Rongchai Wang
Oct 10, 2025 02:01
GitHub’s CodeQL 2.23.2 update introduces enhanced Rust security detections and accuracy improvements across various programming languages, including JavaScript, Python, Ruby, and Go.
GitHub has released CodeQL 2.23.2, a significant update to its static analysis engine that powers code scanning on the platform. This latest version introduces new security detections for Rust and enhances accuracy across multiple programming languages, according to The GitHub Blog.
Key Enhancements in CodeQL 2.23.2
CodeQL 2.23.2 brings a notable focus on Rust, introducing a new query to detect non-HTTPS URLs, which are vulnerable to interception by third parties. This addition strengthens Rust’s security profile within the CodeQL toolset.
In the realm of JavaScript and TypeScript, the update includes improved support for the graphql library. Data flow from GraphQL query sources and variables to resolver function parameters is now tracked. Additionally, support has been expanded for several AWS SDK packages, enhancing CodeQL’s capabilities to analyze applications utilizing cloud services.
Python developers will benefit from enhanced data flow tracking through global variables, supporting nested field access patterns. This improvement increases the precision of taint tracking analysis, especially in complex global variable structures. Furthermore, Python’s regular expression queries have been refined to reduce false positives, and the py/inheritance/signature-mismatch query has been modernized for more precise results.
Improvements Across Other Languages
Ruby’s Grape framework now has initial modeling within CodeQL, allowing for the detection of API endpoints, parameters, and headers in Grape API classes. This enhances security analysis for Ruby applications utilizing this popular framework.
For Go, the update introduces support for the Git Source type for private package registries, complementing the existing GOPROXY server support. This broadens the scope of package management analysis within Go projects.
In C#, CodeQL has improved the modeling of null guards based on complex pattern expressions, which reduces false positives in queries related to dereferenced values that may be null.
Deployment and Future Updates
All new features and improvements in CodeQL 2.23.2 are automatically deployed to GitHub code scanning users on github.com. These updates will also be integrated into a future release of GitHub Enterprise Server (GHES). Users of older GHES versions can manually upgrade to the new CodeQL version to take advantage of these enhancements.
For a comprehensive list of updates included in CodeQL 2.23.2, users can refer to the official changelog.
Image source: Shutterstock
Credit: Source link
