|
2 | 2 |
|
3 | 3 | ## General improvements |
4 | 4 |
|
5 | | -* Control flow graph improvements: |
6 | | - * The control flow graph construction now takes simple Boolean conditions on local scope variables into account. For example, in `if (b) x = 0; if (b) x = 1;`, the control flow graph will reflect that taking the `true` (resp. `false`) branch in the first condition implies taking the same branch in the second condition. In effect, the first assignment to `x` will now be identified as being dead. |
7 | | - * Code that is only reachable from a constant failing assertion, such as `Debug.Assert(false)`, is considered to be unreachable. |
| 5 | +### Changes to the autobuilder |
| 6 | + |
| 7 | +During code extraction, when determining the target of `msbuild` or `dotnet build`, the autobuilder now looks for: |
| 8 | + |
| 9 | +* `.proj` files, |
| 10 | +* then `.sln` files, |
| 11 | +* and finally `.csproj`/`.vcxproj` files. |
| 12 | + |
| 13 | +In all three cases, when multiple files of the same type are found, the project/solution file closest to the root is used to build the project. |
| 14 | + |
| 15 | +### Control flow graph improvements |
| 16 | + |
| 17 | +* The control flow graph construction now takes simple Boolean conditions on local scope variables into account. For example, in `if (b) x = 0; if (b) x = 1;`, the control flow graph will reflect the fact that taking the `true` (resp. `false`) branch in the first condition implies taking the same branch in the second condition. In effect, the first assignment to `x` will now be identified as being dead. |
| 18 | +* Code that is only reachable from a constant failing assertion, such as `Debug.Assert(false)`, is considered to be unreachable. |
8 | 19 |
|
9 | 20 | ## New queries |
10 | 21 |
|
11 | 22 | | **Query** | **Tags** | **Purpose** | |
12 | 23 | |-----------------------------|-----------|--------------------------------------------------------------------| |
13 | | -| Uncontrolled format string (`cs/uncontrolled-format-string`) | security, external/cwe/cwe-134 | Finds data flow from remote inputs to the format string in `String.Format`. This is included by default. | |
14 | | -| Using a package with a known vulnerability `(`cs/use-of-vulnerable-package`) | security, external/cwe/cwe-937 | Finds project build files that import packages with known vulnerabilities. This is included by default. | |
| 24 | +| Uncontrolled format string (`cs/uncontrolled-format-string`) | security, external/cwe/cwe-134 | Finds data flow from remote inputs to the format string in `String.Format`. Results are shown on LGTM by default. | |
| 25 | +| Using a package with a known vulnerability (`cs/use-of-vulnerable-package`) | security, external/cwe/cwe-937 | Finds project build files that import packages with known vulnerabilities. Results are shown on LGTM by default. | |
15 | 26 |
|
16 | 27 | ## Changes to existing queries |
17 | 28 |
|
18 | | -| Cross-site scripting (`cs/web/xss`) | More results | This query now finds cross-site scripting vulnerabilities in ASP.NET Core applications. | |
19 | | -| Inconsistent lock sequence (`cs/inconsistent-lock-sequence`) | More results | This query now finds inconsistent lock sequences globally across calls. | |
| 29 | +| **Query** | **Expected impact** | **Change** | |
| 30 | +|----------------------------|------------------------|------------------------------------------------------------------| |
| 31 | +| Cross-site scripting (`cs/web/xss`) | More results | Finds cross-site scripting vulnerabilities in ASP.NET Core applications. | |
| 32 | +| Inconsistent lock sequence (`cs/inconsistent-lock-sequence`) | More results | Finds inconsistent lock sequences globally across calls. | |
20 | 33 | | Local scope variable shadows member (`cs/local-shadows-member`) | Fewer results | Results have been removed where a constructor parameter shadows a member, because the parameter is probably used to initialize the member. | |
21 | 34 |
|
22 | 35 | ## Changes to code extraction |
23 | 36 |
|
24 | 37 | * Arguments passed using `in` are now extracted. |
25 | | -* Fix a bug where the `dynamic` type name was not extracted correctly in certain circumstances. |
| 38 | +* Fixed a bug where the `dynamic` type name was not extracted correctly in certain circumstances. |
26 | 39 |
|
27 | 40 | ## Changes to QL libraries |
28 | 41 |
|
29 | 42 | * `getArgument()` on `AccessorCall` has been improved so it now takes tuple assignments into account. For example, the argument for the implicit `value` parameter in the setter of property `P` is `0` in `(P, x) = (0, 1)`. Additionally, the argument for the `value` parameter in compound assignments is now only the expanded value, for example, in `P += 7` the argument is `P + 7` and not `7`. |
30 | | -* The predicate `isInArgument()` has been added to the `AssignableAccess` class. This holds for expressions that are passed as arguments using `in`. |
31 | | - |
32 | | -## Changes to the autobuilder |
33 | | - |
34 | | -* When determining the target of `msbuild` or `dotnet build`, first look for `.proj` files, then `.sln` files, and finally `.csproj`/`.vcxproj` files. In all three cases, choose the project/solution file closest to the root. |
| 43 | +* The predicate `isInArgument()` has been added to the `AssignableAccess` class. This holds for expressions that are passed as arguments using `in` |
0 commit comments