CodeQL 2.23.2 Adds Rust Security Detections and Enhanced Language Support
Allison reports on the CodeQL 2.23.2 release, detailing important new security queries for Rust, advanced data flow tracking, and improvements to code scanning accuracy across multiple languages.
CodeQL 2.23.2 Adds Rust Security Detections and Enhanced Language Support
Author: Allison
CodeQL, the static analysis engine underlying GitHub code scanning, has reached version 2.23.2. This update focuses on expanded security detection—especially for the Rust language—and improved precision for a broad range of supported technologies.
Highlights of the Release
- New Rust Security Query: Detection for insecure non-HTTPS URLs in Rust projects (
rust/non-https-url), safeguarding against network interception risks. - Improved Language Support:
- JavaScript/TypeScript: Better data flow tracking for GraphQL, and expanded support for AWS SDK packages (
aws-sdk,@aws-sdk/client-dynamodb, etc.). - Python: Taint tracking now considers complex nested global variables. Regex safety queries accurately account for special assertion usage. The
py/inheritance/signature-mismatchquery is modernized, consolidating deprecated checks for clearer results. - Ruby: Initial recognition of API endpoints in Ruby apps using the Grape framework, which helps surface security issues in API code.
- Go: Expanded analysis for private registries using Git Source and continued support for GOPROXY servers.
- C#: Enhanced modeling of null guard expressions reduces false positives in dereference checks.
- JavaScript/TypeScript: Better data flow tracking for GraphQL, and expanded support for AWS SDK packages (
Security and Code Quality Enhancements
- Security Remediation: The new features make it easier for teams to identify and remediate vulnerabilities before code reaches production.
- Accurate Alerts: Improvements minimize false positives and false negatives, giving engineering teams more actionable results.
- Broader CI/CD Integration: Every CodeQL release is automatically rolled out to GitHub code scanning users, with guidance available for self-managed GitHub Enterprise Server (GHES).
Upgrade Guidance and Links
Conclusion
CodeQL 2.23.2 strengthens application security posture by expanding detection coverage and improving analysis quality across modern programming languages. Developers using GitHub code scanning can take immediate advantage of these improvements, reinforcing their secure software delivery practices.
This post appeared first on “The GitHub Blog”. Read the entire article here