From bb265967e598d8acc1c825e40d394e03a8b2b7f5 Mon Sep 17 00:00:00 2001 From: Remco Vermeulen Date: Mon, 15 Aug 2022 16:04:40 -0700 Subject: [PATCH 1/8] Upgrade to latest jsonschema package --- scripts/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/requirements.txt b/scripts/requirements.txt index f9152768fc..56682f6332 100644 --- a/scripts/requirements.txt +++ b/scripts/requirements.txt @@ -12,5 +12,5 @@ soupsieve==2.0.1 urllib3==1.26.5 pyyaml==5.4 wheel==0.37.0 -jsonschema==3.2.0 +jsonschema==4.9.1 marko==1.2.1 \ No newline at end of file From 9db80c773cf74476f3583236d10c34f62e57276c Mon Sep 17 00:00:00 2001 From: Remco Vermeulen Date: Mon, 15 Aug 2022 16:05:37 -0700 Subject: [PATCH 2/8] Update rule package schema This applies the following changes: - Add support for the standards CERT-C and MISRA-C 2012 - Stricter validation by rejected additional properties - Update the obligation enum set to match those defined by the standard. --- schemas/rule-package.schema.json | 105 +++++++++++++++++++++++++++++-- 1 file changed, 100 insertions(+), 5 deletions(-) diff --git a/schemas/rule-package.schema.json b/schemas/rule-package.schema.json index 913f10bcfd..2e8b6298d1 100644 --- a/schemas/rule-package.schema.json +++ b/schemas/rule-package.schema.json @@ -45,7 +45,6 @@ "type": "string", "enum": [ "required", - "rule", "advisory" ] } @@ -67,6 +66,7 @@ "type": "string" } }, + "additionalProperties": false, "required": [ "properties", "queries", @@ -85,6 +85,100 @@ "type": "object", "patternProperties": { "^\\w+\\d+-CPP": { + "description": "A coding standard rule", + "type": "object", + "properties": { + "properties": { + "type": "object", + "properties": { + "obligation": { + "type": "string", + "enum": [ + "rule" + ] + } + }, + "required": [ + "obligation" + ] + }, + "queries": { + "type": "array", + "uniqueItems": true, + "items": { + "$ref": "#/$defs/query" + } + }, + "title": { + "type": "string" + } + }, + "required": [ + "properties", + "queries", + "title" + ], + "additionalProperties": false + } + }, + "minProperties": 1 + } + } + }, + { + "properties": { + "CERT-C": { + "description": "Rules part of the CERT-C standard", + "type": "object", + "patternProperties": { + "^\\w+\\d+-C": { + "description": "A coding standard rule", + "type": "object", + "properties": { + "properties": { + "type": "object", + "properties": { + "obligation": { + "type": "string", + "enum": [ + "rule" + ] + } + }, + "required": [ + "obligation" + ] + }, + "queries": { + "type": "array", + "uniqueItems": true, + "items": { + "$ref": "#/$defs/query" + } + }, + "title": { + "type": "string" + } + }, + "required": [ + "properties", + "queries", + "title" + ], + "additionalProperties": false + } + }, + "minProperties": 1 + } + } + }, + { + "properties": { + "MISRA-C-2012": { + "description": "Rules part of the MISRA C 2012 standard", + "type": "object", + "patternProperties": { + "^RULE-\\d+-\\d+": { "description": "A coding standard rule", "type": "object", "properties": { @@ -95,8 +189,8 @@ "type": "string", "enum": [ "required", - "rule", - "advisory" + "advisory", + "mandatory" ] } }, @@ -119,7 +213,8 @@ "properties", "queries", "title" - ] + ], + "additionalProperties": false } }, "minProperties": 1 @@ -128,7 +223,7 @@ } ], "minProperties": 1, - "maxProperties": 2, + "maxProperties": 4, "$defs": { "query": { "$id": "/schemas/query", From 6ffbf795c20ec1bdd60ccfb015367cc1a43ba6ca Mon Sep 17 00:00:00 2001 From: Remco Vermeulen Date: Tue, 16 Aug 2022 11:54:49 -0700 Subject: [PATCH 3/8] Address incorrect meta data C Banned package - Fix spelling mistake in obligation key. - Add missing punctuations. --- c/cert/src/rules/ENV33-C/DoNotCallSystem.ql | 2 +- .../src/rules/RULE-4-12/StdLibDynamicMemoryAllocationUsed.ql | 2 +- rule_packages/c/Banned.json | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/c/cert/src/rules/ENV33-C/DoNotCallSystem.ql b/c/cert/src/rules/ENV33-C/DoNotCallSystem.ql index 6fc974c39e..58a9c8db79 100644 --- a/c/cert/src/rules/ENV33-C/DoNotCallSystem.ql +++ b/c/cert/src/rules/ENV33-C/DoNotCallSystem.ql @@ -7,7 +7,7 @@ * @problem.severity error * @tags external/cert/id/env33-c * security - * external/cert/obligtion/rule + * external/cert/obligation/rule */ import cpp diff --git a/c/misra/src/rules/RULE-4-12/StdLibDynamicMemoryAllocationUsed.ql b/c/misra/src/rules/RULE-4-12/StdLibDynamicMemoryAllocationUsed.ql index a4aa183acf..84055145e3 100644 --- a/c/misra/src/rules/RULE-4-12/StdLibDynamicMemoryAllocationUsed.ql +++ b/c/misra/src/rules/RULE-4-12/StdLibDynamicMemoryAllocationUsed.ql @@ -3,7 +3,7 @@ * @name RULE-4-12: Dynamic memory allocation shall not be used * @description Using dynamic memory allocation and deallocation can result to undefined behavior. * This query is for the Standard Library Implementation. Any implementation outside it - * will require a separate query under the same directive + * will require a separate query under the same directive. * @kind problem * @precision very-high * @problem.severity error diff --git a/rule_packages/c/Banned.json b/rule_packages/c/Banned.json index a39b9ead7d..46032e3a68 100644 --- a/rule_packages/c/Banned.json +++ b/rule_packages/c/Banned.json @@ -2,7 +2,7 @@ "CERT-C": { "ENV33-C": { "properties": { - "obligtion": "rule" + "obligation": "rule" }, "queries": [ { @@ -310,7 +310,7 @@ }, "queries": [ { - "description": "Using dynamic memory allocation and deallocation can result to undefined behavior. This query is for the Standard Library Implementation. Any implementation outside it will require a separate query under the same directive", + "description": "Using dynamic memory allocation and deallocation can result to undefined behavior. This query is for the Standard Library Implementation. Any implementation outside it will require a separate query under the same directive.", "kind": "problem", "name": "Dynamic memory allocation shall not be used", "precision": "very-high", From 9b3f2df6fcf001af11dfedaf599b72f7fe5cf9e1 Mon Sep 17 00:00:00 2001 From: Remco Vermeulen Date: Tue, 16 Aug 2022 11:58:44 -0700 Subject: [PATCH 4/8] Remove duplicate tag in C Pointers1 meta data --- .../RULE-4-8/ObjectWithNoPointerDereferenceShouldBeOpaque.ql | 1 - rule_packages/c/Pointers1.json | 3 +-- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/c/misra/src/rules/RULE-4-8/ObjectWithNoPointerDereferenceShouldBeOpaque.ql b/c/misra/src/rules/RULE-4-8/ObjectWithNoPointerDereferenceShouldBeOpaque.ql index 20f91dca78..1521b9602a 100644 --- a/c/misra/src/rules/RULE-4-8/ObjectWithNoPointerDereferenceShouldBeOpaque.ql +++ b/c/misra/src/rules/RULE-4-8/ObjectWithNoPointerDereferenceShouldBeOpaque.ql @@ -10,7 +10,6 @@ * @tags external/misra/id/rule-4-8 * readability * maintainability - * readability * external/misra/obligation/advisory */ diff --git a/rule_packages/c/Pointers1.json b/rule_packages/c/Pointers1.json index 2ec0775644..991838e34f 100644 --- a/rule_packages/c/Pointers1.json +++ b/rule_packages/c/Pointers1.json @@ -308,8 +308,7 @@ "short_name": "ObjectWithNoPointerDereferenceShouldBeOpaque", "tags": [ "readability", - "maintainability", - "readability" + "maintainability" ], "implementation_scope": { "description": "This rule considers all cases where a structure or union is referenced as a pointer but has no FieldAccess within a translation unit. Further excluded from this rule are translation units in which the structure or union is declared as a non-pointer variable." From 5a073f860ed1e283aa2a1536324cd02fe387fcee Mon Sep 17 00:00:00 2001 From: Remco Vermeulen Date: Tue, 16 Aug 2022 12:12:31 -0700 Subject: [PATCH 5/8] Address invalid meta data C Expressions package - Name was ending with a punctuation. --- .../rules/EXP37-C/CallPOSIXOpenWithCorrectArgumentCount.md | 2 +- .../rules/EXP37-C/CallPOSIXOpenWithCorrectArgumentCount.ql | 2 +- .../EXP37-C/DoNotCallFunctionsWithIncompatibleArguments.md | 2 +- .../EXP37-C/DoNotCallFunctionsWithIncompatibleArguments.ql | 2 +- rule_packages/c/Expressions.json | 4 ++-- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/c/cert/src/rules/EXP37-C/CallPOSIXOpenWithCorrectArgumentCount.md b/c/cert/src/rules/EXP37-C/CallPOSIXOpenWithCorrectArgumentCount.md index b6663872bf..830243c0f9 100644 --- a/c/cert/src/rules/EXP37-C/CallPOSIXOpenWithCorrectArgumentCount.md +++ b/c/cert/src/rules/EXP37-C/CallPOSIXOpenWithCorrectArgumentCount.md @@ -1,4 +1,4 @@ -# EXP37-C: Pass the correct number of arguments to the POSIX open function. +# EXP37-C: Pass the correct number of arguments to the POSIX open function This query implements the CERT-C rule EXP37-C: diff --git a/c/cert/src/rules/EXP37-C/CallPOSIXOpenWithCorrectArgumentCount.ql b/c/cert/src/rules/EXP37-C/CallPOSIXOpenWithCorrectArgumentCount.ql index 275e4759d7..ad8520e321 100644 --- a/c/cert/src/rules/EXP37-C/CallPOSIXOpenWithCorrectArgumentCount.ql +++ b/c/cert/src/rules/EXP37-C/CallPOSIXOpenWithCorrectArgumentCount.ql @@ -1,6 +1,6 @@ /** * @id c/cert/call-posix-open-with-correct-argument-count - * @name EXP37-C: Pass the correct number of arguments to the POSIX open function. + * @name EXP37-C: Pass the correct number of arguments to the POSIX open function * @description A third argument should be passed to the POSIX function open() when and only when * creating a new file. * @kind problem diff --git a/c/cert/src/rules/EXP37-C/DoNotCallFunctionsWithIncompatibleArguments.md b/c/cert/src/rules/EXP37-C/DoNotCallFunctionsWithIncompatibleArguments.md index 337095447e..df330f09d2 100644 --- a/c/cert/src/rules/EXP37-C/DoNotCallFunctionsWithIncompatibleArguments.md +++ b/c/cert/src/rules/EXP37-C/DoNotCallFunctionsWithIncompatibleArguments.md @@ -1,4 +1,4 @@ -# EXP37-C: Do not pass arguments with an incompatible count or type to a function. +# EXP37-C: Do not pass arguments with an incompatible count or type to a function This query implements the CERT-C rule EXP37-C: diff --git a/c/cert/src/rules/EXP37-C/DoNotCallFunctionsWithIncompatibleArguments.ql b/c/cert/src/rules/EXP37-C/DoNotCallFunctionsWithIncompatibleArguments.ql index 8285f1d36a..e76c62ee2d 100644 --- a/c/cert/src/rules/EXP37-C/DoNotCallFunctionsWithIncompatibleArguments.ql +++ b/c/cert/src/rules/EXP37-C/DoNotCallFunctionsWithIncompatibleArguments.ql @@ -1,6 +1,6 @@ /** * @id c/cert/do-not-call-functions-with-incompatible-arguments - * @name EXP37-C: Do not pass arguments with an incompatible count or type to a function. + * @name EXP37-C: Do not pass arguments with an incompatible count or type to a function * @description The arguments passed to a function must be compatible with the function's * parameters. * @kind problem diff --git a/rule_packages/c/Expressions.json b/rule_packages/c/Expressions.json index 6ed56610af..9d1f8b16a7 100644 --- a/rule_packages/c/Expressions.json +++ b/rule_packages/c/Expressions.json @@ -22,7 +22,7 @@ { "description": "The arguments passed to a function must be compatible with the function's parameters.", "kind": "problem", - "name": "Do not pass arguments with an incompatible count or type to a function.", + "name": "Do not pass arguments with an incompatible count or type to a function", "precision": "high", "severity": "error", "short_name": "DoNotCallFunctionsWithIncompatibleArguments", @@ -33,7 +33,7 @@ { "description": "A third argument should be passed to the POSIX function open() when and only when creating a new file.", "kind": "problem", - "name": "Pass the correct number of arguments to the POSIX open function.", + "name": "Pass the correct number of arguments to the POSIX open function", "precision": "high", "severity": "error", "short_name": "CallPOSIXOpenWithCorrectArgumentCount", From 23a4f4cb1ae9851158766b10fd22e04a881f268b Mon Sep 17 00:00:00 2001 From: Remco Vermeulen Date: Tue, 16 Aug 2022 12:16:21 -0700 Subject: [PATCH 6/8] Address incorrect meta data C IO3 package - Description did not end with a punctuation. --- .../RULE-22-7/EofShallBeComparedWithUnmodifiedReturnValues.ql | 2 +- rule_packages/c/IO3.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/c/misra/src/rules/RULE-22-7/EofShallBeComparedWithUnmodifiedReturnValues.ql b/c/misra/src/rules/RULE-22-7/EofShallBeComparedWithUnmodifiedReturnValues.ql index 457084f35c..22499946a0 100644 --- a/c/misra/src/rules/RULE-22-7/EofShallBeComparedWithUnmodifiedReturnValues.ql +++ b/c/misra/src/rules/RULE-22-7/EofShallBeComparedWithUnmodifiedReturnValues.ql @@ -2,7 +2,7 @@ * @id c/misra/eof-shall-be-compared-with-unmodified-return-values * @name RULE-22-7: The macro EOF shall only be compared with the unmodified return value from any Standard Library * @description The macro EOF shall only be compared with the unmodified return value from any - * Standard Library function capable of returning EOF + * Standard Library function capable of returning EOF. * @kind problem * @precision high * @problem.severity error diff --git a/rule_packages/c/IO3.json b/rule_packages/c/IO3.json index 88062fbf7e..8d1c250eda 100644 --- a/rule_packages/c/IO3.json +++ b/rule_packages/c/IO3.json @@ -113,7 +113,7 @@ }, "queries": [ { - "description": "The macro EOF shall only be compared with the unmodified return value from any Standard Library function capable of returning EOF", + "description": "The macro EOF shall only be compared with the unmodified return value from any Standard Library function capable of returning EOF.", "kind": "problem", "name": "The macro EOF shall only be compared with the unmodified return value from any Standard Library", "precision": "high", From f83c0fab902feae5af5dd5b501e6859afa0bcb2f Mon Sep 17 00:00:00 2001 From: Remco Vermeulen Date: Tue, 16 Aug 2022 12:29:48 -0700 Subject: [PATCH 7/8] Address incorrect meta data C IO1 package - Add punctuation to descriptions. - Add missing descriptions. --- .../DoNotAlternatelyIOFromAStreamWithoutPositioning.ql | 3 ++- .../rules/FIO42-C/CloseFilesWhenTheyAreNoLongerNeeded.ql | 3 ++- .../FIO46-C/UndefinedBehaviorAccessingAClosedFile.ql | 2 +- c/misra/src/rules/RULE-22-6/FileUsedAfterClosed.ql | 2 +- rule_packages/c/IO1.json | 8 ++++---- 5 files changed, 10 insertions(+), 8 deletions(-) diff --git a/c/cert/src/rules/FIO39-C/DoNotAlternatelyIOFromAStreamWithoutPositioning.ql b/c/cert/src/rules/FIO39-C/DoNotAlternatelyIOFromAStreamWithoutPositioning.ql index bb1cef3259..4983e3a69a 100644 --- a/c/cert/src/rules/FIO39-C/DoNotAlternatelyIOFromAStreamWithoutPositioning.ql +++ b/c/cert/src/rules/FIO39-C/DoNotAlternatelyIOFromAStreamWithoutPositioning.ql @@ -1,7 +1,8 @@ /** * @id c/cert/do-not-alternately-io-from-a-stream-without-positioning * @name FIO39-C: Do not alternately input and output from a stream without an intervening flush or positioning call - * @description + * @description Do not alternately input and output from a stream without an intervening flush or + * positioning call. This may result in undefined behavior. * @kind problem * @precision very-high * @problem.severity error diff --git a/c/cert/src/rules/FIO42-C/CloseFilesWhenTheyAreNoLongerNeeded.ql b/c/cert/src/rules/FIO42-C/CloseFilesWhenTheyAreNoLongerNeeded.ql index 28f7d6eb58..2c7959f38e 100644 --- a/c/cert/src/rules/FIO42-C/CloseFilesWhenTheyAreNoLongerNeeded.ql +++ b/c/cert/src/rules/FIO42-C/CloseFilesWhenTheyAreNoLongerNeeded.ql @@ -1,7 +1,8 @@ /** * @id c/cert/close-files-when-they-are-no-longer-needed * @name FIO42-C: Close files when they are no longer needed - * @description + * @description Open files must be closed before the lifetime of the last pointer to the file-object + * has ended to prevent resource exhaustion and data loss issues. * @kind problem * @precision very-high * @problem.severity error diff --git a/c/cert/src/rules/FIO46-C/UndefinedBehaviorAccessingAClosedFile.ql b/c/cert/src/rules/FIO46-C/UndefinedBehaviorAccessingAClosedFile.ql index 81ae3a229a..6bc284c2c7 100644 --- a/c/cert/src/rules/FIO46-C/UndefinedBehaviorAccessingAClosedFile.ql +++ b/c/cert/src/rules/FIO46-C/UndefinedBehaviorAccessingAClosedFile.ql @@ -1,7 +1,7 @@ /** * @id c/cert/undefined-behavior-accessing-a-closed-file * @name FIO46-C: Do not access a closed file - * @description Do not access a closed file + * @description Do not access a closed file. * @kind problem * @precision high * @problem.severity error diff --git a/c/misra/src/rules/RULE-22-6/FileUsedAfterClosed.ql b/c/misra/src/rules/RULE-22-6/FileUsedAfterClosed.ql index 3a4be49925..78c5063ddd 100644 --- a/c/misra/src/rules/RULE-22-6/FileUsedAfterClosed.ql +++ b/c/misra/src/rules/RULE-22-6/FileUsedAfterClosed.ql @@ -1,7 +1,7 @@ /** * @id c/misra/file-used-after-closed * @name RULE-22-6: The value of a pointer to a FILE shall not be used after the associated stream has been closed - * @description A closed FILE is accessed + * @description A closed FILE is accessed. * @kind problem * @precision very-high * @problem.severity error diff --git a/rule_packages/c/IO1.json b/rule_packages/c/IO1.json index f772d6c4ee..7d7ae66645 100644 --- a/rule_packages/c/IO1.json +++ b/rule_packages/c/IO1.json @@ -65,7 +65,7 @@ }, "queries": [ { - "description": "", + "description": "Do not alternately input and output from a stream without an intervening flush or positioning call. This may result in undefined behavior.", "kind": "problem", "name": "Do not alternately input and output from a stream without an intervening flush or positioning call", "precision": "very-high", @@ -88,7 +88,7 @@ }, "queries": [ { - "description": "", + "description": "Open files must be closed before the lifetime of the last pointer to the file-object has ended to prevent resource exhaustion and data loss issues.", "kind": "problem", "name": "Close files when they are no longer needed", "precision": "very-high", @@ -111,7 +111,7 @@ }, "queries": [ { - "description": "Do not access a closed file", + "description": "Do not access a closed file.", "kind": "problem", "name": "Do not access a closed file", "precision": "high", @@ -136,7 +136,7 @@ }, "queries": [ { - "description": "A closed FILE is accessed", + "description": "A closed FILE is accessed.", "kind": "problem", "name": "The value of a pointer to a FILE shall not be used after the associated stream has been closed", "precision": "very-high", From 0084f0a4cdb1fbea738bf30cf2b07672686bf761 Mon Sep 17 00:00:00 2001 From: Remco Vermeulen Date: Tue, 16 Aug 2022 12:31:19 -0700 Subject: [PATCH 8/8] Address incorrect meta data C Side Effects 2 package - Add punctuation to description. --- .../src/rules/RULE-13-3/SideEffectAndCrementInFullExpression.ql | 2 +- rule_packages/c/SideEffects2.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/c/misra/src/rules/RULE-13-3/SideEffectAndCrementInFullExpression.ql b/c/misra/src/rules/RULE-13-3/SideEffectAndCrementInFullExpression.ql index 808aa1ba7c..3dd03120c8 100644 --- a/c/misra/src/rules/RULE-13-3/SideEffectAndCrementInFullExpression.ql +++ b/c/misra/src/rules/RULE-13-3/SideEffectAndCrementInFullExpression.ql @@ -3,7 +3,7 @@ * @name RULE-13-3: A full expression containing an increment (++) or decrement (--) operator should have no other * @description A full expression containing an increment (++) or decrement (--) operator should * have no other potential side effects other than that caused by the increment or - * decrement operator + * decrement operator. * @kind problem * @precision very-high * @problem.severity warning diff --git a/rule_packages/c/SideEffects2.json b/rule_packages/c/SideEffects2.json index 9c8c3b71ec..42467c2852 100644 --- a/rule_packages/c/SideEffects2.json +++ b/rule_packages/c/SideEffects2.json @@ -6,7 +6,7 @@ }, "queries": [ { - "description": "A full expression containing an increment (++) or decrement (--) operator should have no other potential side effects other than that caused by the increment or decrement operator", + "description": "A full expression containing an increment (++) or decrement (--) operator should have no other potential side effects other than that caused by the increment or decrement operator.", "kind": "problem", "name": "A full expression containing an increment (++) or decrement (--) operator should have no other", "precision": "very-high",