Merge pull request #79 from GitHubSecurityLab/java/updatedependencies

GeekMasher · web-flow · commit 046dfe7fb7e3 · 2024-11-08T09:01:59.000Z
Update Java QL Pack dependencies.
diff --git a/java/lib/codeql-pack.lock.yml b/java/lib/codeql-pack.lock.yml
@@ -2,27 +2,27 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/dataflow:
-    version: 1.0.0
+    version: 1.1.4
   codeql/java-all:
-    version: 1.0.0
+    version: 4.1.1
   codeql/mad:
-    version: 1.0.0
+    version: 1.0.10
   codeql/rangeanalysis:
-    version: 1.0.0
+    version: 1.0.10
   codeql/regex:
-    version: 1.0.0
+    version: 1.0.10
   codeql/ssa:
-    version: 1.0.0
+    version: 1.0.10
   codeql/threat-models:
-    version: 1.0.0
+    version: 1.0.10
   codeql/tutorial:
-    version: 1.0.0
+    version: 1.0.10
   codeql/typeflow:
-    version: 1.0.0
+    version: 1.0.10
   codeql/typetracking:
-    version: 1.0.0
+    version: 1.0.10
   codeql/util:
-    version: 1.0.0
+    version: 1.0.10
   codeql/xml:
-    version: 1.0.0
+    version: 1.0.10
 compiled: false
diff --git a/java/lib/qlpack.yml b/java/lib/qlpack.yml
@@ -2,4 +2,4 @@ library: true
 name: githubsecuritylab/codeql-java-libs
 version: 0.1.0
 dependencies:
-  codeql/java-all: '^1.0.0'
+  codeql/java-all: '*'
diff --git a/java/src/codeql-pack.lock.yml b/java/src/codeql-pack.lock.yml
@@ -2,27 +2,27 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/dataflow:
-    version: 1.0.0
+    version: 1.1.4
   codeql/java-all:
-    version: 1.0.0
+    version: 4.1.1
   codeql/mad:
-    version: 1.0.0
+    version: 1.0.10
   codeql/rangeanalysis:
-    version: 1.0.0
+    version: 1.0.10
   codeql/regex:
-    version: 1.0.0
+    version: 1.0.10
   codeql/ssa:
-    version: 1.0.0
+    version: 1.0.10
   codeql/threat-models:
-    version: 1.0.0
+    version: 1.0.10
   codeql/tutorial:
-    version: 1.0.0
+    version: 1.0.10
   codeql/typeflow:
-    version: 1.0.0
+    version: 1.0.10
   codeql/typetracking:
-    version: 1.0.0
+    version: 1.0.10
   codeql/util:
-    version: 1.0.0
+    version: 1.0.10
   codeql/xml:
-    version: 1.0.0
+    version: 1.0.10
 compiled: false
diff --git a/java/src/library_sources/ExternalAPIs.qll b/java/src/library_sources/ExternalAPIs.qll
@@ -111,10 +111,10 @@ deprecated class UntrustedDataToExternalApiConfig extends TaintTracking::Configu
 }
 
 /**
- * Taint tracking configuration for flow from `ThreatModelFlowSource`s to `ExternalApiDataNode`s.
+ * Taint tracking configuration for flow from `ActiveThreatModelSource`s to `ExternalApiDataNode`s.
  */
 module UntrustedDataToExternalApiConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }
+  predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource }
 
   predicate isSink(DataFlow::Node sink) { sink instanceof ExternalApiDataNode }
 }
@@ -247,7 +247,7 @@ private string typeAsModel(Callable c) {
   exists(RefType type | type = c.getDeclaringType() |
     result =
       type.getCompilationUnit().getPackage().getName() + ";" +
-        type.getErasure().(J::RefType).nestedName()
+        type.getErasure().(J::RefType).getNestedName()
   )
 }
 
diff --git a/java/src/qlpack.yml b/java/src/qlpack.yml
@@ -4,5 +4,5 @@ version: 0.1.0
 suites: suites
 defaultSuiteFile: suites/java.qls
 dependencies:
-  codeql/java-all: '^1.0.0'
-  githubsecuritylab/codeql-java-libs: 0.0.1
+  codeql/java-all: '*'
+  githubsecuritylab/codeql-java-libs: '*'
diff --git a/java/test/codeql-pack.lock.yml b/java/test/codeql-pack.lock.yml
@@ -2,31 +2,31 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/dataflow:
-    version: 1.0.0
+    version: 1.1.4
   codeql/java-all:
-    version: 1.0.0
+    version: 4.1.1
   codeql/java-queries:
-    version: 1.0.0
+    version: 1.1.7
   codeql/mad:
-    version: 1.0.0
+    version: 1.0.10
   codeql/rangeanalysis:
-    version: 1.0.0
+    version: 1.0.10
   codeql/regex:
-    version: 1.0.0
+    version: 1.0.10
   codeql/ssa:
-    version: 1.0.0
+    version: 1.0.10
   codeql/suite-helpers:
-    version: 1.0.0
+    version: 1.0.10
   codeql/threat-models:
-    version: 1.0.0
+    version: 1.0.10
   codeql/tutorial:
-    version: 1.0.0
+    version: 1.0.10
   codeql/typeflow:
-    version: 1.0.0
+    version: 1.0.10
   codeql/typetracking:
-    version: 1.0.0
+    version: 1.0.10
   codeql/util:
-    version: 1.0.0
+    version: 1.0.10
   codeql/xml:
-    version: 1.0.0
+    version: 1.0.10
 compiled: false
diff --git a/java/test/qlpack.yml b/java/test/qlpack.yml
@@ -1,8 +1,8 @@
 name: githubsecurtylab/codeql-java-tests
 groups: [java, test]
 dependencies:
-    codeql/java-all: '^1.0.0'
-    codeql/java-queries: '^1.0.0'
+    codeql/java-all: '*'
+    codeql/java-queries: '*'
     githubsecuritylab/codeql-java-queries: '*'
     githubsecuritylab/codeql-java-libs: '*'
 extractor: java

Original file line number	Diff line number	Diff line change
`@@ -111,10 +111,10 @@ deprecated class UntrustedDataToExternalApiConfig extends TaintTracking::Configu`
`111`	`111`	`}`
`112`	`112`
`113`	`113`	`/**`
`114`		- * Taint tracking configuration for flow from `ThreatModelFlowSource`s to `ExternalApiDataNode`s.
	`114`	+ * Taint tracking configuration for flow from `ActiveThreatModelSource`s to `ExternalApiDataNode`s.
`115`	`115`	`*/`
`116`	`116`	`module UntrustedDataToExternalApiConfig implements DataFlow::ConfigSig {`
`117`		`- predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }`
	`117`	`+ predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource }`
`118`	`118`
`119`	`119`	`predicate isSink(DataFlow::Node sink) { sink instanceof ExternalApiDataNode }`
`120`	`120`	`}`
`@@ -247,7 +247,7 @@ private string typeAsModel(Callable c) {`
`247`	`247`	`exists(RefType type \| type = c.getDeclaringType() \|`
`248`	`248`	`result =`
`249`	`249`	`type.getCompilationUnit().getPackage().getName() + ";" +`
`250`		`- type.getErasure().(J::RefType).nestedName()`
	`250`	`+ type.getErasure().(J::RefType).getNestedName()`
`251`	`251`	`)`
`252`	`252`	`}`
`253`	`253`