Merge pull request #737 from github/codeql/upgrade-to-2.15.5

Upgrade `github/codeql` dependency to 2.15.5
github · Oct 8, 2024 · 2e8a503 · 2e8a503
2 parents 130c264 + 12b1c4e
commit 2e8a503
Show file tree

Hide file tree

Showing 34 changed files with 156 additions and 115 deletions.
diff --git a/c/cert/src/codeql-pack.lock.yml b/c/cert/src/codeql-pack.lock.yml
@@ -2,13 +2,17 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/cpp-all:
-    version: 0.9.3
+    version: 0.12.2
   codeql/dataflow:
+    version: 0.1.5
+  codeql/rangeanalysis:
     version: 0.0.4
   codeql/ssa:
-    version: 0.1.5
+    version: 0.2.5
   codeql/tutorial:
-    version: 0.1.5
+    version: 0.2.5
+  codeql/typetracking:
+    version: 0.2.5
   codeql/util:
-    version: 0.1.5
+    version: 0.2.5
 compiled: false
diff --git a/c/cert/src/qlpack.yml b/c/cert/src/qlpack.yml
@@ -5,4 +5,4 @@ suites: codeql-suites
 license: MIT
 dependencies:
   codeql/common-c-coding-standards: '*'
-  codeql/cpp-all: 0.9.3
+  codeql/cpp-all: 0.12.2
diff --git a/c/cert/test/codeql-pack.lock.yml b/c/cert/test/codeql-pack.lock.yml
@@ -2,13 +2,17 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/cpp-all:
-    version: 0.9.3
+    version: 0.12.2
   codeql/dataflow:
+    version: 0.1.5
+  codeql/rangeanalysis:
     version: 0.0.4
   codeql/ssa:
-    version: 0.1.5
+    version: 0.2.5
   codeql/tutorial:
-    version: 0.1.5
+    version: 0.2.5
+  codeql/typetracking:
+    version: 0.2.5
   codeql/util:
-    version: 0.1.5
+    version: 0.2.5
 compiled: false
diff --git a/c/common/src/codeql-pack.lock.yml b/c/common/src/codeql-pack.lock.yml
@@ -2,13 +2,17 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/cpp-all:
-    version: 0.9.3
+    version: 0.12.2
   codeql/dataflow:
+    version: 0.1.5
+  codeql/rangeanalysis:
     version: 0.0.4
   codeql/ssa:
-    version: 0.1.5
+    version: 0.2.5
   codeql/tutorial:
-    version: 0.1.5
+    version: 0.2.5
+  codeql/typetracking:
+    version: 0.2.5
   codeql/util:
-    version: 0.1.5
+    version: 0.2.5
 compiled: false
diff --git a/c/common/src/qlpack.yml b/c/common/src/qlpack.yml
@@ -3,4 +3,4 @@ version: 2.36.0-dev
 license: MIT
 dependencies:
   codeql/common-cpp-coding-standards: '*'
-  codeql/cpp-all: 0.9.3
+  codeql/cpp-all: 0.12.2
diff --git a/c/common/test/codeql-pack.lock.yml b/c/common/test/codeql-pack.lock.yml
@@ -2,13 +2,17 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/cpp-all:
-    version: 0.9.3
+    version: 0.12.2
   codeql/dataflow:
+    version: 0.1.5
+  codeql/rangeanalysis:
     version: 0.0.4
   codeql/ssa:
-    version: 0.1.5
+    version: 0.2.5
   codeql/tutorial:
-    version: 0.1.5
+    version: 0.2.5
+  codeql/typetracking:
+    version: 0.2.5
   codeql/util:
-    version: 0.1.5
+    version: 0.2.5
 compiled: false
diff --git a/c/misra/src/codeql-pack.lock.yml b/c/misra/src/codeql-pack.lock.yml
@@ -2,13 +2,17 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/cpp-all:
-    version: 0.9.3
+    version: 0.12.2
   codeql/dataflow:
+    version: 0.1.5
+  codeql/rangeanalysis:
     version: 0.0.4
   codeql/ssa:
-    version: 0.1.5
+    version: 0.2.5
   codeql/tutorial:
-    version: 0.1.5
+    version: 0.2.5
+  codeql/typetracking:
+    version: 0.2.5
   codeql/util:
-    version: 0.1.5
+    version: 0.2.5
 compiled: false
diff --git a/c/misra/src/qlpack.yml b/c/misra/src/qlpack.yml
@@ -6,4 +6,4 @@ license: MIT
 default-suite-file: codeql-suites/misra-c-default.qls
 dependencies:
   codeql/common-c-coding-standards: '*'
-  codeql/cpp-all: 0.9.3
+  codeql/cpp-all: 0.12.2
diff --git a/c/misra/src/rules/RULE-10-1/OperandsOfAnInappropriateEssentialType.ql b/c/misra/src/rules/RULE-10-1/OperandsOfAnInappropriateEssentialType.ql
@@ -15,7 +15,6 @@
 import cpp
 import codingstandards.c.misra
 import codingstandards.c.misra.EssentialTypes
-import codingstandards.cpp.Bitwise
 
 /**
  * Holds if the operator `operator` has an operand `child` that is of an inappropriate essential type
@@ -179,8 +178,7 @@ predicate isInappropriateEssentialType(
     child =
       [
         operator.(BinaryBitwiseOperation).getAnOperand(),
-        operator.(Bitwise::AssignBitwiseOperation).getAnOperand(),
-        operator.(ComplementExpr).getAnOperand()
+        operator.(AssignBitwiseOperation).getAnOperand(), operator.(ComplementExpr).getAnOperand()
       ] and
     not operator instanceof LShiftExpr and
     not operator instanceof RShiftExpr and

diff --git a/c/misra/src/rules/RULE-8-2/FunctionTypesNotInPrototypeForm.ql b/c/misra/src/rules/RULE-8-2/FunctionTypesNotInPrototypeForm.ql
@@ -49,11 +49,9 @@ where
     msg = "Function " + f + " does not specify void for no parameters present."
     or
     //parameters declared in declaration list (not in function signature)
-    //have placeholder file location associated only
-    exists(Parameter p |
-      p.getFunction() = f and
-      not p.getFile() = f.getFile() and
-      msg = "Function " + f + " declares parameter in unsupported declaration list."
-    )
+    //have no prototype
+    not f.isPrototyped() and
+    not hasZeroParamDecl(f) and
+    msg = "Function " + f + " declares parameter in unsupported declaration list."
   )
 select f, msg
diff --git a/c/misra/test/codeql-pack.lock.yml b/c/misra/test/codeql-pack.lock.yml
@@ -2,13 +2,17 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/cpp-all:
-    version: 0.9.3
+    version: 0.12.2
   codeql/dataflow:
+    version: 0.1.5
+  codeql/rangeanalysis:
     version: 0.0.4
   codeql/ssa:
-    version: 0.1.5
+    version: 0.2.5
   codeql/tutorial:
-    version: 0.1.5
+    version: 0.2.5
+  codeql/typetracking:
+    version: 0.2.5
   codeql/util:
-    version: 0.1.5
+    version: 0.2.5
 compiled: false
diff --git a/change_notes/2024-10-07-upgrade-to-2.15.5.md b/change_notes/2024-10-07-upgrade-to-2.15.5.md
@@ -0,0 +1 @@
+- Updated the CodeQL version to `2.15.5`.
diff --git a/cpp/autosar/src/codeql-pack.lock.yml b/cpp/autosar/src/codeql-pack.lock.yml
@@ -2,13 +2,17 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/cpp-all:
-    version: 0.9.3
+    version: 0.12.2
   codeql/dataflow:
+    version: 0.1.5
+  codeql/rangeanalysis:
     version: 0.0.4
   codeql/ssa:
-    version: 0.1.5
+    version: 0.2.5
   codeql/tutorial:
-    version: 0.1.5
+    version: 0.2.5
+  codeql/typetracking:
+    version: 0.2.5
   codeql/util:
-    version: 0.1.5
+    version: 0.2.5
 compiled: false
diff --git a/cpp/autosar/src/qlpack.yml b/cpp/autosar/src/qlpack.yml
@@ -5,4 +5,4 @@ suites: codeql-suites
 license: MIT
 dependencies:
   codeql/common-cpp-coding-standards: '*'
-  codeql/cpp-all: 0.9.3
+  codeql/cpp-all: 0.12.2
diff --git a/cpp/autosar/src/rules/M5-0-20/BitwiseOperatorOperandsHaveDifferentUnderlyingType.ql b/cpp/autosar/src/rules/M5-0-20/BitwiseOperatorOperandsHaveDifferentUnderlyingType.ql
@@ -16,15 +16,14 @@
 
 import cpp
 import codingstandards.cpp.autosar
-import codingstandards.cpp.Bitwise
 import codingstandards.cpp.Conversion
 
 predicate isBinaryBitwiseOperation(Operation o, VariableAccess l, VariableAccess r) {
   exists(BinaryBitwiseOperation bbo | bbo = o |
     l = bbo.getLeftOperand() and r = bbo.getRightOperand()
   )
   or
-  exists(Bitwise::AssignBitwiseOperation abo | abo = o |
+  exists(AssignBitwiseOperation abo | abo = o |
     l = abo.getLValue() and
     r = abo.getRValue()
   )

diff --git a/cpp/autosar/src/rules/M5-0-21/BitwiseOperatorAppliedToSignedTypes.ql b/cpp/autosar/src/rules/M5-0-21/BitwiseOperatorAppliedToSignedTypes.ql
@@ -17,15 +17,14 @@
 
 import cpp
 import codingstandards.cpp.autosar
-import codingstandards.cpp.Bitwise
 
 from Operation o, VariableAccess va
 where
   not isExcluded(o, ExpressionsPackage::bitwiseOperatorAppliedToSignedTypesQuery()) and
   (
     o instanceof UnaryBitwiseOperation or
     o instanceof BinaryBitwiseOperation or
-    o instanceof Bitwise::AssignBitwiseOperation
+    o instanceof AssignBitwiseOperation
   ) and
   o.getAnOperand() = va and
   va.getTarget().getUnderlyingType().(IntegralType).isSigned()

diff --git a/cpp/autosar/src/rules/M5-8-1/RightBitShiftOperandIsNegativeOrTooWide.ql b/cpp/autosar/src/rules/M5-8-1/RightBitShiftOperandIsNegativeOrTooWide.ql
@@ -17,7 +17,6 @@
 
 import cpp
 import codingstandards.cpp.autosar
-import codingstandards.cpp.Bitwise
 
 class ShiftOperation extends Operation {
   Expr leftOperand;
@@ -34,7 +33,7 @@ class ShiftOperation extends Operation {
       rightOperand = o.getRightOperand()
     )
     or
-    exists(Bitwise::AssignBitwiseOperation o | this = o |
+    exists(AssignBitwiseOperation o | this = o |
       (
         o instanceof AssignLShiftExpr
         or

diff --git a/cpp/autosar/test/codeql-pack.lock.yml b/cpp/autosar/test/codeql-pack.lock.yml
@@ -2,13 +2,17 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/cpp-all:
-    version: 0.9.3
+    version: 0.12.2
   codeql/dataflow:
+    version: 0.1.5
+  codeql/rangeanalysis:
     version: 0.0.4
   codeql/ssa:
-    version: 0.1.5
+    version: 0.2.5
   codeql/tutorial:
-    version: 0.1.5
+    version: 0.2.5
+  codeql/typetracking:
+    version: 0.2.5
   codeql/util:
-    version: 0.1.5
+    version: 0.2.5
 compiled: false
diff --git a/cpp/cert/src/codeql-pack.lock.yml b/cpp/cert/src/codeql-pack.lock.yml
@@ -2,13 +2,17 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/cpp-all:
-    version: 0.9.3
+    version: 0.12.2
   codeql/dataflow:
+    version: 0.1.5
+  codeql/rangeanalysis:
     version: 0.0.4
   codeql/ssa:
-    version: 0.1.5
+    version: 0.2.5
   codeql/tutorial:
-    version: 0.1.5
+    version: 0.2.5
+  codeql/typetracking:
+    version: 0.2.5
   codeql/util:
-    version: 0.1.5
+    version: 0.2.5
 compiled: false
diff --git a/cpp/cert/src/qlpack.yml b/cpp/cert/src/qlpack.yml
@@ -4,5 +4,5 @@ description: CERT C++ 2016
 suites: codeql-suites
 license: MIT
 dependencies:
-  codeql/cpp-all: 0.9.3
+  codeql/cpp-all: 0.12.2
   codeql/common-cpp-coding-standards: '*'
diff --git a/cpp/cert/src/rules/MEM53-CPP/ManuallyManagedLifetime.qll b/cpp/cert/src/rules/MEM53-CPP/ManuallyManagedLifetime.qll
@@ -14,12 +14,15 @@ module AllocToStaticCastConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) {
     exists(AllocationExpr ae |
       ae.getType().getUnspecifiedType() instanceof VoidPointerType and
-      source.asExpr() = ae and
-      // Ignore realloc, as that memory may already be partially constructed
-      not ae.(FunctionCall).getTarget().getName().toLowerCase().matches("%realloc%")
+      source.asExpr() = ae
     )
   }
 
+  predicate isBarrier(DataFlow::Node sanitizer) {
+    // Ignore realloc, as that memory may already be partially constructed
+    sanitizer.asExpr().(FunctionCall).getTarget().getName().toLowerCase().matches("%realloc%")
+  }
+
   predicate isSink(DataFlow::Node sink) {
     exists(StaticOrCStyleCast sc, Class nonTrivialClass |
       sc.getExpr() = sink.asExpr() and

diff --git a/cpp/cert/test/codeql-pack.lock.yml b/cpp/cert/test/codeql-pack.lock.yml
@@ -2,13 +2,17 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/cpp-all:
-    version: 0.9.3
+    version: 0.12.2
   codeql/dataflow:
+    version: 0.1.5
+  codeql/rangeanalysis:
     version: 0.0.4
   codeql/ssa:
-    version: 0.1.5
+    version: 0.2.5
   codeql/tutorial:
-    version: 0.1.5
+    version: 0.2.5
+  codeql/typetracking:
+    version: 0.2.5
   codeql/util:
-    version: 0.1.5
+    version: 0.2.5
 compiled: false
diff --git a/cpp/common/src/codeql-pack.lock.yml b/cpp/common/src/codeql-pack.lock.yml
@@ -2,13 +2,17 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/cpp-all:
-    version: 0.9.3
+    version: 0.12.2
   codeql/dataflow:
+    version: 0.1.5
+  codeql/rangeanalysis:
     version: 0.0.4
   codeql/ssa:
-    version: 0.1.5
+    version: 0.2.5
   codeql/tutorial:
-    version: 0.1.5
+    version: 0.2.5
+  codeql/typetracking:
+    version: 0.2.5
   codeql/util:
-    version: 0.1.5
+    version: 0.2.5
 compiled: false