Implement BannedAPIs package

[lcartey]

Description

This PR implements the BannedAPIs package.

As many of these rules required the detection of banned functions, I've written a library (BannedFunctions) to help identify different uses (e.g. calls, accesses etc.), and to aggregate reports in macro definitions.

I've also updated quite a few of the C++ stubs (unlike the C stubs, these are all written by hand). I suspect there may be some broken tests - will update the PR after CI/CD has run.

Change request type

• Release or process automation (GitHub workflows, internal scripts)
• Internal documentation
• External documentation
• Query files (.ql, .qll, .qls or unit tests)
• External scripts (analysis report or other code shipped as part of a release)

Rules with added or modified queries

• No rules added
• Queries have been added for the following rules:
  • ``
• Queries have been modified for the following rules:
  • rule number here

Release change checklist

A change note (development_handbook.md#change-notes) is required for any pull request which modifies:

• The structure or layout of the release artifacts.
• The evaluation performance (memory, execution time) of an existing query.
• The results of an existing query in any circumstance.

If you are only adding new rule queries, a change note is not required.

Author: Is a change note required?

• Yes
• No

🚨🚨🚨
Reviewer: Confirm that format of shared queries (not the .qll file, the
.ql file that imports it) is valid by running them within VS Code.

• Confirmed

Reviewer: Confirm that either a change note is not required or the change note is required and has been added.

• Confirmed

Query development review checklist

For PRs that add new queries or modify existing queries, the following checklist should be completed by both the author and reviewer:

Author

• Have all the relevant rule package description files been checked in?
• Have you verified that the metadata properties of each new query is set appropriately?
• Do all the unit tests contain both "COMPLIANT" and "NON_COMPLIANT" cases?
• Are the alert messages properly formatted and consistent with the style guide?
• Have you run the queries on OpenPilot and verified that the performance and results are acceptable?
  As a rule of thumb, predicates specific to the query should take no more than 1 minute, and for simple queries be under 10 seconds. If this is not the case, this should be highlighted and agreed in the code review process.
• Does the query have an appropriate level of in-query comments/documentation?
• Have you considered/identified possible edge cases?
• Does the query not reinvent features in the standard library?
• Can the query be simplified further (not golfed!)

Reviewer

• Have all the relevant rule package description files been checked in?
• Have you verified that the metadata properties of each new query is set appropriately?
• Do all the unit tests contain both "COMPLIANT" and "NON_COMPLIANT" cases?
• Are the alert messages properly formatted and consistent with the style guide?
• Have you run the queries on OpenPilot and verified that the performance and results are acceptable?
  As a rule of thumb, predicates specific to the query should take no more than 1 minute, and for simple queries be under 10 seconds. If this is not the case, this should be highlighted and agreed in the code review process.
• Does the query have an appropriate level of in-query comments/documentation?
• Have you considered/identified possible edge cases?
• Does the query not reinvent features in the standard library?
• Can the query be simplified further (not golfed!)

[Copilot]

Pull Request Overview

This PR introduces the new BannedAPIs query package and integrates it into the C++ coding-standards metadata, while also refreshing several C++ standard-library test stubs.

• Add autogenerated BannedAPIs.qll with queries and wire them into RuleMetadata.qll
• Update C++ standard-library test headers under cpp/common/test/includes/standard-library
• Refresh documentation in CommonTypes.qll to match new header naming

Reviewed Changes

Copilot reviewed 70 out of 70 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
cpp/common/src/codingstandards/cpp/exclusions/RuleMetadata.qll	Import and register the BannedAPIs package
cpp/common/src/codingstandards/cpp/exclusions/cpp/BannedAPIs.qll	Add autogenerated queries for banned APIs
cpp/common/test/includes/standard-library/ctype.h	Revise include stub for C character functions
cpp/common/test/includes/standard-library/cctype	Provide std:: mappings for C character functions
cpp/autosar/src/codingstandards/cpp/CommonTypes.qll	Update doc comment to reference cstdint

Comments suppressed due to low confidence (3)

cpp/common/test/includes/standard-library/ctype.h:4

• These extern declarations live in the global namespace but the closing } // namespace std was removed. Wrap these declarations in namespace std { … } so that calls like std::isalnum resolve correctly.

extern int isalnum(int);

cpp/autosar/src/codingstandards/cpp/CommonTypes.qll:4

• [nitpick] The comment refers to cstdint generically but elsewhere you include stdint.h. Clarify whether this maps to <cstdint> or the legacy header to avoid confusion.

* Implementations of the C/C++ Fixed Width Types from cstdint.

cpp/common/test/includes/standard-library/cctype:10

• The stub maps isgraph (and similarly isprint, ispunct) into std:: but ctype.h does not declare these prototypes. Add extern int isgraph(int); (and the others) to the underlying ctype.h stub so they compile.

using ::isgraph;

[Copilot]

[nitpick] This header uses both #pragma once and include guards. Consider removing the redundancy by choosing one style for consistency across stubs.

[Copilot]

[nitpick] The stub uses an include guard but no #pragma once, while other stubs mix both. Unify header guard patterns for clarity.

Suggested change

	#ifndef _GHLIBCPP_CWCTYPE
	#define _GHLIBCPP_CWCTYPE
	#pragma once