|
| 1 | +.. _codeql-cli-2.21.2: |
| 2 | + |
| 3 | +========================== |
| 4 | +CodeQL 2.21.2 (2025-05-01) |
| 5 | +========================== |
| 6 | + |
| 7 | +.. contents:: Contents |
| 8 | + :depth: 2 |
| 9 | + :local: |
| 10 | + :backlinks: none |
| 11 | + |
| 12 | +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog <https://github.blog/tag/code-scanning/>`__, `relevant GitHub Changelog updates <https://github.blog/changelog/label/code-scanning/>`__, `changes in the CodeQL extension for Visual Studio Code <https://marketplace.visualstudio.com/items/GitHub.vscode-codeql/changelog>`__, and the `CodeQL Action changelog <https://github.com/github/codeql-action/blob/main/CHANGELOG.md>`__. |
| 13 | + |
| 14 | +Security Coverage |
| 15 | +----------------- |
| 16 | + |
| 17 | +CodeQL 2.21.2 runs a total of 452 security queries when configured with the Default suite (covering 168 CWE). The Extended suite enables an additional 136 queries (covering 35 more CWE). |
| 18 | + |
| 19 | +CodeQL CLI |
| 20 | +---------- |
| 21 | + |
| 22 | +Bug Fixes |
| 23 | +~~~~~~~~~ |
| 24 | + |
| 25 | +* :code:`codeql generate log-summary` now correctly includes :code:`dependencies` maps in predicate events for :code:`COMPUTED_EXTENSIONAL` predicates. |
| 26 | + |
| 27 | +Query Packs |
| 28 | +----------- |
| 29 | + |
| 30 | +Bug Fixes |
| 31 | +~~~~~~~~~ |
| 32 | + |
| 33 | +GitHub Actions |
| 34 | +"""""""""""""" |
| 35 | + |
| 36 | +* Assigned a :code:`security-severity` to the query :code:`actions/excessive-secrets-exposure`. |
| 37 | + |
| 38 | +Breaking Changes |
| 39 | +~~~~~~~~~~~~~~~~ |
| 40 | + |
| 41 | +GitHub Actions |
| 42 | +"""""""""""""" |
| 43 | + |
| 44 | +* The following queries have been removed from the :code:`security-and-quality` suite. |
| 45 | + They are not intended to produce user-facing alerts describing vulnerabilities. |
| 46 | + Any existing alerts for these queries will be closed automatically. |
| 47 | + |
| 48 | + * :code:`actions/composite-action-sinks` |
| 49 | + * :code:`actions/composite-action-sources` |
| 50 | + * :code:`actions/composite-action-summaries` |
| 51 | + * :code:`actions/reusable-workflow-sinks` (renamed from :code:`actions/reusable-wokflow-sinks`) |
| 52 | + * :code:`actions/reusable-workflow-sources` |
| 53 | + * :code:`actions/reusable-workflow-summaries` |
| 54 | + |
| 55 | +Minor Analysis Improvements |
| 56 | +~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| 57 | + |
| 58 | +C# |
| 59 | +"" |
| 60 | + |
| 61 | +* Changes to the MaD model generation infrastructure: |
| 62 | + |
| 63 | + * Changed the query :code:`cs/utils/modelgenerator/summary-models` to use the implementation from :code:`cs/utils/modelgenerator/mixed-summary-models`. |
| 64 | + * Removed the now-redundant :code:`cs/utils/modelgenerator/mixed-summary-models` query. |
| 65 | + * A similar replacement was made for :code:`cs/utils/modelgenerator/neutral-models`. That is, if :code:`GenerateFlowModel.py` is provided with :code:`--with-summaries`, combined/mixed models are now generated instead of heuristic models (and similar for :code:`--with-neutrals`). |
| 66 | + |
| 67 | +* Improved detection of authorization checks in the :code:`cs/web/missing-function-level-access-control` query. The query now recognizes authorization attributes inherited from base classes and interfaces. |
| 68 | +* The precision of the query :code:`cs/invalid-string-formatting` has been improved. More methods and more overloads of existing format like methods are taken into account by the query. |
| 69 | + |
| 70 | +Java/Kotlin |
| 71 | +""""""""""" |
| 72 | + |
| 73 | +* Changes to the MaD model generation infrastructure: |
| 74 | + |
| 75 | + * Changed the query :code:`java/utils/modelgenerator/summary-models` to use the implementation from :code:`java/utils/modelgenerator/mixed-summary-models`. |
| 76 | + * Removed the now-redundant :code:`java/utils/modelgenerator/mixed-summary-models` query. |
| 77 | + * A similar replacement was made for :code:`java/utils/modelgenerator/neutral-models`. That is, if :code:`GenerateFlowModel.py` is provided with :code:`--with-summaries`, combined/mixed models are now generated instead of heuristic models (and similar for :code:`--with-neutrals`). |
| 78 | + |
| 79 | +Rust |
| 80 | +"""" |
| 81 | + |
| 82 | +* Changes to the MaD model generation infrastructure: |
| 83 | + |
| 84 | + * Changed the query :code:`rust/utils/modelgenerator/summary-models` to use the implementation from :code:`rust/utils/modelgenerator/mixed-summary-models`. |
| 85 | + * Removed the now-redundant :code:`rust/utils/modelgenerator/mixed-summary-models` query. |
| 86 | + * A similar replacement was made for :code:`rust/utils/modelgenerator/neutral-models`. That is, if :code:`GenerateFlowModel.py` is provided with :code:`--with-summaries`, combined/mixed models are now generated instead of heuristic models (and similar for :code:`--with-neutrals`). |
| 87 | + |
| 88 | +Language Libraries |
| 89 | +------------------ |
| 90 | + |
| 91 | +Major Analysis Improvements |
| 92 | +~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| 93 | + |
| 94 | +Swift |
| 95 | +""""" |
| 96 | + |
| 97 | +* Upgraded to allow analysis of Swift 6.1. |
| 98 | + |
| 99 | +Minor Analysis Improvements |
| 100 | +~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| 101 | + |
| 102 | +C# |
| 103 | +"" |
| 104 | + |
| 105 | +* Improved autobuilder logic for detecting whether a project references a SDK (and should be built using :code:`dotnet`). |
| 106 | + |
| 107 | +Swift |
| 108 | +""""" |
| 109 | + |
| 110 | +* Added AST nodes :code:`ActorIsolationErasureExpr`, :code:`CurrentContextIsolationExpr`, |
| 111 | + :code:`ExtractFunctionIsolationExpr` and :code:`UnreachableExpr` that correspond to new nodes added by Swift 6.0. |
| 112 | + |
| 113 | +New Features |
| 114 | +~~~~~~~~~~~~ |
| 115 | + |
| 116 | +C/C++ |
| 117 | +""""" |
| 118 | + |
| 119 | +* New classes :code:`TypeofType`, :code:`TypeofExprType`, and :code:`TypeofTypeType` were introduced, which represent the C23 :code:`typeof` and :code:`typeof_unqual` operators. The :code:`TypeofExprType` class represents the variant taking an expression as its argument. The :code:`TypeofTypeType` class represents the variant taking a type as its argument. |
| 120 | +* A new class :code:`IntrinsicTransformedType` was introduced, which represents the type transforming intrinsics supported by clang, gcc, and MSVC. |
| 121 | +* Introduced :code:`hasDesignator()` predicates to distinguish between designated and positional initializations for both struct/union fields and array elements. |
| 122 | +* Added the :code:`isVla()` predicate to the :code:`ArrayType` class. This allows queries to identify variable-length arrays (VLAs). |
0 commit comments