CodeQL 2.5.7 (2021-07-02)¶
This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the code scanning section on the GitHub blog, relevant GitHub Changelog updates, changes in the CodeQL extension for Visual Studio Code, and the CodeQL Action changelog.
Security Coverage¶
CodeQL 2.5.7 runs a total of 268 security queries when configured with the Default suite (covering 114 CWE). The Extended suite enables an additional 56 queries (covering 28 more CWE). 1 security query has been added with this release.
CodeQL CLI¶
New Features¶
codeql database createandcodeql database initcan now automatically recognise the languages present in checkouts of GitHub repositories by making an API call to the GitHub server. This requires a PAT token to either be set in theGITHUB_TOKENenvironment variable, or passed by stdin with the--github-auth-stdinargument.Operations that make outgoing HTTP calls (that is,
codeql github upload-resultsand the language-detection feature described above) now support the use of HTTP proxies. To use a proxy, specify an$https_proxyenvironment variable for HTTPS requests or a$http_proxyenvironment variable for HTTP requests. If the$no_proxyvariable is also set, these variables will be ignored and requests will be made without a proxy.
QL Language¶
The QL language now has a new method
toUnicodeon theinttype. This method converts Unicode codepoint to a one-character string. For example,65.toUnicode() = "A",128512.toUnicode()results in a smiley, andany(int i | i.toUnicode() = "A") = 65.