Skip to content

Commit 5f61284

Browse files
committed
Update CodeQL dependencies and fix various issues
- Updated CodeQL to v2.23.3. - Improved error messages in EXP37-C and EXP50-CPP . - FIxed false negatives in `RULE-14-3`, `RULE-2-3` and `A0-1-6`
1 parent d66ec8d commit 5f61284

48 files changed

Lines changed: 299 additions & 244 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

c/cert/src/codeql-pack.lock.yml

Lines changed: 13 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -3,26 +3,28 @@ lockVersion: 1.0.0
33
dependencies:
44
advanced-security/qtil:
55
version: 0.0.3
6+
codeql/controlflow:
7+
version: 2.0.17
68
codeql/cpp-all:
7-
version: 5.0.0
9+
version: 6.0.0
810
codeql/dataflow:
9-
version: 2.0.8
11+
version: 2.0.17
1012
codeql/mad:
11-
version: 1.0.24
13+
version: 1.0.33
1214
codeql/quantum:
13-
version: 0.0.2
15+
version: 0.0.11
1416
codeql/rangeanalysis:
15-
version: 1.0.24
17+
version: 1.0.33
1618
codeql/ssa:
17-
version: 2.0.0
19+
version: 2.0.9
1820
codeql/tutorial:
19-
version: 1.0.24
21+
version: 1.0.33
2022
codeql/typeflow:
21-
version: 1.0.24
23+
version: 1.0.33
2224
codeql/typetracking:
23-
version: 2.0.8
25+
version: 2.0.17
2426
codeql/util:
25-
version: 2.0.11
27+
version: 2.0.20
2628
codeql/xml:
27-
version: 1.0.24
29+
version: 1.0.33
2830
compiled: false

c/cert/src/qlpack.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,4 +6,4 @@ license: MIT
66
default-suite-file: codeql-suites/cert-c-default.qls
77
dependencies:
88
codeql/common-c-coding-standards: '*'
9-
codeql/cpp-all: 5.0.0
9+
codeql/cpp-all: 6.0.0

c/cert/src/rules/ARR32-C/VariableLengthArraySizeNotInValidRange.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@
2020
import cpp
2121
import codingstandards.c.cert
2222
import codingstandards.cpp.Overflow
23-
import semmle.code.cpp.dataflow.new.TaintTracking
23+
import semmle.code.cpp.dataflow.TaintTracking
2424

2525
/**
2626
* Gets the maximum size (in bytes) a variable-length array

c/cert/src/rules/EXP37-C/DoNotCallFunctionsWithIncompatibleArguments.ql

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -29,5 +29,5 @@ where
2929
complexArgumentPassedToRealParameter(fc, f, p)
3030
)
3131
select fc,
32-
"Argument $@ in call to " + f.toString() + " is incompatible with parameter " + p.getTypedName() +
33-
".", fc.getArgument(p.getIndex()) as arg, arg.toString()
32+
"Argument $@ in call to " + f.toString() + " is incompatible with the function parameter type.",
33+
fc.getArgument(p.getIndex()) as arg, arg.toString()

c/cert/test/codeql-pack.lock.yml

Lines changed: 13 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -3,26 +3,28 @@ lockVersion: 1.0.0
33
dependencies:
44
advanced-security/qtil:
55
version: 0.0.3
6+
codeql/controlflow:
7+
version: 2.0.17
68
codeql/cpp-all:
7-
version: 5.0.0
9+
version: 6.0.0
810
codeql/dataflow:
9-
version: 2.0.8
11+
version: 2.0.17
1012
codeql/mad:
11-
version: 1.0.24
13+
version: 1.0.33
1214
codeql/quantum:
13-
version: 0.0.2
15+
version: 0.0.11
1416
codeql/rangeanalysis:
15-
version: 1.0.24
17+
version: 1.0.33
1618
codeql/ssa:
17-
version: 2.0.0
19+
version: 2.0.9
1820
codeql/tutorial:
19-
version: 1.0.24
21+
version: 1.0.33
2022
codeql/typeflow:
21-
version: 1.0.24
23+
version: 1.0.33
2224
codeql/typetracking:
23-
version: 2.0.8
25+
version: 2.0.17
2426
codeql/util:
25-
version: 2.0.11
27+
version: 2.0.20
2628
codeql/xml:
27-
version: 1.0.24
29+
version: 1.0.33
2830
compiled: false

c/cert/test/rules/ARR32-C/VariableLengthArraySizeNotInValidRange.expected

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,5 @@
1+
WARNING: module 'DataFlow' has been deprecated and may be removed in future (VariableLengthArraySizeNotInValidRange.ql:110,11-19)
2+
WARNING: module 'TaintTracking' has been deprecated and may be removed in future (VariableLengthArraySizeNotInValidRange.ql:93,5-18)
13
| test.c:14:8:14:8 | VLA declaration | Variable-length array dimension size may be in an invalid range. |
24
| test.c:15:8:15:8 | VLA declaration | Variable-length array dimension size may be in an invalid range. |
35
| test.c:16:8:16:8 | VLA declaration | Variable-length array dimension size may be in an invalid range. |
Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,3 @@
1-
| test.c:83:12:83:16 | call to atan2 | Argument $@ in call to atan2 is incompatible with parameter double (unnamed parameter 0). | test.c:83:18:83:18 | c | c |
2-
| test.c:93:3:93:12 | call to test_func1 | Argument $@ in call to test_func1 is incompatible with parameter short p1. | test.c:93:14:93:15 | p1 | p1 |
3-
| test.c:94:3:94:12 | call to test_func1 | Argument $@ in call to test_func1 is incompatible with parameter short p1. | test.c:94:14:94:15 | p2 | p2 |
1+
| test.c:83:12:83:16 | call to atan2 | Argument $@ in call to atan2 is incompatible with the function parameter type. | test.c:83:18:83:18 | c | c |
2+
| test.c:93:3:93:12 | call to test_func1 | Argument $@ in call to test_func1 is incompatible with the function parameter type. | test.c:93:14:93:15 | p1 | p1 |
3+
| test.c:94:3:94:12 | call to test_func1 | Argument $@ in call to test_func1 is incompatible with the function parameter type. | test.c:94:14:94:15 | p2 | p2 |

c/cert/test/rules/MEM35-C/InsufficientMemoryAllocatedForObject.expected

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,5 @@
1+
WARNING: module 'TaintTracking' has been deprecated and may be removed in future (InsufficientMemoryAllocatedForObject.ql:89,5-18)
2+
WARNING: module 'TaintTracking' has been deprecated and may be removed in future (InsufficientMemoryAllocatedForObject.ql:147,5-18)
13
| test.c:12:19:12:24 | call to malloc | Allocation size (32 bytes) is not a multiple of the size of 'S1' (36 bytes). | test.c:12:26:12:32 | 32 | |
24
| test.c:15:19:15:24 | call to malloc | Allocation size calculated from the size of a different type ($@). | test.c:15:26:15:35 | sizeof(<expr>) | sizeof(S1 *) |
35
| test.c:20:19:20:24 | call to malloc | Allocation size (128 bytes) is not a multiple of the size of 'S1' (36 bytes). | test.c:20:26:20:36 | ... * ... | |
Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
| test.c:10:3:10:18 | call to log_local_unsafe | Asyncronous-unsafe function calls within a $@ can lead to undefined behavior. | test.c:16:7:16:12 | call to signal | signal handler |
2-
| test.c:11:3:11:6 | call to free | Asyncronous-unsafe function calls within a $@ can lead to undefined behavior. | test.c:16:7:16:12 | call to signal | signal handler |
3-
| test.c:46:3:46:9 | call to longjmp | Asyncronous-unsafe function calls within a $@ can lead to undefined behavior. | test.c:50:7:50:12 | call to signal | signal handler |
4-
| test.c:76:7:76:11 | call to raise | Asyncronous-unsafe function calls within a $@ can lead to undefined behavior. | test.c:91:7:91:12 | call to signal | signal handler |
1+
| test.c:10:3:10:18 | call to log_local_unsafe | Asynchronous-unsafe function calls within a $@ can lead to undefined behavior. | test.c:16:7:16:12 | call to signal | signal handler |
2+
| test.c:11:3:11:6 | call to free | Asynchronous-unsafe function calls within a $@ can lead to undefined behavior. | test.c:16:7:16:12 | call to signal | signal handler |
3+
| test.c:46:3:46:9 | call to longjmp | Asynchronous-unsafe function calls within a $@ can lead to undefined behavior. | test.c:50:7:50:12 | call to signal | signal handler |
4+
| test.c:76:7:76:11 | call to raise | Asynchronous-unsafe function calls within a $@ can lead to undefined behavior. | test.c:91:7:91:12 | call to signal | signal handler |

c/common/src/codeql-pack.lock.yml

Lines changed: 13 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -3,26 +3,28 @@ lockVersion: 1.0.0
33
dependencies:
44
advanced-security/qtil:
55
version: 0.0.3
6+
codeql/controlflow:
7+
version: 2.0.17
68
codeql/cpp-all:
7-
version: 5.0.0
9+
version: 6.0.0
810
codeql/dataflow:
9-
version: 2.0.8
11+
version: 2.0.17
1012
codeql/mad:
11-
version: 1.0.24
13+
version: 1.0.33
1214
codeql/quantum:
13-
version: 0.0.2
15+
version: 0.0.11
1416
codeql/rangeanalysis:
15-
version: 1.0.24
17+
version: 1.0.33
1618
codeql/ssa:
17-
version: 2.0.0
19+
version: 2.0.9
1820
codeql/tutorial:
19-
version: 1.0.24
21+
version: 1.0.33
2022
codeql/typeflow:
21-
version: 1.0.24
23+
version: 1.0.33
2224
codeql/typetracking:
23-
version: 2.0.8
25+
version: 2.0.17
2426
codeql/util:
25-
version: 2.0.11
27+
version: 2.0.20
2628
codeql/xml:
27-
version: 1.0.24
29+
version: 1.0.33
2830
compiled: false

0 commit comments

Comments
 (0)