mirror of
https://github.com/github/codeql.git
synced 2026-03-21 06:57:09 +01:00
1.6 KiB
1.6 KiB
Improvements to C# analysis
General improvements
- Control flow graph improvements:
- The control flow graph construction now takes simple Boolean conditions on local scope variables into account. For example, in
if (b) x = 0; if (b) x = 1;, the control flow graph will reflect that taking thetrue(resp.false) branch in the first condition implies taking the same branch in the second condition. In effect, the first assignment toxwill now be identified as being dead.- Code that is only reachable from a constant failing assertion, such as
Debug.Assert(false), is considered to be unreachable.
- Code that is only reachable from a constant failing assertion, such as
New queries
| Query | Tags | Purpose |
|---|---|---|
| @name of query (Query ID) | Tags | Aim of the new query and whether it is enabled by default or not |
Changes to existing queries
| Inconsistent lock sequence (cs/inconsistent-lock-sequence) | More results | This query now finds inconsistent lock sequences globally across calls. |
| Local scope variable shadows member (cs/local-shadows-member) | Fewer results | Results have been removed where a constructor parameter shadows a member, because the parameter is probably used to initialize the member. |
| Cross-site scripting (cs/web/xss) | More results | This query now finds cross-site scripting vulnerabilities in ASP.NET Core applications. |
| @name of query (Query ID)| Impact on results | How/why the query has changed |