RST sitedocs for 2.22.0

Author: jonjanego

docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.19.4.rst

@@ -79,4 +79,4 @@ JavaScript/TypeScript
 *   Added taint-steps for :code:`Array.prototype.toReversed`.
 *   Added taint-steps for :code:`Array.prototype.toSorted`.
 *   Added support for :code:`String.prototype.matchAll`.
-*   Added taint-steps for :code:`Array.prototype.reverse`.
+*   Added taint-steps for :code:`Array.prototype.reverse`\ 

docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.20.4.rst

@@ -117,8 +117,8 @@ Java/Kotlin
 *   Deleted the deprecated :code:`isLValue` and :code:`isRValue` predicates from the :code:`VarAccess` class, use :code:`isVarWrite` and :code:`isVarRead` respectively instead.
 *   Deleted the deprecated :code:`getRhs` predicate from the :code:`VarWrite` class, use :code:`getASource` instead.
 *   Deleted the deprecated :code:`LValue` and :code:`RValue` classes, use :code:`VarWrite` and :code:`VarRead` respectively instead.
-*   Deleted a lot of deprecated classes ending in ``*Access``, use the corresponding ``*Call`` classes instead.
-*   Deleted a lot of deprecated predicates ending in ``*Access``, use the corresponding ``*Call`` predicates instead.
+*   Deleted a lot of deprecated classes ending in :code:`*Access`, use the corresponding :code:`*Call` classes instead.
+*   Deleted a lot of deprecated predicates ending in :code:`*Access`, use the corresponding :code:`*Call` predicates instead.
 *   Deleted the deprecated :code:`EnvInput` and :code:`DatabaseInput` classes from :code:`FlowSources.qll`, use the threat models feature instead.
 *   Deleted some deprecated API predicates from :code:`SensitiveApi.qll`, use the Sink classes from that file instead.
 
@@ -144,7 +144,7 @@ Ruby
 *   Deleted the deprecated :code:`ModelClass` and :code:`ModelInstance` classes from :code:`ActiveResource.qll`, use :code:`ModelClassNode` and :code:`ModelClassNode.getAnInstanceReference()` instead.
 *   Deleted the deprecated :code:`Collection` class from :code:`ActiveResource.qll`, use :code:`CollectionSource` instead.
 *   Deleted the deprecated :code:`ServiceInstantiation` and :code:`ClientInstantiation` classes from :code:`Twirp.qll`.
-*   Deleted a lot of deprecated dataflow modules from ``*Query.qll`` files.
+*   Deleted a lot of deprecated dataflow modules from :code:`*Query.qll` files.
 *   Deleted the old deprecated TypeTracking library.
 
 Swift

docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.21.0.rst

@@ -207,5 +207,5 @@ JavaScript/TypeScript
 
     *   Intersection :code:`&&`
     *   Subtraction :code:`--`
-    *   :code:`\\q` quoted string
+    *   :code:`\q` quoted string
 

docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.22.0.rst

@@ -0,0 +1,82 @@
+.. _codeql-cli-2.22.0:
+
+==========================
+CodeQL 2.22.0 (2025-06-11)
+==========================
+
+.. contents:: Contents
+   :depth: 2
+   :local:
+   :backlinks: none
+
+This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog <https://github.blog/tag/code-scanning/>`__, `relevant GitHub Changelog updates <https://github.blog/changelog/label/code-scanning/>`__, `changes in the CodeQL extension for Visual Studio Code <https://marketplace.visualstudio.com/items/GitHub.vscode-codeql/changelog>`__, and the `CodeQL Action changelog <https://github.com/github/codeql-action/blob/main/CHANGELOG.md>`__.
+
+Security Coverage
+-----------------
+
+CodeQL 2.22.0 runs a total of 450 security queries when configured with the Default suite (covering 165 CWE). The Extended suite enables an additional 128 queries (covering 33 more CWE). 1 security query has been added with this release.
+
+CodeQL CLI
+----------
+
+Breaking Changes
+~~~~~~~~~~~~~~~~
+
+*   A number of breaking changes have been made to the C and C++ CodeQL test environment as used by :code:`codeql test run`\ :
+
+    *   Options starting with a :code:`/` are no longer supported by
+        :code:`semmle-extractor-options`. Any option starting with a :code:`/` should be replaced by the equivalent option starting with a :code:`-`, e.g., :code:`/D` should be replaced by :code:`-D`.
+    *   Preprocessor command line options of the form :code:`-D<macro>#<def>` are no longer supported by :code:`semmle-extractor-options`. :code:`-D<macro>=<def>` should be used instead.
+    *   The :code:`/Fp` and :code:`-o` options are no longer supported by
+        :code:`semmle-extractor-options`. The options should be omitted.
+    *   The :code:`-emit-pch`, :code:`-include-pch`, :code:`/Yc`, and :code:`/Yu` options, and the
+        :code:`--preinclude` option taking a pre-compiled header as its argument, are no longer supported by :code:`semmle-extractor-options`. Any test that makes use of this should be replaced by a test that invokes the CodeQL CLI with the
+        :code:`create database` option and that runs the relevant queries on the created database.
+
+Query Packs
+-----------
+
+Minor Analysis Improvements
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Python
+""""""
+
+*   Added SQL injection models from the :code:`pandas` PyPI package.
+
+New Queries
+~~~~~~~~~~~
+
+Golang
+""""""
+
+*   Query (:code:`go/html-template-escaping-bypass-xss`) has been promoted to the main query suite. This query finds potential cross-site scripting (XSS) vulnerabilities when using the :code:`html/template` package, caused by user input being cast to a type which bypasses the HTML autoescaping. It was originally contributed to the experimental query pack by @gagliardetto in `https://github.com/github/codeql-go/pull/493 <https://github.com/github/codeql-go/pull/493>`_.
+
+Language Libraries
+------------------
+
+Minor Analysis Improvements
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Golang
+""""""
+
+*   The first argument of :code:`Client.Query` in :code:`cloud.google.com/go/bigquery` is now recognized as a SQL injection sink.
+
+JavaScript/TypeScript
+"""""""""""""""""""""
+
+*   Added taint flow through the :code:`URL` constructor from the :code:`url` package, improving the identification of SSRF vulnerabilities.
+
+Swift
+"""""
+
+*   Updated to allow analysis of Swift 6.1.2.
+
+New Features
+~~~~~~~~~~~~
+
+C/C++
+"""""
+
+*   Added a predicate :code:`getReferencedMember` to :code:`UsingDeclarationEntry`, which yields a member depending on a type template parameter.

docs/codeql/codeql-overview/codeql-changelog/index.rst

@@ -11,6 +11,7 @@ A list of queries for each suite and language `is available here <https://docs.g
 .. toctree::
    :maxdepth: 1
 
+   codeql-cli-2.22.0
    codeql-cli-2.21.4
    codeql-cli-2.21.3
    codeql-cli-2.21.2