|
| 1 | +.. _codeql-cli-2.22.4: |
| 2 | + |
| 3 | +========================== |
| 4 | +CodeQL 2.22.4 (2025-08-21) |
| 5 | +========================== |
| 6 | + |
| 7 | +.. contents:: Contents |
| 8 | + :depth: 2 |
| 9 | + :local: |
| 10 | + :backlinks: none |
| 11 | + |
| 12 | +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog <https://github.blog/tag/code-scanning/>`__, `relevant GitHub Changelog updates <https://github.blog/changelog/label/code-scanning/>`__, `changes in the CodeQL extension for Visual Studio Code <https://marketplace.visualstudio.com/items/GitHub.vscode-codeql/changelog>`__, and the `CodeQL Action changelog <https://github.com/github/codeql-action/blob/main/CHANGELOG.md>`__. |
| 13 | + |
| 14 | +Security Coverage |
| 15 | +----------------- |
| 16 | + |
| 17 | +CodeQL 2.22.4 runs a total of 478 security queries when configured with the Default suite (covering 169 CWE). The Extended suite enables an additional 130 queries (covering 32 more CWE). 2 security queries have been added with this release. |
| 18 | + |
| 19 | +CodeQL CLI |
| 20 | +---------- |
| 21 | + |
| 22 | +There are no user-facing CLI changes in this release. |
| 23 | + |
| 24 | +Query Packs |
| 25 | +----------- |
| 26 | + |
| 27 | +Minor Analysis Improvements |
| 28 | +~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| 29 | + |
| 30 | +C/C++ |
| 31 | +""""" |
| 32 | + |
| 33 | +* The :code:`cpp/short-global-name` query will no longer give alerts for instantiations of template variables, only for the template itself. |
| 34 | +* Fixed a false positive in :code:`cpp/overflow-buffer` when the type of the destination buffer is a reference to a class/struct type. |
| 35 | + |
| 36 | +JavaScript/TypeScript |
| 37 | +""""""""""""""""""""" |
| 38 | + |
| 39 | +* The :code:`js/regex-injection` query no longer considers environment variables as sources by default. Environment variables can be re-enabled as sources by setting the threat model to include the "environment" category. |
| 40 | + |
| 41 | +New Queries |
| 42 | +~~~~~~~~~~~ |
| 43 | + |
| 44 | +Rust |
| 45 | +"""" |
| 46 | + |
| 47 | +* Added a new query, :code:`rust/cleartext-storage-database`, for detecting cases where sensitive information is stored non-encrypted in a database. |
| 48 | + |
| 49 | +Language Libraries |
| 50 | +------------------ |
| 51 | + |
| 52 | +Bug Fixes |
| 53 | +~~~~~~~~~ |
| 54 | + |
| 55 | +Ruby |
| 56 | +"""" |
| 57 | + |
| 58 | +* Made the following changes to :code:`NetHttpRequest` |
| 59 | + |
| 60 | + * Adds :code:`connectionNode`, like other Ruby HTTP clients |
| 61 | + * Makes :code:`requestNode` and :code:`connectionNode` public so subclasses can use them |
| 62 | + * Adds detection of :code:`Net::HTTP.start`, a common way to make HTTP requests in Ruby |
| 63 | + |
| 64 | +Major Analysis Improvements |
| 65 | +~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| 66 | + |
| 67 | +Java/Kotlin |
| 68 | +""""""""""" |
| 69 | + |
| 70 | +* Added library models for the relevant method calls under :code:`jakarta.servlet.ServletRequest` and :code:`jakarta.servlet.http.HttpServletRequest` as remote flow sources. |
| 71 | + |
| 72 | +Minor Analysis Improvements |
| 73 | +~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| 74 | + |
| 75 | +C/C++ |
| 76 | +""""" |
| 77 | + |
| 78 | +* The guards libraries (:code:`semmle.code.cpp.controlflow.Guards` and :code:`semmle.code.cpp.controlflow.IRGuards`) have been improved to recognize more guards. |
| 79 | +* Improved dataflow through global variables in the new dataflow library (:code:`semmle.code.cpp.dataflow.new.DataFlow` and :code:`semmle.code.cpp.dataflow.new.TaintTracking`). Queries based on these libraries will produce more results on codebases with many global variables. |
| 80 | +* The global value numbering library (:code:`semmle.code.cpp.valuenumbering.GlobalValueNumbering` and :code:`semmle.code.cpp.ir.ValueNumbering`) has been improved so more expressions are assigned the same value number. |
| 81 | + |
| 82 | +Java/Kotlin |
| 83 | +""""""""""" |
| 84 | + |
| 85 | +* Guard implication logic involving wrapper methods has been improved. In particular, this means fewer false positives for :code:`java/dereferenced-value-may-be-null`. |
| 86 | + |
| 87 | +JavaScript/TypeScript |
| 88 | +""""""""""""""""""""" |
| 89 | + |
| 90 | +* Improved modeling of command-line argument parsing libraries `arg <https://www.npmjs.com/package/arg>`__, `args <https://www.npmjs.com/package/args>`__, `command-line-args <https://www.npmjs.com/package/command-line-args>`__ and `commander <https://www.npmjs.com/package/commander>`__ |
| 91 | + |
| 92 | +Rust |
| 93 | +"""" |
| 94 | + |
| 95 | +* |link-code-let-chains-in-code-if-and-code-while-1|_ are now supported, as well as |link-code-if-let-guards-in-code-match-expressions-2|_. |
| 96 | +* Added more detail to models of :code:`postgres`, :code:`rusqlite`, :code:`sqlx` and :code:`tokio-postgres`. This may improve query results, particularly for :code:`rust/sql-injection` and :code:`rust/cleartext-storage-database`. |
| 97 | + |
| 98 | +.. |link-code-let-chains-in-code-if-and-code-while-1| replace:: :code:`let` chains in :code:`if` and :code:`while`\ |
| 99 | +.. _link-code-let-chains-in-code-if-and-code-while-1: https://doc.rust-lang.org/edition-guide/rust-2024/let-chains.html |
| 100 | + |
| 101 | +.. |link-code-if-let-guards-in-code-match-expressions-2| replace:: :code:`if let` guards in :code:`match` expressions |
| 102 | +.. _link-code-if-let-guards-in-code-match-expressions-2: https://rust-lang.github.io/rfcs/2294-if-let-guard.html |
| 103 | + |
0 commit comments