hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
codeql/go/old-change-notes/1.23/analysis-go.md
Chuan-kai Lin aa514fff32 codeql-go merge prep: move into go/ directory
2022-05-20 10:07:19 -07:00

1.9 KiB
Raw Permalink Blame History

Improvements to Go analysis

New queries

Query Tags Purpose
Clear-text logging of sensitive information (go/clear-text-logging) security, external/cwe/cwe-312, external/cwe/cwe-315, external/cwe/cwe-359 Highlights code that writes sensitive information to a log file, or to the console, without encryption or hashing. Results are shown on LGTM by default.
Open URL redirect (go/unvalidated-url-redirection) security, external/cwe/cwe-601 Highlights code that redirects to a URL that may be controlled by an attacker. Results are shown on LGTM by default.

Changes to existing queries

Query Expected impact Change
Expression has no effect (go/useless-expression) Fewer false positive results This query no longer flags calls to empty stub functions.
Hard-coded credentials (go/hardcoded-credentials) Fewer false positive results This query now recognizes more placeholder credentials.