From cee986fa7692a40f9a673c138a675d9297b5c055 Mon Sep 17 00:00:00 2001 From: Erik Krogh Kristensen Date: Mon, 4 May 2020 09:08:41 +0200 Subject: [PATCH 1/3] skip expressions that are alone in a file for js/useless-expression --- javascript/ql/src/Expressions/ExprHasNoEffect.qll | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/javascript/ql/src/Expressions/ExprHasNoEffect.qll b/javascript/ql/src/Expressions/ExprHasNoEffect.qll index 86790bb0da3e..5f3bacf42452 100644 --- a/javascript/ql/src/Expressions/ExprHasNoEffect.qll +++ b/javascript/ql/src/Expressions/ExprHasNoEffect.qll @@ -158,5 +158,7 @@ predicate hasNoEffect(Expr e) { // exclude block-level flow type annotations. For example: `(name: empty)`. not e.(ParExpr).getExpression().getLastToken().getNextToken().getValue() = ":" and // exclude the first statement of a try block - not e = any(TryStmt stmt).getBody().getStmt(0).(ExprStmt).getExpr() + not e = any(TryStmt stmt).getBody().getStmt(0).(ExprStmt).getExpr() and + // exclude expressions that are alone in a file + not e.getParent().(ExprStmt).getParent().(TopLevel).getNumChild() = 1 } From ffdbe31a30770a217c8c085887a3ec2cfb1c7b41 Mon Sep 17 00:00:00 2001 From: Erik Krogh Kristensen Date: Mon, 4 May 2020 09:08:46 +0200 Subject: [PATCH 2/3] change-note --- change-notes/1.25/analysis-javascript.md | 1 + 1 file changed, 1 insertion(+) diff --git a/change-notes/1.25/analysis-javascript.md b/change-notes/1.25/analysis-javascript.md index 7770b250accd..6e759b628687 100644 --- a/change-notes/1.25/analysis-javascript.md +++ b/change-notes/1.25/analysis-javascript.md @@ -20,6 +20,7 @@ | Misspelled variable name (`js/misspelled-variable-name`) | Message changed | The message for this query now correctly identifies the misspelled variable in additional cases. | | Uncontrolled data used in path expression (`js/path-injection`) | More results | This query now recognizes additional file system calls. | | Uncontrolled command line (`js/command-line-injection`) | More results | This query now recognizes additional command execution calls. | +| Expression has no effect (`js/useless-expression`) | Less results | This query no longer flags an expression when that expression is the only content of the containing file. | ## Changes to libraries From eb7e0d6a6296b4724aedc24fb0467f2db7b881a3 Mon Sep 17 00:00:00 2001 From: Erik Krogh Kristensen Date: Mon, 4 May 2020 18:28:06 +0200 Subject: [PATCH 3/3] still flag single-expression files that contain a function --- javascript/ql/src/Expressions/ExprHasNoEffect.qll | 8 ++++++-- .../query-tests/Expressions/ExprHasNoEffect/jsonlike.js | 1 + 2 files changed, 7 insertions(+), 2 deletions(-) create mode 100644 javascript/ql/test/query-tests/Expressions/ExprHasNoEffect/jsonlike.js diff --git a/javascript/ql/src/Expressions/ExprHasNoEffect.qll b/javascript/ql/src/Expressions/ExprHasNoEffect.qll index 5f3bacf42452..3818834f529a 100644 --- a/javascript/ql/src/Expressions/ExprHasNoEffect.qll +++ b/javascript/ql/src/Expressions/ExprHasNoEffect.qll @@ -159,6 +159,10 @@ predicate hasNoEffect(Expr e) { not e.(ParExpr).getExpression().getLastToken().getNextToken().getValue() = ":" and // exclude the first statement of a try block not e = any(TryStmt stmt).getBody().getStmt(0).(ExprStmt).getExpr() and - // exclude expressions that are alone in a file - not e.getParent().(ExprStmt).getParent().(TopLevel).getNumChild() = 1 + // exclude expressions that are alone in a file, and file doesn't contain a function. + not exists(TopLevel top | + top = e.getParent().(ExprStmt).getParent() and + top.getNumChild() = 1 and + not exists(Function fun | fun.getEnclosingContainer() = top) + ) } diff --git a/javascript/ql/test/query-tests/Expressions/ExprHasNoEffect/jsonlike.js b/javascript/ql/test/query-tests/Expressions/ExprHasNoEffect/jsonlike.js new file mode 100644 index 000000000000..0026d475ed70 --- /dev/null +++ b/javascript/ql/test/query-tests/Expressions/ExprHasNoEffect/jsonlike.js @@ -0,0 +1 @@ +["foo", "bar", 123] \ No newline at end of file