Merge branch 'main' into redsun82/swift-synth-properties

Author: d10c

.github/workflows/swift.yml

@@ -16,6 +16,7 @@ on:
     branches:
       - main
       - rc/*
+      - codeql-cli-*
   push:
     paths:
       - "swift/**"
@@ -30,6 +31,7 @@ on:
     branches:
       - main
       - rc/*
+      - codeql-cli-*
 
 jobs:
   # not using a matrix as you cannot depend on a specific job in a matrix, and we want to start linux checks

config/identical-files.json

@@ -511,7 +511,8 @@
   "SensitiveDataHeuristics Python/JS": [
     "javascript/ql/lib/semmle/javascript/security/internal/SensitiveDataHeuristics.qll",
     "python/ql/lib/semmle/python/security/internal/SensitiveDataHeuristics.qll",
-    "ruby/ql/lib/codeql/ruby/security/internal/SensitiveDataHeuristics.qll"
+    "ruby/ql/lib/codeql/ruby/security/internal/SensitiveDataHeuristics.qll",
+    "swift/ql/lib/codeql/swift/security/internal/SensitiveDataHeuristics.qll"
   ],
   "CFG": [
     "csharp/ql/lib/semmle/code/csharp/controlflow/internal/ControlFlowGraphImplShared.qll",
@@ -598,4 +599,4 @@
     "python/ql/lib/semmle/python/security/internal/EncryptionKeySizes.qll",
     "java/ql/lib/semmle/code/java/security/internal/EncryptionKeySizes.qll"
   ]
-}
+}

cpp/ql/lib/CHANGELOG.md

@@ -1,3 +1,19 @@
+## 0.7.2
+
+### New Features
+
+* Added an AST-based interface (`semmle.code.cpp.rangeanalysis.new.RangeAnalysis`) for the relative range analysis library.
+* A new predicate `BarrierGuard::getAnIndirectBarrierNode` has been added to the new dataflow library (`semmle.code.cpp.dataflow.new.DataFlow`) to mark indirect expressions as barrier nodes using the `BarrierGuard` API.
+
+### Major Analysis Improvements
+
+* In the intermediate representation, handling of control flow after non-returning calls has been improved. This should remove false positives in queries that use the intermedite representation or libraries based on it, including the new data flow library.
+
+### Minor Analysis Improvements
+
+* The `StdNamespace` class now also includes all inline namespaces that are children of `std` namespace.
+* The new dataflow (`semmle.code.cpp.dataflow.new.DataFlow`) and taint-tracking libraries (`semmle.code.cpp.dataflow.new.TaintTracking`) now support tracking flow through static local variables.
+
 ## 0.7.1
 
 No user-facing changes.

cpp/ql/lib/change-notes/2023-04-28-indirect-barrier-node.md

@@ -0,0 +1,15 @@
+## 0.7.2
+
+### New Features
+
+* Added an AST-based interface (`semmle.code.cpp.rangeanalysis.new.RangeAnalysis`) for the relative range analysis library.
+* A new predicate `BarrierGuard::getAnIndirectBarrierNode` has been added to the new dataflow library (`semmle.code.cpp.dataflow.new.DataFlow`) to mark indirect expressions as barrier nodes using the `BarrierGuard` API.
+
+### Major Analysis Improvements
+
+* In the intermediate representation, handling of control flow after non-returning calls has been improved. This should remove false positives in queries that use the intermedite representation or libraries based on it, including the new data flow library.
+
+### Minor Analysis Improvements
+
+* The `StdNamespace` class now also includes all inline namespaces that are children of `std` namespace.
+* The new dataflow (`semmle.code.cpp.dataflow.new.DataFlow`) and taint-tracking libraries (`semmle.code.cpp.dataflow.new.TaintTracking`) now support tracking flow through static local variables.

cpp/ql/lib/change-notes/2023-04-28-static-local-dataflow.md

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.1
+lastReleaseVersion: 0.7.2