Skip to content
This repository was archived by the owner on Jan 5, 2023. It is now read-only.

Commit d8c6361

Browse files
Shati PatelGitHub Enterprise
Shati Patel
authored and
GitHub Enterprise
committed
Merge pull request #187 from max/rc/1.23
Add change notes for 1.23.
2 parents 8cc60ba + 7136713 commit d8c6361

File tree

1 file changed

+15
-0
lines changed

1 file changed

+15
-0
lines changed

change-notes/1.23/analysis-go.md

+15
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
# Improvements to Go analysis
2+
3+
## New queries
4+
5+
| **Query** | **Tags** | **Purpose** |
6+
|---------------------------------------------------------------------------|----------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------|
7+
| Clear-text logging of sensitive information (`go/clear-text-logging`) | security, external/cwe/cwe-312, external/cwe/cwe-315, external/cwe/cwe-359 | Highlights code that writes sensitive information to a log file or to the console without encryption or hashing. Results are shown on LGTM by default. |
8+
| Open URL redirect (`go/unvalidated-url-redirection`) | security, external/cwe/cwe-601 | Highlights code that redirects to a URL that may be controlled by an attacker. Results are shown on LGTM by default. |
9+
10+
## Changes to existing queries
11+
12+
| **Query** | **Expected impact** | **Change** |
13+
|-----------------------------------------------------|------------------------------|-----------------------------------------------------------|
14+
| Expression has no effect (`go/useless-expression`) | Fewer false positive reuslts | This query no longer flags calls to empty stub functions. |
15+
| Hard-coded credentials (`go/hardcoded-credentials`) | Fewer false positive results | This query now recognizes more placeholder credentials. |

0 commit comments

Comments
 (0)