CodeQL 2.19.4 (2024-12-02)¶

Contents

Security Coverage
CodeQL CLI
- Bug Fixes
- Improvements
Language Libraries

This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the code scanning section on the GitHub blog, relevant GitHub Changelog updates, changes in the CodeQL extension for Visual Studio Code, and the CodeQL Action changelog.

Security Coverage¶

CodeQL 2.19.4 runs a total of 432 security queries when configured with the Default suite (covering 164 CWE). The Extended suite enables an additional 128 queries (covering 34 more CWE). 5 security queries have been added with this release.

CodeQL CLI¶

Bug Fixes¶

On MacOS, arch -arm64 commands no longer fail when they are executed via codeql database create --command, via codeql database trace-command, or are run after codeql database init --begin-tracing. Note that build commands invoked this way still will not normally be traced, so this is useful only for running ancillary commands which are incidental to building your code.
Fixed a bug where codeql test run would not preserve test databases on disk after a test failed.

Improvements¶

CodeQL now supports passing values containing the equals character (=) to extractor options via the --extractor-option flag. This allows cases like --extractor-option opt=key=value, which sets the extractor option opt to hold the value key=value, whereas previously that would have been rejected with an error.
The codeql pack bundle command now sets the numeric user and group IDs of entries in the generated tar archive to 0. This avoids failures like IllegalArgumentException: user id '7111111' is too big ( > 2097151 ) when the numeric user ID is too large.

Language Libraries¶

Bug Fixes¶

Golang¶

The behaviour of the subtypes column in models-as-data now matches other languages more closely.
Fixed a bug which meant that some qualified names for promoted methods were not being recognised in some very specific circumstances.

Major Analysis Improvements¶

Python¶

Added modeling of the bottle framework, leading to new remote flow sources and header writes

Minor Analysis Improvements¶

C#¶

The Models as Data models for .NET 8 Runtime now include generated models for higher order methods.

Golang¶

The subtypes column has been set to true in all models-as-data models except some tests. This means that existing models will apply in some cases where they didn’t before, which may lead to more alerts.

Java/Kotlin¶

In a switch statement with a constant switch expression, all non-matching cases were being marked as unreachable, including those that can be reached by falling through from the matching case. This has now been fixed.

JavaScript/TypeScript¶

Added taint-steps for Array.prototype.with.
Added taint-steps for Array.prototype.toSpliced
Added taint-steps for Array.prototype.toReversed.
Added taint-steps for Array.prototype.toSorted.
Added support for String.prototype.matchAll.
Added taint-steps for Array.prototype.reverse.