Post-release preparation for codeql-cli-2.26.0#22110
Merged
Merged
Conversation
The `instanceFieldStep` disjunct of `TypeTrackingInput::levelStepCall` that was added in 7.2.0 uses `classInstanceTracker(cls)` -- which is itself a type-tracker -- inside `levelStepCall`. That creates a structural mutual recursion between the main type-tracker fixpoint and `classInstanceTracker`, causing the type-tracker delta to blow up to ~100M tuples per iteration on some OOP-heavy Python codebases. Verified on the python/mypy database: SSRF query wall time goes from ~12s before the offending commit to >40 minutes after it. This hotfix temporarily drops the `instanceFieldStep` disjunct and keeps only `inheritedFieldStep`, which does not pull on the call graph and is well-behaved (verified at ~12s on mypy). The `instanceFieldStep` helper predicate itself is kept in place, and the `levelStepCall` body has a commented-out call to it so the change is trivial to re-enable once the recursion issue is properly addressed.
…stance-field-step Python: hotfix - disable instanceFieldStep to avoid type-tracker blowup
Revert "Release preparation for version 2.26.0"
Python: release hotfix
Release preparation for version 2.26.0
mbg
approved these changes
Jul 2, 2026
Contributor
There was a problem hiding this comment.
Pull request overview
Merges back changes from the codeql-cli-2.26.0 release and bumps CodeQL pack versions to *-dev in preparation for 2.26.1, alongside a small set of Python analysis/test updates that accompany the release merge-back.
Changes:
- Bump
qlpack.ymlversions across multiple language and shared packs to the next*-devversions. - Update Python dataflow/type-tracking logic (and related flow-summary content encodings) with corresponding test expectation adjustments.
- Minor Python changelog whitespace cleanup.
Show a summary per file
| File | Description |
|---|---|
| swift/ql/src/qlpack.yml | Bump Swift queries pack version to next -dev. |
| swift/ql/lib/qlpack.yml | Bump Swift library pack version to next -dev. |
| shared/yaml/qlpack.yml | Bump shared YAML pack version to next -dev. |
| shared/xml/qlpack.yml | Bump shared XML pack version to next -dev. |
| shared/util/qlpack.yml | Bump shared util pack version to next -dev. |
| shared/typos/qlpack.yml | Bump shared typos pack version to next -dev. |
| shared/typetracking/qlpack.yml | Bump shared typetracking pack version to next -dev. |
| shared/typeinference/qlpack.yml | Bump shared typeinference pack version to next -dev. |
| shared/typeflow/qlpack.yml | Bump shared typeflow pack version to next -dev. |
| shared/tutorial/qlpack.yml | Bump shared tutorial pack version to next -dev. |
| shared/threat-models/qlpack.yml | Bump shared threat-models pack version to next -dev. |
| shared/ssa/qlpack.yml | Bump shared SSA pack version to next -dev. |
| shared/regex/qlpack.yml | Bump shared regex pack version to next -dev. |
| shared/rangeanalysis/qlpack.yml | Bump shared rangeanalysis pack version to next -dev. |
| shared/quantum/qlpack.yml | Bump shared quantum pack version to next -dev. |
| shared/namebinding/qlpack.yml | Bump shared namebinding pack version to next -dev. |
| shared/mad/qlpack.yml | Bump shared MaD pack version to next -dev. |
| shared/dataflow/qlpack.yml | Bump shared dataflow pack version to next -dev. |
| shared/controlflow/qlpack.yml | Bump shared controlflow pack version to next -dev. |
| shared/concepts/qlpack.yml | Bump shared concepts pack version to next -dev. |
| rust/ql/src/qlpack.yml | Bump Rust queries pack version to next -dev. |
| rust/ql/lib/qlpack.yml | Bump Rust library pack version to next -dev. |
| ruby/ql/src/qlpack.yml | Bump Ruby queries pack version to next -dev. |
| ruby/ql/lib/qlpack.yml | Bump Ruby library pack version to next -dev. |
| python/ql/src/qlpack.yml | Bump Python queries pack version to next -dev. |
| python/ql/lib/qlpack.yml | Bump Python library pack version to next -dev. |
| python/ql/lib/CHANGELOG.md | Remove trailing whitespace in changelog entries. |
| python/ql/lib/semmle/python/frameworks/Stdlib.qll | Update Python stdlib flow summaries to use broader “any tuple/dict element” encodings. |
| python/ql/lib/semmle/python/dataflow/new/internal/TypeTrackingImpl.qll | Temporarily disable an instance-field step in type tracking (hotfix) and document rationale. |
| python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImpl.qll | Add helper for encoding “With” access paths in flow summaries. |
| python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll | Wire expectsContent to flow-summary expectations. |
| python/ql/test/query-tests/Security/CWE-089-SqlInjection/SqlInjection.expected | Update expected path-problem output to match current analysis behavior. |
| python/ql/test/query-tests/Security/CWE-089-SqlInjection/app.py | Update inline expectations for a now-documented missing Source/Alert case. |
| python/ql/test/library-tests/frameworks/django-orm/testapp/orm_tests.py | Update inline flow expectation for in_bulk value iteration. |
| python/ql/test/library-tests/dataflow/typetracking/attribute_tests.py | Update inline expectations for attribute type tracking (missing/ordering adjustments). |
| python/ql/test/library-tests/dataflow/coverage/test_builtins.py | Update inline expectations around zip tuple element tracking. |
| misc/suite-helpers/qlpack.yml | Bump suite-helpers pack version to next -dev. |
| javascript/ql/src/qlpack.yml | Bump JavaScript queries pack version to next -dev. |
| javascript/ql/lib/qlpack.yml | Bump JavaScript library pack version to next -dev. |
| java/ql/src/qlpack.yml | Bump Java queries pack version to next -dev. |
| java/ql/lib/qlpack.yml | Bump Java library pack version to next -dev. |
| go/ql/src/qlpack.yml | Bump Go queries pack version to next -dev. |
| go/ql/lib/qlpack.yml | Bump Go library pack version to next -dev. |
| go/ql/consistency-queries/qlpack.yml | Bump Go consistency queries pack version to next -dev. |
| csharp/ql/src/qlpack.yml | Bump C# queries pack version to next -dev. |
| csharp/ql/lib/qlpack.yml | Bump C# library pack version to next -dev. |
| csharp/ql/campaigns/Solorigate/src/qlpack.yml | Bump Solorigate C# queries pack version to next -dev. |
| csharp/ql/campaigns/Solorigate/lib/qlpack.yml | Bump Solorigate C# library pack version to next -dev. |
| cpp/ql/src/qlpack.yml | Bump C/C++ queries pack version to next -dev. |
| cpp/ql/lib/qlpack.yml | Bump C/C++ library pack version to next -dev. |
| actions/ql/src/qlpack.yml | Bump Actions queries pack version to next -dev. |
| actions/ql/lib/qlpack.yml | Bump Actions library pack version to next -dev. |
Review details
- Files reviewed: 50/52 changed files
- Comments generated: 0
- Review effort level: Low
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR merges back all of the changes from the release of codeql-cli-2.26.0. And it bumps the version version strings in semmle-code in preparation for the next release of 2.26.1.