CodeQL 2.23.0 Enhances Rust Log Injection Support

CodeQL, the static analysis engine behind GitHub code scanning, identifies and resolves security issues in code. The recent release of CodeQL 2.23.0 introduces a new Rust security query, elevates a Java Spring Boot security query, and includes a faster Rust extractor.

In C#, a bug in data flow analysis has been fixed, allowing more accurate tracking of flow through calls using the base qualifier. The default taint tracking configuration now permits implicit reads from collections at sinks and in additional flow steps, increasing flow coverage for many taint tracking queries and reducing false negatives.

For Rust, path resolution has been removed from the Rust extractor, enhancing extraction speed and reliability. Improvements in modeling the std::fs, async_std::fs, and tokio::fs libraries may lead to more alerts being detected by Rust injection queries, particularly rust/path-injection.

Improvements and additions have been made to queries across several languages. For a complete list of changes, refer to the full changelog for version 2.23.0. Every new version of CodeQL is automatically deployed to GitHub code scanning users on github.com. The new functionality in CodeQL 2.23.0 will also be included in a future GitHub Enterprise Server (GHES) release. Users of older GHES versions can manually upgrade their CodeQL version.