Merge pull request #669 from adityasharad/merge/master-next-111218

Merge master into next.

Author: Max Schaefer

.gitattributes

@@ -46,3 +46,4 @@
 *.jpg -text
 *.jpeg -text
 *.gif -text
+*.dll -text

change-notes/1.20/analysis-cpp.md

@@ -0,0 +1,20 @@
+# Improvements to C/C++ analysis
+
+## General improvements
+
+* The logic for identifying auto-generated files via `#line` directives has been improved.
+
+## New queries
+
+| **Query**                   | **Tags**  | **Purpose**                                                        |
+|-----------------------------|-----------|--------------------------------------------------------------------|
+
+## Changes to existing queries
+
+| **Query**                  | **Expected impact**    | **Change**                                                       |
+|----------------------------|------------------------|------------------------------------------------------------------|
+| Suspicious pointer scaling (`cpp/suspicious-pointer-scaling`) | Fewer false positives | False positives involving types that are not uniquely named in the snapshot have been fixed. |
+| Unused static variable (`cpp/unused-static-variable`) | Fewer false positive results | Variables with the attribute `unused` are now excluded from the query. |
+| Resource not released in destructor (`cpp/resource-not-released-in-destructor`) | Fewer false positive results | Fix false positives where a resource is released via a virtual method call. |
+
+## Changes to QL libraries

change-notes/1.20/analysis-csharp.md

@@ -9,8 +9,11 @@
 
 ## Changes to existing queries
 
-| *@name of query (Query ID)*| *Impact on results*    | *How/why the query has changed*                                  |
+| *@name of query (Query ID)*  | *Impact on results*    | *How/why the query has changed*   |
+|------------------------------|------------------------|-----------------------------------|
 | Off-by-one comparison against container length (cs/index-out-of-bounds) | Fewer false positives | Results have been removed when there are additional guards on the index. |
+| Dereferenced variable is always null (cs/dereferenced-value-is-always-null) | Improved results | The query has been rewritten from scratch, and the analysis is now based on static single assignment (SSA) forms. The query is now enabled by default in LGTM. |
+| Dereferenced variable may be null (cs/dereferenced-value-may-be-null) | Improved results | The query has been rewritten from scratch, and the analysis is now based on static single assignment (SSA) forms. The query is now enabled by default in LGTM. |
 
 ## Changes to code extraction
 

change-notes/1.20/analysis-java.md

@@ -0,0 +1,20 @@
+# Improvements to Java analysis
+
+## General improvements
+
+
+## New queries
+
+| **Query**                   | **Tags**  | **Purpose**                                                        |
+|-----------------------------|-----------|--------------------------------------------------------------------|
+| Double-checked locking is not thread-safe (`java/unsafe-double-checked-locking`) | reliability, correctness, concurrency, external/cwe/cwe-609 | Identifies wrong implementations of double-checked locking that does not use the `volatile` keyword. |
+| Race condition in double-checked locking object initialization (`java/unsafe-double-checked-locking-init-order`) | reliability, correctness, concurrency, external/cwe/cwe-609 | Identifies wrong implementations of double-checked locking that performs additional initialization after exposing the constructed object. |
+
+## Changes to existing queries
+
+| **Query**                  | **Expected impact**    | **Change**                                                       |
+|----------------------------|------------------------|------------------------------------------------------------------|
+
+## Changes to QL libraries
+
+

change-notes/1.20/analysis-javascript.md

@@ -0,0 +1,26 @@
+# Improvements to JavaScript analysis
+
+## General improvements
+
+* Support for popular libraries has been improved. Consequently, queries may produce more results on code bases that use the following features:
+  - client-side code, for example [React](https://reactjs.org/)
+  - server-side code, for example [hapi](https://hapijs.com/)
+
+## New queries
+
+| **Query**                                     | **Tags**                                             | **Purpose**                                                                                                                                                                 |
+|-----------------------------------------------|------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Double escaping or unescaping (`js/double-escaping`) | correctness, security, external/cwe/cwe-116 | Highlights potential double escaping or unescaping of special characters, indicating a possible violation of [CWE-116](https://cwe.mitre.org/data/definitions/116.html). Results are shown on LGTM by default. |
+| Incomplete URL substring sanitization | correctness, security, external/cwe/cwe-020 | Highlights URL sanitizers that are likely to be incomplete, indicating a violation of [CWE-020](https://cwe.mitre.org/data/definitions/20.html). Results shown on LGTM by default. |
+| Incorrect suffix check (`js/incorrect-suffix-check`) | correctness, security, external/cwe/cwe-020 | Highlights error-prone suffix checks based on `indexOf`, indicating a potential violation of [CWE-20](https://cwe.mitre.org/data/definitions/20.html). Results are shown on LGTM by default. |
+| Useless comparison test (`js/useless-comparison-test`) | correctness | Highlights code that is unreachable due to a numeric comparison that is always true or always false. Results are shown on LGTM by default. |
+
+## Changes to existing queries
+
+| **Query**                                  | **Expected impact**          | **Change**                                                                   |
+|--------------------------------------------|------------------------------|------------------------------------------------------------------------------|
+| Client-side cross-site scripting           | More results                 | This rule now recognizes WinJS functions that are vulnerable to HTML injection. |
+| Unused parameter                           | Fewer false-positive results | This rule no longer flags parameters with leading underscore. |
+| Unused variable, import, function or class | Fewer false-positive results | This rule now flags fewer variables that are implictly used by JSX elements, and no longer flags variables with leading underscore. |
+
+## Changes to QL libraries

cpp/ql/src/Best Practices/Unused Entities/UnusedStaticVariables.ql

@@ -25,4 +25,5 @@ where v.isStatic()
   and not v instanceof MemberVariable
   and not declarationHasSideEffects(v)
   and not v.getAnAttribute().hasName("used")
+  and not v.getAnAttribute().hasName("unused")
 select v, "Static variable " + v.getName() + " is never read"

cpp/ql/src/JPL_C/LOC-2/Rule 03/ExitNonterminatingLoop.ql

@@ -4,6 +4,8 @@
  * @kind problem
  * @id cpp/jpl-c/exit-nonterminating-loop
  * @problem.severity warning
+ * @tags correctness
+ *       external/jpl
  */
 
 import cpp

cpp/ql/src/JPL_C/LOC-2/Rule 03/LoopBounds.ql

@@ -5,6 +5,8 @@
  * @kind problem
  * @id cpp/jpl-c/loop-bounds
  * @problem.severity warning
+ * @tags correctness
+ *       external/jpl
  */
 
 import cpp

cpp/ql/src/JPL_C/LOC-2/Rule 04/Recursion.ql

@@ -4,6 +4,10 @@
  * @kind problem
  * @id cpp/jpl-c/recursion
  * @problem.severity warning
+ * @tags maintainability
+ *       readability
+ *       testability
+ *       external/jpl
  */
 
 import cpp

cpp/ql/src/JPL_C/LOC-2/Rule 05/HeapMemory.ql

@@ -3,7 +3,9 @@
  * @description Dynamic memory allocation (using malloc() or calloc()) should be confined to the initialization routines of a program.
  * @kind problem
  * @id cpp/jpl-c/heap-memory
- * @problem.severity warning
+ * @problem.severity recommendation
+ * @tags resources
+ *       external/jpl
  */
 
 import cpp