|
| 1 | +.. _codeql-cli-2.16.2: |
| 2 | + |
| 3 | +========================== |
| 4 | +CodeQL 2.16.2 (2024-02-12) |
| 5 | +========================== |
| 6 | + |
| 7 | +.. contents:: Contents |
| 8 | + :depth: 2 |
| 9 | + :local: |
| 10 | + :backlinks: none |
| 11 | + |
| 12 | +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog <https://github.blog/tag/code-scanning/>`__, `relevant GitHub Changelog updates <https://github.blog/changelog/label/code-scanning/>`__, `changes in the CodeQL extension for Visual Studio Code <https://marketplace.visualstudio.com/items/GitHub.vscode-codeql/changelog>`__, and the `CodeQL Action changelog <https://github.com/github/codeql-action/blob/main/CHANGELOG.md>`__. |
| 13 | + |
| 14 | +Security Coverage |
| 15 | +----------------- |
| 16 | + |
| 17 | +CodeQL 2.16.2 runs a total of 406 security queries when configured with the Default suite (covering 160 CWE). The Extended suite enables an additional 131 queries (covering 34 more CWE). 2 security queries have been added with this release. |
| 18 | + |
| 19 | +CodeQL CLI |
| 20 | +---------- |
| 21 | + |
| 22 | +There are no user-facing CLI changes in this release. |
| 23 | + |
| 24 | +Query Packs |
| 25 | +----------- |
| 26 | + |
| 27 | +Minor Analysis Improvements |
| 28 | +~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| 29 | + |
| 30 | +C/C++ |
| 31 | +""""" |
| 32 | + |
| 33 | +* Corrected 2 false positive with :code:`cpp/incorrect-string-type-conversion`\ : conversion of byte arrays to wchar and new array allocations converted to wchar. |
| 34 | +* The "Incorrect return-value check for a 'scanf'-like function" query (:code:`cpp/incorrectly-checked-scanf`) no longer reports an alert when an explicit check for EOF is added. |
| 35 | +* The "Incorrect return-value check for a 'scanf'-like function" query (:code:`cpp/incorrectly-checked-scanf`) now recognizes more EOF checks. |
| 36 | +* The "Potentially uninitialized local variable" query (:code:`cpp/uninitialized-local`) no longer reports an alert when the local variable is used as a qualifier to a static member function call. |
| 37 | +* The diagnostic query :code:`cpp/diagnostics/successfully-extracted-files` now considers any C/C++ file seen during extraction, even one with some errors, to be extracted / scanned. This affects the Code Scanning UI measure of scanned C/C++ files. |
| 38 | + |
| 39 | +C# |
| 40 | +"" |
| 41 | + |
| 42 | +* Added string interpolation expressions and :code:`string.Format` as possible sanitizers for the :code:`cs/web/unvalidated-url-redirection` query. |
| 43 | + |
| 44 | +Ruby |
| 45 | +"""" |
| 46 | + |
| 47 | +* Added new unsafe deserialization sinks for the ox gem. |
| 48 | +* Added an additional unsafe deserialization sink for the oj gem. |
| 49 | + |
| 50 | +New Queries |
| 51 | +~~~~~~~~~~~ |
| 52 | + |
| 53 | +Java |
| 54 | +"""" |
| 55 | + |
| 56 | +* Added a new query :code:`java/android/sensitive-text` to detect instances of sensitive data being exposed through text fields without being properly masked. |
| 57 | +* Added a new query :code:`java/android/sensitive-notification` to detect instances of sensitive data being exposed through Android notifications. |
| 58 | + |
| 59 | +Ruby |
| 60 | +"""" |
| 61 | + |
| 62 | +* Added a new experimental query, :code:`rb/insecure-randomness`, to detect when application uses random values that are not cryptographically secure. |
| 63 | + |
| 64 | +Language Libraries |
| 65 | +------------------ |
| 66 | + |
| 67 | +Bug Fixes |
| 68 | +~~~~~~~~~ |
| 69 | + |
| 70 | +Python |
| 71 | +"""""" |
| 72 | + |
| 73 | +* Fixed the :code:`a` (ASCII) inline flag not being recognized by the regular expression library. |
| 74 | + |
| 75 | +Minor Analysis Improvements |
| 76 | +~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| 77 | + |
| 78 | +C# |
| 79 | +"" |
| 80 | + |
| 81 | +* Added a new database relation to store compiler arguments specified inside :code:`@[...].rsp` file arguments. The arguments are returned by :code:`Compilation::getExpandedArgument/1` and :code:`Compilation::getExpandedArguments/0`. |
| 82 | +* C# 12: Added extractor, QL library and data flow support for collection expressions like :code:`[1, y, 4, .. x]`. |
| 83 | +* The C# extractor now accepts an extractor option :code:`logging.verbosity` that specifies the verbosity of the logs. The option is added via :code:`codeql database create --language=csharp -Ologging.verbosity=debug ...` or by setting the corresponding environment variable :code:`CODEQL_EXTRACTOR_CSHARP_OPTION_LOGGING_VERBOSITY`. |
| 84 | + |
| 85 | +Java |
| 86 | +"""" |
| 87 | + |
| 88 | +* Added models for the following packages: |
| 89 | + |
| 90 | + * com.fasterxml.jackson.databind |
| 91 | + * javax.servlet |
| 92 | + |
| 93 | +* Added the :code:`java.util.Date` and :code:`java.util.UUID` classes to the list of types in the :code:`SimpleTypeSanitizer` class in :code:`semmle.code.java.security.Sanitizers`. |
| 94 | + |
| 95 | +Python |
| 96 | +"""""" |
| 97 | + |
| 98 | +* Added :code:`html.escape` as a sanitizer for HTML. |
| 99 | + |
| 100 | +Ruby |
| 101 | +"""" |
| 102 | + |
| 103 | +* Flow is now tracked through Rails :code:`render` calls, when the argument is a :code:`ViewComponent`. In this case, data flow is tracked into the accompanying :code:`.html.erb` file. |
| 104 | + |
| 105 | +New Features |
| 106 | +~~~~~~~~~~~~ |
| 107 | + |
| 108 | +C/C++ |
| 109 | +""""" |
| 110 | + |
| 111 | +* Added the :code:`PreprocBlock.qll` library to this repository. This library offers a view of :code:`#if`, :code:`#elif`, :code:`#else` and similar directives as a tree with navigable parent-child relationships. |
| 112 | +* Added a new :code:`ThrowingFunction` abstract class that can be used to model an external function that may throw an exception. |
0 commit comments