You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Jan 5, 2023. It is now read-only.
| Arbitrary file write during zip extraction ("zip slip") (`go/zipslip`) | Fewer false positives | The query now recognizes more cases where it is safe to use a path extractor from an archive. |
32
-
| Bitwise exclusive-or used like exponentiation (`go/mistyped-exponentiation`) | Fewer false positives| The query now identifies when the value of an xor is assigned to a mask object, and excludes such results. |
33
-
| Command built from user-controlled sources (`go/command-injection`) | More results | The library models used by the query have been improved, allowing it to flag more potentially problematic cases, including sources that flow into shells, sudo, or programming-language interpreters as arguments. |
34
-
| Database query built from user-controlled sources (`go/sql-injection`) | More results | The library models used by the query have been improved, allowing it to flag more potentially problematic cases. |
35
-
| Identical operands (`go/redundant-operation`) | Fewer false positives| The query no longer flags cases where the operands have the same value but are syntactically distinct, since this is usually intentional. |
36
-
| Incomplete regular expression for hostnames (`go/incomplete-hostname-regexp`) | More results | The query now flags unescaped dots before the TLD in a hostname regex. |
37
-
| Open URL redirect (`go/unvalidated-url-redirection`) | Fewer false positives| The query now identifies some sources that are not attacker-controlled, and excludes results with such sources. |
38
-
| Reflected cross-site scripting (`go/reflected-xss`) | Fewer results | Untrusted input flowing into an HTTP header definition or into an `fmt.Fprintf` call with a constant prefix is no longer flagged, since it is in both cases often harmless. |
39
-
| Useless assignment to field (`go/useless-assignment-to-field`) | Fewer false positives| The query now conservatively handles fields promoted through embedded pointer types. |
| Arbitrary file write during zip extraction ("zip slip") (`go/zipslip`) | Fewer false positive results | The query now excludes more cases where it is safe to use a path extractor from an archive.|
32
+
| Bitwise exclusive-or used like exponentiation (`go/mistyped-exponentiation`) | Fewer false positive results| The query now identifies when the value of an xor is assigned to a mask object, and excludes such results. |
33
+
| Command built from user-controlled sources (`go/command-injection`) | More results | The library models used by the query have been improved, allowing it to flag more potentially problematic cases, including sources that flow into shells, sudo, or programming-language interpreters as arguments. |
34
+
| Database query built from user-controlled sources (`go/sql-injection`) | More results | The library models used by the query have been improved, allowing it to flag more potentially problematic cases. |
35
+
| Identical operands (`go/redundant-operation`) | Fewer false positive results| The query no longer flags cases where the operands have the same value but are syntactically distinct, since this is usually intentional. |
36
+
| Incomplete regular expression for hostnames (`go/incomplete-hostname-regexp`) | More results | The query now flags unescaped dots before the TLD in a hostname regex. |
37
+
| Open URL redirect (`go/unvalidated-url-redirection`) | Fewer false positive results| The query now identifies some sources that are not attacker-controlled, and excludes results with such sources. |
38
+
| Reflected cross-site scripting (`go/reflected-xss`) | Fewer results | Untrusted input flowing into an HTTP header definition or into an `fmt.Fprintf` call with a constant prefix is no longer flagged, since it is in both cases often harmless. |
39
+
| Useless assignment to field (`go/useless-assignment-to-field`) | Fewer false positive results| The query now conservatively handles fields promoted through embedded pointer types. |
0 commit comments