Extend logi to support additional logging libraries

[picatz]

This pull request extends the functionality of the logi analyzer to detect potential log injection vulnerabilities across several popular logging libraries. It introduces support for github.com/golang/glog, github.com/hashicorp/go-hclog, github.com/sirupsen/logrus, and go.uber.org/zap. Additionally, it improves the analysis logic and adds comprehensive test cases for the new logging libraries.

---

https://chatgpt.com/codex/tasks/task_e_686bdcbf3d10833184af56bd6a0f8798

[Copilot]

Pull Request Overview

This PR extends the logi analyzer to detect log injection in additional Go logging libraries and adds tests for each new sink.

• Added support for glog, go-hclog, logrus, and zap sinks in injection.go
• Updated import detection to recursively walk dependency graph
• Added test cases under testdata for each new logging library

Reviewed Changes

Copilot reviewed 12 out of 12 changed files in this pull request and generated 2 comments.

File	Description
log/injection/injection.go	Added new sinks for multiple logging libraries and recursive import check
log/injection/injection_test.go	Added TestH, TestI, TestJ, TestK, and TestL to cover new libraries
log/injection/testdata/src/h/main.go … /l/main.go	Test fixtures for glog, zap, logrus, and hclog usage
README.md	Updated logi description to list the newly supported packages

Comments suppressed due to low confidence (2)

log/injection/injection.go:215

• [nitpick] The error message is generic; consider including the specific sink or field name to give more context, e.g., potential log injection in %s.

		pass.Reportf(result.SinkValue.Pos(), "potential log injection")

log/injection/injection_test.go:39

• You’ve registered sinks for method-based loggers like (*logrus.Logger).Info and (*zap.SugaredLogger).Info but haven’t added tests for those method receivers. Consider adding table-driven tests to cover those cases.

func TestH(t *testing.T) {