|
1 | 1 | # Improvements to C# analysis |
2 | 2 |
|
3 | | -## General improvements |
4 | | - |
5 | | -## New queries |
6 | | - |
7 | | -| **Query** | **Tags** | **Purpose** | |
8 | | -|-----------------------------|-----------|--------------------------------------------------------------------| |
9 | | - |
10 | 3 | ## Changes to existing queries |
11 | 4 |
|
12 | | -| *@name of query (Query ID)* | *Impact on results* | *How/why the query has changed* | |
| 5 | +| **Query** | **Expected impact** | **Change** | |
13 | 6 | |------------------------------|------------------------|-----------------------------------| |
14 | | -| Off-by-one comparison against container length (`cs/index-out-of-bounds`) | Fewer false positives | Results have been removed when there are additional guards on the index. | |
15 | | -| Dereferenced variable is always null (`cs/dereferenced-value-is-always-null`) | Improved results | The query has been rewritten from scratch, and the analysis is now based on static single assignment (SSA) forms. The query is now enabled by default in LGTM. | |
16 | | -| Dereferenced variable may be null (`cs/dereferenced-value-may-be-null`) | Improved results | The query has been rewritten from scratch, and the analysis is now based on static single assignment (SSA) forms. The query is now enabled by default in LGTM. | |
17 | | -| SQL query built from user-controlled sources (`cs/sql-injection`), Improper control of generation of code (`cs/code-injection`), Uncontrolled format string (`cs/uncontrolled-format-string`), Clear text storage of sensitive information (`cs/cleartext-storage-of-sensitive-information`), Exposure of private information (`cs/exposure-of-sensitive-information`) | More results | Data sources have been added from user controls in `System.Windows.Forms`. | |
18 | | -| Use of default ToString() (`cs/call-to-object-tostring`) | Fewer false positives | Results have been removed for `char` arrays passed to `StringBuilder.Append()`, which were incorrectly marked as using `ToString`. | |
19 | | -| Use of default ToString() (`cs/call-to-object-tostring`) | Fewer results | Results have been removed when the object is an interface or an abstract class. | |
20 | | -| Unused format argument (`cs/format-argument-unused`) | Fewer false positives | Results have been removed where the format string is empty. This is often used as a default value and is not an interesting result. | |
21 | | -| Double-checked lock is not thread-safe (`cs/unsafe-double-checked-lock`) | Fewer false positives, more true positives | Results have been removed where the underlying field was not updated in the `lock` statement, or where the field is a `struct`. Results have been added where there are other statements inside the `lock` statement. | |
| 7 | +| Clear text storage of sensitive information (`cs/cleartext-storage-of-sensitive-information`) | More results | Now includes data sources for user controls in `System.Windows.Forms`. | |
| 8 | +| Dereferenced variable is always null (`cs/dereferenced-value-is-always-null`) | Improved results | The query has been rewritten from scratch, and the analysis is now based on static single assignment (SSA) forms. Results are now shown by default in LGTM. | |
| 9 | +| Dereferenced variable may be null (`cs/dereferenced-value-may-be-null`) | Improved results | The query has been rewritten from scratch, and the analysis is now based on static single assignment (SSA) forms. Results are now shown by default in LGTM. | |
| 10 | +| Double-checked lock is not thread-safe (`cs/unsafe-double-checked-lock`) | Fewer false positive and more true positive results | No longer highlights code where the underlying field was not updated in the `lock` statement, or where the field is a `struct`. Results have been added where there are other statements inside the `lock` statement. | |
| 11 | +| Exposure of private information (`cs/exposure-of-sensitive-information`) | More results | Now includes data sources for user controls in `System.Windows.Forms`. | |
| 12 | +| Improper control of generation of code (`cs/code-injection`) | More results | Now includes data sources for user controls in `System.Windows.Forms`. | |
| 13 | +| Off-by-one comparison against container length (`cs/index-out-of-bounds`) | Fewer false positive results | No longer reports results when there are additional guards on the index. | |
| 14 | +| SQL query built from user-controlled sources (`cs/sql-injection`) | More results | Now includes data sources for user controls in `System.Windows.Forms`. | |
| 15 | +| Uncontrolled format string (`cs/uncontrolled-format-string`) | More results | Now includes data sources for user controls in `System.Windows.Forms`. | |
| 16 | +| Unused format argument (`cs/format-argument-unused`) | Fewer false positive results | No longer reports results where the format string is empty. This is often used as a default value and is not an interesting result. | |
| 17 | +| Use of default ToString() (`cs/call-to-object-tostring`) | Fewer false positive results | No longer reports results for `char` arrays passed to `StringBuilder.Append()`, which were incorrectly marked as using `ToString`. | |
| 18 | +| Use of default ToString() (`cs/call-to-object-tostring`) | Fewer results | No longer reports results when the object is an interface or an abstract class. | |
22 | 19 | | Using a package with a known vulnerability (`cs/use-of-vulnerable-package`) | More results | This query detects packages vulnerable to CVE-2019-0657. | |
23 | 20 |
|
24 | 21 | ## Changes to code extraction |
|
29 | 26 | ## Changes to QL libraries |
30 | 27 |
|
31 | 28 | * The class `TrivialProperty` now includes library properties determined to be trivial using CIL analysis. This may increase the number of results for all queries that use data flow. |
32 | | -* Taint-tracking steps have been added for the `Json.NET` package. This will improve results for queries that use taint-tracking. |
| 29 | +* Taint-tracking steps have been added for the `Json.NET` package. This will improve results for queries that use taint tracking. |
33 | 30 | * Support has been added for EntityFrameworkCore, including |
34 | 31 | - Stored data flow sources |
35 | 32 | - Sinks for SQL expressions |
36 | | - - Data flow through fields that are mapped to the database. |
| 33 | + - Data flow through fields that are mapped to the database |
37 | 34 | * Support has been added for NHibernate-Core, including |
38 | 35 | - Stored data flow sources |
39 | 36 | - Sinks for SQL expressions |
40 | | - - Data flow through fields that are mapped to the database. |
| 37 | + - Data flow through fields that are mapped to the database |
41 | 38 |
|
42 | | -## Changes to the autobuilder |
0 commit comments