Merge branch 'main' into ts4

2025-12-16 16:53:25 +01:00 · 2020-08-21 15:08:30 +02:00
parent e00951edf0 a93a84fb2e
commit db57f3661e
277 changed files with 20078 additions and 3191 deletions
--- a/change-notes/1.26/analysis-cpp.md
+++ b/change-notes/1.26/analysis-cpp.md
@@ -14,6 +14,12 @@ The following changes in version 1.26 affect C/C++ analysis in all applications.
 | **Query**                  | **Expected impact**    | **Change**                                                       |
 |----------------------------|------------------------|------------------------------------------------------------------|
 | Inconsistent direction of for loop (`cpp/inconsistent-loop-direction`) | Fewer false positive results | The query now accounts for intentional wrapping of an unsigned loop counter. |
+| Overflow in uncontrolled allocation size (`cpp/uncontrolled-allocation-size`) | | The precision of this query has been decreased from "high" to "medium". As a result, the query is still run but results are no longer displayed on LGTM by default. |
+| Comparison result is always the same (`cpp/constant-comparison`) | More correct results | Bounds on expressions involving multiplication can now be determined in more cases. |

 ## Changes to libraries

+* The models library now models some taint flows through `std::array`, `std::vector`, `std::deque`, `std::list` and `std::forward_list`.
+* The models library now models many more taint flows through `std::string`.
+* The `SimpleRangeAnalysis` library now supports multiplications of the form
+  `e1 * e2` and `x *= e2` when `e1` and `e2` are unsigned or constant.
--- a/change-notes/1.26/analysis-csharp.md
+++ b/change-notes/1.26/analysis-csharp.md
@@ -0,0 +1,29 @@
+# Improvements to C# analysis
+
+The following changes in version 1.26 affect C# analysis in all applications.
+
+## New queries
+
+| **Query**                   | **Tags**  | **Purpose**                                                        |
+|-----------------------------|-----------|--------------------------------------------------------------------|
+
+
+## Changes to existing queries
+
+| **Query**                    | **Expected impact**    | **Change**                        |
+|------------------------------|------------------------|-----------------------------------|
+
+
+## Removal of old queries
+
+## Changes to code extraction
+
+* Partial method bodies are extracted. Previously, partial method bodies were skipped completely.
+
+## Changes to libraries
+
+## Changes to autobuilder
+
+## Changes to tooling support
+
+* The Abstract Syntax Tree of C# files can be printed in Visual Studio Code.
--- a/change-notes/1.26/analysis-javascript.md
+++ b/change-notes/1.26/analysis-javascript.md
@@ -14,6 +14,8 @@
  - [pretty-format](https://www.npmjs.com/package/pretty-format)
  - [stringify-object](https://www.npmjs.com/package/stringify-object)

+* Analyzing files with the ".cjs" extension is now supported.
+
 ## New queries

 | **Query**                                                                       | **Tags**                                                          | **Purpose**                                                                                                                                                                            |
@@ -24,7 +26,7 @@

 | **Query**                      | **Expected impact**          | **Change**                                                                |
 |--------------------------------|------------------------------|---------------------------------------------------------------------------|
+| Incomplete URL substring sanitization (`js/incomplete-url-substring-sanitization`) | More results | This query now recognizes additional URLs when the substring check is an inclusion check. |


 ## Changes to libraries
-