Merge remote-tracking branch 'upstream/main' into next

Author: jketema

.github/workflows/code-scanning-pack-gen.yml

@@ -103,7 +103,7 @@ jobs:
           codeql query compile --precompile --threads 0 c
 
           cd ..
-          zip -r codeql-coding-standards/code-scanning-cpp-query-pack.zip codeql-coding-standards/c/ codeql-coding-standards/cpp/ codeql-coding-standards/.codeqlmanifest.json codeql-coding-standards/supported_codeql_configs.json codeql-coding-standards/scripts/configuration codeql-coding-standards/scripts/reports codeql-coding-standards/scripts/shared codeql-coding-standards/scripts/guideline_recategorization codeql-coding-standards/scripts/shared codeql-coding-standards/scripts/schemas
+          zip -r codeql-coding-standards/code-scanning-cpp-query-pack.zip codeql-coding-standards/c/ codeql-coding-standards/cpp/ codeql-coding-standards/.codeqlmanifest.json codeql-coding-standards/supported_codeql_configs.json codeql-coding-standards/scripts/configuration codeql-coding-standards/scripts/reports codeql-coding-standards/scripts/shared codeql-coding-standards/scripts/guideline_recategorization codeql-coding-standards/schemas
 
       - name: Upload GHAS Query Pack
         uses: actions/upload-artifact@v2

.github/workflows/dispatch-matrix-check.yml

@@ -1,8 +1,8 @@
-name: 🤖 Run Matrix Check 
+name: 🤖 Run Matrix Check
 
 on:
   pull_request_target:
-    types: [synchronize,opened]
+    types: [synchronize, opened]
     branches:
       - "matrix/**"
   workflow_dispatch:
@@ -11,29 +11,27 @@ jobs:
   dispatch-matrix-check:
     runs-on: ubuntu-22.04
     steps:
-
       - name: Test Variables
         shell: pwsh
         run: |
-          Write-Host "Running as: ${{github.actor}}"    
-    
+          Write-Host "Running as: ${{github.actor}}"
+
       - name: Dispatch Matrix Testing Job
-        if: ${{ contains(fromJSON('["jsinglet", "mbaluda", "lcartey", "rvermeulen", "ravikprasad", "jeongsoolee09", "hohn", "knewbury01", "kraiouchkine"]'), github.actor) }}
+        if: ${{ contains(fromJSON('["mbaluda", "lcartey", "rvermeulen", "ravikprasad", "jeongsoolee09", "hohn", "knewbury01", "nicolaswill"]'), github.actor) }}
         uses: peter-evans/repository-dispatch@v2
         with:
           token: ${{ secrets.RELEASE_ENGINEERING_TOKEN }}
           repository: github/codeql-coding-standards-release-engineering
           event-type: matrix-test
-          client-payload: '{"pr": "${{ github.event.number  }}"}'
-
+          client-payload: '{"pr": "${{ github.event.number }}"}'
 
       - uses: actions/github-script@v6
-        if: ${{ contains(fromJSON('["jsinglet", "mbaluda", "lcartey", "rvermeulen", "ravikprasad", "jeongsoolee09", "hohn", "knewbury01", "kraiouchkine"]'), github.actor) }}
+        if: ${{ contains(fromJSON('["mbaluda", "lcartey", "rvermeulen", "ravikprasad", "jeongsoolee09", "hohn", "knewbury01", "nicolaswill"]'), github.actor) }}
         with:
           script: |
             github.rest.issues.createComment({
               issue_number: context.issue.number,
               owner: context.repo.owner,
               repo: context.repo.repo,
               body: '🤖 Beep Boop! Matrix Testing for this PR has been initiated. Please check back later for results. <br><br> :bulb: If you do not hear back from me please check my status! **I will report even if this PR does not contain files eligible for matrix testing.**'
-            })
+            })

.github/workflows/dispatch-matrix-test-on-comment.yml

@@ -8,26 +8,23 @@ on:
       - "rc/**"
       - next
 
-
 jobs:
   dispatch-matrix-check:
     runs-on: ubuntu-22.04
     steps:
-
       - name: Test Variables
         shell: pwsh
         run: |
           Write-Host "Running as: ${{github.actor}}"    
 
           $actor = "${{github.actor}}"
 
-          $acl = @("jsinglet","mbaluda", "lcartey", "rvermeulen", "ravikprasad", "jeongsoolee09", "hohn", "knewbury01", "kraiouchkine") 
+          $acl = @("mbaluda", "lcartey", "rvermeulen", "ravikprasad", "jeongsoolee09", "hohn", "knewbury01", "nicolaswill") 
 
           if(-not ($actor -in $acl)){
             throw "Refusing to run workflow for user not in acl."
           }
 
-
       - name: Dispatch Matrix Testing Job
         if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-matrix') }}
         uses: peter-evans/repository-dispatch@v2

.github/workflows/dispatch-release-performance-check.yml

@@ -12,15 +12,14 @@ jobs:
   dispatch-matrix-check:
     runs-on: ubuntu-22.04
     steps:
-
       - name: Test Variables
         shell: pwsh
         run: |
           Write-Host "Running as: ${{github.actor}}"    
 
           $actor = "${{github.actor}}"
 
-          $acl = @("jsinglet","mbaluda", "lcartey", "rvermeulen", "ravikprasad", "jeongsoolee09", "hohn", "knewbury01", "kraiouchkine") 
+          $acl = @("mbaluda", "lcartey", "rvermeulen", "ravikprasad", "jeongsoolee09", "hohn", "knewbury01", "nicolaswill") 
 
           if(-not ($actor -in $acl)){
             throw "Refusing to run workflow for user not in acl."
@@ -33,8 +32,7 @@ jobs:
           token: ${{ secrets.RELEASE_ENGINEERING_TOKEN }}
           repository: github/codeql-coding-standards-release-engineering
           event-type: performance-test
-          client-payload: '{"pr": "${{ github.event.issue.number  }}"}'
-
+          client-payload: '{"pr": "${{ github.event.issue.number }}"}'
 
       - uses: actions/github-script@v6
         if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-performance') }}
@@ -45,4 +43,4 @@ jobs:
               owner: context.repo.owner,
               repo: context.repo.repo,
               body: '🏁 Beep Boop! Performance testing for this PR has been initiated. Please check back later for results. Note that the query package generation step must complete before testing  will start so it might be a minute. <br><br> :bulb: If you do not hear back from me please check my status! **I will report even if I fail!**'
-            })
+            })

README.md

@@ -10,10 +10,15 @@ This repository contains CodeQL queries and libraries which support various Codi
 
 The following coding standards are supported:
 - [AUTOSAR - Guidelines for the use of C++14 language in critical and safety-related systems (Releases R22-11, R20-11, R19-11 and R19-03)](https://www.autosar.org/fileadmin/standards/R22-11/AP/AUTOSAR_RS_CPP14Guidelines.pdf). 
-- [MISRA C++:2008](https://www.misra.org.uk) (support limited to the rules specified in AUTOSAR).
 - [SEI CERT C++ Coding Standard: Rules for Developing Safe, Reliable, and Secure Systems (2016 Edition)](https://resources.sei.cmu.edu/library/asset-view.cfm?assetID=494932)
 - [SEI CERT C Coding Standard: Rules for Developing Safe, Reliable, and Secure Systems (2016 Edition)](https://resources.sei.cmu.edu/downloads/secure-coding/assets/sei-cert-c-coding-standard-2016-v01.pdf)
-- [MISRA C 2012](https://www.misra.org.uk/product/misra-c2012-third-edition-first-revision/).
+- [MISRA C 2012, 3rd Edition, 1st revision](https://www.misra.org.uk/product/misra-c2012-third-edition-first-revision/) (incoporating Amendment 1 & Technical Corrigendum 1). In addition, we support the following additional amendments and technical corrigendums:
+   - [MISRA C 2012 Amendment 2](https://misra.org.uk/app/uploads/2021/06/MISRA-C-2012-AMD2.pdf)
+   - [MISRA C 2012 Technical Corrigendum 2](https://misra.org.uk/app/uploads/2022/04/MISRA-C-2012-TC2.pdf)
+
+## :construction: Standards under development :construction:
+
+- [MISRA C++ 2023](https://misra.org.uk/product/misra-cpp2023/) - under development _scheduled for release 2024 Q4_.
 
 ## How do I use the CodeQL Coding Standards Queries?
 

c/cert/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cert-c-coding-standards
-version: 2.29.0-dev
+version: 2.35.0-dev
 description: CERT C 2016
 suites: codeql-suites
 license: MIT

c/cert/src/rules/ARR39-C/DoNotAddOrSubtractAScaledIntegerToAPointer.ql

@@ -13,7 +13,7 @@
 
 import cpp
 import codingstandards.c.cert
-import codingstandards.c.Pointers
+import codingstandards.cpp.Pointers
 import semmle.code.cpp.dataflow.TaintTracking
 import ScaledIntegerPointerArithmeticFlow::PathGraph
 

c/cert/src/rules/EXP43-C/DoNotPassAliasedPointerToRestrictQualifiedParam.ql

@@ -12,177 +12,11 @@
 
 import cpp
 import codingstandards.c.cert
-import codingstandards.c.Pointers
-import codingstandards.c.Variable
-import semmle.code.cpp.dataflow.DataFlow
-import semmle.code.cpp.pointsto.PointsTo
-import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis
+import codingstandards.cpp.rules.donotpassaliasedpointertorestrictqualifiedparamshared.DoNotPassAliasedPointerToRestrictQualifiedParamShared
 
-/**
- * A function that has a parameter with a restrict-qualified pointer type.
- */
-class FunctionWithRestrictParameters extends Function {
-  Parameter restrictPtrParam;
-
-  FunctionWithRestrictParameters() {
-    restrictPtrParam.getUnspecifiedType() instanceof PointerOrArrayType and
-    (
-      restrictPtrParam.getType().hasSpecifier(["restrict"]) and
-      restrictPtrParam = this.getAParameter()
-      or
-      this.hasGlobalName(["strcpy", "strncpy", "strcat", "strncat", "memcpy"]) and
-      restrictPtrParam = this.getParameter([0, 1])
-      or
-      this.hasGlobalName(["strcpy_s", "strncpy_s", "strcat_s", "strncat_s", "memcpy_s"]) and
-      restrictPtrParam = this.getParameter([0, 2])
-      or
-      this.hasGlobalName(["strtok_s"]) and
-      restrictPtrParam = this.getAParameter()
-      or
-      this.hasGlobalName(["printf", "printf_s", "scanf", "scanf_s"]) and
-      restrictPtrParam = this.getParameter(0)
-      or
-      this.hasGlobalName(["sprintf", "sprintf_s", "snprintf", "snprintf_s"]) and
-      restrictPtrParam = this.getParameter(3)
-    )
-  }
-
-  Parameter getARestrictPtrParam() { result = restrictPtrParam }
-}
-
-/**
- * A call to a function that has a parameter with a restrict-qualified pointer type.
- */
-class CallToFunctionWithRestrictParameters extends FunctionCall {
-  CallToFunctionWithRestrictParameters() {
-    this.getTarget() instanceof FunctionWithRestrictParameters
-  }
-
-  Expr getARestrictPtrArg() {
-    result =
-      this.getArgument(this.getTarget()
-            .(FunctionWithRestrictParameters)
-            .getARestrictPtrParam()
-            .getIndex())
-  }
-
-  Expr getAPtrArg(int index) {
-    result = this.getArgument(index) and
-    pointerValue(result)
-  }
-
-  Expr getAPossibleSizeArg() {
-    exists(Parameter param |
-      param = this.getTarget().(FunctionWithRestrictParameters).getAParameter() and
-      param.getUnderlyingType() instanceof IntegralType and
-      // exclude __builtin_object_size
-      not result.(FunctionCall).getTarget() instanceof BuiltInFunction and
-      result = this.getArgument(param.getIndex())
-    )
-  }
-}
-
-/**
- * A `PointsToExpr` that is an argument of a pointer-type in a `CallToFunctionWithRestrictParameters`
- */
-class CallToFunctionWithRestrictParametersArgExpr extends Expr {
-  int paramIndex;
-
-  CallToFunctionWithRestrictParametersArgExpr() {
-    this = any(CallToFunctionWithRestrictParameters call).getAPtrArg(paramIndex)
+class DoNotPassAliasedPointerToRestrictQualifiedParamQuery extends DoNotPassAliasedPointerToRestrictQualifiedParamSharedSharedQuery
+{
+  DoNotPassAliasedPointerToRestrictQualifiedParamQuery() {
+    this = Pointers3Package::doNotPassAliasedPointerToRestrictQualifiedParamQuery()
   }
-
-  int getParamIndex() { result = paramIndex }
-}
-
-int getStatedValue(Expr e) {
-  // `upperBound(e)` defaults to `exprMaxVal(e)` when `e` isn't analyzable. So to get a meaningful
-  // result in this case we pick the minimum value obtainable from dataflow and range analysis.
-  result =
-    upperBound(e)
-        .minimum(min(Expr source | DataFlow::localExprFlow(source, e) | source.getValue().toInt()))
-}
-
-int getPointerArithmeticOperandStatedValue(CallToFunctionWithRestrictParametersArgExpr expr) {
-  result = getStatedValue(expr.(PointerArithmeticExpr).getOperand())
-  or
-  // edge-case: &(array[index]) expressions
-  result = getStatedValue(expr.(AddressOfExpr).getOperand().(PointerArithmeticExpr).getOperand())
-  or
-  // fall-back if `expr` is not a pointer arithmetic expression
-  not expr instanceof PointerArithmeticExpr and
-  not expr.(AddressOfExpr).getOperand() instanceof PointerArithmeticExpr and
-  result = 0
 }
-
-module PointerValueToRestrictArgConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { pointerValue(source.asExpr()) }
-
-  predicate isSink(DataFlow::Node sink) {
-    exists(CallToFunctionWithRestrictParameters call |
-      sink.asExpr() = call.getAPtrArg(_).getAChild*()
-    )
-  }
-
-  predicate isBarrierIn(DataFlow::Node node) {
-    exists(AddressOfExpr a | node.asExpr() = a.getOperand().getAChild*())
-  }
-}
-
-module PointerValueToRestrictArgFlow = DataFlow::Global<PointerValueToRestrictArgConfig>;
-
-from
-  CallToFunctionWithRestrictParameters call, CallToFunctionWithRestrictParametersArgExpr arg1,
-  CallToFunctionWithRestrictParametersArgExpr arg2, int argOffset1, int argOffset2, Expr source1,
-  Expr source2, string sourceMessage1, string sourceMessage2
-where
-  not isExcluded(call, Pointers3Package::doNotPassAliasedPointerToRestrictQualifiedParamQuery()) and
-  arg1 = call.getARestrictPtrArg() and
-  arg2 = call.getAPtrArg(_) and
-  // enforce ordering to remove permutations if multiple restrict-qualified args exist
-  (not arg2 = call.getARestrictPtrArg() or arg2.getParamIndex() > arg1.getParamIndex()) and
-  (
-    // check if two pointers address the same object
-    PointerValueToRestrictArgFlow::flow(DataFlow::exprNode(source1),
-      DataFlow::exprNode(arg1.getAChild*())) and
-    (
-      // one pointer value flows to both args
-      PointerValueToRestrictArgFlow::flow(DataFlow::exprNode(source1),
-        DataFlow::exprNode(arg2.getAChild*())) and
-      sourceMessage1 = "$@" and
-      sourceMessage2 = "source" and
-      source1 = source2
-      or
-      // there are two separate values that flow from an AddressOfExpr of the same target
-      getAddressOfExprTargetBase(source1) = getAddressOfExprTargetBase(source2) and
-      PointerValueToRestrictArgFlow::flow(DataFlow::exprNode(source2),
-        DataFlow::exprNode(arg2.getAChild*())) and
-      sourceMessage1 = "a pair of address-of expressions ($@, $@)" and
-      sourceMessage2 = "addressof1" and
-      not source1 = source2
-    )
-  ) and
-  // get the offset of the pointer arithmetic operand (or '0' if there is none)
-  argOffset1 = getPointerArithmeticOperandStatedValue(arg1) and
-  argOffset2 = getPointerArithmeticOperandStatedValue(arg2) and
-  (
-    // case 1: the pointer args are the same.
-    // (definite aliasing)
-    argOffset1 = argOffset2
-    or
-    // case 2: the pointer args are different, a size arg exists,
-    // and the size arg is greater than the difference between the offsets.
-    // (potential aliasing)
-    exists(Expr sizeArg |
-      sizeArg = call.getAPossibleSizeArg() and
-      getStatedValue(sizeArg) > (argOffset1 - argOffset2).abs()
-    )
-    or
-    // case 3: the pointer args are different, and a size arg does not exist
-    // (potential aliasing)
-    not exists(call.getAPossibleSizeArg())
-  )
-select call,
-  "Call to '" + call.getTarget().getName() + "' passes an $@ to a $@ (pointer value derived from " +
-    sourceMessage1 + ".", arg2, "aliased pointer", arg1, "restrict-qualified parameter", source1,
-  sourceMessage2, source2, "addressof2"

c/cert/src/rules/EXP43-C/RestrictPointerReferencesOverlappingObject.ql

@@ -14,7 +14,7 @@ import cpp
 import semmle.code.cpp.dataflow.DataFlow
 import semmle.code.cpp.controlflow.Dominance
 import codingstandards.c.cert
-import codingstandards.c.Variable
+import codingstandards.cpp.Variable
 
 /**
  * An `Expr` that is an assignment or initialization to a restrict-qualified pointer-type variable.

c/cert/src/rules/INT30-C/UnsignedIntegerOperationsWrapAround.ql

@@ -15,24 +15,11 @@
 
 import cpp
 import codingstandards.c.cert
-import codingstandards.cpp.Overflow
-import semmle.code.cpp.controlflow.Guards
-import semmle.code.cpp.valuenumbering.GlobalValueNumbering
+import codingstandards.cpp.rules.unsignedoperationwithconstantoperandswraps.UnsignedOperationWithConstantOperandsWraps
 
-from InterestingOverflowingOperation op
-where
-  not isExcluded(op, IntegerOverflowPackage::unsignedIntegerOperationsWrapAroundQuery()) and
-  op.getType().getUnderlyingType().(IntegralType).isUnsigned() and
-  // Not within a guard condition
-  not exists(GuardCondition gc | gc.getAChild*() = op) and
-  // Not guarded by a check, where the check is not an invalid overflow check
-  not op.hasValidPreCheck() and
-  // Is not checked after the operation
-  not op.hasValidPostCheck() and
-  // Permitted by exception 3
-  not op instanceof LShiftExpr and
-  // Permitted by exception 2 - zero case is handled in separate query
-  not op instanceof DivExpr and
-  not op instanceof RemExpr
-select op,
-  "Operation " + op.getOperator() + " of type " + op.getType().getUnderlyingType() + " may wrap."
+class UnsignedIntegerOperationsWrapAroundQuery extends UnsignedOperationWithConstantOperandsWrapsSharedQuery
+{
+  UnsignedIntegerOperationsWrapAroundQuery() {
+    this = IntegerOverflowPackage::unsignedIntegerOperationsWrapAroundQuery()
+  }
+}