From a25a21eb115e350c67bc3955c8d3e5d02d770243 Mon Sep 17 00:00:00 2001
From: Slavomir <gagliardetto@users.noreply.github.com>
Date: Wed, 1 Apr 2020 15:14:22 +0300
Subject: [PATCH] Add change-note

---
 change-notes/1.24/analysis-go.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/change-notes/1.24/analysis-go.md b/change-notes/1.24/analysis-go.md
index 2212c4d2e39..86da77dbfce 100644
--- a/change-notes/1.24/analysis-go.md
+++ b/change-notes/1.24/analysis-go.md
@@ -31,3 +31,4 @@ The CodeQL library for Go now contains a folder of simple "cookbook" queries tha
 | Useless assignment to field (`go/useless-assignment-to-field`)                | Fewer false positives | The query now conservatively handles fields promoted through embedded pointer types.                                                                                        |
 | Bitwise exclusive-or used like exponentiation (`go/mistyped-exponentiation`)  | Fewer false positives | The query now identifies when the value of an xor is assigned to a mask object, and excludes such results.                                                                  |
 | Open URL redirect (`go/unvalidated-url-redirection`)                          | Fewer false positives | The query now identifies some sources that are not attacker-controlled, and excludes results with such sources.                                                             |
+| Operating system command from user-controlled sources (`go/command-injection`) | More results          | The library models used by the query have been improved, allowing it to flag more potentially problematic cases, including sources that flow into shells, sudo, or programming-language interpreters as arguments. |