Owen Mansel-Chan
Owen Mansel-Chan
Currently missing: tracing back from the receiver of a call to `strings.Replacer.Replace` to find the original call to `strings.NewReplacer` to determine what is actually being replaced, and ensure it is...
I've also add the extra sanitizers to [the other place where string replacement is a sanitizer](https://github.com/github/codeql-go/blob/main/ql/lib/semmle/go/security/StringBreakCustomizations.qll#L88). (Note: this does include the "tracing back" to find out what kind of quote...
@smowton Currently, for log injection this PR doesn't check that the receiver of a call to `strings.Replacer.Replace` was constructed with `\r` and/or `\n` as strings that will be replaced. It...
CI is currently failing when trying to extract `ql/test/library-tests/semmle/go/frameworks/SQL/`. You need to update the version of Squirrel in `ql/test/library-tests/semmle/go/frameworks/SQL/vendor/modules.txt` to match the corresponding `go.mod`. With that change, the tests fail...
dependabot ignore this dependency
The tests needs stubs for the dependencies, which you can make using depstubber. Please put the go generate commands as comments in the test file.
Two errors in your test: ``` | test.go:122:31:122:31 | rKlauspost.File undefined (type *"github.com/klauspost/compress/zip".ReadCloser has no field or method File) | | test.go:226:14:226:14 | cannot use snappyklauspost (variable of type interface{})...
Need to update expected results for DecompressionBombs.qlref
Are the files in `go/vendor` that you add in this PR meant to be there? I'd expect stubs to only be in test folders. They are now causing conflicts because...
If the tests are giving different results locally than in CI then I would suggest (1) making sure your codeql CLI is up to date, (2) making sure that you...