Merge branch 'main' into next

Author: jketema

.github/workflows/upgrade_codeql_dependencies.yml

@@ -7,51 +7,55 @@ on:
         description: |
           The version of the CodeQL CLI to be set as the default.
         required: true
-      codeql_standard_library_commit:
-        description: |
-          The tag or commit to use from the CodeQL Standard Library
-        required: true
 
 env:
   XARGS_MAX_PROCS: 4
 
 jobs:
-  say_hello:
+  upgrade_codeql_dependencies:
     env:
       CODEQL_CLI_VERSION: ${{ github.event.inputs.codeql_cli_version }}
-      CODEQL_LIB_COMMIT: ${{ github.event.inputs.codeql_standard_library_commit }}
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout
         uses: actions/checkout@v2
 
+      - name: Install Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: "3.9"
+
+      - name: Install upgrade-codeql-dependencies.py dependencies
+        run: pip install -r scripts/upgrade-codeql-dependencies/requirements.txt
+
       - name: Update the supported environment
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+          CODEQL_CLI_VERSION: ${{ github.event.inputs.codeql_cli_version }}
         run: |
-          jq \
-            --arg cli_version "$CODEQL_CLI_VERSION" \
-            --arg standard_library_commit "$CODEQL_LIB_COMMIT" \
-            --raw-output \
-            '.supported_environment | .[0] | .codeql_cli = $cli_version | .codeql_standard_library = $standard_library_commit' \
-            supported_codeql_configs.json
+          python3 scripts/upgrade-codeql-dependencies/upgrade-codeql-dependencies.py --cli-version "$CODEQL_CLI_VERSION"
 
       - name: Fetch CodeQL
         env:
           GITHUB_TOKEN: ${{ github.token }}
+          RUNNER_TEMP: ${{ runner.temp }}
         run: |
+          cd $RUNNER_TEMP
           gh release download "v${CODEQL_CLI_VERSION}" --repo https://github.com/github/codeql-cli-binaries --pattern codeql-linux64.zip
           unzip -q codeql-linux64.zip
 
       - name: Update CodeQL formatting based on new CLI version
+        env:
+          RUNNER_TEMP: ${{ runner.temp }}
         run: |
-          find cpp -name '*.ql' -or -name '*.qll' | xargs --max-procs "$XARGS_MAX_PROCS" --max-args 1 codeql/codeql query format --in-place
-          find c -name '*.ql' -or -name '*.qll' | xargs --max-procs "$XARGS_MAX_PROCS" --max-args 1 codeql/codeql query format --in-place
+          find cpp \( -name '*.ql' -or -name '*.qll' \) -print0 | xargs -0 --max-procs "$XARGS_MAX_PROCS" $RUNNER_TEMP/codeql/codeql query format --in-place
+          find c \( -name '*.ql' -or -name '*.qll' \) -print0 | xargs -0 --max-procs "$XARGS_MAX_PROCS" $RUNNER_TEMP/codeql/codeql query format --in-place
 
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v3
         with:
-          title: "Upgrading `github/codeql` dependency to ${{ github.event.inputs.codeql_standard_library_commit }}"
-          body: "This PR upgrades the CodeQL CLI version to ${{ github.event.inputs.codeql_cli_version }} and the `github/codeql` version to ${{ github.event.inputs.codeql_standard_library_commit }}."
-          commit-message: "Upgrading `github/codeql` dependency to ${{ github.event.inputs.codeql_standard_library_commit }}"
-          team-reviewers: github/codeql-coding-standards
+          title: "Upgrading `github/codeql` dependency to ${{ github.event.inputs.codeql_cli_version }}"
+          body: "This PR upgrades the CodeQL CLI version to ${{ github.event.inputs.codeql_cli_version }}."
+          commit-message: "Upgrading `github/codeql` dependency to ${{ github.event.inputs.codeql_cli_version }}"
           delete-branch: true
-          branch: "codeql/upgrade-to-${{ github.event.inputs.codeql_standard_library_commit }}-${{ github.event.inputs.codeql_cli_version }}"
+          branch: "codeql/upgrade-to-${{ github.event.inputs.codeql_cli_version }}"

.github/workflows/validate-coding-standards.yml

@@ -89,15 +89,15 @@ jobs:
 
       - name: Validate CodeQL Format (CPP)
         run: |
-          find cpp -name \*.ql -or -name \*.qll -print0 | xargs -0 --max-procs "$XARGS_MAX_PROCS" codeql query format --in-place
+          find cpp \( -name \*.ql -or -name \*.qll \) -print0 | xargs -0 --max-procs "$XARGS_MAX_PROCS" codeql query format --in-place
 
           git diff
           git diff --compact-summary
           git diff --quiet
 
       - name: Validate CodeQL Format (C)
         run: |
-          find c -name \*.ql -or -name \*.qll -print0 | xargs -0 --max-procs "$XARGS_MAX_PROCS" codeql query format --in-place
+          find c \( -name \*.ql -or -name \*.qll \) -print0 | xargs -0 --max-procs "$XARGS_MAX_PROCS" codeql query format --in-place
 
           git diff
           git diff --compact-summary

c/cert/src/codeql-pack.lock.yml

@@ -2,7 +2,13 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/cpp-all:
-    version: 0.4.6
+    version: 0.9.3
+  codeql/dataflow:
+    version: 0.0.4
   codeql/ssa:
-    version: 0.0.7
+    version: 0.1.5
+  codeql/tutorial:
+    version: 0.1.5
+  codeql/util:
+    version: 0.1.5
 compiled: false

c/cert/src/qlpack.yml

@@ -1,8 +1,8 @@
 name: codeql/cert-c-coding-standards
-version: 2.21.0-dev
+version: 2.22.0-dev
 description: CERT C 2016
 suites: codeql-suites
 license: MIT
 dependencies:
   codeql/common-c-coding-standards: '*'
-  codeql/cpp-all: 0.4.6
+  codeql/cpp-all: 0.9.3

c/cert/src/rules/ARR30-C/DoNotFormOutOfBoundsPointersOrArraySubscripts.ql

@@ -12,41 +12,42 @@
  *       external/cert/obligation/rule
  */
 
- import cpp
- import codingstandards.c.cert
- import codingstandards.c.OutOfBounds
- 
- from
-   OOB::BufferAccess ba, Expr bufferArg, Expr sizeArg, OOB::PointerToObjectSource bufferSource,
-   string message
- where
-   not isExcluded(ba, OutOfBoundsPackage::doNotFormOutOfBoundsPointersOrArraySubscriptsQuery()) and
-   // exclude loops
-   not exists(Loop loop | loop.getStmt().getChildStmt*() = ba.getEnclosingStmt()) and
-   // exclude size arguments that are of type ssize_t
-   not sizeArg.getAChild*().(VariableAccess).getTarget().getType() instanceof Ssize_t and
-   // exclude size arguments that are assigned the result of a function call e.g. ftell
-   not sizeArg.getAChild*().(VariableAccess).getTarget().getAnAssignedValue() instanceof FunctionCall and
-   // exclude field or array accesses for the size arguments
-   not sizeArg.getAChild*() instanceof FieldAccess and
-   not sizeArg.getAChild*() instanceof ArrayExpr and
-   (
-     exists(int sizeArgValue, int bufferArgSize |
-      OOB::isSizeArgGreaterThanBufferSize(bufferArg, sizeArg, bufferSource, bufferArgSize, sizeArgValue, ba) and
-       message =
-         "Buffer accesses offset " + sizeArgValue + 
-         " which is greater than the fixed size " + bufferArgSize + " of the $@."
-     )
-     or
-     exists(int sizeArgUpperBound, int sizeMult, int bufferArgSize |
-       OOB::isSizeArgNotCheckedLessThanFixedBufferSize(bufferArg, sizeArg, bufferSource,
-         bufferArgSize, ba, sizeArgUpperBound, sizeMult) and
-       message =
-         "Buffer may access up to offset " + sizeArgUpperBound + "*" + sizeMult +
-           " which is greater than the fixed size " + bufferArgSize + " of the $@."
-     )
-     or
-     OOB::isSizeArgNotCheckedGreaterThanZero(bufferArg, sizeArg, bufferSource, ba) and
-     message = "Buffer access may be to a negative index in the buffer."
-   )
- select ba, message, bufferSource, "buffer"
+import cpp
+import codingstandards.c.cert
+import codingstandards.c.OutOfBounds
+
+from
+  OOB::BufferAccess ba, Expr bufferArg, Expr sizeArg, OOB::PointerToObjectSource bufferSource,
+  string message
+where
+  not isExcluded(ba, OutOfBoundsPackage::doNotFormOutOfBoundsPointersOrArraySubscriptsQuery()) and
+  // exclude loops
+  not exists(Loop loop | loop.getStmt().getChildStmt*() = ba.getEnclosingStmt()) and
+  // exclude size arguments that are of type ssize_t
+  not sizeArg.getAChild*().(VariableAccess).getTarget().getType() instanceof Ssize_t and
+  // exclude size arguments that are assigned the result of a function call e.g. ftell
+  not sizeArg.getAChild*().(VariableAccess).getTarget().getAnAssignedValue() instanceof FunctionCall and
+  // exclude field or array accesses for the size arguments
+  not sizeArg.getAChild*() instanceof FieldAccess and
+  not sizeArg.getAChild*() instanceof ArrayExpr and
+  (
+    exists(int sizeArgValue, int bufferArgSize |
+      OOB::isSizeArgGreaterThanBufferSize(bufferArg, sizeArg, bufferSource, bufferArgSize,
+        sizeArgValue, ba) and
+      message =
+        "Buffer accesses offset " + sizeArgValue + " which is greater than the fixed size " +
+          bufferArgSize + " of the $@."
+    )
+    or
+    exists(int sizeArgUpperBound, int sizeMult, int bufferArgSize |
+      OOB::isSizeArgNotCheckedLessThanFixedBufferSize(bufferArg, sizeArg, bufferSource,
+        bufferArgSize, ba, sizeArgUpperBound, sizeMult) and
+      message =
+        "Buffer may access up to offset " + sizeArgUpperBound + "*" + sizeMult +
+          " which is greater than the fixed size " + bufferArgSize + " of the $@."
+    )
+    or
+    OOB::isSizeArgNotCheckedGreaterThanZero(bufferArg, sizeArg, bufferSource, ba) and
+    message = "Buffer access may be to a negative index in the buffer."
+  )
+select ba, message, bufferSource, "buffer"

c/cert/src/rules/ARR36-C/DoNotRelatePointersThatDoNotReferToTheSameArray.ql

@@ -15,7 +15,8 @@ import cpp
 import codingstandards.c.cert
 import codingstandards.cpp.rules.donotuserelationaloperatorswithdifferingarrays.DoNotUseRelationalOperatorsWithDifferingArrays
 
-class DoNotRelatePointersThatDoNotReferToTheSameArrayQuery extends DoNotUseRelationalOperatorsWithDifferingArraysSharedQuery {
+class DoNotRelatePointersThatDoNotReferToTheSameArrayQuery extends DoNotUseRelationalOperatorsWithDifferingArraysSharedQuery
+{
   DoNotRelatePointersThatDoNotReferToTheSameArrayQuery() {
     this = Memory2Package::doNotRelatePointersThatDoNotReferToTheSameArrayQuery()
   }

c/cert/src/rules/ARR36-C/DoNotSubtractPointersThatDoNotReferToTheSameArray.ql

@@ -15,7 +15,8 @@ import cpp
 import codingstandards.c.cert
 import codingstandards.cpp.rules.donotsubtractpointersaddressingdifferentarrays.DoNotSubtractPointersAddressingDifferentArrays
 
-class DoNotSubtractPointersThatDoNotReferToTheSameArrayQuery extends DoNotSubtractPointersAddressingDifferentArraysSharedQuery {
+class DoNotSubtractPointersThatDoNotReferToTheSameArrayQuery extends DoNotSubtractPointersAddressingDifferentArraysSharedQuery
+{
   DoNotSubtractPointersThatDoNotReferToTheSameArrayQuery() {
     this = Memory2Package::doNotSubtractPointersThatDoNotReferToTheSameArrayQuery()
   }

c/cert/src/rules/ARR37-C/DoNotUsePointerArithmeticOnNonArrayObjectPointers.ql

@@ -13,7 +13,7 @@
 
 import cpp
 import codingstandards.c.cert
-import semmle.code.cpp.dataflow.DataFlow
+import codingstandards.cpp.dataflow.DataFlow
 import DataFlow::PathGraph
 
 /**

c/cert/src/rules/ARR38-C/LibraryFunctionArgumentOutOfBounds.ql

@@ -22,4 +22,4 @@ from
 where
   not isExcluded(fc, OutOfBoundsPackage::libraryFunctionArgumentOutOfBoundsQuery()) and
   OOB::problems(fc, message, bufferArg, bufferArgStr, sizeOrOtherBufferArg, otherStr)
-select fc, message, bufferArg, bufferArgStr, sizeOrOtherBufferArg, otherStr
+select fc, message, bufferArg, bufferArgStr, sizeOrOtherBufferArg, otherStr

c/cert/src/rules/ARR39-C/DoNotAddOrSubtractAScaledIntegerToAPointer.ql

@@ -14,7 +14,7 @@
 import cpp
 import codingstandards.c.cert
 import codingstandards.c.Pointers
-import semmle.code.cpp.dataflow.TaintTracking
+import codingstandards.cpp.dataflow.TaintTracking
 import DataFlow::PathGraph
 
 /**

c/cert/src/rules/CON30-C/CleanUpThreadSpecificStorage.ql

@@ -15,8 +15,8 @@
 import cpp
 import codingstandards.c.cert
 import codingstandards.cpp.Concurrency
-import semmle.code.cpp.dataflow.TaintTracking
-import semmle.code.cpp.dataflow.DataFlow
+import codingstandards.cpp.dataflow.TaintTracking
+import codingstandards.cpp.dataflow.DataFlow
 
 class TssCreateToTssDeleteDataFlowConfiguration extends DataFlow::Configuration {
   TssCreateToTssDeleteDataFlowConfiguration() { this = "TssCreateToTssDeleteDataFlowConfiguration" }

c/cert/src/rules/CON31-C/DoNotAllowAMutexToGoOutOfScopeWhileLocked.ql

@@ -16,7 +16,8 @@ import cpp
 import codingstandards.c.cert
 import codingstandards.cpp.rules.donotallowamutextogooutofscopewhilelocked.DoNotAllowAMutexToGoOutOfScopeWhileLocked
 
-class DoNotAllowAMutexToGoOutOfScopeWhileLockedQuery extends DoNotAllowAMutexToGoOutOfScopeWhileLockedSharedQuery {
+class DoNotAllowAMutexToGoOutOfScopeWhileLockedQuery extends DoNotAllowAMutexToGoOutOfScopeWhileLockedSharedQuery
+{
   DoNotAllowAMutexToGoOutOfScopeWhileLockedQuery() {
     this = Concurrency3Package::doNotAllowAMutexToGoOutOfScopeWhileLockedQuery()
   }

c/cert/src/rules/CON33-C/RaceConditionsWhenUsingLibraryFunctions.ql

@@ -24,5 +24,5 @@ where
       "setlocale", "atomic_init", "ATOMIC_VAR_INIT", "tmpnam", "mbrtoc16", "c16rtomb", "mbrtoc32",
       "c32rtomb"
     ]
-select node,
-  "Concurrent call to non-reeantrant function $@.", node.(FunctionCall).getTarget(), node.(FunctionCall).getTarget().getName()
+select node, "Concurrent call to non-reeantrant function $@.", node.(FunctionCall).getTarget(),
+  node.(FunctionCall).getTarget().getName()

c/cert/src/rules/CON34-C/AppropriateThreadObjectStorageDurations.ql

@@ -15,8 +15,8 @@
 import cpp
 import codingstandards.c.cert
 import codingstandards.cpp.Concurrency
-import semmle.code.cpp.dataflow.TaintTracking
-import semmle.code.cpp.dataflow.DataFlow
+import codingstandards.cpp.dataflow.TaintTracking
+import codingstandards.cpp.dataflow.DataFlow
 import semmle.code.cpp.commons.Alloc
 
 from C11ThreadCreateCall tcc, StackVariable sv, Expr arg, Expr acc

c/cert/src/rules/CON34-C/ThreadObjectStorageDurationsNotInitialized.ql

@@ -16,8 +16,8 @@
 import cpp
 import codingstandards.c.cert
 import codingstandards.cpp.Concurrency
-import semmle.code.cpp.dataflow.TaintTracking
-import semmle.code.cpp.dataflow.DataFlow
+import codingstandards.cpp.dataflow.TaintTracking
+import codingstandards.cpp.dataflow.DataFlow
 
 from TSSGetFunctionCall tsg, ThreadedFunction tf
 where

c/cert/src/rules/CON35-C/DeadlockByLockingInPredefinedOrder.ql

@@ -16,7 +16,8 @@ import cpp
 import codingstandards.c.cert
 import codingstandards.cpp.rules.preventdeadlockbylockinginpredefinedorder.PreventDeadlockByLockingInPredefinedOrder
 
-class DeadlockByLockingInPredefinedOrderQuery extends PreventDeadlockByLockingInPredefinedOrderSharedQuery {
+class DeadlockByLockingInPredefinedOrderQuery extends PreventDeadlockByLockingInPredefinedOrderSharedQuery
+{
   DeadlockByLockingInPredefinedOrderQuery() {
     this = Concurrency2Package::deadlockByLockingInPredefinedOrderQuery()
   }

c/cert/src/rules/CON37-C/DoNotCallSignalInMultithreadedProgram.ql

@@ -24,5 +24,4 @@ where
   not isExcluded(fc, Concurrency1Package::doNotCallSignalInMultithreadedProgramQuery()) and
   fc.getTarget().getName() = "signal" and
   exists(ThreadedFunction f)
-select fc,
-  "Call to `signal()` in multithreaded programs."
+select fc, "Call to `signal()` in multithreaded programs."

c/cert/src/rules/CON38-C/PreserveSafetyWhenUsingConditionVariables.ql

@@ -16,7 +16,8 @@ import cpp
 import codingstandards.c.cert
 import codingstandards.cpp.rules.preservesafetywhenusingconditionvariables.PreserveSafetyWhenUsingConditionVariables
 
-class PreserveSafetyWhenUsingConditionVariablesQuery extends PreserveSafetyWhenUsingConditionVariablesSharedQuery {
+class PreserveSafetyWhenUsingConditionVariablesQuery extends PreserveSafetyWhenUsingConditionVariablesSharedQuery
+{
   PreserveSafetyWhenUsingConditionVariablesQuery() {
     this = Concurrency3Package::preserveSafetyWhenUsingConditionVariablesQuery()
   }

c/cert/src/rules/CON41-C/WrapFunctionsThatCanFailSpuriouslyInLoop.ql

@@ -12,18 +12,16 @@
  *       external/cert/obligation/rule
  */
 
- import cpp
- import codingstandards.c.cert
- import codingstandards.cpp.Concurrency
- 
+import cpp
+import codingstandards.c.cert
+import codingstandards.cpp.Concurrency
 
- from AtomicCompareExchange ace
- where
-   not isExcluded(ace, Concurrency3Package::wrapFunctionsThatCanFailSpuriouslyInLoopQuery()) and
-   (
-    forex(StmtParent sp | sp = ace.getStmt() | not sp.(Stmt).getParentStmt*() instanceof Loop) or
-    forex(Expr e | e = ace.getExpr() | not e.getEnclosingStmt().getParentStmt*()
-    instanceof Loop)
-   )
- select ace, "Function that can spuriously fail not wrapped in a loop."
- 
+from AtomicCompareExchange ace
+where
+  not isExcluded(ace, Concurrency3Package::wrapFunctionsThatCanFailSpuriouslyInLoopQuery()) and
+  (
+    forex(StmtParent sp | sp = ace.getStmt() | not sp.(Stmt).getParentStmt*() instanceof Loop)
+    or
+    forex(Expr e | e = ace.getExpr() | not e.getEnclosingStmt().getParentStmt*() instanceof Loop)
+  )
+select ace, "Function that can spuriously fail not wrapped in a loop."

c/cert/src/rules/DCL30-C/AppropriateStorageDurationsFunctionReturn.ql

@@ -13,7 +13,7 @@
 
 import cpp
 import codingstandards.c.cert
-import semmle.code.cpp.dataflow.DataFlow
+import codingstandards.cpp.dataflow.DataFlow
 
 class Source extends StackVariable {
   Source() { not this instanceof Parameter }

c/cert/src/rules/DCL30-C/AppropriateStorageDurationsStackAdressEscape.ql

@@ -15,7 +15,8 @@ import cpp
 import codingstandards.c.cert
 import codingstandards.cpp.rules.donotcopyaddressofautostorageobjecttootherobject.DoNotCopyAddressOfAutoStorageObjectToOtherObject
 
-class AppropriateStorageDurationsStackAdressEscapeQuery extends DoNotCopyAddressOfAutoStorageObjectToOtherObjectSharedQuery {
+class AppropriateStorageDurationsStackAdressEscapeQuery extends DoNotCopyAddressOfAutoStorageObjectToOtherObjectSharedQuery
+{
   AppropriateStorageDurationsStackAdressEscapeQuery() {
     this = Declarations8Package::appropriateStorageDurationsStackAdressEscapeQuery()
   }

c/cert/src/rules/DCL39-C/InformationLeakageAcrossTrustBoundariesC.ql

@@ -15,7 +15,8 @@ import cpp
 import codingstandards.c.cert
 import codingstandards.cpp.rules.informationleakageacrossboundaries.InformationLeakageAcrossBoundaries
 
-class InformationLeakageAcrossTrustBoundariesCQuery extends InformationLeakageAcrossBoundariesSharedQuery {
+class InformationLeakageAcrossTrustBoundariesCQuery extends InformationLeakageAcrossBoundariesSharedQuery
+{
   InformationLeakageAcrossTrustBoundariesCQuery() {
     this = Declarations7Package::informationLeakageAcrossTrustBoundariesCQuery()
   }

c/cert/src/rules/ENV34-C/DoNotStorePointersReturnedByEnvironmentFunWarn.ql

@@ -16,7 +16,8 @@ import cpp
 import codingstandards.c.cert
 import codingstandards.cpp.rules.invalidatedenvstringpointerswarn.InvalidatedEnvStringPointersWarn
 
-class DoNotStorePointersReturnedByEnvironmentFunWarnQuery extends InvalidatedEnvStringPointersWarnSharedQuery {
+class DoNotStorePointersReturnedByEnvironmentFunWarnQuery extends InvalidatedEnvStringPointersWarnSharedQuery
+{
   DoNotStorePointersReturnedByEnvironmentFunWarnQuery() {
     this = Contracts2Package::doNotStorePointersReturnedByEnvironmentFunWarnQuery()
   }