Merge pull request #810 from github/codeql/upgrade-to-2.18.4

Upgrade `github/codeql` dependency to 2.18.4

Author: knewbury01

Diff for: c/cert/src/codeql-pack.lock.yml

@@ -2,17 +2,23 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/cpp-all:
-    version: 0.12.9
+    version: 1.4.2
   codeql/dataflow:
-    version: 0.2.3
+    version: 1.1.1
+  codeql/mad:
+    version: 1.0.7
   codeql/rangeanalysis:
-    version: 0.0.11
+    version: 1.0.7
   codeql/ssa:
-    version: 0.2.12
+    version: 1.0.7
   codeql/tutorial:
-    version: 0.2.12
+    version: 1.0.7
+  codeql/typeflow:
+    version: 1.0.7
   codeql/typetracking:
-    version: 0.2.12
+    version: 1.0.7
   codeql/util:
-    version: 0.2.12
+    version: 1.0.7
+  codeql/xml:
+    version: 1.0.7
 compiled: false

Diff for: c/cert/src/qlpack.yml

@@ -5,4 +5,4 @@ suites: codeql-suites
 license: MIT
 dependencies:
   codeql/common-c-coding-standards: '*'
-  codeql/cpp-all: 0.12.9
+  codeql/cpp-all: 1.4.2

Diff for: c/cert/src/rules/ARR37-C/DoNotUsePointerArithmeticOnNonArrayObjectPointers.ql

@@ -13,7 +13,7 @@
 
 import cpp
 import codingstandards.c.cert
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.DataFlow
 import NonArrayPointerToArrayIndexingExprFlow::PathGraph
 
 /**

Diff for: c/cert/src/rules/ARR39-C/DoNotAddOrSubtractAScaledIntegerToAPointer.ql

@@ -14,7 +14,7 @@
 import cpp
 import codingstandards.c.cert
 import codingstandards.cpp.Pointers
-import codingstandards.cpp.dataflow.TaintTracking
+import semmle.code.cpp.dataflow.TaintTracking
 import ScaledIntegerPointerArithmeticFlow::PathGraph
 
 /**

Diff for: c/cert/src/rules/CON30-C/CleanUpThreadSpecificStorage.ql

@@ -15,8 +15,8 @@
 import cpp
 import codingstandards.c.cert
 import codingstandards.cpp.Concurrency
-import codingstandards.cpp.dataflow.TaintTracking
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.TaintTracking
+import semmle.code.cpp.dataflow.DataFlow
 
 module TssCreateToTssDeleteConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node node) {

Diff for: c/cert/src/rules/CON34-C/AppropriateThreadObjectStorageDurations.ql

@@ -15,8 +15,8 @@
 import cpp
 import codingstandards.c.cert
 import codingstandards.cpp.Concurrency
-import codingstandards.cpp.dataflow.TaintTracking
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.TaintTracking
+import semmle.code.cpp.dataflow.DataFlow
 import semmle.code.cpp.commons.Alloc
 
 from C11ThreadCreateCall tcc, StackVariable sv, Expr arg, Expr acc

Diff for: c/cert/src/rules/CON34-C/ThreadObjectStorageDurationsNotInitialized.ql

@@ -16,8 +16,8 @@
 import cpp
 import codingstandards.c.cert
 import codingstandards.cpp.Concurrency
-import codingstandards.cpp.dataflow.TaintTracking
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.TaintTracking
+import semmle.code.cpp.dataflow.DataFlow
 
 from TSSGetFunctionCall tsg, ThreadedFunction tf
 where

Diff for: c/cert/src/rules/DCL30-C/AppropriateStorageDurationsFunctionReturn.ql

@@ -13,7 +13,7 @@
 
 import cpp
 import codingstandards.c.cert
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.DataFlow
 
 class Source extends StackVariable {
   Source() { not this instanceof Parameter }

Diff for: c/cert/src/rules/ERR30-C/FunctionCallBeforeErrnoCheck.ql

@@ -14,7 +14,7 @@
 import cpp
 import codingstandards.c.cert
 import codingstandards.c.Errno
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.DataFlow
 
 /**
  * A call to an `OutOfBandErrnoSettingFunction`

Diff for: c/cert/src/rules/EXP30-C/DependenceOnOrderOfFunctionArgumentsForSideEffects.ql

@@ -14,8 +14,8 @@
 import cpp
 import codingstandards.c.cert
 import codingstandards.cpp.SideEffect
-import codingstandards.cpp.dataflow.DataFlow
-import codingstandards.cpp.dataflow.TaintTracking
+import semmle.code.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.TaintTracking
 import semmle.code.cpp.valuenumbering.GlobalValueNumbering
 
 /** Holds if the function's return value is derived from the `AliasParamter` p. */

Diff for: c/cert/src/rules/EXP36-C/DoNotCastPointerToMoreStrictlyAlignedPointerType.ql

@@ -14,7 +14,7 @@
 import cpp
 import codingstandards.c.cert
 import codingstandards.cpp.Alignment
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.DataFlow
 import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis
 import ExprWithAlignmentToCStyleCastFlow::PathGraph
 

Diff for: c/cert/src/rules/EXP37-C/DoNotCallFunctionPointerWithIncompatibleType.ql

@@ -13,7 +13,7 @@
 
 import cpp
 import codingstandards.c.cert
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.DataFlow
 import SuspectFunctionPointerToCallFlow::PathGraph
 
 /**

Diff for: c/cert/src/rules/EXP39-C/DoNotAccessVariableViaPointerOfIncompatibleType.ql

@@ -13,7 +13,7 @@
 
 import cpp
 import codingstandards.c.cert
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.DataFlow
 import semmle.code.cpp.controlflow.Dominance
 import IndirectCastFlow::PathGraph
 

Diff for: c/cert/src/rules/EXP40-C/DoNotModifyConstantObjects.ql

@@ -12,7 +12,7 @@
 
 import cpp
 import codingstandards.c.cert
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.DataFlow
 import CastFlow::PathGraph
 import codingstandards.cpp.SideEffect
 

Diff for: c/cert/src/rules/EXP43-C/RestrictPointerReferencesOverlappingObject.ql

@@ -11,7 +11,7 @@
  */
 
 import cpp
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.DataFlow
 import semmle.code.cpp.controlflow.Dominance
 import codingstandards.c.cert
 import codingstandards.cpp.Variable

Diff for: c/cert/src/rules/FIO37-C/SuccessfulFgetsOrFgetwsMayReturnAnEmptyString.ql

@@ -14,7 +14,7 @@ import cpp
 import codingstandards.c.cert
 import codingstandards.cpp.FgetsErrorManagement
 import codingstandards.cpp.Dereferenced
-import codingstandards.cpp.dataflow.TaintTracking
+import semmle.code.cpp.dataflow.TaintTracking
 
 /*
  * CFG nodes that follows a successful call to `fgets`

Diff for: c/cert/src/rules/FIO44-C/OnlyUseValuesForFsetposThatAreReturnedFromFgetpos.ql

@@ -12,7 +12,7 @@
 
 import cpp
 import codingstandards.c.cert
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.DataFlow
 
 class FgetposCall extends FunctionCall {
   FgetposCall() { this.getTarget().hasGlobalOrStdName("fgetpos") }

Diff for: c/cert/src/rules/FIO45-C/ToctouRaceConditionsWhileAccessingFiles.ql

@@ -14,7 +14,7 @@
 import cpp
 import codingstandards.c.cert
 import codingstandards.cpp.standardlibrary.FileAccess
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.DataFlow
 import semmle.code.cpp.valuenumbering.GlobalValueNumbering
 
 /**

Diff for: c/cert/src/rules/MEM35-C/InsufficientMemoryAllocatedForObject.ql

@@ -16,7 +16,7 @@ import cpp
 import codingstandards.c.cert
 import codingstandards.cpp.Overflow
 import semmle.code.cpp.controlflow.Guards
-import codingstandards.cpp.dataflow.TaintTracking
+import semmle.code.cpp.dataflow.TaintTracking
 import semmle.code.cpp.models.Models
 
 /**

Diff for: c/cert/src/rules/MEM36-C/DoNotModifyAlignmentOfMemoryWithRealloc.ql

@@ -15,7 +15,7 @@
 import cpp
 import codingstandards.c.cert
 import codingstandards.cpp.Alignment
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.DataFlow
 import AlignedAllocToReallocFlow::PathGraph
 
 int getStatedValue(Expr e) {

Diff for: c/cert/src/rules/MSC33-C/DoNotPassInvalidDataToTheAsctimeFunction.ql

@@ -14,7 +14,7 @@
 
 import cpp
 import codingstandards.c.cert
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.DataFlow
 
 /**
  * The argument of a call to `asctime`

Diff for: c/cert/src/rules/MSC39-C/DoNotCallVaArgOnAVaListThatHasAnIndeterminateValue.ql

@@ -13,7 +13,7 @@
 import cpp
 import codingstandards.c.cert
 import codingstandards.cpp.Macro
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.DataFlow
 
 abstract class VaAccess extends Expr { }
 

Diff for: c/cert/src/rules/SIG30-C/CallOnlyAsyncSafeFunctionsWithinSignalHandlers.ql

@@ -14,7 +14,7 @@
 import cpp
 import codingstandards.c.cert
 import codingstandards.c.Signal
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.DataFlow
 
 /**
  * Does not access an external variable except

Diff for: c/cert/src/rules/SIG35-C/DoNotReturnFromAComputationalExceptionHandler.ql

@@ -14,7 +14,7 @@
 import cpp
 import codingstandards.c.cert
 import codingstandards.c.Signal
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.DataFlow
 
 /**
  * CFG nodes preceeding a `ReturnStmt`

Diff for: c/cert/src/rules/STR30-C/DoNotAttemptToModifyStringLiterals.ql

@@ -14,7 +14,7 @@
 import cpp
 import codingstandards.c.cert
 import semmle.code.cpp.security.BufferWrite
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.DataFlow
 
 /**
  * Class that includes into `BufferWrite` functions that will modify their

Diff for: c/cert/src/rules/STR31-C/StringsHasSufficientSpaceForTheNullTerminator.ql

@@ -15,7 +15,7 @@
 
 import cpp
 import codingstandards.c.cert
-import codingstandards.cpp.dataflow.TaintTracking
+import semmle.code.cpp.dataflow.TaintTracking
 import codingstandards.cpp.PossiblyUnsafeStringOperation
 
 /**

Diff for: c/cert/src/rules/STR32-C/NonNullTerminatedToFunctionThatExpectsAString.ql

@@ -15,7 +15,7 @@
 import cpp
 import codingstandards.c.cert
 import codingstandards.cpp.Naming
-import codingstandards.cpp.dataflow.TaintTracking
+import semmle.code.cpp.dataflow.TaintTracking
 import codingstandards.cpp.PossiblyUnsafeStringOperation
 import semmle.code.cpp.valuenumbering.GlobalValueNumbering
 

Diff for: c/cert/test/codeql-pack.lock.yml

@@ -2,17 +2,23 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/cpp-all:
-    version: 0.12.9
+    version: 1.4.2
   codeql/dataflow:
-    version: 0.2.3
+    version: 1.1.1
+  codeql/mad:
+    version: 1.0.7
   codeql/rangeanalysis:
-    version: 0.0.11
+    version: 1.0.7
   codeql/ssa:
-    version: 0.2.12
+    version: 1.0.7
   codeql/tutorial:
-    version: 0.2.12
+    version: 1.0.7
+  codeql/typeflow:
+    version: 1.0.7
   codeql/typetracking:
-    version: 0.2.12
+    version: 1.0.7
   codeql/util:
-    version: 0.2.12
+    version: 1.0.7
+  codeql/xml:
+    version: 1.0.7
 compiled: false

Diff for: c/cert/test/rules/ARR32-C/VariableLengthArraySizeNotInValidRange.expected

@@ -1,3 +1,5 @@
+WARNING: module 'DataFlow' has been deprecated and may be removed in future (VariableLengthArraySizeNotInValidRange.ql:104,11-19)
+WARNING: module 'TaintTracking' has been deprecated and may be removed in future (VariableLengthArraySizeNotInValidRange.ql:87,5-18)
 | test.c:14:8:14:8 | VLA declaration | Variable-length array dimension size may be in an invalid range. |
 | test.c:15:8:15:8 | VLA declaration | Variable-length array dimension size may be in an invalid range. |
 | test.c:16:8:16:8 | VLA declaration | Variable-length array dimension size may be in an invalid range. |

Diff for: c/cert/test/rules/ARR37-C/DoNotUsePointerArithmeticOnNonArrayObjectPointers.expected

@@ -1,3 +1,8 @@
+WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotUsePointerArithmeticOnNonArrayObjectPointers.ql:23,60-68)
+WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotUsePointerArithmeticOnNonArrayObjectPointers.ql:24,22-30)
+WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotUsePointerArithmeticOnNonArrayObjectPointers.ql:36,20-28)
+WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotUsePointerArithmeticOnNonArrayObjectPointers.ql:44,26-34)
+WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotUsePointerArithmeticOnNonArrayObjectPointers.ql:65,3-11)
 edges
 | test.c:14:38:14:39 | p1 | test.c:18:10:18:11 | v1 | provenance |  |
 | test.c:14:38:14:39 | p1 | test.c:19:10:19:11 | v2 | provenance |  |

Diff for: c/cert/test/rules/ARR39-C/DoNotAddOrSubtractAScaledIntegerToAPointer.expected

@@ -1,3 +1,7 @@
+WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotAddOrSubtractAScaledIntegerToAPointer.ql:72,56-64)
+WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotAddOrSubtractAScaledIntegerToAPointer.ql:73,22-30)
+WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotAddOrSubtractAScaledIntegerToAPointer.ql:75,20-28)
+WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotAddOrSubtractAScaledIntegerToAPointer.ql:84,45-53)
 edges
 | test.c:7:13:7:14 | p1 | test.c:9:9:9:10 | p1 | provenance |  |
 | test.c:16:19:16:41 | ... - ... | test.c:18:26:18:31 | offset | provenance |  |

Diff for: c/cert/test/rules/CON30-C/CleanUpThreadSpecificStorage.expected

@@ -1,3 +1,9 @@
+WARNING: module 'DataFlow' has been deprecated and may be removed in future (CleanUpThreadSpecificStorage.ql:21,46-54)
+WARNING: module 'DataFlow' has been deprecated and may be removed in future (CleanUpThreadSpecificStorage.ql:22,22-30)
+WARNING: module 'DataFlow' has been deprecated and may be removed in future (CleanUpThreadSpecificStorage.ql:31,20-28)
+WARNING: module 'DataFlow' has been deprecated and may be removed in future (CleanUpThreadSpecificStorage.ql:41,35-43)
+WARNING: module 'DataFlow' has been deprecated and may be removed in future (CleanUpThreadSpecificStorage.ql:49,36-44)
+WARNING: module 'DataFlow' has been deprecated and may be removed in future (CleanUpThreadSpecificStorage.ql:51,36-44)
 | test.c:27:3:27:12 | call to tss_create | Resources used by thread specific storage may not be cleaned up. |
 | test.c:49:3:49:12 | call to tss_create | Resources used by thread specific storage may not be cleaned up. |
 | test.c:71:3:71:12 | call to tss_create | Resources used by thread specific storage may not be cleaned up. |

Diff for: c/cert/test/rules/CON34-C/AppropriateThreadObjectStorageDurations.expected

@@ -1,3 +1,11 @@
+WARNING: module 'DataFlow' has been deprecated and may be removed in future (AppropriateThreadObjectStorageDurations.ql:28,29-37)
+WARNING: module 'DataFlow' has been deprecated and may be removed in future (AppropriateThreadObjectStorageDurations.ql:28,54-62)
+WARNING: module 'DataFlow' has been deprecated and may be removed in future (AppropriateThreadObjectStorageDurations.ql:35,62-70)
+WARNING: module 'DataFlow' has been deprecated and may be removed in future (AppropriateThreadObjectStorageDurations.ql:40,5-13)
+WARNING: module 'DataFlow' has been deprecated and may be removed in future (AppropriateThreadObjectStorageDurations.ql:40,30-38)
+WARNING: module 'DataFlow' has been deprecated and may be removed in future (AppropriateThreadObjectStorageDurations.ql:41,5-13)
+WARNING: module 'DataFlow' has been deprecated and may be removed in future (AppropriateThreadObjectStorageDurations.ql:41,30-38)
+WARNING: module 'TaintTracking' has been deprecated and may be removed in future (AppropriateThreadObjectStorageDurations.ql:28,3-16)
 | test.c:23:3:23:13 | call to thrd_create | $@ not declared with appropriate storage duration | test.c:23:24:23:29 | & ... | Shared object |
 | test.c:74:3:74:13 | call to thrd_create | $@ not declared with appropriate storage duration | test.c:74:24:74:24 | p | Shared object |
 | test.c:85:3:85:13 | call to thrd_create | $@ not declared with appropriate storage duration | test.c:85:24:85:24 | p | Shared object |

Diff for: c/cert/test/rules/CON34-C/ThreadObjectStorageDurationsNotInitialized.expected

@@ -1 +1,6 @@
+WARNING: module 'DataFlow' has been deprecated and may be removed in future (ThreadObjectStorageDurationsNotInitialized.ql:28,38-46)
+WARNING: module 'DataFlow' has been deprecated and may be removed in future (ThreadObjectStorageDurationsNotInitialized.ql:31,5-13)
+WARNING: module 'DataFlow' has been deprecated and may be removed in future (ThreadObjectStorageDurationsNotInitialized.ql:31,30-38)
+WARNING: module 'DataFlow' has been deprecated and may be removed in future (ThreadObjectStorageDurationsNotInitialized.ql:32,5-13)
+WARNING: module 'DataFlow' has been deprecated and may be removed in future (ThreadObjectStorageDurationsNotInitialized.ql:32,30-38)
 | test.c:14:7:14:13 | call to tss_get | Call to a thread specific storage function from within a threaded context on an object that may not be owned by this thread. |

Diff for: c/cert/test/rules/DCL30-C/AppropriateStorageDurationsFunctionReturn.expected

@@ -1,2 +1,7 @@
+WARNING: module 'DataFlow' has been deprecated and may be removed in future (AppropriateStorageDurationsFunctionReturn.ql:22,20-28)
+WARNING: module 'DataFlow' has been deprecated and may be removed in future (AppropriateStorageDurationsFunctionReturn.ql:26,31-39)
+WARNING: module 'DataFlow' has been deprecated and may be removed in future (AppropriateStorageDurationsFunctionReturn.ql:39,6-14)
+WARNING: module 'DataFlow' has been deprecated and may be removed in future (AppropriateStorageDurationsFunctionReturn.ql:39,26-34)
+WARNING: module 'DataFlow' has been deprecated and may be removed in future (AppropriateStorageDurationsFunctionReturn.ql:45,3-11)
 | test.c:3:10:3:10 | a | $@ with automatic storage may be accessible outside of its lifetime. | test.c:3:10:3:10 | a | a |
 | test.c:15:4:15:8 | param [inner post update] | $@ with automatic storage may be accessible outside of its lifetime. | test.c:15:12:15:13 | a2 | a2 |

Diff for: c/cert/test/rules/ERR30-C/ErrnoReadBeforeReturn.expected

@@ -1,3 +1,4 @@
+WARNING: module 'DataFlow' has been deprecated and may be removed in future (ErrnoReadBeforeReturn.ql:40,7-15)
 | test.c:69:7:69:11 | * ... | Do not read `errno` before checking the return value of function $@. | test.c:68:3:68:7 | call to ftell | call to ftell |
 | test.c:69:7:69:11 | call to __errno_location | Do not read `errno` before checking the return value of function $@. | test.c:68:3:68:7 | call to ftell | call to ftell |
 | test.c:70:5:70:10 | call to perror | Do not read `errno` before checking the return value of function $@. | test.c:68:3:68:7 | call to ftell | call to ftell |

Diff for: c/cert/test/rules/ERR30-C/SetlocaleMightSetErrno.expected

@@ -1,2 +1,3 @@
+WARNING: module 'DataFlow' has been deprecated and may be removed in future (SetlocaleMightSetErrno.ql:64,7-15)
 | test.c:98:3:98:11 | call to setlocale | Do not read `errno` before checking the return value of a call to `setlocale`. |
 | test.c:104:7:104:15 | call to setlocale | The value of `errno` may be different than `0` when `setlocale` is called. The following `errno` check might be invalid. |

Diff for: c/cert/test/rules/ERR32-C/DoNotRelyOnIndeterminateValuesOfErrno.expected

@@ -1,3 +1,7 @@
+WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotRelyOnIndeterminateValuesOfErrno.ql:50,7-15)
+WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotRelyOnIndeterminateValuesOfErrno.ql:50,27-35)
+WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotRelyOnIndeterminateValuesOfErrno.ql:51,9-17)
+WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotRelyOnIndeterminateValuesOfErrno.ql:54,9-17)
 | test.c:12:5:12:10 | call to perror | `errno` has indeterminate value after this $@. | test.c:10:21:10:26 | call to signal | call to signal |
 | test.c:30:5:30:10 | call to perror | `errno` has indeterminate value after this $@. | test.c:26:21:26:26 | call to signal | call to signal |
 | test.c:49:5:49:10 | call to perror | `errno` has indeterminate value after this $@. | test.c:45:21:45:26 | call to signal | call to signal |

Diff for: c/cert/test/rules/ERR33-C/DetectAndHandleStandardLibraryErrors.expected

@@ -1,3 +1,4 @@
+WARNING: module 'DataFlow' has been deprecated and may be removed in future (DetectAndHandleStandardLibraryErrors.ql:453,5-13)
 | test.c:18:3:18:11 | call to setlocale | Missing error detection for the call to function `setlocale`. |
 | test.c:24:23:24:31 | call to setlocale | Missing error detection for the call to function `setlocale`. |
 | test.c:29:22:29:27 | call to calloc | Missing error detection for the call to function `calloc`. |