Merge pull request #19 from jketema/update-to-2.9.4

jketema · web-flow · commit 6b7c906cf63a · 2022-07-18T17:41:10.000+02:00
Update to CodeQL 2.9.4
diff --git a/c/cert/src/codeql-pack.lock.yml b/c/cert/src/codeql-pack.lock.yml
@@ -1,6 +1,6 @@
 ---
 dependencies:
   codeql/cpp-all:
-    version: 0.0.13
+    version: 0.2.3
 compiled: false
 lockVersion: 1.0.0
diff --git a/c/cert/src/qlpack.yml b/c/cert/src/qlpack.yml
@@ -3,4 +3,4 @@ version: 2.6.0-dev
 suites: codeql-suites
 dependencies:
   codeql/common-c-coding-standards: '*'
-  codeql/cpp-all: 0.0.13
+  codeql/cpp-all: 0.2.3
diff --git a/c/cert/test/codeql-pack.lock.yml b/c/cert/test/codeql-pack.lock.yml
@@ -1,6 +1,6 @@
 ---
 dependencies:
   codeql/cpp-all:
-    version: 0.0.13
+    version: 0.2.3
 compiled: false
 lockVersion: 1.0.0
diff --git a/c/common/src/codeql-pack.lock.yml b/c/common/src/codeql-pack.lock.yml
@@ -1,6 +1,6 @@
 ---
 dependencies:
   codeql/cpp-all:
-    version: 0.0.13
+    version: 0.2.3
 compiled: false
 lockVersion: 1.0.0
diff --git a/c/common/src/qlpack.yml b/c/common/src/qlpack.yml
@@ -2,4 +2,4 @@ name: codeql/common-c-coding-standards
 version: 2.6.0-dev
 dependencies:
   codeql/common-cpp-coding-standards: '*'
-  codeql/cpp-all: 0.0.13
+  codeql/cpp-all: 0.2.3
diff --git a/c/common/test/codeql-pack.lock.yml b/c/common/test/codeql-pack.lock.yml
@@ -1,6 +1,6 @@
 ---
 dependencies:
   codeql/cpp-all:
-    version: 0.0.13
+    version: 0.2.3
 compiled: false
 lockVersion: 1.0.0
diff --git a/c/misra/src/codeql-pack.lock.yml b/c/misra/src/codeql-pack.lock.yml
@@ -1,6 +1,6 @@
 ---
 dependencies:
   codeql/cpp-all:
-    version: 0.0.13
+    version: 0.2.3
 compiled: false
 lockVersion: 1.0.0
diff --git a/c/misra/src/qlpack.yml b/c/misra/src/qlpack.yml
@@ -3,4 +3,4 @@ version: 2.6.0-dev
 suites: codeql-suites
 dependencies:
   codeql/common-c-coding-standards: '*'
-  codeql/cpp-all: 0.0.13
+  codeql/cpp-all: 0.2.3
diff --git a/c/misra/test/codeql-pack.lock.yml b/c/misra/test/codeql-pack.lock.yml
@@ -1,6 +1,6 @@
 ---
 dependencies:
   codeql/cpp-all:
-    version: 0.0.13
+    version: 0.2.3
 compiled: false
 lockVersion: 1.0.0
diff --git a/change_notes/2022-05-04-compiler-generated-fp-M0-1-4.md b/change_notes/2022-05-04-compiler-generated-fp-M0-1-4.md
@@ -0,0 +1,3 @@
+ - `M0-1-4` - `SingleUsePODVariable.ql`
+   - This rule no longer considers compiler-generated access to a variable when determining if the
+     variable has a single use.
diff --git a/change_notes/2022-06-01-fix-A8-5-3-braced-initialization-detection.md b/change_notes/2022-06-01-fix-A8-5-3-braced-initialization-detection.md
@@ -0,0 +1,3 @@
+- `A8-5-3` - `AvoidAutoWithBracedInitialization.ql`:
+  - Fix regression where `auto x{0}` was no longer detected as a braced initialization with type `auto` with the latest CodeQL versions.
+  - No longer falsely detect cases where braced initialization was not used, but where the inferred type would be `std::initializer_list`.
diff --git a/change_notes/2022-07-15-fix-A7-3-1-location-reporting.md b/change_notes/2022-07-15-fix-A7-3-1-location-reporting.md
@@ -0,0 +1,2 @@
+- `A7-3-1` - `DefinitionNotConsideredForUnqualifiedLookup.ql`
+  - The locations reported for names occurring in using-declarations has improved in the latest CodeQL versions.
diff --git a/codeql_modules/codeql b/codeql_modules/codeql
@@ -1 +1 @@
-Subproject commit 4551af90f61a8d5f5c1c88a036595b5919a6c98e
+Subproject commit 28fe7a76603ab7ef884ca35115b63104ecb699a7
diff --git a/cpp/autosar/src/codeql-pack.lock.yml b/cpp/autosar/src/codeql-pack.lock.yml
@@ -1,6 +1,6 @@
 ---
 dependencies:
   codeql/cpp-all:
-    version: 0.0.13
+    version: 0.2.3
 compiled: false
 lockVersion: 1.0.0
diff --git a/cpp/autosar/src/qlpack.yml b/cpp/autosar/src/qlpack.yml
@@ -3,4 +3,4 @@ version: 2.6.0-dev
 suites: codeql-suites
 dependencies:
   codeql/common-cpp-coding-standards: '*'
-  codeql/cpp-all: 0.0.13
+  codeql/cpp-all: 0.2.3
diff --git a/cpp/autosar/src/rules/A8-5-3/AvoidAutoWithBracedInitialization.ql b/cpp/autosar/src/rules/A8-5-3/AvoidAutoWithBracedInitialization.ql
@@ -21,5 +21,5 @@ from Variable v
 where
   not isExcluded(v, InitializationPackage::avoidAutoWithBracedInitializationQuery()) and
   v.getTypeWithAuto().getUnspecifiedType() instanceof AutoType and
-  v.getType().getUnspecifiedType().(Class).hasQualifiedName("std", "initializer_list")
+  v.getInitializer().isBraced()
 select v, "Variable " + v.getName() + " of type auto uses braced initialization."
diff --git a/cpp/autosar/src/rules/M0-1-4/SingleUsePODVariable.qll b/cpp/autosar/src/rules/M0-1-4/SingleUsePODVariable.qll
@@ -10,8 +10,9 @@ int getUseCount(Variable v) {
     // We enforce that it's a POD type variable, so if it has an initializer it is explicit
     (if v.hasInitializer() then initializers = 1 else initializers = 0) and
     result =
-      initializers + count(v.getAnAccess()) +
-        count(UserProvidedConstructorFieldInit cfi | cfi.getTarget() = v)
+      initializers +
+        count(VariableAccess access | access = v.getAnAccess() and not access.isCompilerGenerated())
+        + count(UserProvidedConstructorFieldInit cfi | cfi.getTarget() = v)
   )
 }
 
@@ -23,7 +24,9 @@ Element getSingleUse(Variable v) {
     or
     result = any(UserProvidedConstructorFieldInit cfi | cfi.getTarget() = v)
     or
-    result = v.getAnAccess()
+    exists(VariableAccess access |
+      access = v.getAnAccess() and not access.isCompilerGenerated() and result = access
+    )
   )
 }
 
diff --git a/cpp/autosar/test/codeql-pack.lock.yml b/cpp/autosar/test/codeql-pack.lock.yml
@@ -1,6 +1,6 @@
 ---
 dependencies:
   codeql/cpp-all:
-    version: 0.0.13
+    version: 0.2.3
 compiled: false
 lockVersion: 1.0.0
diff --git a/cpp/autosar/test/rules/A7-3-1/DefinitionNotConsideredForUnqualifiedLookup.expected b/cpp/autosar/test/rules/A7-3-1/DefinitionNotConsideredForUnqualifiedLookup.expected
@@ -1 +1 @@
-| test.cpp:42:6:42:7 | declaration of f1 | Definition for 'f1' is not available for unqualified lookup because it is declared after $@ | test.cpp:39:1:39:13 | using f1 | using-declaration |
+| test.cpp:42:6:42:7 | declaration of f1 | Definition for 'f1' is not available for unqualified lookup because it is declared after $@ | test.cpp:39:12:39:13 | using f1 | using-declaration |
diff --git a/cpp/autosar/test/rules/A8-5-3/test.cpp b/cpp/autosar/test/rules/A8-5-3/test.cpp
@@ -1,11 +1,12 @@
 #include <initializer_list>
 
 void test() {
-  auto a1(1);       // COMPLIANT
-  auto a2{1};       // NON_COMPLIANT
-  auto a3 = 1;      // COMPLIANT
-  auto a4 = {1};    // NON_COMPLIANT
-  int a5 = {1};     // COMPLIANT
-  const auto a6(1); // COMPLIANT
-  const auto a7{1}; // NON_COMPLIANT
+  auto a1(1);                             // COMPLIANT
+  auto a2{1};                             // NON_COMPLIANT
+  auto a3 = 1;                            // COMPLIANT
+  auto a4 = {1};                          // NON_COMPLIANT
+  int a5 = {1};                           // COMPLIANT
+  const auto a6(1);                       // COMPLIANT
+  const auto a7{1};                       // NON_COMPLIANT
+  auto a8 = std::initializer_list<int>(); // COMPLIANT
 }
diff --git a/cpp/cert/src/codeql-pack.lock.yml b/cpp/cert/src/codeql-pack.lock.yml
@@ -1,6 +1,6 @@
 ---
 dependencies:
   codeql/cpp-all:
-    version: 0.0.13
+    version: 0.2.3
 compiled: false
 lockVersion: 1.0.0
diff --git a/cpp/cert/src/qlpack.yml b/cpp/cert/src/qlpack.yml
@@ -2,5 +2,5 @@ name: codeql/cert-cpp-coding-standards
 version: 2.6.0-dev
 suites: codeql-suites
 dependencies:
-  codeql/cpp-all: 0.0.13
+  codeql/cpp-all: 0.2.3
   codeql/common-cpp-coding-standards: '*'
diff --git a/cpp/cert/test/codeql-pack.lock.yml b/cpp/cert/test/codeql-pack.lock.yml
@@ -1,6 +1,6 @@
 ---
 dependencies:
   codeql/cpp-all:
-    version: 0.0.13
+    version: 0.2.3
 compiled: false
 lockVersion: 1.0.0
diff --git a/cpp/common/src/codeql-pack.lock.yml b/cpp/common/src/codeql-pack.lock.yml
@@ -1,6 +1,6 @@
 ---
 dependencies:
   codeql/cpp-all:
-    version: 0.0.13
+    version: 0.2.3
 compiled: false
 lockVersion: 1.0.0
diff --git a/cpp/common/src/qlpack.yml b/cpp/common/src/qlpack.yml
@@ -1,4 +1,4 @@
 name: codeql/common-cpp-coding-standards
 version: 2.6.0-dev
 dependencies:
-  codeql/cpp-all: 0.0.13
+  codeql/cpp-all: 0.2.3
diff --git a/cpp/common/test/codeql-pack.lock.yml b/cpp/common/test/codeql-pack.lock.yml
@@ -1,6 +1,6 @@
 ---
 dependencies:
   codeql/cpp-all:
-    version: 0.0.13
+    version: 0.2.3
 compiled: false
 lockVersion: 1.0.0
diff --git a/cpp/misra/src/codeql-pack.lock.yml b/cpp/misra/src/codeql-pack.lock.yml
@@ -1,6 +1,6 @@
 ---
 dependencies:
   codeql/cpp-all:
-    version: 0.0.13
+    version: 0.2.3
 compiled: false
 lockVersion: 1.0.0
diff --git a/cpp/misra/src/qlpack.yml b/cpp/misra/src/qlpack.yml
@@ -2,4 +2,4 @@ name: codeql/misra-cpp-coding-standards
 version: 2.6.0-dev
 dependencies:
   codeql/common-cpp-coding-standards: '*'
-  codeql/cpp-all: 0.0.13
+  codeql/cpp-all: 0.2.3
diff --git a/cpp/misra/test/codeql-pack.lock.yml b/cpp/misra/test/codeql-pack.lock.yml
@@ -1,6 +1,6 @@
 ---
 dependencies:
   codeql/cpp-all:
-    version: 0.0.13
+    version: 0.2.3
 compiled: false
 lockVersion: 1.0.0
diff --git a/cpp/report/src/codeql-pack.lock.yml b/cpp/report/src/codeql-pack.lock.yml
@@ -1,6 +1,6 @@
 ---
 dependencies:
   codeql/cpp-all:
-    version: 0.0.13
+    version: 0.2.3
 compiled: false
 lockVersion: 1.0.0
diff --git a/cpp/report/src/qlpack.yml b/cpp/report/src/qlpack.yml
@@ -1,4 +1,4 @@
 name: codeql/report-cpp-coding-standards
 version: 2.6.0-dev
 dependencies:
-  codeql/cpp-all: 0.0.13
+  codeql/cpp-all: 0.2.3
diff --git a/supported_codeql_configs.json b/supported_codeql_configs.json
@@ -1,9 +1,9 @@
 {
   "supported_environment": [
     {
-      "codeql_cli": "2.8.5",
-      "codeql_standard_library": "codeql-cli/v2.8.5",
-      "codeql_cli_bundle": "codeql-bundle-20220401"
+      "codeql_cli": "2.9.4",
+      "codeql_standard_library": "codeql-cli/v2.9.4",
+      "codeql_cli_bundle": "codeql-bundle-20220615"
     }
   ], 
   "supported_language" : [

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	+ - `M0-1-4` - `SingleUsePODVariable.ql`
	`2`	`+ - This rule no longer considers compiler-generated access to a variable when determining if the`
	`3`	`+ variable has a single use.`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	+- `A8-5-3` - `AvoidAutoWithBracedInitialization.ql`:
	`2`	+ - Fix regression where `auto x{0}` was no longer detected as a braced initialization with type `auto` with the latest CodeQL versions.
	`3`	+ - No longer falsely detect cases where braced initialization was not used, but where the inferred type would be `std::initializer_list`.
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	+- `A7-3-1` - `DefinitionNotConsideredForUnqualifiedLookup.ql`
	`2`	`+ - The locations reported for names occurring in using-declarations has improved in the latest CodeQL versions.`
Original file line number	Diff line number	Diff line change
`@@ -10,8 +10,9 @@ int getUseCount(Variable v) {`
`10`	`10`	`// We enforce that it's a POD type variable, so if it has an initializer it is explicit`
`11`	`11`	`(if v.hasInitializer() then initializers = 1 else initializers = 0) and`
`12`	`12`	`result =`
`13`		`- initializers + count(v.getAnAccess()) +`
`14`		`- count(UserProvidedConstructorFieldInit cfi \| cfi.getTarget() = v)`
	`13`	`+ initializers +`
	`14`	`+ count(VariableAccess access \| access = v.getAnAccess() and not access.isCompilerGenerated())`
	`15`	`+ + count(UserProvidedConstructorFieldInit cfi \| cfi.getTarget() = v)`
`15`	`16`	`)`
`16`	`17`	`}`
`17`	`18`
`@@ -23,7 +24,9 @@ Element getSingleUse(Variable v) {`
`23`	`24`	`or`
`24`	`25`	`result = any(UserProvidedConstructorFieldInit cfi \| cfi.getTarget() = v)`
`25`	`26`	`or`
`26`		`- result = v.getAnAccess()`
	`27`	`+ exists(VariableAccess access \|`
	`28`	`+ access = v.getAnAccess() and not access.isCompilerGenerated() and result = access`
	`29`	`+ )`
`27`	`30`	`)`
`28`	`31`	`}`
`29`	`32`
Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-\| test.cpp:42:6:42:7 \| declaration of f1 \| Definition for 'f1' is not available for unqualified lookup because it is declared after $@ \| test.cpp:39:1:39:13 \| using f1 \| using-declaration \|`
	`1`	`+\| test.cpp:42:6:42:7 \| declaration of f1 \| Definition for 'f1' is not available for unqualified lookup because it is declared after $@ \| test.cpp:39:12:39:13 \| using f1 \| using-declaration \|`
Original file line number	Diff line number	Diff line change
`@@ -1,9 +1,9 @@`
`1`	`1`	`{`
`2`	`2`	`"supported_environment": [`
`3`	`3`	`{`
`4`		`- "codeql_cli": "2.8.5",`
`5`		`- "codeql_standard_library": "codeql-cli/v2.8.5",`
`6`		`- "codeql_cli_bundle": "codeql-bundle-20220401"`
	`4`	`+ "codeql_cli": "2.9.4",`
	`5`	`+ "codeql_standard_library": "codeql-cli/v2.9.4",`
	`6`	`+ "codeql_cli_bundle": "codeql-bundle-20220615"`
`7`	`7`	`}`
`8`	`8`	`],`
`9`	`9`	`"supported_language" : [`