hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 08:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add change note

Browse Source
This commit is contained in:
Owen Mansel-Chan
2025-03-18 15:02:29 +00:00
parent 11ff0a08f3
commit bf78160830
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
go/ql/lib/change-notes/2025-03-18-loggercall-type-format-specifier.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* `LoggerCall::getAMessageComponent` no longer returns arguments to logger calls which correspond to the verb `%T` in a format specifier. This will remove false positives in "Log entries created from user input" (`go/log-injection`) and "Clear-text logging of sensitive information" (`go/clear-text-logging`), and it may lead to more results in "Use of constant `state` value in OAuth 2.0 URL" (`go/constant-oauth2-state`).