diff --git a/change-notes/1.20/analysis-python.md b/change-notes/1.20/analysis-python.md index f6539bf761a9..c69fbbfa30fe 100644 --- a/change-notes/1.20/analysis-python.md +++ b/change-notes/1.20/analysis-python.md @@ -1,19 +1,23 @@ # Improvements to Python analysis +## General improvements - ## General improvements +### Extractor changes - > Changes that affect alerts in many files or from many queries -> For example, changes to file classification +The extractor now parses all Python code from a single unified grammar. This means that almost all Python code will be successfully parsed, even if mutually incompatible Python code is present in the same project. This also means that Python code for any version can be correctly parsed on a worker running any other supported version of Python. For example, Python 3.7 code is parsed correctly, even if the installed version of Python is only 3.5. This will reduce the number of syntax errors found in many projects. + +### Regular expression analysis improvements + +The Python `re` (regular expressions) module library has a couple of constants called `MULTILINE` and `VERBOSE` which determine the parsing of regular expressions. Python 3.6 changed the implementation of these constants, which resulted in false positive results for some queries. The relevant QL libraries have been updated to support both implementations which will remove false positive results from projects that use Python 3.6 and later versions. + +### API improvements -The constants `MULTILINE` and `VERBOSE` in `re` module, are now understood for Python 3.6 and upward. -Removes false positives seen when using Python 3.6, but not when using earlier versions. The API has been improved to declutter the global namespace and improve discoverability and readability. * New predicates `ModuleObject::named(name)` and `ModuleObject.attr(name)` have been added, allowing more readable access to common objects. For example, `(any ModuleObject m | m.getName() = "sys").getAttribute("exit")` can be replaced with `ModuleObject::named("sys").attr("exit")` - * The API for accessing builtin functions has been improved. Predicates of the form `theXXXFunction()`, such as `theLenFunction()`, have been deprecated in favour of `Object::builtin(name)`. + * The API for accessing builtin functions has been improved. Predicates of the form `theXXXFunction()`, such as `theLenFunction()`, have been deprecated in favor of `Object::builtin(name)`. * A configuration based API has been added for writing data flow and taint tracking queries. This is provided as a convenience for query authors who have written data flow or taint tracking queries for other languages, so they can use a similar format of query across multiple languages. - ## New queries +## New queries | **Query** | **Tags** | **Purpose** | |-----------------------------|-----------|--------------------------------------------------------------------| @@ -24,7 +28,7 @@ The API has been improved to declutter the global namespace and improve discover | Overly permissive file permissions (`py/overly-permissive-file`) | security, external/cwe/cwe-732 | Finds instances where a file is created with overly permissive permissions. Results are not shown on LGTM by default. | | Use of insecure SSL/TLS version (`py/insecure-protocol`) | security, external/cwe/cwe-327 | Finds instances where a known insecure protocol has been specified. Results are shown on LGTM by default. | - ## Changes to existing queries +## Changes to existing queries | **Query** | **Expected impact** | **Change** | |----------------------------|------------------------|------------------------------------------------------------------| @@ -35,11 +39,8 @@ The API has been improved to declutter the global namespace and improve discover | Unused import (`py/unused-import`) | Fewer false positive results | Results where the imported module is used in a `doctest` string are no longer reported. | | Unused import (`py/unused-import`) | Fewer false positive results | Results where the imported module is used in a type-hint comment are no longer reported. | - ## Changes to code extraction - - * The extractor now parses all Python code from a single unified grammar. This means that almost all Python code will be successfully parsed, even if mutually incompatible Python code is present in the same project. This also means that Python code for any version can be correctly parsed on a worker running any other supported version of Python. For example, Python 3.7 code is parsed correctly, even if the installed version of Python is only 3.5. - ## Changes to QL libraries +## Changes to QL libraries * Added support for the `dill` pickle library. * Added support for the `bottle` web framework. diff --git a/change-notes/1.20/extractor-javascript.md b/change-notes/1.20/extractor-javascript.md index b233e167faf7..eee09113ebbb 100644 --- a/change-notes/1.20/extractor-javascript.md +++ b/change-notes/1.20/extractor-javascript.md @@ -2,25 +2,11 @@ # Improvements to JavaScript analysis -> NOTES -> -> Please describe your changes in terms that are suitable for -> customers to read. These notes will have only minor tidying up -> before they are published as part of the release notes. -> -> This file is written for lgtm users and should contain *only* -> notes about changes that affect lgtm enterprise users. Add -> any other customer-facing changes to the `studio-java.md` -> file. -> - -## General improvements - ## Changes to code extraction -* Parallel extraction of JavaScript files (but not TypeScript files) on LGTM is now supported. The `LGTM_THREADS` environment variable can be set to indicate how many files should be extracted in parallel. If this variable is not set, parallel extraction is disabled. -* The extractor now offers experimental support for [E4X](https://developer.mozilla.org/en-US/docs/Archive/Web/E4X), a legacy language extension developed by Mozilla. -* The extractor now supports additional [Flow](https://flow.org/) syntax. -* The extractor now supports [Nullish Coalescing](https://github.com/tc39/proposal-nullish-coalescing) expressions. -* The extractor now supports [TypeScript 3.2](https://www.typescriptlang.org/docs/handbook/release-notes/typescript-3-2.html). -* The TypeScript extractor now handles the control-flow of logical operators and destructuring assignments more accurately. +* Parallel extraction of JavaScript files (but not TypeScript files) on LGTM is now supported. If LGTM is configured to evaluate queries using multiple threads, then JavaScript files are also extracted using multiple threads. +* Experimental support for [E4X](https://developer.mozilla.org/en-US/docs/Archive/Web/E4X), a legacy language extension developed by Mozilla, is available. +* Additional [Flow](https://flow.org/) syntax is now supported. +* [Nullish Coalescing](https://github.com/tc39/proposal-nullish-coalescing) expressions are now supported. +* [TypeScript 3.2](https://www.typescriptlang.org/docs/handbook/release-notes/typescript-3-2.html) is now supported. +* The TypeScript extractor now handles the control flow of logical operators and destructuring assignments more accurately. diff --git a/change-notes/1.20/support/versions-compilers.csv b/change-notes/1.20/support/versions-compilers.csv index 9ca3a1552ef0..8a1b178e9f36 100644 --- a/change-notes/1.20/support/versions-compilers.csv +++ b/change-notes/1.20/support/versions-compilers.csv @@ -13,4 +13,4 @@ Java,"Java 6 to 11 [2]_.","javac (OpenJDK and Oracle JDK) Eclipse compiler for Java (ECJ) batch compiler",``.java`` JavaScript,ECMAScript 2018 or lower,Not applicable,"``.js``, ``.jsx``, ``.mjs``, ``.es``, ``.es6``, ``.htm``, ``.html``, ``.xhm``, ``.xhtml``, ``.vue``, ``.json`` [3]_." Python,"2.7, 3.5, 3.6, 3.7",Not applicable,``.py`` -TypeScript [4]_.,"2.6, 2.7, 2.8, 2.9, 3.0, 3.1",Standard TypeScript compiler,"``.ts``, ``.tsx``" +TypeScript [4]_.,"2.6, 2.7, 2.8, 2.9, 3.0, 3.1, 3.2",Standard TypeScript compiler,"``.ts``, ``.tsx``" diff --git a/csharp/ql/src/API Abuse/DisposeNotCalledOnException.ql b/csharp/ql/src/API Abuse/DisposeNotCalledOnException.ql index ec3db37f8bba..6b4ba7519e48 100644 --- a/csharp/ql/src/API Abuse/DisposeNotCalledOnException.ql +++ b/csharp/ql/src/API Abuse/DisposeNotCalledOnException.ql @@ -49,18 +49,28 @@ predicate isTriedAgainstException(ControlFlowElement cfe, ExceptionClass ec) { ) } +private class DisposeCall extends MethodCall { + DisposeCall() { this.getTarget() instanceof DisposeMethod } +} + +private predicate reachesDisposeCall(DisposeCall disposeCall, DataFlow::Node node) { + DataFlow::localFlowStep(node, DataFlow::exprNode(disposeCall.getQualifier())) + or + exists(DataFlow::Node mid | reachesDisposeCall(disposeCall, mid) | + DataFlow::localFlowStep(node, mid) + ) +} + /** * Holds if `disposeCall` disposes the object created by `disposableCreation`. */ -predicate disposeReachableFromDisposableCreation(MethodCall disposeCall, Expr disposableCreation) { +predicate disposeReachableFromDisposableCreation(DisposeCall disposeCall, Expr disposableCreation) { // The qualifier of the Dispose call flows from something that introduced a disposable into scope ( disposableCreation instanceof LocalScopeDisposableCreation or disposableCreation instanceof MethodCall ) and - DataFlow::localFlowStep+(DataFlow::exprNode(disposableCreation), - DataFlow::exprNode(disposeCall.getQualifier())) and - disposeCall.getTarget() instanceof DisposeMethod + reachesDisposeCall(disposeCall, DataFlow::exprNode(disposableCreation)) } class MethodCallThatMayThrow extends MethodCall { @@ -73,7 +83,7 @@ ControlFlowElement getACatchOrFinallyClauseChild() { result = getACatchOrFinallyClauseChild().getAChild() } -from MethodCall disposeCall, Expr disposableCreation, MethodCallThatMayThrow callThatThrows +from DisposeCall disposeCall, Expr disposableCreation, MethodCallThatMayThrow callThatThrows where disposeReachableFromDisposableCreation(disposeCall, disposableCreation) and // The dispose call is not, itself, within a dispose method. diff --git a/csharp/ql/src/semmle/code/csharp/Assignable.qll b/csharp/ql/src/semmle/code/csharp/Assignable.qll index 9783418475b4..14318ac37b15 100644 --- a/csharp/ql/src/semmle/code/csharp/Assignable.qll +++ b/csharp/ql/src/semmle/code/csharp/Assignable.qll @@ -76,6 +76,11 @@ class AssignableRead extends AssignableAccess { not nameOfChild(_, this) } + pragma[noinline] + private ControlFlow::Node getAnAdjacentReadSameVar() { + Ssa::Internal::adjacentReadPairSameVar(this.getAControlFlowNode(), result) + } + /** * Gets a next read of the same underlying assignable. That is, a read * that can be reached from this read without passing through any other reads, @@ -102,7 +107,7 @@ class AssignableRead extends AssignableAccess { */ AssignableRead getANextRead() { forex(ControlFlow::Node cfn | cfn = result.getAControlFlowNode() | - Ssa::Internal::adjacentReadPairSameVar(this.getAControlFlowNode(), cfn) + cfn = this.getAnAdjacentReadSameVar() ) } diff --git a/csharp/ql/src/semmle/code/csharp/dataflow/DataFlow.qll b/csharp/ql/src/semmle/code/csharp/dataflow/DataFlow.qll index f66876653d35..fd749c55f7c9 100755 --- a/csharp/ql/src/semmle/code/csharp/dataflow/DataFlow.qll +++ b/csharp/ql/src/semmle/code/csharp/dataflow/DataFlow.qll @@ -704,6 +704,7 @@ module DataFlow { ) } + pragma[nomagic] private ControlFlowElement getANonExactScopeChild(ControlFlowElement scope) { scope = getAScope(false) and result = scope diff --git a/javascript/extractor/src/com/semmle/js/extractor/ASTExtractor.java b/javascript/extractor/src/com/semmle/js/extractor/ASTExtractor.java index 662fbefca02e..b37657b85b4f 100644 --- a/javascript/extractor/src/com/semmle/js/extractor/ASTExtractor.java +++ b/javascript/extractor/src/com/semmle/js/extractor/ASTExtractor.java @@ -42,7 +42,6 @@ import com.semmle.js.ast.Identifier; import com.semmle.js.ast.IfStatement; import com.semmle.js.ast.ImportDeclaration; -import com.semmle.js.ast.ImportNamespaceSpecifier; import com.semmle.js.ast.ImportSpecifier; import com.semmle.js.ast.InvokeExpression; import com.semmle.js.ast.JumpStatement; @@ -1449,13 +1448,7 @@ public Label visit(ImportDeclaration nd, Context c) { public Label visit(ImportSpecifier nd, Context c) { Label lbl = super.visit(nd, c); visit(nd.getImported(), lbl, 0, IdContext.label); - visit( - nd.getLocal(), - lbl, - 1, - nd instanceof ImportNamespaceSpecifier - ? IdContext.varAndNamespaceDecl - : IdContext.varAndTypeAndNamespaceDecl); + visit(nd.getLocal(), lbl, 1, IdContext.varAndTypeAndNamespaceDecl); return lbl; } diff --git a/javascript/extractor/src/com/semmle/js/extractor/ScopeManager.java b/javascript/extractor/src/com/semmle/js/extractor/ScopeManager.java index 8c9902c03bf7..1270b0a94092 100644 --- a/javascript/extractor/src/com/semmle/js/extractor/ScopeManager.java +++ b/javascript/extractor/src/com/semmle/js/extractor/ScopeManager.java @@ -17,7 +17,6 @@ import com.semmle.js.ast.Identifier; import com.semmle.js.ast.IfStatement; import com.semmle.js.ast.ImportDeclaration; -import com.semmle.js.ast.ImportNamespaceSpecifier; import com.semmle.js.ast.ImportSpecifier; import com.semmle.js.ast.LabeledStatement; import com.semmle.js.ast.LetExpression; @@ -559,9 +558,7 @@ public Void visit(ImportDeclaration nd, Void c) { @Override public Void visit(ImportSpecifier nd, Void c) { - return visit( - nd.getLocal(), - nd instanceof ImportNamespaceSpecifier ? DeclKind.varAndNamespace : DeclKind.all); + return visit(nd.getLocal(), DeclKind.all); } @Override diff --git a/javascript/extractor/tests/es2015/output/trap/import5.js.trap b/javascript/extractor/tests/es2015/output/trap/import5.js.trap index ea5ea8a38363..c686a83cb668 100644 --- a/javascript/extractor/tests/es2015/output/trap/import5.js.trap +++ b/javascript/extractor/tests/es2015/output/trap/import5.js.trap @@ -65,45 +65,49 @@ isModule(#20001) isES2015Module(#20001) #20021=@"var;{foo};{#20020}" variables(#20021,"foo",#20020) -#20022=@"local_namespace_name;{foo};{#20020}" -local_namespace_names(#20022,"foo",#20020) +#20022=@"local_type_name;{foo};{#20020}" +local_type_names(#20022,"foo",#20020) +#20023=@"local_namespace_name;{foo};{#20020}" +local_namespace_names(#20023,"foo",#20020) variables(#20021,"foo",#20020) -local_namespace_names(#20022,"foo",#20020) -#20023=* -stmts(#20023,27,#20001,0,"import ... 'foo';") -hasLocation(#20023,#20003) -stmtContainers(#20023,#20001) +local_type_names(#20022,"foo",#20020) +local_namespace_names(#20023,"foo",#20020) #20024=* -exprs(#20024,4,#20023,-1,"'foo'") -hasLocation(#20024,#20015) -enclosingStmt(#20024,#20023) -exprContainers(#20024,#20001) -literals("foo","'foo'",#20024) +stmts(#20024,27,#20001,0,"import ... 'foo';") +hasLocation(#20024,#20003) +stmtContainers(#20024,#20001) #20025=* -exprs(#20025,85,#20023,0,"* as foo") -#20026=@"loc,{#10000},1,8,1,15" -locations_default(#20026,#10000,1,8,1,15) -hasLocation(#20025,#20026) -enclosingStmt(#20025,#20023) +exprs(#20025,4,#20024,-1,"'foo'") +hasLocation(#20025,#20015) +enclosingStmt(#20025,#20024) exprContainers(#20025,#20001) -#20027=* -exprs(#20027,78,#20025,1,"foo") -hasLocation(#20027,#20011) -enclosingStmt(#20027,#20023) -exprContainers(#20027,#20001) -literals("foo","foo",#20027) -decl(#20027,#20021) -namespacedecl(#20027,#20022) +literals("foo","'foo'",#20025) +#20026=* +exprs(#20026,85,#20024,0,"* as foo") +#20027=@"loc,{#10000},1,8,1,15" +locations_default(#20027,#10000,1,8,1,15) +hasLocation(#20026,#20027) +enclosingStmt(#20026,#20024) +exprContainers(#20026,#20001) #20028=* -entry_cfg_node(#20028,#20001) -#20029=@"loc,{#10000},1,1,1,0" -locations_default(#20029,#10000,1,1,1,0) -hasLocation(#20028,#20029) -#20030=* -exit_cfg_node(#20030,#20001) -hasLocation(#20030,#20019) -successor(#20023,#20030) -successor(#20025,#20023) -successor(#20028,#20025) +exprs(#20028,78,#20026,1,"foo") +hasLocation(#20028,#20011) +enclosingStmt(#20028,#20024) +exprContainers(#20028,#20001) +literals("foo","foo",#20028) +decl(#20028,#20021) +typedecl(#20028,#20022) +namespacedecl(#20028,#20023) +#20029=* +entry_cfg_node(#20029,#20001) +#20030=@"loc,{#10000},1,1,1,0" +locations_default(#20030,#10000,1,1,1,0) +hasLocation(#20029,#20030) +#20031=* +exit_cfg_node(#20031,#20001) +hasLocation(#20031,#20019) +successor(#20024,#20031) +successor(#20026,#20024) +successor(#20029,#20026) numlines(#10000,1,1,0) filetype(#10000,"javascript") diff --git a/javascript/extractor/tests/ts/output/trap/importExport.ts.trap b/javascript/extractor/tests/ts/output/trap/importExport.ts.trap index 4b9267996c07..3f28897f7b9f 100644 --- a/javascript/extractor/tests/ts/output/trap/importExport.ts.trap +++ b/javascript/extractor/tests/ts/output/trap/importExport.ts.trap @@ -122,98 +122,102 @@ isES2015Module(#20001) variables(#20042,"Something",#20041) #20043=@"var;{importExport};{#20041}" variables(#20043,"importExport",#20041) -#20044=@"local_type_name;{importExport};{#20041}" -local_type_names(#20044,"importExport",#20041) -#20045=@"local_namespace_name;{Something};{#20041}" -local_namespace_names(#20045,"Something",#20041) -#20046=@"local_namespace_name;{importExport};{#20041}" -local_namespace_names(#20046,"importExport",#20041) +#20044=@"local_type_name;{Something};{#20041}" +local_type_names(#20044,"Something",#20041) +#20045=@"local_type_name;{importExport};{#20041}" +local_type_names(#20045,"importExport",#20041) +#20046=@"local_namespace_name;{Something};{#20041}" +local_namespace_names(#20046,"Something",#20041) +#20047=@"local_namespace_name;{importExport};{#20041}" +local_namespace_names(#20047,"importExport",#20041) variables(#20042,"Something",#20041) variables(#20043,"importExport",#20041) -local_type_names(#20044,"importExport",#20041) -local_namespace_names(#20045,"Something",#20041) -local_namespace_names(#20046,"importExport",#20041) -#20047=* -stmts(#20047,27,#20001,0,"import ... where';") -hasLocation(#20047,#20003) -stmtContainers(#20047,#20001) +local_type_names(#20044,"Something",#20041) +local_type_names(#20045,"importExport",#20041) +local_namespace_names(#20046,"Something",#20041) +local_namespace_names(#20047,"importExport",#20041) #20048=* -exprs(#20048,4,#20047,-1,"'somewhere'") -hasLocation(#20048,#20019) -enclosingStmt(#20048,#20047) -exprContainers(#20048,#20001) -literals("somewhere","'somewhere'",#20048) +stmts(#20048,27,#20001,0,"import ... where';") +hasLocation(#20048,#20003) +stmtContainers(#20048,#20001) #20049=* -exprs(#20049,85,#20047,0,"* as Something") -#20050=@"loc,{#10000},1,8,1,21" -locations_default(#20050,#10000,1,8,1,21) -hasLocation(#20049,#20050) -enclosingStmt(#20049,#20047) +exprs(#20049,4,#20048,-1,"'somewhere'") +hasLocation(#20049,#20019) +enclosingStmt(#20049,#20048) exprContainers(#20049,#20001) -#20051=* -exprs(#20051,78,#20049,1,"Something") -hasLocation(#20051,#20015) -enclosingStmt(#20051,#20047) -exprContainers(#20051,#20001) -literals("Something","Something",#20051) -decl(#20051,#20042) -namespacedecl(#20051,#20045) +literals("somewhere","'somewhere'",#20049) +#20050=* +exprs(#20050,85,#20048,0,"* as Something") +#20051=@"loc,{#10000},1,8,1,21" +locations_default(#20051,#10000,1,8,1,21) +hasLocation(#20050,#20051) +enclosingStmt(#20050,#20048) +exprContainers(#20050,#20001) #20052=* -stmts(#20052,30,#20001,1,"export ... thingy;") -hasLocation(#20052,#20007) -stmtContainers(#20052,#20001) +exprs(#20052,78,#20050,1,"Something") +hasLocation(#20052,#20015) +enclosingStmt(#20052,#20048) +exprContainers(#20052,#20001) +literals("Something","Something",#20052) +decl(#20052,#20042) +typedecl(#20052,#20044) +namespacedecl(#20052,#20046) #20053=* -stmts(#20053,32,#20052,-1,"import ... thingy;") -#20054=@"loc,{#10000},3,8,3,46" -locations_default(#20054,#10000,3,8,3,46) -hasLocation(#20053,#20054) +stmts(#20053,30,#20001,1,"export ... thingy;") +hasLocation(#20053,#20007) stmtContainers(#20053,#20001) -#20055=* -exprs(#20055,78,#20053,0,"importExport") -hasLocation(#20055,#20027) -enclosingStmt(#20055,#20053) -exprContainers(#20055,#20001) -literals("importExport","importExport",#20055) -decl(#20055,#20043) -typedecl(#20055,#20044) -namespacedecl(#20055,#20046) +#20054=* +stmts(#20054,32,#20053,-1,"import ... thingy;") +#20055=@"loc,{#10000},3,8,3,46" +locations_default(#20055,#10000,3,8,3,46) +hasLocation(#20054,#20055) +stmtContainers(#20054,#20001) #20056=* -exprs(#20056,14,#20053,1,"Something.thingy") -#20057=@"loc,{#10000},3,30,3,45" -locations_default(#20057,#10000,3,30,3,45) -hasLocation(#20056,#20057) -enclosingStmt(#20056,#20053) +exprs(#20056,78,#20054,0,"importExport") +hasLocation(#20056,#20027) +enclosingStmt(#20056,#20054) exprContainers(#20056,#20001) -#20058=* -exprs(#20058,103,#20056,0,"Something") -hasLocation(#20058,#20031) -enclosingStmt(#20058,#20053) -exprContainers(#20058,#20001) -literals("Something","Something",#20058) -namespacebind(#20058,#20045) -bind(#20058,#20042) +literals("importExport","importExport",#20056) +decl(#20056,#20043) +typedecl(#20056,#20045) +namespacedecl(#20056,#20047) +#20057=* +exprs(#20057,14,#20054,1,"Something.thingy") +#20058=@"loc,{#10000},3,30,3,45" +locations_default(#20058,#10000,3,30,3,45) +hasLocation(#20057,#20058) +enclosingStmt(#20057,#20054) +exprContainers(#20057,#20001) #20059=* -exprs(#20059,0,#20056,1,"thingy") -hasLocation(#20059,#20035) -enclosingStmt(#20059,#20053) +exprs(#20059,103,#20057,0,"Something") +hasLocation(#20059,#20031) +enclosingStmt(#20059,#20054) exprContainers(#20059,#20001) -literals("thingy","thingy",#20059) +literals("Something","Something",#20059) +namespacebind(#20059,#20046) +bind(#20059,#20042) #20060=* -entry_cfg_node(#20060,#20001) -#20061=@"loc,{#10000},1,1,1,0" -locations_default(#20061,#10000,1,1,1,0) -hasLocation(#20060,#20061) -#20062=* -exit_cfg_node(#20062,#20001) -hasLocation(#20062,#20039) -successor(#20052,#20055) -successor(#20059,#20056) -successor(#20058,#20059) -successor(#20056,#20053) -successor(#20055,#20058) -successor(#20053,#20062) -successor(#20047,#20052) -successor(#20049,#20047) -successor(#20060,#20049) +exprs(#20060,0,#20057,1,"thingy") +hasLocation(#20060,#20035) +enclosingStmt(#20060,#20054) +exprContainers(#20060,#20001) +literals("thingy","thingy",#20060) +#20061=* +entry_cfg_node(#20061,#20001) +#20062=@"loc,{#10000},1,1,1,0" +locations_default(#20062,#10000,1,1,1,0) +hasLocation(#20061,#20062) +#20063=* +exit_cfg_node(#20063,#20001) +hasLocation(#20063,#20039) +successor(#20053,#20056) +successor(#20060,#20057) +successor(#20059,#20060) +successor(#20057,#20054) +successor(#20056,#20059) +successor(#20054,#20063) +successor(#20048,#20053) +successor(#20050,#20048) +successor(#20061,#20050) numlines(#10000,3,2,0) filetype(#10000,"typescript") diff --git a/javascript/ql/src/semmle/javascript/TypeScript.qll b/javascript/ql/src/semmle/javascript/TypeScript.qll index eae336817718..9104d4d343f8 100644 --- a/javascript/ql/src/semmle/javascript/TypeScript.qll +++ b/javascript/ql/src/semmle/javascript/TypeScript.qll @@ -359,7 +359,7 @@ class TypeDecl extends Identifier, TypeRef, LexicalDecl { TypeDecl() { this = any(ClassOrInterface ci).getIdentifier() or this = any(TypeParameter tp).getIdentifier() or - this = any(ImportSpecifier im | not im instanceof ImportNamespaceSpecifier).getLocal() or + this = any(ImportSpecifier im).getLocal() or this = any(ImportEqualsDeclaration im).getId() or this = any(TypeAliasDeclaration td).getIdentifier() or this = any(EnumDeclaration ed).getIdentifier() or diff --git a/javascript/ql/test/library-tests/TypeScript/LocalTypeResolution/ResolveTypeNames.expected b/javascript/ql/test/library-tests/TypeScript/LocalTypeResolution/ResolveTypeNames.expected index d97404e26ac7..43ba306f202c 100644 --- a/javascript/ql/test/library-tests/TypeScript/LocalTypeResolution/ResolveTypeNames.expected +++ b/javascript/ql/test/library-tests/TypeScript/LocalTypeResolution/ResolveTypeNames.expected @@ -4,6 +4,7 @@ | exports.ts:16:5:16:8 | Enum | exports.ts:7:6:7:9 | Enum | | namespaceDecls.ts:38:8:38:8 | A | namespaceDecls.ts:1:8:1:8 | A | | namespaceDecls.ts:38:8:38:8 | A | namespaceDecls.ts:6:11:6:11 | A | +| namespaceDecls.ts:39:8:39:8 | E | namespaceDecls.ts:4:13:4:13 | E | | namespaceDecls.ts:39:8:39:8 | E | namespaceDecls.ts:7:11:7:11 | E | | tst.ts:6:9:6:9 | I | tst.ts:4:11:4:11 | I | | tst.ts:8:11:8:11 | I | tst.ts:4:11:4:11 | I | diff --git a/javascript/ql/test/query-tests/Declarations/UnusedVariable/UnusedVariable.expected b/javascript/ql/test/query-tests/Declarations/UnusedVariable/UnusedVariable.expected index 30ab3133bca8..9db0d903c2d0 100644 --- a/javascript/ql/test/query-tests/Declarations/UnusedVariable/UnusedVariable.expected +++ b/javascript/ql/test/query-tests/Declarations/UnusedVariable/UnusedVariable.expected @@ -7,6 +7,7 @@ | importWithoutPragma.jsx:1:1:1:27 | import ... react'; | Unused import h. | | multi-imports.js:1:1:1:29 | import ... om 'x'; | Unused imports a, b, d. | | multi-imports.js:2:1:2:42 | import ... om 'x'; | Unused imports alphabetically, ordered. | +| namespaceImportAsType.ts:3:1:3:23 | import ... om "z"; | Unused import Z. | | require-react-in-other-scope.js:2:9:2:13 | React | Unused variable React. | | typeoftype.ts:9:7:9:7 | y | Unused variable y. | | underscore.js:6:7:6:7 | e | Unused variable e. | diff --git a/javascript/ql/test/query-tests/Declarations/UnusedVariable/namespaceImportAsType.ts b/javascript/ql/test/query-tests/Declarations/UnusedVariable/namespaceImportAsType.ts new file mode 100644 index 000000000000..8749b3b059e4 --- /dev/null +++ b/javascript/ql/test/query-tests/Declarations/UnusedVariable/namespaceImportAsType.ts @@ -0,0 +1,9 @@ +import * as X from "x"; // OK +import * as Y from "y"; // OK +import * as Z from "z"; // NOT OK + +function f(x: X) {} +function g(x: Y.T) {} + +f(null); +g(null);