CodeQL documentation

CodeQL 2.17.3 (2024-05-17)

This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the code scanning section on the GitHub blog, relevant GitHub Changelog updates, changes in the CodeQL extension for Visual Studio Code, and the CodeQL Action changelog.

Security Coverage

CodeQL 2.17.3 runs a total of 414 security queries when configured with the Default suite (covering 161 CWE). The Extended suite enables an additional 131 queries (covering 35 more CWE). 2 security queries have been added with this release.

CodeQL CLI

Improvements

Query Packs

New Queries

C/C++

  • Added a new query, cpp/iterator-to-expired-container, to detect the creation of iterators owned by a temporary objects that are about to be destroyed.

Python

  • The py/header-injection query, originally contributed to the experimental query pack by @jorgectf, has been promoted to the main query pack and renamed to py/http-response-splitting. This query finds instances of http header injection / response splitting vulnerabilities.

Language Libraries

Breaking Changes

Java

  • The Java extractor no longer supports the ODASA_JAVA_LAYOUT, ODASA_TOOLS and ODASA_HOME legacy environment variables.
  • The Java extractor no longer supports the ODASA_BUILD_ERROR_DIR legacy environment variable.

Major Analysis Improvements

Python

  • Added modeling of the pyramid framework, leading to new remote flow sources and sinks.

Minor Analysis Improvements

Golang

  • Fixed a bug that stopped built-in functions from being referenced using the predicate hasQualifiedName because technically they do not belong to any package. Now you can use the empty string as the package, e.g. f.hasQualifiedName("", "len").
  • Fixed a bug that stopped data flow models for built-in functions from having any effect because the package “” was not parsed correctly.
  • Fixed a bug that stopped data flow from being followed through variadic arguments to built-in functions or to functions called using a variable.
  • © GitHub, Inc.
  • Terms
  • Privacy