From 6316375dfcd09132d0f1759571f1da5959a0f1b3 Mon Sep 17 00:00:00 2001 From: Luke Cartey Date: Sun, 12 Jan 2025 22:00:41 +0000 Subject: [PATCH] ReturnRefOrPointerToAutoVar: Exclude global or member variables This false positive case was introduced when the rule was shared during the creation of RULE-6-8-2, where `Variable` was used instead of `StackVariable`. --- change_notes/2025-01-09-return-reference.md | 2 ++ ...rnReferenceOrPointerToAutomaticLocalVariable.qll | 2 +- .../test.cpp | 13 +++++++++++++ 3 files changed, 16 insertions(+), 1 deletion(-) create mode 100644 change_notes/2025-01-09-return-reference.md diff --git a/change_notes/2025-01-09-return-reference.md b/change_notes/2025-01-09-return-reference.md new file mode 100644 index 0000000000..69480916c7 --- /dev/null +++ b/change_notes/2025-01-09-return-reference.md @@ -0,0 +1,2 @@ + - `M7-5-1`, `RULE-6-8-2` - `FunctionReturnAutomaticVarCondition.ql`, `ReturnReferenceOrPointerToAutomaticLocalVariable.ql`: + - Remove false positives for member and global variables reported under this rule. \ No newline at end of file diff --git a/cpp/common/src/codingstandards/cpp/rules/returnreferenceorpointertoautomaticlocalvariable/ReturnReferenceOrPointerToAutomaticLocalVariable.qll b/cpp/common/src/codingstandards/cpp/rules/returnreferenceorpointertoautomaticlocalvariable/ReturnReferenceOrPointerToAutomaticLocalVariable.qll index cd623f711c..b37a9cd02b 100644 --- a/cpp/common/src/codingstandards/cpp/rules/returnreferenceorpointertoautomaticlocalvariable/ReturnReferenceOrPointerToAutomaticLocalVariable.qll +++ b/cpp/common/src/codingstandards/cpp/rules/returnreferenceorpointertoautomaticlocalvariable/ReturnReferenceOrPointerToAutomaticLocalVariable.qll @@ -13,7 +13,7 @@ abstract class ReturnReferenceOrPointerToAutomaticLocalVariableSharedQuery exten Query getQuery() { result instanceof ReturnReferenceOrPointerToAutomaticLocalVariableSharedQuery } query predicate problems( - ReturnStmt rs, string message, Function f, string f_string, Variable auto, string auto_string + ReturnStmt rs, string message, Function f, string f_string, StackVariable auto, string auto_string ) { exists(VariableAccess va, string returnType | not isExcluded(rs, getQuery()) and diff --git a/cpp/common/test/rules/returnreferenceorpointertoautomaticlocalvariable/test.cpp b/cpp/common/test/rules/returnreferenceorpointertoautomaticlocalvariable/test.cpp index bc4fbf8f1d..d383d7859f 100644 --- a/cpp/common/test/rules/returnreferenceorpointertoautomaticlocalvariable/test.cpp +++ b/cpp/common/test/rules/returnreferenceorpointertoautomaticlocalvariable/test.cpp @@ -32,4 +32,17 @@ void test_templatefunction_return() { int j = 2; int k = 3; t1(j, k); +} + +class C1 { +private: + int x; + +public: + int test() { return x; } // COMPLIANT - ignore member vars +}; + +int x; +int test_global() { + return x; // COMPLIANT - ignore global vars } \ No newline at end of file