hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into ruby-framework-grape

Browse Source
This commit is contained in:
Chad Bentz
2025-09-17 12:12:13 -04:00
committed by GitHub
parent c5e3be2c4c 4f8166a661
commit 141b470002
681 changed files with 10730 additions and 12408 deletions
Download Patch File Download Diff File Expand all files Collapse all files

677
Cargo.lock generated
View File

File diff suppressed because it is too large Load Diff

58
MODULE.bazel
View File

@@ -89,8 +89,8 @@ use_repo(
"vendor_py__cc-1.2.14",
"vendor_py__clap-4.5.30",
"vendor_py__regex-1.11.1",
"vendor_py__tree-sitter-0.20.4",
"vendor_py__tree-sitter-graph-0.7.0",
"vendor_py__tree-sitter-0.24.7",
"vendor_py__tree-sitter-graph-0.12.0",
)
# deps for ruby+rust
@@ -101,50 +101,50 @@ use_repo(
"vendor_ts__anyhow-1.0.99",
"vendor_ts__argfile-0.2.1",
"vendor_ts__chalk-ir-0.104.0",
"vendor_ts__chrono-0.4.41",
"vendor_ts__clap-4.5.44",
"vendor_ts__chrono-0.4.42",
"vendor_ts__clap-4.5.47",
"vendor_ts__dunce-1.0.5",
"vendor_ts__either-1.15.0",
"vendor_ts__encoding-0.2.33",
"vendor_ts__figment-0.10.19",
"vendor_ts__flate2-1.1.0",
"vendor_ts__flate2-1.1.2",
"vendor_ts__glob-0.3.3",
"vendor_ts__globset-0.4.15",
"vendor_ts__globset-0.4.16",
"vendor_ts__itertools-0.14.0",
"vendor_ts__lazy_static-1.5.0",
"vendor_ts__mustache-0.9.0",
"vendor_ts__num-traits-0.2.19",
"vendor_ts__num_cpus-1.17.0",
"vendor_ts__proc-macro2-1.0.97",
"vendor_ts__proc-macro2-1.0.101",
"vendor_ts__quote-1.0.40",
"vendor_ts__ra_ap_base_db-0.0.300",
"vendor_ts__ra_ap_cfg-0.0.300",
"vendor_ts__ra_ap_hir-0.0.300",
"vendor_ts__ra_ap_hir_def-0.0.300",
"vendor_ts__ra_ap_hir_expand-0.0.300",
"vendor_ts__ra_ap_hir_ty-0.0.300",
"vendor_ts__ra_ap_ide_db-0.0.300",
"vendor_ts__ra_ap_intern-0.0.300",
"vendor_ts__ra_ap_load-cargo-0.0.300",
"vendor_ts__ra_ap_parser-0.0.300",
"vendor_ts__ra_ap_paths-0.0.300",
"vendor_ts__ra_ap_project_model-0.0.300",
"vendor_ts__ra_ap_span-0.0.300",
"vendor_ts__ra_ap_stdx-0.0.300",
"vendor_ts__ra_ap_syntax-0.0.300",
"vendor_ts__ra_ap_vfs-0.0.300",
"vendor_ts__ra_ap_base_db-0.0.301",
"vendor_ts__ra_ap_cfg-0.0.301",
"vendor_ts__ra_ap_hir-0.0.301",
"vendor_ts__ra_ap_hir_def-0.0.301",
"vendor_ts__ra_ap_hir_expand-0.0.301",
"vendor_ts__ra_ap_hir_ty-0.0.301",
"vendor_ts__ra_ap_ide_db-0.0.301",
"vendor_ts__ra_ap_intern-0.0.301",
"vendor_ts__ra_ap_load-cargo-0.0.301",
"vendor_ts__ra_ap_parser-0.0.301",
"vendor_ts__ra_ap_paths-0.0.301",
"vendor_ts__ra_ap_project_model-0.0.301",
"vendor_ts__ra_ap_span-0.0.301",
"vendor_ts__ra_ap_stdx-0.0.301",
"vendor_ts__ra_ap_syntax-0.0.301",
"vendor_ts__ra_ap_vfs-0.0.301",
"vendor_ts__rand-0.9.2",
"vendor_ts__rayon-1.10.0",
"vendor_ts__regex-1.11.1",
"vendor_ts__rayon-1.11.0",
"vendor_ts__regex-1.11.2",
"vendor_ts__serde-1.0.219",
"vendor_ts__serde_json-1.0.142",
"vendor_ts__serde_json-1.0.143",
"vendor_ts__serde_with-3.14.0",
"vendor_ts__syn-2.0.104",
"vendor_ts__syn-2.0.106",
"vendor_ts__toml-0.9.5",
"vendor_ts__tracing-0.1.41",
"vendor_ts__tracing-flame-0.2.0",
"vendor_ts__tracing-subscriber-0.3.19",
"vendor_ts__tree-sitter-0.24.6",
"vendor_ts__tracing-subscriber-0.3.20",
"vendor_ts__tree-sitter-0.25.9",
"vendor_ts__tree-sitter-embedded-template-0.23.2",
"vendor_ts__tree-sitter-json-0.24.8",
"vendor_ts__tree-sitter-ql-0.23.1",

4
actions/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 0.4.17
No user-facing changes.
## 0.4.16
No user-facing changes.

3
actions/ql/lib/change-notes/released/0.4.17.md Normal file
View File

@@ -0,0 +1,3 @@
## 0.4.17
No user-facing changes.

2
actions/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.4.16
lastReleaseVersion: 0.4.17

2
actions/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/actions-all
version: 0.4.17-dev
version: 0.4.18-dev
library: true
warnOnImplicitThis: true
dependencies:

6
actions/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,9 @@
## 0.6.9
### Minor Analysis Improvements
* Actions analysis now reports file coverage information on the CodeQL status page.
## 0.6.8
No user-facing changes.

7
actions/ql/src/change-notes/2025-09-05-file-coverage.md → actions/ql/src/change-notes/released/0.6.9.md
View File

@@ -1,4 +1,5 @@
---
category: minorAnalysis
---
## 0.6.9
### Minor Analysis Improvements
* Actions analysis now reports file coverage information on the CodeQL status page.

2
actions/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.6.8
lastReleaseVersion: 0.6.9

2
actions/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/actions-queries
version: 0.6.9-dev
version: 0.6.10-dev
library: false
warnOnImplicitThis: true
groups: [actions, queries]

10
cpp/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,13 @@
## 5.6.0
### Deprecated APIs
* The predicate `getAContructorCall` in the class `SslContextClass` has been deprecated. Use `getAConstructorCall` instead.
### New Features
* Added predicates `getTransitiveNumberOfVlaDimensionStmts`, `getTransitiveVlaDimensionStmt`, and `getParentVlaDecl` to `VlaDeclStmt` for handling `VlaDeclStmt`s whose base type is defined in terms of another `VlaDeclStmt` via a `typedef`.
## 5.5.0
### New Features

4
cpp/ql/lib/change-notes/2025-09-03-rename-api.md
View File

@@ -1,4 +0,0 @@
---
category: deprecated
---
* The predicate `getAContructorCall` in the class `SslContextClass` has been deprecated. Use `getAConstructorCall` instead.

11
cpp/ql/lib/change-notes/2025-09-02-vla.md → cpp/ql/lib/change-notes/released/5.6.0.md
View File

@@ -1,4 +1,9 @@
---
category: feature
---
## 5.6.0
### Deprecated APIs
* The predicate `getAContructorCall` in the class `SslContextClass` has been deprecated. Use `getAConstructorCall` instead.
### New Features
* Added predicates `getTransitiveNumberOfVlaDimensionStmts`, `getTransitiveVlaDimensionStmt`, and `getParentVlaDecl` to `VlaDeclStmt` for handling `VlaDeclStmt`s whose base type is defined in terms of another `VlaDeclStmt` via a `typedef`.

2
cpp/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 5.5.0
lastReleaseVersion: 5.6.0

2
cpp/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/cpp-all
version: 5.5.1-dev
version: 5.6.1-dev
groups: cpp
dbscheme: semmlecode.cpp.dbscheme
extractor: cpp

12
cpp/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,15 @@
## 1.5.0
### Major Analysis Improvements
* The queries `cpp/wrong-type-format-argument`, `cpp/comparison-with-wider-type`, `cpp/integer-multiplication-cast-to-long`, `cpp/implicit-function-declaration` and `cpp/suspicious-add-sizeof` have had their precisions reduced from `high` to `medium`. They will also now give alerts for projects built with `build-mode: none`.
* The queries `cpp/wrong-type-format-argument`, `cpp/comparison-with-wider-type`, `cpp/integer-multiplication-cast-to-long` and `cpp/suspicious-add-sizeof` are no longer included in the `code-scanning` suite.
### Bug Fixes
* The predicate `occurenceCount` in the file module `MagicConstants` has been deprecated. Use `occurrenceCount` instead.
* The predicate `additionalAdditionOrSubstractionCheckForLeapYear` in the file module `LeapYear` has been deprecated. Use `additionalAdditionOrSubtractionCheckForLeapYear` instead.
## 1.4.7
### Bug Fixes

2
cpp/ql/src/Security/CWE/CWE-120/UnboundedWrite.ql
View File

@@ -109,7 +109,7 @@ predicate lessThanOrEqual(IRGuardCondition g, Expr e, boolean branch) {
g.comparesEq(left, _, _, true, branch)
|
interestingLessThanOrEqual(left) and
left.getDef().getUnconvertedResultExpression() = e
left.getDef().getConvertedResultExpression() = e
)
}

5
cpp/ql/src/change-notes/2025-09-03-rename-api.md
View File

@@ -1,5 +0,0 @@
---
category: fix
---
* The predicate `occurenceCount` in the file module `MagicConstants` has been deprecated. Use `occurrenceCount` instead.
* The predicate `additionalAdditionOrSubstractionCheckForLeapYear` in the file module `LeapYear` has been deprecated. Use `additionalAdditionOrSubtractionCheckForLeapYear` instead.

12
cpp/ql/src/change-notes/2025-09-11-queries-demoted.md → cpp/ql/src/change-notes/released/1.5.0.md
View File

@@ -1,5 +1,11 @@
---
category: majorAnalysis
---
## 1.5.0
### Major Analysis Improvements
* The queries `cpp/wrong-type-format-argument`, `cpp/comparison-with-wider-type`, `cpp/integer-multiplication-cast-to-long`, `cpp/implicit-function-declaration` and `cpp/suspicious-add-sizeof` have had their precisions reduced from `high` to `medium`. They will also now give alerts for projects built with `build-mode: none`.
* The queries `cpp/wrong-type-format-argument`, `cpp/comparison-with-wider-type`, `cpp/integer-multiplication-cast-to-long` and `cpp/suspicious-add-sizeof` are no longer included in the `code-scanning` suite.
### Bug Fixes
* The predicate `occurenceCount` in the file module `MagicConstants` has been deprecated. Use `occurrenceCount` instead.
* The predicate `additionalAdditionOrSubstractionCheckForLeapYear` in the file module `LeapYear` has been deprecated. Use `additionalAdditionOrSubtractionCheckForLeapYear` instead.

2
cpp/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.4.7
lastReleaseVersion: 1.5.0

2
cpp/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/cpp-queries
version: 1.4.8-dev
version: 1.5.1-dev
groups:
- cpp
- queries

60
cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-consistency.expected
View File

@@ -50,37 +50,21 @@ argHasPostUpdate
postWithInFlow
| BarrierGuard.cpp:49:6:49:6 | x [post update] | PostUpdateNode should not be the target of local flow. |
| BarrierGuard.cpp:60:7:60:7 | x [post update] | PostUpdateNode should not be the target of local flow. |
| clang.cpp:22:9:22:20 | sourceArray1 [inner post update] | PostUpdateNode should not be the target of local flow. |
| clang.cpp:23:18:23:29 | sourceArray1 [inner post update] | PostUpdateNode should not be the target of local flow. |
| clang.cpp:29:22:29:23 | m1 [post update] | PostUpdateNode should not be the target of local flow. |
| clang.cpp:51:3:51:12 | stackArray [inner post update] | PostUpdateNode should not be the target of local flow. |
| clang.cpp:51:3:51:15 | access to array [post update] | PostUpdateNode should not be the target of local flow. |
| dispatch.cpp:60:3:60:14 | globalBottom [post update] | PostUpdateNode should not be the target of local flow. |
| dispatch.cpp:61:3:61:14 | globalMiddle [post update] | PostUpdateNode should not be the target of local flow. |
| dispatch.cpp:78:24:78:37 | call to allocateBottom [inner post update] | PostUpdateNode should not be the target of local flow. |
| dispatch.cpp:148:5:148:5 | f [post update] | PostUpdateNode should not be the target of local flow. |
| dispatch.cpp:168:8:168:8 | f [post update] | PostUpdateNode should not be the target of local flow. |
| example.c:24:9:24:9 | x [post update] | PostUpdateNode should not be the target of local flow. |
| example.c:24:20:24:20 | y [post update] | PostUpdateNode should not be the target of local flow. |
| example.c:26:9:26:9 | x [post update] | PostUpdateNode should not be the target of local flow. |
| example.c:26:19:26:24 | coords [inner post update] | PostUpdateNode should not be the target of local flow. |
| example.c:28:23:28:25 | pos [inner post update] | PostUpdateNode should not be the target of local flow. |
| flowOut.cpp:5:5:5:12 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| flowOut.cpp:5:6:5:12 | toTaint [inner post update] | PostUpdateNode should not be the target of local flow. |
| flowOut.cpp:8:5:8:12 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| flowOut.cpp:8:6:8:12 | toTaint [inner post update] | PostUpdateNode should not be the target of local flow. |
| flowOut.cpp:18:17:18:17 | x [inner post update] | PostUpdateNode should not be the target of local flow. |
| flowOut.cpp:30:12:30:12 | x [inner post update] | PostUpdateNode should not be the target of local flow. |
| flowOut.cpp:37:5:37:6 | p2 [inner post update] | PostUpdateNode should not be the target of local flow. |
| flowOut.cpp:37:5:37:9 | access to array [post update] | PostUpdateNode should not be the target of local flow. |
| flowOut.cpp:84:3:84:7 | call to deref [inner post update] | PostUpdateNode should not be the target of local flow. |
| flowOut.cpp:84:3:84:14 | access to array [post update] | PostUpdateNode should not be the target of local flow. |
| flowOut.cpp:84:10:84:10 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
| flowOut.cpp:90:3:90:4 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| flowOut.cpp:90:4:90:4 | q [inner post update] | PostUpdateNode should not be the target of local flow. |
| flowOut.cpp:101:14:101:14 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
| flowOut.cpp:168:3:168:10 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| flowOut.cpp:168:4:168:10 | toTaint [inner post update] | PostUpdateNode should not be the target of local flow. |
| globals.cpp:13:5:13:19 | flowTestGlobal1 [post update] | PostUpdateNode should not be the target of local flow. |
| globals.cpp:23:5:23:19 | flowTestGlobal2 [post update] | PostUpdateNode should not be the target of local flow. |
| lambdas.cpp:23:3:23:14 | v [post update] | PostUpdateNode should not be the target of local flow. |
@@ -106,57 +90,30 @@ postWithInFlow
| ref.cpp:109:9:109:11 | val [post update] | PostUpdateNode should not be the target of local flow. |
| ref.cpp:113:11:113:13 | val [post update] | PostUpdateNode should not be the target of local flow. |
| ref.cpp:115:11:115:13 | val [post update] | PostUpdateNode should not be the target of local flow. |
| self_parameter_flow.cpp:3:4:3:5 | ps [inner post update] | PostUpdateNode should not be the target of local flow. |
| self_parameter_flow.cpp:8:9:8:9 | s [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:91:3:91:9 | source1 [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:115:3:115:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:115:4:115:6 | out [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:120:3:120:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:120:4:120:6 | out [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:125:3:125:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:125:4:125:6 | out [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:333:5:333:13 | globalVar [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:347:5:347:13 | globalVar [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:359:5:359:9 | field [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:373:5:373:9 | field [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:384:10:384:13 | ref arg & ... | PostUpdateNode should not be the target of local flow. |
| test.cpp:384:11:384:13 | tmp [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:391:10:391:13 | ref arg & ... | PostUpdateNode should not be the target of local flow. |
| test.cpp:391:11:391:13 | tmp [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:400:10:400:13 | ref arg & ... | PostUpdateNode should not be the target of local flow. |
| test.cpp:400:11:400:13 | tmp [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:407:10:407:13 | ref arg & ... | PostUpdateNode should not be the target of local flow. |
| test.cpp:407:11:407:13 | tmp [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:423:21:423:25 | local [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:441:19:441:23 | local [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:472:3:472:4 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:472:4:472:4 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:477:22:477:22 | x [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:506:3:506:4 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:506:4:506:4 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:512:35:512:35 | x [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:519:3:519:12 | stackArray [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:519:3:519:15 | access to array [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:520:3:520:12 | stackArray [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:520:3:520:15 | access to array [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:526:3:526:4 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:526:4:526:4 | e [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:531:40:531:40 | e [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:537:5:537:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:537:6:537:6 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:542:5:542:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:542:6:542:6 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:548:25:548:25 | x [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:552:25:552:25 | y [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:562:5:562:13 | globalInt [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:576:5:576:13 | globalInt [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:589:19:589:19 | x [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:596:3:596:4 | xs [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:596:3:596:7 | access to array [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:602:3:602:3 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:602:3:602:7 | access to array [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:608:3:608:4 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:608:4:608:4 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:639:3:639:3 | x [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:646:3:646:3 | x [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:652:3:652:3 | x [post update] | PostUpdateNode should not be the target of local flow. |
@@ -167,40 +124,23 @@ postWithInFlow
| test.cpp:681:3:681:3 | s [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:689:3:689:3 | s [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:690:3:690:3 | s [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:694:4:694:6 | buf [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:704:23:704:25 | buf [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:715:25:715:25 | c [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:728:3:728:4 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:728:4:728:4 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:734:41:734:41 | x [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:808:5:808:21 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:808:6:808:21 | global_indirect1 [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:832:5:832:17 | global_direct [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:931:5:931:18 | global_pointer [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:932:5:932:19 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:932:6:932:19 | global_pointer [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:1045:9:1045:11 | ref arg buf | PostUpdateNode should not be the target of local flow. |
| test.cpp:1066:5:1066:5 | i [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:1069:5:1069:5 | i [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:1087:5:1087:11 | content [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:1088:9:1088:9 | a [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:1092:5:1092:7 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:1092:6:1092:7 | pp [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:1098:53:1098:53 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:1108:3:1108:4 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:1108:4:1108:4 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:1109:3:1109:4 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:1109:4:1109:4 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:1138:3:1138:13 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:1138:5:1138:8 | data [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:1139:3:1139:7 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:1139:4:1139:7 | data [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:1153:5:1153:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:1153:6:1153:6 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:1165:5:1165:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:1165:6:1165:6 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:1195:5:1195:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:1195:6:1195:6 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
viableImplInCallContextTooLarge
uniqueParameterNodeAtPosition
uniqueParameterNodePosition

55
cpp/ql/test/library-tests/dataflow/fields/dataflow-consistency.expected
View File

@@ -48,8 +48,6 @@ argHasPostUpdate
postWithInFlow
| A.cpp:25:13:25:13 | c [post update] | PostUpdateNode should not be the target of local flow. |
| A.cpp:27:28:27:28 | c [post update] | PostUpdateNode should not be the target of local flow. |
| A.cpp:42:11:42:12 | cc [inner post update] | PostUpdateNode should not be the target of local flow. |
| A.cpp:43:11:43:12 | ct [inner post update] | PostUpdateNode should not be the target of local flow. |
| A.cpp:100:9:100:9 | a [post update] | PostUpdateNode should not be the target of local flow. |
| A.cpp:142:10:142:10 | c [post update] | PostUpdateNode should not be the target of local flow. |
| A.cpp:143:13:143:13 | b [post update] | PostUpdateNode should not be the target of local flow. |
@@ -67,11 +65,9 @@ postWithInFlow
| D.cpp:44:19:44:22 | elem [post update] | PostUpdateNode should not be the target of local flow. |
| D.cpp:57:5:57:12 | boxfield [post update] | PostUpdateNode should not be the target of local flow. |
| D.cpp:58:20:58:23 | elem [post update] | PostUpdateNode should not be the target of local flow. |
| E.cpp:33:19:33:19 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
| aliasing.cpp:9:6:9:7 | m1 [post update] | PostUpdateNode should not be the target of local flow. |
| aliasing.cpp:13:5:13:6 | m1 [post update] | PostUpdateNode should not be the target of local flow. |
| aliasing.cpp:17:5:17:6 | m1 [post update] | PostUpdateNode should not be the target of local flow. |
| aliasing.cpp:25:18:25:19 | s1 [inner post update] | PostUpdateNode should not be the target of local flow. |
| aliasing.cpp:37:8:37:9 | m1 [post update] | PostUpdateNode should not be the target of local flow. |
| aliasing.cpp:42:6:42:7 | m1 [post update] | PostUpdateNode should not be the target of local flow. |
| aliasing.cpp:49:9:49:10 | m1 [post update] | PostUpdateNode should not be the target of local flow. |
@@ -83,70 +79,31 @@ postWithInFlow
| aliasing.cpp:92:7:92:8 | m1 [post update] | PostUpdateNode should not be the target of local flow. |
| aliasing.cpp:98:5:98:6 | m1 [post update] | PostUpdateNode should not be the target of local flow. |
| aliasing.cpp:106:3:106:5 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| aliasing.cpp:106:4:106:5 | pa [inner post update] | PostUpdateNode should not be the target of local flow. |
| aliasing.cpp:111:18:111:19 | m1 [inner post update] | PostUpdateNode should not be the target of local flow. |
| aliasing.cpp:126:15:126:16 | xs [inner post update] | PostUpdateNode should not be the target of local flow. |
| aliasing.cpp:136:16:136:17 | xs [inner post update] | PostUpdateNode should not be the target of local flow. |
| aliasing.cpp:147:16:147:16 | s [inner post update] | PostUpdateNode should not be the target of local flow. |
| aliasing.cpp:147:21:147:22 | m1 [inner post update] | PostUpdateNode should not be the target of local flow. |
| aliasing.cpp:175:21:175:22 | m1 [inner post update] | PostUpdateNode should not be the target of local flow. |
| aliasing.cpp:181:21:181:22 | m1 [inner post update] | PostUpdateNode should not be the target of local flow. |
| aliasing.cpp:187:21:187:22 | m1 [inner post update] | PostUpdateNode should not be the target of local flow. |
| aliasing.cpp:194:21:194:22 | m1 [inner post update] | PostUpdateNode should not be the target of local flow. |
| aliasing.cpp:200:23:200:24 | m1 [inner post update] | PostUpdateNode should not be the target of local flow. |
| aliasing.cpp:205:23:205:24 | m1 [inner post update] | PostUpdateNode should not be the target of local flow. |
| aliasing.cpp:215:14:215:15 | m1 [post update] | PostUpdateNode should not be the target of local flow. |
| aliasing.cpp:223:17:223:18 | m1 [post update] | PostUpdateNode should not be the target of local flow. |
| aliasing.cpp:234:19:234:20 | m1 [post update] | PostUpdateNode should not be the target of local flow. |
| aliasing.cpp:242:22:242:23 | m1 [post update] | PostUpdateNode should not be the target of local flow. |
| aliasing.cpp:252:5:252:31 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| aliasing.cpp:252:28:252:31 | data [inner post update] | PostUpdateNode should not be the target of local flow. |
| aliasing.cpp:262:5:262:29 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| aliasing.cpp:262:26:262:29 | data [inner post update] | PostUpdateNode should not be the target of local flow. |
| arrays.cpp:6:3:6:5 | arr [inner post update] | PostUpdateNode should not be the target of local flow. |
| arrays.cpp:6:3:6:8 | access to array [post update] | PostUpdateNode should not be the target of local flow. |
| arrays.cpp:15:3:15:10 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| arrays.cpp:15:5:15:7 | arr [inner post update] | PostUpdateNode should not be the target of local flow. |
| arrays.cpp:36:12:36:14 | arr [inner post update] | PostUpdateNode should not be the target of local flow. |
| arrays.cpp:36:19:36:22 | data [post update] | PostUpdateNode should not be the target of local flow. |
| arrays.cpp:37:17:37:19 | arr [inner post update] | PostUpdateNode should not be the target of local flow. |
| arrays.cpp:38:17:38:19 | arr [inner post update] | PostUpdateNode should not be the target of local flow. |
| arrays.cpp:42:15:42:17 | arr [inner post update] | PostUpdateNode should not be the target of local flow. |
| arrays.cpp:42:22:42:25 | data [post update] | PostUpdateNode should not be the target of local flow. |
| arrays.cpp:43:20:43:22 | arr [inner post update] | PostUpdateNode should not be the target of local flow. |
| arrays.cpp:44:20:44:22 | arr [inner post update] | PostUpdateNode should not be the target of local flow. |
| arrays.cpp:48:15:48:17 | ptr [inner post update] | PostUpdateNode should not be the target of local flow. |
| arrays.cpp:48:22:48:25 | data [post update] | PostUpdateNode should not be the target of local flow. |
| arrays.cpp:49:20:49:22 | ptr [inner post update] | PostUpdateNode should not be the target of local flow. |
| arrays.cpp:50:20:50:22 | ptr [inner post update] | PostUpdateNode should not be the target of local flow. |
| by_reference.cpp:12:8:12:8 | a [post update] | PostUpdateNode should not be the target of local flow. |
| by_reference.cpp:16:11:16:11 | a [post update] | PostUpdateNode should not be the target of local flow. |
| by_reference.cpp:68:18:68:18 | s [inner post update] | PostUpdateNode should not be the target of local flow. |
| by_reference.cpp:84:10:84:10 | a [post update] | PostUpdateNode should not be the target of local flow. |
| by_reference.cpp:88:9:88:9 | a [post update] | PostUpdateNode should not be the target of local flow. |
| by_reference.cpp:92:3:92:5 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| by_reference.cpp:92:4:92:5 | pa [inner post update] | PostUpdateNode should not be the target of local flow. |
| by_reference.cpp:96:3:96:4 | pa [post update] | PostUpdateNode should not be the target of local flow. |
| by_reference.cpp:102:28:102:39 | inner_nested [inner post update] | PostUpdateNode should not be the target of local flow. |
| by_reference.cpp:104:22:104:22 | a [inner post update] | PostUpdateNode should not be the target of local flow. |
| by_reference.cpp:106:30:106:41 | inner_nested [inner post update] | PostUpdateNode should not be the target of local flow. |
| by_reference.cpp:108:24:108:24 | a [inner post update] | PostUpdateNode should not be the target of local flow. |
| by_reference.cpp:123:28:123:36 | inner_ptr [inner post update] | PostUpdateNode should not be the target of local flow. |
| by_reference.cpp:127:30:127:38 | inner_ptr [inner post update] | PostUpdateNode should not be the target of local flow. |
| clearning.cpp:19:3:19:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| clearning.cpp:19:6:19:6 | x [inner post update] | PostUpdateNode should not be the target of local flow. |
| clearning.cpp:32:3:32:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| clearning.cpp:32:6:32:6 | x [inner post update] | PostUpdateNode should not be the target of local flow. |
| clearning.cpp:39:3:39:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| clearning.cpp:39:6:39:6 | x [inner post update] | PostUpdateNode should not be the target of local flow. |
| clearning.cpp:40:5:40:5 | x [post update] | PostUpdateNode should not be the target of local flow. |
| clearning.cpp:47:5:47:5 | x [post update] | PostUpdateNode should not be the target of local flow. |
| clearning.cpp:53:3:53:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| clearning.cpp:53:6:53:6 | x [inner post update] | PostUpdateNode should not be the target of local flow. |
| clearning.cpp:75:2:75:10 | access to array [post update] | PostUpdateNode should not be the target of local flow. |
| clearning.cpp:75:4:75:6 | val [inner post update] | PostUpdateNode should not be the target of local flow. |
| clearning.cpp:82:2:82:9 | access to array [post update] | PostUpdateNode should not be the target of local flow. |
| clearning.cpp:82:4:82:6 | val [inner post update] | PostUpdateNode should not be the target of local flow. |
| clearning.cpp:83:7:83:9 | val [post update] | PostUpdateNode should not be the target of local flow. |
| clearning.cpp:97:4:97:6 | val [post update] | PostUpdateNode should not be the target of local flow. |
| clearning.cpp:124:4:124:6 | val [post update] | PostUpdateNode should not be the target of local flow. |
@@ -162,7 +119,6 @@ postWithInFlow
| complex.cpp:11:22:11:23 | a_ [post update] | PostUpdateNode should not be the target of local flow. |
| complex.cpp:12:22:12:23 | b_ [post update] | PostUpdateNode should not be the target of local flow. |
| conflated.cpp:10:3:10:7 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| conflated.cpp:10:7:10:7 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
| conflated.cpp:29:7:29:7 | x [post update] | PostUpdateNode should not be the target of local flow. |
| conflated.cpp:36:7:36:7 | x [post update] | PostUpdateNode should not be the target of local flow. |
| conflated.cpp:53:7:53:10 | next [post update] | PostUpdateNode should not be the target of local flow. |
@@ -174,19 +130,11 @@ postWithInFlow
| qualifiers.cpp:12:56:12:56 | a [post update] | PostUpdateNode should not be the target of local flow. |
| qualifiers.cpp:13:57:13:57 | a [post update] | PostUpdateNode should not be the target of local flow. |
| qualifiers.cpp:22:23:22:23 | a [post update] | PostUpdateNode should not be the target of local flow. |
| qualifiers.cpp:37:26:37:33 | call to getInner [inner post update] | PostUpdateNode should not be the target of local flow. |
| qualifiers.cpp:42:13:42:20 | call to getInner [inner post update] | PostUpdateNode should not be the target of local flow. |
| qualifiers.cpp:42:25:42:25 | a [post update] | PostUpdateNode should not be the target of local flow. |
| qualifiers.cpp:47:7:47:11 | outer [inner post update] | PostUpdateNode should not be the target of local flow. |
| qualifiers.cpp:47:27:47:27 | a [post update] | PostUpdateNode should not be the target of local flow. |
| realistic.cpp:49:13:49:15 | bar [inner post update] | PostUpdateNode should not be the target of local flow. |
| realistic.cpp:49:20:49:22 | baz [post update] | PostUpdateNode should not be the target of local flow. |
| realistic.cpp:53:13:53:15 | bar [inner post update] | PostUpdateNode should not be the target of local flow. |
| realistic.cpp:53:35:53:43 | bufferLen [post update] | PostUpdateNode should not be the target of local flow. |
| realistic.cpp:54:20:54:22 | bar [inner post update] | PostUpdateNode should not be the target of local flow. |
| realistic.cpp:60:16:60:18 | ref arg dst | PostUpdateNode should not be the target of local flow. |
| realistic.cpp:61:25:61:27 | bar [inner post update] | PostUpdateNode should not be the target of local flow. |
| realistic.cpp:65:25:65:27 | bar [inner post update] | PostUpdateNode should not be the target of local flow. |
| simple.cpp:20:24:20:25 | a_ [post update] | PostUpdateNode should not be the target of local flow. |
| simple.cpp:21:24:21:25 | b_ [post update] | PostUpdateNode should not be the target of local flow. |
| simple.cpp:65:7:65:7 | i [post update] | PostUpdateNode should not be the target of local flow. |
@@ -194,9 +142,6 @@ postWithInFlow
| simple.cpp:92:7:92:7 | i [post update] | PostUpdateNode should not be the target of local flow. |
| simple.cpp:118:7:118:7 | i [post update] | PostUpdateNode should not be the target of local flow. |
| simple.cpp:124:5:124:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| simple.cpp:124:6:124:6 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
| struct_init.c:24:11:24:12 | ab [inner post update] | PostUpdateNode should not be the target of local flow. |
| struct_init.c:36:17:36:24 | nestedAB [inner post update] | PostUpdateNode should not be the target of local flow. |
viableImplInCallContextTooLarge
uniqueParameterNodeAtPosition
uniqueParameterNodePosition

1
cpp/ql/test/library-tests/dataflow/models-as-data/consistency.expected
View File

@@ -18,7 +18,6 @@ postIsInSameCallable
reverseRead
argHasPostUpdate
postWithInFlow
| tests.cpp:436:6:436:25 | [summary] to write: Argument[1] in madCallArg0WithValue | PostUpdateNode should not be the target of local flow. |
viableImplInCallContextTooLarge
uniqueParameterNodeAtPosition
uniqueParameterNodePosition

22
cpp/ql/test/library-tests/syntax-zoo/dataflow-consistency.expected
View File

@@ -48,21 +48,10 @@ argHasPostUpdate
| ir.cpp:623:5:623:5 | r | ArgumentNode is missing PostUpdateNode. |
| ir.cpp:625:5:625:5 | s | ArgumentNode is missing PostUpdateNode. |
postWithInFlow
| VacuousDestructorCall.cpp:10:22:10:22 | i [inner post update] | PostUpdateNode should not be the target of local flow. |
| allocators.cpp:4:18:4:20 | m_x [post update] | PostUpdateNode should not be the target of local flow. |
| allocators.cpp:4:24:4:26 | m_y [post update] | PostUpdateNode should not be the target of local flow. |
| assignexpr.cpp:11:4:11:4 | i [post update] | PostUpdateNode should not be the target of local flow. |
| builtin.c:34:23:34:31 | staticint [inner post update] | PostUpdateNode should not be the target of local flow. |
| builtin.c:39:37:39:45 | carry_out [inner post update] | PostUpdateNode should not be the target of local flow. |
| builtin.c:43:41:43:49 | staticint [inner post update] | PostUpdateNode should not be the target of local flow. |
| builtin.c:51:30:51:38 | staticint [inner post update] | PostUpdateNode should not be the target of local flow. |
| builtin.c:54:29:54:38 | atomic_int [inner post update] | PostUpdateNode should not be the target of local flow. |
| condition_decls.cpp:3:5:3:9 | m_ptr [post update] | PostUpdateNode should not be the target of local flow. |
| condition_decls.cpp:17:11:17:15 | m_ptr [inner post update] | PostUpdateNode should not be the target of local flow. |
| condition_decls.cpp:20:11:20:15 | m_ptr [inner post update] | PostUpdateNode should not be the target of local flow. |
| condition_decls.cpp:28:11:28:15 | m_ptr [inner post update] | PostUpdateNode should not be the target of local flow. |
| condition_decls.cpp:31:11:31:15 | m_ptr [inner post update] | PostUpdateNode should not be the target of local flow. |
| condition_decls.cpp:34:9:34:13 | m_ptr [inner post update] | PostUpdateNode should not be the target of local flow. |
| conditional_destructors.cpp:6:13:6:15 | val [post update] | PostUpdateNode should not be the target of local flow. |
| conditional_destructors.cpp:18:13:18:15 | val [post update] | PostUpdateNode should not be the target of local flow. |
| cpp11.cpp:7:7:7:8 | el [post update] | PostUpdateNode should not be the target of local flow. |
@@ -70,26 +59,16 @@ postWithInFlow
| cpp11.cpp:82:11:82:14 | call to Val | PostUpdateNode should not be the target of local flow. |
| cpp11.cpp:82:45:82:48 | call to Val | PostUpdateNode should not be the target of local flow. |
| cpp11.cpp:82:51:82:51 | call to Val | PostUpdateNode should not be the target of local flow. |
| ir.cpp:177:5:177:5 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
| ir.cpp:177:5:177:8 | access to array [post update] | PostUpdateNode should not be the target of local flow. |
| ir.cpp:178:5:178:8 | access to array [post update] | PostUpdateNode should not be the target of local flow. |
| ir.cpp:178:7:178:7 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
| ir.cpp:183:5:183:5 | a [inner post update] | PostUpdateNode should not be the target of local flow. |
| ir.cpp:183:5:183:8 | access to array [post update] | PostUpdateNode should not be the target of local flow. |
| ir.cpp:184:5:184:8 | access to array [post update] | PostUpdateNode should not be the target of local flow. |
| ir.cpp:184:7:184:7 | a [inner post update] | PostUpdateNode should not be the target of local flow. |
| ir.cpp:342:5:342:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| ir.cpp:342:6:342:6 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
| ir.cpp:428:8:428:8 | x [post update] | PostUpdateNode should not be the target of local flow. |
| ir.cpp:429:8:429:8 | y [post update] | PostUpdateNode should not be the target of local flow. |
| ir.cpp:644:15:644:17 | m_a [post update] | PostUpdateNode should not be the target of local flow. |
| ir.cpp:645:11:645:14 | this [inner post update] | PostUpdateNode should not be the target of local flow. |
| ir.cpp:645:17:645:19 | m_a [post update] | PostUpdateNode should not be the target of local flow. |
| ir.cpp:646:9:646:11 | m_a [post update] | PostUpdateNode should not be the target of local flow. |
| ir.cpp:655:11:655:14 | this [inner post update] | PostUpdateNode should not be the target of local flow. |
| ir.cpp:747:8:747:8 | base_s [inner post update] | PostUpdateNode should not be the target of local flow. |
| ir.cpp:756:8:756:8 | middle_s [inner post update] | PostUpdateNode should not be the target of local flow. |
| ir.cpp:765:8:765:8 | derived_s [inner post update] | PostUpdateNode should not be the target of local flow. |
| ir.cpp:811:7:811:13 | call to Base | PostUpdateNode should not be the target of local flow. |
| ir.cpp:812:7:812:26 | call to Base | PostUpdateNode should not be the target of local flow. |
| ir.cpp:825:7:825:13 | call to Base | PostUpdateNode should not be the target of local flow. |
@@ -97,7 +76,6 @@ postWithInFlow
| misc.c:130:7:130:7 | i [post update] | PostUpdateNode should not be the target of local flow. |
| misc.c:131:9:131:9 | i [post update] | PostUpdateNode should not be the target of local flow. |
| misc.c:220:3:220:5 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| misc.c:220:4:220:5 | sp [inner post update] | PostUpdateNode should not be the target of local flow. |
| static_init_templates.cpp:3:2:3:4 | ref [post update] | PostUpdateNode should not be the target of local flow. |
| static_init_templates.cpp:21:2:21:4 | val [post update] | PostUpdateNode should not be the target of local flow. |
| try_catch.cpp:7:8:7:8 | call to exception | PostUpdateNode should not be the target of local flow. |

4
csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 1.7.48
No user-facing changes.
## 1.7.47
No user-facing changes.

3
csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.48.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.7.48
No user-facing changes.

2
csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.7.47
lastReleaseVersion: 1.7.48

2
csharp/ql/campaigns/Solorigate/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-solorigate-all
version: 1.7.48-dev
version: 1.7.49-dev
groups:
- csharp
- solorigate

4
csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 1.7.48
No user-facing changes.
## 1.7.47
No user-facing changes.

3
csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.48.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.7.48
No user-facing changes.

2
csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.7.47
lastReleaseVersion: 1.7.48

2
csharp/ql/campaigns/Solorigate/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-solorigate-queries
version: 1.7.48-dev
version: 1.7.49-dev
groups:
- csharp
- solorigate

39
csharp/ql/integration-tests/posix/query-suite/csharp-code-quality-extended.qls.expected
View File

@@ -1,20 +1,39 @@
ql/csharp/ql/src/API Abuse/CallToGCCollect.ql
ql/csharp/ql/src/API Abuse/CallToObsoleteMethod.ql
ql/csharp/ql/src/API Abuse/ClassDoesNotImplementEquals.ql
ql/csharp/ql/src/API Abuse/ClassImplementsICloneable.ql
ql/csharp/ql/src/API Abuse/DisposeNotCalledOnException.ql
ql/csharp/ql/src/API Abuse/FormatInvalid.ql
ql/csharp/ql/src/API Abuse/InconsistentEqualsGetHashCode.ql
ql/csharp/ql/src/API Abuse/IncorrectCompareToSignature.ql
ql/csharp/ql/src/API Abuse/IncorrectEqualsSignature.ql
ql/csharp/ql/src/API Abuse/NoDisposeCallOnLocalIDisposable.ql
ql/csharp/ql/src/API Abuse/NonOverridingMethod.ql
ql/csharp/ql/src/API Abuse/NullArgumentToEquals.ql
ql/csharp/ql/src/ASP/BlockCodeResponseWrite.ql
ql/csharp/ql/src/ASP/SplitControlStructure.ql
ql/csharp/ql/src/Bad Practices/CallsUnmanagedCode.ql
ql/csharp/ql/src/Bad Practices/CatchOfNullReferenceException.ql
ql/csharp/ql/src/Bad Practices/Comments/CommentedOutCode.ql
ql/csharp/ql/src/Bad Practices/Comments/TodoComments.ql
ql/csharp/ql/src/Bad Practices/Control-Flow/ConstantCondition.ql
ql/csharp/ql/src/Bad Practices/Declarations/LocalScopeVariableShadowsMember.ql
ql/csharp/ql/src/Bad Practices/Declarations/NoConstantsOnly.ql
ql/csharp/ql/src/Bad Practices/EmptyCatchBlock.ql
ql/csharp/ql/src/Bad Practices/ErroneousClassCompare.ql
ql/csharp/ql/src/Bad Practices/Implementation Hiding/AbstractToConcreteCollection.ql
ql/csharp/ql/src/Bad Practices/Implementation Hiding/ExposeRepresentation.ql
ql/csharp/ql/src/Bad Practices/Implementation Hiding/StaticArray.ql
ql/csharp/ql/src/Bad Practices/Naming Conventions/ConfusingMethodNames.ql
ql/csharp/ql/src/Bad Practices/Naming Conventions/ConfusingOverridesNames.ql
ql/csharp/ql/src/Bad Practices/Naming Conventions/ControlNamePrefixes.ql
ql/csharp/ql/src/Bad Practices/Naming Conventions/DefaultControlNames.ql
ql/csharp/ql/src/Bad Practices/Naming Conventions/FieldMasksSuperField.ql
ql/csharp/ql/src/Bad Practices/Naming Conventions/SameNameAsSuper.ql
ql/csharp/ql/src/Bad Practices/PathCombine.ql
ql/csharp/ql/src/Bad Practices/UnmanagedCodeCheck.ql
ql/csharp/ql/src/Bad Practices/UseOfSystemOutputStream.ql
ql/csharp/ql/src/Bad Practices/VirtualCallInConstructorOrDestructor.ql
ql/csharp/ql/src/CSI/CompareIdenticalValues.ql
ql/csharp/ql/src/CSI/NullAlways.ql
ql/csharp/ql/src/CSI/NullMaybe.ql
@@ -22,8 +41,10 @@ ql/csharp/ql/src/Concurrency/FutileSyncOnField.ql
ql/csharp/ql/src/Concurrency/LockOrder.ql
ql/csharp/ql/src/Concurrency/LockThis.ql
ql/csharp/ql/src/Concurrency/LockedWait.ql
ql/csharp/ql/src/Concurrency/SynchSetUnsynchGet.ql
ql/csharp/ql/src/Concurrency/UnsafeLazyInitialization.ql
ql/csharp/ql/src/Concurrency/UnsynchronizedStaticAccess.ql
ql/csharp/ql/src/Dead Code/DeadStoreOfLocal.ql
ql/csharp/ql/src/Documentation/XmldocMissingSummary.ql
ql/csharp/ql/src/Language Abuse/CastThisToTypeParameter.ql
ql/csharp/ql/src/Language Abuse/CatchOfGenericException.ql
ql/csharp/ql/src/Language Abuse/DubiousDowncastOfThis.ql
@@ -35,27 +56,42 @@ ql/csharp/ql/src/Language Abuse/NestedIf.ql
ql/csharp/ql/src/Language Abuse/RethrowException.ql
ql/csharp/ql/src/Language Abuse/SimplifyBoolExpr.ql
ql/csharp/ql/src/Language Abuse/UnusedPropertyValue.ql
ql/csharp/ql/src/Language Abuse/UselessCastToSelf.ql
ql/csharp/ql/src/Language Abuse/UselessIsBeforeAs.ql
ql/csharp/ql/src/Language Abuse/UselessNullCoalescingExpression.ql
ql/csharp/ql/src/Language Abuse/UselessTypeTest.ql
ql/csharp/ql/src/Language Abuse/UselessUpcast.ql
ql/csharp/ql/src/Likely Bugs/Collections/ContainerLengthCmpOffByOne.ql
ql/csharp/ql/src/Likely Bugs/Collections/ContainerSizeCmpZero.ql
ql/csharp/ql/src/Likely Bugs/Collections/ReadOnlyContainer.ql
ql/csharp/ql/src/Likely Bugs/Collections/WriteOnlyContainer.ql
ql/csharp/ql/src/Likely Bugs/ConstantComparison.ql
ql/csharp/ql/src/Likely Bugs/DangerousNonShortCircuitLogic.ql
ql/csharp/ql/src/Likely Bugs/Dynamic/BadDynamicCall.ql
ql/csharp/ql/src/Likely Bugs/EqualityCheckOnFloats.ql
ql/csharp/ql/src/Likely Bugs/EqualsArray.ql
ql/csharp/ql/src/Likely Bugs/EqualsUsesAs.ql
ql/csharp/ql/src/Likely Bugs/EqualsUsesIs.ql
ql/csharp/ql/src/Likely Bugs/HashedButNoHash.ql
ql/csharp/ql/src/Likely Bugs/ImpossibleArrayCast.ql
ql/csharp/ql/src/Likely Bugs/IncomparableEquals.ql
ql/csharp/ql/src/Likely Bugs/InconsistentCompareTo.ql
ql/csharp/ql/src/Likely Bugs/LeapYear/UnsafeYearConstruction.ql
ql/csharp/ql/src/Likely Bugs/MishandlingJapaneseEra.ql
ql/csharp/ql/src/Likely Bugs/NestedLoopsSameVariable.ql
ql/csharp/ql/src/Likely Bugs/ObjectComparison.ql
ql/csharp/ql/src/Likely Bugs/PossibleLossOfPrecision.ql
ql/csharp/ql/src/Likely Bugs/RecursiveEquals.ql
ql/csharp/ql/src/Likely Bugs/RecursiveOperatorEquals.ql
ql/csharp/ql/src/Likely Bugs/ReferenceEqualsOnValueTypes.ql
ql/csharp/ql/src/Likely Bugs/SelfAssignment.ql
ql/csharp/ql/src/Likely Bugs/Statements/EmptyBlock.ql
ql/csharp/ql/src/Likely Bugs/Statements/EmptyLockStatement.ql
ql/csharp/ql/src/Likely Bugs/Statements/UseBraces.ql
ql/csharp/ql/src/Likely Bugs/StaticFieldWrittenByInstance.ql
ql/csharp/ql/src/Likely Bugs/StringBuilderCharInit.ql
ql/csharp/ql/src/Likely Bugs/UncheckedCastInEquals.ql
ql/csharp/ql/src/Linq/BadMultipleIteration.ql
ql/csharp/ql/src/Linq/MissedAllOpportunity.ql
ql/csharp/ql/src/Linq/MissedCastOpportunity.ql
ql/csharp/ql/src/Linq/MissedOfTypeOpportunity.ql
@@ -68,5 +104,6 @@ ql/csharp/ql/src/Performance/UseTryGetValue.ql
ql/csharp/ql/src/Useless code/DefaultToString.ql
ql/csharp/ql/src/Useless code/FutileConditional.ql
ql/csharp/ql/src/Useless code/IntGetHashCode.ql
ql/csharp/ql/src/Useless code/PointlessForwardingMethod.ql
ql/csharp/ql/src/Useless code/RedundantToStringCall.ql
ql/csharp/ql/src/Useless code/UnusedLabel.ql

1
csharp/ql/integration-tests/posix/query-suite/csharp-code-quality.qls.expected
View File

@@ -23,7 +23,6 @@ ql/csharp/ql/src/Concurrency/LockOrder.ql
ql/csharp/ql/src/Concurrency/LockThis.ql
ql/csharp/ql/src/Concurrency/LockedWait.ql
ql/csharp/ql/src/Dead Code/DeadStoreOfLocal.ql
ql/csharp/ql/src/Documentation/XmldocMissingSummary.ql
ql/csharp/ql/src/Language Abuse/CastThisToTypeParameter.ql
ql/csharp/ql/src/Language Abuse/CatchOfGenericException.ql
ql/csharp/ql/src/Language Abuse/DubiousDowncastOfThis.ql

13
csharp/ql/integration-tests/posix/query-suite/not_included_in_qls.expected
View File

@@ -1,31 +1,20 @@
ql/csharp/ql/src/API Abuse/MissingDisposeCall.ql
ql/csharp/ql/src/API Abuse/MissingDisposeMethod.ql
ql/csharp/ql/src/API Abuse/NonOverridingMethod.ql
ql/csharp/ql/src/API Abuse/UncheckedReturnValue.ql
ql/csharp/ql/src/ASP/ComplexInlineCode.ql
ql/csharp/ql/src/ASP/NonInternationalizedText.ql
ql/csharp/ql/src/ASP/SplitControlStructure.ql
ql/csharp/ql/src/AlertSuppression.ql
ql/csharp/ql/src/Architecture/Dependencies/MutualDependency.ql
ql/csharp/ql/src/Architecture/Refactoring Opportunities/FeatureEnvy.ql
ql/csharp/ql/src/Bad Practices/Comments/CommentedOutCode.ql
ql/csharp/ql/src/Bad Practices/Comments/TodoComments.ql
ql/csharp/ql/src/Bad Practices/Declarations/EmptyInterface.ql
ql/csharp/ql/src/Bad Practices/Declarations/NoConstantsOnly.ql
ql/csharp/ql/src/Bad Practices/Implementation Hiding/StaticArray.ql
ql/csharp/ql/src/Bad Practices/LeftoverDebugCode.ql
ql/csharp/ql/src/Bad Practices/Magic Constants/MagicConstantsNumbers.ql
ql/csharp/ql/src/Bad Practices/Magic Constants/MagicConstantsString.ql
ql/csharp/ql/src/Bad Practices/Magic Constants/MagicNumbersUseConstant.ql
ql/csharp/ql/src/Bad Practices/Magic Constants/MagicStringsUseConstant.ql
ql/csharp/ql/src/Bad Practices/Naming Conventions/ConfusingMethodNames.ql
ql/csharp/ql/src/Bad Practices/Naming Conventions/ConfusingOverridesNames.ql
ql/csharp/ql/src/Bad Practices/Naming Conventions/ConstantNaming.ql
ql/csharp/ql/src/Bad Practices/Naming Conventions/ControlNamePrefixes.ql
ql/csharp/ql/src/Bad Practices/Naming Conventions/DefaultControlNames.ql
ql/csharp/ql/src/Bad Practices/Naming Conventions/VariableNameTooShort.ql
ql/csharp/ql/src/Bad Practices/UseOfHtmlInputHidden.ql
ql/csharp/ql/src/Bad Practices/UseOfSystemOutputStream.ql
ql/csharp/ql/src/Configuration/PasswordInConfigurationFile.ql
ql/csharp/ql/src/Dead Code/DeadRefTypes.ql
ql/csharp/ql/src/Dead Code/NonAssignedFields.ql
@@ -39,7 +28,6 @@ ql/csharp/ql/src/Documentation/XmldocMissingParam.ql
ql/csharp/ql/src/Documentation/XmldocMissingReturn.ql
ql/csharp/ql/src/Documentation/XmldocMissingTypeParam.ql
ql/csharp/ql/src/Language Abuse/ForeachCapture.ql
ql/csharp/ql/src/Language Abuse/UselessIsBeforeAs.ql
ql/csharp/ql/src/Likely Bugs/BadCheckOdd.ql
ql/csharp/ql/src/Likely Bugs/RandomUsedOnce.ql
ql/csharp/ql/src/Metrics/Callables/CCyclomaticComplexity.ql
@@ -93,7 +81,6 @@ ql/csharp/ql/src/Security Features/CWE-611/UseXmlSecureResolver.ql
ql/csharp/ql/src/Security Features/CWE-798/HardcodedConnectionString.ql
ql/csharp/ql/src/Security Features/CWE-798/HardcodedCredentials.ql
ql/csharp/ql/src/Security Features/CWE-838/InappropriateEncoding.ql
ql/csharp/ql/src/Useless code/PointlessForwardingMethod.ql
ql/csharp/ql/src/definitions.ql
ql/csharp/ql/src/experimental/CWE-099/TaintedWebClient.ql
ql/csharp/ql/src/experimental/CWE-918/RequestForgery.ql

2
csharp/ql/integration-tests/posix/standalone_dependencies_nuget_config_error/Assemblies.expected
View File

@@ -1 +1 @@
| test-db/working/missingpackages/newtonsoft.json/13.0.3/lib/net6.0/Newtonsoft.Json.dll:0:0:0:0 | Newtonsoft.Json, Version=13.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed |
| test-db/working/missingpackages/newtonsoft.json/13.0.4/lib/net6.0/Newtonsoft.Json.dll:0:0:0:0 | Newtonsoft.Json, Version=13.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed |

2
csharp/ql/integration-tests/posix/standalone_dependencies_nuget_config_error/proj/proj.csproj
View File

@@ -11,6 +11,6 @@
</Target>
<ItemGroup>
<PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
<PackageReference Include="Newtonsoft.Json" Version="13.0.4" />
</ItemGroup>
</Project>

2
csharp/ql/integration-tests/posix/standalone_dependencies_nuget_config_error_timeout/Assemblies.expected
View File

@@ -1 +1 @@
| test-db/working/missingpackages/newtonsoft.json/13.0.3/lib/net6.0/Newtonsoft.Json.dll:0:0:0:0 | Newtonsoft.Json, Version=13.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed |
| test-db/working/missingpackages/newtonsoft.json/13.0.4/lib/net6.0/Newtonsoft.Json.dll:0:0:0:0 | Newtonsoft.Json, Version=13.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed |

2
csharp/ql/integration-tests/posix/standalone_dependencies_nuget_config_error_timeout/proj/proj.csproj
View File

@@ -11,6 +11,6 @@
</Target>
<ItemGroup>
<PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
<PackageReference Include="Newtonsoft.Json" Version="13.0.4" />
</ItemGroup>
</Project>

2
csharp/ql/integration-tests/posix/standalone_dependencies_nuget_config_fallback/Assemblies.expected
View File

@@ -1 +1 @@
| test-db/working/missingpackages/newtonsoft.json/13.0.3/lib/net6.0/Newtonsoft.Json.dll:0:0:0:0 | Newtonsoft.Json, Version=13.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed |
| test-db/working/missingpackages/newtonsoft.json/13.0.4/lib/net6.0/Newtonsoft.Json.dll:0:0:0:0 | Newtonsoft.Json, Version=13.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed |

2
csharp/ql/integration-tests/posix/standalone_dependencies_nuget_config_fallback/proj/proj.csproj
View File

@@ -11,6 +11,6 @@
</Target>
<ItemGroup>
<PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
<PackageReference Include="Newtonsoft.Json" Version="13.0.4" />
</ItemGroup>
</Project>

4
csharp/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 5.2.4
No user-facing changes.
## 5.2.3
### Minor Analysis Improvements

3
csharp/ql/lib/change-notes/released/5.2.4.md Normal file
View File

@@ -0,0 +1,3 @@
## 5.2.4
No user-facing changes.

2
csharp/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 5.2.3
lastReleaseVersion: 5.2.4

2
csharp/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-all
version: 5.2.4-dev
version: 5.2.5-dev
groups: csharp
dbscheme: semmlecode.csharp.dbscheme
extractor: csharp

26
csharp/ql/lib/semmle/code/csharp/controlflow/Guards.qll
View File

@@ -273,6 +273,29 @@ module AbstractValues {
private import AbstractValues
/** Gets the value resulting from matching `null` against `pat`. */
private boolean patternMatchesNull(PatternExpr pat) {
pat instanceof NullLiteral and result = true
or
not pat instanceof NullLiteral and
not pat instanceof NotPatternExpr and
not pat instanceof OrPatternExpr and
not pat instanceof AndPatternExpr and
result = false
or
result = patternMatchesNull(pat.(NotPatternExpr).getPattern()).booleanNot()
or
exists(OrPatternExpr ope | pat = ope |
result =
patternMatchesNull(ope.getLeftOperand()).booleanOr(patternMatchesNull(ope.getRightOperand()))
)
or
exists(AndPatternExpr ape | pat = ape |
result =
patternMatchesNull(ape.getLeftOperand()).booleanAnd(patternMatchesNull(ape.getRightOperand()))
)
}
pragma[nomagic]
private predicate typePattern(PatternMatch pm, TypePatternExpr tpe, Type t) {
tpe = pm.getPattern() and
@@ -362,8 +385,7 @@ class DereferenceableExpr extends Expr {
isNull = branch
or
// E.g. `x is string` or `x is ""`
not pm.getPattern() instanceof NullLiteral and
branch = true and
branch.booleanNot() = patternMatchesNull(pm.getPattern()) and
isNull = false
or
exists(TypePatternExpr tpe |

5
csharp/ql/src/API Abuse/ClassDoesNotImplementEquals.ql
View File

@@ -7,8 +7,9 @@
* @problem.severity error
* @precision medium
* @id cs/class-missing-equals
* @tags reliability
* maintainability
* @tags quality
* reliability
* correctness
*/
import csharp

6
csharp/ql/src/API Abuse/DisposeNotCalledOnException.ql
View File

@@ -7,8 +7,10 @@
* @problem.severity warning
* @precision medium
* @id cs/dispose-not-called-on-throw
* @tags efficiency
* maintainability
* @tags quality
* reliability
* error-handling
* performance
* external/cwe/cwe-404
* external/cwe/cwe-459
* external/cwe/cwe-460

5
csharp/ql/src/API Abuse/InconsistentEqualsGetHashCode.ql
View File

@@ -6,8 +6,9 @@
* @problem.severity warning
* @precision medium
* @id cs/inconsistent-equals-and-gethashcode
* @tags reliability
* maintainability
* @tags quality
* reliability
* correctness
* external/cwe/cwe-581
*/

5
csharp/ql/src/API Abuse/IncorrectCompareToSignature.ql
View File

@@ -5,8 +5,9 @@
* @problem.severity warning
* @precision medium
* @id cs/wrong-compareto-signature
* @tags reliability
* maintainability
* @tags quality
* reliability
* correctness
*/
import csharp

5
csharp/ql/src/API Abuse/IncorrectEqualsSignature.ql
View File

@@ -5,8 +5,9 @@
* @problem.severity warning
* @precision medium
* @id cs/wrong-equals-signature
* @tags reliability
* maintainability
* @tags quality
* reliability
* correctness
*/
import csharp

5
csharp/ql/src/API Abuse/NonOverridingMethod.ql
View File

@@ -5,9 +5,10 @@
* @problem.severity recommendation
* @precision medium
* @id cs/nonoverriding-method
* @tags reliability
* @tags quality
* reliability
* correctness
* readability
* naming
*/
import csharp

5
csharp/ql/src/ASP/SplitControlStructure.ql
View File

@@ -5,8 +5,9 @@
* @problem.severity recommendation
* @precision medium
* @id cs/asp/split-control-structure
* @tags maintainability
* frameworks/asp.net
* @tags quality
* maintainability
* readability
*/
import semmle.code.asp.AspNet

6
csharp/ql/src/Bad Practices/Comments/CommentedOutCode.ql
View File

@@ -5,9 +5,9 @@
* @problem.severity recommendation
* @precision medium
* @id cs/commented-out-code
* @tags maintainability
* statistical
* non-attributable
* @tags quality
* maintainability
* readability
*/
import csharp

3
csharp/ql/src/Bad Practices/Comments/TodoComments.ql
View File

@@ -6,7 +6,8 @@
* @problem.severity recommendation
* @precision medium
* @id cs/todo-comment
* @tags maintainability
* @tags quality
* maintainability
* external/cwe/cwe-546
*/

5
csharp/ql/src/Bad Practices/Declarations/NoConstantsOnly.ql
View File

@@ -6,8 +6,9 @@
* @problem.severity recommendation
* @precision medium
* @id cs/constants-only-interface
* @tags maintainability
* modularity
* @tags quality
* maintainability
* readability
*/
import csharp

3
csharp/ql/src/Bad Practices/ErroneousClassCompare.ql
View File

@@ -5,7 +5,8 @@
* @problem.severity warning
* @precision medium
* @id cs/class-name-comparison
* @tags reliability
* @tags quality
* reliability
* correctness
* external/cwe/cwe-486
*/

6
csharp/ql/src/Bad Practices/Implementation Hiding/AbstractToConcreteCollection.ql
View File

@@ -7,9 +7,9 @@
* @problem.severity warning
* @precision medium
* @id cs/cast-from-abstract-to-concrete-collection
* @tags reliability
* maintainability
* modularity
* @tags quality
* reliability
* correctness
* external/cwe/cwe-485
*/

6
csharp/ql/src/Bad Practices/Implementation Hiding/StaticArray.ql
View File

@@ -5,9 +5,9 @@
* @problem.severity recommendation
* @precision medium
* @id cs/static-array
* @tags reliability
* maintainability
* modularity
* @tags quality
* reliability
* correctness
* external/cwe/cwe-582
*/

4
csharp/ql/src/Bad Practices/Naming Conventions/ConfusingMethodNames.ql
View File

@@ -5,9 +5,9 @@
* @problem.severity recommendation
* @precision medium
* @id cs/confusing-method-name
* @tags maintainability
* @tags quality
* maintainability
* readability
* naming
*/
import csharp

5
csharp/ql/src/Bad Practices/Naming Conventions/ConfusingOverridesNames.ql
View File

@@ -6,9 +6,10 @@
* @problem.severity recommendation
* @precision medium
* @id cs/confusing-override-name
* @tags reliability
* @tags quality
* maintainability
* readability
* naming
* correctness
*/
import csharp

4
csharp/ql/src/Bad Practices/Naming Conventions/ControlNamePrefixes.ql
View File

@@ -6,7 +6,9 @@
* @problem.severity recommendation
* @precision medium
* @id cs/web/unprefixed-control-name
* @tags maintainability
* @tags quality
* maintainability
* readability
*/
import csharp

5
csharp/ql/src/Bad Practices/Naming Conventions/DefaultControlNames.ql
View File

@@ -6,8 +6,9 @@
* @problem.severity recommendation
* @precision medium
* @id cs/forms/default-control-name
* @tags readability
* naming
* @tags quality
* maintainability
* readability
*/
import csharp

4
csharp/ql/src/Bad Practices/UseOfSystemOutputStream.ql
View File

@@ -5,7 +5,9 @@
* @problem.severity recommendation
* @precision medium
* @id cs/console-output
* @tags maintainability
* @tags quality
* reliability
* error-handling
*/
import csharp

6
csharp/ql/src/Bad Practices/VirtualCallInConstructorOrDestructor.ql
View File

@@ -6,9 +6,9 @@
* @precision medium
* @id cs/virtual-call-in-constructor
* @alternate-ids cs/virtual-call-in-constructor-or-destructor
* @tags reliability
* maintainability
* modularity
* @tags quality
* reliability
* correctness
*/
import csharp

14
csharp/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,17 @@
## 1.4.0
### Deprecated Queries
* The query `cs/captured-foreach-variable` has been deprecated as the semantics of capturing a 'foreach' variable and using it outside the loop has been stable since C# version 5.
### Minor Analysis Improvements
* The query `cs/call-to-object-tostring` has been improved to remove false positives for enum types.
### Bug Fixes
* The message for `csharp/diagnostic/database-quality` has been updated to include detailed database health metrics. Additionally, the threshold for reporting database health issues has been lowered from 95% to 85% (if any metric falls below this percentage). These changes are visible on the tool status page.
## 1.3.4
No user-facing changes.

4
csharp/ql/src/Concurrency/SynchSetUnsynchGet.ql
View File

@@ -6,8 +6,10 @@
* @problem.severity error
* @precision medium
* @id cs/unsynchronized-getter
* @tags correctness
* @tags quality
* reliability
* concurrency
* correctness
* external/cwe/cwe-662
*/

3
csharp/ql/src/Concurrency/UnsafeLazyInitialization.ql
View File

@@ -6,7 +6,8 @@
* @problem.severity error
* @precision medium
* @id cs/unsafe-double-checked-lock
* @tags correctness
* @tags quality
* reliability
* concurrency
* external/cwe/cwe-609
*/

4
csharp/ql/src/Concurrency/UnsynchronizedStaticAccess.ql
View File

@@ -6,7 +6,9 @@
* @problem.severity error
* @precision medium
* @id cs/unsynchronized-static-access
* @tags concurrency
* @tags quality
* reliability
* concurrency
* external/cwe/cwe-362
* external/cwe/cwe-567
*/

1
csharp/ql/src/Documentation/XmldocExtraParam.ql
View File

@@ -7,6 +7,7 @@
* @precision medium
* @id cs/xmldoc/unknown-parameter
* @tags maintainability
* readability
*/
import Documentation

1
csharp/ql/src/Documentation/XmldocExtraTypeParam.ql
View File

@@ -7,6 +7,7 @@
* @precision medium
* @id cs/xmldoc/unknown-type-parameter
* @tags maintainability
* readability
*/
import Documentation

1
csharp/ql/src/Documentation/XmldocMissing.ql
View File

@@ -7,6 +7,7 @@
* @precision medium
* @id cs/xmldoc/missing-xmldoc
* @tags maintainability
* readability
*/
import Documentation

3
csharp/ql/src/Documentation/XmldocMissingSummary.ql
View File

@@ -5,8 +5,7 @@
* @problem.severity recommendation
* @precision high
* @id cs/xmldoc/missing-summary
* @tags quality
* maintainability
* @tags maintainability
* readability
*/

5
csharp/ql/src/Language Abuse/ForeachCapture.ql
View File

@@ -7,9 +7,8 @@
* @problem.severity recommendation
* @precision medium
* @id cs/captured-foreach-variable
* @tags portability
* maintainability
* language-features
* @tags reliability
* correctness
* external/cwe/cwe-758
*/

5
csharp/ql/src/Language Abuse/UselessCastToSelf.ql
View File

@@ -5,8 +5,9 @@
* @problem.severity warning
* @precision medium
* @id cs/useless-cast-to-self
* @tags maintainability
* language-features
* @tags quality
* maintainability
* useless-code
* external/cwe/cwe-561
*/

5
csharp/ql/src/Language Abuse/UselessIsBeforeAs.ql
View File

@@ -5,8 +5,9 @@
* @problem.severity recommendation
* @precision medium
* @id cs/useless-is-before-as
* @tags maintainability
* language-features
* @tags quality
* maintainability
* useless-code
* external/cwe/cwe-561
*/

5
csharp/ql/src/Language Abuse/UselessNullCoalescingExpression.ql
View File

@@ -6,8 +6,9 @@
* @problem.severity error
* @precision medium
* @id cs/coalesce-of-identical-expressions
* @tags maintainability
* language-features
* @tags quality
* maintainability
* useless-code
* external/cwe/cwe-561
*/

5
csharp/ql/src/Language Abuse/UselessTypeTest.ql
View File

@@ -5,8 +5,9 @@
* @problem.severity warning
* @precision medium
* @id cs/useless-type-test
* @tags maintainability
* language-features
* @tags quality
* maintainability
* useless-code
* external/cwe/cwe-561
*/

5
csharp/ql/src/Language Abuse/UselessUpcast.ql
View File

@@ -5,8 +5,9 @@
* @problem.severity warning
* @precision medium
* @id cs/useless-upcast
* @tags maintainability
* language-features
* @tags quality
* maintainability
* useless-code
* external/cwe/cwe-561
*/

4
csharp/ql/src/Likely Bugs/Dynamic/BadDynamicCall.ql
View File

@@ -5,9 +5,9 @@
* @problem.severity error
* @precision medium
* @id cs/invalid-dynamic-call
* @tags reliability
* @tags quality
* reliability
* correctness
* logic
* external/cwe/cwe-628
*/

5
csharp/ql/src/Likely Bugs/EqualsUsesAs.ql
View File

@@ -5,8 +5,9 @@
* @problem.severity warning
* @precision medium
* @id cs/equals-uses-as
* @tags reliability
* maintainability
* @tags quality
* reliability
* correctness
*/
import csharp

5
csharp/ql/src/Likely Bugs/EqualsUsesIs.ql
View File

@@ -5,8 +5,9 @@
* @problem.severity warning
* @precision medium
* @id cs/equals-uses-is
* @tags reliability
* maintainability
* @tags quality
* reliability
* correctness
*/
import csharp

5
csharp/ql/src/Likely Bugs/InconsistentCompareTo.ql
View File

@@ -5,8 +5,9 @@
* @problem.severity warning
* @precision medium
* @id cs/inconsistent-compareto-and-equals
* @tags reliability
* maintainability
* @tags quality
* reliability
* correctness
*/
import semmle.code.csharp.frameworks.System

3
csharp/ql/src/Likely Bugs/LeapYear/UnsafeYearConstruction.ql
View File

@@ -5,8 +5,9 @@
* @problem.severity warning
* @precision medium
* @id cs/unsafe-year-construction
* @tags date-time
* @tags quality
* reliability
* correctness
*/
import csharp

5
csharp/ql/src/Likely Bugs/MishandlingJapaneseEra.ql
View File

@@ -5,8 +5,9 @@
* @kind problem
* @problem.severity warning
* @precision medium
* @tags reliability
* date-time
* @tags quality
* reliability
* correctness
*/
import csharp

3
csharp/ql/src/Likely Bugs/ObjectComparison.ql
View File

@@ -6,7 +6,8 @@
* @problem.severity warning
* @precision medium
* @id cs/reference-equality-with-object
* @tags reliability
* @tags quality
* reliability
* correctness
* external/cwe/cwe-595
*/

5
csharp/ql/src/Likely Bugs/RecursiveOperatorEquals.ql
View File

@@ -5,8 +5,9 @@
* @problem.severity error
* @precision medium
* @id cs/recursive-operator-equals-call
* @tags reliability
* maintainability
* @tags quality
* reliability
* correctness
*/
import csharp

5
csharp/ql/src/Likely Bugs/Statements/UseBraces.ql
View File

@@ -6,9 +6,10 @@
* @problem.severity warning
* @precision medium
* @id cs/misleading-indentation
* @tags changeability
* @tags quality
* maintainability
* readability
* correctness
* logic
*/
import csharp

6
csharp/ql/src/Linq/BadMultipleIteration.ql
View File

@@ -5,9 +5,9 @@
* @problem.severity warning
* @precision medium
* @id cs/linq/inconsistent-enumeration
* @tags reliability
* maintainability
* language-features
* @tags quality
* reliability
* correctness
* external/cwe/cwe-834
*/

1
csharp/ql/src/Useless code/DefaultToStringQuery.qll
View File

@@ -47,6 +47,7 @@ private predicate alwaysInvokesToString(ParameterRead pr) {
*/
predicate alwaysDefaultToString(ValueOrRefType t) {
not t instanceof TupleType and
not t instanceof Enum and
exists(ToStringMethod m | t.hasMethod(m) |
m.getDeclaringType() instanceof SystemObjectClass or
m.getDeclaringType() instanceof SystemValueTypeClass

3
csharp/ql/src/Useless code/PointlessForwardingMethod.ql
View File

@@ -5,7 +5,8 @@
* @problem.severity recommendation
* @precision medium
* @id cs/useless-forwarding-method
* @tags maintainability
* @tags quality
* maintainability
* useless-code
*/

4
csharp/ql/src/change-notes/2025-09-04-database-diagnostics.md
View File

@@ -1,4 +0,0 @@
---
category: fix
---
* The message for `csharp/diagnostic/database-quality` has been updated to include detailed database health metrics. Additionally, the threshold for reporting database health issues has been lowered from 95% to 85% (if any metric falls below this percentage). These changes are visible on the tool status page.

4
csharp/ql/src/change-notes/2025-09-10-deprecate-foreach-capture.md
View File

@@ -1,4 +0,0 @@
---
category: deprecated
---
* The query `cs/captured-foreach-variable` has been deprecated as the semantics of capturing a 'foreach' variable and using it outside the loop has been stable since C# version 5.

4
csharp/ql/src/change-notes/2025-09-16-code-quality-doc-query.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Remove the query `cs/xmldoc/missing-summary` from the `code-quality` suite (align with other languages).

4
csharp/ql/src/change-notes/2025-09-17-nullguard-pattern.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* The modeling of null guards based on complex pattern expressions has been improved, which in turn improves the query `cs/dereferenced-value-may-be-null` by removing false positives.

13
csharp/ql/src/change-notes/released/1.4.0.md Normal file
View File

@@ -0,0 +1,13 @@
## 1.4.0
### Deprecated Queries
* The query `cs/captured-foreach-variable` has been deprecated as the semantics of capturing a 'foreach' variable and using it outside the loop has been stable since C# version 5.
### Minor Analysis Improvements
* The query `cs/call-to-object-tostring` has been improved to remove false positives for enum types.
### Bug Fixes
* The message for `csharp/diagnostic/database-quality` has been updated to include detailed database health metrics. Additionally, the threshold for reporting database health issues has been lowered from 95% to 85% (if any metric falls below this percentage). These changes are visible on the tool status page.

2
csharp/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.3.4
lastReleaseVersion: 1.4.0

2
csharp/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-queries
version: 1.3.5-dev
version: 1.4.1-dev
groups:
- csharp
- queries

13
csharp/ql/test/query-tests/Nullness/E.cs
View File

@@ -432,7 +432,7 @@ public class E
return @is.Any();
}
static void Ex45(string s)
static void Ex45(string s) // $ Source[cs/dereferenced-value-may-be-null]
{
if (s is null)
{
@@ -441,7 +441,7 @@ public class E
if (s is not not null)
{
s.ToString(); // $ MISSING: Alert[cs/dereferenced-value-is-always-null]
s.ToString(); // $ Alert[cs/dereferenced-value-may-be-null] MISSING: Alert[cs/dereferenced-value-is-always-null]
}
if (s is not null)
@@ -453,6 +453,15 @@ public class E
{
s.ToString(); // GOOD
}
if (s is not object)
{
s.ToString(); // $ Alert[cs/dereferenced-value-may-be-null]
}
else
{
s.ToString(); // GOOD
}
}
}

Some files were not shown because too many files have changed in this diff Show More