hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 09:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Reword change note

Browse Source
This commit is contained in:
Owen Mansel-Chan
2025-07-22 00:09:37 +01:00
committed by GitHub
parent b4b848a25c
commit e2f3c9d1b6
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
go/ql/lib/change-notes/2025-07-15-path-injection-sanitizers.md
View File

@@ -1,4 +1,5 @@
---
category: minorAnalysis
---
* Remove model `CreateTemp` function, from the `os` package, as a path-injection sink due to proper sanitization by Go. Add check for `os.PathSeparator` in sanitizers for path-injection query.
* The second argument of the `CreateTemp` function, from the `os` package, is no longer a path-injection sink due to proper sanitization by Go.
* The query "Uncontrolled data used in path expression" (`go/path-injection`) now detects sanitizing a path by adding `os.PathSeparator` or `\` to the beginning.