You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
| Deserialization of untrusted data (`cs/unsafe-deserialization-untrusted-input`) | security, external/cwe/cwe-502 | Finds flow of untrusted input to calls to unsafe deserializers. |
11
-
|Unsafe year argument for 'DateTime' constructor (`cs/unsafe-year-construction`) | reliability, date-time | Finds incorrect manipulation of `DateTime` values, which could lead to invalid dates. |
|Mishandling the Japanese era start date (`cs/mishandling-japanese-era`) |reliability, date-time| Finds hard-coded Japanese era start dates that could be invalid. |
9
+
| Deserialized delegate (`cs/deserialized-delegate`) | security, external/cwe/cwe-502 | Finds unsafe deserialization of delegate types. Results are shown on LGTM by default. |
10
+
| Deserialization of untrusted data (`cs/unsafe-deserialization-untrusted-input`) | security, external/cwe/cwe-502 | Finds flow of untrusted input to calls to unsafe deserializers. Results are shown on LGTM by default. |
11
+
|Mishandling the Japanese era start date (`cs/mishandling-japanese-era`) | reliability, date-time | Finds hard-coded Japanese era start dates that could be invalid. Results are not shown on LGTM by default. |
12
+
| Unsafe year argument for 'DateTime' constructor (`cs/unsafe-year-construction`) |reliability, date-time| Finds incorrect manipulation of `DateTime` values, which could lead to invalid dates. Results are not shown on LGTM by default. |
13
+
|Unsafe deserializer (`cs/unsafe-deserialization`) |security, external/cwe/cwe-502| Finds calls to unsafe deserializers. By default, the query is not run on LGTM. |
| Dereferenced variable may be null (`cs/dereferenced-value-may-be-null`) | Fewer false positive results | More `null` checks are now taken into account, including `null` checks for `dynamic` expressions and `null` checks such as `object alwaysNull = null; if (x != alwaysNull) ...`. |
20
-
| Missing Dispose call on local IDisposable (`cs/local-not-disposed`) | Fewer false positive results | The query has been rewritten in order to identify more dispose patterns. For example, a local `IDisposable` that is disposed of by passing through a fluent API is no longer reported. |
21
-
22
-
## Removal of old queries
20
+
| Missing Dispose call on local IDisposable (`cs/local-not-disposed`) | Fewer false positive results | The query has been rewritten in order to identify more dispose patterns. For example, a local `IDisposable` that is disposed of by passing through a fluent API is no longer reported as missing a dispose call. |
23
21
24
22
## Changes to code extraction
25
23
@@ -29,22 +27,19 @@ The following changes in version 1.23 affect C# analysis in all applications.
29
27
30
28
* The new class `NamespaceAccess` models accesses to namespaces, for example in `nameof` expressions.
31
29
* The data-flow library now makes it easier to specify barriers/sanitizers
32
-
arising from guards by overriding the predicate
30
+
arising from guards. You can override the predicate
33
31
`isBarrierGuard`/`isSanitizerGuard` on data-flow and taint-tracking
34
32
configurations respectively.
35
33
* The data-flow library has been extended with a new feature to aid debugging.
36
-
Instead of specifying `isSink(Node n) { any() }` on a configuration to
37
-
explore the possible flow from a source, it is recommended to use the new
38
-
`Configuration::hasPartialFlow` predicate, as this gives a more complete
39
-
picture of the partial flow paths from a given source. The feature is
40
-
disabled by default and can be enabled for individual configurations by
34
+
Previously, to explore the possible flow from all sources you could specify `isSink(Node n) { any() }` on a configuration.
35
+
Now you can use the new `Configuration::hasPartialFlow` predicate,
36
+
which gives a more complete picture of the partial flow paths from a given source, including flow that doesn't reach any sink.
37
+
The feature is disabled by default and can be enabled for individual configurations by
41
38
overriding `int explorationLimit()`.
42
-
*`foreach` statements where the body is guaranteed to be executed at least once, such as `foreach (var x in new string[]{ "a", "b", "c" }) { ... }`, are now recognized by all analyses based on the controlflow graph (such as SSA, data flow and taint tracking).
43
-
* Fixed the controlflow graph for `switch` statements where the `default` case was not the last case. This had caused the remaining cases to be unreachable. `SwitchStmt.getCase(int i)` now puts the `default` case last.
39
+
*`foreach` statements where the body is guaranteed to be executed at least once, such as `foreach (var x in new string[]{ "a", "b", "c" }) { ... }`, are now recognized by all analyses based on the control-flow graph (such as SSA, data flow and taint tracking).
40
+
* Fixed the control-flow graph for `switch` statements where the `default` case was not the last case. This had caused the remaining cases to be unreachable. `SwitchStmt.getCase(int i)` now puts the `default` case last.
44
41
* There is now a `DataFlow::localExprFlow` predicate and a
45
42
`TaintTracking::localExprTaint` predicate to make it easy to use the most
46
43
common case of local data flow and taint: from one `Expr` to another.
47
44
* Data is now tracked through null-coalescing expressions (`??`).
48
45
* A new library `semmle.code.csharp.Unification` has been added. This library exposes two predicates `unifiable` and `subsumes` for calculating type unification and type subsumption, respectively.
| Hard-coded Japanese era start date (`cpp/japanese-era/exact-era-date`) || This query is no longer run on LGTM. |
16
17
| No space for zero terminator (`cpp/no-space-for-terminator`) | Fewer false positive results | This query has been modified to be more conservative when identifying which pointers point to null-terminated strings. This approach produces fewer, more accurate results. |
| Insecure configuration for ASP.NET requestValidationMode (`cs/insecure-request-validation-mode`) | security, external/cwe/cwe-016 | Finds where this attribute has been set to a value less than 4.5, which turns off some validation features and makes the application less secure. |
10
+
| Page request validation is disabled (`cs/web/request-validation-disabled`) | security, frameworks/asp.net, external/cwe/cwe-016 | Finds where ASP.NET page request validation has been disabled, which could makes the application less secure. |
10
11
11
12
## Changes to existing queries
12
13
@@ -20,6 +21,7 @@ The following changes in version 1.24 affect C# analysis in all applications.
20
21
## Changes to libraries
21
22
22
23
* The taint tracking library now tracks flow through (implicit or explicit) conversion operator calls.
24
+
*[Code contracts](https://docs.microsoft.com/en-us/dotnet/framework/debug-trace-profile/code-contracts) are now recognized, and are treated like any other assertion methods.
| Expression always evaluates to the same value (`java/evaluation-to-constant`) | Fewer false positives | Expressions of the form `0 * x` are usually intended and no longer reported. |
Copy file name to clipboardExpand all lines: cpp/ql/src/Architecture/FeatureEnvy.ql
+1-1Lines changed: 1 addition & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -3,7 +3,7 @@
3
3
* @description A function that uses more functions and variables from another file than functions and variables from its own file. This function might be better placed in the other file, to avoid exposing internals of the file it depends on.
Copy file name to clipboardExpand all lines: cpp/ql/src/Architecture/InappropriateIntimacy.ql
+1-1Lines changed: 1 addition & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -3,7 +3,7 @@
3
3
* @description Two files share too much information about each other (accessing many operations or variables in both directions). It would be better to invert some of the dependencies to reduce the coupling between the two files.
0 commit comments