CodeQL 2.9.4 (2022-06-20)ΒΆ
This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the code scanning section on the GitHub blog, relevant GitHub Changelog updates, changes in the CodeQL extension for Visual Studio Code, and the CodeQL Action changelog.
Security CoverageΒΆ
CodeQL 2.9.4 runs a total of 335 security queries when configured with the Default suite (covering 142 CWE). The Extended suite enables an additional 104 queries (covering 30 more CWE).
CodeQL CLIΒΆ
New FeaturesΒΆ
Users of CodeQL Packaging Beta can now optionally authenticate to Container registries on GitHub Enterprise Server (GHES) versions 3.6 and later using standard input instead of the
CODEQL_REGISTRIES_AUTHenvironment variable. To authenticate via standard input, pass--registries-auth-stdin. The value you provide will override the value of theCODEQL_REGISTRIES_AUTHenvironment variable.
Language LibrariesΒΆ
Minor Analysis ImprovementsΒΆ
RubyΒΆ
Calls to
Zip::File.openandZip::File.newhave been added asFileSystemAccesssinks. As a result queries likerb/path-injectionnow flag up cases where users may access arbitrary archive files.
New FeaturesΒΆ
C/C++ΒΆ
An
isBracedpredicate was added to theInitializerclass which holds when a C++ braced initializer was used in the initialization.