From 58862f4ace3b35d19c9cf61dc63fbe7efcee6401 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Tue, 9 Sep 2025 15:35:43 +0200 Subject: [PATCH 1/2] JavaScript: Add some medium precision queries to the code-quality-extended suite. --- javascript/ql/src/Comments/CommentedOutCode.ql | 6 +++--- javascript/ql/src/Comments/TodoComments.ql | 4 +++- javascript/ql/src/DOM/Alert.ql | 4 +++- javascript/ql/src/Declarations/RedeclaredVariable.ql | 4 +++- javascript/ql/src/Declarations/UnusedParameter.ql | 5 ++++- .../ql/src/LanguageFeatures/ArgumentsCallerCallee.ql | 5 +++-- javascript/ql/src/LanguageFeatures/DebuggerStatement.ql | 7 ++++--- javascript/ql/src/LanguageFeatures/Eval.ql | 5 +++-- .../ql/src/Performance/ReassignParameterAndUseArguments.ql | 5 +++-- javascript/ql/src/RegExp/BackspaceEscape.ql | 5 +++-- javascript/ql/src/Statements/ImplicitReturn.ql | 5 ++++- javascript/ql/src/Statements/InconsistentReturn.ql | 6 ++++-- 12 files changed, 40 insertions(+), 21 deletions(-) diff --git a/javascript/ql/src/Comments/CommentedOutCode.ql b/javascript/ql/src/Comments/CommentedOutCode.ql index 2528172522d5..460a3bc21331 100644 --- a/javascript/ql/src/Comments/CommentedOutCode.ql +++ b/javascript/ql/src/Comments/CommentedOutCode.ql @@ -4,9 +4,9 @@ * @kind problem * @problem.severity recommendation * @id js/commented-out-code - * @tags maintainability - * statistical - * non-attributable + * @tags quality + * maintainability + * readability * @precision medium */ diff --git a/javascript/ql/src/Comments/TodoComments.ql b/javascript/ql/src/Comments/TodoComments.ql index 3d7f92cfbfc3..487dde1f737f 100644 --- a/javascript/ql/src/Comments/TodoComments.ql +++ b/javascript/ql/src/Comments/TodoComments.ql @@ -5,7 +5,9 @@ * @kind problem * @problem.severity recommendation * @id js/todo-comment - * @tags maintainability + * @tags quality + * maintainability + * readability * external/cwe/cwe-546 * @precision medium */ diff --git a/javascript/ql/src/DOM/Alert.ql b/javascript/ql/src/DOM/Alert.ql index 97fd505d2f96..43218c439c18 100644 --- a/javascript/ql/src/DOM/Alert.ql +++ b/javascript/ql/src/DOM/Alert.ql @@ -4,7 +4,9 @@ * @kind problem * @problem.severity recommendation * @id js/alert-call - * @tags maintainability + * @tags quality + * reliability + * correctness * external/cwe/cwe-489 * @precision medium */ diff --git a/javascript/ql/src/Declarations/RedeclaredVariable.ql b/javascript/ql/src/Declarations/RedeclaredVariable.ql index a48e4e5f65e7..098cfdaffc47 100644 --- a/javascript/ql/src/Declarations/RedeclaredVariable.ql +++ b/javascript/ql/src/Declarations/RedeclaredVariable.ql @@ -4,7 +4,9 @@ * @kind problem * @problem.severity recommendation * @id js/variable-redeclaration - * @tags reliability + * @tags quality + * reliability + * correctness * readability * @precision medium */ diff --git a/javascript/ql/src/Declarations/UnusedParameter.ql b/javascript/ql/src/Declarations/UnusedParameter.ql index d48dc11ed2ab..6cb84d2f7c1f 100644 --- a/javascript/ql/src/Declarations/UnusedParameter.ql +++ b/javascript/ql/src/Declarations/UnusedParameter.ql @@ -4,7 +4,10 @@ * @kind problem * @problem.severity recommendation * @id js/unused-parameter - * @tags maintainability + * @tags quality + * reliability + * correctness + * readability * @precision medium */ diff --git a/javascript/ql/src/LanguageFeatures/ArgumentsCallerCallee.ql b/javascript/ql/src/LanguageFeatures/ArgumentsCallerCallee.ql index 6354383f6c78..9bbf22eebaaa 100644 --- a/javascript/ql/src/LanguageFeatures/ArgumentsCallerCallee.ql +++ b/javascript/ql/src/LanguageFeatures/ArgumentsCallerCallee.ql @@ -5,8 +5,9 @@ * @kind problem * @problem.severity recommendation * @id js/call-stack-introspection - * @tags maintainability - * language-features + * @tags quality + * reliability + * correctness * @precision medium */ diff --git a/javascript/ql/src/LanguageFeatures/DebuggerStatement.ql b/javascript/ql/src/LanguageFeatures/DebuggerStatement.ql index 6ffca36df7cd..a81f8e93051f 100644 --- a/javascript/ql/src/LanguageFeatures/DebuggerStatement.ql +++ b/javascript/ql/src/LanguageFeatures/DebuggerStatement.ql @@ -4,9 +4,10 @@ * @kind problem * @problem.severity recommendation * @id js/debugger-statement - * @tags efficiency - * maintainability - * language-features + * @tags quality + * reliability + * correctness + * performance * external/cwe/cwe-489 * @precision medium */ diff --git a/javascript/ql/src/LanguageFeatures/Eval.ql b/javascript/ql/src/LanguageFeatures/Eval.ql index f1f753774c04..940ec716da7f 100644 --- a/javascript/ql/src/LanguageFeatures/Eval.ql +++ b/javascript/ql/src/LanguageFeatures/Eval.ql @@ -5,8 +5,9 @@ * @kind problem * @problem.severity recommendation * @id js/eval-call - * @tags maintainability - * language-features + * @tags quality + * reliability + * correctness * external/cwe/cwe-676 * @precision medium */ diff --git a/javascript/ql/src/Performance/ReassignParameterAndUseArguments.ql b/javascript/ql/src/Performance/ReassignParameterAndUseArguments.ql index 0e54de5d7d89..7fddaa745926 100644 --- a/javascript/ql/src/Performance/ReassignParameterAndUseArguments.ql +++ b/javascript/ql/src/Performance/ReassignParameterAndUseArguments.ql @@ -5,8 +5,9 @@ * @kind problem * @problem.severity recommendation * @id js/parameter-reassignment-with-arguments - * @tags efficiency - * maintainability + * @tags quality + * reliability + * performance * @precision medium */ diff --git a/javascript/ql/src/RegExp/BackspaceEscape.ql b/javascript/ql/src/RegExp/BackspaceEscape.ql index 054f46f06b68..cee6c7672cee 100644 --- a/javascript/ql/src/RegExp/BackspaceEscape.ql +++ b/javascript/ql/src/RegExp/BackspaceEscape.ql @@ -5,9 +5,10 @@ * @kind problem * @problem.severity recommendation * @id js/regex/backspace-escape - * @tags maintainability + * @tags quality + * maintainability * readability - * regular-expressions + * correctness * @precision medium */ diff --git a/javascript/ql/src/Statements/ImplicitReturn.ql b/javascript/ql/src/Statements/ImplicitReturn.ql index 9bc50f0798a6..cf76ec616062 100644 --- a/javascript/ql/src/Statements/ImplicitReturn.ql +++ b/javascript/ql/src/Statements/ImplicitReturn.ql @@ -5,7 +5,10 @@ * @kind problem * @problem.severity recommendation * @id js/implicit-return - * @tags maintainability + * @tags quality + * reliability + * correctness + * readability * @precision medium */ diff --git a/javascript/ql/src/Statements/InconsistentReturn.ql b/javascript/ql/src/Statements/InconsistentReturn.ql index b6978301e023..a6e810d52bf2 100644 --- a/javascript/ql/src/Statements/InconsistentReturn.ql +++ b/javascript/ql/src/Statements/InconsistentReturn.ql @@ -4,8 +4,10 @@ * @kind problem * @problem.severity recommendation * @id js/mixed-returns - * @tags reliability - * maintainability + * @tags quality + * reliability + * correctness + * readability * @precision medium */ From 1c801bd856a3f399512958f8cfbe9e792ffc6f62 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Tue, 9 Sep 2025 15:48:31 +0200 Subject: [PATCH 2/2] JavaScript: Update integration test expected output. --- .../javascript-code-quality-extended.qls.expected | 12 ++++++++++++ .../query-suite/not_included_in_qls.expected | 12 ------------ 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/javascript/ql/integration-tests/query-suite/javascript-code-quality-extended.qls.expected b/javascript/ql/integration-tests/query-suite/javascript-code-quality-extended.qls.expected index 6894a776b379..1d2d3c1ff8ce 100644 --- a/javascript/ql/integration-tests/query-suite/javascript-code-quality-extended.qls.expected +++ b/javascript/ql/integration-tests/query-suite/javascript-code-quality-extended.qls.expected @@ -4,6 +4,9 @@ ql/javascript/ql/src/AngularJS/IncompatibleService.ql ql/javascript/ql/src/AngularJS/MissingExplicitInjection.ql ql/javascript/ql/src/AngularJS/RepeatedInjection.ql ql/javascript/ql/src/AngularJS/UseNgSrc.ql +ql/javascript/ql/src/Comments/CommentedOutCode.ql +ql/javascript/ql/src/Comments/TodoComments.ql +ql/javascript/ql/src/DOM/Alert.ql ql/javascript/ql/src/DOM/DuplicateAttributes.ql ql/javascript/ql/src/DOM/MalformedIdAttribute.ql ql/javascript/ql/src/DOM/PseudoEval.ql @@ -20,11 +23,13 @@ ql/javascript/ql/src/Declarations/IneffectiveParameterType.ql ql/javascript/ql/src/Declarations/MissingThisQualifier.ql ql/javascript/ql/src/Declarations/MissingVarDecl.ql ql/javascript/ql/src/Declarations/MixedStaticInstanceThisAccess.ql +ql/javascript/ql/src/Declarations/RedeclaredVariable.ql ql/javascript/ql/src/Declarations/SuspiciousMethodNameDeclaration.ql ql/javascript/ql/src/Declarations/TemporalDeadZone.ql ql/javascript/ql/src/Declarations/UniqueParameterNames.ql ql/javascript/ql/src/Declarations/UniquePropertyNames.ql ql/javascript/ql/src/Declarations/UnreachableMethodOverloads.ql +ql/javascript/ql/src/Declarations/UnusedParameter.ql ql/javascript/ql/src/Declarations/UnusedVariable.ql ql/javascript/ql/src/Expressions/ComparisonWithNaN.ql ql/javascript/ql/src/Expressions/DuplicateCondition.ql @@ -48,9 +53,12 @@ ql/javascript/ql/src/Expressions/UnclearOperatorPrecedence.ql ql/javascript/ql/src/Expressions/UnknownDirective.ql ql/javascript/ql/src/Expressions/UnneededDefensiveProgramming.ql ql/javascript/ql/src/Expressions/WhitespaceContradictsPrecedence.ql +ql/javascript/ql/src/LanguageFeatures/ArgumentsCallerCallee.ql ql/javascript/ql/src/LanguageFeatures/BadTypeof.ql ql/javascript/ql/src/LanguageFeatures/ConditionalComments.ql +ql/javascript/ql/src/LanguageFeatures/DebuggerStatement.ql ql/javascript/ql/src/LanguageFeatures/DeleteVar.ql +ql/javascript/ql/src/LanguageFeatures/Eval.ql ql/javascript/ql/src/LanguageFeatures/ExpressionClosures.ql ql/javascript/ql/src/LanguageFeatures/ForInComprehensionBlocks.ql ql/javascript/ql/src/LanguageFeatures/IllegalInvocation.ql @@ -71,6 +79,7 @@ ql/javascript/ql/src/LanguageFeatures/WithStatement.ql ql/javascript/ql/src/LanguageFeatures/YieldInNonGenerator.ql ql/javascript/ql/src/NodeJS/InvalidExport.ql ql/javascript/ql/src/NodeJS/MissingExports.ql +ql/javascript/ql/src/Performance/ReassignParameterAndUseArguments.ql ql/javascript/ql/src/Quality/UnhandledErrorInStreamPipeline.ql ql/javascript/ql/src/React/DirectStateMutation.ql ql/javascript/ql/src/React/InconsistentStateUpdate.ql @@ -78,6 +87,7 @@ ql/javascript/ql/src/React/UnsupportedStateUpdateInLifecycleMethod.ql ql/javascript/ql/src/React/UnusedOrUndefinedStateProperty.ql ql/javascript/ql/src/RegExp/BackrefBeforeGroup.ql ql/javascript/ql/src/RegExp/BackrefIntoNegativeLookahead.ql +ql/javascript/ql/src/RegExp/BackspaceEscape.ql ql/javascript/ql/src/RegExp/DuplicateCharacterInCharacterClass.ql ql/javascript/ql/src/RegExp/EmptyCharacterClass.ql ql/javascript/ql/src/RegExp/RegExpAlwaysMatches.ql @@ -86,7 +96,9 @@ ql/javascript/ql/src/RegExp/UnmatchableCaret.ql ql/javascript/ql/src/RegExp/UnmatchableDollar.ql ql/javascript/ql/src/Statements/DanglingElse.ql ql/javascript/ql/src/Statements/IgnoreArrayResult.ql +ql/javascript/ql/src/Statements/ImplicitReturn.ql ql/javascript/ql/src/Statements/InconsistentLoopOrientation.ql +ql/javascript/ql/src/Statements/InconsistentReturn.ql ql/javascript/ql/src/Statements/LabelInCase.ql ql/javascript/ql/src/Statements/LoopIterationSkippedDueToShifting.ql ql/javascript/ql/src/Statements/MisleadingIndentationAfterControlStmt.ql diff --git a/javascript/ql/integration-tests/query-suite/not_included_in_qls.expected b/javascript/ql/integration-tests/query-suite/not_included_in_qls.expected index fa52a97a4e4a..46317e8800f2 100644 --- a/javascript/ql/integration-tests/query-suite/not_included_in_qls.expected +++ b/javascript/ql/integration-tests/query-suite/not_included_in_qls.expected @@ -1,18 +1,13 @@ ql/javascript/ql/src/AlertSuppression.ql ql/javascript/ql/src/AngularJS/DeadAngularJSEventListener.ql ql/javascript/ql/src/AngularJS/UnusedAngularDependency.ql -ql/javascript/ql/src/Comments/CommentedOutCode.ql ql/javascript/ql/src/Comments/FCommentedOutCode.ql -ql/javascript/ql/src/Comments/TodoComments.ql -ql/javascript/ql/src/DOM/Alert.ql ql/javascript/ql/src/DOM/AmbiguousIdAttribute.ql ql/javascript/ql/src/DOM/ConflictingAttributes.ql ql/javascript/ql/src/DOM/TargetBlank.ql ql/javascript/ql/src/Declarations/DeadStoreOfGlobal.ql -ql/javascript/ql/src/Declarations/RedeclaredVariable.ql ql/javascript/ql/src/Declarations/TooManyParameters.ql ql/javascript/ql/src/Declarations/UnstableCyclicImport.ql -ql/javascript/ql/src/Declarations/UnusedParameter.ql ql/javascript/ql/src/Declarations/UnusedProperty.ql ql/javascript/ql/src/Electron/EnablingNodeIntegration.ql ql/javascript/ql/src/Expressions/BitwiseSignCheck.ql @@ -21,10 +16,7 @@ ql/javascript/ql/src/Expressions/MisspelledIdentifier.ql ql/javascript/ql/src/JSDoc/BadParamTag.ql ql/javascript/ql/src/JSDoc/JSDocForNonExistentParameter.ql ql/javascript/ql/src/JSDoc/UndocumentedParameter.ql -ql/javascript/ql/src/LanguageFeatures/ArgumentsCallerCallee.ql -ql/javascript/ql/src/LanguageFeatures/DebuggerStatement.ql ql/javascript/ql/src/LanguageFeatures/EmptyArrayInit.ql -ql/javascript/ql/src/LanguageFeatures/Eval.ql ql/javascript/ql/src/LanguageFeatures/JumpFromFinally.ql ql/javascript/ql/src/LanguageFeatures/SetterIgnoresParameter.ql ql/javascript/ql/src/LanguageFeatures/WrongExtensionJSON.ql @@ -48,8 +40,6 @@ ql/javascript/ql/src/NodeJS/DubiousImport.ql ql/javascript/ql/src/NodeJS/UnresolvableImport.ql ql/javascript/ql/src/NodeJS/UnusedDependency.ql ql/javascript/ql/src/Performance/NonLocalForIn.ql -ql/javascript/ql/src/Performance/ReassignParameterAndUseArguments.ql -ql/javascript/ql/src/RegExp/BackspaceEscape.ql ql/javascript/ql/src/RegExp/MalformedRegExp.ql ql/javascript/ql/src/Security/CWE-020/ExternalAPIsUsedWithUntrustedData.ql ql/javascript/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql @@ -59,8 +49,6 @@ ql/javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql ql/javascript/ql/src/Security/CWE-807/DifferentKindsComparisonBypass.ql ql/javascript/ql/src/Security/trest/test.ql ql/javascript/ql/src/Statements/EphemeralLoop.ql -ql/javascript/ql/src/Statements/ImplicitReturn.ql -ql/javascript/ql/src/Statements/InconsistentReturn.ql ql/javascript/ql/src/Statements/NestedLoopsSameVariable.ql ql/javascript/ql/src/Statements/ReturnOutsideFunction.ql ql/javascript/ql/src/Summary/TaintSinks.ql