CodeQL 2.12.6 (2023-04-04)¶
Contents
This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the code scanning section on the GitHub blog, relevant GitHub Changelog updates, changes in the CodeQL extension for Visual Studio Code, and the CodeQL Action changelog.
Security Coverage¶
CodeQL 2.12.6 runs a total of 386 security queries when configured with the Default suite (covering 154 CWE). The Extended suite enables an additional 124 queries (covering 31 more CWE). 1 security query has been added with this release.
CodeQL CLI¶
Bug Fixes¶
- Fixed a bug in
codeql database analyzeand related commands where the--max-pathsoption was not respected correctly when multiple alerts with the same primary code location were grouped together. (This grouping is the default behavior unless the--no-group-alertsoption is passed.) This bug caused some SARIF files produced by CodeQL to exceed the limits on the number of paths (threadFlows) accepted by code scanning, leading to errors when uploading results.
New Features¶
- Several experimental subcommands have been added in support of the new code scanning tool status page.
These include
codeql database add-diagnostic,codeql database export-diagnostics, and thecodeql diagnostic addandcodeql diagnostic exportplumbing subcommands.
Known Issues¶
We recommend that customers using the CodeQL CLI in a third party CI system do not upgrade to this release, due to an issue with
codeql github upload-results. Instead, please use CodeQL 2.12.5, or, when available, CodeQL 2.12.7 or 2.13.1.This issue occurs when uploading certain kinds of diagnostic information and causes the subcommand to fail with “A fatal error occurred: Invalid SARIF.”, reporting an
InvalidDefinitionException.Customers who wish to use CodeQL 2.12.6 or 2.13.0 can work around the problem by passing
--no-sarif-include-diagnosticsto any invocations ofcodeql database analyzeorcodeql database interpret-results.