CodeQL code scanning now recognizes more sources and uses of untrusted user data
We’ve improved the depth of CodeQL's analysis by adding support for more libraries and frameworks and increasing the coverage of our existing library and framework models for several languages (C++, JavaScript, Python, and Java). As a result, CodeQL can now detect even more potential sources of untrusted user data, steps through which that data flows, and potentially dangerous sinks in which this data could end up. This results in an overall improvement of the quality of the code scanning alerts.
We carefully choose and prioritize the libraries and frameworks supported by CodeQL based on their popularity and through user feedback. The libraries and frameworks added and improved are listed below.
C/C++
JavaScript and TypeScript
- @octokit/rest
- resolve
- serialize-javascript
- numeral
- serverless
- serve
- joi
- knex
- chokidar
- match
- promisify
- dayjs
- luxon
- date-io
- mustache
- colors
- ansi-colors
- wrap-ansi
- colorette
- cli-highlight
- cli-color
- slice-ansi
Python
- Twisted
- Rsa
- Jmespath
- MarkupSafe
- Improvements to Idna
- Improvements to SimpleJson
- Improvements to aiohttp
Java
- Improvements to Guava Libraries
- Improvements to Apache Commons Lang library
- Improvements to JAX-RS
Learn more about CodeQL and code scanning.