diff --git a/c/cert/src/codeql-pack.lock.yml b/c/cert/src/codeql-pack.lock.yml index a7035a9f24..e7600d8458 100644 --- a/c/cert/src/codeql-pack.lock.yml +++ b/c/cert/src/codeql-pack.lock.yml @@ -2,7 +2,9 @@ lockVersion: 1.0.0 dependencies: codeql/cpp-all: - version: 0.4.6 + version: 0.6.1 codeql/ssa: + version: 0.0.14 + codeql/tutorial: version: 0.0.7 compiled: false diff --git a/c/cert/src/codeql-suites/cert-default.qls b/c/cert/src/codeql-suites/cert-default.qls index 1e11a0afca..7ad2fc1a99 100644 --- a/c/cert/src/codeql-suites/cert-default.qls +++ b/c/cert/src/codeql-suites/cert-default.qls @@ -6,4 +6,4 @@ - path-problem - exclude: tags contain: - - external/cert/default-disabled + - external/cert/default-disabled \ No newline at end of file diff --git a/c/cert/src/qlpack.yml b/c/cert/src/qlpack.yml index b4be806864..9be69ce8e2 100644 --- a/c/cert/src/qlpack.yml +++ b/c/cert/src/qlpack.yml @@ -5,4 +5,4 @@ suites: codeql-suites license: MIT dependencies: codeql/common-c-coding-standards: '*' - codeql/cpp-all: 0.4.6 + codeql/cpp-all: 0.6.1 diff --git a/c/cert/src/rules/FIO32-C/DoNotPerformFileOperationsOnDevices.ql b/c/cert/src/rules/FIO32-C/DoNotPerformFileOperationsOnDevices.ql index 88cc11ef80..89e1f9e133 100644 --- a/c/cert/src/rules/FIO32-C/DoNotPerformFileOperationsOnDevices.ql +++ b/c/cert/src/rules/FIO32-C/DoNotPerformFileOperationsOnDevices.ql @@ -14,10 +14,10 @@ import cpp import codingstandards.c.cert import semmle.code.cpp.security.FunctionWithWrappers -import semmle.code.cpp.security.Security +import semmle.code.cpp.security.FlowSources import semmle.code.cpp.ir.IR import semmle.code.cpp.ir.dataflow.TaintTracking -import DataFlow::PathGraph +import TaintedPath::PathGraph // Query TaintedPath.ql from the CodeQL standard library /** @@ -46,22 +46,6 @@ class FileFunction extends FunctionWithWrappers { override predicate interestingArg(int arg) { arg = 0 } } -Expr asSourceExpr(DataFlow::Node node) { - result = node.asConvertedExpr() - or - result = node.asDefiningArgument() -} - -Expr asSinkExpr(DataFlow::Node node) { - result = - node.asOperand() - .(SideEffectOperand) - .getUse() - .(ReadSideEffectInstruction) - .getArgumentDef() - .getUnconvertedResultExpression() -} - /** * Holds for a variable that has any kind of upper-bound check anywhere in the program. * This is biased towards being inclusive and being a coarse overapproximation because @@ -85,20 +69,16 @@ predicate hasUpperBoundsCheck(Variable var) { ) } -class TaintedPathConfiguration extends TaintTracking::Configuration { - TaintedPathConfiguration() { this = "TaintedPathConfiguration" } - - override predicate isSource(DataFlow::Node node) { isUserInput(asSourceExpr(node), _) } +module TaintedPathConfiguration implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node instanceof FlowSource } - override predicate isSink(DataFlow::Node node) { + predicate isSink(DataFlow::Node node) { exists(FileFunction fileFunction | - fileFunction.outermostWrapperFunctionCall(asSinkExpr(node), _) + fileFunction.outermostWrapperFunctionCall(node.asIndirectArgument(), _) ) } - override predicate isSanitizerIn(DataFlow::Node node) { this.isSource(node) } - - override predicate isSanitizer(DataFlow::Node node) { + predicate isBarrier(DataFlow::Node node) { node.asExpr().(Call).getTarget().getUnspecifiedType() instanceof ArithmeticType or exists(LoadInstruction load, Variable checkedVar | @@ -107,32 +87,19 @@ class TaintedPathConfiguration extends TaintTracking::Configuration { hasUpperBoundsCheck(checkedVar) ) } - - predicate hasFilteredFlowPath(DataFlow::PathNode source, DataFlow::PathNode sink) { - this.hasFlowPath(source, sink) and - // The use of `isUserInput` in `isSink` in combination with `asSourceExpr` causes - // duplicate results. Filter these duplicates. The proper solution is to switch to - // using `LocalFlowSource` and `RemoteFlowSource`, but this currently only supports - // a subset of the cases supported by `isUserInput`. - not exists(DataFlow::PathNode source2 | - this.hasFlowPath(source2, sink) and - asSourceExpr(source.getNode()) = asSourceExpr(source2.getNode()) - | - not exists(source.getNode().asConvertedExpr()) and exists(source2.getNode().asConvertedExpr()) - ) - } } +module TaintedPath = TaintTracking::Make; + from - FileFunction fileFunction, Expr taintedArg, Expr taintSource, TaintedPathConfiguration cfg, - DataFlow::PathNode sourceNode, DataFlow::PathNode sinkNode, string taintCause, string callChain + FileFunction fileFunction, Expr taintedArg, FlowSource taintSource, + TaintedPath::PathNode sourceNode, TaintedPath::PathNode sinkNode, string callChain where not isExcluded(taintedArg, IO3Package::doNotPerformFileOperationsOnDevicesQuery()) and - taintedArg = asSinkExpr(sinkNode.getNode()) and + taintedArg = sinkNode.getNode().asIndirectArgument() and fileFunction.outermostWrapperFunctionCall(taintedArg, callChain) and - cfg.hasFilteredFlowPath(sourceNode, sinkNode) and - taintSource = asSourceExpr(sourceNode.getNode()) and - isUserInput(taintSource, taintCause) + TaintedPath::hasFlowPath(sourceNode, sinkNode) and + taintSource = sourceNode.getNode() select taintedArg, sourceNode, sinkNode, "This argument to a file access function is derived from $@ and then passed to " + callChain + ".", - taintSource, "user input (" + taintCause + ")" + taintSource, "user input (" + taintSource.getSourceType() + ")" diff --git a/c/cert/test/codeql-pack.lock.yml b/c/cert/test/codeql-pack.lock.yml index a7035a9f24..e7600d8458 100644 --- a/c/cert/test/codeql-pack.lock.yml +++ b/c/cert/test/codeql-pack.lock.yml @@ -2,7 +2,9 @@ lockVersion: 1.0.0 dependencies: codeql/cpp-all: - version: 0.4.6 + version: 0.6.1 codeql/ssa: + version: 0.0.14 + codeql/tutorial: version: 0.0.7 compiled: false diff --git a/c/cert/test/rules/FIO32-C/DoNotPerformFileOperationsOnDevices.expected b/c/cert/test/rules/FIO32-C/DoNotPerformFileOperationsOnDevices.expected index b4f07d6ca8..06bf56cf8a 100644 --- a/c/cert/test/rules/FIO32-C/DoNotPerformFileOperationsOnDevices.expected +++ b/c/cert/test/rules/FIO32-C/DoNotPerformFileOperationsOnDevices.expected @@ -1,16 +1,12 @@ edges -| test.c:20:15:20:23 | file_name | test.c:21:8:21:16 | file_name indirection | | test.c:20:15:20:23 | scanf output argument | test.c:21:8:21:16 | file_name indirection | -| test.c:45:15:45:23 | file_name | test.c:46:29:46:37 | file_name indirection | | test.c:45:15:45:23 | scanf output argument | test.c:46:29:46:37 | file_name indirection | nodes -| test.c:20:15:20:23 | file_name | semmle.label | file_name | | test.c:20:15:20:23 | scanf output argument | semmle.label | scanf output argument | | test.c:21:8:21:16 | file_name indirection | semmle.label | file_name indirection | -| test.c:45:15:45:23 | file_name | semmle.label | file_name | | test.c:45:15:45:23 | scanf output argument | semmle.label | scanf output argument | | test.c:46:29:46:37 | file_name indirection | semmle.label | file_name indirection | subpaths #select -| test.c:21:8:21:16 | file_name | test.c:20:15:20:23 | file_name | test.c:21:8:21:16 | file_name indirection | This argument to a file access function is derived from $@ and then passed to func(file_name), which calls fopen((unnamed parameter 0)). | test.c:20:15:20:23 | file_name | user input (scanf) | -| test.c:46:29:46:37 | file_name | test.c:45:15:45:23 | file_name | test.c:46:29:46:37 | file_name indirection | This argument to a file access function is derived from $@ and then passed to CreateFile(lpFileName). | test.c:45:15:45:23 | file_name | user input (scanf) | +| test.c:21:8:21:16 | file_name | test.c:20:15:20:23 | scanf output argument | test.c:21:8:21:16 | file_name indirection | This argument to a file access function is derived from $@ and then passed to func(file_name), which calls fopen((unnamed parameter 0)). | test.c:20:15:20:23 | scanf output argument | user input (value read by scanf) | +| test.c:46:29:46:37 | file_name | test.c:45:15:45:23 | scanf output argument | test.c:46:29:46:37 | file_name indirection | This argument to a file access function is derived from $@ and then passed to CreateFile(lpFileName). | test.c:45:15:45:23 | scanf output argument | user input (value read by scanf) | diff --git a/c/common/src/codeql-pack.lock.yml b/c/common/src/codeql-pack.lock.yml index a7035a9f24..e7600d8458 100644 --- a/c/common/src/codeql-pack.lock.yml +++ b/c/common/src/codeql-pack.lock.yml @@ -2,7 +2,9 @@ lockVersion: 1.0.0 dependencies: codeql/cpp-all: - version: 0.4.6 + version: 0.6.1 codeql/ssa: + version: 0.0.14 + codeql/tutorial: version: 0.0.7 compiled: false diff --git a/c/common/src/codingstandards/c/OutOfBounds.qll b/c/common/src/codingstandards/c/OutOfBounds.qll index 33f1e9cd39..044528d798 100644 --- a/c/common/src/codingstandards/c/OutOfBounds.qll +++ b/c/common/src/codingstandards/c/OutOfBounds.qll @@ -712,7 +712,8 @@ module OOB { } private class DynamicAllocationSource extends PointerToObjectSource instanceof AllocationExpr, - FunctionCall { + FunctionCall + { DynamicAllocationSource() { // exclude OperatorNewAllocationFunction to only deal with raw malloc-style calls, // which do not apply a multiple to the size of the allocation passed to them. @@ -905,7 +906,8 @@ module OOB { override predicate isNotNullTerminated() { none() } } - private class PointerToObjectSourceOrSizeToBufferAccessFunctionConfig extends DataFlow::Configuration { + private class PointerToObjectSourceOrSizeToBufferAccessFunctionConfig extends DataFlow::Configuration + { PointerToObjectSourceOrSizeToBufferAccessFunctionConfig() { this = "PointerToObjectSourceOrSizeToBufferAccessFunctionConfig" } diff --git a/c/common/src/qlpack.yml b/c/common/src/qlpack.yml index ebb3ecb774..8884f0e49b 100644 --- a/c/common/src/qlpack.yml +++ b/c/common/src/qlpack.yml @@ -3,4 +3,4 @@ version: 2.22.0-dev license: MIT dependencies: codeql/common-cpp-coding-standards: '*' - codeql/cpp-all: 0.4.6 + codeql/cpp-all: 0.6.1 diff --git a/c/common/test/codeql-pack.lock.yml b/c/common/test/codeql-pack.lock.yml index a7035a9f24..e7600d8458 100644 --- a/c/common/test/codeql-pack.lock.yml +++ b/c/common/test/codeql-pack.lock.yml @@ -2,7 +2,9 @@ lockVersion: 1.0.0 dependencies: codeql/cpp-all: - version: 0.4.6 + version: 0.6.1 codeql/ssa: + version: 0.0.14 + codeql/tutorial: version: 0.0.7 compiled: false diff --git a/c/misra/src/codeql-pack.lock.yml b/c/misra/src/codeql-pack.lock.yml index a7035a9f24..e7600d8458 100644 --- a/c/misra/src/codeql-pack.lock.yml +++ b/c/misra/src/codeql-pack.lock.yml @@ -2,7 +2,9 @@ lockVersion: 1.0.0 dependencies: codeql/cpp-all: - version: 0.4.6 + version: 0.6.1 codeql/ssa: + version: 0.0.14 + codeql/tutorial: version: 0.0.7 compiled: false diff --git a/c/misra/src/codeql-suites/misra-default.qls b/c/misra/src/codeql-suites/misra-default.qls index 343379a2b3..473232e741 100644 --- a/c/misra/src/codeql-suites/misra-default.qls +++ b/c/misra/src/codeql-suites/misra-default.qls @@ -7,4 +7,4 @@ - exclude: tags contain: - external/misra/audit - - external/misra/default-disabled + - external/misra/default-disabled \ No newline at end of file diff --git a/c/misra/src/qlpack.yml b/c/misra/src/qlpack.yml index fc535f7d68..e0e18d5ca5 100644 --- a/c/misra/src/qlpack.yml +++ b/c/misra/src/qlpack.yml @@ -5,4 +5,4 @@ suites: codeql-suites license: MIT dependencies: codeql/common-c-coding-standards: '*' - codeql/cpp-all: 0.4.6 + codeql/cpp-all: 0.6.1 diff --git a/c/misra/test/codeql-pack.lock.yml b/c/misra/test/codeql-pack.lock.yml index a7035a9f24..e7600d8458 100644 --- a/c/misra/test/codeql-pack.lock.yml +++ b/c/misra/test/codeql-pack.lock.yml @@ -2,7 +2,9 @@ lockVersion: 1.0.0 dependencies: codeql/cpp-all: - version: 0.4.6 + version: 0.6.1 codeql/ssa: + version: 0.0.14 + codeql/tutorial: version: 0.0.7 compiled: false diff --git a/change_notes/2022-03-16-update-for-dataflow-changes.md b/change_notes/2022-03-16-update-for-dataflow-changes.md new file mode 100644 index 0000000000..af0aaed7ca --- /dev/null +++ b/change_notes/2022-03-16-update-for-dataflow-changes.md @@ -0,0 +1,2 @@ + - `FIO32-C` - `DoNotPerformFileOperationsOnDevices.ql`: + - The query was updated to work with the latest version of the dataflow library. diff --git a/change_notes/2023-08-16-update-to-2.12.7.md b/change_notes/2023-08-16-update-to-2.12.7.md new file mode 100644 index 0000000000..b56574638a --- /dev/null +++ b/change_notes/2023-08-16-update-to-2.12.7.md @@ -0,0 +1 @@ + - Updated the supported CodeQL version to `2.12.7`. \ No newline at end of file diff --git a/change_notes/2023-08-30-a15-2-2-no-zero-paths.md b/change_notes/2023-08-30-a15-2-2-no-zero-paths.md new file mode 100644 index 0000000000..aef91c3d3b --- /dev/null +++ b/change_notes/2023-08-30-a15-2-2-no-zero-paths.md @@ -0,0 +1 @@ + - `A15-2-2` - all results now include an associated exception flow path to avoid a CodeQL CLI bug in 2.12.7. This includes results where an exception is thrown directly in the constructor. \ No newline at end of file diff --git a/cpp/autosar/src/codeql-pack.lock.yml b/cpp/autosar/src/codeql-pack.lock.yml index a7035a9f24..e7600d8458 100644 --- a/cpp/autosar/src/codeql-pack.lock.yml +++ b/cpp/autosar/src/codeql-pack.lock.yml @@ -2,7 +2,9 @@ lockVersion: 1.0.0 dependencies: codeql/cpp-all: - version: 0.4.6 + version: 0.6.1 codeql/ssa: + version: 0.0.14 + codeql/tutorial: version: 0.0.7 compiled: false diff --git a/cpp/autosar/src/codeql-suites/autosar-advisory.qls b/cpp/autosar/src/codeql-suites/autosar-advisory.qls index 0de273308e..ff5a0e3358 100644 --- a/cpp/autosar/src/codeql-suites/autosar-advisory.qls +++ b/cpp/autosar/src/codeql-suites/autosar-advisory.qls @@ -8,4 +8,4 @@ - external/autosar/obligation/advisory - exclude: tags contain: - - external/autosar/audit + - external/autosar/audit \ No newline at end of file diff --git a/cpp/autosar/src/codeql-suites/autosar-audit.qls b/cpp/autosar/src/codeql-suites/autosar-audit.qls index 7ee6d12207..dec5f4f160 100644 --- a/cpp/autosar/src/codeql-suites/autosar-audit.qls +++ b/cpp/autosar/src/codeql-suites/autosar-audit.qls @@ -5,4 +5,4 @@ - problem - path-problem tags contain: - - external/autosar/audit + - external/autosar/audit \ No newline at end of file diff --git a/cpp/autosar/src/codeql-suites/autosar-default.qls b/cpp/autosar/src/codeql-suites/autosar-default.qls index 7cd2054bbf..5d45fa2774 100644 --- a/cpp/autosar/src/codeql-suites/autosar-default.qls +++ b/cpp/autosar/src/codeql-suites/autosar-default.qls @@ -7,4 +7,4 @@ - exclude: tags contain: - external/autosar/audit - - external/autosar/default-disabled + - external/autosar/default-disabled \ No newline at end of file diff --git a/cpp/autosar/src/codeql-suites/autosar-required.qls b/cpp/autosar/src/codeql-suites/autosar-required.qls index b7a6a8b872..7c92e36dee 100644 --- a/cpp/autosar/src/codeql-suites/autosar-required.qls +++ b/cpp/autosar/src/codeql-suites/autosar-required.qls @@ -8,4 +8,4 @@ - external/autosar/obligation/required - exclude: tags contain: - - external/autosar/audit + - external/autosar/audit \ No newline at end of file diff --git a/cpp/autosar/src/codeql-suites/autosar-single-translation-unit.qls b/cpp/autosar/src/codeql-suites/autosar-single-translation-unit.qls index 2ba8424b27..cf5434c2d8 100644 --- a/cpp/autosar/src/codeql-suites/autosar-single-translation-unit.qls +++ b/cpp/autosar/src/codeql-suites/autosar-single-translation-unit.qls @@ -9,4 +9,4 @@ - exclude: tags contain: - external/autosar/audit - - external/autosar/default-disabled + - external/autosar/default-disabled \ No newline at end of file diff --git a/cpp/autosar/src/qlpack.yml b/cpp/autosar/src/qlpack.yml index 52c576967d..2cf0f667af 100644 --- a/cpp/autosar/src/qlpack.yml +++ b/cpp/autosar/src/qlpack.yml @@ -5,4 +5,4 @@ suites: codeql-suites license: MIT dependencies: codeql/common-cpp-coding-standards: '*' - codeql/cpp-all: 0.4.6 + codeql/cpp-all: 0.6.1 diff --git a/cpp/autosar/src/rules/A15-2-2/ConstructorErrorLeavesObjectInInvalidState.ql b/cpp/autosar/src/rules/A15-2-2/ConstructorErrorLeavesObjectInInvalidState.ql index 47a4e86c19..1b3a3cfed2 100644 --- a/cpp/autosar/src/rules/A15-2-2/ConstructorErrorLeavesObjectInInvalidState.ql +++ b/cpp/autosar/src/rules/A15-2-2/ConstructorErrorLeavesObjectInInvalidState.ql @@ -53,10 +53,13 @@ class NewWrapperFunction extends Function { /** An expression on which `delete` is called, directly or indirectly. */ class DeletedExpr extends Expr { + pragma[noinline, nomagic] DeletedExpr() { - this = any(DeleteExpr deleteExpr).getExpr() or + this = any(DeleteExpr deleteExpr).getExpr() + or exists(DeleteWrapperFunction dwf, FunctionCall call | - this = call.getArgument(dwf.getADeleteParameter().getIndex()) + this = call.getArgument(dwf.getADeleteParameter().getIndex()) and + call.getTarget() = dwf ) } } @@ -75,6 +78,14 @@ class DeleteWrapperFunction extends Function { Parameter getADeleteParameter() { result = p } } +class ExceptionThrowingConstructor extends ExceptionThrowingFunction, Constructor { + ExceptionThrowingConstructor() { + exists(getAFunctionThrownType(this, _)) and + // The constructor is within the users source code + exists(getFile().getRelativePath()) + } +} + class ExceptionThrownInConstructor extends ExceptionThrowingExpr { Constructor c; @@ -87,24 +98,20 @@ class ExceptionThrownInConstructor extends ExceptionThrowingExpr { Constructor getConstructor() { result = c } } -/** - * Add the `nodes` predicate to ensure results with an empty path are still reported. - */ -query predicate nodes(ExceptionFlowNode node) { any() } - from - Constructor c, ExceptionThrownInConstructor throwingExpr, NewAllocationExpr newExpr, - ExceptionFlowNode exceptionSource, ExceptionFlowNode functionNode + ExceptionThrowingConstructor c, ExceptionThrownInConstructor throwingExpr, + NewAllocationExpr newExpr, ExceptionFlowNode exceptionSource, + ExceptionFlowNode throwingExprFlowNode, ExceptionFlowNode reportingNode where not isExcluded(c, Exceptions2Package::constructorErrorLeavesObjectInInvalidStateQuery()) and not isNoExceptTrue(c) and // Constructor must exit with an exception c = throwingExpr.getConstructor() and - throwingExpr.hasExceptionFlowReflexive(exceptionSource, functionNode, _) and + throwingExpr.hasExceptionFlowReflexive(exceptionSource, throwingExprFlowNode, _) and exists(ExceptionFlowNode mid | edges*(exceptionSource, mid) and newExpr.getASuccessor+() = mid.asThrowingExpr() and - edges*(mid, functionNode) and + edges*(mid, throwingExprFlowNode) and not exists(ExceptionFlowNode prior | edges(prior, mid) | prior.asCatchBlock().getEnclosingFunction() = c ) @@ -123,7 +130,16 @@ where DataFlow::localFlow(DataFlow::exprNode(newExpr), DataFlow::exprNode(deletedExpr)) and newExpr.getASuccessor+() = deletedExpr and deletedExpr.getASuccessor+() = throwingExpr - ) -select c, exceptionSource, functionNode, "Constructor throws $@ and allocates memory at $@", + ) and + // In CodeQL CLI 2.12.7 there is a bug which causes an infinite loop during results interpretation + // when a result includes more than maxPaths paths and also includes a path with no edges i.e. + // where the source and sink node are the same. + // To avoid this edge case, if we report a path where the source and sink are the same (i.e the + // throwingExpr directly throws an exception), we adjust the sink node to report the constructor, + // which creates a one step path from the throwingExprFlowNode to the constructor node. + if throwingExprFlowNode = exceptionSource + then reportingNode.asFunction() = c and edges(throwingExprFlowNode, reportingNode) + else reportingNode = throwingExprFlowNode +select c, exceptionSource, reportingNode, "Constructor throws $@ and allocates memory at $@", throwingExpr, throwingExpr.(ThrowingExpr).getAnExceptionType().getExceptionName(), newExpr, "alloc" diff --git a/cpp/autosar/test/codeql-pack.lock.yml b/cpp/autosar/test/codeql-pack.lock.yml index a7035a9f24..e7600d8458 100644 --- a/cpp/autosar/test/codeql-pack.lock.yml +++ b/cpp/autosar/test/codeql-pack.lock.yml @@ -2,7 +2,9 @@ lockVersion: 1.0.0 dependencies: codeql/cpp-all: - version: 0.4.6 + version: 0.6.1 codeql/ssa: + version: 0.0.14 + codeql/tutorial: version: 0.0.7 compiled: false diff --git a/cpp/autosar/test/rules/A15-2-2/ConstructorErrorLeavesObjectInInvalidState.expected b/cpp/autosar/test/rules/A15-2-2/ConstructorErrorLeavesObjectInInvalidState.expected index b077cc93bb..941771dada 100644 --- a/cpp/autosar/test/rules/A15-2-2/ConstructorErrorLeavesObjectInInvalidState.expected +++ b/cpp/autosar/test/rules/A15-2-2/ConstructorErrorLeavesObjectInInvalidState.expected @@ -3,60 +3,40 @@ edges | test.cpp:13:7:13:28 | throw ... [exception] | test.cpp:14:33:16:5 | { ... } [exception] | | test.cpp:14:33:16:5 | { ... } [bad_alloc] | test.cpp:15:7:15:11 | re-throw exception [bad_alloc] | | test.cpp:14:33:16:5 | { ... } [exception] | test.cpp:15:7:15:11 | re-throw exception [exception] | +| test.cpp:15:7:15:11 | re-throw exception [bad_alloc] | test.cpp:9:3:9:8 | ClassA [bad_alloc] | +| test.cpp:15:7:15:11 | re-throw exception [exception] | test.cpp:9:3:9:8 | ClassA [exception] | | test.cpp:25:16:25:27 | new [bad_alloc] | test.cpp:27:33:30:5 | { ... } [bad_alloc] | | test.cpp:26:7:26:28 | throw ... [exception] | test.cpp:27:33:30:5 | { ... } [exception] | | test.cpp:27:33:30:5 | { ... } [bad_alloc] | test.cpp:29:7:29:11 | re-throw exception [bad_alloc] | | test.cpp:27:33:30:5 | { ... } [exception] | test.cpp:29:7:29:11 | re-throw exception [exception] | +| test.cpp:29:7:29:11 | re-throw exception [bad_alloc] | test.cpp:23:3:23:8 | ClassB [bad_alloc] | +| test.cpp:29:7:29:11 | re-throw exception [exception] | test.cpp:23:3:23:8 | ClassB [exception] | | test.cpp:44:16:44:27 | call to CreateMember [bad_alloc] | test.cpp:46:33:48:5 | { ... } [bad_alloc] | | test.cpp:45:7:45:28 | throw ... [exception] | test.cpp:46:33:48:5 | { ... } [exception] | | test.cpp:46:33:48:5 | { ... } [bad_alloc] | test.cpp:47:7:47:11 | re-throw exception [bad_alloc] | | test.cpp:46:33:48:5 | { ... } [exception] | test.cpp:47:7:47:11 | re-throw exception [exception] | +| test.cpp:47:7:47:11 | re-throw exception [bad_alloc] | test.cpp:41:3:41:8 | ClassC [bad_alloc] | +| test.cpp:47:7:47:11 | re-throw exception [exception] | test.cpp:41:3:41:8 | ClassC [exception] | | test.cpp:58:16:58:27 | call to CreateMember [bad_alloc] | test.cpp:60:33:63:5 | { ... } [bad_alloc] | | test.cpp:59:7:59:28 | throw ... [exception] | test.cpp:60:33:63:5 | { ... } [exception] | | test.cpp:60:33:63:5 | { ... } [bad_alloc] | test.cpp:62:7:62:11 | re-throw exception [bad_alloc] | | test.cpp:60:33:63:5 | { ... } [exception] | test.cpp:62:7:62:11 | re-throw exception [exception] | +| test.cpp:62:7:62:11 | re-throw exception [bad_alloc] | test.cpp:55:3:55:8 | ClassD [bad_alloc] | +| test.cpp:62:7:62:11 | re-throw exception [exception] | test.cpp:55:3:55:8 | ClassD [exception] | +| test.cpp:77:11:77:20 | new [bad_alloc] | test.cpp:75:3:75:8 | ClassE [bad_alloc] | +| test.cpp:78:11:78:20 | new [bad_alloc] | test.cpp:75:3:75:8 | ClassE [bad_alloc] | | test.cpp:80:13:80:22 | new [bad_alloc] | test.cpp:82:33:86:5 | { ... } [bad_alloc] | | test.cpp:81:13:81:22 | new [bad_alloc] | test.cpp:82:33:86:5 | { ... } [bad_alloc] | | test.cpp:82:33:86:5 | { ... } [bad_alloc] | test.cpp:85:7:85:11 | re-throw exception [bad_alloc] | -nodes -| test.cpp:12:16:12:27 | new [bad_alloc] | -| test.cpp:13:7:13:28 | throw ... [exception] | -| test.cpp:14:33:16:5 | { ... } [bad_alloc] | -| test.cpp:14:33:16:5 | { ... } [exception] | -| test.cpp:15:7:15:11 | re-throw exception [bad_alloc] | -| test.cpp:15:7:15:11 | re-throw exception [exception] | -| test.cpp:25:16:25:27 | new [bad_alloc] | -| test.cpp:26:7:26:28 | throw ... [exception] | -| test.cpp:27:33:30:5 | { ... } [bad_alloc] | -| test.cpp:27:33:30:5 | { ... } [exception] | -| test.cpp:29:7:29:11 | re-throw exception [bad_alloc] | -| test.cpp:29:7:29:11 | re-throw exception [exception] | -| test.cpp:44:16:44:27 | call to CreateMember [bad_alloc] | -| test.cpp:45:7:45:28 | throw ... [exception] | -| test.cpp:46:33:48:5 | { ... } [bad_alloc] | -| test.cpp:46:33:48:5 | { ... } [exception] | -| test.cpp:47:7:47:11 | re-throw exception [bad_alloc] | -| test.cpp:47:7:47:11 | re-throw exception [exception] | -| test.cpp:58:16:58:27 | call to CreateMember [bad_alloc] | -| test.cpp:59:7:59:28 | throw ... [exception] | -| test.cpp:60:33:63:5 | { ... } [bad_alloc] | -| test.cpp:60:33:63:5 | { ... } [exception] | -| test.cpp:62:7:62:11 | re-throw exception [bad_alloc] | -| test.cpp:62:7:62:11 | re-throw exception [exception] | -| test.cpp:77:11:77:20 | new [bad_alloc] | -| test.cpp:78:11:78:20 | new [bad_alloc] | -| test.cpp:80:13:80:22 | new [bad_alloc] | -| test.cpp:81:13:81:22 | new [bad_alloc] | -| test.cpp:82:33:86:5 | { ... } [bad_alloc] | -| test.cpp:85:7:85:11 | re-throw exception [bad_alloc] | -| test.cpp:87:11:87:20 | new [bad_alloc] | +| test.cpp:85:7:85:11 | re-throw exception [bad_alloc] | test.cpp:75:3:75:8 | ClassE [bad_alloc] | +| test.cpp:87:11:87:20 | new [bad_alloc] | test.cpp:75:3:75:8 | ClassE [bad_alloc] | #select | test.cpp:9:3:9:8 | ClassA | test.cpp:13:7:13:28 | throw ... [exception] | test.cpp:15:7:15:11 | re-throw exception [exception] | Constructor throws $@ and allocates memory at $@ | test.cpp:15:7:15:11 | re-throw exception | std::bad_alloc | test.cpp:12:16:12:27 | new | alloc | | test.cpp:9:3:9:8 | ClassA | test.cpp:13:7:13:28 | throw ... [exception] | test.cpp:15:7:15:11 | re-throw exception [exception] | Constructor throws $@ and allocates memory at $@ | test.cpp:15:7:15:11 | re-throw exception | std::exception | test.cpp:12:16:12:27 | new | alloc | | test.cpp:41:3:41:8 | ClassC | test.cpp:45:7:45:28 | throw ... [exception] | test.cpp:47:7:47:11 | re-throw exception [exception] | Constructor throws $@ and allocates memory at $@ | test.cpp:47:7:47:11 | re-throw exception | std::bad_alloc | test.cpp:44:16:44:27 | call to CreateMember | alloc | | test.cpp:41:3:41:8 | ClassC | test.cpp:45:7:45:28 | throw ... [exception] | test.cpp:47:7:47:11 | re-throw exception [exception] | Constructor throws $@ and allocates memory at $@ | test.cpp:47:7:47:11 | re-throw exception | std::exception | test.cpp:44:16:44:27 | call to CreateMember | alloc | -| test.cpp:75:3:75:8 | ClassE | test.cpp:78:11:78:20 | new [bad_alloc] | test.cpp:78:11:78:20 | new [bad_alloc] | Constructor throws $@ and allocates memory at $@ | test.cpp:78:11:78:20 | new | std::bad_alloc | test.cpp:77:11:77:20 | new | alloc | -| test.cpp:75:3:75:8 | ClassE | test.cpp:87:11:87:20 | new [bad_alloc] | test.cpp:87:11:87:20 | new [bad_alloc] | Constructor throws $@ and allocates memory at $@ | test.cpp:87:11:87:20 | new | std::bad_alloc | test.cpp:77:11:77:20 | new | alloc | -| test.cpp:75:3:75:8 | ClassE | test.cpp:87:11:87:20 | new [bad_alloc] | test.cpp:87:11:87:20 | new [bad_alloc] | Constructor throws $@ and allocates memory at $@ | test.cpp:87:11:87:20 | new | std::bad_alloc | test.cpp:78:11:78:20 | new | alloc | -| test.cpp:75:3:75:8 | ClassE | test.cpp:87:11:87:20 | new [bad_alloc] | test.cpp:87:11:87:20 | new [bad_alloc] | Constructor throws $@ and allocates memory at $@ | test.cpp:87:11:87:20 | new | std::bad_alloc | test.cpp:80:13:80:22 | new | alloc | -| test.cpp:75:3:75:8 | ClassE | test.cpp:87:11:87:20 | new [bad_alloc] | test.cpp:87:11:87:20 | new [bad_alloc] | Constructor throws $@ and allocates memory at $@ | test.cpp:87:11:87:20 | new | std::bad_alloc | test.cpp:81:13:81:22 | new | alloc | +| test.cpp:75:3:75:8 | ClassE | test.cpp:78:11:78:20 | new [bad_alloc] | test.cpp:75:3:75:8 | ClassE [bad_alloc] | Constructor throws $@ and allocates memory at $@ | test.cpp:78:11:78:20 | new | std::bad_alloc | test.cpp:77:11:77:20 | new | alloc | +| test.cpp:75:3:75:8 | ClassE | test.cpp:87:11:87:20 | new [bad_alloc] | test.cpp:75:3:75:8 | ClassE [bad_alloc] | Constructor throws $@ and allocates memory at $@ | test.cpp:87:11:87:20 | new | std::bad_alloc | test.cpp:77:11:77:20 | new | alloc | +| test.cpp:75:3:75:8 | ClassE | test.cpp:87:11:87:20 | new [bad_alloc] | test.cpp:75:3:75:8 | ClassE [bad_alloc] | Constructor throws $@ and allocates memory at $@ | test.cpp:87:11:87:20 | new | std::bad_alloc | test.cpp:78:11:78:20 | new | alloc | +| test.cpp:75:3:75:8 | ClassE | test.cpp:87:11:87:20 | new [bad_alloc] | test.cpp:75:3:75:8 | ClassE [bad_alloc] | Constructor throws $@ and allocates memory at $@ | test.cpp:87:11:87:20 | new | std::bad_alloc | test.cpp:80:13:80:22 | new | alloc | +| test.cpp:75:3:75:8 | ClassE | test.cpp:87:11:87:20 | new [bad_alloc] | test.cpp:75:3:75:8 | ClassE [bad_alloc] | Constructor throws $@ and allocates memory at $@ | test.cpp:87:11:87:20 | new | std::bad_alloc | test.cpp:81:13:81:22 | new | alloc | diff --git a/cpp/cert/src/codeql-pack.lock.yml b/cpp/cert/src/codeql-pack.lock.yml index a7035a9f24..e7600d8458 100644 --- a/cpp/cert/src/codeql-pack.lock.yml +++ b/cpp/cert/src/codeql-pack.lock.yml @@ -2,7 +2,9 @@ lockVersion: 1.0.0 dependencies: codeql/cpp-all: - version: 0.4.6 + version: 0.6.1 codeql/ssa: + version: 0.0.14 + codeql/tutorial: version: 0.0.7 compiled: false diff --git a/cpp/cert/src/codeql-suites/cert-default.qls b/cpp/cert/src/codeql-suites/cert-default.qls index e9211246b1..a003e05ed2 100644 --- a/cpp/cert/src/codeql-suites/cert-default.qls +++ b/cpp/cert/src/codeql-suites/cert-default.qls @@ -6,4 +6,4 @@ - path-problem - exclude: tags contain: - - external/cert/default-disabled + - external/cert/default-disabled \ No newline at end of file diff --git a/cpp/cert/src/codeql-suites/cert-single-translation-unit.qls b/cpp/cert/src/codeql-suites/cert-single-translation-unit.qls index 2f09815e0d..0d3f99cbf0 100644 --- a/cpp/cert/src/codeql-suites/cert-single-translation-unit.qls +++ b/cpp/cert/src/codeql-suites/cert-single-translation-unit.qls @@ -8,4 +8,4 @@ - scope/single-translation-unit - exclude: tags contain: - - external/cert/default-disabled + - external/cert/default-disabled \ No newline at end of file diff --git a/cpp/cert/src/qlpack.yml b/cpp/cert/src/qlpack.yml index 43fbde70fe..2fab182a3b 100644 --- a/cpp/cert/src/qlpack.yml +++ b/cpp/cert/src/qlpack.yml @@ -4,5 +4,5 @@ description: CERT C++ 2016 suites: codeql-suites license: MIT dependencies: - codeql/cpp-all: 0.4.6 + codeql/cpp-all: 0.6.1 codeql/common-cpp-coding-standards: '*' diff --git a/cpp/cert/test/codeql-pack.lock.yml b/cpp/cert/test/codeql-pack.lock.yml index a7035a9f24..e7600d8458 100644 --- a/cpp/cert/test/codeql-pack.lock.yml +++ b/cpp/cert/test/codeql-pack.lock.yml @@ -2,7 +2,9 @@ lockVersion: 1.0.0 dependencies: codeql/cpp-all: - version: 0.4.6 + version: 0.6.1 codeql/ssa: + version: 0.0.14 + codeql/tutorial: version: 0.0.7 compiled: false diff --git a/cpp/common/src/codeql-pack.lock.yml b/cpp/common/src/codeql-pack.lock.yml index a7035a9f24..e7600d8458 100644 --- a/cpp/common/src/codeql-pack.lock.yml +++ b/cpp/common/src/codeql-pack.lock.yml @@ -2,7 +2,9 @@ lockVersion: 1.0.0 dependencies: codeql/cpp-all: - version: 0.4.6 + version: 0.6.1 codeql/ssa: + version: 0.0.14 + codeql/tutorial: version: 0.0.7 compiled: false diff --git a/cpp/common/src/codingstandards/cpp/exceptions/SpecialFunctionExceptions.qll b/cpp/common/src/codingstandards/cpp/exceptions/SpecialFunctionExceptions.qll index 07a6fa32cb..c24cfee66d 100644 --- a/cpp/common/src/codingstandards/cpp/exceptions/SpecialFunctionExceptions.qll +++ b/cpp/common/src/codingstandards/cpp/exceptions/SpecialFunctionExceptions.qll @@ -36,7 +36,8 @@ class SpecialFunction extends Function { } /** A special function which throws an exception. */ -abstract class SpecialExceptionThrowingFunction extends ExceptionPathGraph::ExceptionThrowingFunction { +abstract class SpecialExceptionThrowingFunction extends ExceptionPathGraph::ExceptionThrowingFunction +{ SpecialExceptionThrowingFunction() { exists(getAFunctionThrownType(this, _)) } /** Gets a description for this exception throwing. */ diff --git a/cpp/common/src/codingstandards/cpp/sideeffect/DefaultEffects.qll b/cpp/common/src/codingstandards/cpp/sideeffect/DefaultEffects.qll index bb3fb7fad7..3302864e9c 100644 --- a/cpp/common/src/codingstandards/cpp/sideeffect/DefaultEffects.qll +++ b/cpp/common/src/codingstandards/cpp/sideeffect/DefaultEffects.qll @@ -16,7 +16,8 @@ private class ResourceReleaseCall extends ExternalSideEffect::Range { } private class DirectStaticStorageDurationVariableModification extends VariableEffect, - GlobalSideEffect::Range { + GlobalSideEffect::Range +{ DirectStaticStorageDurationVariableModification() { this.getTarget() instanceof StaticStorageDurationVariable } diff --git a/cpp/common/src/codingstandards/cpp/standardlibrary/Random.qll b/cpp/common/src/codingstandards/cpp/standardlibrary/Random.qll index 9fc23cfb5a..5bcdf3a739 100644 --- a/cpp/common/src/codingstandards/cpp/standardlibrary/Random.qll +++ b/cpp/common/src/codingstandards/cpp/standardlibrary/Random.qll @@ -54,7 +54,8 @@ class RandomNumberEngineCreation extends TRandomNumberEngineCreation { * A `ConstructorCall` which targets a `RandomNumberEngine`. */ class RandomNumberEngineConstructorCall extends TRandomNumberEngineConstructorCall, - RandomNumberEngineCreation { + RandomNumberEngineCreation +{ ConstructorCall getConstructorCall() { this = TRandomNumberEngineConstructorCall(result) } override Element getExclusionElement() { result = getConstructorCall() } @@ -82,7 +83,8 @@ class RandomNumberEngineConstructorCall extends TRandomNumberEngineConstructorCa * This is because no `ConstructorCall`s are generated in this case. */ class RandomNumberEngineMemberVariableDefaultInit extends TRandomNumberEngineMemberVariableDefaultInit, - RandomNumberEngineCreation { + RandomNumberEngineCreation +{ MemberVariable getMemberVariable() { this = TRandomNumberEngineMemberVariableDefaultInit(result, _) } diff --git a/cpp/common/src/qlpack.yml b/cpp/common/src/qlpack.yml index 496ed5c7e2..db17908c4c 100644 --- a/cpp/common/src/qlpack.yml +++ b/cpp/common/src/qlpack.yml @@ -2,4 +2,4 @@ name: codeql/common-cpp-coding-standards version: 2.22.0-dev license: MIT dependencies: - codeql/cpp-all: 0.4.6 \ No newline at end of file + codeql/cpp-all: 0.6.1 diff --git a/cpp/common/test/codeql-pack.lock.yml b/cpp/common/test/codeql-pack.lock.yml index a7035a9f24..e7600d8458 100644 --- a/cpp/common/test/codeql-pack.lock.yml +++ b/cpp/common/test/codeql-pack.lock.yml @@ -2,7 +2,9 @@ lockVersion: 1.0.0 dependencies: codeql/cpp-all: - version: 0.4.6 + version: 0.6.1 codeql/ssa: + version: 0.0.14 + codeql/tutorial: version: 0.0.7 compiled: false diff --git a/cpp/misra/src/codeql-pack.lock.yml b/cpp/misra/src/codeql-pack.lock.yml index a7035a9f24..e7600d8458 100644 --- a/cpp/misra/src/codeql-pack.lock.yml +++ b/cpp/misra/src/codeql-pack.lock.yml @@ -2,7 +2,9 @@ lockVersion: 1.0.0 dependencies: codeql/cpp-all: - version: 0.4.6 + version: 0.6.1 codeql/ssa: + version: 0.0.14 + codeql/tutorial: version: 0.0.7 compiled: false diff --git a/cpp/misra/src/qlpack.yml b/cpp/misra/src/qlpack.yml index d4e3edb901..07070afe53 100644 --- a/cpp/misra/src/qlpack.yml +++ b/cpp/misra/src/qlpack.yml @@ -5,4 +5,4 @@ suites: codeql-suites license: MIT dependencies: codeql/common-cpp-coding-standards: '*' - codeql/cpp-all: 0.4.6 + codeql/cpp-all: 0.6.1 diff --git a/cpp/misra/test/codeql-pack.lock.yml b/cpp/misra/test/codeql-pack.lock.yml index a7035a9f24..e7600d8458 100644 --- a/cpp/misra/test/codeql-pack.lock.yml +++ b/cpp/misra/test/codeql-pack.lock.yml @@ -2,7 +2,9 @@ lockVersion: 1.0.0 dependencies: codeql/cpp-all: - version: 0.4.6 + version: 0.6.1 codeql/ssa: + version: 0.0.14 + codeql/tutorial: version: 0.0.7 compiled: false diff --git a/cpp/report/src/codeql-pack.lock.yml b/cpp/report/src/codeql-pack.lock.yml index a7035a9f24..e7600d8458 100644 --- a/cpp/report/src/codeql-pack.lock.yml +++ b/cpp/report/src/codeql-pack.lock.yml @@ -2,7 +2,9 @@ lockVersion: 1.0.0 dependencies: codeql/cpp-all: - version: 0.4.6 + version: 0.6.1 codeql/ssa: + version: 0.0.14 + codeql/tutorial: version: 0.0.7 compiled: false diff --git a/cpp/report/src/qlpack.yml b/cpp/report/src/qlpack.yml index e56e87a29f..2329bac4a1 100644 --- a/cpp/report/src/qlpack.yml +++ b/cpp/report/src/qlpack.yml @@ -2,4 +2,4 @@ name: codeql/report-cpp-coding-standards version: 2.22.0-dev license: MIT dependencies: - codeql/cpp-all: 0.4.6 + codeql/cpp-all: 0.6.1 diff --git a/scripts/generate_modules/queries/codeql-pack.lock.yml b/scripts/generate_modules/queries/codeql-pack.lock.yml index a7035a9f24..e7600d8458 100644 --- a/scripts/generate_modules/queries/codeql-pack.lock.yml +++ b/scripts/generate_modules/queries/codeql-pack.lock.yml @@ -2,7 +2,9 @@ lockVersion: 1.0.0 dependencies: codeql/cpp-all: - version: 0.4.6 + version: 0.6.1 codeql/ssa: + version: 0.0.14 + codeql/tutorial: version: 0.0.7 compiled: false diff --git a/scripts/generate_modules/queries/qlpack.yml b/scripts/generate_modules/queries/qlpack.yml index e3e1783997..d531a0df30 100644 --- a/scripts/generate_modules/queries/qlpack.yml +++ b/scripts/generate_modules/queries/qlpack.yml @@ -2,4 +2,4 @@ name: codeql/standard-library-extraction-cpp-coding-standards version: 0.0.0 license: MIT dependencies: - codeql/cpp-all: 0.4.6 + codeql/cpp-all: 0.6.1 diff --git a/scripts/update_codeql_dependency.sh b/scripts/update_codeql_dependency.sh new file mode 100755 index 0000000000..60f08415cf --- /dev/null +++ b/scripts/update_codeql_dependency.sh @@ -0,0 +1,18 @@ +#!/usr/bin/env bash + +# If there aren't two arguments, print usage and exit. +if [[ -z $2 ]]; +then + echo "Usage: bump_version.sh " + exit +fi + +echo "Updating CodeQL dependency $1 to $2." + +# update the qlpacks +find . -name 'qlpack.yml' | grep -v './codeql_modules' | xargs sed -i -r "s#${1}: [^\s]+#${1}: ${2}#" + +# update the lock files +find . -name 'codeql-pack.lock.yml' | grep -v './codeql_modules' | xargs sed -i -r -z "s#${1}:\n(\s*)version: [^\s]+\n#${1}:\n\1version: ${2}\n#" + +echo "Done." \ No newline at end of file diff --git a/supported_codeql_configs.json b/supported_codeql_configs.json index ff7551a34f..b62a99c892 100644 --- a/supported_codeql_configs.json +++ b/supported_codeql_configs.json @@ -1,9 +1,9 @@ { "supported_environment": [ { - "codeql_cli": "2.11.6", - "codeql_standard_library": "codeql-cli/v2.11.6", - "codeql_cli_bundle": "codeql-bundle-20221211" + "codeql_cli": "2.12.7", + "codeql_standard_library": "codeql-cli/v2.12.7", + "codeql_cli_bundle": "codeql-bundle-20230418" } ], "supported_language": [