Skip to content

Releases: github/codeql-coding-standards

v2.38.0

22 Nov 18:24
2e89423
Compare
Choose a tag to compare

Release summary

  • New queries added for the following rule packages: Language4
  • The following changes have been made for this release:
  • M6-5-3 - Loops.qll:
    • Fixes #755. Specifies that the access to the loop counter must be via non-const address.
  • A7-1-7 - IdentifierDeclarationAndInitializationNotOnSeparateLines.ql
    • Fixes #629. Adds brackets, excluding expressions statements in macros.

Supported versions

  • The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
  • The Code Scanning pack is supported when:
    • Using the CodeQL CLI version 2.16.6 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.16.6.
    • Using the CodeQL Action or CodeQL runner with the codeql-bundle-v2.16.6.

Appendix: MISRA-C-2012 new queries

New queries added to cover the following rules:

  • RULE-1-5 - MissingStaticSpecifierFuncRedeclarationObsolete.ql, MissingStaticSpecifierObjectRedeclarationObsolete.ql, FunctionTypesNotInPrototypeFormObsolete.ql, UseOfObsoleteMacroAtomicVarInit.ql, InvalidDefineOrUndefOfStdBoolMacro.ql, CallToObsolescentFunctionGets.ql, UngetcCallOnStreamPositionZero.ql, SizeInReallocCallMayBeZero.ql, SizeInReallocCallIsZero.ql

v2.37.1

25 Oct 16:38
8c21bed
Compare
Choose a tag to compare

Release summary

  • The performance of the following queries have been improved:
    • DCL40-C
    • RULE-5-1
    • RULE-8-3
    • RULE-8-4
    • MSC39-C

Supported versions

  • The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
  • The Code Scanning pack is supported when:
    • Using the CodeQL CLI version 2.16.6 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.16.6.
    • Using the CodeQL Action or CodeQL runner with the codeql-bundle-v2.16.6.

v2.37.0

24 Oct 20:44
5d16169
Compare
Choose a tag to compare

Release summary

  • No new queries were added for this release
  • The following changes have been made for this release:
    • A13-3-1 - FunctionThatContainsForwardingReferenceAsItsArgumentOverloaded.ql:
    • Fixes #406. Exclude detection of overloaded implicit copy/move constructors.
  • Updated the CodeQL version to 2.16.6.
  • M0-1-2 - InfeasiblePath.ql:
    • This query may now report additional results within templates where a relational operation is performed which has a constant value given the specified arguments.
  • A5-2-6 - OperandsOfAlogicalAndOrNotParenthesized.ql:
    • Remove false positives where the operator is identical.
    • Improve alert message to clarify which expression needs to be parenthesized.
  • 5.13.4 - UnsignedLiteralsNotAppropriatelySuffixed.ql:
    • Expand detection to binary literals.
  • M2-13-3 - MissingUSuffix.ql:
    • Expand detection to binary literals.
  • A12-1-1, RULE-15-1-2 - InitializeAllVirtualBaseClasses.ql, ExplicitConstructorBaseClassInitialization.ql:
    • Remove false positives for deleted member functions.
  • RULE-8-13 - PointerShouldPointToConstTypeWhenPossible.ql
    • Exclude false positives where a variable occurs in a file compiled multiple times, but where it may only be const in some of those scenarios.
    • Exclude results for local scope variables in functions that use assembly code, as CodeQL cannot determine the impact of the assembly.
    • Exclude false positives when an assignment is made to a struct field.
    • Exclude false positives where the object pointed to by the variable is modified using *p++ = ....
    • Exclude false positives for functions without bodies.
  • Rules that rely on the determination of side-effects of an expression may change as a result of considering *p++ = ... as having a side-effect on p.
  • RULE-1-3 - OccurrenceOfUndefinedBehavior.ql:
    • Improve alert message to report the undefined behavior triggered.
    • Address both false positives and false negatives in identifying standard compliant main methods. Previously, void main() was considered permitted and int main(void) banned. In addition, we now detect main methods as standard compliant if they use typedefs, and if arrays are used in the definition of argv.
  • RULE-5-4 - MacroIdentifiersNotDistinct.ql:
    • Exclude false positives related to conditional compilation, where a macro may be defined twice, but not within the same compilation.
    • Improve alert message in the case the 63 char limit is not relevant by using the form "Definition of macro <MACRO_NAME> is not distinct from alternative definition of <MACRO_NAME> in <relative_file_path>.
  • RULE-2-5 - UnusedMacroDeclaration.ql:
    • Exclude false positives where a macro was used before definition, for example a header guard.
  • Modifications to the release artifacts:
    • New CodeQL pack release artifacts have been created. These release artifacts can be downloaded from the release, and will be published to the GitHub registry under the codeql org for ease of deployment.
    • The user manual has been updated to describe how to use the CodeQL packs.
  • We no longer require a separate download of the CodeQL Standard Library for C++ - all queries have been pre-compiled and linked with the appropriate standard library.

Supported versions

  • The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
  • The Code Scanning pack is supported when:
    • Using the CodeQL CLI version 2.16.6 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.16.6.
    • Using the CodeQL Action or CodeQL runner with the codeql-bundle-v2.16.6.

v2.36.0

18 Oct 21:55
199631a
Compare
Choose a tag to compare

Release summary

  • New queries added for the following rule packages: Banned2, BitfieldTypes2, FunctionTypes, NoReturn, Types2, DeadCode
  • The following changes have been made for this release:
    • RULE-1-2 - LanguageExtensionsShouldNotBeUsed.ql:
      • Improve reporting by describing which language extensions are used.
      • Improve reporting by aggregating results generated from a macro expansion at the generating macro location.
      • Reduce false positives for the variable length array check by permitting those extensions which are included in the C99 standard.
    • M0-1-9 - DeadCode.ql
      • Remove false positives for statements where the enclosing function is compiled multiple times, either as part of different targets or a different template instantiations. Previously we would see false positives where a statement was dead in one instance of the code, but not other instances. We now only consider a statement dead if it is dead in all instances of that code.
  • RULE-2-2 - DeadCode.ql:
    • Query has been rewritten to report only operations that are considered dead, not statements. This should reduce false positives.
    • Remove false positives for operations where the enclosing function is compiled multiple times, either as part of different targets or a different template instantiations. Previously we would see false positives where a operation was dead in one instance of the code, but not other instances. We now only consider a operation dead if it is dead in all instances of that code.
  • A7-6-1, MSC53-CPP, RULE-9-6-4 - FunctionNoReturnAttbrituteCondition.qll
    • Analysis expanded from functions with "noreturn" attribute, now includes the "noreturn" specifier as well to handle new c rules. No difference in C++ results expected.
    • Exclude compiler generated functions from being reported.
  • RULE-10-7 - ImplicitConversionOfCompositeExpression.ql:
    • Improved performance on larger codebases.
  • SIG31-C - DoNotAccessSharedObjectsInSignalHandlers.ql:
    • Improved performance on larger codebases.
  • M0-1-10 - UnusedFunction.ql:
    • Fixes #711. Excludes constexpr functions, considers functions from GoogleTest as an EntryPoint and does not consider special member functions. Another query called UnusedSplMemberFunction.ql is created that reports unused special member functions. This is done so as to enable deviations to be applied to this case.
  • The following query suites have been added or modified for MISRA C:
    • A new query suite has been created misra-c-default.qls to avoid confusion with the MISRA C++ query suites. The misra-default.qls suite has been deprecated, and will be removed in a future releases, and is replaced by the misra-c-default.qls suite.
      • The misra-c-default.qls suite has been specified as the default for the pack, and will include our most up-to-date coverage for MISRA C.
    • A new query suite misra-c-2012-third-edition-with-amendment-2.qls has been created to represent our previous MISRA C coverage. Note: this query suite will run the rules that were present in MISRA C 2012, Third Edition, First Revision and Amendment 2. The interpretation of those rules may be updated to reflect changes in more recent MISRA standards.
    • Three new query suites, misra-c-mandatory.qls, misra-c-required.qls and misra-c-advisory.qls, have been added to enable running mandatory, required or advisory queries.
  • The following query suites have been added or modified for MISRA C++:
    • A new query suite has been created misra-cpp-default.qls to avoid confusion with the MISRA C query suites. The misra-default.qls suite has been deprecated, and will be removed in a future releases, and is replaced by the misra-cpp-default.qls suite.
      • The misra-cpp-default.qls suite has been specified as the default for the pack, and will include our most up-to-date coverage for MISRA C.
    • A new query suite has been created misra-cpp-single-translation-unit.qls to avoid confusion with the MISRA C query suites. The misra-single-translation-unit.qls suite has been deprecated, and will be removed in a future releases, and is replaced by the misra-cpp-single-translation-unit.qls suite.
    • Three new query suites, misra-cpp-mandatory.qls, misra-c-required.qls and misra-c-advisory.qls, have been added to enable running mandatory, required or advisory queries.
  • A0-1-1 - UselessAssignments.qll:
    • Remove (dead code) useless assignment false positive when integer constant expression is used to define the size of an array.
  • Updated the CodeQL version to 2.15.5.
  • RULE-11-3, RULE-11-4, RULE-11-5, RULE-11-7 - CastBetweenObjectPointerAndDifferentObjectType.ql, ConversionBetweenPointerToObjectAndIntegerType.ql, ConversionFromPointerToVoidIntoPointerToObject.ql, CastBetweenPointerToObjectAndNonIntArithmeticType.ql:
    • Removed false positives where casts involved a specified void type pointer, e.g. const void*, which should not be considered as a pointer to object.
  • RULE-11-5 - ConversionFromPointerToVoidIntoPointerToObject.ql:
    • Addressed false negatives where the pointer-to-void was specified.
  • A7-1-3 - CvQualifiersNotPlacedOnTheRightHandSide.ql:
    • Removed false positives where a correctly CV-qualified typedef variable type was also referenced in the initializer.
  • A14-5-2 - NonTemplateMemberDefinedInTemplate.ql
    • Fixes #739. Correctly detect template parameters specified in using alias base types, e.g. using T1 = some_type<T>::Type;.
  • RULE-10-4 - OperandswithMismatchedEssentialTypeCategory.ql:
    • Removed false positives where a specified or typedef'd enum type was compared to an enum constant type.
  • EssentialType - for all queries related to essential types:
    • \n and other control characters are now correctly deduced as essentially char type, instead of an essentially integer type.
    • Enum constants for anonymous enums are now correctly deduced as an essentially signed integer type instead of essentially enum.

Supported versions

  • The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
  • The Code Scanning pack is supported when:
    • Using the CodeQL CLI version 2.15.5 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.15.5.
    • Using the CodeQL Action or CodeQL runner with the codeql-bundle-v2.15.5.

Appendix: AUTOSAR new queries

New queries added to cover the following rules:

  • M0-1-10 - UnusedSplMemberFunction.ql

Appendix: MISRA-C-2012 new queries

New queries added to cover the following rules:

  • RULE-6-3 - BitFieldDeclaredAsMemberOfAUnion.ql
  • RULE-7-5 - InvalidIntegerConstantMacroArgument.ql, InvalidLiteralForIntegerConstantMacroArgument.ql, IntegerConstantMacroArgumentUsesSuffix.ql, IncorrectlySizedIntegerConstantMacroArgument.ql
  • RULE-7-6 - UseOfBannedSmallIntegerConstantMacro.ql
  • RULE-17-9 - ReturnStatementInNoreturnFunction.ql
  • RULE-17-10 - NonVoidReturnTypeOfNoreturnFunction.ql
  • RULE-17-11 - FunctionWithNoReturningBranchShouldBeNoreturn.ql
  • RULE-17-12 - FunctionAddressesShouldAddressOperator.ql
  • RULE-21-24 - CallToBannedRandomFunction.ql

v2.35.0

30 Sep 15:30
7033ff4
Compare
Choose a tag to compare

Release summary

  • No new queries were added for this release

  • The following changes have been made for this release:

    • RULE-11-1 - ConversionBetweenFunctionPointerAndOtherType.ql:
      • Fixed issue #331 - consider 0 a null pointer constant.
    • RULE-11-4 - ConversionBetweenPointerToObjectAndIntegerType.ql:
      • Fixed issue #331 - consider 0 a null pointer constant.
      • Improve reporting of the order of the cast and the actual types involved.
      • Improve reporting where the result is expanded from a macro by either reporting the macro itself (if it is not dependent on the context) or by including a link to the macro in the alert message.
    • RULE-11-5 - ConversionFromPointerToVoidIntoPointerToObject.ql:
      • Fixed issue #331 - consider 0 a null pointer constant.
    • RULE-11-6 - CastBetweenPointerToVoidAndArithmeticType.ql:
      • Fixed issue #331 - accept integer constant expressions with value 0 instead of null pointer constants.
    • RULE-11-9 - MacroNullNotUsedAsIntegerNullPointerConstant.ql:
      • Remove false positives in branches of ternary expressions, where 0 was used correctly.
  • A2-7-3 - UndocumentedUserDefinedType.ql:

    • Fixes #606. Fix false positive relating to friend functions in template classes.
  • M0-1-3 - UnusedLocalVariable.ql:

    • Fixes #658. Considers usage of const/constexpr variables in array size and function parameters that are used in arguments of template functions.
  • RULE-12-2 - RightHandOperandOfAShiftRange.ql:

    • Reduce false positives related to ranges determined by %=.
    • Reduce false positives for integer constants with explicit size suffix were incorrectly identified as smaller types.
    • Improve explanation of results, providing additional information on types and size ranges.
    • Combine results stemming from the expansion of a macro, where the result is not dependent on the context.
  • RULE-5-8 - IdentifiersWithExternalLinkageNotUnique.ql

    • Remove false positives where conflicting declarations do not appear in the same link target.
  • RULE-10-1 - OperandsOfAnInappropriateEssentialType.ql

    • Reduce false negatives by supporting operands to the ~ operator with the incorrect essential type.
    • Reduce false positives by identifying the essential type of !<expr> as essentially boolean type.
    • Improve clarity reporting by reporting the violating operand, instead of the operator, and addressing message typos.
  • M0-1-9 - DeadCode.qll:

    • Fixes #678. Remove dead code false positive when integer constant expression is used to define the size of an array.
  • RULE-8-3 - DeclarationsOfAnObjectSameNameAndType.ql

    • Remove false positives where two conflicting declarations are never linked together.
  • M3-4-1 - UnnecessaryExposedIdentifierDeclarationShared.qll:

    • Fixes #665. Exclude variables that are constexpr and coming from template instantiations.
  • RULE-7-2 - UOrUSuffixRepresentedInUnsignedType.ql

    • Remove false positives where integer constants are generated from macros.
    • Remove false positives where a signed integer is implicitly converted to unsigned, which is permitted by the standard.
  • A1-1-2 - CompilerWarningLevelNotInCompliance.ql:

    • Report non-compliance for compilations that use the error-suppressing -w flag.

Supported versions

  • The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
  • The Code Scanning pack is supported when:
    • Using the CodeQL CLI version 2.14.6 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.14.6.
    • Using the CodeQL Action or CodeQL runner with the codeql-bundle-v2.14.6.

v2.34.0

27 Aug 13:32
0caf3f0
Compare
Choose a tag to compare

Release summary

  • New queries added for the following rule packages: Representation
  • The following changes have been made for this release:
  • M0-2-1 - DoNotPassAliasedPointerToRestrictQualifiedParam.ql:
    • Fixes #119. Adds shared query to cover missing detection of overlapping arrays or pointers in specific list of functions that list undefined behaviour when their parameters overlap.

Supported versions

  • The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
  • The Code Scanning pack is supported when:
    • Using the CodeQL CLI version 2.14.6 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.14.6.
    • Using the CodeQL Action or CodeQL runner with the codeql-bundle-v2.14.6.

Appendix: AUTOSAR new queries

New queries added to cover the following rules:

  • M0-2-1 - DoNotPassAliasedPointerToParam.ql

v2.33.0

02 Aug 17:13
cb944ac
Compare
Choose a tag to compare

Release summary

  • New queries added for the following rule packages: ImportMisra23
  • The following changes have been made for this release:
    • A7-2-1 - fix typo in some alert messages.
  • MISRA C++ 2023:
    • Extend the project structure and provide initial support for query writing.
  • A2-7-3 - UndocumentedUserDefinedType.ql:
    • Fixes #391. Declarations for which a Doxygen comment group provides documentation will no longer produce results.
  • M0-1-10 - EncapsulatingFunctions.qll:
    • Fixes #646. Consider typedef'd int return types for main() function as MainFunction.
  • PRE32-C - MacroOrFunctionArgsContainHashToken.ql:
    • Fixes #650. Correctly identifies presence of preprocessor directives in function calls.

Supported versions

  • The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
  • The Code Scanning pack is supported when:
    • Using the CodeQL CLI version 2.14.6 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.14.6.
    • Using the CodeQL Action or CodeQL runner with the codeql-bundle-v2.14.6.

Appendix: MISRA-C++-2023 new queries

New queries added to cover the following rules:

  • DIR-5-7-2 - SectionsOfCodeShouldNotBeCommentedOut.ql
  • DIR-15-8-1 - CopyAndMoveAssignmentsShallHandleSelfAssignment.ql
  • RULE-5-7-1 - CharacterSequenceUsedWithinACStyleComment.ql
  • RULE-5-7-3 - LineSplicingUsedInComments.ql
  • RULE-5-13-1 - BackslashCharacterMisuse.ql
  • RULE-5-13-2 - NonTerminatedEscapeSequences.ql
  • RULE-5-13-3 - OctalConstantsUsed.ql
  • RULE-5-13-4 - UnsignedIntegerLiteralsNotAppropriatelySuffixed.ql
  • RULE-5-13-5 - LowercaseLStartsInLiteralSuffix.ql
  • RULE-6-0-3 - GlobalNamespaceDeclarations.ql
  • RULE-6-0-4 - NonGlobalFunctionMain.ql
  • RULE-6-2-1 - OneDefinitionRuleViolated.ql
  • RULE-6-4-1 - VariableDeclaredInInnerScopeHidesOuterScope.ql
  • RULE-6-4-2 - InheritedNonOverridableMemberFunction.ql, InheritedOverridableMemberFunction.ql, DefinitionShallBeConsideredForUnqualifiedLookup.ql
  • RULE-6-4-3 - NameShallBeReferredUsingAQualifiedIdOrThis.ql, NameShallBeReferredUsingAQualifiedIdOrThisAudit.ql
  • RULE-6-8-1 - ObjectAccessedBeforeLifetimeMisra.ql, ObjectAccessedAfterLifetimeMisra.ql
  • RULE-6-8-2 - ReturnReferenceOrPointerToAutomaticLocalVariable.ql
  • RULE-7-11-1 - NullptrNotTheOnlyFormOfTheNullPointerConstant.ql
  • RULE-7-11-2 - ArrayPassedAsFunctionArgumentDecayToAPointer.ql
  • RULE-8-2-3 - CastRemovesConstOrVolatileFromPointerOrReference.ql
  • RULE-8-2-4 - CastsBetweenAPointerToFunctionAndAnyOtherType.ql
  • RULE-8-2-5 - ReinterpretCastShallNotBeUsed.ql
  • RULE-8-2-10 - FunctionsCallThemselvesEitherDirectlyOrIndirectly.ql
  • RULE-8-3-1 - BuiltInUnaryOperatorAppliedToUnsignedExpression.ql
  • RULE-8-18-2 - ResultOfAnAssignmentOperatorShouldNotBeUsed.ql
  • RULE-8-19-1 - CommaOperatorShouldNotBeUsed.ql
  • RULE-8-20-1 - UnsignedOperationWithConstantOperandsWraps.ql
  • RULE-9-3-1 - SwitchBodyCompoundCondition.ql, LoopBodyCompoundCondition.ql
  • RULE-9-4-1 - IfElseIfEndCondition.ql
  • RULE-9-6-1 - GotoStatementShouldNotBeUsed.ql
  • RULE-9-6-2 - GotoReferenceALabelInSurroundingBlock.ql
  • RULE-9-6-3 - GotoShallJumpToLabelDeclaredLaterInTheFunction.ql
  • RULE-9-6-4 - FunctionDeclaredWithTheNoreturnAttributeReturn.ql
  • RULE-9-6-5 - NonVoidFunctionShallReturnAValueOnAllPaths.ql
  • RULE-10-0-1 - UseSingleLocalDeclarators.ql, UseSingleGlobalOrMemberDeclarators.ql
  • RULE-10-2-1 - EnumerationNotDefinedWithAnExplicitUnderlyingType.ql
  • RULE-10-4-1 - AsmDeclarationShallNotBeUsed.ql
  • RULE-11-3-2 - DeclarationOfAnObjectIndirectionsLevel.ql
  • RULE-11-6-3 - NonUniqueEnumerationConstant.ql
  • RULE-12-2-2 - BitFieldShallHaveAnAppropriateType.ql
  • RULE-12-2-3 - SignedIntegerNamedBitFieldHaveALengthOfOneBit.ql
  • RULE-13-1-2 - VirtualAndNonVirtualClassInTheHierarchy.ql
  • RULE-13-3-2 - OverridingShallSpecifyDifferentDefaultArguments.ql
  • RULE-13-3-4 - PotentiallyVirtualPointerOnlyComparesToNullptr.ql
  • RULE-15-1-1 - ObjectsDynamicTypeUsedFromConstructorOrDestructor.ql
  • RULE-15-1-2 - InitializeAllVirtualBaseClasses.ql
  • RULE-15-1-5 - InitializerListConstructorIsTheOnlyConstructor.ql
  • RULE-16-5-2 - AddressOfOperatorOverloaded.ql
  • RULE-17-8-1 - FunctionTemplatesExplicitlySpecialized.ql
  • RULE-18-1-1 - ExceptionObjectHavePointerType.ql
  • RULE-18-1-2 - EmptyThrowOnlyWithinACatchHandler.ql
  • RULE-18-3-3 - HandlersReferToNonStaticMembersFromTheirClass.ql
  • RULE-18-5-1 - NoexceptFunctionShouldNotPropagateToTheCaller.ql
  • RULE-19-0-2 - FunctionLikeMacrosDefined.ql
  • RULE-19-0-3 - IncludeDirectivesPrecededByPreprocessorDirectives.ql
  • RULE-19-1-3 - IdentifiersUsedInTheControllingExpressionOf.ql
  • RULE-19-2-3 - CharsThatShouldNotOccurInHeaderFileName.ql
  • RULE-19-3-1 - AndPreprocessorOperatorsShouldNotBeUsed.ql
  • RULE-19-3-2 - MacroParameterFollowingHash.ql
  • RULE-19-3-3 - AMixedUseMacroArgumentSubjectToExpansion.ql
  • RULE-19-3-5 - TokensThatLookLikeDirectivesInAMacroArgument.ql
  • RULE-21-2-1 - AtofAtoiAtolAndAtollUsed.ql
  • RULE-21-2-4 - MacroOffsetofShallNotBeUsed.ql
  • RULE-21-6-4 - GlobalSizedOperatorDeleteShallBeDefined.ql, GlobalUnsizedOperatorDeleteShallBeDefined.ql
  • RULE-21-6-5 - PointerToAnIncompleteClassTypeDeleted.ql
  • RULE-21-10-3 - CsignalFacilitiesUsed.ql, CsignalTypesShallNotBeUsed.ql
  • RULE-25-5-2 - PointersReturnedByLocaleFunctionsMustBeUsedAsConst.ql
  • RULE-25-5-3 - CallToSetlocaleInvalidatesOldPointersMisra.ql, CallToSetlocaleInvalidatesOldPointersWarnMisra.ql
  • RULE-26-3-1 - VectorShouldNotBeSpecializedWithBool.ql
  • RULE-28-6-2 - ForwardingReferencesAndForwardNotUsedTogether.ql
  • RULE-28-6-3 - ObjectUsedWhileInPotentiallyMovedFromState.ql
  • RULE-30-0-1 - CstdioFunctionsShallNotBeUsed.ql, CstdioMacrosShallNotBeUsed.ql, CstdioTypesShallNotBeUsed.ql
  • RULE-30-0-2 - ReadsAndWritesOnStreamNotSeparatedByPositioning.ql

v2.32.0

16 Jul 22:37
ce898a9
Compare
Choose a tag to compare

Release summary

  • No new queries were added for this release
  • The following changes have been made for this release:
  • A0-4-4,FLP32-C - UncheckedRangeDomainPoleErrors.ql:
    • Fixes #193. Adds missing cases for domain errors, an unspecified result case and pole error cases.
  • M0-1-3 - UnusedGlobalOrNamespaceVariable.ql
    • Reduces false positives by excluding compiler generated variables, and variables in uninstantiated templates.
  • A3-9-1 - VariableWidthIntegerTypesUsed.ql:
    • Fixes #614. Excludes post increment and decrement operators.
  • M9-3-3 - MemberFunctionStaticIfPossible.ql:
    • Fixes #616. Exclude uninstantiated templates.
  • RULE-8-3 - DeclarationsOfAnObjectSameNameAndType.ql:
    • Fixes #618. Consider anonymous structs.
  • A3-1-5 - NonTrivialNonTemplateFunctionDefinedInsideClassDefinition.ql, TrivialOrTemplateFunctionDefinedOutsideClassDefinition.ql:
    • Fixes #611. Relax definition of trivial length of trivial member function to 10 LOC.
  • A7-1-1 - DeclarationUnmodifiedObjectMissingConstSpecifier.ql:
    • Fixes #621. Exclude template instantiations that come from constexpr templates.
  • A7-1-7 - IdentifierDeclarationAndInitializationNotOnSeparateLines.ql:
    • Fixes #628. Excludes Functions.
    • Fixes #630. Excludes struct identifiers and variables on the same line when a typedef is used.

Supported versions

  • The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
  • The Code Scanning pack is supported when:
    • Using the CodeQL CLI version 2.14.6 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.14.6.
    • Using the CodeQL Action or CodeQL runner with the codeql-bundle-v2.14.6.

v2.31.0

17 Jun 18:42
30c409f
Compare
Choose a tag to compare

Release summary

  • No new queries were added for this release
  • The following changes have been made for this release:
  • M0-1-2 - InfeasiblePath.ql:
    • Fixes #376. For template functions we now only report when a path is infeasible regardless of instantiations present.

Supported versions

  • The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
  • The Code Scanning pack is supported when:
    • Using the CodeQL CLI version 2.14.6 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.14.6.
    • Using the CodeQL Action or CodeQL runner with the codeql-bundle-v2.14.6.

v2.30.0

06 Jun 20:09
048ada4
Compare
Choose a tag to compare

Release summary

  • No new queries were added for this release
  • The following changes have been made for this release:
  • A18-5-8 - UnnecessaryUseOfDynamicStorage.ql:
    • Address FP reported in #20. Add model of flow from MakeSharedOrUnique to return expression to capture copy/move elision case NRVO.
  • A7-1-2 - VariableMissingConstexpr.ql:
    • Fixes #607. Remove false positives for compiler generated variables and in uninstantiated templates

Supported versions

  • The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
  • The Code Scanning pack is supported when:
    • Using the CodeQL CLI version 2.14.6 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.14.6.
    • Using the CodeQL Action or CodeQL runner with the codeql-bundle-v2.14.6.