mirror of
https://github.com/github/codeql.git
synced 2025-12-19 18:33:16 +01:00
a803120414
These queries are currently run by default, but don't have their results displayed. Looking through results on LGTM.com, they are either false positives (e.g., `BitwiseSignCheck` which flags many perfectly harmless operations and `CompareIdenticalValues` which mostly flags NaN checks) or harmless results that developers are unlikely to care about (e.g., `EmptyArrayInit` or `MisspelledIdentifier`). With this PR, the only queries that are still run but not displayed are security queries, where different considerations may apply.
30 lines
984 B
Plaintext
30 lines
984 B
Plaintext
/**
|
|
* @name Setter ignores its parameter
|
|
* @description A setter function can silently ignore the new value that the property is meant to
|
|
* be set to, but this may result in unexpected behavior and could indicate a bug.
|
|
* @kind problem
|
|
* @problem.severity recommendation
|
|
* @id js/ignored-setter-parameter
|
|
* @tags reliability
|
|
* maintainability
|
|
* language-features
|
|
* @precision low
|
|
*/
|
|
|
|
import javascript
|
|
import semmle.javascript.RestrictedLocations
|
|
|
|
from PropertySetter s, FunctionExpr f, SimpleParameter p
|
|
where
|
|
f = s.getInit() and
|
|
p = f.getAParameter() and
|
|
not exists(p.getVariable().getAnAccess()) and
|
|
not f.usesArgumentsObject() and
|
|
// the setter body is either empty, or it is not just a single 'throw' statement
|
|
(
|
|
not exists(f.getABodyStmt())
|
|
or
|
|
exists(Stmt stmt | stmt = f.getABodyStmt() | not stmt instanceof ThrowStmt)
|
|
)
|
|
select s.(FirstLineOf), "This setter function does not use its parameter $@.", p, p.getName()
|