Merge pull request #17375 from github/changedocs-2.18.3-2

Add changelogs up to 2.18.3

Author: turbo

docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.10.0.rst

@@ -75,8 +75,8 @@ C#
 *   The syntax of the (source|sink|summary)model CSV format has been changed slightly for Java and C#. A new column called :code:`provenance` has been introduced, where the allowed values are :code:`manual` and :code:`generated`. The value used to indicate whether a model as been written by hand (:code:`manual`) or create by the CSV model generator (:code:`generated`).
 *   All auto implemented public properties with public getters and setters on ASP.NET Core remote flow sources are now also considered to be tainted.
 
-Java
-""""
+Java/Kotlin
+"""""""""""
 
 *   The query :code:`java/log-injection` now reports problems at the source (user-controlled data) instead of at the ultimate logging call. This was changed because user functions that wrap the ultimate logging call could result in most alerts being reported in an uninformative location.
 
@@ -134,8 +134,8 @@ JavaScript/TypeScript
 Minor Analysis Improvements
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-Java
-""""
+Java/Kotlin
+"""""""""""
 
 *   Added a flow step for :code:`String.valueOf` calls on tainted :code:`android.text.Editable` objects.
 
@@ -162,8 +162,8 @@ Golang
 
 *   The :code:`BarrierGuard` class has been deprecated. Such barriers and sanitizers can now instead be created using the new :code:`BarrierGuard` parameterized module.
 
-Java
-""""
+Java/Kotlin
+"""""""""""
 
 *   The :code:`BarrierGuard` class has been deprecated. Such barriers and sanitizers can now instead be created using the new :code:`BarrierGuard` parameterized module.
 

docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.10.1.rst

@@ -40,8 +40,8 @@ C#
 
 *   Contextual queries and the query libraries they depend on have been moved to the :code:`codeql/csharp-all` package.
 
-Java
-""""
+Java/Kotlin
+"""""""""""
 
 *   Contextual queries and the query libraries they depend on have been moved to the :code:`codeql/java-all` package.
 
@@ -63,8 +63,8 @@ Ruby
 New Queries
 ~~~~~~~~~~~
 
-Java
-""""
+Java/Kotlin
+"""""""""""
 
 *   A new query "Improper verification of intent by broadcast receiver" (:code:`java/improper-intent-verification`) has been added.
     This query finds instances of Android :code:`BroadcastReceiver`\ s that don't verify the action string of received intents when registered to receive system intents.
@@ -80,8 +80,8 @@ C/C++
 
 *   :code:`AnalysedExpr::isNullCheck` and :code:`AnalysedExpr::isValidCheck` have been updated to handle variable accesses on the left-hand side of the C++ logical "and", and variable declarations in conditions.
 
-Java
-""""
+Java/Kotlin
+"""""""""""
 
 *   Added data-flow models for :code:`java.util.Properties`. Additional results may be found where relevant data is stored in and then retrieved from a :code:`Properties` instance.
 *   Added :code:`Modifier.isInline()`.
@@ -126,7 +126,7 @@ Python
 New Features
 ~~~~~~~~~~~~
 
-Java
-""""
+Java/Kotlin
+"""""""""""
 
 *   Added an :code:`ErrorType` class. An instance of this class will be used if an extractor is unable to extract a type, or if an up/downgrade script is unable to provide a type.

docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.10.2.rst

@@ -84,8 +84,8 @@ C/C++
 Minor Analysis Improvements
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-Java
-""""
+Java/Kotlin
+"""""""""""
 
 *   The JUnit5 version of :code:`AssertNotNull` is now recognized, which removes related false positives in the nullness queries.
 *   Added data flow models for :code:`java.util.Scanner`.
@@ -99,7 +99,7 @@ Ruby
 New Features
 ~~~~~~~~~~~~
 
-Java
-""""
+Java/Kotlin
+"""""""""""
 
 *   The QL predicate :code:`Expr::getUnderlyingExpr` has been added. It can be used to look through casts and not-null expressions and obtain the underlying expression to which they apply.

docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.10.3.rst

@@ -37,8 +37,8 @@ Query Packs
 Major Analysis Improvements
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-Java
-""""
+Java/Kotlin
+"""""""""""
 
 *   The query :code:`java/sensitive-log` has been improved to no longer report results that are effectively duplicates due to one source flowing to another source.
 
@@ -55,16 +55,16 @@ Golang
 
 *   The query :code:`go/path-injection` no longer considers user-controlled numeric or boolean-typed data as potentially dangerous.
 
-Java
-""""
+Java/Kotlin
+"""""""""""
 
 *   The query :code:`java/path-injection` now recognises vulnerable APIs defined using the :code:`SinkModelCsv` class with the :code:`create-file` type. Out of the box this includes Apache Commons-IO functions, as well as any user-defined sinks.
 
 New Queries
 ~~~~~~~~~~~
 
-Java
-""""
+Java/Kotlin
+"""""""""""
 
 *   A new query "Android :code:`WebView` that accepts all certificates" (:code:`java/improper-webview-certificate-validation`) has been added. This query finds implementations of :code:`WebViewClient`\ s that accept all certificates in the case of an SSL error.
 
@@ -82,8 +82,8 @@ C/C++
 Minor Analysis Improvements
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-Java
-""""
+Java/Kotlin
+"""""""""""
 
 *   Improved analysis of the Android class :code:`AsyncTask` so that data can properly flow through its methods according to the life-cycle steps described here: https://developer.android.com/reference/android/os/AsyncTask#the-4-steps.
 *   Added a data-flow model for the :code:`setProperty` method of :code:`java.util.Properties`. Additional results may be found where relevant data is stored in and then retrieved from a :code:`Properties` instance.

docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.10.4.rst

@@ -40,17 +40,17 @@ C#
 *   Added better support for the SQLite framework in the SQL injection query.
 *   File streams are now considered stored flow sources. For example, reading query elements from a file can lead to a Second Order SQL injection alert.
 
-Java
-""""
+Java/Kotlin
+"""""""""""
 
 *   The query :code:`java/static-initialization-vector` no longer requires a :code:`Cipher` object to be initialized with :code:`ENCRYPT_MODE` to be considered a valid sink. Also, several new sanitizers were added.
 *   Improved sanitizers for :code:`java/sensitive-log`, which removes some false positives and improves performance a bit.
 
 New Queries
 ~~~~~~~~~~~
 
-Java
-""""
+Java/Kotlin
+"""""""""""
 
 *   Added a new query, :code:`java/android/implicitly-exported-component`, to detect if components are implicitly exported in the Android manifest.
 *   A new query "Use of RSA algorithm without OAEP" (:code:`java/rsa-without-oaep`) has been added. This query finds uses of RSA encryption that don't use the OAEP scheme.
@@ -84,8 +84,8 @@ Ruby
 Query Metadata Changes
 ~~~~~~~~~~~~~~~~~~~~~~
 
-Java
-""""
+Java/Kotlin
+"""""""""""
 
 *   The queries :code:`java/redos` and :code:`java/polynomial-redos` now have a tag for CWE-1333.
 
@@ -121,8 +121,8 @@ Golang
 *   Fixed data-flow to captured variable references.
 *   We now assume that if a channel-typed field is only referred to twice in the user codebase, once in a send operation and once in a receive, then data flows from the send to the receive statement. This enables finding some cross-goroutine flow.
 
-Java
-""""
+Java/Kotlin
+"""""""""""
 
 *   Added new flow steps for the classes :code:`java.nio.file.Path` and :code:`java.nio.file.Paths`.
 *   The class :code:`AndroidFragment` now also models the Android Jetpack version of the :code:`Fragment` class (:code:`androidx.fragment.app.Fragment`).
@@ -161,8 +161,8 @@ C#
 *   Many classes/predicates/modules with upper-case acronyms in their name have been renamed to follow our style-guide.
     The old name still exists as a deprecated alias.
 
-Java
-""""
+Java/Kotlin
+"""""""""""
 
 *   Many classes/predicates/modules with upper-case acronyms in their name have been renamed to follow our style-guide.
     The old name still exists as a deprecated alias.
@@ -204,8 +204,8 @@ C/C++
 *   Added support for getting the link targets of global and namespace variables.
 *   Added a :code:`BlockAssignExpr` class, which models a :code:`memcpy`\ -like operation used in compiler generated copy/move constructors and assignment operations.
 
-Java
-""""
+Java/Kotlin
+"""""""""""
 
 *   Added a new predicate, :code:`requiresPermissions`, in the :code:`AndroidComponentXmlElement` and :code:`AndroidApplicationXmlElement` classes to detect if the element has explicitly set a value for its :code:`android:permission` attribute.
 *   Added a new predicate, :code:`hasAnIntentFilterElement`, in the :code:`AndroidComponentXmlElement` class to detect if a component contains an intent filter element.

docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.11.0.rst

@@ -60,8 +60,8 @@ Golang
 
 *   The alert message of many queries have been changed to make the message consistent with other languages.
 
-Java
-""""
+Java/Kotlin
+"""""""""""
 
 *   The Java extractor now populates the :code:`Method` relating to a :code:`MethodAccess` consistently for calls using an explicit and implicit :code:`this` qualifier. Previously if the method :code:`foo` was inherited from a specialised generic type :code:`ParentType<String>`, then an explicit call :code:`this.foo()` would yield a :code:`MethodAccess` whose :code:`getMethod()` accessor returned the bound method :code:`ParentType<String>.foo`, whereas an implicitly-qualified :code:`foo()` :code:`MethodAccess`\ 's :code:`getMethod()` would return the unbound method :code:`ParentType.foo`. Now both scenarios produce a bound method. This means that all data-flow queries may return more results where a relevant path transits a call to such an implicitly-qualified call to a member method with a bound generic type, while queries that inspect the result of :code:`MethodAccess.getMethod()` may need to tolerate bound generic methods in more circumstances. The queries :code:`java/iterator-remove-failure`, :code:`java/non-static-nested-class`, :code:`java/internal-representation-exposure`, :code:`java/subtle-inherited-call` and :code:`java/deprecated-call` have been amended to properly handle calls to bound generic methods, and in some instances may now produce more results in the explicit-\ :code:`this` case as well.
 *   Added taint model for arguments of :code:`java.net.URI` constructors to the queries :code:`java/path-injection` and :code:`java/path-injection-local`.
@@ -94,8 +94,8 @@ C/C++
 
 *   Added a new medium-precision query, :code:`cpp/missing-check-scanf`, which detects :code:`scanf` output variables that are used without a proper return-value check to see that they were actually written. A variation of this query was originally contributed as an `experimental query by @ihsinme <https://github.com/github/codeql/pull/8246>`__.
 
-Java
-""""
+Java/Kotlin
+"""""""""""
 
 *   The query "Server-side template injection" (:code:`java/server-side-template-injection`) has been promoted from experimental to the main query pack. This query was originally `submitted as an experimental query by @porcupineyhairs <https://github.com/github/codeql/pull/5935>`__.
 *   Added a new query, :code:`java/android/backup-enabled`, to detect if Android applications allow backups.
@@ -113,8 +113,8 @@ Golang
 
 *   Added the :code:`security-severity` tag and CWE tag to the :code:`go/insecure-hostkeycallback` query.
 
-Java
-""""
+Java/Kotlin
+"""""""""""
 
 *   Removed the :code:`@security-severity` tag from several queries not in the :code:`Security/` folder that also had missing :code:`security` tags.
 
@@ -139,8 +139,8 @@ C#
 
 *   Fixed an issue in the taint tracking analysis where implicit reads were not allowed by default in sinks or additional taint steps that used flow states.
 
-Java
-""""
+Java/Kotlin
+"""""""""""
 
 *   Fixed an issue in the taint tracking analysis where implicit reads were not allowed by default in sinks or additional taint steps that used flow states.
 
@@ -157,8 +157,8 @@ Ruby
 Breaking Changes
 ~~~~~~~~~~~~~~~~
 
-Java
-""""
+Java/Kotlin
+"""""""""""
 
 *   The :code:`Member.getQualifiedName()` predicate result now includes the qualified name of the declaring type.
 
@@ -229,8 +229,8 @@ Ruby
 Major Analysis Improvements
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-Java
-""""
+Java/Kotlin
+"""""""""""
 
 *   The virtual dispatch relation used in data flow now favors summary models over source code for dispatch to interface methods from :code:`java.util` unless there is evidence that a specific source implementation is reachable. This should provide increased precision for any projects that include, for example, custom :code:`List` or :code:`Map` implementations.
 
@@ -242,8 +242,8 @@ JavaScript/TypeScript
 Minor Analysis Improvements
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-Java
-""""
+Java/Kotlin
+"""""""""""
 
 *   Added new sinks to the query :code:`java/android/implicit-pendingintents` to take into account the classes :code:`androidx.core.app.NotificationManagerCompat` and :code:`androidx.core.app.AlarmManagerCompat`.
 *   Added new flow steps for :code:`androidx.core.app.NotificationCompat` and its inner classes.
@@ -300,8 +300,8 @@ Golang
 *   Some classes/modules with upper-case acronyms in their name have been renamed to follow our style-guide.
     The old name still exists as a deprecated alias.
 
-Java
-""""
+Java/Kotlin
+"""""""""""
 
 *   The predicate :code:`Annotation.getAValue()` has been deprecated because it might lead to obtaining the value of the wrong annotation element by accident. :code:`getValue(string)` (or one of the value type specific predicates) should be used to explicitly specify the name of the annotation element.
 *   The predicate :code:`Annotation.getAValue(string)` has been renamed to :code:`getAnArrayValue(string)`.
@@ -335,8 +335,8 @@ C/C++
 
 *   Added subclasses of :code:`BuiltInOperations` for :code:`__is_same`, :code:`__is_function`, :code:`__is_layout_compatible`, :code:`__is_pointer_interconvertible_base_of`, :code:`__is_array`, :code:`__array_rank`, :code:`__array_extent`, :code:`__is_arithmetic`, :code:`__is_complete_type`, :code:`__is_compound`, :code:`__is_const`, :code:`__is_floating_point`, :code:`__is_fundamental`, :code:`__is_integral`, :code:`__is_lvalue_reference`, :code:`__is_member_function_pointer`, :code:`__is_member_object_pointer`, :code:`__is_member_pointer`, :code:`__is_object`, :code:`__is_pointer`, :code:`__is_reference`, :code:`__is_rvalue_reference`, :code:`__is_scalar`, :code:`__is_signed`, :code:`__is_unsigned`, :code:`__is_void`, and :code:`__is_volatile`.
 
-Java
-""""
+Java/Kotlin
+"""""""""""
 
 *   Added a new predicate, :code:`allowsBackup`, in the :code:`AndroidApplicationXmlElement` class. This predicate detects if the application element does not disable the :code:`android:allowBackup` attribute.
 *   The predicates of the CodeQL class :code:`Annotation` have been improved:

docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.11.1.rst

@@ -63,8 +63,8 @@ C#
 
 *   The alert message of many queries have been changed to better follow the style guide and make the message consistent with other languages.
 
-Java
-""""
+Java/Kotlin
+"""""""""""
 
 *   The alert message of many queries have been changed to better follow the style guide and make the message consistent with other languages.
 *   :code:`PathSanitizer.qll` has been promoted from experimental to the main query pack. This sanitizer was originally `submitted as part of an experimental query by @luchua-bc <https://github.com/github/codeql/pull/7286>`__.
@@ -81,8 +81,8 @@ Ruby
 New Queries
 ~~~~~~~~~~~
 
-Java
-""""
+Java/Kotlin
+"""""""""""
 
 *   Added a new query, :code:`java/android/webview-debugging-enabled`, to detect instances of WebView debugging being enabled in production builds.
 
@@ -103,8 +103,8 @@ Golang
 
 *   Added support for :code:`BeegoInput.RequestBody` as a source of untrusted data.
 
-Java
-""""
+Java/Kotlin
+"""""""""""
 
 *   Added external flow sources for the intents received in exported Android services.
 

docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.11.2.rst

@@ -114,8 +114,8 @@ C/C++
 
 *   Added a new medium-precision query, :code:`cpp/comma-before-misleading-indentation`, which detects instances of whitespace that have readability issues.
 
-Java
-""""
+Java/Kotlin
+"""""""""""
 
 *   Added a new query, :code:`java/android/incomplete-provider-permissions`, to detect if an Android ContentProvider is not protected with a correct set of permissions.
 *   A new query "Uncontrolled data used in content resolution" (:code:`java/androd/unsafe-content-uri-resolution`) has been added. This query finds paths from user-provided data to URI resolution operations in Android's :code:`ContentResolver` without previous validation or sanitization.
@@ -132,8 +132,8 @@ Language Libraries
 Minor Analysis Improvements
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-Java
-""""
+Java/Kotlin
+"""""""""""
 
 *   Added support for common patterns involving :code:`Stream.collect` and common collectors like :code:`Collectors.toList()`.
 *   The class :code:`TypeVariable` now also extends :code:`Modifiable`.
@@ -161,15 +161,15 @@ Ruby
 Deprecated APIs
 ~~~~~~~~~~~~~~~
 
-Java
-""""
+Java/Kotlin
+"""""""""""
 
 *   Deprecated :code:`ContextStartActivityMethod`. Use :code:`StartActivityMethod` instead.
 
 New Features
 ~~~~~~~~~~~~
 
-Java
-""""
+Java/Kotlin
+"""""""""""
 
 *   Added a new predicate, :code:`hasIncompletePermissions`, in the :code:`AndroidProviderXmlElement` class. This predicate detects if a provider element does not provide both read and write permissions.