Conversation
Ripunzip: use releases from github
```
Evaluated relational algebra for predicate DataFlowPrivate::storeStepImpl/4#b2c79f9a@13be12rc with tuple counts:
9 ~0% {3} r1 = JOIN `FlowSummaryImpl::Private::Steps::summaryStoreStep/3#5c2d4899` WITH DataFlowUtil::TFlowSummaryNode#40da8361 ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Rhs.1
9 ~0% {4} | JOIN WITH DataFlowUtil::TFlowSummaryNode#40da8361 ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Rhs.1, _
9 ~12% {4} | REWRITE WITH Out.3 := true
1853420 ~0% {3} r2 = SCAN `DataFlowPrivate::nodeHasInstruction/3#f469bb06` OUTPUT In.1, In.0, In.2
100282 ~0% {3} | JOIN WITH `Instruction::StoreInstruction.getDestinationAddressOperand/0#dispred#596a4aba` ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
127910 ~0% {6} | JOIN WITH `DataFlowPrivate::numberOfLoadsFromOperand/4#7e555666_1023#join_rhs` ON FIRST 1 OUTPUT _, Lhs.1, Rhs.1, Rhs.3, Lhs.2, Rhs.2
127910 ~0% {4} | REWRITE WITH Tmp.0 := 1, Out.0 := (Tmp.0 + In.4 + In.5) KEEPING 4
4178182721 ~1% {4} | JOIN WITH `DataFlowUtil::FieldContent.getIndirectionIndex/0#dispred#cc69866f_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3
4290552803 ~0% {5} | JOIN WITH `DataFlowUtil::FieldContent.getAField/0#dispred#ba1c91e5` ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Lhs.3, Lhs.0, Rhs.1
3033745816 ~5% {7} | JOIN WITH DataFlowUtil::PostFieldUpdateNode#b86f3a84_1023#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3, Lhs.4, Rhs.2, Rhs.3
3033745816 ~3% {9} | JOIN WITH DataFlowUtil::TPostUpdateNodeImpl#f5e76b7a_21#join_rhs ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Lhs.3, Lhs.4, Lhs.0, Lhs.5, Lhs.6, Rhs.1, _
{8} | REWRITE WITH Tmp.8 := 1, TEST InOut.7 = Tmp.8 KEEPING 8
1516872908 ~0% {7} | SCAN OUTPUT In.4, In.5, In.6, In.0, In.1, In.2, In.3
2409090286 ~1% {6} | JOIN WITH DataFlowUtil::PostFieldUpdateNode#b86f3a84_0231#join_rhs ON FIRST 3 OUTPUT Rhs.3, Lhs.6, Lhs.3, Lhs.4, Lhs.5, Lhs.0
66016 ~45% {4} | JOIN WITH `DataFlowUtil::FieldAddress.getField/0#dispred#bdd01c1a` ON FIRST 2 OUTPUT Lhs.2, Lhs.4, Lhs.5, Lhs.3
66025 ~45% {4} r3 = r1 UNION r2
return r3
```
…eamline the minimal dotnet environment.
…nguage as english).
The check for QLDoc comments was unfortunately broken for some time, so we missed this.
The fix was accidentially lost when rebasing the branch that introduced this predicate.
This make the predicate give back sensible results on (upgraded) databases where we do not have expanded arguments, and avoid having to write case distinctions in places where we would want to use `getExpandedArgument`.
Rust: Handle string literals with line breaks
…rlay.qll C/C++ overlay: Add basic `Overlay.qll` file
C#: Pin tests and disable .NET 10 tests.
Swift: update `fmt`
Share XML discard predicates
Add changelog entry for CodeQL CLI version 2.23.6
…-2.23.7 Update branch with previous release notes, and fix date format in change note file
Release preparation for version 2.23.7
Release preparation for version 2.23.7
…cli-2.23.7 Post-release preparation for codeql-cli-2.23.7
…-sap Java: Add change note for Maven compiler flags
JS: Use question-mark variant in all overlay annotations
Release preparation for version 2.23.8
…taFlowPrivate.qll
dilanbhalla
approved these changes
Dec 15, 2025
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
...ery-tests/Security Features/CWE-1004/HttpOnlyCookie/SystemWeb/HttpOnlyCookiesTrue/Web.config
Dismissed
Show dismissed
Hide dismissed
Comment on lines
+54
to
+57
| catch (Exception exc) | ||
| { | ||
| logger.LogInfo($"Couldn't delete {userReportedDirectoryPurpose} directory {exc.Message}"); | ||
| } |
Check notice
Code scanning / CodeQL
Generic catch clause Note
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI about 2 months ago
To fix this problem, the catch clause in the Dispose method should be limited to only those exception types that are expected when deleting directories: typically IOException, UnauthorizedAccessException, and optionally DirectoryNotFoundException.
Steps:
- Replace the broad
catch (Exception exc)with multiple specific catch blocks for each anticipated exception. - In each catch block, log as before, including the relevant exception message.
- Optionally, a final generic
catchcould be used if you still want to ensure nothing escapes, but it's safer to avoid that unless strictly necessary. - No new imports are needed since the required exception types are in
System, which is already imported.
Only code within the Dispose method, in the catch clause around DirInfo.Delete(true), needs to be modified.
Suggested changeset
1
csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyDirectory.cs
| @@ -51,10 +51,18 @@ | ||
| { | ||
| DirInfo.Delete(true); | ||
| } | ||
| catch (Exception exc) | ||
| catch (IOException exc) | ||
| { | ||
| logger.LogInfo($"Couldn't delete {userReportedDirectoryPurpose} directory {exc.Message}"); | ||
| logger.LogInfo($"Couldn't delete {userReportedDirectoryPurpose} directory (IO error): {exc.Message}"); | ||
| } | ||
| catch (UnauthorizedAccessException exc) | ||
| { | ||
| logger.LogInfo($"Couldn't delete {userReportedDirectoryPurpose} directory (access denied): {exc.Message}"); | ||
| } | ||
| catch (DirectoryNotFoundException exc) | ||
| { | ||
| logger.LogInfo($"Couldn't delete {userReportedDirectoryPurpose} directory (not found): {exc.Message}"); | ||
| } | ||
| } | ||
|
|
||
| public override string ToString() => DirInfo.FullName; |
Copilot is powered by AI and may make mistakes. Always verify output.
csharp/extractor/Semmle.Extraction.CSharp/Extractor/OverlayInfo.cs
Dismissed
Show dismissed
Hide dismissed
csharp/extractor/Semmle.Extraction.CSharp.Standalone/Extractor.cs
Dismissed
Show dismissed
Hide dismissed
csharp/extractor/Semmle.Extraction.CSharp.Standalone/Extractor.cs
Dismissed
Show dismissed
Hide dismissed
csharp/extractor/Semmle.Extraction.CSharp.Standalone/Extractor.cs
Dismissed
Show dismissed
Hide dismissed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Syncs with upstream
codeql-cli/v2.23.8.