search

github / codeql

CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
https://codeql.github.com
MIT License
7.69k stars 1.54k forks source link

General issue #12211

Open SimonPriceUL opened 1 year ago

SimonPriceUL commented 1 year ago

I am looking at using CodeQL for my react app and am using the boiler plate to as much as n extent that I can. 

strategy:
  fail-fast: false
  matrix:
    language: [ 'javascript' ]

steps:
- name: Checkout repository
  uses: actions/checkout@v3

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
  uses: github/codeql-action/init@v2
  with:
    languages: ${{ matrix.language }}
    queries: security-and-quality

- name: Autobuild
  uses: github/codeql-action/autobuild@v2

- name: Perform CodeQL Analysis
  uses: github/codeql-action/analyze@v2
  with:
    category: "/language:${{matrix.language}}"

However, when adding poor conditions in the code such as 

        var unused : any;
        if (unused == 'start')
        console.log("something");
    else if (unused == 'start')
    console.log("something");

    else
        throw new Error("Message not understood.");

example https://codeql.github.com/codeql-query-help/javascript/js-duplicate-condition/

expecting CodeQL to throw an issue, this sailed through with no issues. Can someone please help and let me know what I have done wrong.

SimonPriceUL commented 1 year ago

Also, the code with the if conditions is poorly indented on purpose as I wanted to see formatting issues raised too

alexet commented 1 year ago

Thanks for the report

The code looks like it should give an alert.

Inside the "Perform CodeQL Analysis" step the should be a section called "Extracting javascript" and within that section there should be a line that starts "Extracting` followed by your file name. Does that line exist in the log?