Skip to content

Mergeback rc/1.18 into master #186

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
semmle-qlci merged 33 commits into from
Sep 13, 2018
Merged

Mergeback rc/1.18 into master #186

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
33 commits
Select commit Hold shift + click to select a range
2104cf5
JS: add models of URL requests
Aug 30, 2018
f5a6af5
JS: add security query: js/request-forgery
Aug 30, 2018
68b7a8b
JS: change notes for `UrlRequest` libraries and `js/request-forgery`
Aug 30, 2018
80b81b0
JS: refactor DefaultUrlRequest: extract names
Sep 3, 2018
d7a81ef
JS: refactor DefaultUrlRequest: extract the `request` library
Sep 3, 2018
b3b997c
JS: refactor DefaultUrlRequest: extract the `axios` library
Sep 3, 2018
5f26c23
JS: refactor DefaultUrlRequest: extract the `fetch` API
Sep 3, 2018
1abdf2f
JS: refactor DefaultUrlRequest: extract the `http` library
Sep 3, 2018
de6b835
JS: refactor DefaultUrlRequest: extract the `got` library
Sep 3, 2018
0a89f1a
JS: eliminate DefaultUrlRequest: extract the `got` library
Sep 3, 2018
cb2a6ed
JS: support http.request URL requests
Sep 3, 2018
6d78350
JS: s/URLRequest/ClientRequest, merge with NodeJSLib::ClientRequest
Sep 3, 2018
0da14fc
JS: renaming UrlRequests.qll -> ClientRequests.qll
Sep 3, 2018
d578c74
JS: docstring cleanup
Sep 3, 2018
2dd8e95
JS: remove unused `getOptions` method
Sep 3, 2018
2306afd
JS: use extensible architecture for Electron- and NodeClientRequest
Sep 3, 2018
89887e7
JS: address review comments
Sep 4, 2018
6e1846b
JS: address doc review comments
Sep 4, 2018
f63a3b3
JS: add missing `abstract` modifier
Sep 4, 2018
aaf1ac7
JS: reduce declared precision of js/request-forgery
Sep 9, 2018
620f99c
Remove template text
Sep 11, 2018
f48317f
Minor updates to prepare for publication
Sep 11, 2018
ec7beab
Merge pull request #176 from felicity-semmle/1.18/csharp-change-notes
hvitved Sep 11, 2018
3d444f3
JavaScript: fix CFG for EnhancedForStmt
asger-semmle Sep 6, 2018
0a4a5da
JavaScript: update output of CFG test
asger-semmle Sep 6, 2018
5fef916
Merge pull request #171 from asger-semmle/js-for-loop-cfg
asger-semmle Sep 11, 2018
b17aeb6
Merge pull request #118 from esben-semmle/js/request-forgery
semmle-qlci Sep 11, 2018
223bf6c
Updates for consistency
Sep 11, 2018
7dd891d
Further updates and addition of query @ids
Sep 11, 2018
4d512a5
Remove non-LGTM query (see following PR)
Sep 11, 2018
9fb5fbd
C++: Restructure UnsafeUseOfStrcat for performance
jbj Sep 12, 2018
cc6edd4
Merge pull request #182 from felicity-semmle/1.18/js-change-notes
asger-semmle Sep 12, 2018
1459b98
Merge pull request #183 from jbj/unsafe-strcat-perf
geoffw0 Sep 12, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
40 changes: 17 additions & 23 deletions change-notes/1.18/analysis-csharp.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,5 @@
# Improvements to C# analysis

> NOTES
>
> Please describe your changes in terms that are suitable for
> customers to read. These notes will have only minor tidying up
> before they are published as part of the release notes.

## General improvements

* Control flow analysis has been improved for `catch` clauses with filters.
Expand All @@ -14,38 +8,37 @@

| **Query** | **Tags** | **Purpose** |
|-----------------------------|-----------|--------------------------------------------------------------------|
| Arbitrary file write during zip extraction ("Zip Slip") (`cs/zipslip`) | security, external/cwe/cwe-022 | Identifies zip extraction routines which allow arbitrary file overwrite vulnerabilities.
| Arbitrary file write during zip extraction ("Zip Slip") (`cs/zipslip`) | security, external/cwe/cwe-022 | Identifies zip extraction routines which allow arbitrary file overwrite vulnerabilities. |
| Local scope variable shadows member (`cs/local-shadows-member`) | maintainability, readability | Replaces the existing queries Local variable shadows class member (`cs/local-shadows-class-member`), Local variable shadows struct member (`cs/local-shadows-struct-member`), Parameter shadows class member (`cs/parameter-shadows-class-member`), and Parameter shadows struct member (`cs/parameter-shadows-struct-member`). |

## Changes to existing queries

| **Query** | **Expected impact** | **Change** |
|----------------------------|------------------------|------------------------------------------------------------------|
| [Constant condition](https://help.semmle.com/wiki/display/CSHARP/Constant+condition) (`cs/constant-condition`) | More results | The query has been generalized to cover both Null-coalescing left operand is constant (`cs/constant-null-coalescing`) and Switch selector is constant (`cs/constant-switch-selector`). |
| Constant condition (`cs/constant-condition`) | More results | The query has been generalized to report alerts for the old queries Null-coalescing left operand is constant (`cs/constant-null-coalescing`) and Switch selector is constant (`cs/constant-switch-selector`). |
| Exposing internal representation (`cs/expose-implementation`) | Different results | The query has been rewritten, based on the [equivalent Java query](https://help.semmle.com/wiki/display/JAVA/Exposing+internal+representation). |
| Local variable shadows class member(`cs/local-shadows-class-member`) | No results | The query has been replaced by Local scope variable shadows member (`cs/local-shadows-member`). |
| Local variable shadows struct member (`cs/local-shadows-struct-member`) | No results | The query has been replaced by Local scope variable shadows member (`cs/local-shadows-member`). |
| [Missing Dispose call on local IDisposable](https://help.semmle.com/wiki/display/CSHARP/Missing+Dispose+call+on+local+IDisposable) (`cs/local-not-disposed`) | Fewer results | The query identifies more cases where the local variable may be disposed by a library call. |
| [Nested loops with same variable](https://help.semmle.com/wiki/display/CSHARP/Nested+loops+with+same+variable) (`cs/nested-loops-with-same-variable`) | Fewer results | Results are no longer highlighted in nested loops that share the same condition, and do not use the variable after the inner loop. |
| Null-coalescing left operand is constant (`cs/constant-null-coalescing`) | No results | The query has been removed, as it is now covered by Constant condition (`cs/constant-condition`). |
| Parameter shadows class member (`cs/parameter-shadows-class-member`) | No results | The query has been replaced by Local scope variable shadows member (`cs/local-shadows-member`). |
| Parameter shadows struct member (`cs/parameter-shadows-struct-member`) | No results | The query has been replaced by Local scope variable shadows member (`cs/local-shadows-member`). |
| [Potentially incorrect CompareTo(...) signature](https://help.semmle.com/wiki/display/CSHARP/Potentially+incorrect+CompareTo%28...%29+signature) (`cs/wrong-compareto-signature`) | Fewer results | Results are no longer highlighted in constructed types. |
| Switch selector is constant (`cs/constant-switch-selector`) | No results | The query has been removed, as it is now covered by Constant condition (`cs/constant-condition`). |
| [Useless upcast](https://help.semmle.com/wiki/display/CSHARP/Useless+upcast) (`cs/useless-upcast`) | Fewer results | The query has been improved to cover more cases where upcasts may be needed. |
| Local variable shadows class member (`cs/local-shadows-class-member`) | No results | The query has been replaced by the new query: Local scope variable shadows member (`cs/local-shadows-member`). |
| Local variable shadows struct member (`cs/local-shadows-struct-member`) | No results | The query has been replaced by the new query: Local scope variable shadows member (`cs/local-shadows-member`). |
| Missing Dispose call on local IDisposable (`cs/local-not-disposed`) | Fewer false positive results | The query identifies more cases where the local variable may be disposed by a library call. |
| Nested loops with same variable (`cs/nested-loops-with-same-variable`) | Fewer false positive results | Results are no longer highlighted in nested loops that share the same condition, and do not use the variable after the inner loop. |
| Null-coalescing left operand is constant (`cs/constant-null-coalescing`) | No results | The query has been removed, as alerts for this problem are now reported by the new query: Constant condition (`cs/constant-condition`). |
| Parameter shadows class member (`cs/parameter-shadows-class-member`) | No results | The query has been replaced by the new query: Local scope variable shadows member (`cs/local-shadows-member`). |
| Parameter shadows struct member (`cs/parameter-shadows-struct-member`) | No results | The query has been replaced by the new query: Local scope variable shadows member (`cs/local-shadows-member`). |
| Potentially incorrect CompareTo(...) signature (`cs/wrong-compareto-signature`) | Fewer false positive results | Results are no longer highlighted in constructed types. |
| Switch selector is constant (`cs/constant-switch-selector`) | No results | The query has been removed, as alerts for this problem are now reported by the new query: Constant condition (`cs/constant-condition`). |
| Useless upcast (`cs/useless-upcast`) | Fewer false positive results | The query has been improved to cover more cases where upcasts may be needed. |

## Changes to code extraction

* The `into` part of `join` clauses is now extracted.
* The `when` part of constant cases is now extracted.
* Fixed a bug where `while(x is T y) ...` was not extracted correctly.

* *Series of bullet points*

## Changes to QL libraries

* A new non-member predicate `mayBeDisposed()` can be used to determine if a variable is potentially disposed inside a library. It will analyse the CIL code in the library to determine this.
* Several control flow graph entities have been renamed (the old names still exist for backwards compatibility):
* A new non-member predicate `mayBeDisposed()` can be used to determine if a variable is potentially disposed inside a library. It will analyze the CIL code in the library to determine this.
* The predicate `getCondition()` has been moved from `TypeCase` to `CaseStmt`. It is now possible to get the condition of a `ConstCase` using its `getCondition()` predicate.
* Several control flow graph entities have been renamed (the old names are deprecated but are still available in this release for backwards compatibility):
- `ControlFlowNode` has been renamed to `ControlFlow::Node`.
- `CallableEntryNode` has been renamed to `ControlFlow::Nodes::EntryNode`.
- `CallableExitNode` has been renamed to `ControlFlow::Nodes::ExitNode`.
Expand All @@ -63,4 +56,5 @@
- `ControlFlowEdgeGotoCase` has been renamed to `ControlFlow::SuccessorTypes::GotoCaseSuccessor`.
- `ControlFlowEdgeGotoDefault` has been renamed to `ControlFlow::SuccessorTypes::GotoDefaultSuccessor`.
- `ControlFlowEdgeException` has been renamed to `ControlFlow::SuccessorTypes::ExceptionSuccessor`.
* The predicate `getCondition()` has been moved from `TypeCase` to `CaseStmt`. It is now possible to get the condition of a `ConstCase` using its `getCondition()` predicate.

> You should update any custom queries that use these entities to ensure that they continue working when the old names are removed in a future release.
Loading