hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-25 09:01:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
9e6b178d48082cfba2ce82906367e5144192ede2
codeql/change-notes/1.21/analysis-java.md
Anders Schack-Mulligen b5681a1260 Java: Add change note.
2019-04-05 10:44:42 +02:00

1.5 KiB
Raw Blame History

Improvements to Java analysis

New queries

Query Tags Purpose

Changes to existing queries

Query Expected impact Change
Implicit conversion from array to string (java/print-array) Fewer false positive results Results in slf4j logging calls are no longer reported as slf4j supports array printing.
Result of multiplication cast to wider type (java/integer-multiplication-cast-to-long) Fewer false positive results Range analysis is now used to exclude results involving multiplication of small values that cannot overflow.

Changes to QL libraries

  • The Guards library has been extended to account for method calls that check conditions by conditionally throwing an exception. This includes the checkArgument and checkState methods in com.google.common.base.Preconditions, the isTrue and validState methods in org.apache.commons.lang3.Validate, as well as any similar custom methods. This means that more guards are recognized yielding precision improvements in a number of queries including java/index-out-of-bounds, java/dereferenced-value-may-be-null, and java/useless-null-check.