Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit f5c195d

Browse files
owen-mcowen-mc
committed
Remove change note from 1.15.md
We will include this change note when there is documentation about how to use the functionality.
1 parent 5e390a3 commit f5c195d

2 files changed

Lines changed: 12 additions & 12 deletions

File tree

go/ql/lib/change-notes/2024-09-03-local-threat-models-file-environment.md

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
---
2+
category: minorAnalysis
3+
---
4+
* Local source models for reading and parsing environment variables have been added for the following libraries:
5+
* os
6+
* syscall
7+
* github.com/caarlos0/env
8+
* github.com/gobuffalo/envy
9+
* github.com/hashicorp/go-envparse
10+
* github.com/joho/godotenv
11+
* github.com/kelseyhightower/envconfig
12+
* Local source models have been added for the APIs which open files in the `io/fs`, `io/ioutil` and `os` packages in the Go standard library. You can optionally include threat models as appropriate when using the CodeQL CLI and in GitHub code scanning. For more information, see [Analyzing your code with CodeQL queries](https://docs.github.com/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries#including-model-packs-to-add-potential-sources-of-tainted-data>) and [Customizing your advanced setup for code scanning](https://docs.github.com/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#extending-codeql-coverage-with-threat-models).

go/ql/lib/change-notes/released/1.1.5.md

Lines changed: 0 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -1,17 +1,5 @@
11
## 1.1.5
22

3-
### Minor Analysis Improvements
4-
5-
* Local source models for reading and parsing environment variables have been added for the following libraries:
6-
- os
7-
- syscall
8-
- github.com/caarlos0/env
9-
- github.com/gobuffalo/envy
10-
- github.com/hashicorp/go-envparse
11-
- github.com/joho/godotenv
12-
- github.com/kelseyhightower/envconfig
13-
* Local source models have been added for the APIs which open files in the `io/fs`, `io/ioutil` and `os` packages in the Go standard library. You can optionally include threat models as appropriate when using the CodeQL CLI and in GitHub code scanning. For more information, see [Analyzing your code with CodeQL queries](https://docs.github.com/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries#including-model-packs-to-add-potential-sources-of-tainted-data>) and [Customizing your advanced setup for code scanning](https://docs.github.com/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#extending-codeql-coverage-with-threat-models).
14-
153
### Bug Fixes
164

175
* Fixed an issue where `io/ioutil.WriteFile`'s non-path arguments incorrectly generated `go/path-injection` alerts when untrusted data was written to a file, or controlled the file's mode.

0 commit comments

Comments
 (0)