hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-18 05:24:01 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
583f7f914e09bf0ee565cd1cfcaae5df2fe97e23
codeql/change-notes/1.25/analysis-csharp.md
Tom Hvitved e9839198f4 Merge pull request #3484 from calumgrant/cs/index-initializers 
C#: Extract indexed initializers correctly
2020-05-20 09:22:47 +02:00

55 lines
1.7 KiB
Markdown
Raw Blame History

# Improvements to C# analysis
The following changes in version 1.25 affect C# analysis in all applications.
## New queries
| **Query** | **Tags** | **Purpose** |
|-----------------------------|-----------|--------------------------------------------------------------------|
## Changes to existing queries
| **Query** | **Expected impact** | **Change** |
|------------------------------|------------------------|-----------------------------------|
## Removal of old queries
## Changes to code extraction
* Index initializers, of the form `{ [1] = "one" }`, are extracted correctly. Previously, the kind of the
expression was incorrect, and the index was not extracted.
## Changes to libraries
* The class `UnboundGeneric` has been refined to only be those declarations that actually
have type parameters. This means that non-generic nested types inside constructed types,
such as `A<int>.B`, no longer are considered unbound generics. (Such nested types do,
however, still have relevant `.getSourceDeclaration()`s, for example `A<>.B`.)
* The data-flow library has been improved, which affects most security queries by potentially
adding more results. Flow through methods now takes nested field reads/writes into account.
For example, the library is able to track flow from `"taint"` to `Sink()` via the method
`GetF2F1()` in
```csharp
class C1
{
string F1;
}
class C2
{
C1 F2;
string GetF2F1() => F2.F1; // Nested field read
void M()
{
F2 = new C1() { F1 = "taint" };
Sink(GetF2F1()); // NEW: "taint" reaches here
}
}
```
## Changes to autobuilder
Reference in New Issue View Git Blame Copy Permalink