Skip to content
This repository was archived by the owner on Jan 5, 2023. It is now read-only.

Commit 7136713

Browse files
author
Max Schaefer
committed
Add change notes for 1.23.
1 parent 8cc60ba commit 7136713

File tree

1 file changed

+15
-0
lines changed

1 file changed

+15
-0
lines changed

change-notes/1.23/analysis-go.md

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
# Improvements to Go analysis
2+
3+
## New queries
4+
5+
| **Query** | **Tags** | **Purpose** |
6+
|---------------------------------------------------------------------------|----------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------|
7+
| Clear-text logging of sensitive information (`go/clear-text-logging`) | security, external/cwe/cwe-312, external/cwe/cwe-315, external/cwe/cwe-359 | Highlights code that writes sensitive information to a log file or to the console without encryption or hashing. Results are shown on LGTM by default. |
8+
| Open URL redirect (`go/unvalidated-url-redirection`) | security, external/cwe/cwe-601 | Highlights code that redirects to a URL that may be controlled by an attacker. Results are shown on LGTM by default. |
9+
10+
## Changes to existing queries
11+
12+
| **Query** | **Expected impact** | **Change** |
13+
|-----------------------------------------------------|------------------------------|-----------------------------------------------------------|
14+
| Expression has no effect (`go/useless-expression`) | Fewer false positive reuslts | This query no longer flags calls to empty stub functions. |
15+
| Hard-coded credentials (`go/hardcoded-credentials`) | Fewer false positive results | This query now recognizes more placeholder credentials. |

0 commit comments

Comments
 (0)