Copilot review on #22004: the Log/LogAttrs test cases didn't pass any
variadic args/attrs, so the Argument[..3] portion of the sink range was
untested. Pass an ...any arg to slog.Log/Logger.Log and a slog.Attr to
slog.LogAttrs/Logger.LogAttrs, with inline expectations asserting they're
captured as logged components.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The standard-library structured logger `log/slog` (Go 1.21+) was not
modeled, so `go/log-injection` and `go/clear-text-logging` were blind to
any code that logs through it.
Model its logging functions and `*slog.Logger` methods — `Debug`, `Info`,
`Warn`, `Error`, their `Context` variants, and `Log`/`LogAttrs` — as
`log-injection` sinks (the kind that feeds `LoggerCall`, powering both
queries). Adds `log/slog` cases to the `LoggerCall` library test.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- Extend synthetic uncertain reads to function exits of any function
that writes a captured variable, not just the declaring function.
This ensures writes to captured variables inside closures remain
live (matching the old `v.isCaptured()` liveness shortcut).
- Uncomment toString overrides for SsaExplicitDefinition, SsaVariableCapture,
SsaPhiNode, and SsaVariable to restore original output formats.
- Revert test expected files to pre-test-changes state matching the
correct toString formats and capture variable results.
Agent-Logs-Url: https://github.com/github/codeql/sessions/6dbf9d42-b2e2-42a2-984b-8ea31df4e633
Co-authored-by: owen-mc <62447351+owen-mc@users.noreply.github.com>
It was the number of result declarations, which is
different from the number of results when one
result declaration declares more than one
variable, as in `x, y int`.
A deferred Close runs at function exit, but the CFG splices it in at the exit node where it can be reached along paths that never execute Sync. The previous dominance check therefore produced a false positive when a statement followed the if-block that registered the defer (e.g. deferredCloseWithSync2). For deferred closes, require instead that a handled Sync post-dominates the point where the defer is registered, which guarantees Sync runs before Close on every path on which Close is registered. Non-deferred closes keep the existing dominance check.
Correct the doc for unhandledCall (it also matches expression statements where the result is discarded) and remove a stale commented-out line in isWritableFileHandle.
There are paths to the exit of the function which go through the defer
statement and paths which don't, so we add an optional call to the
deferred function. This causes FPs in the query as it stands.
