Contents
This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the code scanning section on the GitHub blog, relevant GitHub Changelog updates, changes in the CodeQL extension for Visual Studio Code, and the CodeQL Action changelog.
Security Coverage¶CodeQL 2.10.1 runs a total of 340 security queries when configured with the Default suite (covering 143 CWE). The Extended suite enables an additional 104 queries (covering 30 more CWE). 1 security query has been added with this release.
CodeQL CLI¶ New Features¶Improved error message from codeql database analyze when a query is missing @id or @kind query metadata.
Contextual queries and the query libraries they depend on have been moved to the codeql/cpp-all package.
Contextual queries and the query libraries they depend on have been moved to the codeql/csharp-all package.
Contextual queries and the query libraries they depend on have been moved to the codeql/java-all package.
Contextual queries and the query libraries they depend on have been moved to the codeql/javascript-all package.
Contextual queries and the query libraries they depend on have been moved to the codeql/python-all package.
Contextual queries and the query libraries they depend on have been moved to the codeql/ruby-all package.
A new query “Improper verification of intent by broadcast receiver” (java/improper-intent-verification) has been added. This query finds instances of Android BroadcastReceivers that don’t verify the action string of received intents when registered to receive system intents.
AnalysedExpr::isNullCheck and AnalysedExpr::isValidCheck have been updated to handle variable accesses on the left-hand side of the C++ logical “and”, and variable declarations in conditions.
Added data-flow models for java.util.Properties. Additional results may be found where relevant data is stored in and then retrieved from a Properties instance.
Added Modifier.isInline().
Removed Kotlin-specific database and QL structures for loops and break/continue statements. The Kotlin extractor was changed to reuse the Java structures for these constructs.
Added additional flow sources for uses of external storage on Android.
The chownr library is now modeled as a sink for the js/path-injection query.
Improved modeling of sensitive data sources, so common words like certain and secretary are no longer considered a certificate and a secret (respectively).
The gray-matter library is now modeled as a sink for the js/code-injection query.
Improved modeling of sensitive data sources, so common words like certain and secretary are no longer considered a certificate and a secret (respectively).
Fixed a bug causing every expression in the database to be considered a system-command execution sink when calls to any of the following methods exist:
The spawn, fspawn, popen4, pspawn, system, _pspawn methods and the backtick operator from the POSIX::spawn gem.
The execute_command, rake, rails_command, and git methods in Rails::Generation::Actions.
Improved modeling of sensitive data sources, so common words like certain and secretary are no longer considered a certificate and a secret (respectively).
The documentation of API graphs (the API module) has been expanded, and some of the members predicates of API::Node have been renamed as follows:
getAnImmediateUse -> asSource
getARhs -> asSink
getAUse -> getAValueReachableFromSource
getAValueReachingRhs -> getAValueReachingSink
Added an ErrorType class. An instance of this class will be used if an extractor is unable to extract a type, or if an up/downgrade script is unable to provide a type.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4