v2.1.0

What's Changed

• Automatically open PR to upgrade CodeQL CLI dependencies by @lcartey in #215
• Update CodeQL CLI upgrade workflow to include GH_TOKEN by @lcartey in #217
• Upgrade CodeQL CLI dependency to v2.22.3 by @github-actions[bot] in #218
• Add cds utils modelling by @knewbury01 in #206
• Use CDS extractor diagnostics instead of exit error codes by @data-douser in #223
• Begin dataflow lib upgrade generic portions by @knewbury01 in #220
• Upgrade CodeQL CLI dependency to v2.22.4 by @github-actions[bot] in #225
• Address FN involving CAP remote flow sources by @jeongsoolee09 in #222
• Make CAP Log injection query more resilient and conservative by @jeongsoolee09 in #226
• Bump version to 2.1.0 from 2.0.0 by @jeongsoolee09 in #227

New Contributors

• @github-actions[bot] made their first contribution in #218

Full Changelog: v2.0.0...v2.1.0

v2.0.0

What's Changed

• De-noise alert position by @jeongsoolee09 in #36
• Update expected results by @jeongsoolee09 in #38
• merge main by @mbaluda in #39
• Bump version: 1.0.0 and 1.0.1 by @jeongsoolee09 in #37
• Add first draft of qhelp for queries by @jeongsoolee09 in #33
• Improve test automation by @mbaluda in #41
• Prepare for 0.1.1 pack release by @jeongsoolee09 in #46
• Update UI5Clickjacking.ql precision by @mbaluda in #49
• Track dataflow through event handlers and their parameters by @mbaluda in #40
• Update codeql_tests.yml by @mbaluda in #47
• Avoid duplicate alerts by @mbaluda in #50
• Bump all versions to 0.2.0 by @jeongsoolee09 in #54
• Integrate QLT by @jsinglet in #53
• Delete codeql-sap-js.code-workspace by @mbaluda in #55
• Introduce new repository structure by @jeongsoolee09 in #56
• Add diagnostic queries by @rvermeulen in #60
• Generalize UI5 sources by @rvermeulen in #61
• Bump version to 0.3.0 by @jeongsoolee09 in #62
• Add diagnostic query to list partial paths by @rvermeulen in #63
• Broaden the requirements for an XML view by @rvermeulen in #65
• Upgrade CodeQL dependencies and bump pack versions by @rvermeulen in #68
• Add UI5 web app detection by @rvermeulen in #66
• Extend bindings modeling by @rvermeulen in #69
• Fix resource root resolve by @rvermeulen in #71
• Add heuristic model pack by @rvermeulen in #72
• Expand javascript bindings by @rvermeulen in #73
• Address CP between binding strings and static javascript binding by @rvermeulen in #75
• Remove tokens for QLT by @jsinglet in #76
• Cover CAP's Fluent API to construct cds.ql queries by @jeongsoolee09 in #29
• Trigger the unit test only on main by @rvermeulen in #74
• Detect XSS involving server-side models and controller handler parameters by @jeongsoolee09 in #67
• Bump version to 0.5.0 by @jeongsoolee09 in #80
• CAP SQLi/LOGi queries by @mbaluda in #82
• Bump codeql/javascript-all to ^0.8.7 by @jeongsoolee09 in #79
• Add cap cxn parse sink model and test by @knewbury01 in #83
• Path should not cross different apps by @mbaluda in #88
• Refine Code Scanning workflow configuration by @mbaluda in #85
• Implement CDS log sinks by @knewbury01 in #81
• Create query for vulnerability not specific to webapp security by @jeongsoolee09 in #78
• Add sarif-diff to Code Scanning workflow by @mbaluda in #58
• Optimize UI5BindingPath.getNode by @jeongsoolee09 in #92
• Edit dependencies, precision and suite file names by @jeongsoolee09 in #91
• Stylistic edits to help files by @jeongsoolee09 in #90
• Log-injection improvements by @mbaluda in #89
• Separate CAP from non-CAP alerts by @mbaluda in #96
• Upgrade QLT Version by @jsinglet in #97
• Cover missing XSS vulnerability by @jeongsoolee09 in #104
• Perform missing version ups from 0.5.0 to 0.6.0 by @jeongsoolee09 in #105
• fix paths for json files compiled from cds by @mbaluda in #106
• Cover multi-service log injection by @jeongsoolee09 in #94
• Bump remaining 0.5.0 to 0.6.0 by @jeongsoolee09 in #108
• Add authentication/authorization related PoCs by @jeongsoolee09 in #107
• Fix FN cap sources by @knewbury01 in #109
• Patch for cap remoteflowsource ServiceinCDSHandlerParameter by @knewbury01 in #110
• Bump CAP packs' version from 0.1.0 to 0.2.0 by @jeongsoolee09 in #114
• CodeQL version from qlt.conf.json by @mbaluda in #119
• Add two log injection applications with custom listeners by @jeongsoolee09 in #116
• Remove .expected files by @jeongsoolee09 in #121
• Fix code-scanning workflow by @mbaluda in #122
• Adapt to modified LGTM_ env variables behavior by @mbaluda in #125
• Update urls for cql injection help file by @knewbury01 in #128
• Adjust cap log sinks by @knewbury01 in #130
• Use qlt-action from advanced-security/codeql-development-toolkit by @mbaluda in #131
• XSJS queries and CodeQL update by @mbaluda in #129
• Add sensitive information exposure query by @knewbury01 in #126
• Address CodeQL warnings by @mbaluda in #133
• Add fully qualified name matching on E2 sources by @knewbury01 in #137
• UI5 client side log-injection improvements by @mbaluda in #136
• Implement queries for authentication / authorization related issues by @jeongsoolee09 in #113
• Add help files to Authentication/Authorization queries by @jeongsoolee09 in #138
• Revert "Undo commit a79ebb-693132" by @mbaluda in #142
• Adds XSJS CSRF and authorization queries by @mbaluda in #144
• Implement UnnecessarilyGrantedPrivilegedAccessRights by @jeongsoolee09 in #139
• Add README for CAP and XSJS by @mbaluda in #147
• fix broken links by @mbaluda in #148
• Bump version of qlpack.ymls for CAP release by @jeongsoolee09 in #149
• Deals with external .cds files by @mbaluda in #150
• Update README.md by @mbaluda in #151
• Prepare project for publishing by @mbaluda in #156
• Create SECURITY.md by @lcartey in #157
• Refine locations in the CDS file by @lcartey in #159
• Add a CodeQL extractor for SAP CAP cds files by @lcartey in #158
• Rename XSJS packs to remove -async- qualifier by @lcartey in #160
• Remove cartesian product in MkConstBindingPathComponentList by @lcartey in #161
• Capture and report CDS compilation errors by @lcartey in #162
• cds extractor: npm install in each package.json by @lcartey in https://gi...