Merge pull request #737 from github/codeql/upgrade-to-2.15.5

lcartey · web-flow · commit 2e8a50376cb4 · 2024-10-08T10:55:02.000Z
Upgrade `github/codeql` dependency to 2.15.5
diff --git a/c/cert/src/codeql-pack.lock.yml b/c/cert/src/codeql-pack.lock.yml
@@ -2,13 +2,17 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/cpp-all:
-    version: 0.9.3
+    version: 0.12.2
   codeql/dataflow:
+    version: 0.1.5
+  codeql/rangeanalysis:
     version: 0.0.4
   codeql/ssa:
-    version: 0.1.5
+    version: 0.2.5
   codeql/tutorial:
-    version: 0.1.5
+    version: 0.2.5
+  codeql/typetracking:
+    version: 0.2.5
   codeql/util:
-    version: 0.1.5
+    version: 0.2.5
 compiled: false
diff --git a/c/cert/src/qlpack.yml b/c/cert/src/qlpack.yml
@@ -5,4 +5,4 @@ suites: codeql-suites
 license: MIT
 dependencies:
   codeql/common-c-coding-standards: '*'
-  codeql/cpp-all: 0.9.3
+  codeql/cpp-all: 0.12.2
diff --git a/c/cert/test/codeql-pack.lock.yml b/c/cert/test/codeql-pack.lock.yml
@@ -2,13 +2,17 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/cpp-all:
-    version: 0.9.3
+    version: 0.12.2
   codeql/dataflow:
+    version: 0.1.5
+  codeql/rangeanalysis:
     version: 0.0.4
   codeql/ssa:
-    version: 0.1.5
+    version: 0.2.5
   codeql/tutorial:
-    version: 0.1.5
+    version: 0.2.5
+  codeql/typetracking:
+    version: 0.2.5
   codeql/util:
-    version: 0.1.5
+    version: 0.2.5
 compiled: false
diff --git a/c/common/src/codeql-pack.lock.yml b/c/common/src/codeql-pack.lock.yml
@@ -2,13 +2,17 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/cpp-all:
-    version: 0.9.3
+    version: 0.12.2
   codeql/dataflow:
+    version: 0.1.5
+  codeql/rangeanalysis:
     version: 0.0.4
   codeql/ssa:
-    version: 0.1.5
+    version: 0.2.5
   codeql/tutorial:
-    version: 0.1.5
+    version: 0.2.5
+  codeql/typetracking:
+    version: 0.2.5
   codeql/util:
-    version: 0.1.5
+    version: 0.2.5
 compiled: false
diff --git a/c/common/src/qlpack.yml b/c/common/src/qlpack.yml
@@ -3,4 +3,4 @@ version: 2.36.0-dev
 license: MIT
 dependencies:
   codeql/common-cpp-coding-standards: '*'
-  codeql/cpp-all: 0.9.3
+  codeql/cpp-all: 0.12.2
diff --git a/c/common/test/codeql-pack.lock.yml b/c/common/test/codeql-pack.lock.yml
@@ -2,13 +2,17 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/cpp-all:
-    version: 0.9.3
+    version: 0.12.2
   codeql/dataflow:
+    version: 0.1.5
+  codeql/rangeanalysis:
     version: 0.0.4
   codeql/ssa:
-    version: 0.1.5
+    version: 0.2.5
   codeql/tutorial:
-    version: 0.1.5
+    version: 0.2.5
+  codeql/typetracking:
+    version: 0.2.5
   codeql/util:
-    version: 0.1.5
+    version: 0.2.5
 compiled: false
diff --git a/c/misra/src/codeql-pack.lock.yml b/c/misra/src/codeql-pack.lock.yml
@@ -2,13 +2,17 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/cpp-all:
-    version: 0.9.3
+    version: 0.12.2
   codeql/dataflow:
+    version: 0.1.5
+  codeql/rangeanalysis:
     version: 0.0.4
   codeql/ssa:
-    version: 0.1.5
+    version: 0.2.5
   codeql/tutorial:
-    version: 0.1.5
+    version: 0.2.5
+  codeql/typetracking:
+    version: 0.2.5
   codeql/util:
-    version: 0.1.5
+    version: 0.2.5
 compiled: false
diff --git a/c/misra/src/qlpack.yml b/c/misra/src/qlpack.yml
@@ -6,4 +6,4 @@ license: MIT
 default-suite-file: codeql-suites/misra-c-default.qls
 dependencies:
   codeql/common-c-coding-standards: '*'
-  codeql/cpp-all: 0.9.3
+  codeql/cpp-all: 0.12.2
diff --git a/c/misra/src/rules/RULE-10-1/OperandsOfAnInappropriateEssentialType.ql b/c/misra/src/rules/RULE-10-1/OperandsOfAnInappropriateEssentialType.ql
@@ -15,7 +15,6 @@
 import cpp
 import codingstandards.c.misra
 import codingstandards.c.misra.EssentialTypes
-import codingstandards.cpp.Bitwise
 
 /**
  * Holds if the operator `operator` has an operand `child` that is of an inappropriate essential type
@@ -179,8 +178,7 @@ predicate isInappropriateEssentialType(
     child =
       [
         operator.(BinaryBitwiseOperation).getAnOperand(),
-        operator.(Bitwise::AssignBitwiseOperation).getAnOperand(),
-        operator.(ComplementExpr).getAnOperand()
+        operator.(AssignBitwiseOperation).getAnOperand(), operator.(ComplementExpr).getAnOperand()
       ] and
     not operator instanceof LShiftExpr and
     not operator instanceof RShiftExpr and
diff --git a/c/misra/src/rules/RULE-8-2/FunctionTypesNotInPrototypeForm.ql b/c/misra/src/rules/RULE-8-2/FunctionTypesNotInPrototypeForm.ql
@@ -49,11 +49,9 @@ where
     msg = "Function " + f + " does not specify void for no parameters present."
     or
     //parameters declared in declaration list (not in function signature)
-    //have placeholder file location associated only
-    exists(Parameter p |
-      p.getFunction() = f and
-      not p.getFile() = f.getFile() and
-      msg = "Function " + f + " declares parameter in unsupported declaration list."
-    )
+    //have no prototype
+    not f.isPrototyped() and
+    not hasZeroParamDecl(f) and
+    msg = "Function " + f + " declares parameter in unsupported declaration list."
   )
 select f, msg
diff --git a/c/misra/test/codeql-pack.lock.yml b/c/misra/test/codeql-pack.lock.yml
@@ -2,13 +2,17 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/cpp-all:
-    version: 0.9.3
+    version: 0.12.2
   codeql/dataflow:
+    version: 0.1.5
+  codeql/rangeanalysis:
     version: 0.0.4
   codeql/ssa:
-    version: 0.1.5
+    version: 0.2.5
   codeql/tutorial:
-    version: 0.1.5
+    version: 0.2.5
+  codeql/typetracking:
+    version: 0.2.5
   codeql/util:
-    version: 0.1.5
+    version: 0.2.5
 compiled: false
diff --git a/change_notes/2024-10-07-upgrade-to-2.15.5.md b/change_notes/2024-10-07-upgrade-to-2.15.5.md
@@ -0,0 +1 @@
+- Updated the CodeQL version to `2.15.5`.
diff --git a/cpp/autosar/src/codeql-pack.lock.yml b/cpp/autosar/src/codeql-pack.lock.yml
@@ -2,13 +2,17 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/cpp-all:
-    version: 0.9.3
+    version: 0.12.2
   codeql/dataflow:
+    version: 0.1.5
+  codeql/rangeanalysis:
     version: 0.0.4
   codeql/ssa:
-    version: 0.1.5
+    version: 0.2.5
   codeql/tutorial:
-    version: 0.1.5
+    version: 0.2.5
+  codeql/typetracking:
+    version: 0.2.5
   codeql/util:
-    version: 0.1.5
+    version: 0.2.5
 compiled: false
diff --git a/cpp/autosar/src/qlpack.yml b/cpp/autosar/src/qlpack.yml
@@ -5,4 +5,4 @@ suites: codeql-suites
 license: MIT
 dependencies:
   codeql/common-cpp-coding-standards: '*'
-  codeql/cpp-all: 0.9.3
+  codeql/cpp-all: 0.12.2
diff --git a/cpp/autosar/src/rules/M5-0-20/BitwiseOperatorOperandsHaveDifferentUnderlyingType.ql b/cpp/autosar/src/rules/M5-0-20/BitwiseOperatorOperandsHaveDifferentUnderlyingType.ql
@@ -16,15 +16,14 @@
 
 import cpp
 import codingstandards.cpp.autosar
-import codingstandards.cpp.Bitwise
 import codingstandards.cpp.Conversion
 
 predicate isBinaryBitwiseOperation(Operation o, VariableAccess l, VariableAccess r) {
   exists(BinaryBitwiseOperation bbo | bbo = o |
     l = bbo.getLeftOperand() and r = bbo.getRightOperand()
   )
   or
-  exists(Bitwise::AssignBitwiseOperation abo | abo = o |
+  exists(AssignBitwiseOperation abo | abo = o |
     l = abo.getLValue() and
     r = abo.getRValue()
   )
diff --git a/cpp/autosar/src/rules/M5-0-21/BitwiseOperatorAppliedToSignedTypes.ql b/cpp/autosar/src/rules/M5-0-21/BitwiseOperatorAppliedToSignedTypes.ql
@@ -17,15 +17,14 @@
 
 import cpp
 import codingstandards.cpp.autosar
-import codingstandards.cpp.Bitwise
 
 from Operation o, VariableAccess va
 where
   not isExcluded(o, ExpressionsPackage::bitwiseOperatorAppliedToSignedTypesQuery()) and
   (
     o instanceof UnaryBitwiseOperation or
     o instanceof BinaryBitwiseOperation or
-    o instanceof Bitwise::AssignBitwiseOperation
+    o instanceof AssignBitwiseOperation
   ) and
   o.getAnOperand() = va and
   va.getTarget().getUnderlyingType().(IntegralType).isSigned()
diff --git a/cpp/autosar/src/rules/M5-8-1/RightBitShiftOperandIsNegativeOrTooWide.ql b/cpp/autosar/src/rules/M5-8-1/RightBitShiftOperandIsNegativeOrTooWide.ql
@@ -17,7 +17,6 @@
 
 import cpp
 import codingstandards.cpp.autosar
-import codingstandards.cpp.Bitwise
 
 class ShiftOperation extends Operation {
   Expr leftOperand;
@@ -34,7 +33,7 @@ class ShiftOperation extends Operation {
       rightOperand = o.getRightOperand()
     )
     or
-    exists(Bitwise::AssignBitwiseOperation o | this = o |
+    exists(AssignBitwiseOperation o | this = o |
       (
         o instanceof AssignLShiftExpr
         or
diff --git a/cpp/autosar/test/codeql-pack.lock.yml b/cpp/autosar/test/codeql-pack.lock.yml
@@ -2,13 +2,17 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/cpp-all:
-    version: 0.9.3
+    version: 0.12.2
   codeql/dataflow:
+    version: 0.1.5
+  codeql/rangeanalysis:
     version: 0.0.4
   codeql/ssa:
-    version: 0.1.5
+    version: 0.2.5
   codeql/tutorial:
-    version: 0.1.5
+    version: 0.2.5
+  codeql/typetracking:
+    version: 0.2.5
   codeql/util:
-    version: 0.1.5
+    version: 0.2.5
 compiled: false
diff --git a/cpp/cert/src/codeql-pack.lock.yml b/cpp/cert/src/codeql-pack.lock.yml
@@ -2,13 +2,17 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/cpp-all:
-    version: 0.9.3
+    version: 0.12.2
   codeql/dataflow:
+    version: 0.1.5
+  codeql/rangeanalysis:
     version: 0.0.4
   codeql/ssa:
-    version: 0.1.5
+    version: 0.2.5
   codeql/tutorial:
-    version: 0.1.5
+    version: 0.2.5
+  codeql/typetracking:
+    version: 0.2.5
   codeql/util:
-    version: 0.1.5
+    version: 0.2.5
 compiled: false
diff --git a/cpp/cert/src/qlpack.yml b/cpp/cert/src/qlpack.yml
@@ -4,5 +4,5 @@ description: CERT C++ 2016
 suites: codeql-suites
 license: MIT
 dependencies:
-  codeql/cpp-all: 0.9.3
+  codeql/cpp-all: 0.12.2
   codeql/common-cpp-coding-standards: '*'
diff --git a/cpp/cert/src/rules/MEM53-CPP/ManuallyManagedLifetime.qll b/cpp/cert/src/rules/MEM53-CPP/ManuallyManagedLifetime.qll
@@ -14,12 +14,15 @@ module AllocToStaticCastConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) {
     exists(AllocationExpr ae |
       ae.getType().getUnspecifiedType() instanceof VoidPointerType and
-      source.asExpr() = ae and
-      // Ignore realloc, as that memory may already be partially constructed
-      not ae.(FunctionCall).getTarget().getName().toLowerCase().matches("%realloc%")
+      source.asExpr() = ae
     )
   }
 
+  predicate isBarrier(DataFlow::Node sanitizer) {
+    // Ignore realloc, as that memory may already be partially constructed
+    sanitizer.asExpr().(FunctionCall).getTarget().getName().toLowerCase().matches("%realloc%")
+  }
+
   predicate isSink(DataFlow::Node sink) {
     exists(StaticOrCStyleCast sc, Class nonTrivialClass |
       sc.getExpr() = sink.asExpr() and
diff --git a/cpp/cert/test/codeql-pack.lock.yml b/cpp/cert/test/codeql-pack.lock.yml
@@ -2,13 +2,17 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/cpp-all:
-    version: 0.9.3
+    version: 0.12.2
   codeql/dataflow:
+    version: 0.1.5
+  codeql/rangeanalysis:
     version: 0.0.4
   codeql/ssa:
-    version: 0.1.5
+    version: 0.2.5
   codeql/tutorial:
-    version: 0.1.5
+    version: 0.2.5
+  codeql/typetracking:
+    version: 0.2.5
   codeql/util:
-    version: 0.1.5
+    version: 0.2.5
 compiled: false
diff --git a/cpp/common/src/codeql-pack.lock.yml b/cpp/common/src/codeql-pack.lock.yml
@@ -2,13 +2,17 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/cpp-all:
-    version: 0.9.3
+    version: 0.12.2
   codeql/dataflow:
+    version: 0.1.5
+  codeql/rangeanalysis:
     version: 0.0.4
   codeql/ssa:
-    version: 0.1.5
+    version: 0.2.5
   codeql/tutorial:
-    version: 0.1.5
+    version: 0.2.5
+  codeql/typetracking:
+    version: 0.2.5
   codeql/util:
-    version: 0.1.5
+    version: 0.2.5
 compiled: false
diff --git a/cpp/common/src/codingstandards/cpp/Bitwise.qll b/cpp/common/src/codingstandards/cpp/Bitwise.qll
diff --git a/cpp/common/src/qlpack.yml b/cpp/common/src/qlpack.yml
diff --git a/cpp/common/test/codeql-pack.lock.yml b/cpp/common/test/codeql-pack.lock.yml
diff --git a/cpp/misra/src/codeql-pack.lock.yml b/cpp/misra/src/codeql-pack.lock.yml
diff --git a/cpp/misra/src/qlpack.yml b/cpp/misra/src/qlpack.yml
diff --git a/cpp/misra/test/codeql-pack.lock.yml b/cpp/misra/test/codeql-pack.lock.yml
diff --git a/cpp/report/src/codeql-pack.lock.yml b/cpp/report/src/codeql-pack.lock.yml
diff --git a/cpp/report/src/qlpack.yml b/cpp/report/src/qlpack.yml
diff --git a/scripts/generate_modules/queries/codeql-pack.lock.yml b/scripts/generate_modules/queries/codeql-pack.lock.yml
diff --git a/scripts/generate_modules/queries/qlpack.yml b/scripts/generate_modules/queries/qlpack.yml
diff --git a/supported_codeql_configs.json b/supported_codeql_configs.json

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	+- Updated the CodeQL version to `2.15.5`.
Original file line number	Diff line number	Diff line change
`@@ -17,7 +17,6 @@`
`17`	`17`
`18`	`18`	`import cpp`
`19`	`19`	`import codingstandards.cpp.autosar`
`20`		`-import codingstandards.cpp.Bitwise`
`21`	`20`
`22`	`21`	`class ShiftOperation extends Operation {`
`23`	`22`	`Expr leftOperand;`
`@@ -34,7 +33,7 @@ class ShiftOperation extends Operation {`
`34`	`33`	`rightOperand = o.getRightOperand()`
`35`	`34`	`)`
`36`	`35`	`or`
`37`		`- exists(Bitwise::AssignBitwiseOperation o \| this = o \|`
	`36`	`+ exists(AssignBitwiseOperation o \| this = o \|`
`38`	`37`	`(`
`39`	`38`	`o instanceof AssignLShiftExpr`
`40`	`39`	`or`