sauyon
b7ef551b52
Address review: exercise variadic args/attrs in slog Log/LogAttrs tests
...
Copilot review on #22004 : the Log/LogAttrs test cases didn't pass any
variadic args/attrs, so the Argument[..3] portion of the sink range was
untested. Pass an ...any arg to slog.Log/Logger.Log and a slog.Attr to
slog.LogAttrs/Logger.LogAttrs, with inline expectations asserting they're
captured as logged components.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-06-17 20:27:00 -07:00
sauyon
00427d204c
Go: Model log/slog as a logging sink
...
The standard-library structured logger `log/slog` (Go 1.21+) was not
modeled, so `go/log-injection` and `go/clear-text-logging` were blind to
any code that logs through it.
Model its logging functions and `*slog.Logger` methods — `Debug`, `Info`,
`Warn`, `Error`, their `Context` variants, and `Log`/`LogAttrs` — as
`log-injection` sinks (the kind that feeds `LoggerCall`, powering both
queries). Adds `log/slog` cases to the `LoggerCall` library test.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-06-17 20:02:29 -07:00
Owen Mansel-Chan
1154db4f86
Merge pull request #21957 from owen-mc/go/fix-result-node
...
Go: fix `DataFlow::ResultNode` and some related things
2026-06-17 12:20:27 +01:00
Owen Mansel-Chan
0a065c93de
Update QLDoc for ResultNode
2026-06-17 11:03:23 +01:00
Owen Mansel-Chan
6161922ba4
Merge pull request #21940 from owen-mc/go/unhandled-writable-file-close
...
Go: Improve precision of `go/unhandled-writable-file-close`
2026-06-17 10:58:08 +01:00
dependabot[bot]
1ac079d066
Bump golang.org/x/tools
...
Bumps the extractor-dependencies group in /go/extractor with 1 update: [golang.org/x/tools](https://github.com/golang/tools ).
Updates `golang.org/x/tools` from 0.45.0 to 0.46.0
- [Release notes](https://github.com/golang/tools/releases )
- [Commits](https://github.com/golang/tools/compare/v0.45.0...v0.46.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/tools
dependency-version: 0.46.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: extractor-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-06-12 03:03:31 +00:00
Owen Mansel-Chan
b4a9689341
Convert .qlref test to inline expectations
2026-06-11 07:15:54 +02:00
Owen Mansel-Chan
6a8e20a0c8
Fix pre-existing whitespace issues in go test files
2026-06-11 07:15:09 +02:00
Owen Mansel-Chan
4c411bbcb5
Convert hand-rolled inline expectations test
2026-06-11 07:13:48 +02:00
Owen Mansel-Chan
990913519d
Make comment clearer
2026-06-09 12:20:10 +02:00
Owen Mansel-Chan
e22f9fadd7
Fix mistakes in change notes
...
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com >
2026-06-09 12:20:08 +02:00
Owen Mansel-Chan
071a0e3d7d
Add change notes
2026-06-09 12:20:06 +02:00
Owen Mansel-Chan
a92349683e
Deprecate FuncTypeExpr.getResultDecl()
...
It is unused in this library. It could easily be used incorrectly and
silently omit results when `getNumResult() > 1`.
2026-06-09 12:20:04 +02:00
Owen Mansel-Chan
8ce543bf4d
Fix: getNumResult() was wrong in some cases
...
It was the number of result declarations, which is
different from the number of results when one
result declaration declares more than one
variable, as in `x, y int`.
2026-06-09 12:20:02 +02:00
Owen Mansel-Chan
da777a455d
Improve QLDoc
2026-06-09 12:19:58 +02:00
Owen Mansel-Chan
f4f17b01c1
Fix result node and remove SPURIOUS test result
2026-06-09 12:19:56 +02:00
Owen Mansel-Chan
1c47084479
Add result node test with SPURIOUS result
2026-06-09 12:19:51 +02:00
Owen Mansel-Chan
c241049384
Add control flow test for result read steps
2026-06-09 12:19:49 +02:00
dependabot[bot]
72fcf27d1a
Bump golang.org/x/mod
...
Bumps the extractor-dependencies group in /go/extractor with 1 update: [golang.org/x/mod](https://github.com/golang/mod ).
Updates `golang.org/x/mod` from 0.36.0 to 0.37.0
- [Commits](https://github.com/golang/mod/compare/v0.36.0...v0.37.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/mod
dependency-version: 0.37.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: extractor-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-06-09 03:03:37 +00:00
github-actions[bot]
5a38cbd5d5
Go: Update to 1.26.4
2026-06-08 04:30:10 +00:00
Owen Mansel-Chan
c170002fb1
Update test output
2026-06-04 13:52:05 +01:00
Owen Mansel-Chan
14e3ee2fb0
Add change note
2026-06-04 13:39:42 +01:00
Owen Mansel-Chan
50e0354911
Tidy up comments in isSink
2026-06-04 13:39:36 +01:00
Owen Mansel-Chan
101812310c
Inline isCloseCall into isSink
2026-06-04 13:39:24 +01:00
Owen Mansel-Chan
c87bfd5f28
Remove redundant call to isCloseSink
2026-06-04 13:09:10 +01:00
Owen Mansel-Chan
05e21adc53
Accept test changes
2026-06-04 13:09:07 +01:00
Owen Mansel-Chan
f67d0ea961
Go: Account for deferred Close in writable-file-close query
...
A deferred Close runs at function exit, but the CFG splices it in at the exit node where it can be reached along paths that never execute Sync. The previous dominance check therefore produced a false positive when a statement followed the if-block that registered the defer (e.g. deferredCloseWithSync2). For deferred closes, require instead that a handled Sync post-dominates the point where the defer is registered, which guarantees Sync runs before Close on every path on which Close is registered. Non-deferred closes keep the existing dominance check.
2026-06-04 13:09:05 +01:00
Owen Mansel-Chan
5217ede621
Go: Tidy up comments in writable-file-close query
...
Correct the doc for unhandledCall (it also matches expression statements where the result is discarded) and remove a stale commented-out line in isWritableFileHandle.
2026-06-04 13:09:03 +01:00
Owen Mansel-Chan
59908124c1
Add test showing limits of DeferStmt in CFG
...
There are paths to the exit of the function which go through the defer
statement and paths which don't, so we add an optional call to the
deferred function. This causes FPs in the query as it stands.
2026-06-04 12:21:38 +01:00
Owen Mansel-Chan
d55ff83568
Merge pull request #21269 from owen-mc/go/improve-tests-for-varargs-flow
...
Go: improve tests for varargs flow
2026-06-03 12:39:46 +01:00
Owen Mansel-Chan
9dbe9adb00
Update tests
2026-06-02 09:34:03 +01:00
Owen Mansel-Chan
703cea2b65
Model panicking log functions better
2026-06-02 01:32:00 +01:00
Owen Mansel-Chan
e6e8e3d005
Taint doesn't flow through panicking functions
2026-06-02 01:31:44 +01:00
Owen Mansel-Chan
adc9b7714b
Accept changed test output
2026-06-02 00:57:06 +01:00
Owen Mansel-Chan
e706c5f444
Improve test for non-returning fns
2026-06-02 00:56:12 +01:00
Owen Mansel-Chan
8a1e6d4f64
Add missing QLDocs
2026-06-02 00:41:48 +01:00
Owen Mansel-Chan
1a747dd8be
(Trivial) Fix QLDoc grammar
2026-06-02 00:39:25 +01:00
Owen Mansel-Chan
28bb1a6870
Add change note
2026-06-02 00:16:23 +01:00
Owen Mansel-Chan
45b1253b23
Improve glog and klog tests
2026-06-02 00:16:21 +01:00
Owen Mansel-Chan
c99dab1d71
Improve glog (and klog) modelling
2026-06-02 00:16:19 +01:00
Owen Mansel-Chan
f3e3647209
Improve noretFunctions test
2026-06-02 00:16:17 +01:00
Owen Mansel-Chan
8d099cbe38
Recognize more non-returning logging functions
2026-06-02 00:15:58 +01:00
github-actions[bot]
cfb18c2477
Post-release preparation for codeql-cli-2.25.6
2026-05-29 12:04:35 +00:00
github-actions[bot]
8b6f969cdb
Release preparation for version 2.25.6
2026-05-29 11:27:54 +00:00
Henry Mercer
9bc0c1b1ab
Revert "Release preparation for version 2.25.6"
2026-05-29 12:13:50 +01:00
github-actions[bot]
44a914e40f
Release preparation for version 2.25.6
2026-05-25 10:23:26 +00:00
github-actions[bot]
9f64000962
Post-release preparation for codeql-cli-2.25.5
2026-05-18 15:20:31 +00:00
github-actions[bot]
e38616a2ef
Release preparation for version 2.25.5
2026-05-18 12:05:32 +00:00
Jeroen Ketema
76f71dd235
Merge pull request #21817 from jketema/go-version
...
Go: Make version parsing robust in the face of custom Go builds
2026-05-18 10:45:55 +02:00
Owen Mansel-Chan
6b65866ff4
Merge branch 'main' into fix/go-extractor-root-test-files
2026-05-11 17:18:43 +01:00