Merge remote-tracking branch 'origin/main' into michaelrfairhurst/implement-concurrency8-package

Author: MichaelRFairhurst

.github/workflows/code-scanning-pack-gen.yml

@@ -80,6 +80,8 @@ jobs:
 
       - name: Checkout external help files
         id: checkout-external-help-files
+        # PRs from forks and dependabot do not have access to an appropriate token for cloning the help files repos
+        if: ${{ !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]' }}
         uses: actions/checkout@v4
         with:
           ssh-key: ${{ secrets.CODEQL_CODING_STANDARDS_HELP_KEY }}
@@ -88,7 +90,7 @@ jobs:
           path: external-help-files
 
       - name: Include external help files
-        if: steps.checkout-external-help-files.outcome == 'success'
+        if: ${{ !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]'&& steps.checkout-external-help-files.outcome == 'success' }}
         run: |
           pushd external-help-files
           find . -name '*.md' -exec rsync -av --relative {} "$GITHUB_WORKSPACE" \;

.github/workflows/upgrade_codeql_dependencies.yml

@@ -53,7 +53,7 @@ jobs:
           find c \( -name '*.ql' -or -name '*.qll' \) -print0 | xargs -0 --max-procs "$XARGS_MAX_PROCS" codeql query format --in-place
 
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5
+        uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v7.0.6
         with:
           title: "Upgrade `github/codeql` dependency to ${{ github.event.inputs.codeql_cli_version }}"
           body: |

c/cert/src/codeql-pack.lock.yml

@@ -2,17 +2,23 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/cpp-all:
-    version: 0.12.9
+    version: 1.4.2
   codeql/dataflow:
-    version: 0.2.3
+    version: 1.1.1
+  codeql/mad:
+    version: 1.0.7
   codeql/rangeanalysis:
-    version: 0.0.11
+    version: 1.0.7
   codeql/ssa:
-    version: 0.2.12
+    version: 1.0.7
   codeql/tutorial:
-    version: 0.2.12
+    version: 1.0.7
+  codeql/typeflow:
+    version: 1.0.7
   codeql/typetracking:
-    version: 0.2.12
+    version: 1.0.7
   codeql/util:
-    version: 0.2.12
+    version: 1.0.7
+  codeql/xml:
+    version: 1.0.7
 compiled: false

c/cert/src/qlpack.yml

@@ -1,8 +1,8 @@
 name: codeql/cert-c-coding-standards
-version: 2.39.0-dev
+version: 2.42.0-dev
 description: CERT C 2016
 suites: codeql-suites
 license: MIT
 dependencies:
   codeql/common-c-coding-standards: '*'
-  codeql/cpp-all: 0.12.9
+  codeql/cpp-all: 1.4.2

c/cert/src/rules/ARR37-C/DoNotUsePointerArithmeticOnNonArrayObjectPointers.ql

@@ -13,7 +13,7 @@
 
 import cpp
 import codingstandards.c.cert
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.DataFlow
 import NonArrayPointerToArrayIndexingExprFlow::PathGraph
 
 /**

c/cert/src/rules/ARR39-C/DoNotAddOrSubtractAScaledIntegerToAPointer.ql

@@ -14,7 +14,7 @@
 import cpp
 import codingstandards.c.cert
 import codingstandards.cpp.Pointers
-import codingstandards.cpp.dataflow.TaintTracking
+import semmle.code.cpp.dataflow.TaintTracking
 import ScaledIntegerPointerArithmeticFlow::PathGraph
 
 /**

c/cert/src/rules/CON30-C/CleanUpThreadSpecificStorage.ql

@@ -15,8 +15,8 @@
 import cpp
 import codingstandards.c.cert
 import codingstandards.cpp.Concurrency
-import codingstandards.cpp.dataflow.TaintTracking
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.TaintTracking
+import semmle.code.cpp.dataflow.DataFlow
 
 module TssCreateToTssDeleteConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node node) {

c/cert/src/rules/CON34-C/AppropriateThreadObjectStorageDurations.ql

@@ -16,8 +16,8 @@ import cpp
 import codingstandards.c.cert
 import codingstandards.c.Objects
 import codingstandards.cpp.Concurrency
-import codingstandards.cpp.dataflow.TaintTracking
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.TaintTracking
+import semmle.code.cpp.dataflow.DataFlow
 import semmle.code.cpp.commons.Alloc
 
 from C11ThreadCreateCall tcc, Expr arg

c/cert/src/rules/CON34-C/ThreadObjectStorageDurationsNotInitialized.ql

@@ -16,8 +16,8 @@
 import cpp
 import codingstandards.c.cert
 import codingstandards.cpp.Concurrency
-import codingstandards.cpp.dataflow.TaintTracking
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.TaintTracking
+import semmle.code.cpp.dataflow.DataFlow
 
 from TSSGetFunctionCall tsg, ThreadedFunction tf
 where

c/cert/src/rules/CON39-C/ThreadWasPreviouslyJoinedOrDetached.ql

@@ -14,37 +14,10 @@
 
 import cpp
 import codingstandards.c.cert
-import codingstandards.cpp.Concurrency
+import codingstandards.cpp.rules.joinordetachthreadonlyonce.JoinOrDetachThreadOnlyOnce
 
-// OK
-// 1) Thread calls detach parent DOES NOT call join
-// 2) Parent calls join, thread does NOT call detach()
-// NOT OK
-// 1) Thread calls detach, parent calls join
-// 2) Thread calls detach twice, parent does not call join
-// 3) Parent calls join twice, thread does not call detach
-from C11ThreadCreateCall tcc
-where
-  not isExcluded(tcc, Concurrency5Package::threadWasPreviouslyJoinedOrDetachedQuery()) and
-  // Note: These cases can be simplified but they are presented like this for clarity
-  // case 1 - calls to `thrd_join` and `thrd_detach` within the parent or
-  // within the parent / child CFG.
-  exists(C11ThreadWait tw, C11ThreadDetach dt |
-    tw = getAThreadContextAwareSuccessor(tcc) and
-    dt = getAThreadContextAwareSuccessor(tcc)
-  )
-  or
-  // case 2 - multiple calls to `thrd_detach` within the threaded CFG.
-  exists(C11ThreadDetach dt1, C11ThreadDetach dt2 |
-    dt1 = getAThreadContextAwareSuccessor(tcc) and
-    dt2 = getAThreadContextAwareSuccessor(tcc) and
-    not dt1 = dt2
-  )
-  or
-  // case 3 - multiple calls to `thrd_join` within the threaded CFG.
-  exists(C11ThreadWait tw1, C11ThreadWait tw2 |
-    tw1 = getAThreadContextAwareSuccessor(tcc) and
-    tw2 = getAThreadContextAwareSuccessor(tcc) and
-    not tw1 = tw2
-  )
-select tcc, "Thread may call join or detach after the thread is joined or detached."
+class ThreadWasPreviouslyJoinedOrDetachedQuery extends JoinOrDetachThreadOnlyOnceSharedQuery {
+  ThreadWasPreviouslyJoinedOrDetachedQuery() {
+    this = Concurrency5Package::threadWasPreviouslyJoinedOrDetachedQuery()
+  }
+}

c/cert/src/rules/DCL30-C/AppropriateStorageDurationsFunctionReturn.ql

@@ -14,7 +14,6 @@
 import cpp
 import codingstandards.c.cert
 import codingstandards.c.Objects
-import codingstandards.cpp.dataflow.DataFlow
 
 class Source extends Expr {
   ObjectIdentity rootObject;

c/cert/src/rules/ERR30-C/FunctionCallBeforeErrnoCheck.ql

@@ -14,7 +14,7 @@
 import cpp
 import codingstandards.c.cert
 import codingstandards.c.Errno
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.DataFlow
 
 /**
  * A call to an `OutOfBandErrnoSettingFunction`

c/cert/src/rules/EXP30-C/DependenceOnOrderOfFunctionArgumentsForSideEffects.ql

@@ -14,8 +14,8 @@
 import cpp
 import codingstandards.c.cert
 import codingstandards.cpp.SideEffect
-import codingstandards.cpp.dataflow.DataFlow
-import codingstandards.cpp.dataflow.TaintTracking
+import semmle.code.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.TaintTracking
 import semmle.code.cpp.valuenumbering.GlobalValueNumbering
 
 /** Holds if the function's return value is derived from the `AliasParamter` p. */

c/cert/src/rules/EXP36-C/DoNotCastPointerToMoreStrictlyAlignedPointerType.ql

@@ -14,7 +14,7 @@
 import cpp
 import codingstandards.c.cert
 import codingstandards.cpp.Alignment
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.DataFlow
 import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis
 import ExprWithAlignmentToCStyleCastFlow::PathGraph
 

c/cert/src/rules/EXP37-C/DoNotCallFunctionPointerWithIncompatibleType.ql

@@ -13,7 +13,7 @@
 
 import cpp
 import codingstandards.c.cert
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.DataFlow
 import SuspectFunctionPointerToCallFlow::PathGraph
 
 /**

c/cert/src/rules/EXP39-C/DoNotAccessVariableViaPointerOfIncompatibleType.ql

@@ -13,7 +13,7 @@
 
 import cpp
 import codingstandards.c.cert
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.DataFlow
 import semmle.code.cpp.controlflow.Dominance
 import IndirectCastFlow::PathGraph
 

c/cert/src/rules/EXP40-C/DoNotModifyConstantObjects.ql

@@ -12,7 +12,7 @@
 
 import cpp
 import codingstandards.c.cert
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.DataFlow
 import CastFlow::PathGraph
 import codingstandards.cpp.SideEffect
 

c/cert/src/rules/EXP43-C/RestrictPointerReferencesOverlappingObject.ql

@@ -11,7 +11,7 @@
  */
 
 import cpp
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.DataFlow
 import semmle.code.cpp.controlflow.Dominance
 import codingstandards.c.cert
 import codingstandards.cpp.Variable

c/cert/src/rules/FIO37-C/SuccessfulFgetsOrFgetwsMayReturnAnEmptyString.ql

@@ -14,7 +14,7 @@ import cpp
 import codingstandards.c.cert
 import codingstandards.cpp.FgetsErrorManagement
 import codingstandards.cpp.Dereferenced
-import codingstandards.cpp.dataflow.TaintTracking
+import semmle.code.cpp.dataflow.TaintTracking
 
 /*
  * CFG nodes that follows a successful call to `fgets`

c/cert/src/rules/FIO44-C/OnlyUseValuesForFsetposThatAreReturnedFromFgetpos.ql

@@ -12,7 +12,7 @@
 
 import cpp
 import codingstandards.c.cert
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.DataFlow
 
 class FgetposCall extends FunctionCall {
   FgetposCall() { this.getTarget().hasGlobalOrStdName("fgetpos") }

c/cert/src/rules/FIO45-C/ToctouRaceConditionsWhileAccessingFiles.ql

@@ -14,7 +14,7 @@
 import cpp
 import codingstandards.c.cert
 import codingstandards.cpp.standardlibrary.FileAccess
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.DataFlow
 import semmle.code.cpp.valuenumbering.GlobalValueNumbering
 
 /**

c/cert/src/rules/FLP32-C/UncheckedRangeDomainPoleErrors.md

@@ -345,7 +345,7 @@ Independent( INT34-C, FLP32-C, INT33-C) CWE-682 = Union( FLP32-C, list) where li
 
 ## Implementation notes
 
-None
+This query identifies possible domain, pole and range errors on a selection of C standard library fuctions from math.h.
 
 ## References
 

c/cert/src/rules/MEM35-C/InsufficientMemoryAllocatedForObject.ql

@@ -16,7 +16,7 @@ import cpp
 import codingstandards.c.cert
 import codingstandards.cpp.Overflow
 import semmle.code.cpp.controlflow.Guards
-import codingstandards.cpp.dataflow.TaintTracking
+import semmle.code.cpp.dataflow.TaintTracking
 import semmle.code.cpp.models.Models
 
 /**

c/cert/src/rules/MEM36-C/DoNotModifyAlignmentOfMemoryWithRealloc.ql

@@ -15,7 +15,7 @@
 import cpp
 import codingstandards.c.cert
 import codingstandards.cpp.Alignment
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.DataFlow
 import AlignedAllocToReallocFlow::PathGraph
 
 int getStatedValue(Expr e) {

c/cert/src/rules/MSC33-C/DoNotPassInvalidDataToTheAsctimeFunction.ql

@@ -14,7 +14,7 @@
 
 import cpp
 import codingstandards.c.cert
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.DataFlow
 
 /**
  * The argument of a call to `asctime`

c/cert/src/rules/MSC39-C/DoNotCallVaArgOnAVaListThatHasAnIndeterminateValue.ql

@@ -13,7 +13,7 @@
 import cpp
 import codingstandards.c.cert
 import codingstandards.cpp.Macro
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.DataFlow
 
 abstract class VaAccess extends Expr { }