Contents
This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the code scanning section on the GitHub blog, relevant GitHub Changelog updates, changes in the CodeQL extension for Visual Studio Code, and the CodeQL Action changelog.
Security Coverage¶CodeQL 2.22.0 runs a total of 450 security queries when configured with the Default suite (covering 165 CWE). The Extended suite enables an additional 128 queries (covering 33 more CWE). 1 security query has been added with this release.
CodeQL CLI¶ Breaking Changes¶A number of breaking changes have been made to the C and C++ CodeQL test environment as used by codeql test run:
Options starting with a / are no longer supported by semmle-extractor-options. Any option starting with a / should be replaced by the equivalent option starting with a -, e.g., /D should be replaced by -D.
Preprocessor command line options of the form -D<macro>#<def> are no longer supported by semmle-extractor-options. -D<macro>=<def> should be used instead.
The /Fp and -o options are no longer supported by semmle-extractor-options. The options should be omitted.
The -emit-pch, -include-pch, /Yc, and /Yu options, and the --preinclude option taking a pre-compiled header as its argument, are no longer supported by semmle-extractor-options. Any test that makes use of this should be replaced by a test that invokes the CodeQL CLI with the create database option and that runs the relevant queries on the created database.
Added SQL injection models from the pandas PyPI package.
Query (go/html-template-escaping-bypass-xss) has been promoted to the main query suite. This query finds potential cross-site scripting (XSS) vulnerabilities when using the html/template package, caused by user input being cast to a type which bypasses the HTML autoescaping. It was originally contributed to the experimental query pack by @gagliardetto in https://github.com/github/codeql-go/pull/493.
The first argument of Client.Query in cloud.google.com/go/bigquery is now recognized as a SQL injection sink.
Added taint flow through the URL constructor from the url package, improving the identification of SSRF vulnerabilities.
Updated to allow analysis of Swift 6.1.2.
Added a predicate getReferencedMember to UsingDeclarationEntry, which yields a member depending on a type template parameter.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4