From 532e1feaccb340c9618eb22562efbb08c5e7ea58 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 23 Feb 2026 17:40:16 +0000 Subject: [PATCH] update codeql documentation --- .../codeql-changelog/codeql-cli-2.19.1.rst | 2 +- .../codeql-changelog/codeql-cli-2.21.3.rst | 2 +- .../codeql-changelog/codeql-cli-2.22.3.rst | 2 +- .../codeql-changelog/codeql-cli-2.23.1.rst | 4 +- .../codeql-changelog/codeql-cli-2.24.2.rst | 109 ++++++++++++++++++ .../codeql-changelog/index.rst | 1 + 6 files changed, 115 insertions(+), 5 deletions(-) create mode 100644 docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.24.2.rst diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.19.1.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.19.1.rst index f2948d0db67..39d4d36537c 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.19.1.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.19.1.rst @@ -129,7 +129,7 @@ Java/Kotlin """"""""""" * The Java extractor and QL libraries now support Java 23. -* Kotlin versions up to 2.1.0\ *x* are now supported. +* Kotlin versions up to 2.1.0*x* are now supported. Python """""" diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.21.3.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.21.3.rst index 71a8e3a6824..fffe94c04b8 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.21.3.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.21.3.rst @@ -144,7 +144,7 @@ New Features Java/Kotlin """"""""""" -* Kotlin versions up to 2.2.0\ *x* are now supported. Support for the Kotlin 1.5.x series is dropped (so the minimum Kotlin version is now 1.6.0). +* Kotlin versions up to 2.2.0*x* are now supported. Support for the Kotlin 1.5.x series is dropped (so the minimum Kotlin version is now 1.6.0). Swift """"" diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.22.3.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.22.3.rst index 4f1d34ff2dd..8e5a18a0c74 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.22.3.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.22.3.rst @@ -98,4 +98,4 @@ C/C++ Java/Kotlin """"""""""" -* Kotlin versions up to 2.2.2\ *x* are now supported. +* Kotlin versions up to 2.2.2*x* are now supported. diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.23.1.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.23.1.rst index ff22a3f647c..27f1eee84ed 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.23.1.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.23.1.rst @@ -88,7 +88,7 @@ JavaScript/TypeScript * Data flow is now tracked through the :code:`Promise.try` and :code:`Array.prototype.with` functions. * Query :code:`js/index-out-of-bounds` no longer produces a false-positive when a strictly-less-than check overrides a previous less-than-or-equal test. * The query :code:`js/remote-property-injection` now detects property injection vulnerabilities through object enumeration patterns such as :code:`Object.keys()`. -* The query "Permissive CORS configuration" (:code:`js/cors-permissive-configuration`) has been promoted from experimental and is now part of the default security suite. Thank you to @maikypedia who `submitted the original experimental query `__! +* The query "Permissive CORS configuration" (:code:`js/cors-permissive-configuration`) has been promoted from experimental and is now part of the default security suite. Thank you to @maikypedia who `submitted the original experimental query `__\ ! Python """""" @@ -126,7 +126,7 @@ Golang """""" * The second argument of the :code:`CreateTemp` function, from the :code:`os` package, is no longer a path-injection sink due to proper sanitization by Go. -* The query "Uncontrolled data used in path expression" (:code:`go/path-injection`) now detects sanitizing a path by adding :code:`os.PathSeparator` or ``\`` to the beginning. +* The query "Uncontrolled data used in path expression" (:code:`go/path-injection`) now detects sanitizing a path by adding :code:`os.PathSeparator` or :code:`\` to the beginning. Java/Kotlin """"""""""" diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.24.2.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.24.2.rst new file mode 100644 index 00000000000..c70654e50b6 --- /dev/null +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.24.2.rst @@ -0,0 +1,109 @@ +.. _codeql-cli-2.24.2: + +========================== +CodeQL 2.24.2 (2026-02-20) +========================== + +.. contents:: Contents + :depth: 2 + :local: + :backlinks: none + +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. + +Security Coverage +----------------- + +CodeQL 2.24.2 runs a total of 491 security queries when configured with the Default suite (covering 166 CWE). The Extended suite enables an additional 135 queries (covering 35 more CWE). + +CodeQL CLI +---------- + +Bug Fixes +~~~~~~~~~ + +* Fixed SARIF output to generate RFC 1738 compatible file URIs. File URIs now always use the :code:`file:///` format instead of :code:`file:/` for better interoperability with SARIF consumers. + +Query Packs +----------- + +Bug Fixes +~~~~~~~~~ + +C# +"" + +* The :code:`cs/web/missing-token-validation` ("Missing cross-site request forgery token validation") query now recognizes antiforgery attributes on base controller classes, fixing false positives when :code:`[ValidateAntiForgeryToken]` or :code:`[AutoValidateAntiforgeryToken]` is applied to a parent class. + +Language Libraries +------------------ + +Bug Fixes +~~~~~~~~~ + +Python +"""""" + +* Using :code:`=` as a fill character in a format specifier (e.g :code:`f"{x:=^20}"`) now no longer results in a syntax error during parsing. + +Breaking Changes +~~~~~~~~~~~~~~~~ + +Golang +"""""" + +* The :code:`BasicBlock` class is now defined using the shared basic blocks library. :code:`BasicBlock.getRoot` has been replaced by :code:`BasicBlock.getScope`. :code:`BasicBlock.getAPredecessor` and :code:`BasicBlock.getASuccessor` now take a :code:`SuccessorType` argument. :code:`ReachableJoinBlock.inDominanceFrontierOf` has been removed, so use :code:`BasicBlock.inDominanceFrontier` instead, swapping the receiver and the argument. + +Major Analysis Improvements +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Golang +"""""" + +* Go 1.26 is now supported. + +Minor Analysis Improvements +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +C/C++ +""""" + +* Added remote flow source models for the :code:`winhttp.h` windows header and the Azure SDK core library for C/C++. + +C# +"" + +* The model for :code:`System.Web.HttpUtility` has been modified to better model the flow of tainted URIs. +* C# 14: Added support for :code:`extension` members in the extractor, QL library, data flow, and Models as Data, covering extension methods, properties, and operators. + +Java/Kotlin +""""""""""" + +* Using a regular expression to check that a string doesn't contain any line breaks is already a sanitizer for :code:`java/log-injection`. Additional ways of doing the regular expression check are now recognised, including annotation with :code:`@javax.validation.constraints.Pattern`. +* More ways of checking that a string matches a regular expression are now considered as sanitizers for various queries, including :code:`java/ssrf` and :code:`java/path-injection`. In particular, being annotated with :code:`@javax.validation.constraints.Pattern` is now recognised as a sanitizer for those queries. +* Kotlin versions up to 2.3.10 are now supported. + +Python +"""""" + +* Added request forgery sink models for the Azure SDK. +* Made it so that models-as-data sinks with the kind :code:`request-forgery` contribute to the class :code:`Http::Client::Request` which represents HTTP client requests. + +Deprecated APIs +~~~~~~~~~~~~~~~ + +Java/Kotlin +""""""""""" + +* The :code:`UnreachableBlocks.qll` library has been deprecated. +* Renamed the following predicates to increase uniformity across languages. The :code:`getBody` predicate already existed on :code:`LoopStmt`, but is now properly inherited. + + * :code:`UnaryExpr.getExpr` to :code:`getOperand`. + * :code:`ConditionalExpr.getTrueExpr` to :code:`getThen`. + * :code:`ConditionalExpr.getFalseExpr` to :code:`getElse`. + * :code:`ReturnStmt.getResult` to :code:`getExpr`. + * :code:`WhileStmt.getStmt` to :code:`getBody`. + * :code:`DoStmt.getStmt` to :code:`getBody`. + * :code:`ForStmt.getStmt` to :code:`getBody`. + * :code:`EnhancedForStmt.getStmt` to :code:`getBody`. + diff --git a/docs/codeql/codeql-overview/codeql-changelog/index.rst b/docs/codeql/codeql-overview/codeql-changelog/index.rst index 318366d1e69..21671f1c969 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/index.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/index.rst @@ -11,6 +11,7 @@ A list of queries for each suite and language `is available here