CodeQL 2.23.0 adds support for Rust log injection and other security detection improvements
CodeQL is the static analysis engine behind GitHub code scanning, which finds and remediates security issues in your code. We’ve recently released CodeQL 2.23.0, which introduces a new Rust security query, promotes a Java Spring Boot security query, and includes a faster Rust extractor.
- C/C++: Added flow summaries for the
Microsoft::WRL::ComPtr member functions. The new dataflow and taint-tracking library now resolves virtual function calls more precisely. This results in fewer false positives when running these queries on C++ projects.
-
C#: Fixed a bug in the data flow analysis, which means that flow through calls using the base qualifier may now be tracked more accurately. The default taint tracking configuration now allows implicit reads from collections at sinks and in additional flow steps. This increases flow coverage for many taint tracking queries and helps reduce false negatives.
-
Rust: Removed path resolution from the Rust extractor, making extraction faster and more reliable. We also improved the modeling of the std::fs, async_std::fs, and tokio::fs libraries, which may cause more alerts to be found by Rust injection queries, particularly rust/path-injection.
We have also made improvements and additions to queries across several languages:
- Java:
- Promoted the query
java/insecure-spring-actuator-config from experimental to the main query pack as java/spring-boot-exposed-actuators-config. This query detects exposure of Spring Boot actuators through configuration files, and its results will now appear by default. Thank you to @luchua-bc who submitted the original experimental query!
- Fixed a bug that was causing false negatives in rare cases in the query
java/dereferenced-value-may-be-null.
- Removed the
java/empty-statement query that was subsumed by the java/empty-block query.
- Python:
- Modernized the
py/unexpected-raise-in-special-method query so it produces additional results in cases where the exception is only raised conditionally.
- Modernized the queries
py/incomplete-ordering, py/inconsistent-equality, and py/equals-hash-mismatch with improved documentation. They no longer produce alerts for problems specific to Python 2.
- Rust:
- Added a new query for Rust,
rust/log-injection, for detecting cases where log entries could be forged by a malicious user.
For a full list of changes, please refer to the complete changelog for version 2.23.0. Every new version of CodeQL is automatically deployed to users of GitHub code scanning on github.com. The new functionality in CodeQL 2.23.0 will also be included in a future GitHub Enterprise Server (GHES) release. If you use an older version of GHES, you can manually upgrade your CodeQL version.
The post CodeQL 2.23.0 adds support for Rust log injection and other security detection improvements appeared first on The GitHub Blog.
🔗 View original changelog entry
📅 Published: Wed, 10 Sep 2025 18:04:45 +0000
CodeQL 2.23.0 adds support for Rust log injection and other security detection improvements
CodeQL is the static analysis engine behind GitHub code scanning, which finds and remediates security issues in your code. We’ve recently released CodeQL 2.23.0, which introduces a new Rust security query, promotes a Java Spring Boot security query, and includes a faster Rust extractor.
Language and framework support
Microsoft::WRL::ComPtrmember functions. The new dataflow and taint-tracking library now resolves virtual function calls more precisely. This results in fewer false positives when running these queries on C++ projects.C#: Fixed a bug in the data flow analysis, which means that flow through calls using the
basequalifier may now be tracked more accurately. The default taint tracking configuration now allows implicit reads from collections at sinks and in additional flow steps. This increases flow coverage for many taint tracking queries and helps reduce false negatives.Rust: Removed path resolution from the Rust extractor, making extraction faster and more reliable. We also improved the modeling of the
std::fs,async_std::fs, andtokio::fslibraries, which may cause more alerts to be found by Rust injection queries, particularlyrust/path-injection.Query changes
We have also made improvements and additions to queries across several languages:
java/insecure-spring-actuator-configfrom experimental to the main query pack asjava/spring-boot-exposed-actuators-config. This query detects exposure of Spring Boot actuators through configuration files, and its results will now appear by default. Thank you to@luchua-bcwho submitted the original experimental query!java/dereferenced-value-may-be-null.java/empty-statementquery that was subsumed by thejava/empty-blockquery.py/unexpected-raise-in-special-methodquery so it produces additional results in cases where the exception is only raised conditionally.py/incomplete-ordering,py/inconsistent-equality, andpy/equals-hash-mismatchwith improved documentation. They no longer produce alerts for problems specific to Python 2.rust/log-injection, for detecting cases where log entries could be forged by a malicious user.For a full list of changes, please refer to the complete changelog for version 2.23.0. Every new version of CodeQL is automatically deployed to users of GitHub code scanning on github.com. The new functionality in CodeQL 2.23.0 will also be included in a future GitHub Enterprise Server (GHES) release. If you use an older version of GHES, you can manually upgrade your CodeQL version.
The post CodeQL 2.23.0 adds support for Rust log injection and other security detection improvements appeared first on The GitHub Blog.
🔗 View original changelog entry
📅 Published: Wed, 10 Sep 2025 18:04:45 +0000