diff --git a/change-notes/1.25/analysis-javascript.md b/change-notes/1.25/analysis-javascript.md index 7770b250accd..6e759b628687 100644 --- a/change-notes/1.25/analysis-javascript.md +++ b/change-notes/1.25/analysis-javascript.md @@ -20,6 +20,7 @@ | Misspelled variable name (`js/misspelled-variable-name`) | Message changed | The message for this query now correctly identifies the misspelled variable in additional cases. | | Uncontrolled data used in path expression (`js/path-injection`) | More results | This query now recognizes additional file system calls. | | Uncontrolled command line (`js/command-line-injection`) | More results | This query now recognizes additional command execution calls. | +| Expression has no effect (`js/useless-expression`) | Less results | This query no longer flags an expression when that expression is the only content of the containing file. | ## Changes to libraries diff --git a/javascript/ql/src/Expressions/ExprHasNoEffect.qll b/javascript/ql/src/Expressions/ExprHasNoEffect.qll index 86790bb0da3e..3818834f529a 100644 --- a/javascript/ql/src/Expressions/ExprHasNoEffect.qll +++ b/javascript/ql/src/Expressions/ExprHasNoEffect.qll @@ -158,5 +158,11 @@ predicate hasNoEffect(Expr e) { // exclude block-level flow type annotations. For example: `(name: empty)`. not e.(ParExpr).getExpression().getLastToken().getNextToken().getValue() = ":" and // exclude the first statement of a try block - not e = any(TryStmt stmt).getBody().getStmt(0).(ExprStmt).getExpr() + not e = any(TryStmt stmt).getBody().getStmt(0).(ExprStmt).getExpr() and + // exclude expressions that are alone in a file, and file doesn't contain a function. + not exists(TopLevel top | + top = e.getParent().(ExprStmt).getParent() and + top.getNumChild() = 1 and + not exists(Function fun | fun.getEnclosingContainer() = top) + ) } diff --git a/javascript/ql/test/query-tests/Expressions/ExprHasNoEffect/jsonlike.js b/javascript/ql/test/query-tests/Expressions/ExprHasNoEffect/jsonlike.js new file mode 100644 index 000000000000..0026d475ed70 --- /dev/null +++ b/javascript/ql/test/query-tests/Expressions/ExprHasNoEffect/jsonlike.js @@ -0,0 +1 @@ +["foo", "bar", 123] \ No newline at end of file