From dad044ed54cfba7fd6b0b6ffeb52061a1e4e2a29 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Tue, 31 Oct 2023 17:02:29 +0000 Subject: [PATCH 1/8] C++: Accept test changes after github/codeql/pull/14637. --- .../MissingConstructorCallForManuallyManagedObject.expected | 4 ++++ cpp/cert/test/rules/MEM53-CPP/test.cpp | 5 +++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/cpp/cert/test/rules/MEM53-CPP/MissingConstructorCallForManuallyManagedObject.expected b/cpp/cert/test/rules/MEM53-CPP/MissingConstructorCallForManuallyManagedObject.expected index 7225190e38..e06f6b9a63 100644 --- a/cpp/cert/test/rules/MEM53-CPP/MissingConstructorCallForManuallyManagedObject.expected +++ b/cpp/cert/test/rules/MEM53-CPP/MissingConstructorCallForManuallyManagedObject.expected @@ -2,6 +2,7 @@ WARNING: Module DataFlow has been deprecated and may be removed in future (/home WARNING: Module DataFlow has been deprecated and may be removed in future (/home/runner/work/semmle-code/semmle-code/codeql-coding-standards/cpp/cert/src/rules/MEM53-CPP/MissingConstructorCallForManuallyManagedObject.ql:25,38-46) WARNING: Module DataFlow has been deprecated and may be removed in future (/home/runner/work/semmle-code/semmle-code/codeql-coding-standards/cpp/cert/src/rules/MEM53-CPP/MissingConstructorCallForManuallyManagedObject.ql:25,65-73) edges +| test.cpp:65:21:65:34 | call to operator new | test.cpp:67:26:67:32 | call to realloc | nodes | test.cpp:16:26:16:31 | call to malloc | semmle.label | call to malloc | | test.cpp:17:38:17:43 | call to malloc | semmle.label | call to malloc | @@ -12,6 +13,8 @@ nodes | test.cpp:47:26:47:39 | call to operator new | semmle.label | call to operator new | | test.cpp:49:29:49:42 | call to operator new | semmle.label | call to operator new | | test.cpp:51:29:51:42 | call to operator new | semmle.label | call to operator new | +| test.cpp:65:21:65:34 | call to operator new | semmle.label | call to operator new | +| test.cpp:67:26:67:32 | call to realloc | semmle.label | call to realloc | subpaths #select | test.cpp:16:26:16:31 | call to malloc | test.cpp:16:26:16:31 | call to malloc | test.cpp:16:26:16:31 | call to malloc | Allocation to cast without constructor call | @@ -23,3 +26,4 @@ subpaths | test.cpp:47:26:47:39 | call to operator new | test.cpp:47:26:47:39 | call to operator new | test.cpp:47:26:47:39 | call to operator new | Allocation to cast without constructor call | | test.cpp:49:29:49:42 | call to operator new | test.cpp:49:29:49:42 | call to operator new | test.cpp:49:29:49:42 | call to operator new | Allocation to cast without constructor call | | test.cpp:51:29:51:42 | call to operator new | test.cpp:51:29:51:42 | call to operator new | test.cpp:51:29:51:42 | call to operator new | Allocation to cast without constructor call | +| test.cpp:67:26:67:32 | call to realloc | test.cpp:65:21:65:34 | call to operator new | test.cpp:67:26:67:32 | call to realloc | Allocation to cast without constructor call | diff --git a/cpp/cert/test/rules/MEM53-CPP/test.cpp b/cpp/cert/test/rules/MEM53-CPP/test.cpp index 12c6d1ee56..82c0953a60 100644 --- a/cpp/cert/test/rules/MEM53-CPP/test.cpp +++ b/cpp/cert/test/rules/MEM53-CPP/test.cpp @@ -63,6 +63,7 @@ void test_no_constructor_but_has_destructor() { void test_realloc() { void *goodAlloc = ::operator new(sizeof(ClassA)); - ClassA *a1 = new (goodAlloc) ClassA{1}; // COMPLIANT - ClassA *a2 = (ClassA *)realloc(goodAlloc, sizeof(ClassA) * 2); // COMPLIANT + ClassA *a1 = new (goodAlloc) ClassA{1}; // COMPLIANT + ClassA *a2 = (ClassA *)realloc( + goodAlloc, sizeof(ClassA) * 2); // COMPLIANT [FALSE_POSITIVE] } \ No newline at end of file From faf222e15365f1d86bf468912afb21491094829d Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Tue, 28 Nov 2023 17:00:26 +0100 Subject: [PATCH 2/8] Use new `isPrototyped` predicate in RULE-8-2 From CodeQL 2.15.4 onwards, parameters declared in a declaration list will have a location. --- .../rules/RULE-8-2/FunctionTypesNotInPrototypeForm.ql | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/c/misra/src/rules/RULE-8-2/FunctionTypesNotInPrototypeForm.ql b/c/misra/src/rules/RULE-8-2/FunctionTypesNotInPrototypeForm.ql index e46085750d..583bf257aa 100644 --- a/c/misra/src/rules/RULE-8-2/FunctionTypesNotInPrototypeForm.ql +++ b/c/misra/src/rules/RULE-8-2/FunctionTypesNotInPrototypeForm.ql @@ -48,11 +48,9 @@ where msg = "Function " + f + " does not specify void for no parameters present." or //parameters declared in declaration list (not in function signature) - //have placeholder file location associated only - exists(Parameter p | - p.getFunction() = f and - not p.getFile() = f.getFile() and - msg = "Function " + f + " declares parameter in unsupported declaration list." - ) + //have no prototype + not f.isPrototyped() and + not hasZeroParamDecl(f) and + msg = "Function " + f + " declares parameter in unsupported declaration list." ) select f, msg From 95d048ad923e60a359ec264cd2285b7025400b4a Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Tue, 28 Nov 2023 16:14:58 +0000 Subject: [PATCH 3/8] C++: Disable the workaround for bitwise operations since the underlying bug has been fixed. --- cpp/common/src/codingstandards/cpp/Bitwise.qll | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/cpp/common/src/codingstandards/cpp/Bitwise.qll b/cpp/common/src/codingstandards/cpp/Bitwise.qll index 0e19cae29d..871587b4ea 100644 --- a/cpp/common/src/codingstandards/cpp/Bitwise.qll +++ b/cpp/common/src/codingstandards/cpp/Bitwise.qll @@ -5,16 +5,6 @@ private import cpp as cpp module Bitwise { - /** - * A binary bitwise assign operation, excluding += and -= on pointers, which seem to be erroneously - * included. - */ - class AssignBitwiseOperation extends cpp::AssignBitwiseOperation { - AssignBitwiseOperation() { - // exclude += and -= on pointers, which seem to be erroneously included - // in the database schema - not this instanceof cpp::AssignPointerAddExpr and - not this instanceof cpp::AssignPointerSubExpr - } - } + /** A binary bitwise assign operation. */ + class AssignBitwiseOperation extends cpp::AssignBitwiseOperation { } } From f553ba0d5fd3d8e02d069e4cf283e4dce85a278d Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 29 Nov 2023 10:08:44 +0000 Subject: [PATCH 4/8] Completely rip out the Bitwise library. --- .../OperandsOfAnInappropriateEssentialType.ql | 3 +-- ...twiseOperatorOperandsHaveDifferentUnderlyingType.ql | 3 +-- .../M5-0-21/BitwiseOperatorAppliedToSignedTypes.ql | 3 +-- .../M5-8-1/RightBitShiftOperandIsNegativeOrTooWide.ql | 3 +-- cpp/common/src/codingstandards/cpp/Bitwise.qll | 10 ---------- 5 files changed, 4 insertions(+), 18 deletions(-) delete mode 100644 cpp/common/src/codingstandards/cpp/Bitwise.qll diff --git a/c/misra/src/rules/RULE-10-1/OperandsOfAnInappropriateEssentialType.ql b/c/misra/src/rules/RULE-10-1/OperandsOfAnInappropriateEssentialType.ql index 6fdde80119..005b7c6cf5 100644 --- a/c/misra/src/rules/RULE-10-1/OperandsOfAnInappropriateEssentialType.ql +++ b/c/misra/src/rules/RULE-10-1/OperandsOfAnInappropriateEssentialType.ql @@ -14,7 +14,6 @@ import cpp import codingstandards.c.misra import codingstandards.c.misra.EssentialTypes -import codingstandards.cpp.Bitwise /** * Holds if the operator `operator` has an operand `child` that is of an inappropriate essential type @@ -178,7 +177,7 @@ predicate isInappropriateEssentialType( child = [ operator.(BinaryBitwiseOperation).getAnOperand(), - operator.(Bitwise::AssignBitwiseOperation).getAnOperand() + operator.(AssignBitwiseOperation).getAnOperand() ] and not operator instanceof LShiftExpr and not operator instanceof RShiftExpr and diff --git a/cpp/autosar/src/rules/M5-0-20/BitwiseOperatorOperandsHaveDifferentUnderlyingType.ql b/cpp/autosar/src/rules/M5-0-20/BitwiseOperatorOperandsHaveDifferentUnderlyingType.ql index 9e85a15e50..6d0554bf11 100644 --- a/cpp/autosar/src/rules/M5-0-20/BitwiseOperatorOperandsHaveDifferentUnderlyingType.ql +++ b/cpp/autosar/src/rules/M5-0-20/BitwiseOperatorOperandsHaveDifferentUnderlyingType.ql @@ -16,7 +16,6 @@ import cpp import codingstandards.cpp.autosar -import codingstandards.cpp.Bitwise import codingstandards.cpp.Conversion predicate isBinaryBitwiseOperation(Operation o, VariableAccess l, VariableAccess r) { @@ -24,7 +23,7 @@ predicate isBinaryBitwiseOperation(Operation o, VariableAccess l, VariableAccess l = bbo.getLeftOperand() and r = bbo.getRightOperand() ) or - exists(Bitwise::AssignBitwiseOperation abo | abo = o | + exists(AssignBitwiseOperation abo | abo = o | l = abo.getLValue() and r = abo.getRValue() ) diff --git a/cpp/autosar/src/rules/M5-0-21/BitwiseOperatorAppliedToSignedTypes.ql b/cpp/autosar/src/rules/M5-0-21/BitwiseOperatorAppliedToSignedTypes.ql index d000155189..02bb5314cd 100644 --- a/cpp/autosar/src/rules/M5-0-21/BitwiseOperatorAppliedToSignedTypes.ql +++ b/cpp/autosar/src/rules/M5-0-21/BitwiseOperatorAppliedToSignedTypes.ql @@ -17,7 +17,6 @@ import cpp import codingstandards.cpp.autosar -import codingstandards.cpp.Bitwise from Operation o, VariableAccess va where @@ -25,7 +24,7 @@ where ( o instanceof UnaryBitwiseOperation or o instanceof BinaryBitwiseOperation or - o instanceof Bitwise::AssignBitwiseOperation + o instanceof AssignBitwiseOperation ) and o.getAnOperand() = va and va.getTarget().getUnderlyingType().(IntegralType).isSigned() diff --git a/cpp/autosar/src/rules/M5-8-1/RightBitShiftOperandIsNegativeOrTooWide.ql b/cpp/autosar/src/rules/M5-8-1/RightBitShiftOperandIsNegativeOrTooWide.ql index 38da7115f3..b94d76fd94 100644 --- a/cpp/autosar/src/rules/M5-8-1/RightBitShiftOperandIsNegativeOrTooWide.ql +++ b/cpp/autosar/src/rules/M5-8-1/RightBitShiftOperandIsNegativeOrTooWide.ql @@ -17,7 +17,6 @@ import cpp import codingstandards.cpp.autosar -import codingstandards.cpp.Bitwise class ShiftOperation extends Operation { Expr leftOperand; @@ -34,7 +33,7 @@ class ShiftOperation extends Operation { rightOperand = o.getRightOperand() ) or - exists(Bitwise::AssignBitwiseOperation o | this = o | + exists(AssignBitwiseOperation o | this = o | ( o instanceof AssignLShiftExpr or diff --git a/cpp/common/src/codingstandards/cpp/Bitwise.qll b/cpp/common/src/codingstandards/cpp/Bitwise.qll deleted file mode 100644 index 871587b4ea..0000000000 --- a/cpp/common/src/codingstandards/cpp/Bitwise.qll +++ /dev/null @@ -1,10 +0,0 @@ -/** - * A library for addressing issues in bitwise operator modelling in our database schema. - */ - -private import cpp as cpp - -module Bitwise { - /** A binary bitwise assign operation. */ - class AssignBitwiseOperation extends cpp::AssignBitwiseOperation { } -} From c9a7b05a886028d36521b01e3db63b4766045f89 Mon Sep 17 00:00:00 2001 From: lcartey <5377966+lcartey@users.noreply.github.com> Date: Fri, 4 Oct 2024 22:18:22 +0000 Subject: [PATCH 5/8] Upgrading `github/codeql` dependency to 2.15.5 --- c/cert/src/codeql-pack.lock.yml | 12 ++++++++---- c/cert/src/qlpack.yml | 2 +- c/cert/test/codeql-pack.lock.yml | 12 ++++++++---- c/common/src/codeql-pack.lock.yml | 12 ++++++++---- c/common/src/qlpack.yml | 2 +- c/common/test/codeql-pack.lock.yml | 12 ++++++++---- c/misra/src/codeql-pack.lock.yml | 12 ++++++++---- c/misra/src/qlpack.yml | 2 +- c/misra/test/codeql-pack.lock.yml | 12 ++++++++---- cpp/autosar/src/codeql-pack.lock.yml | 12 ++++++++---- cpp/autosar/src/qlpack.yml | 2 +- cpp/autosar/test/codeql-pack.lock.yml | 12 ++++++++---- cpp/cert/src/codeql-pack.lock.yml | 12 ++++++++---- cpp/cert/src/qlpack.yml | 2 +- cpp/cert/test/codeql-pack.lock.yml | 12 ++++++++---- cpp/common/src/codeql-pack.lock.yml | 12 ++++++++---- cpp/common/src/qlpack.yml | 4 ++-- cpp/common/test/codeql-pack.lock.yml | 12 ++++++++---- cpp/misra/src/codeql-pack.lock.yml | 12 ++++++++---- cpp/misra/src/qlpack.yml | 2 +- cpp/misra/test/codeql-pack.lock.yml | 12 ++++++++---- cpp/report/src/codeql-pack.lock.yml | 12 ++++++++---- cpp/report/src/qlpack.yml | 2 +- .../generate_modules/queries/codeql-pack.lock.yml | 12 ++++++++---- scripts/generate_modules/queries/qlpack.yml | 2 +- supported_codeql_configs.json | 6 +++--- 26 files changed, 141 insertions(+), 77 deletions(-) diff --git a/c/cert/src/codeql-pack.lock.yml b/c/cert/src/codeql-pack.lock.yml index 514e6963d0..4edf97c6f8 100644 --- a/c/cert/src/codeql-pack.lock.yml +++ b/c/cert/src/codeql-pack.lock.yml @@ -2,13 +2,17 @@ lockVersion: 1.0.0 dependencies: codeql/cpp-all: - version: 0.9.3 + version: 0.12.2 codeql/dataflow: + version: 0.1.5 + codeql/rangeanalysis: version: 0.0.4 codeql/ssa: - version: 0.1.5 + version: 0.2.5 codeql/tutorial: - version: 0.1.5 + version: 0.2.5 + codeql/typetracking: + version: 0.2.5 codeql/util: - version: 0.1.5 + version: 0.2.5 compiled: false diff --git a/c/cert/src/qlpack.yml b/c/cert/src/qlpack.yml index a0adb282a4..f0daa6334a 100644 --- a/c/cert/src/qlpack.yml +++ b/c/cert/src/qlpack.yml @@ -5,4 +5,4 @@ suites: codeql-suites license: MIT dependencies: codeql/common-c-coding-standards: '*' - codeql/cpp-all: 0.9.3 + codeql/cpp-all: 0.12.2 diff --git a/c/cert/test/codeql-pack.lock.yml b/c/cert/test/codeql-pack.lock.yml index 514e6963d0..4edf97c6f8 100644 --- a/c/cert/test/codeql-pack.lock.yml +++ b/c/cert/test/codeql-pack.lock.yml @@ -2,13 +2,17 @@ lockVersion: 1.0.0 dependencies: codeql/cpp-all: - version: 0.9.3 + version: 0.12.2 codeql/dataflow: + version: 0.1.5 + codeql/rangeanalysis: version: 0.0.4 codeql/ssa: - version: 0.1.5 + version: 0.2.5 codeql/tutorial: - version: 0.1.5 + version: 0.2.5 + codeql/typetracking: + version: 0.2.5 codeql/util: - version: 0.1.5 + version: 0.2.5 compiled: false diff --git a/c/common/src/codeql-pack.lock.yml b/c/common/src/codeql-pack.lock.yml index 514e6963d0..4edf97c6f8 100644 --- a/c/common/src/codeql-pack.lock.yml +++ b/c/common/src/codeql-pack.lock.yml @@ -2,13 +2,17 @@ lockVersion: 1.0.0 dependencies: codeql/cpp-all: - version: 0.9.3 + version: 0.12.2 codeql/dataflow: + version: 0.1.5 + codeql/rangeanalysis: version: 0.0.4 codeql/ssa: - version: 0.1.5 + version: 0.2.5 codeql/tutorial: - version: 0.1.5 + version: 0.2.5 + codeql/typetracking: + version: 0.2.5 codeql/util: - version: 0.1.5 + version: 0.2.5 compiled: false diff --git a/c/common/src/qlpack.yml b/c/common/src/qlpack.yml index b1571ec4ec..5f18365483 100644 --- a/c/common/src/qlpack.yml +++ b/c/common/src/qlpack.yml @@ -3,4 +3,4 @@ version: 2.36.0-dev license: MIT dependencies: codeql/common-cpp-coding-standards: '*' - codeql/cpp-all: 0.9.3 + codeql/cpp-all: 0.12.2 diff --git a/c/common/test/codeql-pack.lock.yml b/c/common/test/codeql-pack.lock.yml index 514e6963d0..4edf97c6f8 100644 --- a/c/common/test/codeql-pack.lock.yml +++ b/c/common/test/codeql-pack.lock.yml @@ -2,13 +2,17 @@ lockVersion: 1.0.0 dependencies: codeql/cpp-all: - version: 0.9.3 + version: 0.12.2 codeql/dataflow: + version: 0.1.5 + codeql/rangeanalysis: version: 0.0.4 codeql/ssa: - version: 0.1.5 + version: 0.2.5 codeql/tutorial: - version: 0.1.5 + version: 0.2.5 + codeql/typetracking: + version: 0.2.5 codeql/util: - version: 0.1.5 + version: 0.2.5 compiled: false diff --git a/c/misra/src/codeql-pack.lock.yml b/c/misra/src/codeql-pack.lock.yml index 514e6963d0..4edf97c6f8 100644 --- a/c/misra/src/codeql-pack.lock.yml +++ b/c/misra/src/codeql-pack.lock.yml @@ -2,13 +2,17 @@ lockVersion: 1.0.0 dependencies: codeql/cpp-all: - version: 0.9.3 + version: 0.12.2 codeql/dataflow: + version: 0.1.5 + codeql/rangeanalysis: version: 0.0.4 codeql/ssa: - version: 0.1.5 + version: 0.2.5 codeql/tutorial: - version: 0.1.5 + version: 0.2.5 + codeql/typetracking: + version: 0.2.5 codeql/util: - version: 0.1.5 + version: 0.2.5 compiled: false diff --git a/c/misra/src/qlpack.yml b/c/misra/src/qlpack.yml index 5de8472821..9d0ed62e06 100644 --- a/c/misra/src/qlpack.yml +++ b/c/misra/src/qlpack.yml @@ -6,4 +6,4 @@ license: MIT default-suite-file: codeql-suites/misra-c-default.qls dependencies: codeql/common-c-coding-standards: '*' - codeql/cpp-all: 0.9.3 + codeql/cpp-all: 0.12.2 diff --git a/c/misra/test/codeql-pack.lock.yml b/c/misra/test/codeql-pack.lock.yml index 514e6963d0..4edf97c6f8 100644 --- a/c/misra/test/codeql-pack.lock.yml +++ b/c/misra/test/codeql-pack.lock.yml @@ -2,13 +2,17 @@ lockVersion: 1.0.0 dependencies: codeql/cpp-all: - version: 0.9.3 + version: 0.12.2 codeql/dataflow: + version: 0.1.5 + codeql/rangeanalysis: version: 0.0.4 codeql/ssa: - version: 0.1.5 + version: 0.2.5 codeql/tutorial: - version: 0.1.5 + version: 0.2.5 + codeql/typetracking: + version: 0.2.5 codeql/util: - version: 0.1.5 + version: 0.2.5 compiled: false diff --git a/cpp/autosar/src/codeql-pack.lock.yml b/cpp/autosar/src/codeql-pack.lock.yml index 514e6963d0..4edf97c6f8 100644 --- a/cpp/autosar/src/codeql-pack.lock.yml +++ b/cpp/autosar/src/codeql-pack.lock.yml @@ -2,13 +2,17 @@ lockVersion: 1.0.0 dependencies: codeql/cpp-all: - version: 0.9.3 + version: 0.12.2 codeql/dataflow: + version: 0.1.5 + codeql/rangeanalysis: version: 0.0.4 codeql/ssa: - version: 0.1.5 + version: 0.2.5 codeql/tutorial: - version: 0.1.5 + version: 0.2.5 + codeql/typetracking: + version: 0.2.5 codeql/util: - version: 0.1.5 + version: 0.2.5 compiled: false diff --git a/cpp/autosar/src/qlpack.yml b/cpp/autosar/src/qlpack.yml index 947013155f..93a0f4bd9a 100644 --- a/cpp/autosar/src/qlpack.yml +++ b/cpp/autosar/src/qlpack.yml @@ -5,4 +5,4 @@ suites: codeql-suites license: MIT dependencies: codeql/common-cpp-coding-standards: '*' - codeql/cpp-all: 0.9.3 + codeql/cpp-all: 0.12.2 diff --git a/cpp/autosar/test/codeql-pack.lock.yml b/cpp/autosar/test/codeql-pack.lock.yml index 514e6963d0..4edf97c6f8 100644 --- a/cpp/autosar/test/codeql-pack.lock.yml +++ b/cpp/autosar/test/codeql-pack.lock.yml @@ -2,13 +2,17 @@ lockVersion: 1.0.0 dependencies: codeql/cpp-all: - version: 0.9.3 + version: 0.12.2 codeql/dataflow: + version: 0.1.5 + codeql/rangeanalysis: version: 0.0.4 codeql/ssa: - version: 0.1.5 + version: 0.2.5 codeql/tutorial: - version: 0.1.5 + version: 0.2.5 + codeql/typetracking: + version: 0.2.5 codeql/util: - version: 0.1.5 + version: 0.2.5 compiled: false diff --git a/cpp/cert/src/codeql-pack.lock.yml b/cpp/cert/src/codeql-pack.lock.yml index 514e6963d0..4edf97c6f8 100644 --- a/cpp/cert/src/codeql-pack.lock.yml +++ b/cpp/cert/src/codeql-pack.lock.yml @@ -2,13 +2,17 @@ lockVersion: 1.0.0 dependencies: codeql/cpp-all: - version: 0.9.3 + version: 0.12.2 codeql/dataflow: + version: 0.1.5 + codeql/rangeanalysis: version: 0.0.4 codeql/ssa: - version: 0.1.5 + version: 0.2.5 codeql/tutorial: - version: 0.1.5 + version: 0.2.5 + codeql/typetracking: + version: 0.2.5 codeql/util: - version: 0.1.5 + version: 0.2.5 compiled: false diff --git a/cpp/cert/src/qlpack.yml b/cpp/cert/src/qlpack.yml index 3a435b5e8e..3a85e2aa20 100644 --- a/cpp/cert/src/qlpack.yml +++ b/cpp/cert/src/qlpack.yml @@ -4,5 +4,5 @@ description: CERT C++ 2016 suites: codeql-suites license: MIT dependencies: - codeql/cpp-all: 0.9.3 + codeql/cpp-all: 0.12.2 codeql/common-cpp-coding-standards: '*' diff --git a/cpp/cert/test/codeql-pack.lock.yml b/cpp/cert/test/codeql-pack.lock.yml index 514e6963d0..4edf97c6f8 100644 --- a/cpp/cert/test/codeql-pack.lock.yml +++ b/cpp/cert/test/codeql-pack.lock.yml @@ -2,13 +2,17 @@ lockVersion: 1.0.0 dependencies: codeql/cpp-all: - version: 0.9.3 + version: 0.12.2 codeql/dataflow: + version: 0.1.5 + codeql/rangeanalysis: version: 0.0.4 codeql/ssa: - version: 0.1.5 + version: 0.2.5 codeql/tutorial: - version: 0.1.5 + version: 0.2.5 + codeql/typetracking: + version: 0.2.5 codeql/util: - version: 0.1.5 + version: 0.2.5 compiled: false diff --git a/cpp/common/src/codeql-pack.lock.yml b/cpp/common/src/codeql-pack.lock.yml index 514e6963d0..4edf97c6f8 100644 --- a/cpp/common/src/codeql-pack.lock.yml +++ b/cpp/common/src/codeql-pack.lock.yml @@ -2,13 +2,17 @@ lockVersion: 1.0.0 dependencies: codeql/cpp-all: - version: 0.9.3 + version: 0.12.2 codeql/dataflow: + version: 0.1.5 + codeql/rangeanalysis: version: 0.0.4 codeql/ssa: - version: 0.1.5 + version: 0.2.5 codeql/tutorial: - version: 0.1.5 + version: 0.2.5 + codeql/typetracking: + version: 0.2.5 codeql/util: - version: 0.1.5 + version: 0.2.5 compiled: false diff --git a/cpp/common/src/qlpack.yml b/cpp/common/src/qlpack.yml index a2448fd608..b7f90b4cd3 100644 --- a/cpp/common/src/qlpack.yml +++ b/cpp/common/src/qlpack.yml @@ -2,6 +2,6 @@ name: codeql/common-cpp-coding-standards version: 2.36.0-dev license: MIT dependencies: - codeql/cpp-all: 0.9.3 + codeql/cpp-all: 0.12.2 dataExtensions: - - ext/*.model.yml \ No newline at end of file +- ext/*.model.yml diff --git a/cpp/common/test/codeql-pack.lock.yml b/cpp/common/test/codeql-pack.lock.yml index 514e6963d0..4edf97c6f8 100644 --- a/cpp/common/test/codeql-pack.lock.yml +++ b/cpp/common/test/codeql-pack.lock.yml @@ -2,13 +2,17 @@ lockVersion: 1.0.0 dependencies: codeql/cpp-all: - version: 0.9.3 + version: 0.12.2 codeql/dataflow: + version: 0.1.5 + codeql/rangeanalysis: version: 0.0.4 codeql/ssa: - version: 0.1.5 + version: 0.2.5 codeql/tutorial: - version: 0.1.5 + version: 0.2.5 + codeql/typetracking: + version: 0.2.5 codeql/util: - version: 0.1.5 + version: 0.2.5 compiled: false diff --git a/cpp/misra/src/codeql-pack.lock.yml b/cpp/misra/src/codeql-pack.lock.yml index 514e6963d0..4edf97c6f8 100644 --- a/cpp/misra/src/codeql-pack.lock.yml +++ b/cpp/misra/src/codeql-pack.lock.yml @@ -2,13 +2,17 @@ lockVersion: 1.0.0 dependencies: codeql/cpp-all: - version: 0.9.3 + version: 0.12.2 codeql/dataflow: + version: 0.1.5 + codeql/rangeanalysis: version: 0.0.4 codeql/ssa: - version: 0.1.5 + version: 0.2.5 codeql/tutorial: - version: 0.1.5 + version: 0.2.5 + codeql/typetracking: + version: 0.2.5 codeql/util: - version: 0.1.5 + version: 0.2.5 compiled: false diff --git a/cpp/misra/src/qlpack.yml b/cpp/misra/src/qlpack.yml index 4c0aa45f4f..b713614f68 100644 --- a/cpp/misra/src/qlpack.yml +++ b/cpp/misra/src/qlpack.yml @@ -5,4 +5,4 @@ default-suite: codeql-suites/misra-cpp-default.qls license: MIT dependencies: codeql/common-cpp-coding-standards: '*' - codeql/cpp-all: 0.9.3 + codeql/cpp-all: 0.12.2 diff --git a/cpp/misra/test/codeql-pack.lock.yml b/cpp/misra/test/codeql-pack.lock.yml index 514e6963d0..4edf97c6f8 100644 --- a/cpp/misra/test/codeql-pack.lock.yml +++ b/cpp/misra/test/codeql-pack.lock.yml @@ -2,13 +2,17 @@ lockVersion: 1.0.0 dependencies: codeql/cpp-all: - version: 0.9.3 + version: 0.12.2 codeql/dataflow: + version: 0.1.5 + codeql/rangeanalysis: version: 0.0.4 codeql/ssa: - version: 0.1.5 + version: 0.2.5 codeql/tutorial: - version: 0.1.5 + version: 0.2.5 + codeql/typetracking: + version: 0.2.5 codeql/util: - version: 0.1.5 + version: 0.2.5 compiled: false diff --git a/cpp/report/src/codeql-pack.lock.yml b/cpp/report/src/codeql-pack.lock.yml index 514e6963d0..4edf97c6f8 100644 --- a/cpp/report/src/codeql-pack.lock.yml +++ b/cpp/report/src/codeql-pack.lock.yml @@ -2,13 +2,17 @@ lockVersion: 1.0.0 dependencies: codeql/cpp-all: - version: 0.9.3 + version: 0.12.2 codeql/dataflow: + version: 0.1.5 + codeql/rangeanalysis: version: 0.0.4 codeql/ssa: - version: 0.1.5 + version: 0.2.5 codeql/tutorial: - version: 0.1.5 + version: 0.2.5 + codeql/typetracking: + version: 0.2.5 codeql/util: - version: 0.1.5 + version: 0.2.5 compiled: false diff --git a/cpp/report/src/qlpack.yml b/cpp/report/src/qlpack.yml index 81f95392c9..f90669908d 100644 --- a/cpp/report/src/qlpack.yml +++ b/cpp/report/src/qlpack.yml @@ -2,4 +2,4 @@ name: codeql/report-cpp-coding-standards version: 2.36.0-dev license: MIT dependencies: - codeql/cpp-all: 0.9.3 + codeql/cpp-all: 0.12.2 diff --git a/scripts/generate_modules/queries/codeql-pack.lock.yml b/scripts/generate_modules/queries/codeql-pack.lock.yml index 514e6963d0..4edf97c6f8 100644 --- a/scripts/generate_modules/queries/codeql-pack.lock.yml +++ b/scripts/generate_modules/queries/codeql-pack.lock.yml @@ -2,13 +2,17 @@ lockVersion: 1.0.0 dependencies: codeql/cpp-all: - version: 0.9.3 + version: 0.12.2 codeql/dataflow: + version: 0.1.5 + codeql/rangeanalysis: version: 0.0.4 codeql/ssa: - version: 0.1.5 + version: 0.2.5 codeql/tutorial: - version: 0.1.5 + version: 0.2.5 + codeql/typetracking: + version: 0.2.5 codeql/util: - version: 0.1.5 + version: 0.2.5 compiled: false diff --git a/scripts/generate_modules/queries/qlpack.yml b/scripts/generate_modules/queries/qlpack.yml index 4f3768cd79..4ab2483c04 100644 --- a/scripts/generate_modules/queries/qlpack.yml +++ b/scripts/generate_modules/queries/qlpack.yml @@ -2,4 +2,4 @@ name: codeql/standard-library-extraction-cpp-coding-standards version: 0.0.0 license: MIT dependencies: - codeql/cpp-all: 0.9.3 + codeql/cpp-all: 0.12.2 diff --git a/supported_codeql_configs.json b/supported_codeql_configs.json index 227f41babd..a97c7d83d2 100644 --- a/supported_codeql_configs.json +++ b/supported_codeql_configs.json @@ -1,9 +1,9 @@ { "supported_environment": [ { - "codeql_cli": "2.14.6", - "codeql_standard_library": "codeql-cli/v2.14.6", - "codeql_cli_bundle": "codeql-bundle-v2.14.6" + "codeql_cli": "2.15.5", + "codeql_standard_library": "codeql-cli/v2.15.5", + "codeql_cli_bundle": "codeql-bundle-v2.15.5" } ], "supported_language": [ From c7d3c73855de9b5f71e3fb09bda4c0356ba11eca Mon Sep 17 00:00:00 2001 From: Luke Cartey Date: Fri, 4 Oct 2024 23:31:26 +0100 Subject: [PATCH 6/8] Fix query formatting issue In CodeQL CLI 2.15.5 it formats this line together. --- .../rules/RULE-10-1/OperandsOfAnInappropriateEssentialType.ql | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/c/misra/src/rules/RULE-10-1/OperandsOfAnInappropriateEssentialType.ql b/c/misra/src/rules/RULE-10-1/OperandsOfAnInappropriateEssentialType.ql index 2b435de94e..10b24b8c8a 100644 --- a/c/misra/src/rules/RULE-10-1/OperandsOfAnInappropriateEssentialType.ql +++ b/c/misra/src/rules/RULE-10-1/OperandsOfAnInappropriateEssentialType.ql @@ -178,8 +178,7 @@ predicate isInappropriateEssentialType( child = [ operator.(BinaryBitwiseOperation).getAnOperand(), - operator.(AssignBitwiseOperation).getAnOperand(), - operator.(ComplementExpr).getAnOperand() + operator.(AssignBitwiseOperation).getAnOperand(), operator.(ComplementExpr).getAnOperand() ] and not operator instanceof LShiftExpr and not operator instanceof RShiftExpr and From 4c17999deb60b01c81f82a704665eee2ddbcf4fd Mon Sep 17 00:00:00 2001 From: Luke Cartey Date: Mon, 7 Oct 2024 14:00:23 +0100 Subject: [PATCH 7/8] MEM53-CPP: Remove FP introduced by upgrade to 2.15.5 Flow through realloc was added in the standard library, so move to barrier instead of node filter --- cpp/cert/src/rules/MEM53-CPP/ManuallyManagedLifetime.qll | 9 ++++++--- ...ssingConstructorCallForManuallyManagedObject.expected | 4 ---- cpp/cert/test/rules/MEM53-CPP/test.cpp | 5 ++--- 3 files changed, 8 insertions(+), 10 deletions(-) diff --git a/cpp/cert/src/rules/MEM53-CPP/ManuallyManagedLifetime.qll b/cpp/cert/src/rules/MEM53-CPP/ManuallyManagedLifetime.qll index 358a3583fc..54fafc60d7 100644 --- a/cpp/cert/src/rules/MEM53-CPP/ManuallyManagedLifetime.qll +++ b/cpp/cert/src/rules/MEM53-CPP/ManuallyManagedLifetime.qll @@ -14,12 +14,15 @@ module AllocToStaticCastConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { exists(AllocationExpr ae | ae.getType().getUnspecifiedType() instanceof VoidPointerType and - source.asExpr() = ae and - // Ignore realloc, as that memory may already be partially constructed - not ae.(FunctionCall).getTarget().getName().toLowerCase().matches("%realloc%") + source.asExpr() = ae ) } + predicate isBarrier(DataFlow::Node sanitizer) { + // Ignore realloc, as that memory may already be partially constructed + sanitizer.asExpr().(FunctionCall).getTarget().getName().toLowerCase().matches("%realloc%") + } + predicate isSink(DataFlow::Node sink) { exists(StaticOrCStyleCast sc, Class nonTrivialClass | sc.getExpr() = sink.asExpr() and diff --git a/cpp/cert/test/rules/MEM53-CPP/MissingConstructorCallForManuallyManagedObject.expected b/cpp/cert/test/rules/MEM53-CPP/MissingConstructorCallForManuallyManagedObject.expected index e64315e044..12dcb2d8ff 100644 --- a/cpp/cert/test/rules/MEM53-CPP/MissingConstructorCallForManuallyManagedObject.expected +++ b/cpp/cert/test/rules/MEM53-CPP/MissingConstructorCallForManuallyManagedObject.expected @@ -1,5 +1,4 @@ edges -| test.cpp:65:21:65:34 | call to operator new | test.cpp:67:26:67:32 | call to realloc | nodes | test.cpp:16:26:16:31 | call to malloc | semmle.label | call to malloc | | test.cpp:17:38:17:43 | call to malloc | semmle.label | call to malloc | @@ -10,8 +9,6 @@ nodes | test.cpp:47:26:47:39 | call to operator new | semmle.label | call to operator new | | test.cpp:49:29:49:42 | call to operator new | semmle.label | call to operator new | | test.cpp:51:29:51:42 | call to operator new | semmle.label | call to operator new | -| test.cpp:65:21:65:34 | call to operator new | semmle.label | call to operator new | -| test.cpp:67:26:67:32 | call to realloc | semmle.label | call to realloc | subpaths #select | test.cpp:16:26:16:31 | call to malloc | test.cpp:16:26:16:31 | call to malloc | test.cpp:16:26:16:31 | call to malloc | Allocation to cast without constructor call | @@ -23,4 +20,3 @@ subpaths | test.cpp:47:26:47:39 | call to operator new | test.cpp:47:26:47:39 | call to operator new | test.cpp:47:26:47:39 | call to operator new | Allocation to cast without constructor call | | test.cpp:49:29:49:42 | call to operator new | test.cpp:49:29:49:42 | call to operator new | test.cpp:49:29:49:42 | call to operator new | Allocation to cast without constructor call | | test.cpp:51:29:51:42 | call to operator new | test.cpp:51:29:51:42 | call to operator new | test.cpp:51:29:51:42 | call to operator new | Allocation to cast without constructor call | -| test.cpp:67:26:67:32 | call to realloc | test.cpp:65:21:65:34 | call to operator new | test.cpp:67:26:67:32 | call to realloc | Allocation to cast without constructor call | diff --git a/cpp/cert/test/rules/MEM53-CPP/test.cpp b/cpp/cert/test/rules/MEM53-CPP/test.cpp index 82c0953a60..12c6d1ee56 100644 --- a/cpp/cert/test/rules/MEM53-CPP/test.cpp +++ b/cpp/cert/test/rules/MEM53-CPP/test.cpp @@ -63,7 +63,6 @@ void test_no_constructor_but_has_destructor() { void test_realloc() { void *goodAlloc = ::operator new(sizeof(ClassA)); - ClassA *a1 = new (goodAlloc) ClassA{1}; // COMPLIANT - ClassA *a2 = (ClassA *)realloc( - goodAlloc, sizeof(ClassA) * 2); // COMPLIANT [FALSE_POSITIVE] + ClassA *a1 = new (goodAlloc) ClassA{1}; // COMPLIANT + ClassA *a2 = (ClassA *)realloc(goodAlloc, sizeof(ClassA) * 2); // COMPLIANT } \ No newline at end of file From 12b1c4ee138fcbb56d35247702f0049f6d913c16 Mon Sep 17 00:00:00 2001 From: Luke Cartey Date: Mon, 7 Oct 2024 14:03:05 +0100 Subject: [PATCH 8/8] Add change note --- change_notes/2024-10-07-upgrade-to-2.15.5.md | 1 + 1 file changed, 1 insertion(+) create mode 100644 change_notes/2024-10-07-upgrade-to-2.15.5.md diff --git a/change_notes/2024-10-07-upgrade-to-2.15.5.md b/change_notes/2024-10-07-upgrade-to-2.15.5.md new file mode 100644 index 0000000000..d3d4151e78 --- /dev/null +++ b/change_notes/2024-10-07-upgrade-to-2.15.5.md @@ -0,0 +1 @@ +- Updated the CodeQL version to `2.15.5`. \ No newline at end of file