codeql/2026-03-19-fix-log-forging-extension-methods.md at 628f85aebcf23ee9a7a944c8ca8d00aefc00b8eb - codeql - Gitea: Git with a cup of tea

hohn/codeql

mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00

Files

Gregro a59c865328 let interprocedural analysis handle source-available extension methods for LogForgingLogMessageSink's

2026-03-21 20:05:08 +00:00

313 B

Raw Blame History

category

category
minorAnalysis

The cs/log-forging query no longer treats arguments to extension methods with source code on ILogger types as sinks. Instead, taint is tracked interprocedurally through extension method bodies, reducing false positives when extension methods sanitize input internally.