Skip to content

Commit 3c608fe

Browse files
author
Esben Sparre Andreasen
authored
Merge branch 'master' into js/improve-createServer
2 parents 0b733b4 + 1da828f commit 3c608fe

File tree

54 files changed

+452
-123
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

54 files changed

+452
-123
lines changed

change-notes/1.21/analysis-cpp.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@
1111

1212
| **Query** | **Expected impact** | **Change** |
1313
|----------------------------|------------------------|------------------------------------------------------------------|
14+
| Dead code due to goto or break statement (`cpp/dead-code-goto`) | Fewer false positive results | Functions containing preprocessor logic are now excluded from this analysis. |
1415
| Mismatching new/free or malloc/delete (`cpp/new-free-mismatch`) | Fewer false positive results | Fixed an issue where functions were being identified as allocation functions inappropriately. Also affects `cpp/new-array-delete-mismatch` and `cpp/new-delete-array-mismatch`. |
1516
| Overflow in uncontrolled allocation size (`cpp/uncontrolled-allocation-size`) | More correct results | This query has been reworked so that it can find a wider variety of results. |
1617
| Memory may not be freed (`cpp/memory-may-not-be-freed`) | More correct results | Support added for more Microsoft-specific allocation functions, including `LocalAlloc`, `GlobalAlloc`, `HeapAlloc` and `CoTaskMemAlloc`. |

change-notes/1.21/analysis-javascript.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,8 +3,10 @@
33
## General improvements
44

55
* Support for the following frameworks and libraries has been improved:
6+
- [koa](https://github.com/koajs/koa)
67
- [socket.io](http://socket.io)
78
- [Node.js](http://nodejs.org)
9+
- [Firebase](https://firebase.google.com/)
810

911
* The security queries now track data flow through Base64 decoders such as the Node.js `Buffer` class, the DOM function `atob`, and a number of npm packages intcluding [`abab`](https://www.npmjs.com/package/abab), [`atob`](https://www.npmjs.com/package/atob), [`btoa`](https://www.npmjs.com/package/btoa), [`base-64`](https://www.npmjs.com/package/base-64), [`js-base64`](https://www.npmjs.com/package/js-base64), [`Base64.js`](https://www.npmjs.com/package/Base64) and [`base64-js`](https://www.npmjs.com/package/base64-js).
1012

cpp/ql/src/Architecture/General Class-Level Information/HubClasses.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
* @name Hub classes
33
* @description Shows coupling between classes. Large, red, boxes are hub types that depend on many other classes
44
* and are depended on by many other classes.
5-
* @kind treemap
5+
* @kind table
66
* @id cpp/architecture/hub-classes
77
* @treemap.warnOn highValues
88
* @tags maintainability

cpp/ql/src/Critical/DeadCodeGoto.ql

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@
1010
*/
1111

1212
import cpp
13+
import semmle.code.cpp.commons.Exclusions
1314

1415
Stmt getNextRealStmt(Block b, int i) {
1516
result = b.getStmt(i + 1) and
@@ -30,4 +31,6 @@ where b.getStmt(i) = js
3031
// the next statement isn't a loop that can be jumped into
3132
and not exists (LabelStmt ls | s.(Loop).getStmt().getAChild*() = ls)
3233
and not exists (SwitchCase sc | s.(Loop).getStmt().getAChild*() = sc)
34+
// no preprocessor logic applies
35+
and not functionContainsPreprocCode(js.getEnclosingFunction())
3336
select js, "This statement makes $@ unreachable.", s, s.toString()

cpp/ql/src/jsf/3.02 Code Size and Complexity/AV Rule 3.ql

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -12,5 +12,4 @@ import cpp
1212
from Function f, int c
1313
where c = f.getMetrics().getCyclomaticComplexity() and
1414
c > 20
15-
select f, c as CyclomaticComplexity,
16-
"AV Rule 3: All functions shall have a cyclomatic complexity number of 20 or less."
15+
select f, "AV Rule 3: All functions shall have a cyclomatic complexity number of 20 or less."

cpp/ql/src/jsf/4.10 Classes/AV Rule 81.ql

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@
33
* @description The assignment operator shall handle self-assignment correctly.
44
* @kind problem
55
* @id cpp/jsf/av-rule-81
6+
* @precision low
67
* @problem.severity error
78
* @tags correctness
89
* external/jsf
@@ -77,4 +78,4 @@ where hasResource(op.getDeclaringType())
7778
and not exists(op.getASelfEqualityTest())
7879
and not exists(op.getASwapCall())
7980
and exists(op.getADeleteExpr())
80-
select op
81+
select op, "AV Rule 81: The assignment operator shall handle self-assignment correctly."

cpp/ql/src/semmle/code/cpp/ASTSanity.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
/**
22
* @name AST Sanity Check
33
* @description Performs sanity checks on the Abstract Syntax Tree. This query should have no results.
4-
* @kind problem
4+
* @kind table
55
* @id cpp/ast-sanity-check
66
*/
77

cpp/ql/src/semmle/code/cpp/AutogeneratedFile.qll

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -23,11 +23,15 @@ private bindingset[comment] predicate autogeneratedComment(string comment) {
2323

2424
// changes made in this file will be lost
2525
"(changes made in this file will be lost)|" +
26-
27-
// do not edit/modify
26+
27+
// do not edit/modify (not mid-sentence)
2828
"(^ do(n't|nt| not) (hand-?)?(edit|modify))|" +
29-
"(! do(n't|nt| not) (hand-?)?(edit|modify))" and
30-
29+
"(! do(n't|nt| not) (hand-?)?(edit|modify))|" +
30+
31+
// do not edit/modify + generated
32+
"(do(n't|nt| not) (hand-?)?(edit|modify).*generated)|" +
33+
"(generated.*do(n't|nt| not) (hand-?)?(edit|modify))" and
34+
3135
comment.regexpMatch("(?si).*(" +
3236
// replace `generated` with a regexp that also catches things like
3337
// `auto-generated`.

cpp/ql/src/semmle/code/cpp/commons/Exclusions.qll

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -58,3 +58,16 @@ predicate functionContainsDisabledCode(Function f) {
5858
)
5959
)
6060
}
61+
62+
/**
63+
* Holds if the function `f` contains code that could be excluded by the preprocessor.
64+
*/
65+
predicate functionContainsPreprocCode(Function f) {
66+
// `f` contains a preprocessor branch
67+
exists(PreprocessorBranchDirective pbd, string file, int pbdStartLine, int fBlockStartLine, int fBlockEndLine |
68+
functionLocation(f, file, fBlockStartLine, fBlockEndLine) and
69+
pbdLocation(pbd, file, pbdStartLine) and
70+
pbdStartLine <= fBlockEndLine and
71+
pbdStartLine >= fBlockStartLine
72+
)
73+
}

cpp/ql/src/semmle/code/cpp/ir/IRSanity.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
/**
22
* @name IR Sanity Check
33
* @description Performs sanity checks on the Intermediate Representation. This query should have no results.
4-
* @kind problem
4+
* @kind table
55
* @id cpp/ir-sanity-check
66
*/
77

0 commit comments

Comments
 (0)