Merge branch 'main' into lcartey/fix-range-based-for-loops

Author: lcartey

README.md

@@ -1,5 +1,5 @@
 name: codeql/cert-c-coding-standards
-version: 2.18.0-dev
+version: 2.19.0-dev
 description: CERT C 2016
 suites: codeql-suites
 license: MIT

c/cert/src/qlpack.yml

@@ -13,7 +13,7 @@
 import cpp
 import codingstandards.c.cert
 import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis
-import semmle.code.cpp.ir.internal.ASTValueNumbering
+import semmle.code.cpp.valuenumbering.GlobalValueNumbering
 import semmle.code.cpp.controlflow.Guards
 
 /*

c/cert/src/rules/INT34-C/ExprShiftedbyNegativeOrGreaterPrecisionOperand.ql

@@ -16,7 +16,6 @@
 import cpp
 import codingstandards.c.cert
 import semmle.code.cpp.dataflow.TaintTracking
-import semmle.code.cpp.dataflow.internal.TaintTrackingUtil
 import codingstandards.cpp.PossiblyUnsafeStringOperation
 
 /**

c/cert/src/rules/STR31-C/StringsHasSufficientSpaceForTheNullTerminator.ql

@@ -16,7 +16,6 @@ import cpp
 import codingstandards.c.cert
 import codingstandards.cpp.Naming
 import semmle.code.cpp.dataflow.TaintTracking
-import semmle.code.cpp.dataflow.internal.TaintTrackingUtil
 import codingstandards.cpp.PossiblyUnsafeStringOperation
 
 /**

c/cert/src/rules/STR32-C/NonNullTerminatedToFunctionThatExpectsAString.ql

@@ -1,5 +1,5 @@
 name: codeql/cert-c-coding-standards-tests
-version: 2.18.0-dev
+version: 2.19.0-dev
 extractor: cpp
 license: MIT
 dependencies:

c/cert/test/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/common-c-coding-standards
-version: 2.18.0-dev
+version: 2.19.0-dev
 license: MIT
 dependencies:
   codeql/common-cpp-coding-standards: '*'

c/common/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/common-c-coding-standards-tests
-version: 2.18.0-dev
+version: 2.19.0-dev
 extractor: cpp
 license: MIT
 dependencies:

c/common/test/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/misra-c-coding-standards
-version: 2.18.0-dev
+version: 2.19.0-dev
 description: MISRA C 2012
 suites: codeql-suites
 license: MIT

c/misra/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/misra-c-coding-standards-tests
-version: 2.18.0-dev
+version: 2.19.0-dev
 extractor: cpp
 license: MIT
 dependencies:

c/misra/test/qlpack.yml

@@ -1,4 +1,4 @@
-- description: AUTOSAR C++14 Guidelines 20-11 (Advisory)
+- description: AUTOSAR C++14 Guidelines R22-11, R21-11, R20-11, R19-11 and R19-03 (Advisory)
 - qlpack: codeql/autosar-cpp-coding-standards
 - include:
     kind:

change_notes/2023-04-28-dcl56-cpp-perf.md

@@ -1,4 +1,4 @@
-- description: AUTOSAR C++14 Guidelines 20-11 (Audit)
+- description: AUTOSAR C++14 Guidelines R22-11, R21-11, R20-11, R19-11 and R19-03 (Audit)
 - qlpack: codeql/autosar-cpp-coding-standards
 - include:
     kind:

change_notes/2023-05-02-func-c-style.md

@@ -1,4 +1,4 @@
-- description: AUTOSAR C++14 Guidelines 20-11 (Default)
+- description: AUTOSAR C++14 Guidelines R22-11, R21-11, R20-11, R19-11 and R19-03 (Default)
 - qlpack: codeql/autosar-cpp-coding-standards
 - include:
     kind:

change_notes/2023-05-02-single-reserved-prefix-generated.md

@@ -1,4 +1,4 @@
-- description: AUTOSAR C++14 Guidelines 20-11 (Required)
+- description: AUTOSAR C++14 Guidelines R22-11, R21-11, R20-11, R19-11 and R19-03 (Required)
 - qlpack: codeql/autosar-cpp-coding-standards
 - include:
     kind:

change_notes/2023-05-22-pass-compiler-tests-qcc.md

@@ -1,4 +1,4 @@
-- description: AUTOSAR C++14 Guidelines 20-11 (Single Translation Unit)
+- description: AUTOSAR C++14 Guidelines R22-11, R21-11, R20-11, R19-11 and R19-03 (Single Translation Unit)
 - qlpack: codeql/autosar-cpp-coding-standards
 - include:
     kind:

cpp/autosar/src/codeql-suites/autosar-advisory.qls

@@ -1,6 +1,6 @@
 name: codeql/autosar-cpp-coding-standards
-version: 2.18.0-dev
-description: AUTOSAR C++14 Guidelines 20-11
+version: 2.19.0-dev
+description: AUTOSAR C++14 Guidelines R22-11, R21-11, R20-11, R19-11 and R19-03
 suites: codeql-suites
 license: MIT
 dependencies:

cpp/autosar/src/codeql-suites/autosar-audit.qls

@@ -21,7 +21,7 @@ import codingstandards.cpp.autosar
 import codingstandards.cpp.TypeUses
 
 class NumericLimits extends Class {
-  NumericLimits() { this.hasQualifiedName("std", "numeric_limits") }
+  NumericLimits() { this.hasQualifiedName("std", ["numeric_limits", "__libcpp_numeric_limits"]) }
 
   /**
    * Gets the template argument specified for this type.

cpp/autosar/src/codeql-suites/autosar-default.qls

@@ -20,8 +20,14 @@ from File f, string flag
 where
   not isExcluded(f, ToolchainPackage::compilerImplementationShallComplyWithCPP14StandardQuery()) and
   exists(Compilation c | f = c.getAFileCompiled() |
-    c.getAnArgument() = flag and flag.regexpMatch("-std=(?!c\\+\\+14)[\\w+]+")
-  )
+    flag =
+      max(string std, int index |
+        c.getArgument(index) = std and std.matches("-std=%")
+      |
+        std order by index
+      )
+  ) and
+  flag != "-std=c++14"
 select f,
   "File '" + f.getBaseName() + "' compiled with flag '" + flag +
     "' which does not strictly comply with ISO C++14."

cpp/autosar/src/codeql-suites/autosar-required.qls

@@ -14,11 +14,10 @@
 
 import cpp
 import codingstandards.cpp.autosar
-import codingstandards.cpp.TypeUses
 
-from Class c, Locatable l
+from TypeMention l, Class c
 where
   not isExcluded(l, ToolchainPackage::strstreamTypesAreDeprecatedQuery()) and
   c.hasQualifiedName("std", ["strstreambuf", "ostrstream", "istrstream"]) and
-  exists(Type t | t = c | l = getATypeUse(t))
-select l, "Use of <strstream> class '" + c.getQualifiedName() + "' is deprecated."
+  l.getMentionedType() = c
+select l, "Use of <strstream> class '" + c.getName() + "' is deprecated."

cpp/autosar/src/codeql-suites/autosar-single-translation-unit.qls

@@ -26,7 +26,7 @@ where
     c.getAnArgument() = flag and
     flag =
       [
-        "-Ofast", "-ffast-math", "-fgnu-keywords", "-fno-signed-zeroes", "-fno-signed-zeros", "-menable-unsafe-fp-math",
+        "-Ofast", "-ffast-math", "-fgnu-keywords", "-fno-signed-zeros", "-menable-unsafe-fp-math",
         "-menable-no-nans", "-menable-no-infs", "-menable-unsafe-fp-math", "-ffinite-math-only",
         "-ffloat-store"
       ]

cpp/autosar/src/qlpack.yml

@@ -22,24 +22,6 @@ import codingstandards.cpp.exceptions.ThirdPartyExceptions
 import codingstandards.cpp.standardlibrary.Exceptions
 import codingstandards.cpp.EncapsulatingFunctions
 
-/** A `TryStmt` which covers the full body of a function. */
-class FullFunctionBodyTryStmt extends TryStmt {
-  FullFunctionBodyTryStmt() {
-    this instanceof FunctionTryStmt
-    or
-    exists(Function f, BlockStmt functionBlock |
-      functionBlock = f.getBlock() and
-      this = functionBlock.getStmt(0) and
-      (
-        functionBlock.getNumStmt() = 1
-        or
-        functionBlock.getNumStmt() = 2 and
-        functionBlock.getStmt(1) instanceof ReturnStmt
-      )
-    )
-  }
-}
-
 /*
  * The strategy for this query is to find a Stmt in the root BlockStmt which can throw one of the
  * ExceptionTypes that should be handled.

cpp/autosar/src/rules/A0-4-1/FloatingPointImplementationShallComplyWithIeeeStandard.ql

@@ -17,6 +17,7 @@
 import cpp
 import codingstandards.cpp.autosar
 import codingstandards.cpp.Naming
+import codingstandards.cpp.StdNamespace
 
 FunctionCall nonCompliantCStdlibCalls(File f) {
   result =
@@ -55,7 +56,7 @@ FunctionCall nonCompliantCStdlibCalls(File f) {
               nq = fc.getNameQualifier() and
               (
                 nq.getQualifyingElement() instanceof GlobalNamespace or
-                nq.getQualifyingElement() instanceof StdNamespace
+                nq.getQualifyingElement() instanceof StdNS
               )
             )
           )

cpp/autosar/src/rules/A0-4-3/CompilerImplementationShallComplyWithCPP14Standard.ql

@@ -30,5 +30,7 @@ class StaticConstExprArrayDataMember extends MemberVariable {
 from Variable v
 where
   not isExcluded(v, BannedSyntaxPackage::cStyleArraysUsedQuery()) and
-  exists(ArrayType a | v.getType() = a | not v instanceof StaticConstExprArrayDataMember)
+  exists(ArrayType a | v.getType() = a | not v instanceof StaticConstExprArrayDataMember) and
+  // Exclude the compiler generated __func__ as it is the only way to access the function name information
+  not v.getName() = "__func__"
 select v, "Variable " + v.getName() + " declares a c-style array."

cpp/autosar/src/rules/A1-1-1/StrstreamTypesAreDeprecated.ql

@@ -17,9 +17,10 @@
 
 import cpp
 import codingstandards.cpp.autosar
+import codingstandards.cpp.StdNamespace
 
 predicate isVectorBool(ClassTemplateInstantiation c) {
-  c.getNamespace() instanceof StdNamespace and
+  c.getNamespace() instanceof StdNS and
   c.getTemplateArgument(0) instanceof BoolType and
   c.getSimpleName() = "vector"
 }

cpp/autosar/src/rules/A1-1-3/UncompliantOptimizationOptionMustBeDisabledInCompiler.ql

@@ -15,9 +15,10 @@
 
 import cpp
 import codingstandards.cpp.autosar
+import codingstandards.cpp.StdNamespace
 
 predicate isAutoPtr(ClassTemplateInstantiation c) {
-  c.getNamespace() instanceof StdNamespace and
+  c.getNamespace() instanceof StdNS and
   c.getSimpleName() = "auto_ptr"
 }
 

cpp/autosar/src/rules/A15-3-3/MissingCatchHandlerInMain.ql

@@ -15,13 +15,15 @@
 
 import cpp
 import codingstandards.cpp.autosar
+import codingstandards.cpp.StdNamespace
 
 predicate isBind(FunctionCall fc) {
-  fc.getTarget().getQualifiedName() in ["std::bind", "std::bind1st", "std::bind2nd"]
+  fc.getTarget().getNamespace() instanceof StdNS and
+  fc.getTarget().getName() in ["bind", "bind1st", "bind2nd"]
 }
 
 from FunctionCall fc
 where
   isBind(fc) and
   not isExcluded(fc, BannedFunctionsPackage::bindUsedQuery())
-select fc, "Prefer lambdas to using " + fc.getTarget().getQualifiedName() + "."
+select fc, "Prefer lambdas to using `" + fc.getTarget().getName() + "`."

cpp/autosar/src/rules/A17-1-1/CStandardLibraryFunctionCalls.ql

@@ -26,12 +26,14 @@ predicate isUsingWideCharType(ClassTemplateInstantiation c) {
 
 from Variable v
 where
-  v.getUnderlyingType() instanceof WideCharType and
-  not v.isFromTemplateInstantiation(_)
-  or
-  exists(ClassTemplateInstantiation c |
-    c = v.getType() and
-    isUsingWideCharType(c)
-  ) and
-  not isExcluded(v, BannedTypesPackage::typeWcharTUsedQuery())
+  not isExcluded(v, BannedTypesPackage::typeWcharTUsedQuery()) and
+  (
+    v.getUnderlyingType() instanceof WideCharType and
+    not v.isFromTemplateInstantiation(_)
+    or
+    exists(ClassTemplateInstantiation c |
+      c = v.getType() and
+      isUsingWideCharType(c)
+    )
+  )
 select v, "Use of wchar_t type."

cpp/autosar/src/rules/A18-1-1/CStyleArraysUsed.ql

@@ -36,5 +36,6 @@ where
     e = any(FunctionCall fc).getArgument(_) and
     e.getUnspecifiedType().(PointerType).getBaseType*() instanceof CharType
   ) and
-  DataFlow::localFlow(DataFlow::exprNode(cs), DataFlow::exprNode(e))
+  DataFlow::localFlow(DataFlow::exprNode(cs), DataFlow::exprNode(e)) and
+  not cs = any(LocalVariable lv | lv.getName() = "__func__").getInitializer().getExpr()
 select cs, "Usage of C-style string in $@.", e, "expression"

cpp/autosar/src/rules/A18-1-2/VectorboolSpecializationUsed.ql

@@ -19,11 +19,6 @@
 import cpp
 import codingstandards.cpp.autosar
 
-// for readability we define a "fundamental" type
-class FundamentalType extends Type {
-  FundamentalType() { this instanceof BuiltInType }
-}
-
 from Variable v
 where
   not isExcluded(v,

cpp/autosar/src/rules/A18-1-3/AutoPtrTypeUsed.ql

@@ -50,6 +50,7 @@ OutputValue getAnOutputValue(Function f) {
 
 from Function f, int outputValues
 where
+  not isExcluded(f, FunctionsPackage::functionReturnMultipleValueConditionQuery()) and
   not f.isCompilerGenerated() and
   not f.isAffectedByMacro() and
   not f.isFromUninstantiatedTemplate(_) and

cpp/autosar/src/rules/A18-9-1/BindUsed.ql

@@ -15,17 +15,10 @@
 
 import cpp
 import codingstandards.cpp.autosar
+import codingstandards.cpp.rules.donotusesetjmporlongjmpshared.DoNotUseSetjmpOrLongjmpShared
 
-predicate isLongJumpCall(FunctionCall fc) { fc.getTarget().hasGlobalOrStdName("longjmp") }
-
-predicate isSetJumpCall(MacroInvocation mi) { mi.getMacroName() = "setjmp" }
-
-from Element jmp, string callType
-where
-  not isExcluded(jmp, BannedFunctionsPackage::setjmpMacroAndTheLongjmpFunctionUsedQuery()) and
-  (
-    isLongJumpCall(jmp) and callType = "longjmp function"
-    or
-    isSetJumpCall(jmp) and callType = "setjmp macro"
-  )
-select jmp, "Use of banned " + callType + "."
+class SetjmpMacroAndTheLongjmpFunctionUsedQuery extends DoNotUseSetjmpOrLongjmpSharedSharedQuery {
+  SetjmpMacroAndTheLongjmpFunctionUsedQuery() {
+    this = BannedFunctionsPackage::setjmpMacroAndTheLongjmpFunctionUsedQuery()
+  }
+}

cpp/autosar/src/rules/A2-13-3/TypeWcharTUsed.ql

@@ -1,5 +1,5 @@
 name: codeql/autosar-cpp-coding-standards-tests
-version: 2.18.0-dev
+version: 2.19.0-dev
 extractor: cpp
 license: MIT
 dependencies:

cpp/autosar/src/rules/A27-0-4/CStyleStringsUsed.ql

@@ -0,0 +1,8 @@
+#include <limits>
+
+void test() {
+  float f; // COMPLIANT
+
+  double d;       // COMPLIANT
+  long double ld; // COMPLIANT
+}

cpp/autosar/src/rules/A7-1-5/AutoSpecifierNotUsedAppropriatelyInVariableDefinition.ql

@@ -0,0 +1,8 @@
+#include <limits>
+
+void test() {
+  float f; // COMPLIANT
+
+  double d;       // COMPLIANT
+  long double ld; // COMPLIANT
+}