What do you think about making the variable identifiers of the CodeQL any(...) expression and exists(...) formula optional if they do not have any formulas?
Currently the CodeQL language specification requires an identifier even though it is not used.
Examples:
exists(GadgetClass unused) // Check whether a vulnerable "gadget" class exists on the class path
and any(CustomMethodCall unused).getArgument(0) instanceof CustomArgument
Here in both cases it is currently necessary to specify a variable identifier (unused), even though it is not used.
For the exists formula this could lead to some ambiguity because it currently allows using expressions (e.g. exists(call.getAnArgument())), however because type names as part of variable declarations cannot contain a period, this should be unambiguous.
What do you think about making the variable identifiers of the CodeQL
any(...)expression andexists(...)formula optional if they do not have any formulas?Currently the CodeQL language specification requires an identifier even though it is not used.
Examples:
Here in both cases it is currently necessary to specify a variable identifier (
unused), even though it is not used.For the
existsformula this could lead to some ambiguity because it currently allows using expressions (e.g.exists(call.getAnArgument())), however because type names as part of variable declarations cannot contain a period, this should be unambiguous.