CodeQL documentation

CodeQL 2.5.7 (2021-07-02)

This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the code scanning section on the GitHub blog, relevant GitHub Changelog updates, changes in the CodeQL extension for Visual Studio Code, and the CodeQL Action changelog.

Security Coverage

CodeQL 2.5.7 runs a total of 268 security queries when configured with the Default suite (covering 114 CWE). The Extended suite enables an additional 56 queries (covering 28 more CWE). 1 security query has been added with this release.


New Features

  • codeql database create and codeql database init can now automatically recognise the languages present in checkouts of GitHub repositories by making an API call to the GitHub server. This requires a PAT token to either be set in the GITHUB_TOKEN environment variable, or passed by stdin with the --github-auth-stdin argument.
  • Operations that make outgoing HTTP calls (that is, codeql github upload-results and the language-detection feature described above) now support the use of HTTP proxies. To use a proxy, specify an $https_proxy environment variable for HTTPS requests or a $http_proxy environment variable for HTTP requests. If the $no_proxy variable is also set, these variables will be ignored and requests will be made without a proxy.

QL Language

  • The QL language now has a new method toUnicode on the int type. This method converts Unicode codepoint to a one-character string. For example, 65.toUnicode() = "A", 128512.toUnicode() results in a smiley, and any(int i | i.toUnicode() = "A") = 65.
  • © GitHub, Inc.
  • Terms
  • Privacy