CodeQL documentation
CodeQL resources

CodeQL 2.23.2 (2025-10-02)

This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the code scanning section on the GitHub blog, relevant GitHub Changelog updates, changes in the CodeQL extension for Visual Studio Code, and the CodeQL Action changelog.

Security Coverage

CodeQL 2.23.2 runs a total of 479 security queries when configured with the Default suite (covering 166 CWE). The Extended suite enables an additional 135 queries (covering 35 more CWE). 1 security query has been added with this release.

CodeQL CLI

Bug Fixes

  • The codeql generate query-help command now prepends the query’s name (taken from the .ql file) as a level-one heading when processing markdown query help, for consistency with help generated from a .qhelp file.

New Features

  • CodeQL Go analysis now supports the “Git Source” type for private package registries. This is in addition to the existing support for the “GOPROXY server” type.

Query Packs

Minor Analysis Improvements

C#

  • The modeling of null guards based on complex pattern expressions has been improved, which in turn improves the query cs/dereferenced-value-may-be-null by removing false positives.

  • The query cs/xmldoc/missing-summary has been removed from the code-quality suite, to align with other languages.

Python

  • The queries that check for unmatchable $ and ^ in regular expressions did not account correctly for occurrences inside lookahead and lookbehind assertions. These occurrences are now handled correctly, eliminating this source of false positives.

  • The py/inheritance/signature-mismatch query has been modernized. It produces more precise results and more descriptive alert messages.

  • The py/inheritance/incorrect-overriding-signature query has been deprecated. Its results have been consolidated into the py/inheritance/signature-mismatch query.

New Queries

Rust

  • Added a new query, rust/non-https-url, for detecting the use of non-HTTPS URLs that can be intercepted by third parties.

Language Libraries

Minor Analysis Improvements

JavaScript/TypeScript

  • Added modeling of GraphQLObjectType resolver function parameters as remote sources.

  • Support for the graphql library has been improved. Data flow from GraphQL query sources and variables to resolver function parameters is now tracked.

  • Added support for the aws-sdk and @aws-sdk/client-dynamodb, @aws-sdk/client-athena, @aws-sdk/client-s3, and @aws-sdk/client-rds-data packages.

Python

  • Data flow tracking through global variables now supports nested field access patterns such as global_var.obj.field. This improves the precision of taint tracking analysis when data flows through complex global variable structures.

New Features

Ruby

  • Initial modeling for the Ruby Grape framework in Grape.qll has been added to detect API endpoints, parameters, and headers within Grape API classes.

Rust

  • The models-as-data format for sources now supports access paths of the form Argument[i].Parameter[j]. This denotes that the source passes tainted data to the jth parameter of its ith argument (which must be a function or a closure).

  • © GitHub, Inc.
  • Terms
  • Privacy