Merge pull request #32389 from github/repo-sync

Repo sync

content/code-security/codeql-cli/codeql-cli-manual/bqrs-interpret.md

@@ -161,10 +161,10 @@ Available since `v2.15.2`.
 
 #### `--sarif-category=<category>`
 
-\[SARIF formats only] Specify a category for this analysis to include
-in the SARIF output. A category can be used to distinguish multiple
-analyses performed on the same commit and repository, but on different
-languages or different parts of the code.
+\[SARIF formats only] \[Recommended] Specify a category for this
+analysis to include in the SARIF output. A category can be used to
+distinguish multiple analyses performed on the same commit and
+repository, but on different languages or different parts of the code.
 
 If you analyze the same version of a code base in several different ways
 (e.g., for different languages) and upload the results to GitHub for
@@ -175,9 +175,7 @@ between runs of the same analysis for _different_ versions of the code
 base.)
 
 This value will appear (with a trailing slash appended if not already
-present) as the `<run>.automationId` property in SARIF v1, the
-`<run>.automationLogicalId` property in SARIF v2, and the
-`<run>.automationDetails.id` property in SARIF v2.1.0.
+present) as the `<run>.automationDetails.id` property.
 
 #### `-j, --threads=<num>`
 

content/code-security/codeql-cli/codeql-cli-manual/database-analyze.md

@@ -125,14 +125,6 @@ Don't print a summary of the analyzed diagnostics to standard output.
 
 Don't print a summary of the analyzed metrics to standard output.
 
-#### `--[no-]analysis-summary-v2`
-
-\[GitHub.com and GitHub Enterprise Server v3.9.0+ only] Use an improved
-version of the analysis summary. This incorporates file coverage
-information and improves the way that diagnostic results are displayed.
-
-Available since `v2.15.2`.
-
 #### `--max-paths=<maxPaths>`
 
 The maximum number of paths to produce for each alert with paths.
@@ -215,10 +207,10 @@ Available since `v2.15.2`.
 
 #### `--sarif-category=<category>`
 
-\[SARIF formats only] Specify a category for this analysis to include
-in the SARIF output. A category can be used to distinguish multiple
-analyses performed on the same commit and repository, but on different
-languages or different parts of the code.
+\[SARIF formats only] \[Recommended] Specify a category for this
+analysis to include in the SARIF output. A category can be used to
+distinguish multiple analyses performed on the same commit and
+repository, but on different languages or different parts of the code.
 
 If you analyze the same version of a code base in several different ways
 (e.g., for different languages) and upload the results to GitHub for
@@ -229,9 +221,7 @@ between runs of the same analysis for _different_ versions of the code
 base.)
 
 This value will appear (with a trailing slash appended if not already
-present) as the `<run>.automationId` property in SARIF v1, the
-`<run>.automationLogicalId` property in SARIF v2, and the
-`<run>.automationDetails.id` property in SARIF v2.1.0.
+present) as the `<run>.automationDetails.id` property.
 
 #### `--no-database-extension-packs`
 

content/code-security/codeql-cli/codeql-cli-manual/database-export-diagnostics.md

@@ -85,10 +85,10 @@ The output path to write diagnostic information to.
 
 #### `--sarif-category=<category>`
 
-\[SARIF formats only] Specify a category for this analysis to include
-in the SARIF output. A category can be used to distinguish multiple
-analyses performed on the same commit and repository, but on different
-languages or different parts of the code.
+\[SARIF formats only] \[Recommended] Specify a category for this
+analysis to include in the SARIF output. A category can be used to
+distinguish multiple analyses performed on the same commit and
+repository, but on different languages or different parts of the code.
 
 If you analyze the same version of a code base in several different ways
 (e.g., for different languages) and upload the results to GitHub for
@@ -99,9 +99,7 @@ between runs of the same analysis for _different_ versions of the code
 base.)
 
 This value will appear (with a trailing slash appended if not already
-present) as the `<run>.automationId` property in SARIF v1, the
-`<run>.automationLogicalId` property in SARIF v2, and the
-`<run>.automationDetails.id` property in SARIF v2.1.0.
+present) as the `<run>.automationDetails.id` property.
 
 ### Common options
 

content/code-security/codeql-cli/codeql-cli-manual/database-interpret-results.md

@@ -169,10 +169,10 @@ Available since `v2.15.2`.
 
 #### `--sarif-category=<category>`
 
-\[SARIF formats only] Specify a category for this analysis to include
-in the SARIF output. A category can be used to distinguish multiple
-analyses performed on the same commit and repository, but on different
-languages or different parts of the code.
+\[SARIF formats only] \[Recommended] Specify a category for this
+analysis to include in the SARIF output. A category can be used to
+distinguish multiple analyses performed on the same commit and
+repository, but on different languages or different parts of the code.
 
 If you analyze the same version of a code base in several different ways
 (e.g., for different languages) and upload the results to GitHub for
@@ -183,9 +183,7 @@ between runs of the same analysis for _different_ versions of the code
 base.)
 
 This value will appear (with a trailing slash appended if not already
-present) as the `<run>.automationId` property in SARIF v1, the
-`<run>.automationLogicalId` property in SARIF v2, and the
-`<run>.automationDetails.id` property in SARIF v2.1.0.
+present) as the `<run>.automationDetails.id` property.
 
 #### `-j, --threads=<num>`
 
@@ -210,14 +208,6 @@ Print a summary of the analyzed diagnostics to standard output.
 
 Print a summary of the analyzed metrics to standard output.
 
-#### `--[no-]analysis-summary-v2`
-
-\[GitHub.com and GitHub Enterprise Server v3.9.0+ only] Use an improved
-version of the analysis summary. This incorporates file coverage
-information and improves the way that diagnostic results are displayed.
-
-Available since `v2.15.2`.
-
 #### `--[no-]print-baseline-loc`
 
 Print the baseline lines of code counted to standard output.

content/code-security/codeql-cli/codeql-cli-manual/diagnostic-export.md

@@ -67,10 +67,10 @@ The output path to write diagnostic information to.
 
 #### `--sarif-category=<category>`
 
-\[SARIF formats only] Specify a category for this analysis to include
-in the SARIF output. A category can be used to distinguish multiple
-analyses performed on the same commit and repository, but on different
-languages or different parts of the code.
+\[SARIF formats only] \[Recommended] Specify a category for this
+analysis to include in the SARIF output. A category can be used to
+distinguish multiple analyses performed on the same commit and
+repository, but on different languages or different parts of the code.
 
 If you analyze the same version of a code base in several different ways
 (e.g., for different languages) and upload the results to GitHub for
@@ -81,9 +81,7 @@ between runs of the same analysis for _different_ versions of the code
 base.)
 
 This value will appear (with a trailing slash appended if not already
-present) as the `<run>.automationId` property in SARIF v1, the
-`<run>.automationLogicalId` property in SARIF v2, and the
-`<run>.automationDetails.id` property in SARIF v2.1.0.
+present) as the `<run>.automationDetails.id` property.
 
 #### `--diagnostic-dir=<diagnosticDirs>`
 

content/code-security/codeql-cli/codeql-cli-manual/github-merge-results.md

@@ -0,0 +1,90 @@
+---
+title: github merge-results
+intro: '[Deep plumbing] Merges multiple SARIF files into a single SARIF file.'
+versions: # DO NOT MANUALLY EDIT. CHANGES WILL BE OVERWRITTEN BY A 🤖
+  fpt: '*'
+  ghec: '*'
+  ghes: '*'
+topics:
+  - Advanced Security
+  - Code scanning
+  - CodeQL
+type: reference
+product: '{% data reusables.gated-features.codeql %}'
+autogenerated: codeql-cli
+---
+
+<!-- Content after this section is automatically generated -->
+
+{% data reusables.codeql-cli.man-pages-version-note %}
+
+## Synopsis
+
+```shell copy
+codeql github merge-results --sarif=<file> --output=<file> <options>...
+```
+
+## Description
+
+\[Deep plumbing] Merges multiple SARIF files into a single SARIF file.
+
+## Options
+
+### Primary Options
+
+#### `-s, --sarif=<file>`
+
+\[Mandatory] Path to the SARIF files to use. This should be the output
+of [codeql database analyze](/code-security/codeql-cli/codeql-cli-manual/database-analyze) (or [codeql database interpret-results](/code-security/codeql-cli/codeql-cli-manual/database-interpret-results)) with `--format sarif-latest` for upload to github.com or
+the appropriate supported format tag for GitHub Enterprise Server
+instances (see [AUTOTITLE](/enterprise-server@latest/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning) for
+SARIF versions supported by your release).
+
+#### `-o, --output=<file>`
+
+\[Mandatory] Path where the merged SARIF file should be stored.
+
+### Common options
+
+#### `-h, --help`
+
+Show this help text.
+
+#### `-J=<opt>`
+
+\[Advanced] Give option to the JVM running the command.
+
+(Beware that options containing spaces will not be handled correctly.)
+
+#### `-v, --verbose`
+
+Incrementally increase the number of progress messages printed.
+
+#### `-q, --quiet`
+
+Incrementally decrease the number of progress messages printed.
+
+#### `--verbosity=<level>`
+
+\[Advanced] Explicitly set the verbosity level to one of errors,
+warnings, progress, progress+, progress++, progress+++. Overrides `-v`
+and `-q`.
+
+#### `--logdir=<dir>`
+
+\[Advanced] Write detailed logs to one or more files in the given
+directory, with generated names that include timestamps and the name of
+the running subcommand.
+
+(To write a log file with a name you have full control over, instead
+give `--log-to-stderr` and redirect stderr as desired.)
+
+#### `--common-caches=<dir>`
+
+\[Advanced] Controls the location of cached data on disk that will
+persist between several runs of the CLI, such as downloaded QL packs and
+compiled query plans. If not set explicitly, this defaults to a
+directory named `.codeql` in the user's home directory; it will be
+created if it doesn't already exist.
+
+Available since `v2.15.2`.

content/code-security/codeql-cli/codeql-cli-manual/github-upload-results.md

@@ -46,8 +46,8 @@ This token must have the `security_events` scope.
 
 #### `-s, --sarif=<file>`
 
-\[Mandatory] Path to the SARIF file to upload. This should be the
-output of [codeql database analyze](/code-security/codeql-cli/codeql-cli-manual/database-analyze) (or [codeql database interpret-results](/code-security/codeql-cli/codeql-cli-manual/database-interpret-results)) with `--format sarif-latest` for upload to github.com or
+\[Mandatory] Path to the SARIF files to use. This should be the output
+of [codeql database analyze](/code-security/codeql-cli/codeql-cli-manual/database-analyze) (or [codeql database interpret-results](/code-security/codeql-cli/codeql-cli-manual/database-interpret-results)) with `--format sarif-latest` for upload to github.com or
 the appropriate supported format tag for GitHub Enterprise Server
 instances (see [AUTOTITLE](/enterprise-server@latest/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning) for
 SARIF versions supported by your release).

content/code-security/codeql-cli/codeql-cli-manual/index.md

@@ -56,6 +56,7 @@ children:
   - /generate-extensible-predicate-metadata
   - /generate-log-summary
   - /generate-query-help
+  - /github-merge-results
   - /github-upload-results
   - /pack-add
   - /pack-bundle

data/reusables/code-scanning/codeql-query-tables/cpp.md

@@ -51,6 +51,8 @@
 | [XML external entity expansion](https://codeql.github.com/codeql-query-help/cpp/cpp-external-entity-expansion/) | 611 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Array offset used before range check](https://codeql.github.com/codeql-query-help/cpp/cpp-offset-use-before-range-check/) | 120, 125 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
 | [Authentication bypass by spoofing](https://codeql.github.com/codeql-query-help/cpp/cpp-user-controlled-bypass/) | 290 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
+| [boost::asio TLS settings misconfiguration](https://codeql.github.com/codeql-query-help/cpp/cpp-boost-tls-settings-misconfiguration/) | 326 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
+| [boost::asio use of deprecated hardcoded protocol](https://codeql.github.com/codeql-query-help/cpp/cpp-boost-use-of-deprecated-hardcoded-security-protocol/) | 327 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
 | [Certificate not checked](https://codeql.github.com/codeql-query-help/cpp/cpp-certificate-not-checked/) | 295 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
 | [Certificate result conflation](https://codeql.github.com/codeql-query-help/cpp/cpp-certificate-result-conflation/) | 295 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
 | [Cleartext storage of sensitive information in an SQLite database](https://codeql.github.com/codeql-query-help/cpp/cpp-cleartext-storage-database/) | 313 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
@@ -77,6 +79,7 @@
 | [Suspicious 'sizeof' use](https://codeql.github.com/codeql-query-help/cpp/cpp-suspicious-sizeof/) | 467 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
 | [Suspicious pointer scaling](https://codeql.github.com/codeql-query-help/cpp/cpp-suspicious-pointer-scaling/) | 468 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
 | [Suspicious pointer scaling to void](https://codeql.github.com/codeql-query-help/cpp/cpp-suspicious-pointer-scaling-void/) | 468 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
+| [Type confusion](https://codeql.github.com/codeql-query-help/cpp/cpp-type-confusion/) | 843 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
 | [Unbounded write](https://codeql.github.com/codeql-query-help/cpp/cpp-unbounded-write/) | 120, 787, 805 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
 | [Uncontrolled data used in path expression](https://codeql.github.com/codeql-query-help/cpp/cpp-path-injection/) | 022, 023, 036, 073 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |
 | [Uncontrolled process operation](https://codeql.github.com/codeql-query-help/cpp/cpp-uncontrolled-process-operation/) | 114 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} |