Semmle 1.22
Skip to end of metadata
Go to start of metadata

On this page:

HIDDEN

Analysis in all applications

The following changes in version 1.18 affect Java analysis in all applications.


General improvements

  • The extractor now supports the extraction of code written using Java 10, including all new language features introduced in the Java 10 release.

  • The Maven settings_file option in an lgtm.yml configuration can now be specified as a relative path (relative to the source root directory $LGTM_SRC). This is useful when a project-specific settings file is stored along with the source code.

  • In previous versions of LGTM, code was built in an environment with JAVA_HOME set to the version of Java bundled with the QL analysis tools. This version of Java was also added to the PATH. LGTM no longer changes the JAVA_HOME or PATH environment variables.

New queries

Query Tags Purpose
Hard-coded credential in API call (java/hardcoded-credential-api-call) security, external/cwe/cwe-798 Highlights hard-coded credentials that flow to a sensitive API call. Results are hidden on LGTM by default.

Changes to existing queries

Query Expected impact Change
Dereferenced variable may be null (java/dereferenced-value-may-be-null) Fewer false positive results Switch cases acting as implicit null guards are taken into account.
Missing format argument (java/missing-format-argument) More results Additional results involving org.slf4j.Logger-based formatting are now reported.
Potential database resource leak (java/database-resource-leak) Fewer false positive results Results arising from Mockito.verify(..) objects are no longer reported.
Resolving XML external entity in user-controlled data (java/xxe) More results Additional results involving the Simple XML serialization framework are now reported.
Uncontrolled data in arithmetic expression (java/uncontrolled-arithmetic) More results Additional results involving prefix/postfix increment/decrement expressions are now reported.
Unused format argument (java/unused-format-argument) More results Additional results involving org.slf4j.Logger-based formatting are now reported.
Useless null check (java/useless-null-check) More results Null checks on this and variables that are already checked for null are now reported.
User-controlled data in arithmetic expression (java/tainted-arithmetic) More results Additional results involving prefix/postfix increment/decrement expressions are now reported.

Changes to QL libraries

  • The control-flow graph is improved with more precise tracking of method calls that always throw exceptions. This improves precision for a wide range of queries, in particular those that rely directly on local control flow, including java/constant-comparison, java/dereferenced-value-may-be-null, and java/switch-fall-through.
  • The data-flow and taint-tracking libraries can now track flow through instance fields. This affects all security queries, which can return additional results with more complex flow paths.
  • The data-flow and taint-tracking libraries now perform type-based path pruning to rule out some impossible paths. This increases the precision of all security queries.
  • The Guards library is extended to include a class Guard and in particular the predicate Guard.controls(..). This is similar to ConditionBlock.controls but also includes switch case-guards and identifies implicit guards through logical reasoning.
  • The VirtualDispatch library models dispatch to lambdas and other anonymous classes more precisely. This affects a wide range of queries including more precise data flow for all security queries, and improved precision for all queries based on SSA, including java/constant-comparison, java/dereferenced-value-may-be-null, and java/index-out-of-bounds.

Additional changes for analysis in QL tools and applications only

There are no changes in version 1.18 that affect Java analysis only in QL for Eclipse, and the QL command-line tools.

  • No labels