From a8031204142f30dd82c0e5b07907f536ef3773dd Mon Sep 17 00:00:00 2001 From: Max Schaefer Date: Tue, 19 May 2020 11:52:53 +0100 Subject: [PATCH] Lower precision for a number of queries. These queries are currently run by default, but don't have their results displayed. Looking through results on LGTM.com, they are either false positives (e.g., `BitwiseSignCheck` which flags many perfectly harmless operations and `CompareIdenticalValues` which mostly flags NaN checks) or harmless results that developers are unlikely to care about (e.g., `EmptyArrayInit` or `MisspelledIdentifier`). With this PR, the only queries that are still run but not displayed are security queries, where different considerations may apply. --- change-notes/1.25/analysis-javascript.md | 23 +++++++++++++++++++ .../AngularJS/DeadAngularJSEventListener.ql | 2 +- .../src/AngularJS/UnusedAngularDependency.ql | 2 +- .../ql/src/DOM/ConflictingAttributes.ql | 2 +- .../ql/src/Declarations/DeadStoreOfGlobal.ql | 2 +- .../ql/src/Declarations/TooManyParameters.ql | 2 +- .../ql/src/Declarations/UnusedProperty.ql | 2 +- .../ql/src/Expressions/BitwiseSignCheck.ql | 2 +- .../src/Expressions/CompareIdenticalValues.ql | 2 +- .../src/Expressions/MisspelledIdentifier.ql | 2 +- javascript/ql/src/JSDoc/BadParamTag.ql | 2 +- .../src/JSDoc/JSDocForNonExistentParameter.ql | 2 +- .../ql/src/JSDoc/UndocumentedParameter.ql | 2 +- .../ql/src/LanguageFeatures/EmptyArrayInit.ql | 2 +- .../SetterIgnoresParameter.ql | 2 +- .../LanguageFeatures/WrongExtensionJSON.ql | 2 +- javascript/ql/src/NodeJS/CyclicImport.ql | 2 +- javascript/ql/src/NodeJS/UnusedDependency.ql | 2 +- javascript/ql/src/Statements/EphemeralLoop.ql | 2 +- .../src/Statements/NestedLoopsSameVariable.ql | 2 +- .../src/Statements/ReturnOutsideFunction.ql | 2 +- 21 files changed, 43 insertions(+), 20 deletions(-) diff --git a/change-notes/1.25/analysis-javascript.md b/change-notes/1.25/analysis-javascript.md index 8852d1c86b3..2bede87725a 100644 --- a/change-notes/1.25/analysis-javascript.md +++ b/change-notes/1.25/analysis-javascript.md @@ -23,6 +23,29 @@ | Expression has no effect (`js/useless-expression`) | Less results | This query no longer flags an expression when that expression is the only content of the containing file. | | Unknown directive (`js/unknown-directive`) | Less results | This query no longer flags directives generated by the Babel compiler. | +The following low-precision queries are no longer run by default on LGTM (their results already were not displayed): + + - `js/angular/dead-event-listener` + - `js/angular/unused-dependency` + - `js/conflicting-html-attribute` + - `js/useless-assignment-to-global` + - `js/too-many-parameters` + - `js/unused-property` + - `js/bitwise-sign-check` + - `js/comparison-of-identical-expressions` + - `js/misspelled-identifier` + - `js/jsdoc/malformed-param-tag` + - `js/jsdoc/unknown-parameter` + - `js/jsdoc/missing-parameter` + - `js/omitted-array-element` + - `js/ignored-setter-parameter` + - `js/json-in-javascript-file` + - `js/node/cyclic-import` + - `js/node/unused-npm-dependency` + - `js/single-run-loop` + - `js/nested-loops-with-same-variable` + - `js/return-outside-function` + ## Changes to libraries * Added data flow for `Map` and `Set`, and added matching type-tracking steps that can accessed using the `CollectionsTypeTracking` module. diff --git a/javascript/ql/src/AngularJS/DeadAngularJSEventListener.ql b/javascript/ql/src/AngularJS/DeadAngularJSEventListener.ql index 54ec854bae4..2fb5881723f 100644 --- a/javascript/ql/src/AngularJS/DeadAngularJSEventListener.ql +++ b/javascript/ql/src/AngularJS/DeadAngularJSEventListener.ql @@ -3,7 +3,7 @@ * @description An AngularJS event listener that listens for a non-existent event has no effect. * @kind problem * @problem.severity warning - * @precision medium + * @precision low * @id js/angular/dead-event-listener * @tags correctness * frameworks/angularjs diff --git a/javascript/ql/src/AngularJS/UnusedAngularDependency.ql b/javascript/ql/src/AngularJS/UnusedAngularDependency.ql index 8e0baa00fab..b3e0773a157 100644 --- a/javascript/ql/src/AngularJS/UnusedAngularDependency.ql +++ b/javascript/ql/src/AngularJS/UnusedAngularDependency.ql @@ -3,7 +3,7 @@ * @description Unused dependencies are confusing, and should be removed. * @kind problem * @problem.severity recommendation - * @precision high + * @precision low * @id js/angular/unused-dependency * @tags maintainability * frameworks/angularjs diff --git a/javascript/ql/src/DOM/ConflictingAttributes.ql b/javascript/ql/src/DOM/ConflictingAttributes.ql index 58657da9693..1e954164b6f 100644 --- a/javascript/ql/src/DOM/ConflictingAttributes.ql +++ b/javascript/ql/src/DOM/ConflictingAttributes.ql @@ -8,7 +8,7 @@ * @tags maintainability * correctness * external/cwe/cwe-758 - * @precision medium + * @precision low */ import javascript diff --git a/javascript/ql/src/Declarations/DeadStoreOfGlobal.ql b/javascript/ql/src/Declarations/DeadStoreOfGlobal.ql index 2e6b54fc301..fc10f66f533 100644 --- a/javascript/ql/src/Declarations/DeadStoreOfGlobal.ql +++ b/javascript/ql/src/Declarations/DeadStoreOfGlobal.ql @@ -7,7 +7,7 @@ * @tags maintainability * correctness * external/cwe/cwe-563 - * @precision medium + * @precision low */ import javascript diff --git a/javascript/ql/src/Declarations/TooManyParameters.ql b/javascript/ql/src/Declarations/TooManyParameters.ql index 6e17d5373dc..0677c96c5b9 100644 --- a/javascript/ql/src/Declarations/TooManyParameters.ql +++ b/javascript/ql/src/Declarations/TooManyParameters.ql @@ -6,7 +6,7 @@ * @id js/too-many-parameters * @tags testability * readability - * @precision high + * @precision low */ import javascript diff --git a/javascript/ql/src/Declarations/UnusedProperty.ql b/javascript/ql/src/Declarations/UnusedProperty.ql index 33896e0a0c1..e9e38409bcb 100644 --- a/javascript/ql/src/Declarations/UnusedProperty.ql +++ b/javascript/ql/src/Declarations/UnusedProperty.ql @@ -5,7 +5,7 @@ * @problem.severity recommendation * @id js/unused-property * @tags maintainability - * @precision high + * @precision low */ import javascript diff --git a/javascript/ql/src/Expressions/BitwiseSignCheck.ql b/javascript/ql/src/Expressions/BitwiseSignCheck.ql index e28c6db2d91..658960e39af 100644 --- a/javascript/ql/src/Expressions/BitwiseSignCheck.ql +++ b/javascript/ql/src/Expressions/BitwiseSignCheck.ql @@ -6,7 +6,7 @@ * @id js/bitwise-sign-check * @tags reliability * correctness - * @precision medium + * @precision low */ import javascript diff --git a/javascript/ql/src/Expressions/CompareIdenticalValues.ql b/javascript/ql/src/Expressions/CompareIdenticalValues.ql index 9ad25e5ab10..48eae0c49cd 100644 --- a/javascript/ql/src/Expressions/CompareIdenticalValues.ql +++ b/javascript/ql/src/Expressions/CompareIdenticalValues.ql @@ -11,7 +11,7 @@ * convention * external/cwe/cwe-570 * external/cwe/cwe-571 - * @precision medium + * @precision low */ import Clones diff --git a/javascript/ql/src/Expressions/MisspelledIdentifier.ql b/javascript/ql/src/Expressions/MisspelledIdentifier.ql index 95fd9026149..6eba0ede3a7 100644 --- a/javascript/ql/src/Expressions/MisspelledIdentifier.ql +++ b/javascript/ql/src/Expressions/MisspelledIdentifier.ql @@ -6,7 +6,7 @@ * @id js/misspelled-identifier * @tags maintainability * readability - * @precision high + * @precision low */ import Misspelling diff --git a/javascript/ql/src/JSDoc/BadParamTag.ql b/javascript/ql/src/JSDoc/BadParamTag.ql index b4a9012a0dd..9895f9c608e 100644 --- a/javascript/ql/src/JSDoc/BadParamTag.ql +++ b/javascript/ql/src/JSDoc/BadParamTag.ql @@ -9,7 +9,7 @@ * @tags maintainability * readability * documentation - * @precision high + * @precision low */ import javascript diff --git a/javascript/ql/src/JSDoc/JSDocForNonExistentParameter.ql b/javascript/ql/src/JSDoc/JSDocForNonExistentParameter.ql index 07fa594a28b..8f8190a960f 100644 --- a/javascript/ql/src/JSDoc/JSDocForNonExistentParameter.ql +++ b/javascript/ql/src/JSDoc/JSDocForNonExistentParameter.ql @@ -8,7 +8,7 @@ * @tags maintainability * readability * documentation - * @precision high + * @precision low */ import javascript diff --git a/javascript/ql/src/JSDoc/UndocumentedParameter.ql b/javascript/ql/src/JSDoc/UndocumentedParameter.ql index 2a4b64fa82d..f962bc729a1 100644 --- a/javascript/ql/src/JSDoc/UndocumentedParameter.ql +++ b/javascript/ql/src/JSDoc/UndocumentedParameter.ql @@ -8,7 +8,7 @@ * @tags maintainability * readability * documentation - * @precision high + * @precision low */ import javascript diff --git a/javascript/ql/src/LanguageFeatures/EmptyArrayInit.ql b/javascript/ql/src/LanguageFeatures/EmptyArrayInit.ql index 426ac694e22..eaa9ffdc1fc 100644 --- a/javascript/ql/src/LanguageFeatures/EmptyArrayInit.ql +++ b/javascript/ql/src/LanguageFeatures/EmptyArrayInit.ql @@ -7,7 +7,7 @@ * @tags maintainability * readability * language-features - * @precision high + * @precision low */ import javascript diff --git a/javascript/ql/src/LanguageFeatures/SetterIgnoresParameter.ql b/javascript/ql/src/LanguageFeatures/SetterIgnoresParameter.ql index 4f1758d2cd8..83ccabc41ae 100644 --- a/javascript/ql/src/LanguageFeatures/SetterIgnoresParameter.ql +++ b/javascript/ql/src/LanguageFeatures/SetterIgnoresParameter.ql @@ -8,7 +8,7 @@ * @tags reliability * maintainability * language-features - * @precision high + * @precision low */ import javascript diff --git a/javascript/ql/src/LanguageFeatures/WrongExtensionJSON.ql b/javascript/ql/src/LanguageFeatures/WrongExtensionJSON.ql index a3e73e92167..91e5f58eee6 100644 --- a/javascript/ql/src/LanguageFeatures/WrongExtensionJSON.ql +++ b/javascript/ql/src/LanguageFeatures/WrongExtensionJSON.ql @@ -6,7 +6,7 @@ * @id js/json-in-javascript-file * @tags maintainability * language-features - * @precision high + * @precision low */ import javascript diff --git a/javascript/ql/src/NodeJS/CyclicImport.ql b/javascript/ql/src/NodeJS/CyclicImport.ql index 9650c69e4a4..0613b75ccc0 100644 --- a/javascript/ql/src/NodeJS/CyclicImport.ql +++ b/javascript/ql/src/NodeJS/CyclicImport.ql @@ -8,7 +8,7 @@ * @tags reliability * maintainability * frameworks/node.js - * @precision medium + * @precision low */ import javascript diff --git a/javascript/ql/src/NodeJS/UnusedDependency.ql b/javascript/ql/src/NodeJS/UnusedDependency.ql index e0b9daca732..92a1d89863b 100644 --- a/javascript/ql/src/NodeJS/UnusedDependency.ql +++ b/javascript/ql/src/NodeJS/UnusedDependency.ql @@ -3,7 +3,7 @@ * @description If unnecessary package dependencies are included in package.json, the * package will become harder to install. * @kind problem - * @problem.severity warning + * @problem.severity recommendation * @id js/node/unused-npm-dependency * @tags maintainability * frameworks/node.js diff --git a/javascript/ql/src/Statements/EphemeralLoop.ql b/javascript/ql/src/Statements/EphemeralLoop.ql index e99f0a64ed2..960aee3c074 100644 --- a/javascript/ql/src/Statements/EphemeralLoop.ql +++ b/javascript/ql/src/Statements/EphemeralLoop.ql @@ -6,7 +6,7 @@ * @problem.severity recommendation * @id js/single-run-loop * @tags readability - * @precision high + * @precision low */ import javascript diff --git a/javascript/ql/src/Statements/NestedLoopsSameVariable.ql b/javascript/ql/src/Statements/NestedLoopsSameVariable.ql index 7288415b903..f3cbb30644f 100644 --- a/javascript/ql/src/Statements/NestedLoopsSameVariable.ql +++ b/javascript/ql/src/Statements/NestedLoopsSameVariable.ql @@ -7,7 +7,7 @@ * @id js/nested-loops-with-same-variable * @tags maintainability * correctness - * @precision medium + * @precision low */ import javascript diff --git a/javascript/ql/src/Statements/ReturnOutsideFunction.ql b/javascript/ql/src/Statements/ReturnOutsideFunction.ql index 0cbdbe5ac35..ad29920f690 100644 --- a/javascript/ql/src/Statements/ReturnOutsideFunction.ql +++ b/javascript/ql/src/Statements/ReturnOutsideFunction.ql @@ -7,7 +7,7 @@ * @id js/return-outside-function * @tags reliability * correctness - * @precision medium + * @precision low */ import javascript