CodeQL documentation
CodeQL resources

CodeQL 2.21.2 (2025-05-01)ΒΆ

This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the code scanning section on the GitHub blog, relevant GitHub Changelog updates, changes in the CodeQL extension for Visual Studio Code, and the CodeQL Action changelog.

Security CoverageΒΆ

CodeQL 2.21.2 runs a total of 452 security queries when configured with the Default suite (covering 168 CWE). The Extended suite enables an additional 136 queries (covering 35 more CWE).

CodeQL CLIΒΆ

Bug FixesΒΆ

  • codeql generate log-summary now correctly includes dependencies maps in predicate events for COMPUTED_EXTENSIONAL predicates.

Query PacksΒΆ

Bug FixesΒΆ

GitHub ActionsΒΆ

  • Assigned a security-severity to the query actions/excessive-secrets-exposure.

Breaking ChangesΒΆ

GitHub ActionsΒΆ

  • The following queries have been removed from the security-and-quality suite. They are not intended to produce user-facing alerts describing vulnerabilities. Any existing alerts for these queries will be closed automatically.

    • actions/composite-action-sinks

    • actions/composite-action-sources

    • actions/composite-action-summaries

    • actions/reusable-workflow-sinks (renamed from actions/reusable-wokflow-sinks)

    • actions/reusable-workflow-sources

    • actions/reusable-workflow-summaries

Minor Analysis ImprovementsΒΆ

C#ΒΆ

  • Changes to the MaD model generation infrastructure:

    • Changed the query cs/utils/modelgenerator/summary-models to use the implementation from cs/utils/modelgenerator/mixed-summary-models.

    • Removed the now-redundant cs/utils/modelgenerator/mixed-summary-models query.

    • A similar replacement was made for cs/utils/modelgenerator/neutral-models. That is, if GenerateFlowModel.py is provided with --with-summaries, combined/mixed models are now generated instead of heuristic models (and similar for --with-neutrals).

  • Improved detection of authorization checks in the cs/web/missing-function-level-access-control query. The query now recognizes authorization attributes inherited from base classes and interfaces.

  • The precision of the query cs/invalid-string-formatting has been improved. More methods and more overloads of existing format like methods are taken into account by the query.

Java/KotlinΒΆ

  • Changes to the MaD model generation infrastructure:

    • Changed the query java/utils/modelgenerator/summary-models to use the implementation from java/utils/modelgenerator/mixed-summary-models.

    • Removed the now-redundant java/utils/modelgenerator/mixed-summary-models query.

    • A similar replacement was made for java/utils/modelgenerator/neutral-models. That is, if GenerateFlowModel.py is provided with --with-summaries, combined/mixed models are now generated instead of heuristic models (and similar for --with-neutrals).

RustΒΆ

  • Changes to the MaD model generation infrastructure:

    • Changed the query rust/utils/modelgenerator/summary-models to use the implementation from rust/utils/modelgenerator/mixed-summary-models.

    • Removed the now-redundant rust/utils/modelgenerator/mixed-summary-models query.

    • A similar replacement was made for rust/utils/modelgenerator/neutral-models. That is, if GenerateFlowModel.py is provided with --with-summaries, combined/mixed models are now generated instead of heuristic models (and similar for --with-neutrals).

Language LibrariesΒΆ

Major Analysis ImprovementsΒΆ

SwiftΒΆ

  • Upgraded to allow analysis of Swift 6.1.

Minor Analysis ImprovementsΒΆ

C#ΒΆ

  • Improved autobuilder logic for detecting whether a project references a SDK (and should be built using dotnet).

SwiftΒΆ

  • Added AST nodes ActorIsolationErasureExpr, CurrentContextIsolationExpr, ExtractFunctionIsolationExpr and UnreachableExpr that correspond to new nodes added by Swift 6.0.

New FeaturesΒΆ

C/C++ΒΆ

  • New classes TypeofType, TypeofExprType, and TypeofTypeType were introduced, which represent the C23 typeof and typeof_unqual operators. The TypeofExprType class represents the variant taking an expression as its argument. The TypeofTypeType class represents the variant taking a type as its argument.

  • A new class IntrinsicTransformedType was introduced, which represents the type transforming intrinsics supported by clang, gcc, and MSVC.

  • Introduced hasDesignator() predicates to distinguish between designated and positional initializations for both struct/union fields and array elements.

  • Added the isVla() predicate to the ArrayType class. This allows queries to identify variable-length arrays (VLAs).

  • Β© GitHub, Inc.
  • Terms
  • Privacy