You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
| Deserialization of untrusted data (`cs/unsafe-deserialization-untrusted-input`) | security, external/cwe/cwe-502 | Finds flow of untrusted input to calls to unsafe deserializers. |
13
-
|Unsafe year argument for 'DateTime' constructor (`cs/unsafe-year-construction`) | reliability, date-time | Finds incorrect manipulation of `DateTime` values, which could lead to invalid dates. |
|Mishandling the Japanese era start date (`cs/mishandling-japanese-era`) |reliability, date-time| Finds hard-coded Japanese era start dates that could be invalid. |
9
+
| Deserialized delegate (`cs/deserialized-delegate`) | security, external/cwe/cwe-502 | Finds unsafe deserialization of delegate types. Results are shown on LGTM by default. |
10
+
| Deserialization of untrusted data (`cs/unsafe-deserialization-untrusted-input`) | security, external/cwe/cwe-502 | Finds flow of untrusted input to calls to unsafe deserializers. Results are shown on LGTM by default. |
11
+
|Mishandling the Japanese era start date (`cs/mishandling-japanese-era`) | reliability, date-time | Finds hard-coded Japanese era start dates that could be invalid. Results are not shown on LGTM by default. |
12
+
| Unsafe year argument for 'DateTime' constructor (`cs/unsafe-year-construction`) |reliability, date-time| Finds incorrect manipulation of `DateTime` values, which could lead to invalid dates. Results are not shown on LGTM by default. |
13
+
|Unsafe deserializer (`cs/unsafe-deserialization`) |security, external/cwe/cwe-502| Finds calls to unsafe deserializers. By default, the query is not run on LGTM. |
| Dereferenced variable may be null (`cs/dereferenced-value-may-be-null`) | Fewer false positive results | More `null` checks are now taken into account, including `null` checks for `dynamic` expressions and `null` checks such as `object alwaysNull = null; if (x != alwaysNull) ...`. |
22
-
| Missing Dispose call on local IDisposable (`cs/local-not-disposed`) | Fewer false positive results | The query has been rewritten in order to identify more dispose patterns. For example, a local `IDisposable` that is disposed of by passing through a fluent API is no longer reported. |
23
-
24
-
## Removal of old queries
20
+
| Missing Dispose call on local IDisposable (`cs/local-not-disposed`) | Fewer false positive results | The query has been rewritten in order to identify more dispose patterns. For example, a local `IDisposable` that is disposed of by passing through a fluent API is no longer reported as missing a dispose call. |
25
21
26
22
## Changes to code extraction
27
23
@@ -31,22 +27,19 @@ The following changes in version 1.23 affect C# analysis in all applications.
31
27
32
28
* The new class `NamespaceAccess` models accesses to namespaces, for example in `nameof` expressions.
33
29
* The data-flow library now makes it easier to specify barriers/sanitizers
34
-
arising from guards by overriding the predicate
30
+
arising from guards. You can override the predicate
35
31
`isBarrierGuard`/`isSanitizerGuard` on data-flow and taint-tracking
36
32
configurations respectively.
37
33
* The data-flow library has been extended with a new feature to aid debugging.
38
-
Instead of specifying `isSink(Node n) { any() }` on a configuration to
39
-
explore the possible flow from a source, it is recommended to use the new
40
-
`Configuration::hasPartialFlow` predicate, as this gives a more complete
41
-
picture of the partial flow paths from a given source. The feature is
42
-
disabled by default and can be enabled for individual configurations by
34
+
Previously, to explore the possible flow from all sources you could specify `isSink(Node n) { any() }` on a configuration.
35
+
Now you can use the new `Configuration::hasPartialFlow` predicate,
36
+
which gives a more complete picture of the partial flow paths from a given source, including flow that doesn't reach any sink.
37
+
The feature is disabled by default and can be enabled for individual configurations by
43
38
overriding `int explorationLimit()`.
44
-
*`foreach` statements where the body is guaranteed to be executed at least once, such as `foreach (var x in new string[]{ "a", "b", "c" }) { ... }`, are now recognized by all analyses based on the controlflow graph (such as SSA, data flow and taint tracking).
45
-
* Fixed the controlflow graph for `switch` statements where the `default` case was not the last case. This had caused the remaining cases to be unreachable. `SwitchStmt.getCase(int i)` now puts the `default` case last.
39
+
*`foreach` statements where the body is guaranteed to be executed at least once, such as `foreach (var x in new string[]{ "a", "b", "c" }) { ... }`, are now recognized by all analyses based on the control-flow graph (such as SSA, data flow and taint tracking).
40
+
* Fixed the control-flow graph for `switch` statements where the `default` case was not the last case. This had caused the remaining cases to be unreachable. `SwitchStmt.getCase(int i)` now puts the `default` case last.
46
41
* There is now a `DataFlow::localExprFlow` predicate and a
47
42
`TaintTracking::localExprTaint` predicate to make it easy to use the most
48
43
common case of local data flow and taint: from one `Expr` to another.
49
44
* Data is now tracked through null-coalescing expressions (`??`).
50
45
* A new library `semmle.code.csharp.Unification` has been added. This library exposes two predicates `unifiable` and `subsumes` for calculating type unification and type subsumption, respectively.
0 commit comments