{"id":487144,"date":"2025-09-10T21:34:27","date_gmt":"2025-09-10T21:34:27","guid":{"rendered":"https:\/\/Blockchain.News\/news\/codeql-2-23-0-enhances-security-detection-with-rust-log-injection-support"},"modified":"2025-09-10T21:34:27","modified_gmt":"2025-09-10T21:34:27","slug":"codeql-2-23-0-enhances-security-detection-with-rust-log-injection-support","status":"publish","type":"post","link":"https:\/\/e-bitco.in\/index.php\/2025\/09\/10\/codeql-2-23-0-enhances-security-detection-with-rust-log-injection-support\/","title":{"rendered":"CodeQL 2.23.0 Enhances Security Detection with Rust Log Injection Support"},"content":{"rendered":"<figure class=\"figure mt-2\">\n<p> <a href=\"https:\/\/blockchain.news\/Profile\/Rongchai-Wang\">Rongchai Wang<\/a> <span class=\"publication-date ml-2\"> Sep 10, 2025 21:34<\/span> <\/p>\n<p class=\"lead\">GitHub&#8217;s CodeQL 2.23.0 release introduces enhanced security detection, including a new Rust log injection query, improved data flow analysis, and faster extraction processes.<\/p>\n<p> <a href=\"https:\/\/image.blockchain.news:443\/features\/24B6EBDC6093F0C1F639A6A7DA12473E2D2C5C390185833B0F398CC7FCE1368C.jpg\"> <img decoding=\"async\" class=\"rounded\" src=\"https:\/\/image.blockchain.news:443\/features\/24B6EBDC6093F0C1F639A6A7DA12473E2D2C5C390185833B0F398CC7FCE1368C.jpg\" alt=\"CodeQL 2.23.0 Enhances Security Detection with Rust Log Injection Support\"> <\/a> <\/figure>\n<p>GitHub has announced the release of CodeQL 2.23.0, bringing significant improvements to its static analysis engine, which is pivotal for code scanning and security issue remediation. This latest update introduces a host of new features, including enhanced support for Rust, Java, C\/C++, C#, and Python, according to <a rel=\"nofollow\" href=\"https:\/\/github.blog\/changelog\/2025-09-10-codeql-2-23-0-adds-support-for-rust-log-injection-and-other-security-detection-improvements\/\">The GitHub Blog<\/a>.<\/p>\n<h2>Enhanced Rust Security<\/h2>\n<p>The most notable addition in CodeQL 2.23.0 is the introduction of a new Rust query for log injection detection, which helps identify potential vulnerabilities where log entries might be manipulated by malicious users. The Rust extractor has also been optimized for faster and more reliable performance, with improved modeling of the <code>std::fs<\/code>, <code>async_std::fs<\/code>, and <code>tokio::fs<\/code> libraries. These enhancements are expected to increase the detection of alerts related to Rust path injections.<\/p>\n<h2>Java and C\/C++ Improvements<\/h2>\n<p>In the realm of Java, the update promotes the query <code>java\/insecure-spring-actuator-config<\/code> to the main query pack, now renamed as <code>java\/spring-boot-exposed-actuators-config<\/code>. This query detects the exposure of Spring Boot actuators via configuration files and will now be included in default scans. Additionally, a bug causing false negatives in the <code>java\/dereferenced-value-may-be-null<\/code> query has been addressed.<\/p>\n<p>For C\/C++ developers, CodeQL 2.23.0 introduces flow summaries for <code>Microsoft::WRL::ComPtr<\/code> member functions, enhancing the precision of virtual function call resolutions. This improvement is expected to reduce false positives in C++ project analyses.<\/p>\n<h2>Updates for C# and Python<\/h2>\n<p>C# developers will benefit from a fix in data flow analysis, allowing more accurate tracking of flows through calls using the <code>base<\/code> qualifier. The default taint tracking configuration has been updated to cover implicit reads from collections, thereby increasing flow coverage and reducing false negatives.<\/p>\n<p>Python queries have been modernized to produce more comprehensive results, particularly in cases where exceptions are conditionally raised. The updates also address alerts specific to Python 2, ensuring queries like <code>py\/unexpected-raise-in-special-method<\/code>, <code>py\/incomplete-ordering<\/code>, and <code>py\/equals-hash-mismatch<\/code> are more relevant to current Python versions.<\/p>\n<h2>Deployment and Future Updates<\/h2>\n<p>All new features in CodeQL 2.23.0 are automatically deployed to GitHub code scanning users on github.com and will be included in future GitHub Enterprise Server releases. Users operating older versions of the GitHub Enterprise Server can manually upgrade to access the latest CodeQL capabilities.<\/p>\n<p><span><i>Image source: Shutterstock<\/i><\/span> <!-- Divider --> <!-- Author info END --> <!-- Divider --> <a href=\"https:\/\/blockchain.news\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Rongchai Wang Sep 10, 2025 21:34 GitHub&#8217;s CodeQL 2.23.0 release introduces enhanced security detection, including a new Rust log injection query, improved data flow analysis, and faster extraction processes. GitHub has announced the release of CodeQL 2.23.0, bringing significant improvements to its static analysis engine, which is pivotal for code scanning and security issue remediation. [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":487145,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12],"tags":[22113,8404,25,1503,183],"class_list":{"0":"post-487144","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-blockchain","8":"tag-codeql","9":"tag-github","10":"tag-news","11":"tag-rust","12":"tag-security"},"_links":{"self":[{"href":"https:\/\/e-bitco.in\/index.php\/wp-json\/wp\/v2\/posts\/487144","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/e-bitco.in\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/e-bitco.in\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/e-bitco.in\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/e-bitco.in\/index.php\/wp-json\/wp\/v2\/comments?post=487144"}],"version-history":[{"count":0,"href":"https:\/\/e-bitco.in\/index.php\/wp-json\/wp\/v2\/posts\/487144\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/e-bitco.in\/index.php\/wp-json\/wp\/v2\/media\/487145"}],"wp:attachment":[{"href":"https:\/\/e-bitco.in\/index.php\/wp-json\/wp\/v2\/media?parent=487144"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/e-bitco.in\/index.php\/wp-json\/wp\/v2\/categories?post=487144"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/e-bitco.in\/index.php\/wp-json\/wp\/v2\/tags?post=487144"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}