Skip to content

Commit 55a5dea

Browse files
authored
Merge branch 'main' into dependabot/pip/scripts/gitpython-3.1.35
2 parents 0be7d21 + e786157 commit 55a5dea

File tree

327 files changed

+763
-527
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

327 files changed

+763
-527
lines changed

.github/workflows/upgrade_codeql_dependencies.yml

Lines changed: 11 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ env:
1212
XARGS_MAX_PROCS: 4
1313

1414
jobs:
15-
say_hello:
15+
upgrade_codeql_dependencies:
1616
env:
1717
CODEQL_CLI_VERSION: ${{ github.event.inputs.codeql_cli_version }}
1818
runs-on: ubuntu-22.04
@@ -33,26 +33,29 @@ jobs:
3333
GITHUB_TOKEN: ${{ github.token }}
3434
CODEQL_CLI_VERSION: ${{ github.event.inputs.codeql_cli_version }}
3535
run: |
36-
scripts/upgrade-codeql-dependencies/upgrade_codeql_dependencies.py --cli-version "$CODEQL_CLI_VERSION"
36+
python3 scripts/upgrade-codeql-dependencies/upgrade-codeql-dependencies.py --cli-version "$CODEQL_CLI_VERSION"
3737
3838
- name: Fetch CodeQL
3939
env:
4040
GITHUB_TOKEN: ${{ github.token }}
41+
RUNNER_TEMP: ${{ runner.temp }}
4142
run: |
43+
cd $RUNNER_TEMP
4244
gh release download "v${CODEQL_CLI_VERSION}" --repo https://github.com/github/codeql-cli-binaries --pattern codeql-linux64.zip
4345
unzip -q codeql-linux64.zip
4446
4547
- name: Update CodeQL formatting based on new CLI version
48+
env:
49+
RUNNER_TEMP: ${{ runner.temp }}
4650
run: |
47-
find cpp -name '*.ql' -or -name '*.qll' | xargs --max-procs "$XARGS_MAX_PROCS" --max-args 1 codeql/codeql query format --in-place
48-
find c -name '*.ql' -or -name '*.qll' | xargs --max-procs "$XARGS_MAX_PROCS" --max-args 1 codeql/codeql query format --in-place
51+
find cpp \( -name '*.ql' -or -name '*.qll' \) -print0 | xargs -0 --max-procs "$XARGS_MAX_PROCS" $RUNNER_TEMP/codeql/codeql query format --in-place
52+
find c \( -name '*.ql' -or -name '*.qll' \) -print0 | xargs -0 --max-procs "$XARGS_MAX_PROCS" $RUNNER_TEMP/codeql/codeql query format --in-place
4953
5054
- name: Create Pull Request
5155
uses: peter-evans/create-pull-request@v3
5256
with:
53-
title: "Upgrading `github/codeql` dependency to ${{ github.event.inputs.codeql_standard_library_commit }}"
54-
body: "This PR upgrades the CodeQL CLI version to ${{ github.event.inputs.codeql_cli_version }} and the `github/codeql` version to ${{ github.event.inputs.codeql_standard_library_commit }}."
55-
commit-message: "Upgrading `github/codeql` dependency to ${{ github.event.inputs.codeql_standard_library_commit }}"
56-
team-reviewers: github/codeql-coding-standards
57+
title: "Upgrading `github/codeql` dependency to ${{ github.event.inputs.codeql_cli_version }}"
58+
body: "This PR upgrades the CodeQL CLI version to ${{ github.event.inputs.codeql_cli_version }}."
59+
commit-message: "Upgrading `github/codeql` dependency to ${{ github.event.inputs.codeql_cli_version }}"
5760
delete-branch: true
5861
branch: "codeql/upgrade-to-${{ github.event.inputs.codeql_cli_version }}"

c/cert/src/codeql-pack.lock.yml

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,9 +2,11 @@
22
lockVersion: 1.0.0
33
dependencies:
44
codeql/cpp-all:
5-
version: 0.6.1
5+
version: 0.7.4
66
codeql/ssa:
7-
version: 0.0.14
7+
version: 0.0.19
88
codeql/tutorial:
9-
version: 0.0.7
9+
version: 0.0.12
10+
codeql/util:
11+
version: 0.0.12
1012
compiled: false

c/cert/src/qlpack.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,4 +5,4 @@ suites: codeql-suites
55
license: MIT
66
dependencies:
77
codeql/common-c-coding-standards: '*'
8-
codeql/cpp-all: 0.6.1
8+
codeql/cpp-all: 0.7.4

c/cert/src/rules/ARR30-C/DoNotFormOutOfBoundsPointersOrArraySubscripts.ql

Lines changed: 39 additions & 38 deletions
Original file line numberDiff line numberDiff line change
@@ -12,41 +12,42 @@
1212
* external/cert/obligation/rule
1313
*/
1414

15-
import cpp
16-
import codingstandards.c.cert
17-
import codingstandards.c.OutOfBounds
18-
19-
from
20-
OOB::BufferAccess ba, Expr bufferArg, Expr sizeArg, OOB::PointerToObjectSource bufferSource,
21-
string message
22-
where
23-
not isExcluded(ba, OutOfBoundsPackage::doNotFormOutOfBoundsPointersOrArraySubscriptsQuery()) and
24-
// exclude loops
25-
not exists(Loop loop | loop.getStmt().getChildStmt*() = ba.getEnclosingStmt()) and
26-
// exclude size arguments that are of type ssize_t
27-
not sizeArg.getAChild*().(VariableAccess).getTarget().getType() instanceof Ssize_t and
28-
// exclude size arguments that are assigned the result of a function call e.g. ftell
29-
not sizeArg.getAChild*().(VariableAccess).getTarget().getAnAssignedValue() instanceof FunctionCall and
30-
// exclude field or array accesses for the size arguments
31-
not sizeArg.getAChild*() instanceof FieldAccess and
32-
not sizeArg.getAChild*() instanceof ArrayExpr and
33-
(
34-
exists(int sizeArgValue, int bufferArgSize |
35-
OOB::isSizeArgGreaterThanBufferSize(bufferArg, sizeArg, bufferSource, bufferArgSize, sizeArgValue, ba) and
36-
message =
37-
"Buffer accesses offset " + sizeArgValue +
38-
" which is greater than the fixed size " + bufferArgSize + " of the $@."
39-
)
40-
or
41-
exists(int sizeArgUpperBound, int sizeMult, int bufferArgSize |
42-
OOB::isSizeArgNotCheckedLessThanFixedBufferSize(bufferArg, sizeArg, bufferSource,
43-
bufferArgSize, ba, sizeArgUpperBound, sizeMult) and
44-
message =
45-
"Buffer may access up to offset " + sizeArgUpperBound + "*" + sizeMult +
46-
" which is greater than the fixed size " + bufferArgSize + " of the $@."
47-
)
48-
or
49-
OOB::isSizeArgNotCheckedGreaterThanZero(bufferArg, sizeArg, bufferSource, ba) and
50-
message = "Buffer access may be to a negative index in the buffer."
51-
)
52-
select ba, message, bufferSource, "buffer"
15+
import cpp
16+
import codingstandards.c.cert
17+
import codingstandards.c.OutOfBounds
18+
19+
from
20+
OOB::BufferAccess ba, Expr bufferArg, Expr sizeArg, OOB::PointerToObjectSource bufferSource,
21+
string message
22+
where
23+
not isExcluded(ba, OutOfBoundsPackage::doNotFormOutOfBoundsPointersOrArraySubscriptsQuery()) and
24+
// exclude loops
25+
not exists(Loop loop | loop.getStmt().getChildStmt*() = ba.getEnclosingStmt()) and
26+
// exclude size arguments that are of type ssize_t
27+
not sizeArg.getAChild*().(VariableAccess).getTarget().getType() instanceof Ssize_t and
28+
// exclude size arguments that are assigned the result of a function call e.g. ftell
29+
not sizeArg.getAChild*().(VariableAccess).getTarget().getAnAssignedValue() instanceof FunctionCall and
30+
// exclude field or array accesses for the size arguments
31+
not sizeArg.getAChild*() instanceof FieldAccess and
32+
not sizeArg.getAChild*() instanceof ArrayExpr and
33+
(
34+
exists(int sizeArgValue, int bufferArgSize |
35+
OOB::isSizeArgGreaterThanBufferSize(bufferArg, sizeArg, bufferSource, bufferArgSize,
36+
sizeArgValue, ba) and
37+
message =
38+
"Buffer accesses offset " + sizeArgValue + " which is greater than the fixed size " +
39+
bufferArgSize + " of the $@."
40+
)
41+
or
42+
exists(int sizeArgUpperBound, int sizeMult, int bufferArgSize |
43+
OOB::isSizeArgNotCheckedLessThanFixedBufferSize(bufferArg, sizeArg, bufferSource,
44+
bufferArgSize, ba, sizeArgUpperBound, sizeMult) and
45+
message =
46+
"Buffer may access up to offset " + sizeArgUpperBound + "*" + sizeMult +
47+
" which is greater than the fixed size " + bufferArgSize + " of the $@."
48+
)
49+
or
50+
OOB::isSizeArgNotCheckedGreaterThanZero(bufferArg, sizeArg, bufferSource, ba) and
51+
message = "Buffer access may be to a negative index in the buffer."
52+
)
53+
select ba, message, bufferSource, "buffer"

c/cert/src/rules/ARR36-C/DoNotRelatePointersThatDoNotReferToTheSameArray.ql

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,8 @@ import cpp
1515
import codingstandards.c.cert
1616
import codingstandards.cpp.rules.donotuserelationaloperatorswithdifferingarrays.DoNotUseRelationalOperatorsWithDifferingArrays
1717

18-
class DoNotRelatePointersThatDoNotReferToTheSameArrayQuery extends DoNotUseRelationalOperatorsWithDifferingArraysSharedQuery {
18+
class DoNotRelatePointersThatDoNotReferToTheSameArrayQuery extends DoNotUseRelationalOperatorsWithDifferingArraysSharedQuery
19+
{
1920
DoNotRelatePointersThatDoNotReferToTheSameArrayQuery() {
2021
this = Memory2Package::doNotRelatePointersThatDoNotReferToTheSameArrayQuery()
2122
}

c/cert/src/rules/ARR36-C/DoNotSubtractPointersThatDoNotReferToTheSameArray.ql

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,8 @@ import cpp
1515
import codingstandards.c.cert
1616
import codingstandards.cpp.rules.donotsubtractpointersaddressingdifferentarrays.DoNotSubtractPointersAddressingDifferentArrays
1717

18-
class DoNotSubtractPointersThatDoNotReferToTheSameArrayQuery extends DoNotSubtractPointersAddressingDifferentArraysSharedQuery {
18+
class DoNotSubtractPointersThatDoNotReferToTheSameArrayQuery extends DoNotSubtractPointersAddressingDifferentArraysSharedQuery
19+
{
1920
DoNotSubtractPointersThatDoNotReferToTheSameArrayQuery() {
2021
this = Memory2Package::doNotSubtractPointersThatDoNotReferToTheSameArrayQuery()
2122
}

c/cert/src/rules/ARR38-C/LibraryFunctionArgumentOutOfBounds.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,4 +22,4 @@ from
2222
where
2323
not isExcluded(fc, OutOfBoundsPackage::libraryFunctionArgumentOutOfBoundsQuery()) and
2424
OOB::problems(fc, message, bufferArg, bufferArgStr, sizeOrOtherBufferArg, otherStr)
25-
select fc, message, bufferArg, bufferArgStr, sizeOrOtherBufferArg, otherStr
25+
select fc, message, bufferArg, bufferArgStr, sizeOrOtherBufferArg, otherStr

c/cert/src/rules/CON31-C/DoNotAllowAMutexToGoOutOfScopeWhileLocked.ql

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,8 @@ import cpp
1616
import codingstandards.c.cert
1717
import codingstandards.cpp.rules.donotallowamutextogooutofscopewhilelocked.DoNotAllowAMutexToGoOutOfScopeWhileLocked
1818

19-
class DoNotAllowAMutexToGoOutOfScopeWhileLockedQuery extends DoNotAllowAMutexToGoOutOfScopeWhileLockedSharedQuery {
19+
class DoNotAllowAMutexToGoOutOfScopeWhileLockedQuery extends DoNotAllowAMutexToGoOutOfScopeWhileLockedSharedQuery
20+
{
2021
DoNotAllowAMutexToGoOutOfScopeWhileLockedQuery() {
2122
this = Concurrency3Package::doNotAllowAMutexToGoOutOfScopeWhileLockedQuery()
2223
}

c/cert/src/rules/CON33-C/RaceConditionsWhenUsingLibraryFunctions.ql

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -24,5 +24,5 @@ where
2424
"setlocale", "atomic_init", "ATOMIC_VAR_INIT", "tmpnam", "mbrtoc16", "c16rtomb", "mbrtoc32",
2525
"c32rtomb"
2626
]
27-
select node,
28-
"Concurrent call to non-reeantrant function $@.", node.(FunctionCall).getTarget(), node.(FunctionCall).getTarget().getName()
27+
select node, "Concurrent call to non-reeantrant function $@.", node.(FunctionCall).getTarget(),
28+
node.(FunctionCall).getTarget().getName()

c/cert/src/rules/CON35-C/DeadlockByLockingInPredefinedOrder.ql

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,8 @@ import cpp
1616
import codingstandards.c.cert
1717
import codingstandards.cpp.rules.preventdeadlockbylockinginpredefinedorder.PreventDeadlockByLockingInPredefinedOrder
1818

19-
class DeadlockByLockingInPredefinedOrderQuery extends PreventDeadlockByLockingInPredefinedOrderSharedQuery {
19+
class DeadlockByLockingInPredefinedOrderQuery extends PreventDeadlockByLockingInPredefinedOrderSharedQuery
20+
{
2021
DeadlockByLockingInPredefinedOrderQuery() {
2122
this = Concurrency2Package::deadlockByLockingInPredefinedOrderQuery()
2223
}

0 commit comments

Comments
 (0)