hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-21 22:57:11 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
ecbdb661e9a18c066eb45da9deac1042cf54e32a
codeql/javascript/ql/src/Declarations/DeadStoreOfGlobal.ql
Max Schaefer a803120414 Lower precision for a number of queries. 
These queries are currently run by default, but don't have their results displayed.

Looking through results on LGTM.com, they are either false positives (e.g., `BitwiseSignCheck` which flags many perfectly harmless operations and `CompareIdenticalValues` which mostly flags NaN checks) or harmless results that developers are unlikely to care about (e.g., `EmptyArrayInit` or `MisspelledIdentifier`).

With this PR, the only queries that are still run but not displayed are security queries, where different considerations may apply.
2020-05-19 13:43:17 +01:00

40 lines
1.4 KiB
Plaintext
Raw Blame History

/**
* @name Useless assignment to global variable
* @description An assignment to a global variable that is never used has no effect.
* @kind problem
* @problem.severity warning
* @id js/useless-assignment-to-global
* @tags maintainability
* correctness
* external/cwe/cwe-563
* @precision low
*/
import javascript
/** Holds if every access to `v` is a write. */
predicate onlyWritten(Variable v) {
forall(VarAccess va | va = v.getAnAccess() | exists(Assignment assgn | assgn.getTarget() = va))
}
from Variable v, GlobalVarAccess gva
where
v = gva.getVariable() and
onlyWritten(v) and
// 'v' is not externally declared...
not exists(ExternalVarDecl d | d.getName() = v.getName() |
// ...as a member of {Window,Worker,WebWorker}.prototype
d.(ExternalInstanceMemberDecl).getBaseName().regexpMatch("Window|Worker|WebWorker")
or
// ...or as a member of window
d.(ExternalStaticMemberDecl).getBaseName() = "window"
or
// ...or as a global
d instanceof ExternalGlobalDecl
) and
// it isn't declared using a linter directive
not exists(Linting::GlobalDeclaration decl | decl.declaresGlobalForAccess(gva)) and
// ignore accesses under 'with', since they may well refer to properties of the with'ed object
not exists(WithStmt with | with.mayAffect(gva))
select gva, "This definition of " + v.getName() + " is useless, since its value is never read."
Reference in New Issue View Git Blame Copy Permalink