Skip to content

Commit e9e360a

Browse files
author
github-actions[bot]
committed
update codeql documentation
1 parent 373814b commit e9e360a

2 files changed

Lines changed: 99 additions & 0 deletions

File tree

Lines changed: 98 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,98 @@
1+
.. _codeql-cli-2.26.1:
2+
3+
==========================
4+
CodeQL 2.26.1 (2026-07-15)
5+
==========================
6+
7+
.. contents:: Contents
8+
:depth: 2
9+
:local:
10+
:backlinks: none
11+
12+
This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog <https://github.blog/tag/code-scanning/>`__, `relevant GitHub Changelog updates <https://github.blog/changelog/label/application-security/>`__, `changes in the CodeQL extension for Visual Studio Code <https://marketplace.visualstudio.com/items/GitHub.vscode-codeql/changelog>`__, and the `CodeQL Action changelog <https://github.com/github/codeql-action/blob/main/CHANGELOG.md>`__.
13+
14+
Security Coverage
15+
-----------------
16+
17+
CodeQL 2.26.1 runs a total of 497 security queries when configured with the Default suite (covering 170 CWE). The Extended suite enables an additional 131 queries (covering 32 more CWE).
18+
19+
CodeQL CLI
20+
----------
21+
22+
There are no user-facing CLI changes in this release.
23+
24+
Query Packs
25+
-----------
26+
27+
Minor Analysis Improvements
28+
~~~~~~~~~~~~~~~~~~~~~~~~~~~
29+
30+
Rust
31+
""""
32+
33+
* The :code:`rust/hard-coded-cryptographic-value` query now treats arithmetic and bitwise operations, including string append operations, as barriers. This addresses false positive results where hard-coded constants are combined with non-constant data, such as incrementing a nonce or appending variable data to a constant prefix.
34+
35+
Query Metadata Changes
36+
~~~~~~~~~~~~~~~~~~~~~~
37+
38+
C/C++
39+
"""""
40+
41+
* Added the tags :code:`external/cwe/cwe-073` and :code:`external/cwe/cwe-078` to :code:`cpp/uncontrolled-process-operation`.
42+
43+
C#
44+
""
45+
46+
* Added the tag :code:`external/cwe/cwe-073` to :code:`cs/assembly-path-injection`.
47+
48+
Language Libraries
49+
------------------
50+
51+
Breaking Changes
52+
~~~~~~~~~~~~~~~~
53+
54+
C/C++
55+
"""""
56+
57+
* Removed support for using variables as sources and sinks in models-as-data. Users of this feature should convert such sources and sinks to models defined using the QL language.
58+
59+
Major Analysis Improvements
60+
~~~~~~~~~~~~~~~~~~~~~~~~~~~
61+
62+
C#
63+
""
64+
65+
* Simplified and streamlined the use of NuGet sources when downloading dependencies via :code:`[mono] nuget.exe` in :code:`build-mode: none`\ : NuGet sources are now supplied via the :code:`-Source` flag instead of moving or creating :code:`nuget.config` files in the checked-out repository, private registries are used if configured, and only reachable feeds are used when NuGet feed checking is enabled (the default).
66+
67+
Minor Analysis Improvements
68+
~~~~~~~~~~~~~~~~~~~~~~~~~~~
69+
70+
Golang
71+
""""""
72+
73+
* Improved models for the :code:`log/slog` package (Go 1.21+), including :code:`*slog.Logger` methods, :code:`With`\ /\ :code:`WithGroup`, and :code:`Attr`\ /\ :code:`Value` helpers, improving coverage for the :code:`go/log-injection` and :code:`go/clear-text-logging` queries.
74+
75+
Java/Kotlin
76+
"""""""""""
77+
78+
* Regular expression checks via annotation with :code:`@javax.validation.constraints.Pattern` are now recognized as sanitizers for :code:`java/path-injection`.
79+
* Added summary and LLM-generated source and sink models for :code:`org.apache.poi`.
80+
* The first argument of the :code:`uri` method of :code:`WebClient$UriSpec` in :code:`org.springframework.web.reactive.function.client` is now considered a request forgery sink. Previously only the first arguments of the :code:`WebClient.create` and :code:`WebClient$Builder.baseUrl` methods were considered. This may lead to more alerts for the query :code:`java/ssrf` (Server-side request forgery).
81+
82+
JavaScript/TypeScript
83+
"""""""""""""""""""""
84+
85+
* Added support for Angular's :code:`@HostListener('window:message', ...)` and :code:`@HostListener('document:message', ...)` decorators as :code:`postMessage` event handlers. The decorated method's event parameter is now recognized as a client-side remote flow source, and is considered by the :code:`js/missing-origin-check` query.
86+
87+
Python
88+
""""""
89+
90+
* :code:`Flask::FlaskApp::instance()` will now also return instances of subclasses defined in the source tree. Previously, these were filtered out. :code:`Flask::FlaskApp::classRef()` has been deprecated in favor of :code:`Flask::FlaskApp::subclassRef()` since it already returned some subclasses.
91+
92+
Deprecated APIs
93+
~~~~~~~~~~~~~~~
94+
95+
C/C++
96+
"""""
97+
98+
* Models-as-data flow summaries now use fully qualified field names (for example, :code:`MyNamespace::MyStruct::myField`) instead of unqualified field names such as :code:`myField`. We recommend updating existing flow summaries to use fully qualified field names. Unqualified field names are still supported, but that support will be removed in a future release.

docs/codeql/codeql-overview/codeql-changelog/index.rst

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@ A list of queries for each suite and language `is available here <https://docs.g
1111
.. toctree::
1212
:maxdepth: 1
1313

14+
codeql-cli-2.26.1
1415
codeql-cli-2.26.0
1516
codeql-cli-2.25.6
1617
codeql-cli-2.25.5

0 commit comments

Comments
 (0)