hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-27 09:48:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5d08da545571ee6704af03ab64faaa6e22e677f
codeql/change-notes/1.25/analysis-csharp.md
Tom Hvitved 0b85f3fed4 Address review comments
2020-05-07 15:58:46 +02:00

1.6 KiB
Raw Blame History

Improvements to C# analysis

The following changes in version 1.25 affect C# analysis in all applications.

New queries

Query Tags Purpose

Changes to existing queries

Query Expected impact Change

Removal of old queries

Changes to code extraction

Changes to libraries

  • The class UnboundGeneric has been refined to only be those declarations that actually have type parameters. This means that non-generic nested types inside construced types, such as A<int>.B, no longer are considered unbound generics. (Such nested types do, however, still have relevant .getSourceDeclaration()s, for example A<>.B.)
  • The data-flow library has been improved, which affects most security queries by potentially adding more results. Flow through methods now takes nested field reads/writes into account. For example, the library is able to track flow from "taint" to Sink() via the method GetF2F1() in 
    class C1
{
    string F1;
}

class C2
{
    C1 F2;

    string GetF2F1() => F2.F1; // Nested field read

    void M()
    {
        F2 = new C1() { F1 = "taint" };
        Sink(GetF2F1()); // NEW: "taint" reaches here
    }
}

Changes to autobuilder