Only run ML-powered queries with v2.7.5 or newer of the CLI

src/codeql.ts

@@ -215,6 +215,7 @@ const CODEQL_VERSION_GROUP_RULES = "2.5.5";
 const CODEQL_VERSION_SARIF_GROUP = "2.5.3";
 export const CODEQL_VERSION_COUNTS_LINES = "2.6.2";
 const CODEQL_VERSION_CUSTOM_QUERY_HELP = "2.7.1";
+export const CODEQL_VERSION_ML_POWERED_QUERIES = "2.7.5";
 
 /**
  * This variable controls using the new style of tracing from the CodeQL

src/config-utils.test.ts

@@ -1656,12 +1656,16 @@ test(
 
 async function mlPoweredQueriesMacro(
   t: ExecutionContext,
+  codeQLVersion: string,
   isMlPoweredQueriesFlagEnabled: boolean,
   queriesInput: string | undefined,
   shouldRunMlPoweredQueries: boolean
 ) {
   return await util.withTmpDir(async (tmpDir) => {
     const codeQL = setCodeQL({
+      async getVersion() {
+        return codeQLVersion;
+      },
       async resolveQueries() {
         return {
           byLanguage: {
@@ -1711,6 +1715,7 @@ async function mlPoweredQueriesMacro(
 
 mlPoweredQueriesMacro.title = (
   _providedTitle: string,
+  codeQLVersion: string,
   isMlPoweredQueriesFlagEnabled: boolean,
   queriesInput: string | undefined,
   shouldRunMlPoweredQueries: boolean
@@ -1721,13 +1726,14 @@ mlPoweredQueriesMacro.title = (
 
   return `ML-powered queries ${
     shouldRunMlPoweredQueries ? "are" : "aren't"
-  } loaded for ${queriesInputDescription} when feature flag is ${
+  } loaded for ${queriesInputDescription} using CLI v${codeQLVersion} when feature flag is ${
     isMlPoweredQueriesFlagEnabled ? "enabled" : "disabled"
   }`;
 };
 
 // macro, isMlPoweredQueriesFlagEnabled, queriesInput, shouldRunMlPoweredQueries
-test(mlPoweredQueriesMacro, false, "security-extended", false);
-test(mlPoweredQueriesMacro, true, undefined, false);
-test(mlPoweredQueriesMacro, true, "security-extended", true);
-test(mlPoweredQueriesMacro, true, "security-and-quality", true);
+test(mlPoweredQueriesMacro, "2.7.4", true, "security-extended", false);
+test(mlPoweredQueriesMacro, "2.7.5", false, "security-extended", false);
+test(mlPoweredQueriesMacro, "2.7.5", true, undefined, false);
+test(mlPoweredQueriesMacro, "2.7.5", true, "security-extended", true);
+test(mlPoweredQueriesMacro, "2.7.5", true, "security-and-quality", true);

src/config-utils.ts

@@ -5,13 +5,17 @@ import * as yaml from "js-yaml";
 import * as semver from "semver";
 
 import * as api from "./api-client";
-import { CodeQL, ResolveQueriesOutput } from "./codeql";
+import {
+  CodeQL,
+  CODEQL_VERSION_ML_POWERED_QUERIES,
+  ResolveQueriesOutput,
+} from "./codeql";
 import * as externalQueries from "./external-queries";
 import { FeatureFlag, FeatureFlags } from "./feature-flags";
 import { Language, parseLanguage } from "./languages";
 import { Logger } from "./logging";
 import { RepositoryNwo } from "./repository";
-import { GitHubVersion } from "./util";
+import { codeQlVersionAbove, GitHubVersion } from "./util";
 
 // Property names from the user-supplied config file.
 const NAME_PROPERTY = "name";
@@ -279,7 +283,8 @@ async function addBuiltinSuiteQueries(
   if (
     languages.includes("javascript") &&
     (found === "security-extended" || found === "security-and-quality") &&
-    (await featureFlags.getValue(FeatureFlag.MlPoweredQueriesEnabled))
+    (await featureFlags.getValue(FeatureFlag.MlPoweredQueriesEnabled)) &&
+    (await codeQlVersionAbove(codeQL, CODEQL_VERSION_ML_POWERED_QUERIES))
   ) {
     if (!packs.javascript) {
       packs.javascript = [];