Skip to content

JS: Improve useless-expression query to avoid duplicate alerts on compound expressions #19579

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

JS: Improve useless-expression query to avoid duplicate alerts on compound expressions #19579

wants to merge 6 commits into from

Conversation

Napalys
Copy link
Contributor

@Napalys Napalys commented May 26, 2025
edited
Loading

This PR improves the js/useless-expression query by adding logic to avoid flagging compound expressions that may contain sub-expressions with side effects.

@Napalys Napalys marked this pull request as ready for review May 26, 2025 11:00
@Copilot Copilot AI review requested due to automatic review settings May 26, 2025 11:00
@Napalys Napalys requested a review from a team as a code owner May 26, 2025 11:00
Copilot
Copilot AI reviewed May 26, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Enhance the isDomProperty predicate to detect property reads on DOM nodes (e.g., offsetHeight, clientWidth) and reduce false positives in the js/useless-expression query.

  • Extend isDomProperty to also match property names accessed via data-flow property reads.
  • Add a test case validating layout-affecting reads on DOM elements.
  • Record the change in the project’s change notes.

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File Description
javascript/ql/lib/Expressions/DOMProperties.qll Extend isDomProperty predicate with a DataFlow::SourceNode branch.
javascript/ql/test/query-tests/Expressions/ExprHasNoEffect/dom.js New test verifying that reads like offsetHeight and clientWidth are side-effectful.
javascript/ql/lib/change-notes/2025-05-26-dom-property-access.md Add change note documenting the enhancement to isDomProperty.
Comments suppressed due to low confidence (1)

javascript/ql/lib/Expressions/DOMProperties.qll:14

  • [nitpick] The variable name domNode implies a DOM AST node but actually refers to a data-flow source; consider renaming it to sourceNode or propSourceNode for clearer intent.
exists(DataFlow::SourceNode domNode | isDomNode(domNode) |

@Napalys Napalys marked this pull request as draft May 27, 2025 08:53
@Napalys Napalys force-pushed the js/dom_property_access branch 3 times, most recently from 201ee08 to 59fe03f Compare May 30, 2025 14:30
@Napalys Napalys force-pushed the js/dom_property_access branch from 59fe03f to 1f256ab Compare June 2, 2025 12:59
@Napalys Napalys changed the title JS: Enhance isDomProperty JS: Improve useless-expression query to avoid duplicate alerts on compound expressions Jun 2, 2025
@Napalys Napalys marked this pull request as ready for review June 2, 2025 13:07
asgerf
asgerf reviewed Jun 2, 2025
View reviewed changes
javascript/ql/lib/Expressions/ExprHasNoEffect.qll Outdated
e instanceof SeqExpr
or
e instanceof ParExpr and
not e.stripParens() instanceof FunctionExpr
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why this last condition about functions? Deserves a comment at least.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added this to handle cases like this one, otherwise we would lose the ability to detect such useless functions. I’ve also added a comment in commit 15b1dae. Hope that makes sense!

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

But why is the function expression itself not flagged in this case?

We decided to alert on the innermost expression, as opposed to the outermost one. But this makes an exception for function expressions; for function expressions we now flag the enclosing parenthesis. I just don't see why there should be a special case for function expressions.

Copy link
Contributor Author

@Napalys Napalys Jun 3, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That’s fair! It was silly of me to try fixing the problem at the surface 🤦 instead of tackling the root cause. What do you think of the approach I took in this chain of commits?
bf48b59 -> 46b5ded -> aac56e0

@Napalys Napalys requested a review from asgerf June 2, 2025 15:39
@Napalys Napalys force-pushed the js/dom_property_access branch from 15b1dae to aac56e0 Compare June 3, 2025 13:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot

@asgerf asgerf

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
documentation JS
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Napalys @asgerf