Skip to content

M5-0-20: Exclude pointer assign operators #389

New issue
New issue
Closed
#390
Closed
M5-0-20: Exclude pointer assign operators#389
#390
Assignees
lcartey
Labels
Difficulty-LowA false positive or false negative report which is expected to take <1 day effort to addressImpact-Mediumfalse positive/false negativeAn issue related to observed false positives or false negatives.user-reportIssue reported by an end user of CodeQL Coding Standards
@lcartey

Description

@lcartey
lcartey
opened on Oct 4, 2023

Affected rules

  • M5-0-20
  • M5-0-21
  • RULE-10-1

Description

In the database we (slightly surprisingly) consider pointer assignment to be a bitwise expression:
https://github.com/github/codeql/blob/f7ca8e5b396ce5fb8bcc52c003905529766ec6d2/cpp/ql/lib/semmlecode.cpp.dbscheme#L1319-L1325

Example

void test_add(char *val) {
  int add = 2;
  val += add; // COMPLIANT[FALSE_POSITIVE]
}

Metadata

Metadata

Assignees

Labels

Difficulty-LowA false positive or false negative report which is expected to take <1 day effort to addressImpact-Mediumfalse positive/false negativeAn issue related to observed false positives or false negatives.user-reportIssue reported by an end user of CodeQL Coding Standards

Type

No type

Projects

Coding Standards Public Development Board

Status

Done

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions