpack.yml b/javascript/lib/qlpack.yml index 8c14ddf0..7f1a57c1 100644 --- a/javascript/lib/qlpack.yml +++ b/javascript/lib/qlpack.yml @@ -1,5 +1,5 @@ library: true name: githubsecuritylab/codeql-javascript-libs -version: 0.4.0 +version: 0.5.0 dependencies: - codeql/javascript-all: '2.6.19' + codeql/javascript-all: '2.6.23' diff --git a/javascript/src/codeql-pack.lock.yml b/javascript/src/codeql-pack.lock.yml index 2fc85485..8aba5a52 100644 --- a/javascript/src/codeql-pack.lock.yml +++ b/javascript/src/codeql-pack.lock.yml @@ -2,29 +2,29 @@ lockVersion: 1.0.0 dependencies: codeql/concepts: - version: 0.0.13 + version: 0.0.17 codeql/controlflow: - version: 2.0.23 + version: 2.0.27 codeql/dataflow: - version: 2.0.23 + version: 2.0.27 codeql/javascript-all: - version: 2.6.19 + version: 2.6.23 codeql/mad: - version: 1.0.39 + version: 1.0.43 codeql/regex: - version: 1.0.39 + version: 1.0.43 codeql/ssa: - version: 2.0.15 + version: 2.0.19 codeql/threat-models: - version: 1.0.39 + version: 1.0.43 codeql/tutorial: - version: 1.0.39 + version: 1.0.43 codeql/typetracking: - version: 2.0.23 + version: 2.0.27 codeql/util: - version: 2.0.26 + version: 2.0.30 codeql/xml: - version: 1.0.39 + version: 1.0.43 codeql/yaml: - version: 1.0.39 + version: 1.0.43 compiled: false diff --git a/javascript/src/qlpack.yml b/javascript/src/qlpack.yml index 0bf1408e..6e6b76c7 100644 --- a/javascript/src/qlpack.yml +++ b/javascript/src/qlpack.yml @@ -1,8 +1,8 @@ library: false name: githubsecuritylab/codeql-javascript-queries -version: 0.4.0 +version: 0.5.0 suites: suites defaultSuiteFile: suites/javascript.qls dependencies: - codeql/javascript-all: '2.6.19' + codeql/javascript-all: '2.6.23' githubsecuritylab/codeql-javascript-libs: '*' diff --git a/javascript/test/codeql-pack.lock.yml b/javascript/test/codeql-pack.lock.yml index 2fc85485..8aba5a52 100644 --- a/javascript/test/codeql-pack.lock.yml +++ b/javascript/test/codeql-pack.lock.yml @@ -2,29 +2,29 @@ lockVersion: 1.0.0 dependencies: codeql/concepts: - version: 0.0.13 + version: 0.0.17 codeql/controlflow: - version: 2.0.23 + version: 2.0.27 codeql/dataflow: - version: 2.0.23 + version: 2.0.27 codeql/javascript-all: - version: 2.6.19 + version: 2.6.23 codeql/mad: - version: 1.0.39 + version: 1.0.43 codeql/regex: - version: 1.0.39 + version: 1.0.43 codeql/ssa: - version: 2.0.15 + version: 2.0.19 codeql/threat-models: - version: 1.0.39 + version: 1.0.43 codeql/tutorial: - version: 1.0.39 + version: 1.0.43 codeql/typetracking: - version: 2.0.23 + version: 2.0.27 codeql/util: - version: 2.0.26 + version: 2.0.30 codeql/xml: - version: 1.0.39 + version: 1.0.43 codeql/yaml: - version: 1.0.39 + version: 1.0.43 compiled: false diff --git a/javascript/test/qlpack.yml b/javascript/test/qlpack.yml index 8f2badf0..57cdb7dc 100644 --- a/javascript/test/qlpack.yml +++ b/javascript/test/qlpack.yml @@ -1,7 +1,7 @@ name: githubsecuritylab/codeql-javascript-tests groups: [javascript, test] dependencies: - codeql/javascript-all: "2.6.19" + codeql/javascript-all: "2.6.23" githubsecuritylab/codeql-javascript-queries: "*" extractor: javascript diff --git a/python/ext/qlpack.yml b/python/ext/qlpack.yml index 8d8701e8..862a8524 100644 --- a/python/ext/qlpack.yml +++ b/python/ext/qlpack.yml @@ -1,8 +1,8 @@ library: true name: githubsecuritylab/codeql-python-extensions -version: 0.4.0 +version: 0.5.0 extensionTargets: - codeql/python-all: '5.0.4' + codeql/python-all: '7.0.0' dataExtensions: - 'manual/*.yml' - 'manual/**/*.yml' diff --git a/python/lib/codeql-pack.lock.yml b/python/lib/codeql-pack.lock.yml index f47fb087..95fc12fc 100644 --- a/python/lib/codeql-pack.lock.yml +++ b/python/lib/codeql-pack.lock.yml @@ -2,29 +2,29 @@ lockVersion: 1.0.0 dependencies: codeql/concepts: - version: 0.0.13 + version: 0.0.17 codeql/controlflow: - version: 2.0.23 + version: 2.0.27 codeql/dataflow: - version: 2.0.23 + version: 2.0.27 codeql/mad: - version: 1.0.39 + version: 1.0.43 codeql/python-all: - version: 5.0.4 + version: 7.0.0 codeql/regex: - version: 1.0.39 + version: 1.0.43 codeql/ssa: - version: 2.0.15 + version: 2.0.19 codeql/threat-models: - version: 1.0.39 + version: 1.0.43 codeql/tutorial: - version: 1.0.39 + version: 1.0.43 codeql/typetracking: - version: 2.0.23 + version: 2.0.27 codeql/util: - version: 2.0.26 + version: 2.0.30 codeql/xml: - version: 1.0.39 + version: 1.0.43 codeql/yaml: - version: 1.0.39 + version: 1.0.43 compiled: false diff --git a/python/lib/qlpack.yml b/python/lib/qlpack.yml index 9d942cdc..5d7bae49 100644 --- a/python/lib/qlpack.yml +++ b/python/lib/qlpack.yml @@ -1,5 +1,5 @@ library: true name: githubsecuritylab/codeql-python-libs -version: 0.4.0 +version: 0.5.0 dependencies: - codeql/python-all: '5.0.4' + codeql/python-all: '7.0.0' diff --git a/python/src/codeql-pack.lock.yml b/python/src/codeql-pack.lock.yml index f47fb087..95fc12fc 100644 --- a/python/src/codeql-pack.lock.yml +++ b/python/src/codeql-pack.lock.yml @@ -2,29 +2,29 @@ lockVersion: 1.0.0 dependencies: codeql/concepts: - version: 0.0.13 + version: 0.0.17 codeql/controlflow: - version: 2.0.23 + version: 2.0.27 codeql/dataflow: - version: 2.0.23 + version: 2.0.27 codeql/mad: - version: 1.0.39 + version: 1.0.43 codeql/python-all: - version: 5.0.4 + version: 7.0.0 codeql/regex: - version: 1.0.39 + version: 1.0.43 codeql/ssa: - version: 2.0.15 + version: 2.0.19 codeql/threat-models: - version: 1.0.39 + version: 1.0.43 codeql/tutorial: - version: 1.0.39 + version: 1.0.43 codeql/typetracking: - version: 2.0.23 + version: 2.0.27 codeql/util: - version: 2.0.26 + version: 2.0.30 codeql/xml: - version: 1.0.39 + version: 1.0.43 codeql/yaml: - version: 1.0.39 + version: 1.0.43 compiled: false diff --git a/python/src/qlpack.yml b/python/src/qlpack.yml index 2c1289f4..1e5af5aa 100644 --- a/python/src/qlpack.yml +++ b/python/src/qlpack.yml @@ -1,8 +1,8 @@ library: false name: githubsecuritylab/codeql-python-queries -version: 0.4.0 +version: 0.5.0 suites: suites defaultSuiteFile: suites/python.qls dependencies: - codeql/python-all: '5.0.4' + codeql/python-all: '7.0.0' githubsecuritylab/codeql-python-libs: '*' diff --git a/python/test/codeql-pack.lock.yml b/python/test/codeql-pack.lock.yml index eca1aeaf..160978db 100644 --- a/python/test/codeql-pack.lock.yml +++ b/python/test/codeql-pack.lock.yml @@ -2,33 +2,33 @@ lockVersion: 1.0.0 dependencies: codeql/concepts: - version: 0.0.13 + version: 0.0.17 codeql/controlflow: - version: 2.0.23 + version: 2.0.27 codeql/dataflow: - version: 2.0.23 + version: 2.0.27 codeql/mad: - version: 1.0.39 + version: 1.0.43 codeql/python-all: - version: 5.0.4 + version: 7.0.0 codeql/python-queries: - version: 1.7.4 + version: 1.7.8 codeql/regex: - version: 1.0.39 + version: 1.0.43 codeql/ssa: - version: 2.0.15 + version: 2.0.19 codeql/suite-helpers: - version: 1.0.39 + version: 1.0.43 codeql/threat-models: - version: 1.0.39 + version: 1.0.43 codeql/tutorial: - version: 1.0.39 + version: 1.0.43 codeql/typetracking: - version: 2.0.23 + version: 2.0.27 codeql/util: - version: 2.0.26 + version: 2.0.30 codeql/xml: - version: 1.0.39 + version: 1.0.43 codeql/yaml: - version: 1.0.39 + version: 1.0.43 compiled: false diff --git a/python/test/qlpack.yml b/python/test/qlpack.yml index 663f8754..20705b7e 100644 --- a/python/test/qlpack.yml +++ b/python/test/qlpack.yml @@ -1,8 +1,8 @@ name: githubsecurtylab/codeql-python-tests groups: [python, test] dependencies: - codeql/python-all: '5.0.4' - codeql/python-queries: '1.7.4' + codeql/python-all: '7.0.0' + codeql/python-queries: '1.7.8' githubsecuritylab/codeql-python-queries: '*' githubsecuritylab/codeql-python-libs: '*' extractor: python diff --git a/ruby/lib/codeql-pack.lock.yml b/ruby/lib/codeql-pack.lock.yml index f5619ce6..d30e1240 100644 --- a/ruby/lib/codeql-pack.lock.yml +++ b/ruby/lib/codeql-pack.lock.yml @@ -2,23 +2,23 @@ lockVersion: 1.0.0 dependencies: codeql/concepts: - version: 0.0.13 + version: 0.0.17 codeql/controlflow: - version: 2.0.23 + version: 2.0.27 codeql/dataflow: - version: 2.0.23 + version: 2.0.27 codeql/mad: - version: 1.0.39 + version: 1.0.43 codeql/regex: - version: 1.0.39 + version: 1.0.43 codeql/ruby-all: - version: 5.1.7 + version: 5.1.11 codeql/ssa: - version: 2.0.15 + version: 2.0.19 codeql/tutorial: - version: 1.0.39 + version: 1.0.43 codeql/typetracking: - version: 2.0.23 + version: 2.0.27 codeql/util: - version: 2.0.26 + version: 2.0.30 compiled: false diff --git a/ruby/lib/qlpack.yml b/ruby/lib/qlpack.yml index f51a22fa..d7b3c192 100644 --- a/ruby/lib/qlpack.yml +++ b/ruby/lib/qlpack.yml @@ -1,5 +1,5 @@ library: true name: githubsecuritylab/codeql-ruby-libs -version: 0.4.0 +version: 0.5.0 dependencies: - codeql/ruby-all: '5.1.7' + codeql/ruby-all: '5.1.11' diff --git a/ruby/src/codeql-pack.lock.yml b/ruby/src/codeql-pack.lock.yml index f5619ce6..d30e1240 100644 --- a/ruby/src/codeql-pack.lock.yml +++ b/ruby/src/codeql-pack.lock.yml @@ -2,23 +2,23 @@ lockVersion: 1.0.0 dependencies: codeql/concepts: - version: 0.0.13 + version: 0.0.17 codeql/controlflow: - version: 2.0.23 + version: 2.0.27 codeql/dataflow: - version: 2.0.23 + version: 2.0.27 codeql/mad: - version: 1.0.39 + version: 1.0.43 codeql/regex: - version: 1.0.39 + version: 1.0.43 codeql/ruby-all: - version: 5.1.7 + version: 5.1.11 codeql/ssa: - version: 2.0.15 + version: 2.0.19 codeql/tutorial: - version: 1.0.39 + version: 1.0.43 codeql/typetracking: - version: 2.0.23 + version: 2.0.27 codeql/util: - version: 2.0.26 + version: 2.0.30 compiled: false diff --git a/ruby/src/qlpack.yml b/ruby/src/qlpack.yml index eae02d0c..02c91e5d 100644 --- a/ruby/src/qlpack.yml +++ b/ruby/src/qlpack.yml @@ -1,8 +1,8 @@ library: false name: githubsecuritylab/codeql-ruby-queries -version: 0.4.0 +version: 0.5.0 suites: suites defaultSuiteFile: suites/ruby.qls dependencies: - codeql/ruby-all: '5.1.7' + codeql/ruby-all: '5.1.11' githubsecuritylab/codeql-ruby-libs: '*' diff --git a/ruby/test/codeql-pack.lock.yml b/ruby/test/codeql-pack.lock.yml index 5922bcf9..0dfcc28d 100644 --- a/ruby/test/codeql-pack.lock.yml +++ b/ruby/test/codeql-pack.lock.yml @@ -2,27 +2,27 @@ lockVersion: 1.0.0 dependencies: codeql/concepts: - version: 0.0.13 + version: 0.0.17 codeql/controlflow: - version: 2.0.23 + version: 2.0.27 codeql/dataflow: - version: 2.0.23 + version: 2.0.27 codeql/mad: - version: 1.0.39 + version: 1.0.43 codeql/regex: - version: 1.0.39 + version: 1.0.43 codeql/ruby-all: - version: 5.1.7 + version: 5.1.11 codeql/ruby-queries: - version: 1.5.4 + version: 1.5.8 codeql/ssa: - version: 2.0.15 + version: 2.0.19 codeql/suite-helpers: - version: 1.0.39 + version: 1.0.43 codeql/tutorial: - version: 1.0.39 + version: 1.0.43 codeql/typetracking: - version: 2.0.23 + version: 2.0.27 codeql/util: - version: 2.0.26 + version: 2.0.30 compiled: false diff --git a/ruby/test/qlpack.yml b/ruby/test/qlpack.yml index 17f227e9..9ed047b8 100644 --- a/ruby/test/qlpack.yml +++ b/ruby/test/qlpack.yml @@ -1,8 +1,8 @@ name: githubsecurtylab/codeql-ruby-tests groups: [ruby, test] dependencies: - codeql/ruby-all: '5.1.7' - codeql/ruby-queries: '1.5.4' + codeql/ruby-all: '5.1.11' + codeql/ruby-queries: '1.5.8' githubsecuritylab/codeql-ruby-queries: '*' githubsecuritylab/codeql-ruby-libs: '*' extractor: ruby From fd4ff0a12a6d24fb62154e91676735e86d2304cb Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sat, 11 Jul 2026 02:09:22 +0000 Subject: [PATCH 2/5] fix: update Java and Python queries for CodeQL 2.24.3 API changes - java/src/library_sources/ExternalAPIs.qll: rename applyManualModel() to hasManualModel() on SummarizedCallable (method was removed in java-all 8.1.1) - python/lib/ghsl/MassAssignment.qll: replace deprecated Value type and CallNode with DataFlow::MethodCallNode (Value is no longer re-exported from python.qll in python-all 7.0.0) Co-authored-by: felickz <1760475+felickz@users.noreply.github.com> --- java/src/library_sources/ExternalAPIs.qll | 2 +- python/lib/ghsl/MassAssignment.qll | 7 +++---- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/java/src/library_sources/ExternalAPIs.qll b/java/src/library_sources/ExternalAPIs.qll index c9e58654..63fbfbd1 100644 --- a/java/src/library_sources/ExternalAPIs.qll +++ b/java/src/library_sources/ExternalAPIs.qll @@ -193,7 +193,7 @@ private J::Callable liftedImpl(J::Callable m) { } private predicate hasManualModel(Callable api) { - api = any(FlowSummaryImpl::Public::SummarizedCallable sc | sc.applyManualModel()).asCallable() or + api = any(FlowSummaryImpl::Public::SummarizedCallable sc | sc.hasManualModel()).asCallable() or api = any(FlowSummaryImpl::Public::NeutralSummaryCallable sc | sc.hasManualModel()).asCallable() } diff --git a/python/lib/ghsl/MassAssignment.qll b/python/lib/ghsl/MassAssignment.qll index 5d8f1836..befd90bb 100644 --- a/python/lib/ghsl/MassAssignment.qll +++ b/python/lib/ghsl/MassAssignment.qll @@ -22,10 +22,9 @@ module MassAssignment { this = API::builtin("setattr").getACall().getArg(1) or // > __setattr__(SINK, value) - exists(Value value, CallNode call | - value.getName() = "__setattr__" and - call = value.getACall() and - this.asCfgNode() = call.getArg(0) + exists(DataFlow::MethodCallNode call | + call.getMethodName() = "__setattr__" and + this = call.getArg(0) ) ) and this.getScope().inSource() From 86dff324abed8c5731f074e2f5ce7bdf7ead45e5 Mon Sep 17 00:00:00 2001 From: Chad Bentz <1760475+felickz@users.noreply.github.com> Date: Fri, 10 Jul 2026 23:22:10 -0400 Subject: [PATCH 3/5] chore: bump release version to 0.5.1 (validated java/python compile fixes) --- .release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.release.yml b/.release.yml index 8eef7625..4fde080e 100644 --- a/.release.yml +++ b/.release.yml @@ -1,6 +1,6 @@ name: "CodeQL Community Packs" repository: "githubsecuritylab/codeql-community-packs" -version: "0.5.0" +version: "0.5.1" prerelease: false ecosystem: CodeQL From e6094dfbce188cc66be76210a167e8f90de938ce Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sat, 11 Jul 2026 03:58:24 +0000 Subject: [PATCH 4/5] test(java): update expected outputs for CodeQL 2.24.3 validate failures Co-authored-by: felickz <1760475+felickz@users.noreply.github.com> --- .../JxBrowserWithoutCertValidation.expected | 1 + .../JxBrowserWithoutCertValidation.expected | 1 + .../CWE-470/LoadClassNoSignatureCheck.expected | 7 +++++-- java/test/security/CWE-601/SpringUrlRedirect.expected | 10 ---------- 4 files changed, 7 insertions(+), 12 deletions(-) diff --git a/java/test/security/CWE-295/jxbrowser-6.23.1/JxBrowserWithoutCertValidation.expected b/java/test/security/CWE-295/jxbrowser-6.23.1/JxBrowserWithoutCertValidation.expected index 605aca10..f6a11ac6 100644 --- a/java/test/security/CWE-295/jxbrowser-6.23.1/JxBrowserWithoutCertValidation.expected +++ b/java/test/security/CWE-295/jxbrowser-6.23.1/JxBrowserWithoutCertValidation.expected @@ -1 +1,2 @@ +WARNING: predicate 'getResult' has been deprecated and may be removed in future (JxBrowserWithoutCertValidation.ql:50,8-17) | JxBrowserWithoutCertValidationV6_23_1.java:17:27:17:39 | new Browser(...) | This JxBrowser instance may not check HTTPS certificates. | diff --git a/java/test/security/CWE-295/jxbrowser-6.24/JxBrowserWithoutCertValidation.expected b/java/test/security/CWE-295/jxbrowser-6.24/JxBrowserWithoutCertValidation.expected index e69de29b..d678610d 100644 --- a/java/test/security/CWE-295/jxbrowser-6.24/JxBrowserWithoutCertValidation.expected +++ b/java/test/security/CWE-295/jxbrowser-6.24/JxBrowserWithoutCertValidation.expected @@ -0,0 +1 @@ +WARNING: predicate 'getResult' has been deprecated and may be removed in future (JxBrowserWithoutCertValidation.ql:50,8-17) diff --git a/java/test/security/CWE-470/LoadClassNoSignatureCheck.expected b/java/test/security/CWE-470/LoadClassNoSignatureCheck.expected index 45f8ef2f..a7b053bb 100644 --- a/java/test/security/CWE-470/LoadClassNoSignatureCheck.expected +++ b/java/test/security/CWE-470/LoadClassNoSignatureCheck.expected @@ -1,3 +1,8 @@ +WARNING: predicate 'getAUse' has been deprecated and may be removed in future (LoadClassNoSignatureCheck.ql:45,7-14) +WARNING: predicate 'getAUse' has been deprecated and may be removed in future (LoadClassNoSignatureCheck.ql:46,14-21) +WARNING: type 'SsaVariable' has been deprecated and may be removed in future (LoadClassNoSignatureCheck.ql:44,34-45) +#select +| BadClassLoader.java:18:37:18:47 | classLoader | BadClassLoader.java:15:42:16:75 | createPackageContext(...) : Context | BadClassLoader.java:18:37:18:47 | classLoader | Class loaded from a $@ without signature check | BadClassLoader.java:15:42:16:75 | createPackageContext(...) | third party library | edges | BadClassLoader.java:15:42:16:75 | createPackageContext(...) : Context | BadClassLoader.java:17:47:17:56 | appContext : Context | provenance | | | BadClassLoader.java:17:47:17:56 | appContext : Context | BadClassLoader.java:17:47:17:73 | getClassLoader(...) : ClassLoader | provenance | Config | @@ -8,5 +13,3 @@ nodes | BadClassLoader.java:17:47:17:73 | getClassLoader(...) : ClassLoader | semmle.label | getClassLoader(...) : ClassLoader | | BadClassLoader.java:18:37:18:47 | classLoader | semmle.label | classLoader | subpaths -#select -| BadClassLoader.java:18:37:18:47 | classLoader | BadClassLoader.java:15:42:16:75 | createPackageContext(...) : Context | BadClassLoader.java:18:37:18:47 | classLoader | Class loaded from a $@ without signature check | BadClassLoader.java:15:42:16:75 | createPackageContext(...) | third party library | diff --git a/java/test/security/CWE-601/SpringUrlRedirect.expected b/java/test/security/CWE-601/SpringUrlRedirect.expected index 7d2a389c..1dfa6d95 100644 --- a/java/test/security/CWE-601/SpringUrlRedirect.expected +++ b/java/test/security/CWE-601/SpringUrlRedirect.expected @@ -33,19 +33,13 @@ edges | SpringUrlRedirect.java:98:44:98:54 | redirectUrl : String | SpringUrlRedirect.java:98:33:98:55 | create(...) : URI | provenance | MaD:3 | | SpringUrlRedirect.java:104:39:104:56 | redirectUrl : String | SpringUrlRedirect.java:106:37:106:47 | redirectUrl : String | provenance | | | SpringUrlRedirect.java:106:9:106:19 | httpHeaders [post update] : HttpHeaders | SpringUrlRedirect.java:108:68:108:78 | httpHeaders | provenance | | -| SpringUrlRedirect.java:106:9:106:19 | httpHeaders [post update] : HttpHeaders [, ] : String | SpringUrlRedirect.java:108:68:108:78 | httpHeaders | provenance | | | SpringUrlRedirect.java:106:37:106:47 | redirectUrl : String | SpringUrlRedirect.java:106:9:106:19 | httpHeaders [post update] : HttpHeaders | provenance | MaD:4 | -| SpringUrlRedirect.java:106:37:106:47 | redirectUrl : String | SpringUrlRedirect.java:106:9:106:19 | httpHeaders [post update] : HttpHeaders [, ] : String | provenance | MaD:5 | | SpringUrlRedirect.java:112:39:112:56 | redirectUrl : String | SpringUrlRedirect.java:114:37:114:47 | redirectUrl : String | provenance | | | SpringUrlRedirect.java:114:9:114:19 | httpHeaders [post update] : HttpHeaders | SpringUrlRedirect.java:116:37:116:47 | httpHeaders | provenance | | -| SpringUrlRedirect.java:114:9:114:19 | httpHeaders [post update] : HttpHeaders [, ] : String | SpringUrlRedirect.java:116:37:116:47 | httpHeaders | provenance | | | SpringUrlRedirect.java:114:37:114:47 | redirectUrl : String | SpringUrlRedirect.java:114:9:114:19 | httpHeaders [post update] : HttpHeaders | provenance | MaD:4 | -| SpringUrlRedirect.java:114:37:114:47 | redirectUrl : String | SpringUrlRedirect.java:114:9:114:19 | httpHeaders [post update] : HttpHeaders [, ] : String | provenance | MaD:5 | | SpringUrlRedirect.java:120:33:120:50 | redirectUrl : String | SpringUrlRedirect.java:122:37:122:47 | redirectUrl : String | provenance | | | SpringUrlRedirect.java:122:9:122:19 | httpHeaders [post update] : HttpHeaders | SpringUrlRedirect.java:124:49:124:59 | httpHeaders | provenance | | -| SpringUrlRedirect.java:122:9:122:19 | httpHeaders [post update] : HttpHeaders [, ] : String | SpringUrlRedirect.java:124:49:124:59 | httpHeaders | provenance | | | SpringUrlRedirect.java:122:37:122:47 | redirectUrl : String | SpringUrlRedirect.java:122:9:122:19 | httpHeaders [post update] : HttpHeaders | provenance | MaD:4 | -| SpringUrlRedirect.java:122:37:122:47 | redirectUrl : String | SpringUrlRedirect.java:122:9:122:19 | httpHeaders [post update] : HttpHeaders [, ] : String | provenance | MaD:5 | | SpringUrlRedirect.java:128:33:128:50 | redirectUrl : String | SpringUrlRedirect.java:130:44:130:54 | redirectUrl : String | provenance | | | SpringUrlRedirect.java:130:9:130:19 | httpHeaders : HttpHeaders | SpringUrlRedirect.java:132:49:132:59 | httpHeaders | provenance | | | SpringUrlRedirect.java:130:33:130:55 | create(...) : URI | SpringUrlRedirect.java:130:9:130:19 | httpHeaders : HttpHeaders | provenance | Config | @@ -55,7 +49,6 @@ models | 2 | Summary: java.lang; String; false; format; (String,Object[]); ; Argument[1].ArrayElement; ReturnValue; taint; manual | | 3 | Summary: java.net; URI; false; create; ; ; Argument[0]; ReturnValue; taint; manual | | 4 | Summary: org.springframework.http; HttpHeaders; true; add; (String,String); ; Argument[0..1]; Argument[this]; taint; manual | -| 5 | Summary: org.springframework.util; MultiValueMap; true; add; ; ; Argument[1]; Argument[this].MapValue.Element; value; manual | nodes | SpringUrlRedirect.java:17:30:17:47 | redirectUrl : String | semmle.label | redirectUrl : String | | SpringUrlRedirect.java:19:19:19:29 | redirectUrl | semmle.label | redirectUrl | @@ -86,17 +79,14 @@ nodes | SpringUrlRedirect.java:100:37:100:47 | httpHeaders | semmle.label | httpHeaders | | SpringUrlRedirect.java:104:39:104:56 | redirectUrl : String | semmle.label | redirectUrl : String | | SpringUrlRedirect.java:106:9:106:19 | httpHeaders [post update] : HttpHeaders | semmle.label | httpHeaders [post update] : HttpHeaders | -| SpringUrlRedirect.java:106:9:106:19 | httpHeaders [post update] : HttpHeaders [, ] : String | semmle.label | httpHeaders [post update] : HttpHeaders [, ] : String | | SpringUrlRedirect.java:106:37:106:47 | redirectUrl : String | semmle.label | redirectUrl : String | | SpringUrlRedirect.java:108:68:108:78 | httpHeaders | semmle.label | httpHeaders | | SpringUrlRedirect.java:112:39:112:56 | redirectUrl : String | semmle.label | redirectUrl : String | | SpringUrlRedirect.java:114:9:114:19 | httpHeaders [post update] : HttpHeaders | semmle.label | httpHeaders [post update] : HttpHeaders | -| SpringUrlRedirect.java:114:9:114:19 | httpHeaders [post update] : HttpHeaders [, ] : String | semmle.label | httpHeaders [post update] : HttpHeaders [, ] : String | | SpringUrlRedirect.java:114:37:114:47 | redirectUrl : String | semmle.label | redirectUrl : String | | SpringUrlRedirect.java:116:37:116:47 | httpHeaders | semmle.label | httpHeaders | | SpringUrlRedirect.java:120:33:120:50 | redirectUrl : String | semmle.label | redirectUrl : String | | SpringUrlRedirect.java:122:9:122:19 | httpHeaders [post update] : HttpHeaders | semmle.label | httpHeaders [post update] : HttpHeaders | -| SpringUrlRedirect.java:122:9:122:19 | httpHeaders [post update] : HttpHeaders [, ] : String | semmle.label | httpHeaders [post update] : HttpHeaders [, ] : String | | SpringUrlRedirect.java:122:37:122:47 | redirectUrl : String | semmle.label | redirectUrl : String | | SpringUrlRedirect.java:124:49:124:59 | httpHeaders | semmle.label | httpHeaders | | SpringUrlRedirect.java:128:33:128:50 | redirectUrl : String | semmle.label | redirectUrl : String | From bbfa983b219b86bac7dfc5510739916c7a77b9d4 Mon Sep 17 00:00:00 2001 From: Chad Bentz <1760475+felickz@users.noreply.github.com> Date: Sat, 11 Jul 2026 00:01:48 -0400 Subject: [PATCH 5/5] Remove empty lines in .release.yml --- .release.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.release.yml b/.release.yml index dddad106..4fde080e 100644 --- a/.release.yml +++ b/.release.yml @@ -1,8 +1,6 @@ name: "CodeQL Community Packs" repository: "githubsecuritylab/codeql-community-packs" - version: "0.5.1" - prerelease: false ecosystem: CodeQL