Skip to content

C#: Improve cs/dereference-* queries and add to the Code Quality suite. #19589

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

C#: Improve cs/dereference-* queries and add to the Code Quality suite. #19589

wants to merge 8 commits into from

Conversation

michaelnebel
Copy link
Contributor

@michaelnebel michaelnebel commented May 27, 2025
edited
Loading

In this PR we do the following for cs/dereferenced-value-is-always-null and cs/dereferenced-value-may-be-null.

  • Change the class of de-referenced expressions: When calling a library extension method where the this parameter is a nullable type, we now assume that the null may happen in the extension method itself (this is at least common for the usage of testing frameworks, which reports a high amount of false positives related to the use of such extension methods).
  • Remove the explicit type requirements on Debug.Assert methods (they are trivially true). They cause issues when extraction have broken types - and the change doesn't affect the methods that match the predicate when types are healthy.
  • Add the queries of the Code Quality suite.
  • Convert the tests to use inline expectations tests.

DCA looks good.

@github-actions github-actions bot added the C# label May 27, 2025
@michaelnebel michaelnebel force-pushed the csharp/dereference branch 2 times, most recently from c1e05e6 to 09f9849 Compare May 27, 2025 12:17
@michaelnebel michaelnebel marked this pull request as ready for review June 4, 2025 08:15
@Copilot Copilot AI review requested due to automatic review settings June 4, 2025 08:15
@michaelnebel michaelnebel requested a review from a team as a code owner June 4, 2025 08:15
Copilot
Copilot AI reviewed Jun 4, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR enhances the null-dereference queries by treating nullable extension-method receivers as potentially safe, removes strict type checks on Debug.Assert, and folds the new queries into the Code Quality suite with inline-expectation tests.

  • Broaden cs/dereferenced-value-is-always-null/cs/dereferenced-value-may-be-null to ignore null dereferences inside library extension methods on nullable receivers.
  • Simplify Debug.Assert matching by dropping parameter-type checks.
  • Add both queries to the Code Quality query suite and convert tests to use inline expectations.

Reviewed Changes

Copilot reviewed 26 out of 26 changed files in this pull request and generated no comments.

File Description
csharp/ql/src/change-notes/2025-06-03-dereferece-extension-method.md Adds change note for extension-method deref behavior (typo in name)
csharp/ql/lib/semmle/code/csharp/frameworks/system/Diagnostics.qll Loosen Assert matcher to any Assert overload without param check
csharp/ql/lib/semmle/code/csharp/dataflow/Nullness.qll Update Dereference predicate to treat nullable extension receivers safely
csharp/ql/integration-tests/posix/query-suite/csharp-code-quality.qls.expected Include the new queries in the Code Quality suite

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
C# documentation
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@michaelnebel