From 8647dd483a5bb342b68cd34034f620a40f12105a Mon Sep 17 00:00:00 2001 From: Remco Vermeulen Date: Fri, 19 Aug 2022 16:32:05 -0700 Subject: [PATCH 01/43] Add rule category to rule meta data The category information enables evaluation time computation of the effective category of a rule. The effective category is determined by the rule's category and a possible recategorization through a Guideline Recategorization Plan. The effective category will be used to determine how to handle a deviation applied to a query implementing the rule. --- .../cpp/exclusions/RuleMetadata.qll | 13 ++- .../cpp/exclusions/c/Banned.qll | 59 ++++++---- .../cpp/exclusions/c/Concurrency1.qll | 11 +- .../cpp/exclusions/c/Concurrency2.qll | 8 +- .../cpp/exclusions/c/Concurrency3.qll | 14 ++- .../cpp/exclusions/c/Concurrency4.qll | 11 +- .../cpp/exclusions/c/Concurrency5.qll | 8 +- .../cpp/exclusions/c/Contracts1.qll | 8 +- .../cpp/exclusions/c/Contracts2.qll | 20 ++-- .../cpp/exclusions/c/Contracts3.qll | 11 +- .../cpp/exclusions/c/Contracts4.qll | 14 ++- .../cpp/exclusions/c/Declarations1.qll | 20 ++-- .../cpp/exclusions/c/Declarations2.qll | 17 ++- .../cpp/exclusions/c/Declarations3.qll | 17 ++- .../cpp/exclusions/c/Expressions.qll | 14 ++- .../codingstandards/cpp/exclusions/c/IO1.qll | 23 ++-- .../codingstandards/cpp/exclusions/c/IO2.qll | 14 ++- .../codingstandards/cpp/exclusions/c/IO3.qll | 20 ++-- .../codingstandards/cpp/exclusions/c/IO4.qll | 14 ++- .../cpp/exclusions/c/Language1.qll | 5 +- .../cpp/exclusions/c/Language2.qll | 8 +- .../codingstandards/cpp/exclusions/c/Misc.qll | 11 +- .../cpp/exclusions/c/Pointers1.qll | 53 ++++++--- .../cpp/exclusions/c/Pointers2.qll | 5 +- .../cpp/exclusions/c/Preprocessor1.qll | 14 ++- .../cpp/exclusions/c/Preprocessor2.qll | 14 ++- .../cpp/exclusions/c/Preprocessor3.qll | 5 +- .../cpp/exclusions/c/Preprocessor4.qll | 11 +- .../cpp/exclusions/c/Preprocessor5.qll | 11 +- .../cpp/exclusions/c/Preprocessor6.qll | 5 +- .../cpp/exclusions/c/RuleMetadata.qll | 72 ++++++------ .../cpp/exclusions/c/SideEffects1.qll | 32 ++++-- .../cpp/exclusions/c/SideEffects2.qll | 8 +- .../cpp/exclusions/c/Strings1.qll | 11 +- .../cpp/exclusions/c/Strings2.qll | 5 +- .../cpp/exclusions/c/Strings3.qll | 8 +- .../cpp/exclusions/c/Syntax.qll | 23 ++-- .../cpp/exclusions/cpp/Allocations.qll | 65 +++++++---- .../cpp/exclusions/cpp/BannedFunctions.qll | 35 ++++-- .../cpp/exclusions/cpp/BannedLibraries.qll | 38 ++++--- .../cpp/exclusions/cpp/BannedSyntax.qll | 53 ++++++--- .../cpp/exclusions/cpp/BannedTypes.qll | 14 ++- .../cpp/exclusions/cpp/Classes.qll | 56 ++++++---- .../cpp/exclusions/cpp/Comments.qll | 17 ++- .../cpp/exclusions/cpp/Concurrency.qll | 29 +++-- .../cpp/exclusions/cpp/Conditionals.qll | 53 ++++++--- .../cpp/exclusions/cpp/Const.qll | 41 ++++--- .../cpp/exclusions/cpp/DeadCode.qll | 50 ++++++--- .../cpp/exclusions/cpp/Declarations.qll | 53 ++++++--- .../cpp/exclusions/cpp/ExceptionSafety.qll | 17 ++- .../cpp/exclusions/cpp/Exceptions1.qll | 104 ++++++++++++------ .../cpp/exclusions/cpp/Exceptions2.qll | 53 ++++++--- .../cpp/exclusions/cpp/Expressions.qll | 50 ++++++--- .../cpp/exclusions/cpp/Freed.qll | 29 +++-- .../cpp/exclusions/cpp/Functions.qll | 44 +++++--- .../codingstandards/cpp/exclusions/cpp/IO.qll | 11 +- .../cpp/exclusions/cpp/Includes.qll | 20 ++-- .../cpp/exclusions/cpp/Inheritance.qll | 41 ++++--- .../cpp/exclusions/cpp/Initialization.qll | 65 +++++++---- .../cpp/exclusions/cpp/IntegerConversion.qll | 32 ++++-- .../cpp/exclusions/cpp/Invariants.qll | 20 ++-- .../cpp/exclusions/cpp/Iterators.qll | 23 ++-- .../cpp/exclusions/cpp/Lambdas.qll | 35 ++++-- .../cpp/exclusions/cpp/Literals.qll | 35 ++++-- .../cpp/exclusions/cpp/Loops.qll | 41 ++++--- .../cpp/exclusions/cpp/Macros.qll | 38 ++++--- .../cpp/exclusions/cpp/MoveForward.qll | 23 ++-- .../cpp/exclusions/cpp/Naming.qll | 83 +++++++++----- .../cpp/exclusions/cpp/Null.qll | 11 +- .../cpp/exclusions/cpp/OperatorInvariants.qll | 29 +++-- .../cpp/exclusions/cpp/Operators.qll | 47 +++++--- .../cpp/exclusions/cpp/OrderOfEvaluation.qll | 20 ++-- .../cpp/exclusions/cpp/OutOfBounds.qll | 14 ++- .../cpp/exclusions/cpp/Pointers.qll | 71 ++++++++---- .../cpp/exclusions/cpp/Representation.qll | 26 +++-- .../cpp/exclusions/cpp/RuleMetadata.qll | 102 ++++++++--------- .../cpp/exclusions/cpp/Scope.qll | 53 ++++++--- .../cpp/exclusions/cpp/SideEffects1.qll | 32 ++++-- .../cpp/exclusions/cpp/SideEffects2.qll | 29 +++-- .../cpp/exclusions/cpp/SmartPointers1.qll | 29 +++-- .../cpp/exclusions/cpp/SmartPointers2.qll | 8 +- .../cpp/exclusions/cpp/Strings.qll | 26 +++-- .../cpp/exclusions/cpp/Templates.qll | 26 +++-- .../cpp/exclusions/cpp/Toolchain.qll | 35 ++++-- .../cpp/exclusions/cpp/TrustBoundaries.qll | 11 +- .../cpp/exclusions/cpp/TypeRanges.qll | 32 ++++-- .../cpp/exclusions/cpp/Uninitialized.qll | 11 +- .../cpp/exclusions/cpp/VirtualFunctions.qll | 26 +++-- .../templates/rulemetadata.qll.template | 4 +- .../generate_rules/coding_standards_utils.py | 3 +- .../generate_rules/generate_package_files.py | 4 + .../templates/exclusions.qll.template | 5 +- 92 files changed, 1636 insertions(+), 903 deletions(-) diff --git a/cpp/common/src/codingstandards/cpp/exclusions/RuleMetadata.qll b/cpp/common/src/codingstandards/cpp/exclusions/RuleMetadata.qll index d6511f61b5..4fece00b92 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/RuleMetadata.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/RuleMetadata.qll @@ -8,13 +8,18 @@ newtype TQuery = class Query extends TQuery { string getQueryId() { - CPPRuleMetadata::isQueryMetadata(this, result, _) or - CRuleMetadata::isQueryMetadata(this, result, _) + CPPRuleMetadata::isQueryMetadata(this, result, _, _) or + CRuleMetadata::isQueryMetadata(this, result, _, _) } string getRuleId() { - CPPRuleMetadata::isQueryMetadata(this, _, result) or - CRuleMetadata::isQueryMetadata(this, _, result) + CPPRuleMetadata::isQueryMetadata(this, _, result, _) or + CRuleMetadata::isQueryMetadata(this, _, result, _) + } + + string getCategory() { + CPPRuleMetadata::isQueryMetadata(this, _, _, result) or + CRuleMetadata::isQueryMetadata(this, _, _, result) } string toString() { result = getQueryId() } diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Banned.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Banned.qll index 615b16c0ca..888e0863a3 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Banned.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Banned.qll @@ -24,14 +24,15 @@ newtype BannedQuery = TOctalConstantsUsedQuery() or TRestrictTypeQualifierUsedQuery() -predicate isBannedQueryMetadata(Query query, string queryId, string ruleId) { +predicate isBannedQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `doNotCallSystem` query BannedPackage::doNotCallSystemQuery() and queryId = // `@id` for the `doNotCallSystem` query "c/cert/do-not-call-system" and - ruleId = "ENV33-C" + ruleId = "ENV33-C" and + category = "rule" or query = // `Query` instance for the `commaOperatorShouldNotBeUsed` query @@ -39,7 +40,8 @@ predicate isBannedQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `commaOperatorShouldNotBeUsed` query "c/misra/comma-operator-should-not-be-used" and - ruleId = "RULE-12-3" + ruleId = "RULE-12-3" and + category = "advisory" or query = // `Query` instance for the `featuresOfStdarghUsed` query @@ -47,7 +49,8 @@ predicate isBannedQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `featuresOfStdarghUsed` query "c/misra/features-of-stdargh-used" and - ruleId = "RULE-17-1" + ruleId = "RULE-17-1" and + category = "required" or query = // `Query` instance for the `unionKeywordShouldNotBeUsed` query @@ -55,7 +58,8 @@ predicate isBannedQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `unionKeywordShouldNotBeUsed` query "c/misra/union-keyword-should-not-be-used" and - ruleId = "RULE-19-2" + ruleId = "RULE-19-2" and + category = "advisory" or query = // `Query` instance for the `standardLibraryTimeAndDateFunctionsUsed` query @@ -63,7 +67,8 @@ predicate isBannedQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `standardLibraryTimeAndDateFunctionsUsed` query "c/misra/standard-library-time-and-date-functions-used" and - ruleId = "RULE-21-10" + ruleId = "RULE-21-10" and + category = "required" or query = // `Query` instance for the `standardHeaderFileTgmathhUsed` query @@ -71,7 +76,8 @@ predicate isBannedQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `standardHeaderFileTgmathhUsed` query "c/misra/standard-header-file-tgmathh-used" and - ruleId = "RULE-21-11" + ruleId = "RULE-21-11" and + category = "required" or query = // `Query` instance for the `exceptionHandlingFeaturesOfFenvhUsed` query @@ -79,7 +85,8 @@ predicate isBannedQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `exceptionHandlingFeaturesOfFenvhUsed` query "c/misra/exception-handling-features-of-fenvh-used" and - ruleId = "RULE-21-12" + ruleId = "RULE-21-12" and + category = "advisory" or query = // `Query` instance for the `systemOfStdlibhUsed` query @@ -87,7 +94,8 @@ predicate isBannedQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `systemOfStdlibhUsed` query "c/misra/system-of-stdlibh-used" and - ruleId = "RULE-21-21" + ruleId = "RULE-21-21" and + category = "required" or query = // `Query` instance for the `memoryAllocDeallocFunctionsOfStdlibhUsed` query @@ -95,7 +103,8 @@ predicate isBannedQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `memoryAllocDeallocFunctionsOfStdlibhUsed` query "c/misra/memory-alloc-dealloc-functions-of-stdlibh-used" and - ruleId = "RULE-21-3" + ruleId = "RULE-21-3" and + category = "required" or query = // `Query` instance for the `standardHeaderFileUsedSetjmph` query @@ -103,7 +112,8 @@ predicate isBannedQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `standardHeaderFileUsedSetjmph` query "c/misra/standard-header-file-used-setjmph" and - ruleId = "RULE-21-4" + ruleId = "RULE-21-4" and + category = "required" or query = // `Query` instance for the `standardHeaderFileUsedSignalh` query @@ -111,7 +121,8 @@ predicate isBannedQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `standardHeaderFileUsedSignalh` query "c/misra/standard-header-file-used-signalh" and - ruleId = "RULE-21-5" + ruleId = "RULE-21-5" and + category = "required" or query = // `Query` instance for the `standardLibraryInputoutputFunctionsUsed` query @@ -119,7 +130,8 @@ predicate isBannedQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `standardLibraryInputoutputFunctionsUsed` query "c/misra/standard-library-inputoutput-functions-used" and - ruleId = "RULE-21-6" + ruleId = "RULE-21-6" and + category = "required" or query = // `Query` instance for the `atofAtoiAtolAndAtollOfStdlibhUsed` query @@ -127,7 +139,8 @@ predicate isBannedQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `atofAtoiAtolAndAtollOfStdlibhUsed` query "c/misra/atof-atoi-atol-and-atoll-of-stdlibh-used" and - ruleId = "RULE-21-7" + ruleId = "RULE-21-7" and + category = "required" or query = // `Query` instance for the `terminationFunctionsOfStdlibhUsed` query @@ -135,7 +148,8 @@ predicate isBannedQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `terminationFunctionsOfStdlibhUsed` query "c/misra/termination-functions-of-stdlibh-used" and - ruleId = "RULE-21-8" + ruleId = "RULE-21-8" and + category = "required" or query = // `Query` instance for the `terminationMacrosOfStdlibhUsed` query @@ -143,7 +157,8 @@ predicate isBannedQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `terminationMacrosOfStdlibhUsed` query "c/misra/termination-macros-of-stdlibh-used" and - ruleId = "RULE-21-8" + ruleId = "RULE-21-8" and + category = "required" or query = // `Query` instance for the `bsearchAndQsortOfStdlibhUsed` query @@ -151,7 +166,8 @@ predicate isBannedQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `bsearchAndQsortOfStdlibhUsed` query "c/misra/bsearch-and-qsort-of-stdlibh-used" and - ruleId = "RULE-21-9" + ruleId = "RULE-21-9" and + category = "required" or query = // `Query` instance for the `stdLibDynamicMemoryAllocationUsed` query @@ -159,7 +175,8 @@ predicate isBannedQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `stdLibDynamicMemoryAllocationUsed` query "c/misra/std-lib-dynamic-memory-allocation-used" and - ruleId = "DIR-4-12" + ruleId = "DIR-4-12" and + category = "required" or query = // `Query` instance for the `octalConstantsUsed` query @@ -167,7 +184,8 @@ predicate isBannedQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `octalConstantsUsed` query "c/misra/octal-constants-used" and - ruleId = "RULE-7-1" + ruleId = "RULE-7-1" and + category = "required" or query = // `Query` instance for the `restrictTypeQualifierUsed` query @@ -175,7 +193,8 @@ predicate isBannedQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `restrictTypeQualifierUsed` query "c/misra/restrict-type-qualifier-used" and - ruleId = "RULE-8-14" + ruleId = "RULE-8-14" and + category = "required" } module BannedPackage { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Concurrency1.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Concurrency1.qll index 7d49962781..ed3a82c28d 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Concurrency1.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Concurrency1.qll @@ -8,14 +8,15 @@ newtype Concurrency1Query = TRaceConditionsWhenUsingLibraryFunctionsQuery() or TDoNotCallSignalInMultithreadedProgramQuery() -predicate isConcurrency1QueryMetadata(Query query, string queryId, string ruleId) { +predicate isConcurrency1QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `preventDataRacesWithMultipleThreads` query Concurrency1Package::preventDataRacesWithMultipleThreadsQuery() and queryId = // `@id` for the `preventDataRacesWithMultipleThreads` query "c/cert/prevent-data-races-with-multiple-threads" and - ruleId = "CON32-C" + ruleId = "CON32-C" and + category = "rule" or query = // `Query` instance for the `raceConditionsWhenUsingLibraryFunctions` query @@ -23,7 +24,8 @@ predicate isConcurrency1QueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `raceConditionsWhenUsingLibraryFunctions` query "c/cert/race-conditions-when-using-library-functions" and - ruleId = "CON33-C" + ruleId = "CON33-C" and + category = "rule" or query = // `Query` instance for the `doNotCallSignalInMultithreadedProgram` query @@ -31,7 +33,8 @@ predicate isConcurrency1QueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `doNotCallSignalInMultithreadedProgram` query "c/cert/do-not-call-signal-in-multithreaded-program" and - ruleId = "CON37-C" + ruleId = "CON37-C" and + category = "rule" } module Concurrency1Package { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Concurrency2.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Concurrency2.qll index 7e3bbe10a7..38a3eaa513 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Concurrency2.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Concurrency2.qll @@ -7,14 +7,15 @@ newtype Concurrency2Query = TDeadlockByLockingInPredefinedOrderQuery() or TWrapFunctionsThatCanSpuriouslyWakeUpInLoopQuery() -predicate isConcurrency2QueryMetadata(Query query, string queryId, string ruleId) { +predicate isConcurrency2QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `deadlockByLockingInPredefinedOrder` query Concurrency2Package::deadlockByLockingInPredefinedOrderQuery() and queryId = // `@id` for the `deadlockByLockingInPredefinedOrder` query "c/cert/deadlock-by-locking-in-predefined-order" and - ruleId = "CON35-C" + ruleId = "CON35-C" and + category = "rule" or query = // `Query` instance for the `wrapFunctionsThatCanSpuriouslyWakeUpInLoop` query @@ -22,7 +23,8 @@ predicate isConcurrency2QueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `wrapFunctionsThatCanSpuriouslyWakeUpInLoop` query "c/cert/wrap-functions-that-can-spuriously-wake-up-in-loop" and - ruleId = "CON36-C" + ruleId = "CON36-C" and + category = "rule" } module Concurrency2Package { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Concurrency3.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Concurrency3.qll index 029d0e16e4..982ea21543 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Concurrency3.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Concurrency3.qll @@ -9,14 +9,15 @@ newtype Concurrency3Query = TPreserveSafetyWhenUsingConditionVariablesQuery() or TWrapFunctionsThatCanFailSpuriouslyInLoopQuery() -predicate isConcurrency3QueryMetadata(Query query, string queryId, string ruleId) { +predicate isConcurrency3QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `doNotAllowAMutexToGoOutOfScopeWhileLocked` query Concurrency3Package::doNotAllowAMutexToGoOutOfScopeWhileLockedQuery() and queryId = // `@id` for the `doNotAllowAMutexToGoOutOfScopeWhileLocked` query "c/cert/do-not-allow-a-mutex-to-go-out-of-scope-while-locked" and - ruleId = "CON31-C" + ruleId = "CON31-C" and + category = "rule" or query = // `Query` instance for the `doNotDestroyAMutexWhileItIsLocked` query @@ -24,7 +25,8 @@ predicate isConcurrency3QueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `doNotDestroyAMutexWhileItIsLocked` query "c/cert/do-not-destroy-a-mutex-while-it-is-locked" and - ruleId = "CON31-C" + ruleId = "CON31-C" and + category = "rule" or query = // `Query` instance for the `preserveSafetyWhenUsingConditionVariables` query @@ -32,7 +34,8 @@ predicate isConcurrency3QueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `preserveSafetyWhenUsingConditionVariables` query "c/cert/preserve-safety-when-using-condition-variables" and - ruleId = "CON38-C" + ruleId = "CON38-C" and + category = "rule" or query = // `Query` instance for the `wrapFunctionsThatCanFailSpuriouslyInLoop` query @@ -40,7 +43,8 @@ predicate isConcurrency3QueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `wrapFunctionsThatCanFailSpuriouslyInLoop` query "c/cert/wrap-functions-that-can-fail-spuriously-in-loop" and - ruleId = "CON41-C" + ruleId = "CON41-C" and + category = "rule" } module Concurrency3Package { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Concurrency4.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Concurrency4.qll index 43faee8521..dfe9273563 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Concurrency4.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Concurrency4.qll @@ -8,14 +8,15 @@ newtype Concurrency4Query = TAppropriateThreadObjectStorageDurationsQuery() or TThreadObjectStorageDurationsNotInitializedQuery() -predicate isConcurrency4QueryMetadata(Query query, string queryId, string ruleId) { +predicate isConcurrency4QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `cleanUpThreadSpecificStorage` query Concurrency4Package::cleanUpThreadSpecificStorageQuery() and queryId = // `@id` for the `cleanUpThreadSpecificStorage` query "c/cert/clean-up-thread-specific-storage" and - ruleId = "CON30-C" + ruleId = "CON30-C" and + category = "rule" or query = // `Query` instance for the `appropriateThreadObjectStorageDurations` query @@ -23,7 +24,8 @@ predicate isConcurrency4QueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `appropriateThreadObjectStorageDurations` query "c/cert/appropriate-thread-object-storage-durations" and - ruleId = "CON34-C" + ruleId = "CON34-C" and + category = "rule" or query = // `Query` instance for the `threadObjectStorageDurationsNotInitialized` query @@ -31,7 +33,8 @@ predicate isConcurrency4QueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `threadObjectStorageDurationsNotInitialized` query "c/cert/thread-object-storage-durations-not-initialized" and - ruleId = "CON34-C" + ruleId = "CON34-C" and + category = "rule" } module Concurrency4Package { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Concurrency5.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Concurrency5.qll index ebbb3dabe5..6ff1bc60a4 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Concurrency5.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Concurrency5.qll @@ -7,14 +7,15 @@ newtype Concurrency5Query = TThreadWasPreviouslyJoinedOrDetachedQuery() or TAtomicVariableTwiceInExpressionQuery() -predicate isConcurrency5QueryMetadata(Query query, string queryId, string ruleId) { +predicate isConcurrency5QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `threadWasPreviouslyJoinedOrDetached` query Concurrency5Package::threadWasPreviouslyJoinedOrDetachedQuery() and queryId = // `@id` for the `threadWasPreviouslyJoinedOrDetached` query "c/cert/thread-was-previously-joined-or-detached" and - ruleId = "CON39-C" + ruleId = "CON39-C" and + category = "rule" or query = // `Query` instance for the `atomicVariableTwiceInExpression` query @@ -22,7 +23,8 @@ predicate isConcurrency5QueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `atomicVariableTwiceInExpression` query "c/cert/atomic-variable-twice-in-expression" and - ruleId = "CON40-C" + ruleId = "CON40-C" and + category = "rule" } module Concurrency5Package { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Contracts1.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Contracts1.qll index b7a10673b7..3336438b98 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Contracts1.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Contracts1.qll @@ -7,14 +7,15 @@ newtype Contracts1Query = TDoNotModifyTheReturnValueOfCertainFunctionsQuery() or TEnvPointerIsInvalidAfterCertainOperationsQuery() -predicate isContracts1QueryMetadata(Query query, string queryId, string ruleId) { +predicate isContracts1QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `doNotModifyTheReturnValueOfCertainFunctions` query Contracts1Package::doNotModifyTheReturnValueOfCertainFunctionsQuery() and queryId = // `@id` for the `doNotModifyTheReturnValueOfCertainFunctions` query "c/cert/do-not-modify-the-return-value-of-certain-functions" and - ruleId = "ENV30-C" + ruleId = "ENV30-C" and + category = "rule" or query = // `Query` instance for the `envPointerIsInvalidAfterCertainOperations` query @@ -22,7 +23,8 @@ predicate isContracts1QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `envPointerIsInvalidAfterCertainOperations` query "c/cert/env-pointer-is-invalid-after-certain-operations" and - ruleId = "ENV31-C" + ruleId = "ENV31-C" and + category = "rule" } module Contracts1Package { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Contracts2.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Contracts2.qll index ebf2ba3e26..f5cfe21f1a 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Contracts2.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Contracts2.qll @@ -11,14 +11,15 @@ newtype Contracts2Query = TCallToSetlocaleInvalidatesOldPointersQuery() or TCallToSetlocaleInvalidatesOldPointersWarnQuery() -predicate isContracts2QueryMetadata(Query query, string queryId, string ruleId) { +predicate isContracts2QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `exitHandlersMustReturnNormally` query Contracts2Package::exitHandlersMustReturnNormallyQuery() and queryId = // `@id` for the `exitHandlersMustReturnNormally` query "c/cert/exit-handlers-must-return-normally" and - ruleId = "ENV32-C" + ruleId = "ENV32-C" and + category = "rule" or query = // `Query` instance for the `doNotStorePointersReturnedByEnvFunctions` query @@ -26,7 +27,8 @@ predicate isContracts2QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `doNotStorePointersReturnedByEnvFunctions` query "c/cert/do-not-store-pointers-returned-by-env-functions" and - ruleId = "ENV34-C" + ruleId = "ENV34-C" and + category = "rule" or query = // `Query` instance for the `doNotStorePointersReturnedByEnvironmentFunWarn` query @@ -34,7 +36,8 @@ predicate isContracts2QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `doNotStorePointersReturnedByEnvironmentFunWarn` query "c/cert/do-not-store-pointers-returned-by-environment-fun-warn" and - ruleId = "ENV34-C" + ruleId = "ENV34-C" and + category = "rule" or query = // `Query` instance for the `valuesReturnedByLocaleSettingUsedAsPtrToConst` query @@ -42,7 +45,8 @@ predicate isContracts2QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `valuesReturnedByLocaleSettingUsedAsPtrToConst` query "c/misra/values-returned-by-locale-setting-used-as-ptr-to-const" and - ruleId = "RULE-21-19" + ruleId = "RULE-21-19" and + category = "mandatory" or query = // `Query` instance for the `callToSetlocaleInvalidatesOldPointers` query @@ -50,7 +54,8 @@ predicate isContracts2QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `callToSetlocaleInvalidatesOldPointers` query "c/misra/call-to-setlocale-invalidates-old-pointers" and - ruleId = "RULE-21-20" + ruleId = "RULE-21-20" and + category = "mandatory" or query = // `Query` instance for the `callToSetlocaleInvalidatesOldPointersWarn` query @@ -58,7 +63,8 @@ predicate isContracts2QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `callToSetlocaleInvalidatesOldPointersWarn` query "c/misra/call-to-setlocale-invalidates-old-pointers-warn" and - ruleId = "RULE-21-20" + ruleId = "RULE-21-20" and + category = "mandatory" } module Contracts2Package { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Contracts3.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Contracts3.qll index 7b7e1224d0..633907ba8c 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Contracts3.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Contracts3.qll @@ -8,14 +8,15 @@ newtype Contracts3Query = TErrnoSetToZeroPriorToCallQuery() or TErrnoSetToZeroAfterCallQuery() -predicate isContracts3QueryMetadata(Query query, string queryId, string ruleId) { +predicate isContracts3QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `onlyTestErrnoRightAfterErrnoSettingFunction` query Contracts3Package::onlyTestErrnoRightAfterErrnoSettingFunctionQuery() and queryId = // `@id` for the `onlyTestErrnoRightAfterErrnoSettingFunction` query "c/misra/only-test-errno-right-after-errno-setting-function" and - ruleId = "RULE-22-10" + ruleId = "RULE-22-10" and + category = "required" or query = // `Query` instance for the `errnoSetToZeroPriorToCall` query @@ -23,7 +24,8 @@ predicate isContracts3QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `errnoSetToZeroPriorToCall` query "c/misra/errno-set-to-zero-prior-to-call" and - ruleId = "RULE-22-8" + ruleId = "RULE-22-8" and + category = "required" or query = // `Query` instance for the `errnoSetToZeroAfterCall` query @@ -31,7 +33,8 @@ predicate isContracts3QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `errnoSetToZeroAfterCall` query "c/misra/errno-set-to-zero-after-call" and - ruleId = "RULE-22-9" + ruleId = "RULE-22-9" and + category = "required" } module Contracts3Package { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Contracts4.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Contracts4.qll index b0378cd1ec..2603360915 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Contracts4.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Contracts4.qll @@ -9,14 +9,15 @@ newtype Contracts4Query = TFunctionCallBeforeErrnoCheckQuery() or TErrnoNotSetToZeroQuery() -predicate isContracts4QueryMetadata(Query query, string queryId, string ruleId) { +predicate isContracts4QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `setlocaleMightSetErrno` query Contracts4Package::setlocaleMightSetErrnoQuery() and queryId = // `@id` for the `setlocaleMightSetErrno` query "c/cert/setlocale-might-set-errno" and - ruleId = "ERR30-C" + ruleId = "ERR30-C" and + category = "rule" or query = // `Query` instance for the `errnoReadBeforeReturn` query @@ -24,7 +25,8 @@ predicate isContracts4QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `errnoReadBeforeReturn` query "c/cert/errno-read-before-return" and - ruleId = "ERR30-C" + ruleId = "ERR30-C" and + category = "rule" or query = // `Query` instance for the `functionCallBeforeErrnoCheck` query @@ -32,7 +34,8 @@ predicate isContracts4QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `functionCallBeforeErrnoCheck` query "c/cert/function-call-before-errno-check" and - ruleId = "ERR30-C" + ruleId = "ERR30-C" and + category = "rule" or query = // `Query` instance for the `errnoNotSetToZero` query @@ -40,7 +43,8 @@ predicate isContracts4QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `errnoNotSetToZero` query "c/cert/errno-not-set-to-zero" and - ruleId = "ERR30-C" + ruleId = "ERR30-C" and + category = "rule" } module Contracts4Package { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Declarations1.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Declarations1.qll index c52cd567c8..c5ffaa56e3 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Declarations1.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Declarations1.qll @@ -11,14 +11,15 @@ newtype Declarations1Query = TMacroIdentifiersNotDistinctQuery() or TMacroIdentifierNotDistinctFromParameterQuery() -predicate isDeclarations1QueryMetadata(Query query, string queryId, string ruleId) { +predicate isDeclarations1QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `declareIdentifiersBeforeUsingThem` query Declarations1Package::declareIdentifiersBeforeUsingThemQuery() and queryId = // `@id` for the `declareIdentifiersBeforeUsingThem` query "c/cert/declare-identifiers-before-using-them" and - ruleId = "DCL31-C" + ruleId = "DCL31-C" and + category = "rule" or query = // `Query` instance for the `doNotDeclareOrDefineAReservedIdentifier` query @@ -26,7 +27,8 @@ predicate isDeclarations1QueryMetadata(Query query, string queryId, string ruleI queryId = // `@id` for the `doNotDeclareOrDefineAReservedIdentifier` query "c/cert/do-not-declare-or-define-a-reserved-identifier" and - ruleId = "DCL37-C" + ruleId = "DCL37-C" and + category = "rule" or query = // `Query` instance for the `doNotDeclareAReservedIdentifier` query @@ -34,7 +36,8 @@ predicate isDeclarations1QueryMetadata(Query query, string queryId, string ruleI queryId = // `@id` for the `doNotDeclareAReservedIdentifier` query "c/misra/do-not-declare-a-reserved-identifier" and - ruleId = "RULE-21-2" + ruleId = "RULE-21-2" and + category = "required" or query = // `Query` instance for the `externalIdentifiersNotDistinct` query @@ -42,7 +45,8 @@ predicate isDeclarations1QueryMetadata(Query query, string queryId, string ruleI queryId = // `@id` for the `externalIdentifiersNotDistinct` query "c/misra/external-identifiers-not-distinct" and - ruleId = "RULE-5-1" + ruleId = "RULE-5-1" and + category = "required" or query = // `Query` instance for the `macroIdentifiersNotDistinct` query @@ -50,7 +54,8 @@ predicate isDeclarations1QueryMetadata(Query query, string queryId, string ruleI queryId = // `@id` for the `macroIdentifiersNotDistinct` query "c/misra/macro-identifiers-not-distinct" and - ruleId = "RULE-5-4" + ruleId = "RULE-5-4" and + category = "required" or query = // `Query` instance for the `macroIdentifierNotDistinctFromParameter` query @@ -58,7 +63,8 @@ predicate isDeclarations1QueryMetadata(Query query, string queryId, string ruleI queryId = // `@id` for the `macroIdentifierNotDistinctFromParameter` query "c/misra/macro-identifier-not-distinct-from-parameter" and - ruleId = "RULE-5-4" + ruleId = "RULE-5-4" and + category = "required" } module Declarations1Package { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Declarations2.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Declarations2.qll index 5314ebc400..a8b7b95d2c 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Declarations2.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Declarations2.qll @@ -10,14 +10,15 @@ newtype Declarations2Query = TIncompatibleFunctionDeclarationsQuery() or TVariablesInsideSwitchStatementQuery() -predicate isDeclarations2QueryMetadata(Query query, string queryId, string ruleId) { +predicate isDeclarations2QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `declaringAFlexibleArrayMember` query Declarations2Package::declaringAFlexibleArrayMemberQuery() and queryId = // `@id` for the `declaringAFlexibleArrayMember` query "c/cert/declaring-a-flexible-array-member" and - ruleId = "DCL38-C" + ruleId = "DCL38-C" and + category = "rule" or query = // `Query` instance for the `excessLengthNamesIdentifiersNotDistinct` query @@ -25,7 +26,8 @@ predicate isDeclarations2QueryMetadata(Query query, string queryId, string ruleI queryId = // `@id` for the `excessLengthNamesIdentifiersNotDistinct` query "c/cert/excess-length-names-identifiers-not-distinct" and - ruleId = "DCL40-C" + ruleId = "DCL40-C" and + category = "rule" or query = // `Query` instance for the `incompatibleObjectDeclarations` query @@ -33,7 +35,8 @@ predicate isDeclarations2QueryMetadata(Query query, string queryId, string ruleI queryId = // `@id` for the `incompatibleObjectDeclarations` query "c/cert/incompatible-object-declarations" and - ruleId = "DCL40-C" + ruleId = "DCL40-C" and + category = "rule" or query = // `Query` instance for the `incompatibleFunctionDeclarations` query @@ -41,7 +44,8 @@ predicate isDeclarations2QueryMetadata(Query query, string queryId, string ruleI queryId = // `@id` for the `incompatibleFunctionDeclarations` query "c/cert/incompatible-function-declarations" and - ruleId = "DCL40-C" + ruleId = "DCL40-C" and + category = "rule" or query = // `Query` instance for the `variablesInsideSwitchStatement` query @@ -49,7 +53,8 @@ predicate isDeclarations2QueryMetadata(Query query, string queryId, string ruleI queryId = // `@id` for the `variablesInsideSwitchStatement` query "c/cert/variables-inside-switch-statement" and - ruleId = "DCL41-C" + ruleId = "DCL41-C" and + category = "rule" } module Declarations2Package { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Declarations3.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Declarations3.qll index 0aa63e6dc5..22ed294ee7 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Declarations3.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Declarations3.qll @@ -10,14 +10,15 @@ newtype Declarations3Query = TTagNameNotUniqueQuery() or TExplicitlyDeclareTypesQuery() -predicate isDeclarations3QueryMetadata(Query query, string queryId, string ruleId) { +predicate isDeclarations3QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `identifierHidingC` query Declarations3Package::identifierHidingCQuery() and queryId = // `@id` for the `identifierHidingC` query "c/misra/identifier-hiding-c" and - ruleId = "RULE-5-3" + ruleId = "RULE-5-3" and + category = "required" or query = // `Query` instance for the `identifiersNotDistinctFromMacroNames` query @@ -25,7 +26,8 @@ predicate isDeclarations3QueryMetadata(Query query, string queryId, string ruleI queryId = // `@id` for the `identifiersNotDistinctFromMacroNames` query "c/misra/identifiers-not-distinct-from-macro-names" and - ruleId = "RULE-5-5" + ruleId = "RULE-5-5" and + category = "required" or query = // `Query` instance for the `typedefNameNotUnique` query @@ -33,7 +35,8 @@ predicate isDeclarations3QueryMetadata(Query query, string queryId, string ruleI queryId = // `@id` for the `typedefNameNotUnique` query "c/misra/typedef-name-not-unique" and - ruleId = "RULE-5-6" + ruleId = "RULE-5-6" and + category = "required" or query = // `Query` instance for the `tagNameNotUnique` query @@ -41,7 +44,8 @@ predicate isDeclarations3QueryMetadata(Query query, string queryId, string ruleI queryId = // `@id` for the `tagNameNotUnique` query "c/misra/tag-name-not-unique" and - ruleId = "RULE-5-7" + ruleId = "RULE-5-7" and + category = "required" or query = // `Query` instance for the `explicitlyDeclareTypes` query @@ -49,7 +53,8 @@ predicate isDeclarations3QueryMetadata(Query query, string queryId, string ruleI queryId = // `@id` for the `explicitlyDeclareTypes` query "c/misra/explicitly-declare-types" and - ruleId = "RULE-8-1" + ruleId = "RULE-8-1" and + category = "required" } module Declarations3Package { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Expressions.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Expressions.qll index 2e18feca23..fab8e21d01 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Expressions.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Expressions.qll @@ -9,14 +9,15 @@ newtype ExpressionsQuery = TCallPOSIXOpenWithCorrectArgumentCountQuery() or TDoNotUseABitwiseOperatorWithABooleanLikeOperandQuery() -predicate isExpressionsQueryMetadata(Query query, string queryId, string ruleId) { +predicate isExpressionsQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `doNotCallFunctionPointerWithIncompatibleType` query ExpressionsPackage::doNotCallFunctionPointerWithIncompatibleTypeQuery() and queryId = // `@id` for the `doNotCallFunctionPointerWithIncompatibleType` query "c/cert/do-not-call-function-pointer-with-incompatible-type" and - ruleId = "EXP37-C" + ruleId = "EXP37-C" and + category = "rule" or query = // `Query` instance for the `doNotCallFunctionsWithIncompatibleArguments` query @@ -24,7 +25,8 @@ predicate isExpressionsQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `doNotCallFunctionsWithIncompatibleArguments` query "c/cert/do-not-call-functions-with-incompatible-arguments" and - ruleId = "EXP37-C" + ruleId = "EXP37-C" and + category = "rule" or query = // `Query` instance for the `callPOSIXOpenWithCorrectArgumentCount` query @@ -32,7 +34,8 @@ predicate isExpressionsQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `callPOSIXOpenWithCorrectArgumentCount` query "c/cert/call-posix-open-with-correct-argument-count" and - ruleId = "EXP37-C" + ruleId = "EXP37-C" and + category = "rule" or query = // `Query` instance for the `doNotUseABitwiseOperatorWithABooleanLikeOperand` query @@ -40,7 +43,8 @@ predicate isExpressionsQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `doNotUseABitwiseOperatorWithABooleanLikeOperand` query "c/cert/do-not-use-a-bitwise-operator-with-a-boolean-like-operand" and - ruleId = "EXP46-C" + ruleId = "EXP46-C" and + category = "rule" } module ExpressionsPackage { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/IO1.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/IO1.qll index f0aa85cd8a..b3c1bdd428 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/IO1.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/IO1.qll @@ -12,14 +12,15 @@ newtype IO1Query = TUndefinedBehaviorAccessingAClosedFileQuery() or TFileUsedAfterClosedQuery() -predicate isIO1QueryMetadata(Query query, string queryId, string ruleId) { +predicate isIO1QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `excludeUserInputFromFormatStrings` query IO1Package::excludeUserInputFromFormatStringsQuery() and queryId = // `@id` for the `excludeUserInputFromFormatStrings` query "c/cert/exclude-user-input-from-format-strings" and - ruleId = "FIO30-C" + ruleId = "FIO30-C" and + category = "rule" or query = // `Query` instance for the `distinguishBetweenCharReadFromAFileAndEofOrWeof` query @@ -27,7 +28,8 @@ predicate isIO1QueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `distinguishBetweenCharReadFromAFileAndEofOrWeof` query "c/cert/distinguish-between-char-read-from-a-file-and-eof-or-weof" and - ruleId = "FIO34-C" + ruleId = "FIO34-C" and + category = "rule" or query = // `Query` instance for the `endOfFileCheckPortability` query @@ -35,7 +37,8 @@ predicate isIO1QueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `endOfFileCheckPortability` query "c/cert/end-of-file-check-portability" and - ruleId = "FIO34-C" + ruleId = "FIO34-C" and + category = "rule" or query = // `Query` instance for the `doNotAlternatelyIOFromAStreamWithoutPositioning` query @@ -43,7 +46,8 @@ predicate isIO1QueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `doNotAlternatelyIOFromAStreamWithoutPositioning` query "c/cert/do-not-alternately-io-from-a-stream-without-positioning" and - ruleId = "FIO39-C" + ruleId = "FIO39-C" and + category = "rule" or query = // `Query` instance for the `closeFilesWhenTheyAreNoLongerNeeded` query @@ -51,7 +55,8 @@ predicate isIO1QueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `closeFilesWhenTheyAreNoLongerNeeded` query "c/cert/close-files-when-they-are-no-longer-needed" and - ruleId = "FIO42-C" + ruleId = "FIO42-C" and + category = "rule" or query = // `Query` instance for the `undefinedBehaviorAccessingAClosedFile` query @@ -59,7 +64,8 @@ predicate isIO1QueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `undefinedBehaviorAccessingAClosedFile` query "c/cert/undefined-behavior-accessing-a-closed-file" and - ruleId = "FIO46-C" + ruleId = "FIO46-C" and + category = "rule" or query = // `Query` instance for the `fileUsedAfterClosed` query @@ -67,7 +73,8 @@ predicate isIO1QueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `fileUsedAfterClosed` query "c/misra/file-used-after-closed" and - ruleId = "RULE-22-6" + ruleId = "RULE-22-6" and + category = "mandatory" } module IO1Package { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/IO2.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/IO2.qll index 6eca59ea3c..6208470e24 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/IO2.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/IO2.qll @@ -9,14 +9,15 @@ newtype IO2Query = TDoNotCallGetcAndPutcWithSideEffectsQuery() or TOnlyUseValuesForFsetposThatAreReturnedFromFgetposQuery() -predicate isIO2QueryMetadata(Query query, string queryId, string ruleId) { +predicate isIO2QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `doNotCopyAFileObject` query IO2Package::doNotCopyAFileObjectQuery() and queryId = // `@id` for the `doNotCopyAFileObject` query "c/cert/do-not-copy-a-file-object" and - ruleId = "FIO38-C" + ruleId = "FIO38-C" and + category = "rule" or query = // `Query` instance for the `resetStringsOnFgetsOrFgetwsFailure` query @@ -24,7 +25,8 @@ predicate isIO2QueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `resetStringsOnFgetsOrFgetwsFailure` query "c/cert/reset-strings-on-fgets-or-fgetws-failure" and - ruleId = "FIO40-C" + ruleId = "FIO40-C" and + category = "rule" or query = // `Query` instance for the `doNotCallGetcAndPutcWithSideEffects` query @@ -32,7 +34,8 @@ predicate isIO2QueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `doNotCallGetcAndPutcWithSideEffects` query "c/cert/do-not-call-getc-and-putc-with-side-effects" and - ruleId = "FIO41-C" + ruleId = "FIO41-C" and + category = "rule" or query = // `Query` instance for the `onlyUseValuesForFsetposThatAreReturnedFromFgetpos` query @@ -40,7 +43,8 @@ predicate isIO2QueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `onlyUseValuesForFsetposThatAreReturnedFromFgetpos` query "c/cert/only-use-values-for-fsetpos-that-are-returned-from-fgetpos" and - ruleId = "FIO44-C" + ruleId = "FIO44-C" and + category = "rule" } module IO2Package { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/IO3.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/IO3.qll index b04ecbf420..9aac753c0b 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/IO3.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/IO3.qll @@ -11,14 +11,15 @@ newtype IO3Query = TPointerToAFileObjectDereferencedQuery() or TEofShallBeComparedWithUnmodifiedReturnValuesQuery() -predicate isIO3QueryMetadata(Query query, string queryId, string ruleId) { +predicate isIO3QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `doNotPerformFileOperationsOnDevices` query IO3Package::doNotPerformFileOperationsOnDevicesQuery() and queryId = // `@id` for the `doNotPerformFileOperationsOnDevices` query "c/cert/do-not-perform-file-operations-on-devices" and - ruleId = "FIO32-C" + ruleId = "FIO32-C" and + category = "rule" or query = // `Query` instance for the `successfulFgetsOrFgetwsMayReturnAnEmptyString` query @@ -26,7 +27,8 @@ predicate isIO3QueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `successfulFgetsOrFgetwsMayReturnAnEmptyString` query "c/cert/successful-fgets-or-fgetws-may-return-an-empty-string" and - ruleId = "FIO37-C" + ruleId = "FIO37-C" and + category = "rule" or query = // `Query` instance for the `fileOpenForReadAndWriteOnDifferentStreams` query @@ -34,7 +36,8 @@ predicate isIO3QueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `fileOpenForReadAndWriteOnDifferentStreams` query "c/misra/file-open-for-read-and-write-on-different-streams" and - ruleId = "RULE-22-3" + ruleId = "RULE-22-3" and + category = "required" or query = // `Query` instance for the `attemptToWriteToAReadOnlyStream` query @@ -42,7 +45,8 @@ predicate isIO3QueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `attemptToWriteToAReadOnlyStream` query "c/misra/attempt-to-write-to-a-read-only-stream" and - ruleId = "RULE-22-4" + ruleId = "RULE-22-4" and + category = "mandatory" or query = // `Query` instance for the `pointerToAFileObjectDereferenced` query @@ -50,7 +54,8 @@ predicate isIO3QueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `pointerToAFileObjectDereferenced` query "c/misra/pointer-to-a-file-object-dereferenced" and - ruleId = "RULE-22-5" + ruleId = "RULE-22-5" and + category = "mandatory" or query = // `Query` instance for the `eofShallBeComparedWithUnmodifiedReturnValues` query @@ -58,7 +63,8 @@ predicate isIO3QueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `eofShallBeComparedWithUnmodifiedReturnValues` query "c/misra/eof-shall-be-compared-with-unmodified-return-values" and - ruleId = "RULE-22-7" + ruleId = "RULE-22-7" and + category = "required" } module IO3Package { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/IO4.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/IO4.qll index a1c3978fc4..872ee2cbcd 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/IO4.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/IO4.qll @@ -9,14 +9,15 @@ newtype IO4Query = TWrongNumberOfFormatArgumentsQuery() or TWrongTypeFormatArgumentsQuery() -predicate isIO4QueryMetadata(Query query, string queryId, string ruleId) { +predicate isIO4QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `toctouRaceConditionsWhileAccessingFiles` query IO4Package::toctouRaceConditionsWhileAccessingFilesQuery() and queryId = // `@id` for the `toctouRaceConditionsWhileAccessingFiles` query "c/cert/toctou-race-conditions-while-accessing-files" and - ruleId = "FIO45-C" + ruleId = "FIO45-C" and + category = "rule" or query = // `Query` instance for the `useValidSpecifiers` query @@ -24,7 +25,8 @@ predicate isIO4QueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `useValidSpecifiers` query "c/cert/use-valid-specifiers" and - ruleId = "FIO47-C" + ruleId = "FIO47-C" and + category = "rule" or query = // `Query` instance for the `wrongNumberOfFormatArguments` query @@ -32,7 +34,8 @@ predicate isIO4QueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `wrongNumberOfFormatArguments` query "c/cert/wrong-number-of-format-arguments" and - ruleId = "FIO47-C" + ruleId = "FIO47-C" and + category = "rule" or query = // `Query` instance for the `wrongTypeFormatArguments` query @@ -40,7 +43,8 @@ predicate isIO4QueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `wrongTypeFormatArguments` query "c/cert/wrong-type-format-arguments" and - ruleId = "FIO47-C" + ruleId = "FIO47-C" and + category = "rule" } module IO4Package { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Language1.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Language1.qll index a2787698cc..0fb03bf6d5 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Language1.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Language1.qll @@ -5,14 +5,15 @@ import codingstandards.cpp.exclusions.RuleMetadata newtype Language1Query = TLanguageNotEncapsulatedAndIsolatedQuery() -predicate isLanguage1QueryMetadata(Query query, string queryId, string ruleId) { +predicate isLanguage1QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `languageNotEncapsulatedAndIsolated` query Language1Package::languageNotEncapsulatedAndIsolatedQuery() and queryId = // `@id` for the `languageNotEncapsulatedAndIsolated` query "c/misra/language-not-encapsulated-and-isolated" and - ruleId = "DIR-4-3" + ruleId = "DIR-4-3" and + category = "required" } module Language1Package { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Language2.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Language2.qll index 0217551e59..2a85696cc2 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Language2.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Language2.qll @@ -7,14 +7,15 @@ newtype Language2Query = TUsageOfAssemblyLanguageShouldBeDocumentedQuery() or TEmergentLanguageFeaturesUsedQuery() -predicate isLanguage2QueryMetadata(Query query, string queryId, string ruleId) { +predicate isLanguage2QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `usageOfAssemblyLanguageShouldBeDocumented` query Language2Package::usageOfAssemblyLanguageShouldBeDocumentedQuery() and queryId = // `@id` for the `usageOfAssemblyLanguageShouldBeDocumented` query "c/misra/usage-of-assembly-language-should-be-documented" and - ruleId = "DIR-4-2" + ruleId = "DIR-4-2" and + category = "advisory" or query = // `Query` instance for the `emergentLanguageFeaturesUsed` query @@ -22,7 +23,8 @@ predicate isLanguage2QueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `emergentLanguageFeaturesUsed` query "c/misra/emergent-language-features-used" and - ruleId = "RULE-1-4" + ruleId = "RULE-1-4" and + category = "required" } module Language2Package { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Misc.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Misc.qll index c63fe7c7d2..9535c8a6d1 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Misc.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Misc.qll @@ -8,14 +8,15 @@ newtype MiscQuery = TProperlySeedPseudorandomNumberGeneratorsQuery() or TControlFlowReachesTheEndOfANonVoidFunctionQuery() -predicate isMiscQueryMetadata(Query query, string queryId, string ruleId) { +predicate isMiscQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `randUsedForGeneratingPseudorandomNumbers` query MiscPackage::randUsedForGeneratingPseudorandomNumbersQuery() and queryId = // `@id` for the `randUsedForGeneratingPseudorandomNumbers` query "c/cert/rand-used-for-generating-pseudorandom-numbers" and - ruleId = "MSC30-C" + ruleId = "MSC30-C" and + category = "rule" or query = // `Query` instance for the `properlySeedPseudorandomNumberGenerators` query @@ -23,7 +24,8 @@ predicate isMiscQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `properlySeedPseudorandomNumberGenerators` query "c/cert/properly-seed-pseudorandom-number-generators" and - ruleId = "MSC32-C" + ruleId = "MSC32-C" and + category = "rule" or query = // `Query` instance for the `controlFlowReachesTheEndOfANonVoidFunction` query @@ -31,7 +33,8 @@ predicate isMiscQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `controlFlowReachesTheEndOfANonVoidFunction` query "c/cert/control-flow-reaches-the-end-of-a-non-void-function" and - ruleId = "MSC37-C" + ruleId = "MSC37-C" and + category = "rule" } module MiscPackage { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Pointers1.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Pointers1.qll index 11daf5543c..e35f0f3a88 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Pointers1.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Pointers1.qll @@ -22,14 +22,15 @@ newtype Pointers1Query = TObjectWithNoPointerDereferenceShouldBeOpaqueQuery() or TPointerShouldPointToConstTypeWhenPossibleQuery() -predicate isPointers1QueryMetadata(Query query, string queryId, string ruleId) { +predicate isPointers1QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `conversionBetweenFunctionPointerAndOtherType` query Pointers1Package::conversionBetweenFunctionPointerAndOtherTypeQuery() and queryId = // `@id` for the `conversionBetweenFunctionPointerAndOtherType` query "c/misra/conversion-between-function-pointer-and-other-type" and - ruleId = "RULE-11-1" + ruleId = "RULE-11-1" and + category = "required" or query = // `Query` instance for the `conversionBetweenIncompleteTypePointerAndOtherType` query @@ -37,7 +38,8 @@ predicate isPointers1QueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `conversionBetweenIncompleteTypePointerAndOtherType` query "c/misra/conversion-between-incomplete-type-pointer-and-other-type" and - ruleId = "RULE-11-2" + ruleId = "RULE-11-2" and + category = "required" or query = // `Query` instance for the `castBetweenObjectPointerAndDifferentObjectType` query @@ -45,7 +47,8 @@ predicate isPointers1QueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `castBetweenObjectPointerAndDifferentObjectType` query "c/misra/cast-between-object-pointer-and-different-object-type" and - ruleId = "RULE-11-3" + ruleId = "RULE-11-3" and + category = "required" or query = // `Query` instance for the `conversionBetweenPointerToObjectAndIntegerType` query @@ -53,7 +56,8 @@ predicate isPointers1QueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `conversionBetweenPointerToObjectAndIntegerType` query "c/misra/conversion-between-pointer-to-object-and-integer-type" and - ruleId = "RULE-11-4" + ruleId = "RULE-11-4" and + category = "advisory" or query = // `Query` instance for the `conversionFromPointerToVoidIntoPointerToObject` query @@ -61,7 +65,8 @@ predicate isPointers1QueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `conversionFromPointerToVoidIntoPointerToObject` query "c/misra/conversion-from-pointer-to-void-into-pointer-to-object" and - ruleId = "RULE-11-5" + ruleId = "RULE-11-5" and + category = "advisory" or query = // `Query` instance for the `castBetweenPointerToVoidAndArithmeticType` query @@ -69,7 +74,8 @@ predicate isPointers1QueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `castBetweenPointerToVoidAndArithmeticType` query "c/misra/cast-between-pointer-to-void-and-arithmetic-type" and - ruleId = "RULE-11-6" + ruleId = "RULE-11-6" and + category = "required" or query = // `Query` instance for the `castBetweenPointerToObjectAndNonIntArithmeticType` query @@ -77,7 +83,8 @@ predicate isPointers1QueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `castBetweenPointerToObjectAndNonIntArithmeticType` query "c/misra/cast-between-pointer-to-object-and-non-int-arithmetic-type" and - ruleId = "RULE-11-7" + ruleId = "RULE-11-7" and + category = "required" or query = // `Query` instance for the `castRemovesConstOrVolatileQualification` query @@ -85,7 +92,8 @@ predicate isPointers1QueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `castRemovesConstOrVolatileQualification` query "c/misra/cast-removes-const-or-volatile-qualification" and - ruleId = "RULE-11-8" + ruleId = "RULE-11-8" and + category = "required" or query = // `Query` instance for the `macroNullNotUsedAsIntegerNullPointerConstant` query @@ -93,7 +101,8 @@ predicate isPointers1QueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `macroNullNotUsedAsIntegerNullPointerConstant` query "c/misra/macro-null-not-used-as-integer-null-pointer-constant" and - ruleId = "RULE-11-9" + ruleId = "RULE-11-9" and + category = "required" or query = // `Query` instance for the `pointerAndDerivedPointerMustAddressSameArray` query @@ -101,7 +110,8 @@ predicate isPointers1QueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `pointerAndDerivedPointerMustAddressSameArray` query "c/misra/pointer-and-derived-pointer-must-address-same-array" and - ruleId = "RULE-18-1" + ruleId = "RULE-18-1" and + category = "required" or query = // `Query` instance for the `subtractionBetweenPointersMustAddressSameArray` query @@ -109,7 +119,8 @@ predicate isPointers1QueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `subtractionBetweenPointersMustAddressSameArray` query "c/misra/subtraction-between-pointers-must-address-same-array" and - ruleId = "RULE-18-2" + ruleId = "RULE-18-2" and + category = "required" or query = // `Query` instance for the `relationalOperatorComparesPointerToDifferentArray` query @@ -117,7 +128,8 @@ predicate isPointers1QueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `relationalOperatorComparesPointerToDifferentArray` query "c/misra/relational-operator-compares-pointer-to-different-array" and - ruleId = "RULE-18-3" + ruleId = "RULE-18-3" and + category = "required" or query = // `Query` instance for the `doNotUseAdditionOrSubtractionOperatorsOnPointers` query @@ -125,7 +137,8 @@ predicate isPointers1QueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `doNotUseAdditionOrSubtractionOperatorsOnPointers` query "c/misra/do-not-use-addition-or-subtraction-operators-on-pointers" and - ruleId = "RULE-18-4" + ruleId = "RULE-18-4" and + category = "advisory" or query = // `Query` instance for the `noMoreThanTwoLevelsOfPointerNestingInDeclarations` query @@ -133,7 +146,8 @@ predicate isPointers1QueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `noMoreThanTwoLevelsOfPointerNestingInDeclarations` query "c/misra/no-more-than-two-levels-of-pointer-nesting-in-declarations" and - ruleId = "RULE-18-5" + ruleId = "RULE-18-5" and + category = "advisory" or query = // `Query` instance for the `automaticStorageObjectAddressCopiedToOtherObject` query @@ -141,7 +155,8 @@ predicate isPointers1QueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `automaticStorageObjectAddressCopiedToOtherObject` query "c/misra/automatic-storage-object-address-copied-to-other-object" and - ruleId = "RULE-18-6" + ruleId = "RULE-18-6" and + category = "required" or query = // `Query` instance for the `objectWithNoPointerDereferenceShouldBeOpaque` query @@ -149,7 +164,8 @@ predicate isPointers1QueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `objectWithNoPointerDereferenceShouldBeOpaque` query "c/misra/object-with-no-pointer-dereference-should-be-opaque" and - ruleId = "DIR-4-8" + ruleId = "DIR-4-8" and + category = "advisory" or query = // `Query` instance for the `pointerShouldPointToConstTypeWhenPossible` query @@ -157,7 +173,8 @@ predicate isPointers1QueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `pointerShouldPointToConstTypeWhenPossible` query "c/misra/pointer-should-point-to-const-type-when-possible" and - ruleId = "RULE-8-13" + ruleId = "RULE-8-13" and + category = "advisory" } module Pointers1Package { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Pointers2.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Pointers2.qll index d5ddafd888..476388612e 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Pointers2.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Pointers2.qll @@ -5,14 +5,15 @@ import codingstandards.cpp.exclusions.RuleMetadata newtype Pointers2Query = TDoNotAddOrSubtractAScaledIntegerToAPointerQuery() -predicate isPointers2QueryMetadata(Query query, string queryId, string ruleId) { +predicate isPointers2QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `doNotAddOrSubtractAScaledIntegerToAPointer` query Pointers2Package::doNotAddOrSubtractAScaledIntegerToAPointerQuery() and queryId = // `@id` for the `doNotAddOrSubtractAScaledIntegerToAPointer` query "c/cert/do-not-add-or-subtract-a-scaled-integer-to-a-pointer" and - ruleId = "ARR39-C" + ruleId = "ARR39-C" and + category = "rule" } module Pointers2Package { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor1.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor1.qll index 7037c9f195..1f3c9bba38 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor1.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor1.qll @@ -9,14 +9,15 @@ newtype Preprocessor1Query = TForbiddenCharactersInHeaderFileNameQuery() or TIdentifiersUsedInPreprocessorExpressionQuery() -predicate isPreprocessor1QueryMetadata(Query query, string queryId, string ruleId) { +predicate isPreprocessor1QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `includeDirectivesPrecededByDirectivesOrComments` query Preprocessor1Package::includeDirectivesPrecededByDirectivesOrCommentsQuery() and queryId = // `@id` for the `includeDirectivesPrecededByDirectivesOrComments` query "c/misra/include-directives-preceded-by-directives-or-comments" and - ruleId = "RULE-20-1" + ruleId = "RULE-20-1" and + category = "advisory" or query = // `Query` instance for the `preprocessorHashOperatorsShouldNotBeUsed` query @@ -24,7 +25,8 @@ predicate isPreprocessor1QueryMetadata(Query query, string queryId, string ruleI queryId = // `@id` for the `preprocessorHashOperatorsShouldNotBeUsed` query "c/misra/preprocessor-hash-operators-should-not-be-used" and - ruleId = "RULE-20-10" + ruleId = "RULE-20-10" and + category = "advisory" or query = // `Query` instance for the `forbiddenCharactersInHeaderFileName` query @@ -32,7 +34,8 @@ predicate isPreprocessor1QueryMetadata(Query query, string queryId, string ruleI queryId = // `@id` for the `forbiddenCharactersInHeaderFileName` query "c/misra/forbidden-characters-in-header-file-name" and - ruleId = "RULE-20-2" + ruleId = "RULE-20-2" and + category = "required" or query = // `Query` instance for the `identifiersUsedInPreprocessorExpression` query @@ -40,7 +43,8 @@ predicate isPreprocessor1QueryMetadata(Query query, string queryId, string ruleI queryId = // `@id` for the `identifiersUsedInPreprocessorExpression` query "c/misra/identifiers-used-in-preprocessor-expression" and - ruleId = "RULE-20-9" + ruleId = "RULE-20-9" and + category = "required" } module Preprocessor1Package { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor2.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor2.qll index f8a1c8ba3b..bc6fc91da6 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor2.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor2.qll @@ -9,14 +9,15 @@ newtype Preprocessor2Query = TUndefShouldNotBeUsedQuery() or TPrecautionIncludeGuardsNotProvidedQuery() -predicate isPreprocessor2QueryMetadata(Query query, string queryId, string ruleId) { +predicate isPreprocessor2QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `moreThanOneHashOperatorInMacroDefinition` query Preprocessor2Package::moreThanOneHashOperatorInMacroDefinitionQuery() and queryId = // `@id` for the `moreThanOneHashOperatorInMacroDefinition` query "c/misra/more-than-one-hash-operator-in-macro-definition" and - ruleId = "RULE-20-11" + ruleId = "RULE-20-11" and + category = "required" or query = // `Query` instance for the `macroParameterUsedAsHashOperand` query @@ -24,7 +25,8 @@ predicate isPreprocessor2QueryMetadata(Query query, string queryId, string ruleI queryId = // `@id` for the `macroParameterUsedAsHashOperand` query "c/misra/macro-parameter-used-as-hash-operand" and - ruleId = "RULE-20-12" + ruleId = "RULE-20-12" and + category = "required" or query = // `Query` instance for the `undefShouldNotBeUsed` query @@ -32,7 +34,8 @@ predicate isPreprocessor2QueryMetadata(Query query, string queryId, string ruleI queryId = // `@id` for the `undefShouldNotBeUsed` query "c/misra/undef-should-not-be-used" and - ruleId = "RULE-20-5" + ruleId = "RULE-20-5" and + category = "advisory" or query = // `Query` instance for the `precautionIncludeGuardsNotProvided` query @@ -40,7 +43,8 @@ predicate isPreprocessor2QueryMetadata(Query query, string queryId, string ruleI queryId = // `@id` for the `precautionIncludeGuardsNotProvided` query "c/misra/precaution-include-guards-not-provided" and - ruleId = "DIR-4-10" + ruleId = "DIR-4-10" and + category = "required" } module Preprocessor2Package { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor3.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor3.qll index 5894975f2d..1b9ed9374e 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor3.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor3.qll @@ -5,14 +5,15 @@ import codingstandards.cpp.exclusions.RuleMetadata newtype Preprocessor3Query = TControllingExpressionIfDirectiveQuery() -predicate isPreprocessor3QueryMetadata(Query query, string queryId, string ruleId) { +predicate isPreprocessor3QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `controllingExpressionIfDirective` query Preprocessor3Package::controllingExpressionIfDirectiveQuery() and queryId = // `@id` for the `controllingExpressionIfDirective` query "c/misra/controlling-expression-if-directive" and - ruleId = "RULE-20-8" + ruleId = "RULE-20-8" and + category = "required" } module Preprocessor3Package { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor4.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor4.qll index 94ffc1dc8d..8b30501183 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor4.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor4.qll @@ -8,14 +8,15 @@ newtype Preprocessor4Query = TFunctionLikeMacroArgsContainHashTokenCQueryQuery() or TDefineAndUndefUsedOnReservedIdentifierOrMacroNameQuery() -predicate isPreprocessor4QueryMetadata(Query query, string queryId, string ruleId) { +predicate isPreprocessor4QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `macroDefinedWithTheSameNameAsKeyword` query Preprocessor4Package::macroDefinedWithTheSameNameAsKeywordQuery() and queryId = // `@id` for the `macroDefinedWithTheSameNameAsKeyword` query "c/misra/macro-defined-with-the-same-name-as-keyword" and - ruleId = "RULE-20-4" + ruleId = "RULE-20-4" and + category = "required" or query = // `Query` instance for the `functionLikeMacroArgsContainHashTokenCQuery` query @@ -23,7 +24,8 @@ predicate isPreprocessor4QueryMetadata(Query query, string queryId, string ruleI queryId = // `@id` for the `functionLikeMacroArgsContainHashTokenCQuery` query "c/misra/function-like-macro-args-contain-hash-token-c-query" and - ruleId = "RULE-20-6" + ruleId = "RULE-20-6" and + category = "required" or query = // `Query` instance for the `defineAndUndefUsedOnReservedIdentifierOrMacroName` query @@ -31,7 +33,8 @@ predicate isPreprocessor4QueryMetadata(Query query, string queryId, string ruleI queryId = // `@id` for the `defineAndUndefUsedOnReservedIdentifierOrMacroName` query "c/misra/define-and-undef-used-on-reserved-identifier-or-macro-name" and - ruleId = "RULE-21-1" + ruleId = "RULE-21-1" and + category = "required" } module Preprocessor4Package { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor5.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor5.qll index c9498fa549..0d35690408 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor5.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor5.qll @@ -8,14 +8,15 @@ newtype Preprocessor5Query = TMacroOrFunctionArgsContainHashTokenQuery() or TMacroParameterNotEnclosedInParenthesesCQueryQuery() -predicate isPreprocessor5QueryMetadata(Query query, string queryId, string ruleId) { +predicate isPreprocessor5QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `doNotTreatAPredefinedIdentifierAsObject` query Preprocessor5Package::doNotTreatAPredefinedIdentifierAsObjectQuery() and queryId = // `@id` for the `doNotTreatAPredefinedIdentifierAsObject` query "c/cert/do-not-treat-a-predefined-identifier-as-object" and - ruleId = "MSC38-C" + ruleId = "MSC38-C" and + category = "rule" or query = // `Query` instance for the `macroOrFunctionArgsContainHashToken` query @@ -23,7 +24,8 @@ predicate isPreprocessor5QueryMetadata(Query query, string queryId, string ruleI queryId = // `@id` for the `macroOrFunctionArgsContainHashToken` query "c/cert/macro-or-function-args-contain-hash-token" and - ruleId = "PRE32-C" + ruleId = "PRE32-C" and + category = "rule" or query = // `Query` instance for the `macroParameterNotEnclosedInParenthesesCQuery` query @@ -31,7 +33,8 @@ predicate isPreprocessor5QueryMetadata(Query query, string queryId, string ruleI queryId = // `@id` for the `macroParameterNotEnclosedInParenthesesCQuery` query "c/misra/macro-parameter-not-enclosed-in-parentheses-c-query" and - ruleId = "RULE-20-7" + ruleId = "RULE-20-7" and + category = "required" } module Preprocessor5Package { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor6.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor6.qll index a9fb45b284..1f68e30376 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor6.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor6.qll @@ -5,14 +5,15 @@ import codingstandards.cpp.exclusions.RuleMetadata newtype Preprocessor6Query = TFunctionOverFunctionLikeMacroQuery() -predicate isPreprocessor6QueryMetadata(Query query, string queryId, string ruleId) { +predicate isPreprocessor6QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `functionOverFunctionLikeMacro` query Preprocessor6Package::functionOverFunctionLikeMacroQuery() and queryId = // `@id` for the `functionOverFunctionLikeMacro` query "c/misra/function-over-function-like-macro" and - ruleId = "DIR-4-9" + ruleId = "DIR-4-9" and + category = "advisory" } module Preprocessor6Package { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/RuleMetadata.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/RuleMetadata.qll index 5e7a315c46..11994dd9fd 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/RuleMetadata.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/RuleMetadata.qll @@ -77,40 +77,40 @@ newtype TCQuery = TSyntaxPackageQuery(SyntaxQuery q) /** The metadata predicate * */ -predicate isQueryMetadata(Query query, string queryId, string ruleId) { - isBannedQueryMetadata(query, queryId, ruleId) or - isConcurrency1QueryMetadata(query, queryId, ruleId) or - isConcurrency2QueryMetadata(query, queryId, ruleId) or - isConcurrency3QueryMetadata(query, queryId, ruleId) or - isConcurrency4QueryMetadata(query, queryId, ruleId) or - isConcurrency5QueryMetadata(query, queryId, ruleId) or - isContracts1QueryMetadata(query, queryId, ruleId) or - isContracts2QueryMetadata(query, queryId, ruleId) or - isContracts3QueryMetadata(query, queryId, ruleId) or - isContracts4QueryMetadata(query, queryId, ruleId) or - isDeclarations1QueryMetadata(query, queryId, ruleId) or - isDeclarations2QueryMetadata(query, queryId, ruleId) or - isDeclarations3QueryMetadata(query, queryId, ruleId) or - isExpressionsQueryMetadata(query, queryId, ruleId) or - isIO1QueryMetadata(query, queryId, ruleId) or - isIO2QueryMetadata(query, queryId, ruleId) or - isIO3QueryMetadata(query, queryId, ruleId) or - isIO4QueryMetadata(query, queryId, ruleId) or - isLanguage1QueryMetadata(query, queryId, ruleId) or - isLanguage2QueryMetadata(query, queryId, ruleId) or - isMiscQueryMetadata(query, queryId, ruleId) or - isPointers1QueryMetadata(query, queryId, ruleId) or - isPointers2QueryMetadata(query, queryId, ruleId) or - isPreprocessor1QueryMetadata(query, queryId, ruleId) or - isPreprocessor2QueryMetadata(query, queryId, ruleId) or - isPreprocessor3QueryMetadata(query, queryId, ruleId) or - isPreprocessor4QueryMetadata(query, queryId, ruleId) or - isPreprocessor5QueryMetadata(query, queryId, ruleId) or - isPreprocessor6QueryMetadata(query, queryId, ruleId) or - isSideEffects1QueryMetadata(query, queryId, ruleId) or - isSideEffects2QueryMetadata(query, queryId, ruleId) or - isStrings1QueryMetadata(query, queryId, ruleId) or - isStrings2QueryMetadata(query, queryId, ruleId) or - isStrings3QueryMetadata(query, queryId, ruleId) or - isSyntaxQueryMetadata(query, queryId, ruleId) +predicate isQueryMetadata(Query query, string queryId, string ruleId, string category) { + isBannedQueryMetadata(query, queryId, ruleId, category) or + isConcurrency1QueryMetadata(query, queryId, ruleId, category) or + isConcurrency2QueryMetadata(query, queryId, ruleId, category) or + isConcurrency3QueryMetadata(query, queryId, ruleId, category) or + isConcurrency4QueryMetadata(query, queryId, ruleId, category) or + isConcurrency5QueryMetadata(query, queryId, ruleId, category) or + isContracts1QueryMetadata(query, queryId, ruleId, category) or + isContracts2QueryMetadata(query, queryId, ruleId, category) or + isContracts3QueryMetadata(query, queryId, ruleId, category) or + isContracts4QueryMetadata(query, queryId, ruleId, category) or + isDeclarations1QueryMetadata(query, queryId, ruleId, category) or + isDeclarations2QueryMetadata(query, queryId, ruleId, category) or + isDeclarations3QueryMetadata(query, queryId, ruleId, category) or + isExpressionsQueryMetadata(query, queryId, ruleId, category) or + isIO1QueryMetadata(query, queryId, ruleId, category) or + isIO2QueryMetadata(query, queryId, ruleId, category) or + isIO3QueryMetadata(query, queryId, ruleId, category) or + isIO4QueryMetadata(query, queryId, ruleId, category) or + isLanguage1QueryMetadata(query, queryId, ruleId, category) or + isLanguage2QueryMetadata(query, queryId, ruleId, category) or + isMiscQueryMetadata(query, queryId, ruleId, category) or + isPointers1QueryMetadata(query, queryId, ruleId, category) or + isPointers2QueryMetadata(query, queryId, ruleId, category) or + isPreprocessor1QueryMetadata(query, queryId, ruleId, category) or + isPreprocessor2QueryMetadata(query, queryId, ruleId, category) or + isPreprocessor3QueryMetadata(query, queryId, ruleId, category) or + isPreprocessor4QueryMetadata(query, queryId, ruleId, category) or + isPreprocessor5QueryMetadata(query, queryId, ruleId, category) or + isPreprocessor6QueryMetadata(query, queryId, ruleId, category) or + isSideEffects1QueryMetadata(query, queryId, ruleId, category) or + isSideEffects2QueryMetadata(query, queryId, ruleId, category) or + isStrings1QueryMetadata(query, queryId, ruleId, category) or + isStrings2QueryMetadata(query, queryId, ruleId, category) or + isStrings3QueryMetadata(query, queryId, ruleId, category) or + isSyntaxQueryMetadata(query, queryId, ruleId, category) } diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/SideEffects1.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/SideEffects1.qll index b3bcac75eb..24175cdfb7 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/SideEffects1.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/SideEffects1.qll @@ -15,14 +15,15 @@ newtype SideEffects1Query = TPossibleSuppressedSideEffectInLogicOperatorOperandQuery() or TSizeofOperandWithSideEffectQuery() -predicate isSideEffects1QueryMetadata(Query query, string queryId, string ruleId) { +predicate isSideEffects1QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `dependenceOnOrderOfScalarEvaluationForSideEffects` query SideEffects1Package::dependenceOnOrderOfScalarEvaluationForSideEffectsQuery() and queryId = // `@id` for the `dependenceOnOrderOfScalarEvaluationForSideEffects` query "c/cert/dependence-on-order-of-scalar-evaluation-for-side-effects" and - ruleId = "EXP30-C" + ruleId = "EXP30-C" and + category = "rule" or query = // `Query` instance for the `dependenceOnOrderOfFunctionArgumentsForSideEffects` query @@ -30,7 +31,8 @@ predicate isSideEffects1QueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `dependenceOnOrderOfFunctionArgumentsForSideEffects` query "c/cert/dependence-on-order-of-function-arguments-for-side-effects" and - ruleId = "EXP30-C" + ruleId = "EXP30-C" and + category = "rule" or query = // `Query` instance for the `unevaluatedOperandWithSideEffect` query @@ -38,7 +40,8 @@ predicate isSideEffects1QueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `unevaluatedOperandWithSideEffect` query "c/cert/unevaluated-operand-with-side-effect" and - ruleId = "EXP44-C" + ruleId = "EXP44-C" and + category = "rule" or query = // `Query` instance for the `assignmentsInSelectionStatements` query @@ -46,7 +49,8 @@ predicate isSideEffects1QueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `assignmentsInSelectionStatements` query "c/cert/assignments-in-selection-statements" and - ruleId = "EXP45-C" + ruleId = "EXP45-C" and + category = "rule" or query = // `Query` instance for the `unenclosedSizeofOperand` query @@ -54,7 +58,8 @@ predicate isSideEffects1QueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `unenclosedSizeofOperand` query "c/misra/unenclosed-sizeof-operand" and - ruleId = "RULE-12-1" + ruleId = "RULE-12-1" and + category = "advisory" or query = // `Query` instance for the `implicitPrecedenceOfOperatorsInExpression` query @@ -62,7 +67,8 @@ predicate isSideEffects1QueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `implicitPrecedenceOfOperatorsInExpression` query "c/misra/implicit-precedence-of-operators-in-expression" and - ruleId = "RULE-12-1" + ruleId = "RULE-12-1" and + category = "advisory" or query = // `Query` instance for the `initializerListsContainPersistentSideEffects` query @@ -70,7 +76,8 @@ predicate isSideEffects1QueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `initializerListsContainPersistentSideEffects` query "c/misra/initializer-lists-contain-persistent-side-effects" and - ruleId = "RULE-13-1" + ruleId = "RULE-13-1" and + category = "required" or query = // `Query` instance for the `resultOfAnAssignmentOperatorShouldNotBeUsed` query @@ -78,7 +85,8 @@ predicate isSideEffects1QueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `resultOfAnAssignmentOperatorShouldNotBeUsed` query "c/misra/result-of-an-assignment-operator-should-not-be-used" and - ruleId = "RULE-13-4" + ruleId = "RULE-13-4" and + category = "advisory" or query = // `Query` instance for the `possibleSuppressedSideEffectInLogicOperatorOperand` query @@ -86,7 +94,8 @@ predicate isSideEffects1QueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `possibleSuppressedSideEffectInLogicOperatorOperand` query "c/misra/possible-suppressed-side-effect-in-logic-operator-operand" and - ruleId = "RULE-13-5" + ruleId = "RULE-13-5" and + category = "required" or query = // `Query` instance for the `sizeofOperandWithSideEffect` query @@ -94,7 +103,8 @@ predicate isSideEffects1QueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `sizeofOperandWithSideEffect` query "c/misra/sizeof-operand-with-side-effect" and - ruleId = "RULE-13-6" + ruleId = "RULE-13-6" and + category = "mandatory" } module SideEffects1Package { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/SideEffects2.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/SideEffects2.qll index c14446ee92..82e5c0c5d2 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/SideEffects2.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/SideEffects2.qll @@ -7,14 +7,15 @@ newtype SideEffects2Query = TSideEffectAndCrementInFullExpressionQuery() or TModificationOfFunctionParameterQuery() -predicate isSideEffects2QueryMetadata(Query query, string queryId, string ruleId) { +predicate isSideEffects2QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `sideEffectAndCrementInFullExpression` query SideEffects2Package::sideEffectAndCrementInFullExpressionQuery() and queryId = // `@id` for the `sideEffectAndCrementInFullExpression` query "c/misra/side-effect-and-crement-in-full-expression" and - ruleId = "RULE-13-3" + ruleId = "RULE-13-3" and + category = "advisory" or query = // `Query` instance for the `modificationOfFunctionParameter` query @@ -22,7 +23,8 @@ predicate isSideEffects2QueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `modificationOfFunctionParameter` query "c/misra/modification-of-function-parameter" and - ruleId = "RULE-17-8" + ruleId = "RULE-17-8" and + category = "advisory" } module SideEffects2Package { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Strings1.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Strings1.qll index 7a401ea5b3..e306df55bf 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Strings1.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Strings1.qll @@ -8,14 +8,15 @@ newtype Strings1Query = TStringsHasSufficientSpaceForTheNullTerminatorQuery() or TNonNullTerminatedToFunctionThatExpectsAStringQuery() -predicate isStrings1QueryMetadata(Query query, string queryId, string ruleId) { +predicate isStrings1QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `doNotAttemptToModifyStringLiterals` query Strings1Package::doNotAttemptToModifyStringLiteralsQuery() and queryId = // `@id` for the `doNotAttemptToModifyStringLiterals` query "c/cert/do-not-attempt-to-modify-string-literals" and - ruleId = "STR30-C" + ruleId = "STR30-C" and + category = "rule" or query = // `Query` instance for the `stringsHasSufficientSpaceForTheNullTerminator` query @@ -23,7 +24,8 @@ predicate isStrings1QueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `stringsHasSufficientSpaceForTheNullTerminator` query "c/cert/strings-has-sufficient-space-for-the-null-terminator" and - ruleId = "STR31-C" + ruleId = "STR31-C" and + category = "rule" or query = // `Query` instance for the `nonNullTerminatedToFunctionThatExpectsAString` query @@ -31,7 +33,8 @@ predicate isStrings1QueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `nonNullTerminatedToFunctionThatExpectsAString` query "c/cert/non-null-terminated-to-function-that-expects-a-string" and - ruleId = "STR32-C" + ruleId = "STR32-C" and + category = "rule" } module Strings1Package { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Strings2.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Strings2.qll index 4c5b6b8816..99dd98d68e 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Strings2.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Strings2.qll @@ -5,14 +5,15 @@ import codingstandards.cpp.exclusions.RuleMetadata newtype Strings2Query = TToCharacterHandlingFunctionsRepresentableAsUCharQuery() -predicate isStrings2QueryMetadata(Query query, string queryId, string ruleId) { +predicate isStrings2QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `toCharacterHandlingFunctionsRepresentableAsUChar` query Strings2Package::toCharacterHandlingFunctionsRepresentableAsUCharQuery() and queryId = // `@id` for the `toCharacterHandlingFunctionsRepresentableAsUChar` query "c/cert/to-character-handling-functions-representable-as-u-char" and - ruleId = "STR37-C" + ruleId = "STR37-C" and + category = "rule" } module Strings2Package { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Strings3.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Strings3.qll index ab837108c9..760f54b9fa 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Strings3.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Strings3.qll @@ -7,14 +7,15 @@ newtype Strings3Query = TCastCharBeforeConvertingToLargerSizesQuery() or TDoNotConfuseNarrowAndWideFunctionsQuery() -predicate isStrings3QueryMetadata(Query query, string queryId, string ruleId) { +predicate isStrings3QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `castCharBeforeConvertingToLargerSizes` query Strings3Package::castCharBeforeConvertingToLargerSizesQuery() and queryId = // `@id` for the `castCharBeforeConvertingToLargerSizes` query "c/cert/cast-char-before-converting-to-larger-sizes" and - ruleId = "STR34-C" + ruleId = "STR34-C" and + category = "rule" or query = // `Query` instance for the `doNotConfuseNarrowAndWideFunctions` query @@ -22,7 +23,8 @@ predicate isStrings3QueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `doNotConfuseNarrowAndWideFunctions` query "c/cert/do-not-confuse-narrow-and-wide-functions" and - ruleId = "STR38-C" + ruleId = "STR38-C" and + category = "rule" } module Strings3Package { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Syntax.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Syntax.qll index 901b6393a4..3a53cf05c3 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Syntax.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Syntax.qll @@ -12,14 +12,15 @@ newtype SyntaxQuery = TUOrUSuffixRepresentedInUnsignedTypeQuery() or TLowercaseCharacterLUsedInLiteralSuffixQuery() -predicate isSyntaxQueryMetadata(Query query, string queryId, string ruleId) { +predicate isSyntaxQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `characterSequencesAndUsedWithinAComment` query SyntaxPackage::characterSequencesAndUsedWithinACommentQuery() and queryId = // `@id` for the `characterSequencesAndUsedWithinAComment` query "c/misra/character-sequences-and-used-within-a-comment" and - ruleId = "RULE-3-1" + ruleId = "RULE-3-1" and + category = "required" or query = // `Query` instance for the `lineSplicingUsedInComments` query @@ -27,7 +28,8 @@ predicate isSyntaxQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `lineSplicingUsedInComments` query "c/misra/line-splicing-used-in-comments" and - ruleId = "RULE-3-2" + ruleId = "RULE-3-2" and + category = "required" or query = // `Query` instance for the `octalAndHexadecimalEscapeSequencesNotTerminated` query @@ -35,7 +37,8 @@ predicate isSyntaxQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `octalAndHexadecimalEscapeSequencesNotTerminated` query "c/misra/octal-and-hexadecimal-escape-sequences-not-terminated" and - ruleId = "RULE-4-1" + ruleId = "RULE-4-1" and + category = "required" or query = // `Query` instance for the `sectionsOfCodeShallNotBeCommentedOut` query @@ -43,7 +46,8 @@ predicate isSyntaxQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `sectionsOfCodeShallNotBeCommentedOut` query "c/misra/sections-of-code-shall-not-be-commented-out" and - ruleId = "DIR-4-4" + ruleId = "DIR-4-4" and + category = "advisory" or query = // `Query` instance for the `identifiersInTheSameNameSpaceUnambiguous` query @@ -51,7 +55,8 @@ predicate isSyntaxQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `identifiersInTheSameNameSpaceUnambiguous` query "c/misra/identifiers-in-the-same-name-space-unambiguous" and - ruleId = "DIR-4-5" + ruleId = "DIR-4-5" and + category = "advisory" or query = // `Query` instance for the `uOrUSuffixRepresentedInUnsignedType` query @@ -59,7 +64,8 @@ predicate isSyntaxQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `uOrUSuffixRepresentedInUnsignedType` query "c/misra/u-or-u-suffix-represented-in-unsigned-type" and - ruleId = "RULE-7-2" + ruleId = "RULE-7-2" and + category = "required" or query = // `Query` instance for the `lowercaseCharacterLUsedInLiteralSuffix` query @@ -67,7 +73,8 @@ predicate isSyntaxQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `lowercaseCharacterLUsedInLiteralSuffix` query "c/misra/lowercase-character-l-used-in-literal-suffix" and - ruleId = "RULE-7-3" + ruleId = "RULE-7-3" and + category = "required" } module SyntaxPackage { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Allocations.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Allocations.qll index e4550ad95e..56bdf2b954 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Allocations.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Allocations.qll @@ -26,14 +26,15 @@ newtype AllocationsQuery = TOperatorDeleteMissingPartnerCertQuery() or TUsingDefaultOperatorNewForOverAlignedTypesQuery() -predicate isAllocationsQueryMetadata(Query query, string queryId, string ruleId) { +predicate isAllocationsQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `placementNewNotProperlyAlignedAutosar` query AllocationsPackage::placementNewNotProperlyAlignedAutosarQuery() and queryId = // `@id` for the `placementNewNotProperlyAlignedAutosar` query "cpp/autosar/placement-new-not-properly-aligned-autosar" and - ruleId = "A18-5-10" + ruleId = "A18-5-10" and + category = "required" or query = // `Query` instance for the `placementNewInsufficientStorageAutosar` query @@ -41,7 +42,8 @@ predicate isAllocationsQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `placementNewInsufficientStorageAutosar` query "cpp/autosar/placement-new-insufficient-storage-autosar" and - ruleId = "A18-5-10" + ruleId = "A18-5-10" and + category = "required" or query = // `Query` instance for the `doNotUseNonPlacementNew` query @@ -49,7 +51,8 @@ predicate isAllocationsQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `doNotUseNonPlacementNew` query "cpp/autosar/do-not-use-non-placement-new" and - ruleId = "A18-5-2" + ruleId = "A18-5-2" and + category = "required" or query = // `Query` instance for the `doNotUseNonPlacementDelete` query @@ -57,7 +60,8 @@ predicate isAllocationsQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `doNotUseNonPlacementDelete` query "cpp/autosar/do-not-use-non-placement-delete" and - ruleId = "A18-5-2" + ruleId = "A18-5-2" and + category = "required" or query = // `Query` instance for the `dynamicMemoryManagementFailureMode` query @@ -65,7 +69,8 @@ predicate isAllocationsQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `dynamicMemoryManagementFailureMode` query "cpp/autosar/dynamic-memory-management-failure-mode" and - ruleId = "A18-5-6" + ruleId = "A18-5-6" and + category = "required" or query = // `Query` instance for the `unnecessaryUseOfDynamicStorage` query @@ -73,7 +78,8 @@ predicate isAllocationsQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `unnecessaryUseOfDynamicStorage` query "cpp/autosar/unnecessary-use-of-dynamic-storage" and - ruleId = "A18-5-8" + ruleId = "A18-5-8" and + category = "required" or query = // `Query` instance for the `throwingOperatorNewReturnsNullAutosar` query @@ -81,7 +87,8 @@ predicate isAllocationsQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `throwingOperatorNewReturnsNullAutosar` query "cpp/autosar/throwing-operator-new-returns-null-autosar" and - ruleId = "A18-5-9" + ruleId = "A18-5-9" and + category = "required" or query = // `Query` instance for the `throwingOperatorNewThrowsInvalidExceptionAutosar` query @@ -89,7 +96,8 @@ predicate isAllocationsQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `throwingOperatorNewThrowsInvalidExceptionAutosar` query "cpp/autosar/throwing-operator-new-throws-invalid-exception-autosar" and - ruleId = "A18-5-9" + ruleId = "A18-5-9" and + category = "required" or query = // `Query` instance for the `throwingNoThrowOperatorNewDeleteAutosar` query @@ -97,7 +105,8 @@ predicate isAllocationsQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `throwingNoThrowOperatorNewDeleteAutosar` query "cpp/autosar/throwing-no-throw-operator-new-delete-autosar" and - ruleId = "A18-5-9" + ruleId = "A18-5-9" and + category = "required" or query = // `Query` instance for the `operatorDeleteMissingPartnerAutosar` query @@ -105,7 +114,8 @@ predicate isAllocationsQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `operatorDeleteMissingPartnerAutosar` query "cpp/autosar/operator-delete-missing-partner-autosar" and - ruleId = "A18-5-9" + ruleId = "A18-5-9" and + category = "required" or query = // `Query` instance for the `properlyDeallocateDynamicallyAllocatedResources` query @@ -113,7 +123,8 @@ predicate isAllocationsQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `properlyDeallocateDynamicallyAllocatedResources` query "cpp/cert/properly-deallocate-dynamically-allocated-resources" and - ruleId = "MEM51-CPP" + ruleId = "MEM51-CPP" and + category = "rule" or query = // `Query` instance for the `detectAndHandleMemoryAllocationErrors` query @@ -121,7 +132,8 @@ predicate isAllocationsQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `detectAndHandleMemoryAllocationErrors` query "cpp/cert/detect-and-handle-memory-allocation-errors" and - ruleId = "MEM52-CPP" + ruleId = "MEM52-CPP" and + category = "rule" or query = // `Query` instance for the `missingConstructorCallForManuallyManagedObject` query @@ -129,7 +141,8 @@ predicate isAllocationsQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `missingConstructorCallForManuallyManagedObject` query "cpp/cert/missing-constructor-call-for-manually-managed-object" and - ruleId = "MEM53-CPP" + ruleId = "MEM53-CPP" and + category = "rule" or query = // `Query` instance for the `missingDestructorCallForManuallyManagedObject` query @@ -137,7 +150,8 @@ predicate isAllocationsQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `missingDestructorCallForManuallyManagedObject` query "cpp/cert/missing-destructor-call-for-manually-managed-object" and - ruleId = "MEM53-CPP" + ruleId = "MEM53-CPP" and + category = "rule" or query = // `Query` instance for the `placementNewNotProperlyAlignedCert` query @@ -145,7 +159,8 @@ predicate isAllocationsQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `placementNewNotProperlyAlignedCert` query "cpp/cert/placement-new-not-properly-aligned-cert" and - ruleId = "MEM54-CPP" + ruleId = "MEM54-CPP" and + category = "rule" or query = // `Query` instance for the `placementNewInsufficientStorageCert` query @@ -153,7 +168,8 @@ predicate isAllocationsQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `placementNewInsufficientStorageCert` query "cpp/cert/placement-new-insufficient-storage-cert" and - ruleId = "MEM54-CPP" + ruleId = "MEM54-CPP" and + category = "rule" or query = // `Query` instance for the `throwingOperatorNewReturnsNullCert` query @@ -161,7 +177,8 @@ predicate isAllocationsQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `throwingOperatorNewReturnsNullCert` query "cpp/cert/throwing-operator-new-returns-null-cert" and - ruleId = "MEM55-CPP" + ruleId = "MEM55-CPP" and + category = "rule" or query = // `Query` instance for the `throwingOperatorNewThrowsInvalidExceptionCert` query @@ -169,7 +186,8 @@ predicate isAllocationsQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `throwingOperatorNewThrowsInvalidExceptionCert` query "cpp/cert/throwing-operator-new-throws-invalid-exception-cert" and - ruleId = "MEM55-CPP" + ruleId = "MEM55-CPP" and + category = "rule" or query = // `Query` instance for the `throwingNoThrowOperatorNewDeleteCert` query @@ -177,7 +195,8 @@ predicate isAllocationsQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `throwingNoThrowOperatorNewDeleteCert` query "cpp/cert/throwing-no-throw-operator-new-delete-cert" and - ruleId = "MEM55-CPP" + ruleId = "MEM55-CPP" and + category = "rule" or query = // `Query` instance for the `operatorDeleteMissingPartnerCert` query @@ -185,7 +204,8 @@ predicate isAllocationsQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `operatorDeleteMissingPartnerCert` query "cpp/cert/operator-delete-missing-partner-cert" and - ruleId = "MEM55-CPP" + ruleId = "MEM55-CPP" and + category = "rule" or query = // `Query` instance for the `usingDefaultOperatorNewForOverAlignedTypes` query @@ -193,7 +213,8 @@ predicate isAllocationsQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `usingDefaultOperatorNewForOverAlignedTypes` query "cpp/cert/using-default-operator-new-for-over-aligned-types" and - ruleId = "MEM57-CPP" + ruleId = "MEM57-CPP" and + category = "rule" } module AllocationsPackage { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/BannedFunctions.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/BannedFunctions.qll index bd611a42ec..c17972650b 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/BannedFunctions.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/BannedFunctions.qll @@ -16,14 +16,15 @@ newtype BannedFunctionsQuery = TDoNotUseRandForGeneratingPseudorandomNumbersQuery() or TPreferSpecialMemberFunctionsAndOverloadedOperatorsToCStandardLibraryFunctionsQuery() -predicate isBannedFunctionsQueryMetadata(Query query, string queryId, string ruleId) { +predicate isBannedFunctionsQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `functionsMallocCallocReallocAndFreeUsed` query BannedFunctionsPackage::functionsMallocCallocReallocAndFreeUsedQuery() and queryId = // `@id` for the `functionsMallocCallocReallocAndFreeUsed` query "cpp/autosar/functions-malloc-calloc-realloc-and-free-used" and - ruleId = "A18-5-1" + ruleId = "A18-5-1" and + category = "required" or query = // `Query` instance for the `bindUsed` query @@ -31,7 +32,8 @@ predicate isBannedFunctionsQueryMetadata(Query query, string queryId, string rul queryId = // `@id` for the `bindUsed` query "cpp/autosar/bind-used" and - ruleId = "A18-9-1" + ruleId = "A18-9-1" and + category = "required" or query = // `Query` instance for the `pseudorandomNumbersGeneratedUsingRand` query @@ -39,7 +41,8 @@ predicate isBannedFunctionsQueryMetadata(Query query, string queryId, string rul queryId = // `@id` for the `pseudorandomNumbersGeneratedUsingRand` query "cpp/autosar/pseudorandom-numbers-generated-using-rand" and - ruleId = "A26-5-1" + ruleId = "A26-5-1" and + category = "required" or query = // `Query` instance for the `setjmpMacroAndTheLongjmpFunctionUsed` query @@ -47,7 +50,8 @@ predicate isBannedFunctionsQueryMetadata(Query query, string queryId, string rul queryId = // `@id` for the `setjmpMacroAndTheLongjmpFunctionUsed` query "cpp/autosar/setjmp-macro-and-the-longjmp-function-used" and - ruleId = "M17-0-5" + ruleId = "M17-0-5" and + category = "required" or query = // `Query` instance for the `libraryFunctionsAbortExitGetenvAndSystemFromLibraryCstdlibUsed` query @@ -55,7 +59,8 @@ predicate isBannedFunctionsQueryMetadata(Query query, string queryId, string rul queryId = // `@id` for the `libraryFunctionsAbortExitGetenvAndSystemFromLibraryCstdlibUsed` query "cpp/autosar/library-functions-abort-exit-getenv-and-system-from-library-cstdlib-used" and - ruleId = "M18-0-3" + ruleId = "M18-0-3" and + category = "required" or query = // `Query` instance for the `timeHandlingFunctionsOfLibraryCtimeUsed` query @@ -63,7 +68,8 @@ predicate isBannedFunctionsQueryMetadata(Query query, string queryId, string rul queryId = // `@id` for the `timeHandlingFunctionsOfLibraryCtimeUsed` query "cpp/autosar/time-handling-functions-of-library-ctime-used" and - ruleId = "M18-0-4" + ruleId = "M18-0-4" and + category = "required" or query = // `Query` instance for the `unboundedFunctionsOfLibraryCstringUsed` query @@ -71,7 +77,8 @@ predicate isBannedFunctionsQueryMetadata(Query query, string queryId, string rul queryId = // `@id` for the `unboundedFunctionsOfLibraryCstringUsed` query "cpp/autosar/unbounded-functions-of-library-cstring-used" and - ruleId = "M18-0-5" + ruleId = "M18-0-5" and + category = "required" or query = // `Query` instance for the `macroOffsetofUsed` query @@ -79,7 +86,8 @@ predicate isBannedFunctionsQueryMetadata(Query query, string queryId, string rul queryId = // `@id` for the `macroOffsetofUsed` query "cpp/autosar/macro-offsetof-used" and - ruleId = "M18-2-1" + ruleId = "M18-2-1" and + category = "required" or query = // `Query` instance for the `doNotUseSetjmpOrLongjmp` query @@ -87,7 +95,8 @@ predicate isBannedFunctionsQueryMetadata(Query query, string queryId, string rul queryId = // `@id` for the `doNotUseSetjmpOrLongjmp` query "cpp/cert/do-not-use-setjmp-or-longjmp" and - ruleId = "ERR52-CPP" + ruleId = "ERR52-CPP" and + category = "rule" or query = // `Query` instance for the `doNotUseRandForGeneratingPseudorandomNumbers` query @@ -95,7 +104,8 @@ predicate isBannedFunctionsQueryMetadata(Query query, string queryId, string rul queryId = // `@id` for the `doNotUseRandForGeneratingPseudorandomNumbers` query "cpp/cert/do-not-use-rand-for-generating-pseudorandom-numbers" and - ruleId = "MSC50-CPP" + ruleId = "MSC50-CPP" and + category = "rule" or query = // `Query` instance for the `preferSpecialMemberFunctionsAndOverloadedOperatorsToCStandardLibraryFunctions` query @@ -103,7 +113,8 @@ predicate isBannedFunctionsQueryMetadata(Query query, string queryId, string rul queryId = // `@id` for the `preferSpecialMemberFunctionsAndOverloadedOperatorsToCStandardLibraryFunctions` query "cpp/cert/prefer-special-member-functions-and-overloaded-operators-to-c-standard-library-functions" and - ruleId = "OOP57-CPP" + ruleId = "OOP57-CPP" and + category = "rule" } module BannedFunctionsPackage { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/BannedLibraries.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/BannedLibraries.qll index 0672896465..9a314e79c6 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/BannedLibraries.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/BannedLibraries.qll @@ -17,14 +17,15 @@ newtype BannedLibrariesQuery = TCstdioTypesUsedQuery() or TUsageOfAssemblerNotDocumentedQuery() -predicate isBannedLibrariesQueryMetadata(Query query, string queryId, string ruleId) { +predicate isBannedLibrariesQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `reservedIdentifiersMacrosAndFunctionsAreDefinedRedefinedOrUndefined` query BannedLibrariesPackage::reservedIdentifiersMacrosAndFunctionsAreDefinedRedefinedOrUndefinedQuery() and queryId = // `@id` for the `reservedIdentifiersMacrosAndFunctionsAreDefinedRedefinedOrUndefined` query "cpp/autosar/reserved-identifiers-macros-and-functions-are-defined-redefined-or-undefined" and - ruleId = "A17-0-1" + ruleId = "A17-0-1" and + category = "required" or query = // `Query` instance for the `cLibraryFacilitiesNotAccessedThroughCPPLibraryHeaders` query @@ -32,7 +33,8 @@ predicate isBannedLibrariesQueryMetadata(Query query, string queryId, string rul queryId = // `@id` for the `cLibraryFacilitiesNotAccessedThroughCPPLibraryHeaders` query "cpp/autosar/c-library-facilities-not-accessed-through-cpp-library-headers" and - ruleId = "A18-0-1" + ruleId = "A18-0-1" and + category = "required" or query = // `Query` instance for the `localeFunctionsUsed` query @@ -40,7 +42,8 @@ predicate isBannedLibrariesQueryMetadata(Query query, string queryId, string rul queryId = // `@id` for the `localeFunctionsUsed` query "cpp/autosar/locale-functions-used" and - ruleId = "A18-0-3" + ruleId = "A18-0-3" and + category = "required" or query = // `Query` instance for the `localeMacrosUsed` query @@ -48,7 +51,8 @@ predicate isBannedLibrariesQueryMetadata(Query query, string queryId, string rul queryId = // `@id` for the `localeMacrosUsed` query "cpp/autosar/locale-macros-used" and - ruleId = "A18-0-3" + ruleId = "A18-0-3" and + category = "required" or query = // `Query` instance for the `localeTypeLConvUsed` query @@ -56,7 +60,8 @@ predicate isBannedLibrariesQueryMetadata(Query query, string queryId, string rul queryId = // `@id` for the `localeTypeLConvUsed` query "cpp/autosar/locale-type-l-conv-used" and - ruleId = "A18-0-3" + ruleId = "A18-0-3" and + category = "required" or query = // `Query` instance for the `csignalFunctionsUsed` query @@ -64,7 +69,8 @@ predicate isBannedLibrariesQueryMetadata(Query query, string queryId, string rul queryId = // `@id` for the `csignalFunctionsUsed` query "cpp/autosar/csignal-functions-used" and - ruleId = "M18-7-1" + ruleId = "M18-7-1" and + category = "required" or query = // `Query` instance for the `csignalTypesUsed` query @@ -72,7 +78,8 @@ predicate isBannedLibrariesQueryMetadata(Query query, string queryId, string rul queryId = // `@id` for the `csignalTypesUsed` query "cpp/autosar/csignal-types-used" and - ruleId = "M18-7-1" + ruleId = "M18-7-1" and + category = "required" or query = // `Query` instance for the `errnoUsed` query @@ -80,7 +87,8 @@ predicate isBannedLibrariesQueryMetadata(Query query, string queryId, string rul queryId = // `@id` for the `errnoUsed` query "cpp/autosar/errno-used" and - ruleId = "M19-3-1" + ruleId = "M19-3-1" and + category = "required" or query = // `Query` instance for the `cstdioFunctionsUsed` query @@ -88,7 +96,8 @@ predicate isBannedLibrariesQueryMetadata(Query query, string queryId, string rul queryId = // `@id` for the `cstdioFunctionsUsed` query "cpp/autosar/cstdio-functions-used" and - ruleId = "M27-0-1" + ruleId = "M27-0-1" and + category = "required" or query = // `Query` instance for the `cstdioMacrosUsed` query @@ -96,7 +105,8 @@ predicate isBannedLibrariesQueryMetadata(Query query, string queryId, string rul queryId = // `@id` for the `cstdioMacrosUsed` query "cpp/autosar/cstdio-macros-used" and - ruleId = "M27-0-1" + ruleId = "M27-0-1" and + category = "required" or query = // `Query` instance for the `cstdioTypesUsed` query @@ -104,7 +114,8 @@ predicate isBannedLibrariesQueryMetadata(Query query, string queryId, string rul queryId = // `@id` for the `cstdioTypesUsed` query "cpp/autosar/cstdio-types-used" and - ruleId = "M27-0-1" + ruleId = "M27-0-1" and + category = "required" or query = // `Query` instance for the `usageOfAssemblerNotDocumented` query @@ -112,7 +123,8 @@ predicate isBannedLibrariesQueryMetadata(Query query, string queryId, string rul queryId = // `@id` for the `usageOfAssemblerNotDocumented` query "cpp/autosar/usage-of-assembler-not-documented" and - ruleId = "M7-4-1" + ruleId = "M7-4-1" and + category = "required" } module BannedLibrariesPackage { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/BannedSyntax.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/BannedSyntax.qll index bd9b0d4924..c473616374 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/BannedSyntax.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/BannedSyntax.qll @@ -22,14 +22,15 @@ newtype BannedSyntaxQuery = TUsingDeclarationsUsedInHeaderFilesQuery() or TDoNotDefineACStyleVariadicFunctionQuery() -predicate isBannedSyntaxQueryMetadata(Query query, string queryId, string ruleId) { +predicate isBannedSyntaxQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `friendDeclarationsUsed` query BannedSyntaxPackage::friendDeclarationsUsedQuery() and queryId = // `@id` for the `friendDeclarationsUsed` query "cpp/autosar/friend-declarations-used" and - ruleId = "A11-3-1" + ruleId = "A11-3-1" and + category = "required" or query = // `Query` instance for the `cStyleArraysUsed` query @@ -37,7 +38,8 @@ predicate isBannedSyntaxQueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `cStyleArraysUsed` query "cpp/autosar/c-style-arrays-used" and - ruleId = "A18-1-1" + ruleId = "A18-1-1" and + category = "required" or query = // `Query` instance for the `volatileKeywordUsed` query @@ -45,7 +47,8 @@ predicate isBannedSyntaxQueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `volatileKeywordUsed` query "cpp/autosar/volatile-keyword-used" and - ruleId = "A2-11-1" + ruleId = "A2-11-1" and + category = "required" or query = // `Query` instance for the `ternaryConditionalOperatorUsedAsSubExpression` query @@ -53,7 +56,8 @@ predicate isBannedSyntaxQueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `ternaryConditionalOperatorUsedAsSubExpression` query "cpp/autosar/ternary-conditional-operator-used-as-sub-expression" and - ruleId = "A5-16-1" + ruleId = "A5-16-1" and + category = "required" or query = // `Query` instance for the `dynamicCastShouldNotBeUsed` query @@ -61,7 +65,8 @@ predicate isBannedSyntaxQueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `dynamicCastShouldNotBeUsed` query "cpp/autosar/dynamic-cast-should-not-be-used" and - ruleId = "A5-2-1" + ruleId = "A5-2-1" and + category = "advisory" or query = // `Query` instance for the `traditionalCStyleCastsUsed` query @@ -69,7 +74,8 @@ predicate isBannedSyntaxQueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `traditionalCStyleCastsUsed` query "cpp/autosar/traditional-c-style-casts-used" and - ruleId = "A5-2-2" + ruleId = "A5-2-2" and + category = "required" or query = // `Query` instance for the `reinterpretCastUsed` query @@ -77,7 +83,8 @@ predicate isBannedSyntaxQueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `reinterpretCastUsed` query "cpp/autosar/reinterpret-cast-used" and - ruleId = "A5-2-4" + ruleId = "A5-2-4" and + category = "required" or query = // `Query` instance for the `gotoStatementUsed` query @@ -85,7 +92,8 @@ predicate isBannedSyntaxQueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `gotoStatementUsed` query "cpp/autosar/goto-statement-used" and - ruleId = "A6-6-1" + ruleId = "A6-6-1" and + category = "required" or query = // `Query` instance for the `registerKeywordUsed` query @@ -93,7 +101,8 @@ predicate isBannedSyntaxQueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `registerKeywordUsed` query "cpp/autosar/register-keyword-used" and - ruleId = "A7-1-4" + ruleId = "A7-1-4" and + category = "required" or query = // `Query` instance for the `typedefSpecifierUsed` query @@ -101,7 +110,8 @@ predicate isBannedSyntaxQueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `typedefSpecifierUsed` query "cpp/autosar/typedef-specifier-used" and - ruleId = "A7-1-6" + ruleId = "A7-1-6" and + category = "required" or query = // `Query` instance for the `asmDeclarationUsed` query @@ -109,7 +119,8 @@ predicate isBannedSyntaxQueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `asmDeclarationUsed` query "cpp/autosar/asm-declaration-used" and - ruleId = "A7-4-1" + ruleId = "A7-4-1" and + category = "required" or query = // `Query` instance for the `functionsDefinedUsingTheEllipsisNotation` query @@ -117,7 +128,8 @@ predicate isBannedSyntaxQueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `functionsDefinedUsingTheEllipsisNotation` query "cpp/autosar/functions-defined-using-the-ellipsis-notation" and - ruleId = "A8-4-1" + ruleId = "A8-4-1" and + category = "required" or query = // `Query` instance for the `unionsUsed` query @@ -125,7 +137,8 @@ predicate isBannedSyntaxQueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `unionsUsed` query "cpp/autosar/unions-used" and - ruleId = "A9-5-1" + ruleId = "A9-5-1" and + category = "required" or query = // `Query` instance for the `commaOperatorUsed` query @@ -133,7 +146,8 @@ predicate isBannedSyntaxQueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `commaOperatorUsed` query "cpp/autosar/comma-operator-used" and - ruleId = "M5-18-1" + ruleId = "M5-18-1" and + category = "required" or query = // `Query` instance for the `usingDirectivesUsed` query @@ -141,7 +155,8 @@ predicate isBannedSyntaxQueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `usingDirectivesUsed` query "cpp/autosar/using-directives-used" and - ruleId = "M7-3-4" + ruleId = "M7-3-4" and + category = "required" or query = // `Query` instance for the `usingDeclarationsUsedInHeaderFiles` query @@ -149,7 +164,8 @@ predicate isBannedSyntaxQueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `usingDeclarationsUsedInHeaderFiles` query "cpp/autosar/using-declarations-used-in-header-files" and - ruleId = "M7-3-6" + ruleId = "M7-3-6" and + category = "required" or query = // `Query` instance for the `doNotDefineACStyleVariadicFunction` query @@ -157,7 +173,8 @@ predicate isBannedSyntaxQueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `doNotDefineACStyleVariadicFunction` query "cpp/cert/do-not-define-ac-style-variadic-function" and - ruleId = "DCL50-CPP" + ruleId = "DCL50-CPP" and + category = "rule" } module BannedSyntaxPackage { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/BannedTypes.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/BannedTypes.qll index a03f046633..8328a0f4d4 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/BannedTypes.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/BannedTypes.qll @@ -9,14 +9,15 @@ newtype BannedTypesQuery = TAutoPtrTypeUsedQuery() or TTypeWcharTUsedQuery() -predicate isBannedTypesQueryMetadata(Query query, string queryId, string ruleId) { +predicate isBannedTypesQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `typeLongDoubleUsed` query BannedTypesPackage::typeLongDoubleUsedQuery() and queryId = // `@id` for the `typeLongDoubleUsed` query "cpp/autosar/type-long-double-used" and - ruleId = "A0-4-2" + ruleId = "A0-4-2" and + category = "required" or query = // `Query` instance for the `vectorboolSpecializationUsed` query @@ -24,7 +25,8 @@ predicate isBannedTypesQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `vectorboolSpecializationUsed` query "cpp/autosar/vectorbool-specialization-used" and - ruleId = "A18-1-2" + ruleId = "A18-1-2" and + category = "required" or query = // `Query` instance for the `autoPtrTypeUsed` query @@ -32,7 +34,8 @@ predicate isBannedTypesQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `autoPtrTypeUsed` query "cpp/autosar/auto-ptr-type-used" and - ruleId = "A18-1-3" + ruleId = "A18-1-3" and + category = "required" or query = // `Query` instance for the `typeWcharTUsed` query @@ -40,7 +43,8 @@ predicate isBannedTypesQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `typeWcharTUsed` query "cpp/autosar/type-wchar-t-used" and - ruleId = "A2-13-3" + ruleId = "A2-13-3" and + category = "required" } module BannedTypesPackage { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Classes.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Classes.qll index a185b76287..92c7a4280e 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Classes.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Classes.qll @@ -23,14 +23,15 @@ newtype ClassesQuery = TMemberDataInNonPodClassTypesNotPrivateQuery() or TOffsetUsedOnInvalidTypeOrMemberQuery() -predicate isClassesQueryMetadata(Query query, string queryId, string ruleId) { +predicate isClassesQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `nonPodTypeShouldBeDefinedAsClass` query ClassesPackage::nonPodTypeShouldBeDefinedAsClassQuery() and queryId = // `@id` for the `nonPodTypeShouldBeDefinedAsClass` query "cpp/autosar/non-pod-type-should-be-defined-as-class" and - ruleId = "A11-0-1" + ruleId = "A11-0-1" and + category = "advisory" or query = // `Query` instance for the `typeDefinedAsStructHasOnlyPublicDataMembers` query @@ -38,7 +39,8 @@ predicate isClassesQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `typeDefinedAsStructHasOnlyPublicDataMembers` query "cpp/autosar/type-defined-as-struct-has-only-public-data-members" and - ruleId = "A11-0-2" + ruleId = "A11-0-2" and + category = "required" or query = // `Query` instance for the `typeDefinedAsStructHasNoMethods` query @@ -46,7 +48,8 @@ predicate isClassesQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `typeDefinedAsStructHasNoMethods` query "cpp/autosar/type-defined-as-struct-has-no-methods" and - ruleId = "A11-0-2" + ruleId = "A11-0-2" and + category = "required" or query = // `Query` instance for the `typeDefinedAsStructIsNotBaseOfOtherClassOrStruct` query @@ -54,7 +57,8 @@ predicate isClassesQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `typeDefinedAsStructIsNotBaseOfOtherClassOrStruct` query "cpp/autosar/type-defined-as-struct-is-not-base-of-other-class-or-struct" and - ruleId = "A11-0-2" + ruleId = "A11-0-2" and + category = "required" or query = // `Query` instance for the `typeDefinedAsStructIsDoesNotInheritFromStructOrClass` query @@ -62,7 +66,8 @@ predicate isClassesQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `typeDefinedAsStructIsDoesNotInheritFromStructOrClass` query "cpp/autosar/type-defined-as-struct-is-does-not-inherit-from-struct-or-class" and - ruleId = "A11-0-2" + ruleId = "A11-0-2" and + category = "required" or query = // `Query` instance for the `missingSpecialMemberFunction` query @@ -70,7 +75,8 @@ predicate isClassesQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `missingSpecialMemberFunction` query "cpp/autosar/missing-special-member-function" and - ruleId = "A12-0-1" + ruleId = "A12-0-1" and + category = "required" or query = // `Query` instance for the `classDataMembersInitializationCondition` query @@ -78,7 +84,8 @@ predicate isClassesQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `classDataMembersInitializationCondition` query "cpp/autosar/class-data-members-initialization-condition" and - ruleId = "A12-6-1" + ruleId = "A12-6-1" and + category = "required" or query = // `Query` instance for the `redundantMemberFunctionsShouldBeDefaultedOrLeftUndefined` query @@ -86,7 +93,8 @@ predicate isClassesQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `redundantMemberFunctionsShouldBeDefaultedOrLeftUndefined` query "cpp/autosar/redundant-member-functions-should-be-defaulted-or-left-undefined" and - ruleId = "A12-7-1" + ruleId = "A12-7-1" and + category = "required" or query = // `Query` instance for the `nonTemplateMemberDefinedInTemplate` query @@ -94,7 +102,8 @@ predicate isClassesQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `nonTemplateMemberDefinedInTemplate` query "cpp/autosar/non-template-member-defined-in-template" and - ruleId = "A14-5-2" + ruleId = "A14-5-2" and + category = "advisory" or query = // `Query` instance for the `trivialOrTemplateFunctionDefinedOutsideClassDefinition` query @@ -102,7 +111,8 @@ predicate isClassesQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `trivialOrTemplateFunctionDefinedOutsideClassDefinition` query "cpp/autosar/trivial-or-template-function-defined-outside-class-definition" and - ruleId = "A3-1-5" + ruleId = "A3-1-5" and + category = "required" or query = // `Query` instance for the `nonTrivialNonTemplateFunctionDefinedInsideClassDefinition` query @@ -110,7 +120,8 @@ predicate isClassesQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `nonTrivialNonTemplateFunctionDefinedInsideClassDefinition` query "cpp/autosar/non-trivial-non-template-function-defined-inside-class-definition" and - ruleId = "A3-1-5" + ruleId = "A3-1-5" and + category = "required" or query = // `Query` instance for the `inParametersForNotCheapToCopyTypesNotPassedByReference` query @@ -118,7 +129,8 @@ predicate isClassesQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `inParametersForNotCheapToCopyTypesNotPassedByReference` query "cpp/autosar/in-parameters-for-not-cheap-to-copy-types-not-passed-by-reference" and - ruleId = "A8-4-7" + ruleId = "A8-4-7" and + category = "required" or query = // `Query` instance for the `inParametersForCheapToCopyTypesNotPassedByValue` query @@ -126,7 +138,8 @@ predicate isClassesQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `inParametersForCheapToCopyTypesNotPassedByValue` query "cpp/autosar/in-parameters-for-cheap-to-copy-types-not-passed-by-value" and - ruleId = "A8-4-7" + ruleId = "A8-4-7" and + category = "required" or query = // `Query` instance for the `returnsNonConstRawPointersOrReferencesToPrivateOrProtectedData` query @@ -134,7 +147,8 @@ predicate isClassesQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `returnsNonConstRawPointersOrReferencesToPrivateOrProtectedData` query "cpp/autosar/returns-non-const-raw-pointers-or-references-to-private-or-protected-data" and - ruleId = "A9-3-1" + ruleId = "A9-3-1" and + category = "required" or query = // `Query` instance for the `dataTypesUsedForInterfacingWithHardwareOrProtocolsMustBeTrivialAndStandardLayout` query @@ -142,7 +156,8 @@ predicate isClassesQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `dataTypesUsedForInterfacingWithHardwareOrProtocolsMustBeTrivialAndStandardLayout` query "cpp/autosar/data-types-used-for-interfacing-with-hardware-or-protocols-must-be-trivial-and-standard-layout" and - ruleId = "A9-6-1" + ruleId = "A9-6-1" and + category = "required" or query = // `Query` instance for the `dataTypesUsedForInterfacingWithHardwareOrProtocolsMustContainOnlyDefinedDataTypeSizes` query @@ -150,7 +165,8 @@ predicate isClassesQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `dataTypesUsedForInterfacingWithHardwareOrProtocolsMustContainOnlyDefinedDataTypeSizes` query "cpp/autosar/data-types-used-for-interfacing-with-hardware-or-protocols-must-contain-only-defined-data-type-sizes" and - ruleId = "A9-6-1" + ruleId = "A9-6-1" and + category = "required" or query = // `Query` instance for the `memberDataInNonPodClassTypesNotPrivate` query @@ -158,7 +174,8 @@ predicate isClassesQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `memberDataInNonPodClassTypesNotPrivate` query "cpp/autosar/member-data-in-non-pod-class-types-not-private" and - ruleId = "M11-0-1" + ruleId = "M11-0-1" and + category = "required" or query = // `Query` instance for the `offsetUsedOnInvalidTypeOrMember` query @@ -166,7 +183,8 @@ predicate isClassesQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `offsetUsedOnInvalidTypeOrMember` query "cpp/cert/offset-used-on-invalid-type-or-member" and - ruleId = "EXP59-CPP" + ruleId = "EXP59-CPP" and + category = "rule" } module ClassesPackage { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Comments.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Comments.qll index 0c06102ec7..9d4d186122 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Comments.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Comments.qll @@ -10,14 +10,15 @@ newtype CommentsQuery = TSlashStarUsedWithinACStyleCommentQuery() or TNullOnSharedLineQuery() -predicate isCommentsQueryMetadata(Query query, string queryId, string ruleId) { +predicate isCommentsQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `singleLineCommentEndsWithSlash` query CommentsPackage::singleLineCommentEndsWithSlashQuery() and queryId = // `@id` for the `singleLineCommentEndsWithSlash` query "cpp/autosar/single-line-comment-ends-with-slash" and - ruleId = "A2-7-1" + ruleId = "A2-7-1" and + category = "required" or query = // `Query` instance for the `sectionsOfCodeCommentedOut` query @@ -25,7 +26,8 @@ predicate isCommentsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `sectionsOfCodeCommentedOut` query "cpp/autosar/sections-of-code-commented-out" and - ruleId = "A2-7-2" + ruleId = "A2-7-2" and + category = "required" or query = // `Query` instance for the `undocumentedUserDefinedType` query @@ -33,7 +35,8 @@ predicate isCommentsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `undocumentedUserDefinedType` query "cpp/autosar/undocumented-user-defined-type" and - ruleId = "A2-7-3" + ruleId = "A2-7-3" and + category = "required" or query = // `Query` instance for the `slashStarUsedWithinACStyleComment` query @@ -41,7 +44,8 @@ predicate isCommentsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `slashStarUsedWithinACStyleComment` query "cpp/autosar/slash-star-used-within-ac-style-comment" and - ruleId = "M2-7-1" + ruleId = "M2-7-1" and + category = "required" or query = // `Query` instance for the `nullOnSharedLine` query @@ -49,7 +53,8 @@ predicate isCommentsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `nullOnSharedLine` query "cpp/autosar/null-on-shared-line" and - ruleId = "M6-2-3" + ruleId = "M6-2-3" and + category = "required" } module CommentsPackage { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Concurrency.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Concurrency.qll index 3a2696c880..8038d4e51e 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Concurrency.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Concurrency.qll @@ -14,14 +14,15 @@ newtype ConcurrencyQuery = TDoNotSpeculativelyLockALockedNonRecursiveMutexQuery() or TLockedALockedNonRecursiveMutexAuditQuery() -predicate isConcurrencyQueryMetadata(Query query, string queryId, string ruleId) { +predicate isConcurrencyQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `doNotAllowAMutexToGoOutOfScopeWhileLocked` query ConcurrencyPackage::doNotAllowAMutexToGoOutOfScopeWhileLockedQuery() and queryId = // `@id` for the `doNotAllowAMutexToGoOutOfScopeWhileLocked` query "cpp/cert/do-not-allow-a-mutex-to-go-out-of-scope-while-locked" and - ruleId = "CON50-CPP" + ruleId = "CON50-CPP" and + category = "rule" or query = // `Query` instance for the `doNotDestroyAMutexWhileItIsLocked` query @@ -29,7 +30,8 @@ predicate isConcurrencyQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `doNotDestroyAMutexWhileItIsLocked` query "cpp/cert/do-not-destroy-a-mutex-while-it-is-locked" and - ruleId = "CON50-CPP" + ruleId = "CON50-CPP" and + category = "rule" or query = // `Query` instance for the `ensureActivelyHeldLocksAreReleasedOnExceptionalConditions` query @@ -37,7 +39,8 @@ predicate isConcurrencyQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `ensureActivelyHeldLocksAreReleasedOnExceptionalConditions` query "cpp/cert/ensure-actively-held-locks-are-released-on-exceptional-conditions" and - ruleId = "CON51-CPP" + ruleId = "CON51-CPP" and + category = "rule" or query = // `Query` instance for the `preventBitFieldAccessFromMultipleThreads` query @@ -45,7 +48,8 @@ predicate isConcurrencyQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `preventBitFieldAccessFromMultipleThreads` query "cpp/cert/prevent-bit-field-access-from-multiple-threads" and - ruleId = "CON52-CPP" + ruleId = "CON52-CPP" and + category = "rule" or query = // `Query` instance for the `deadlockByLockingInPredefinedOrder` query @@ -53,7 +57,8 @@ predicate isConcurrencyQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `deadlockByLockingInPredefinedOrder` query "cpp/cert/deadlock-by-locking-in-predefined-order" and - ruleId = "CON53-CPP" + ruleId = "CON53-CPP" and + category = "rule" or query = // `Query` instance for the `wrapFunctionsThatCanSpuriouslyWakeUpInLoop` query @@ -61,7 +66,8 @@ predicate isConcurrencyQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `wrapFunctionsThatCanSpuriouslyWakeUpInLoop` query "cpp/cert/wrap-functions-that-can-spuriously-wake-up-in-loop" and - ruleId = "CON54-CPP" + ruleId = "CON54-CPP" and + category = "rule" or query = // `Query` instance for the `preserveSafetyWhenUsingConditionVariables` query @@ -69,7 +75,8 @@ predicate isConcurrencyQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `preserveSafetyWhenUsingConditionVariables` query "cpp/cert/preserve-safety-when-using-condition-variables" and - ruleId = "CON55-CPP" + ruleId = "CON55-CPP" and + category = "rule" or query = // `Query` instance for the `doNotSpeculativelyLockALockedNonRecursiveMutex` query @@ -77,7 +84,8 @@ predicate isConcurrencyQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `doNotSpeculativelyLockALockedNonRecursiveMutex` query "cpp/cert/do-not-speculatively-lock-a-locked-non-recursive-mutex" and - ruleId = "CON56-CPP" + ruleId = "CON56-CPP" and + category = "rule" or query = // `Query` instance for the `lockedALockedNonRecursiveMutexAudit` query @@ -85,7 +93,8 @@ predicate isConcurrencyQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `lockedALockedNonRecursiveMutexAudit` query "cpp/cert/locked-a-locked-non-recursive-mutex-audit" and - ruleId = "CON56-CPP" + ruleId = "CON56-CPP" and + category = "rule" } module ConcurrencyPackage { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Conditionals.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Conditionals.qll index 4ca7053d08..979e51e5c8 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Conditionals.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Conditionals.qll @@ -22,14 +22,15 @@ newtype ConditionalsQuery = TGotoStatementJumpConditionQuery() or TContinueInForLoopConditionQuery() -predicate isConditionalsQueryMetadata(Query query, string queryId, string ruleId) { +predicate isConditionalsQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `nonBooleanIfCondition` query ConditionalsPackage::nonBooleanIfConditionQuery() and queryId = // `@id` for the `nonBooleanIfCondition` query "cpp/autosar/non-boolean-if-condition" and - ruleId = "A5-0-2" + ruleId = "A5-0-2" and + category = "required" or query = // `Query` instance for the `nonBooleanIterationCondition` query @@ -37,7 +38,8 @@ predicate isConditionalsQueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `nonBooleanIterationCondition` query "cpp/autosar/non-boolean-iteration-condition" and - ruleId = "A5-0-2" + ruleId = "A5-0-2" and + category = "required" or query = // `Query` instance for the `switchLessThanTwoCases` query @@ -45,7 +47,8 @@ predicate isConditionalsQueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `switchLessThanTwoCases` query "cpp/autosar/switch-less-than-two-cases" and - ruleId = "A6-4-1" + ruleId = "A6-4-1" and + category = "required" or query = // `Query` instance for the `switchCompoundCondition` query @@ -53,7 +56,8 @@ predicate isConditionalsQueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `switchCompoundCondition` query "cpp/autosar/switch-compound-condition" and - ruleId = "M6-3-1" + ruleId = "M6-3-1" and + category = "required" or query = // `Query` instance for the `loopCompoundCondition` query @@ -61,7 +65,8 @@ predicate isConditionalsQueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `loopCompoundCondition` query "cpp/autosar/loop-compound-condition" and - ruleId = "M6-3-1" + ruleId = "M6-3-1" and + category = "required" or query = // `Query` instance for the `ifCompoundCondition` query @@ -69,7 +74,8 @@ predicate isConditionalsQueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `ifCompoundCondition` query "cpp/autosar/if-compound-condition" and - ruleId = "M6-4-1" + ruleId = "M6-4-1" and + category = "required" or query = // `Query` instance for the `ifElseTerminationCondition` query @@ -77,7 +83,8 @@ predicate isConditionalsQueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `ifElseTerminationCondition` query "cpp/autosar/if-else-termination-condition" and - ruleId = "M6-4-2" + ruleId = "M6-4-2" and + category = "required" or query = // `Query` instance for the `switchDoesNotStartWithCase` query @@ -85,7 +92,8 @@ predicate isConditionalsQueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `switchDoesNotStartWithCase` query "cpp/autosar/switch-does-not-start-with-case" and - ruleId = "M6-4-3" + ruleId = "M6-4-3" and + category = "required" or query = // `Query` instance for the `switchStatementNotWellFormed` query @@ -93,7 +101,8 @@ predicate isConditionalsQueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `switchStatementNotWellFormed` query "cpp/autosar/switch-statement-not-well-formed" and - ruleId = "M6-4-3" + ruleId = "M6-4-3" and + category = "required" or query = // `Query` instance for the `nestedCaseInSwitch` query @@ -101,7 +110,8 @@ predicate isConditionalsQueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `nestedCaseInSwitch` query "cpp/autosar/nested-case-in-switch" and - ruleId = "M6-4-4" + ruleId = "M6-4-4" and + category = "required" or query = // `Query` instance for the `nonEmptySwitchClauseDoesNotTerminate` query @@ -109,7 +119,8 @@ predicate isConditionalsQueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `nonEmptySwitchClauseDoesNotTerminate` query "cpp/autosar/non-empty-switch-clause-does-not-terminate" and - ruleId = "M6-4-5" + ruleId = "M6-4-5" and + category = "required" or query = // `Query` instance for the `missingDefaultInSwitch` query @@ -117,7 +128,8 @@ predicate isConditionalsQueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `missingDefaultInSwitch` query "cpp/autosar/missing-default-in-switch" and - ruleId = "M6-4-6" + ruleId = "M6-4-6" and + category = "required" or query = // `Query` instance for the `switchFinalClauseNotDefault` query @@ -125,7 +137,8 @@ predicate isConditionalsQueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `switchFinalClauseNotDefault` query "cpp/autosar/switch-final-clause-not-default" and - ruleId = "M6-4-6" + ruleId = "M6-4-6" and + category = "required" or query = // `Query` instance for the `booleanInSwitchCondition` query @@ -133,7 +146,8 @@ predicate isConditionalsQueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `booleanInSwitchCondition` query "cpp/autosar/boolean-in-switch-condition" and - ruleId = "M6-4-7" + ruleId = "M6-4-7" and + category = "required" or query = // `Query` instance for the `gotoBlockCondition` query @@ -141,7 +155,8 @@ predicate isConditionalsQueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `gotoBlockCondition` query "cpp/autosar/goto-block-condition" and - ruleId = "M6-6-1" + ruleId = "M6-6-1" and + category = "required" or query = // `Query` instance for the `gotoStatementJumpCondition` query @@ -149,7 +164,8 @@ predicate isConditionalsQueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `gotoStatementJumpCondition` query "cpp/autosar/goto-statement-jump-condition" and - ruleId = "M6-6-2" + ruleId = "M6-6-2" and + category = "required" or query = // `Query` instance for the `continueInForLoopCondition` query @@ -157,7 +173,8 @@ predicate isConditionalsQueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `continueInForLoopCondition` query "cpp/autosar/continue-in-for-loop-condition" and - ruleId = "M6-6-3" + ruleId = "M6-6-3" and + category = "required" } module ConditionalsPackage { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Const.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Const.qll index 0b2c492115..1245139eb1 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Const.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Const.qll @@ -18,14 +18,15 @@ newtype ConstQuery = TMemberFunctionConstIfPossibleQuery() or TRemoveConstOrVolatileQualificationCertQuery() -predicate isConstQueryMetadata(Query query, string queryId, string ruleId) { +predicate isConstQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `removeConstOrVolatileQualificationAutosar` query ConstPackage::removeConstOrVolatileQualificationAutosarQuery() and queryId = // `@id` for the `removeConstOrVolatileQualificationAutosar` query "cpp/autosar/remove-const-or-volatile-qualification-autosar" and - ruleId = "A5-2-3" + ruleId = "A5-2-3" and + category = "required" or query = // `Query` instance for the `declarationUnmodifiedParamMissingConstSpecifier` query @@ -33,7 +34,8 @@ predicate isConstQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `declarationUnmodifiedParamMissingConstSpecifier` query "cpp/autosar/declaration-unmodified-param-missing-const-specifier" and - ruleId = "A7-1-1" + ruleId = "A7-1-1" and + category = "required" or query = // `Query` instance for the `declarationUnmodifiedObjectMissingConstSpecifier` query @@ -41,7 +43,8 @@ predicate isConstQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `declarationUnmodifiedObjectMissingConstSpecifier` query "cpp/autosar/declaration-unmodified-object-missing-const-specifier" and - ruleId = "A7-1-1" + ruleId = "A7-1-1" and + category = "required" or query = // `Query` instance for the `variableMissingConstexpr` query @@ -49,7 +52,8 @@ predicate isConstQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `variableMissingConstexpr` query "cpp/autosar/variable-missing-constexpr" and - ruleId = "A7-1-2" + ruleId = "A7-1-2" and + category = "required" or query = // `Query` instance for the `functionMissingConstexpr` query @@ -57,7 +61,8 @@ predicate isConstQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `functionMissingConstexpr` query "cpp/autosar/function-missing-constexpr" and - ruleId = "A7-1-2" + ruleId = "A7-1-2" and + category = "required" or query = // `Query` instance for the `cvQualifiersNotPlacedOnTheRightHandSide` query @@ -65,7 +70,8 @@ predicate isConstQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `cvQualifiersNotPlacedOnTheRightHandSide` query "cpp/autosar/cv-qualifiers-not-placed-on-the-right-hand-side" and - ruleId = "A7-1-3" + ruleId = "A7-1-3" and + category = "required" or query = // `Query` instance for the `outputParametersUsed` query @@ -73,7 +79,8 @@ predicate isConstQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `outputParametersUsed` query "cpp/autosar/output-parameters-used" and - ruleId = "A8-4-8" + ruleId = "A8-4-8" and + category = "required" or query = // `Query` instance for the `inOutParametersDeclaredAsTNotModified` query @@ -81,7 +88,8 @@ predicate isConstQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `inOutParametersDeclaredAsTNotModified` query "cpp/autosar/in-out-parameters-declared-as-t-not-modified" and - ruleId = "A8-4-9" + ruleId = "A8-4-9" and + category = "required" or query = // `Query` instance for the `pointerOrReferenceParameterToConst` query @@ -89,7 +97,8 @@ predicate isConstQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `pointerOrReferenceParameterToConst` query "cpp/autosar/pointer-or-reference-parameter-to-const" and - ruleId = "M7-1-2" + ruleId = "M7-1-2" and + category = "required" or query = // `Query` instance for the `constMemberFunctionReturnsNonConstPointer` query @@ -97,7 +106,8 @@ predicate isConstQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `constMemberFunctionReturnsNonConstPointer` query "cpp/autosar/const-member-function-returns-non-const-pointer" and - ruleId = "M9-3-1" + ruleId = "M9-3-1" and + category = "required" or query = // `Query` instance for the `memberFunctionStaticIfPossible` query @@ -105,7 +115,8 @@ predicate isConstQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `memberFunctionStaticIfPossible` query "cpp/autosar/member-function-static-if-possible" and - ruleId = "M9-3-3" + ruleId = "M9-3-3" and + category = "required" or query = // `Query` instance for the `memberFunctionConstIfPossible` query @@ -113,7 +124,8 @@ predicate isConstQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `memberFunctionConstIfPossible` query "cpp/autosar/member-function-const-if-possible" and - ruleId = "M9-3-3" + ruleId = "M9-3-3" and + category = "required" or query = // `Query` instance for the `removeConstOrVolatileQualificationCert` query @@ -121,7 +133,8 @@ predicate isConstQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `removeConstOrVolatileQualificationCert` query "cpp/cert/remove-const-or-volatile-qualification-cert" and - ruleId = "EXP55-CPP" + ruleId = "EXP55-CPP" and + category = "rule" } module ConstPackage { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/DeadCode.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/DeadCode.qll index d7b456252a..40b8795e5e 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/DeadCode.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/DeadCode.qll @@ -21,14 +21,15 @@ newtype DeadCodeQuery = TSingleUseMemberPODVariableQuery() or TDeadCodeQuery() -predicate isDeadCodeQueryMetadata(Query query, string queryId, string ruleId) { +predicate isDeadCodeQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `uselessAssignment` query DeadCodePackage::uselessAssignmentQuery() and queryId = // `@id` for the `uselessAssignment` query "cpp/autosar/useless-assignment" and - ruleId = "A0-1-1" + ruleId = "A0-1-1" and + category = "required" or query = // `Query` instance for the `unusedReturnValue` query @@ -36,7 +37,8 @@ predicate isDeadCodeQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `unusedReturnValue` query "cpp/autosar/unused-return-value" and - ruleId = "A0-1-2" + ruleId = "A0-1-2" and + category = "required" or query = // `Query` instance for the `unusedLocalFunction` query @@ -44,7 +46,8 @@ predicate isDeadCodeQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `unusedLocalFunction` query "cpp/autosar/unused-local-function" and - ruleId = "A0-1-3" + ruleId = "A0-1-3" and + category = "required" or query = // `Query` instance for the `unusedParameter` query @@ -52,7 +55,8 @@ predicate isDeadCodeQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `unusedParameter` query "cpp/autosar/unused-parameter" and - ruleId = "A0-1-4" + ruleId = "A0-1-4" and + category = "required" or query = // `Query` instance for the `unusedVirtualParameter` query @@ -60,7 +64,8 @@ predicate isDeadCodeQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `unusedVirtualParameter` query "cpp/autosar/unused-virtual-parameter" and - ruleId = "A0-1-5" + ruleId = "A0-1-5" and + category = "required" or query = // `Query` instance for the `unusedTypeDeclarations` query @@ -68,7 +73,8 @@ predicate isDeadCodeQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `unusedTypeDeclarations` query "cpp/autosar/unused-type-declarations" and - ruleId = "A0-1-6" + ruleId = "A0-1-6" and + category = "advisory" or query = // `Query` instance for the `unreachableCode` query @@ -76,7 +82,8 @@ predicate isDeadCodeQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `unreachableCode` query "cpp/autosar/unreachable-code" and - ruleId = "M0-1-1" + ruleId = "M0-1-1" and + category = "required" or query = // `Query` instance for the `unusedFunction` query @@ -84,7 +91,8 @@ predicate isDeadCodeQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `unusedFunction` query "cpp/autosar/unused-function" and - ruleId = "M0-1-10" + ruleId = "M0-1-10" and + category = "advisory" or query = // `Query` instance for the `infeasiblePath` query @@ -92,7 +100,8 @@ predicate isDeadCodeQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `infeasiblePath` query "cpp/autosar/infeasible-path" and - ruleId = "M0-1-2" + ruleId = "M0-1-2" and + category = "required" or query = // `Query` instance for the `unusedLocalVariable` query @@ -100,7 +109,8 @@ predicate isDeadCodeQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `unusedLocalVariable` query "cpp/autosar/unused-local-variable" and - ruleId = "M0-1-3" + ruleId = "M0-1-3" and + category = "required" or query = // `Query` instance for the `unusedGlobalOrNamespaceVariable` query @@ -108,7 +118,8 @@ predicate isDeadCodeQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `unusedGlobalOrNamespaceVariable` query "cpp/autosar/unused-global-or-namespace-variable" and - ruleId = "M0-1-3" + ruleId = "M0-1-3" and + category = "required" or query = // `Query` instance for the `unusedMemberVariable` query @@ -116,7 +127,8 @@ predicate isDeadCodeQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `unusedMemberVariable` query "cpp/autosar/unused-member-variable" and - ruleId = "M0-1-3" + ruleId = "M0-1-3" and + category = "required" or query = // `Query` instance for the `singleUseLocalPODVariable` query @@ -124,7 +136,8 @@ predicate isDeadCodeQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `singleUseLocalPODVariable` query "cpp/autosar/single-use-local-pod-variable" and - ruleId = "M0-1-4" + ruleId = "M0-1-4" and + category = "required" or query = // `Query` instance for the `singleUseGlobalOrNamespacePODVariable` query @@ -132,7 +145,8 @@ predicate isDeadCodeQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `singleUseGlobalOrNamespacePODVariable` query "cpp/autosar/single-use-global-or-namespace-pod-variable" and - ruleId = "M0-1-4" + ruleId = "M0-1-4" and + category = "required" or query = // `Query` instance for the `singleUseMemberPODVariable` query @@ -140,7 +154,8 @@ predicate isDeadCodeQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `singleUseMemberPODVariable` query "cpp/autosar/single-use-member-pod-variable" and - ruleId = "M0-1-4" + ruleId = "M0-1-4" and + category = "required" or query = // `Query` instance for the `deadCode` query @@ -148,7 +163,8 @@ predicate isDeadCodeQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `deadCode` query "cpp/autosar/dead-code" and - ruleId = "M0-1-9" + ruleId = "M0-1-9" and + category = "required" } module DeadCodePackage { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Declarations.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Declarations.qll index c8fc673e36..5d51fd522f 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Declarations.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Declarations.qll @@ -22,14 +22,15 @@ newtype DeclarationsQuery = TTypesNotIdenticalInObjectDeclarationsQuery() or TTypesNotIdenticalInReturnDeclarationsQuery() -predicate isDeclarationsQueryMetadata(Query query, string queryId, string ruleId) { +predicate isDeclarationsQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `operatorNewAndOperatorDeleteNotDefinedLocally` query DeclarationsPackage::operatorNewAndOperatorDeleteNotDefinedLocallyQuery() and queryId = // `@id` for the `operatorNewAndOperatorDeleteNotDefinedLocally` query "cpp/autosar/operator-new-and-operator-delete-not-defined-locally" and - ruleId = "A18-5-11" + ruleId = "A18-5-11" and + category = "required" or query = // `Query` instance for the `operatorNewAndOperatorDeleteNotDefinedGlobally` query @@ -37,7 +38,8 @@ predicate isDeclarationsQueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `operatorNewAndOperatorDeleteNotDefinedGlobally` query "cpp/autosar/operator-new-and-operator-delete-not-defined-globally" and - ruleId = "A18-5-11" + ruleId = "A18-5-11" and + category = "required" or query = // `Query` instance for the `globalSizedOperatorDeleteNotDefined` query @@ -45,7 +47,8 @@ predicate isDeclarationsQueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `globalSizedOperatorDeleteNotDefined` query "cpp/autosar/global-sized-operator-delete-not-defined" and - ruleId = "A18-5-4" + ruleId = "A18-5-4" and + category = "required" or query = // `Query` instance for the `globalUnsizedOperatorDeleteNotDefined` query @@ -53,7 +56,8 @@ predicate isDeclarationsQueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `globalUnsizedOperatorDeleteNotDefined` query "cpp/autosar/global-unsized-operator-delete-not-defined" and - ruleId = "A18-5-4" + ruleId = "A18-5-4" and + category = "required" or query = // `Query` instance for the `variableWidthIntegerTypesUsed` query @@ -61,7 +65,8 @@ predicate isDeclarationsQueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `variableWidthIntegerTypesUsed` query "cpp/autosar/variable-width-integer-types-used" and - ruleId = "A3-9-1" + ruleId = "A3-9-1" and + category = "required" or query = // `Query` instance for the `autoSpecifierNotUsedAppropriatelyInFunctionDefinition` query @@ -69,7 +74,8 @@ predicate isDeclarationsQueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `autoSpecifierNotUsedAppropriatelyInFunctionDefinition` query "cpp/autosar/auto-specifier-not-used-appropriately-in-function-definition" and - ruleId = "A7-1-5" + ruleId = "A7-1-5" and + category = "required" or query = // `Query` instance for the `autoSpecifierNotUsedAppropriatelyInVariableDefinition` query @@ -77,7 +83,8 @@ predicate isDeclarationsQueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `autoSpecifierNotUsedAppropriatelyInVariableDefinition` query "cpp/autosar/auto-specifier-not-used-appropriately-in-variable-definition" and - ruleId = "A7-1-5" + ruleId = "A7-1-5" and + category = "required" or query = // `Query` instance for the `identifierDeclarationAndInitializationNotOnSeparateLines` query @@ -85,7 +92,8 @@ predicate isDeclarationsQueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `identifierDeclarationAndInitializationNotOnSeparateLines` query "cpp/autosar/identifier-declaration-and-initialization-not-on-separate-lines" and - ruleId = "A7-1-7" + ruleId = "A7-1-7" and + category = "required" or query = // `Query` instance for the `classStructEnumDeclaredInDefinition` query @@ -93,7 +101,8 @@ predicate isDeclarationsQueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `classStructEnumDeclaredInDefinition` query "cpp/autosar/class-struct-enum-declared-in-definition" and - ruleId = "A7-1-9" + ruleId = "A7-1-9" and + category = "required" or query = // `Query` instance for the `enumerationUnderlyingBaseTypeNotExplicitlyDefined` query @@ -101,7 +110,8 @@ predicate isDeclarationsQueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `enumerationUnderlyingBaseTypeNotExplicitlyDefined` query "cpp/autosar/enumeration-underlying-base-type-not-explicitly-defined" and - ruleId = "A7-2-2" + ruleId = "A7-2-2" and + category = "required" or query = // `Query` instance for the `enumerationsNotDeclaredAsScopedEnumClasses` query @@ -109,7 +119,8 @@ predicate isDeclarationsQueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `enumerationsNotDeclaredAsScopedEnumClasses` query "cpp/autosar/enumerations-not-declared-as-scoped-enum-classes" and - ruleId = "A7-2-3" + ruleId = "A7-2-3" and + category = "required" or query = // `Query` instance for the `noneFirstOrAllEnumeratorsNotInitialized` query @@ -117,7 +128,8 @@ predicate isDeclarationsQueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `noneFirstOrAllEnumeratorsNotInitialized` query "cpp/autosar/none-first-or-all-enumerators-not-initialized" and - ruleId = "A7-2-4" + ruleId = "A7-2-4" and + category = "required" or query = // `Query` instance for the `functionsDeclaredAtBlockScope` query @@ -125,7 +137,8 @@ predicate isDeclarationsQueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `functionsDeclaredAtBlockScope` query "cpp/autosar/functions-declared-at-block-scope" and - ruleId = "M3-1-2" + ruleId = "M3-1-2" and + category = "required" or query = // `Query` instance for the `declarationsOfAnObjectShallHaveCompatibleTypes` query @@ -133,7 +146,8 @@ predicate isDeclarationsQueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `declarationsOfAnObjectShallHaveCompatibleTypes` query "cpp/autosar/declarations-of-an-object-shall-have-compatible-types" and - ruleId = "M3-2-1" + ruleId = "M3-2-1" and + category = "required" or query = // `Query` instance for the `declarationsOfAFunctionShallHaveCompatibleTypes` query @@ -141,7 +155,8 @@ predicate isDeclarationsQueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `declarationsOfAFunctionShallHaveCompatibleTypes` query "cpp/autosar/declarations-of-a-function-shall-have-compatible-types" and - ruleId = "M3-2-1" + ruleId = "M3-2-1" and + category = "required" or query = // `Query` instance for the `typesNotIdenticalInObjectDeclarations` query @@ -149,7 +164,8 @@ predicate isDeclarationsQueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `typesNotIdenticalInObjectDeclarations` query "cpp/autosar/types-not-identical-in-object-declarations" and - ruleId = "M3-9-1" + ruleId = "M3-9-1" and + category = "required" or query = // `Query` instance for the `typesNotIdenticalInReturnDeclarations` query @@ -157,7 +173,8 @@ predicate isDeclarationsQueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `typesNotIdenticalInReturnDeclarations` query "cpp/autosar/types-not-identical-in-return-declarations" and - ruleId = "M3-9-1" + ruleId = "M3-9-1" and + category = "required" } module DeclarationsPackage { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/ExceptionSafety.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/ExceptionSafety.qll index 7611aad062..bab954a505 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/ExceptionSafety.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/ExceptionSafety.qll @@ -10,14 +10,15 @@ newtype ExceptionSafetyQuery = TGuaranteeExceptionSafetyQuery() or TDoNotLeakResourcesWhenHandlingExceptionsQuery() -predicate isExceptionSafetyQueryMetadata(Query query, string queryId, string ruleId) { +predicate isExceptionSafetyQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `exceptionSafetyGuaranteesNotProvided` query ExceptionSafetyPackage::exceptionSafetyGuaranteesNotProvidedQuery() and queryId = // `@id` for the `exceptionSafetyGuaranteesNotProvided` query "cpp/autosar/exception-safety-guarantees-not-provided" and - ruleId = "A15-0-2" + ruleId = "A15-0-2" and + category = "required" or query = // `Query` instance for the `exceptionSafetyGuaranteeOfACalledFunction` query @@ -25,7 +26,8 @@ predicate isExceptionSafetyQueryMetadata(Query query, string queryId, string rul queryId = // `@id` for the `exceptionSafetyGuaranteeOfACalledFunction` query "cpp/autosar/exception-safety-guarantee-of-a-called-function" and - ruleId = "A15-0-3" + ruleId = "A15-0-3" and + category = "required" or query = // `Query` instance for the `validResourcesStateBeforeThrow` query @@ -33,7 +35,8 @@ predicate isExceptionSafetyQueryMetadata(Query query, string queryId, string rul queryId = // `@id` for the `validResourcesStateBeforeThrow` query "cpp/autosar/valid-resources-state-before-throw" and - ruleId = "A15-1-4" + ruleId = "A15-1-4" and + category = "required" or query = // `Query` instance for the `guaranteeExceptionSafety` query @@ -41,7 +44,8 @@ predicate isExceptionSafetyQueryMetadata(Query query, string queryId, string rul queryId = // `@id` for the `guaranteeExceptionSafety` query "cpp/cert/guarantee-exception-safety" and - ruleId = "ERR56-CPP" + ruleId = "ERR56-CPP" and + category = "rule" or query = // `Query` instance for the `doNotLeakResourcesWhenHandlingExceptions` query @@ -49,7 +53,8 @@ predicate isExceptionSafetyQueryMetadata(Query query, string queryId, string rul queryId = // `@id` for the `doNotLeakResourcesWhenHandlingExceptions` query "cpp/cert/do-not-leak-resources-when-handling-exceptions" and - ruleId = "ERR57-CPP" + ruleId = "ERR57-CPP" and + category = "rule" } module ExceptionSafetyPackage { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Exceptions1.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Exceptions1.qll index fc77c5e011..c4937348e8 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Exceptions1.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Exceptions1.qll @@ -39,14 +39,15 @@ newtype Exceptions1Query = TExceptionObjectsMustBeNothrowCopyConstructibleQuery() or TCatchExceptionsByLvalueReferenceQuery() -predicate isExceptions1QueryMetadata(Query query, string queryId, string ruleId) { +predicate isExceptions1QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `exceptionThrownOnCompletion` query Exceptions1Package::exceptionThrownOnCompletionQuery() and queryId = // `@id` for the `exceptionThrownOnCompletion` query "cpp/autosar/exception-thrown-on-completion" and - ruleId = "A15-0-1" + ruleId = "A15-0-1" and + category = "required" or query = // `Query` instance for the `recoverableUncheckedExceptions` query @@ -54,7 +55,8 @@ predicate isExceptions1QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `recoverableUncheckedExceptions` query "cpp/autosar/recoverable-unchecked-exceptions" and - ruleId = "A15-0-4" + ruleId = "A15-0-4" and + category = "required" or query = // `Query` instance for the `unrecoverableCheckedExceptions` query @@ -62,7 +64,8 @@ predicate isExceptions1QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `unrecoverableCheckedExceptions` query "cpp/autosar/unrecoverable-checked-exceptions" and - ruleId = "A15-0-5" + ruleId = "A15-0-5" and + category = "required" or query = // `Query` instance for the `pointerExceptionObject` query @@ -70,7 +73,8 @@ predicate isExceptions1QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `pointerExceptionObject` query "cpp/autosar/pointer-exception-object" and - ruleId = "A15-1-2" + ruleId = "A15-1-2" and + category = "required" or query = // `Query` instance for the `thrownExceptionsShouldBeUnique` query @@ -78,7 +82,8 @@ predicate isExceptions1QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `thrownExceptionsShouldBeUnique` query "cpp/autosar/thrown-exceptions-should-be-unique" and - ruleId = "A15-1-3" + ruleId = "A15-1-3" and + category = "advisory" or query = // `Query` instance for the `constructorsThatAreNotNoexceptInvokedBeforeProgramStartup` query @@ -86,7 +91,8 @@ predicate isExceptions1QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `constructorsThatAreNotNoexceptInvokedBeforeProgramStartup` query "cpp/autosar/constructors-that-are-not-noexcept-invoked-before-program-startup" and - ruleId = "A15-2-1" + ruleId = "A15-2-1" and + category = "required" or query = // `Query` instance for the `missingCatchHandlerInMain` query @@ -94,7 +100,8 @@ predicate isExceptions1QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `missingCatchHandlerInMain` query "cpp/autosar/missing-catch-handler-in-main" and - ruleId = "A15-3-3" + ruleId = "A15-3-3" and + category = "required" or query = // `Query` instance for the `catchAllEllipsisUsedInNonMain` query @@ -102,7 +109,8 @@ predicate isExceptions1QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `catchAllEllipsisUsedInNonMain` query "cpp/autosar/catch-all-ellipsis-used-in-non-main" and - ruleId = "A15-3-4" + ruleId = "A15-3-4" and + category = "required" or query = // `Query` instance for the `useOfDynamicExceptionSpecification` query @@ -110,7 +118,8 @@ predicate isExceptions1QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `useOfDynamicExceptionSpecification` query "cpp/autosar/use-of-dynamic-exception-specification" and - ruleId = "A15-4-1" + ruleId = "A15-4-1" and + category = "required" or query = // `Query` instance for the `noExceptFunctionThrows` query @@ -118,7 +127,8 @@ predicate isExceptions1QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `noExceptFunctionThrows` query "cpp/autosar/no-except-function-throws" and - ruleId = "A15-4-2" + ruleId = "A15-4-2" and + category = "required" or query = // `Query` instance for the `missingNoExcept` query @@ -126,7 +136,8 @@ predicate isExceptions1QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `missingNoExcept` query "cpp/autosar/missing-no-except" and - ruleId = "A15-4-4" + ruleId = "A15-4-4" and + category = "required" or query = // `Query` instance for the `explicitAbruptTerminationAutosar` query @@ -134,7 +145,8 @@ predicate isExceptions1QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `explicitAbruptTerminationAutosar` query "cpp/autosar/explicit-abrupt-termination-autosar" and - ruleId = "A15-5-2" + ruleId = "A15-5-2" and + category = "required" or query = // `Query` instance for the `conditionVariablePostConditionFailedAutosar` query @@ -142,7 +154,8 @@ predicate isExceptions1QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `conditionVariablePostConditionFailedAutosar` query "cpp/autosar/condition-variable-post-condition-failed-autosar" and - ruleId = "A15-5-3" + ruleId = "A15-5-3" and + category = "required" or query = // `Query` instance for the `joinableThreadCopiedOrDestroyedAutosar` query @@ -150,7 +163,8 @@ predicate isExceptions1QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `joinableThreadCopiedOrDestroyedAutosar` query "cpp/autosar/joinable-thread-copied-or-destroyed-autosar" and - ruleId = "A15-5-3" + ruleId = "A15-5-3" and + category = "required" or query = // `Query` instance for the `rethrowNestedWithoutCaptureAutosar` query @@ -158,7 +172,8 @@ predicate isExceptions1QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `rethrowNestedWithoutCaptureAutosar` query "cpp/autosar/rethrow-nested-without-capture-autosar" and - ruleId = "A15-5-3" + ruleId = "A15-5-3" and + category = "required" or query = // `Query` instance for the `exitHandlerThrowsExceptionAutosar` query @@ -166,7 +181,8 @@ predicate isExceptions1QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `exitHandlerThrowsExceptionAutosar` query "cpp/autosar/exit-handler-throws-exception-autosar" and - ruleId = "A15-5-3" + ruleId = "A15-5-3" and + category = "required" or query = // `Query` instance for the `gotoToCatchBlock` query @@ -174,7 +190,8 @@ predicate isExceptions1QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `gotoToCatchBlock` query "cpp/autosar/goto-to-catch-block" and - ruleId = "M15-0-3" + ruleId = "M15-0-3" and + category = "required" or query = // `Query` instance for the `switchToCatchBlock` query @@ -182,7 +199,8 @@ predicate isExceptions1QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `switchToCatchBlock` query "cpp/autosar/switch-to-catch-block" and - ruleId = "M15-0-3" + ruleId = "M15-0-3" and + category = "required" or query = // `Query` instance for the `exceptionThrownDuringThrow` query @@ -190,7 +208,8 @@ predicate isExceptions1QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `exceptionThrownDuringThrow` query "cpp/autosar/exception-thrown-during-throw" and - ruleId = "M15-1-1" + ruleId = "M15-1-1" and + category = "required" or query = // `Query` instance for the `nullThrownExplicitly` query @@ -198,7 +217,8 @@ predicate isExceptions1QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `nullThrownExplicitly` query "cpp/autosar/null-thrown-explicitly" and - ruleId = "M15-1-2" + ruleId = "M15-1-2" and + category = "required" or query = // `Query` instance for the `emptyThrowOutsideCatch` query @@ -206,7 +226,8 @@ predicate isExceptions1QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `emptyThrowOutsideCatch` query "cpp/autosar/empty-throw-outside-catch" and - ruleId = "M15-1-3" + ruleId = "M15-1-3" and + category = "required" or query = // `Query` instance for the `catchAllExplicitlyThrownExceptions` query @@ -214,7 +235,8 @@ predicate isExceptions1QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `catchAllExplicitlyThrownExceptions` query "cpp/autosar/catch-all-explicitly-thrown-exceptions" and - ruleId = "M15-3-4" + ruleId = "M15-3-4" and + category = "required" or query = // `Query` instance for the `catchAllHandlerLast` query @@ -222,7 +244,8 @@ predicate isExceptions1QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `catchAllHandlerLast` query "cpp/autosar/catch-all-handler-last" and - ruleId = "M15-3-7" + ruleId = "M15-3-7" and + category = "required" or query = // `Query` instance for the `conditionVariablePostConditionFailedCert` query @@ -230,7 +253,8 @@ predicate isExceptions1QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `conditionVariablePostConditionFailedCert` query "cpp/cert/condition-variable-post-condition-failed-cert" and - ruleId = "ERR50-CPP" + ruleId = "ERR50-CPP" and + category = "rule" or query = // `Query` instance for the `joinableThreadCopiedOrDestroyedCert` query @@ -238,7 +262,8 @@ predicate isExceptions1QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `joinableThreadCopiedOrDestroyedCert` query "cpp/cert/joinable-thread-copied-or-destroyed-cert" and - ruleId = "ERR50-CPP" + ruleId = "ERR50-CPP" and + category = "rule" or query = // `Query` instance for the `rethrowNestedWithoutCaptureCert` query @@ -246,7 +271,8 @@ predicate isExceptions1QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `rethrowNestedWithoutCaptureCert` query "cpp/cert/rethrow-nested-without-capture-cert" and - ruleId = "ERR50-CPP" + ruleId = "ERR50-CPP" and + category = "rule" or query = // `Query` instance for the `explicitAbruptTerminationCert` query @@ -254,7 +280,8 @@ predicate isExceptions1QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `explicitAbruptTerminationCert` query "cpp/cert/explicit-abrupt-termination-cert" and - ruleId = "ERR50-CPP" + ruleId = "ERR50-CPP" and + category = "rule" or query = // `Query` instance for the `exitHandlerThrowsExceptionCert` query @@ -262,7 +289,8 @@ predicate isExceptions1QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `exitHandlerThrowsExceptionCert` query "cpp/cert/exit-handler-throws-exception-cert" and - ruleId = "ERR50-CPP" + ruleId = "ERR50-CPP" and + category = "rule" or query = // `Query` instance for the `handleAllExceptions` query @@ -270,7 +298,8 @@ predicate isExceptions1QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `handleAllExceptions` query "cpp/cert/handle-all-exceptions" and - ruleId = "ERR51-CPP" + ruleId = "ERR51-CPP" and + category = "rule" or query = // `Query` instance for the `destroyedValueReferencedInConstructorDestructorCatchBlock` query @@ -278,7 +307,8 @@ predicate isExceptions1QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `destroyedValueReferencedInConstructorDestructorCatchBlock` query "cpp/cert/destroyed-value-referenced-in-constructor-destructor-catch-block" and - ruleId = "ERR53-CPP" + ruleId = "ERR53-CPP" and + category = "rule" or query = // `Query` instance for the `honorExceptionSpecifications` query @@ -286,7 +316,8 @@ predicate isExceptions1QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `honorExceptionSpecifications` query "cpp/cert/honor-exception-specifications" and - ruleId = "ERR55-CPP" + ruleId = "ERR55-CPP" and + category = "rule" or query = // `Query` instance for the `handleAllExceptionsThrownBeforeMainBeginsExecuting` query @@ -294,7 +325,8 @@ predicate isExceptions1QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `handleAllExceptionsThrownBeforeMainBeginsExecuting` query "cpp/cert/handle-all-exceptions-thrown-before-main-begins-executing" and - ruleId = "ERR58-CPP" + ruleId = "ERR58-CPP" and + category = "rule" or query = // `Query` instance for the `exceptionObjectsMustBeNothrowCopyConstructible` query @@ -302,7 +334,8 @@ predicate isExceptions1QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `exceptionObjectsMustBeNothrowCopyConstructible` query "cpp/cert/exception-objects-must-be-nothrow-copy-constructible" and - ruleId = "ERR60-CPP" + ruleId = "ERR60-CPP" and + category = "rule" or query = // `Query` instance for the `catchExceptionsByLvalueReference` query @@ -310,7 +343,8 @@ predicate isExceptions1QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `catchExceptionsByLvalueReference` query "cpp/cert/catch-exceptions-by-lvalue-reference" and - ruleId = "ERR61-CPP" + ruleId = "ERR61-CPP" and + category = "rule" } module Exceptions1Package { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Exceptions2.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Exceptions2.qll index 6e0a3e1f2b..fa990c8f0f 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Exceptions2.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Exceptions2.qll @@ -22,14 +22,15 @@ newtype Exceptions2Query = TDoNotLetExceptionsEscapeFromDestructorsOrDeallocationFunctionsQuery() or TCatchBlockShadowingCertQuery() -predicate isExceptions2QueryMetadata(Query query, string queryId, string ruleId) { +predicate isExceptions2QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `onlyThrowStdExceptionDerivedTypes` query Exceptions2Package::onlyThrowStdExceptionDerivedTypesQuery() and queryId = // `@id` for the `onlyThrowStdExceptionDerivedTypes` query "cpp/autosar/only-throw-std-exception-derived-types" and - ruleId = "A15-1-1" + ruleId = "A15-1-1" and + category = "advisory" or query = // `Query` instance for the `constructorErrorLeavesObjectInInvalidState` query @@ -37,7 +38,8 @@ predicate isExceptions2QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `constructorErrorLeavesObjectInInvalidState` query "cpp/autosar/constructor-error-leaves-object-in-invalid-state" and - ruleId = "A15-2-2" + ruleId = "A15-2-2" and + category = "required" or query = // `Query` instance for the `classTypeExceptionNotCaughtByReference` query @@ -45,7 +47,8 @@ predicate isExceptions2QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `classTypeExceptionNotCaughtByReference` query "cpp/autosar/class-type-exception-not-caught-by-reference" and - ruleId = "A15-3-5" + ruleId = "A15-3-5" and + category = "required" or query = // `Query` instance for the `incompatibleNoexceptSpecification` query @@ -53,7 +56,8 @@ predicate isExceptions2QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `incompatibleNoexceptSpecification` query "cpp/autosar/incompatible-noexcept-specification" and - ruleId = "A15-4-3" + ruleId = "A15-4-3" and + category = "required" or query = // `Query` instance for the `inconsistentNoexceptFalseSpecification` query @@ -61,7 +65,8 @@ predicate isExceptions2QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `inconsistentNoexceptFalseSpecification` query "cpp/autosar/inconsistent-noexcept-false-specification" and - ruleId = "A15-4-3" + ruleId = "A15-4-3" and + category = "required" or query = // `Query` instance for the `inconsistentNoexceptTrueSpecification` query @@ -69,7 +74,8 @@ predicate isExceptions2QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `inconsistentNoexceptTrueSpecification` query "cpp/autosar/inconsistent-noexcept-true-specification" and - ruleId = "A15-4-3" + ruleId = "A15-4-3" and + category = "required" or query = // `Query` instance for the `incompatibleNoexceptSpecificationForOverriders` query @@ -77,7 +83,8 @@ predicate isExceptions2QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `incompatibleNoexceptSpecificationForOverriders` query "cpp/autosar/incompatible-noexcept-specification-for-overriders" and - ruleId = "A15-4-3" + ruleId = "A15-4-3" and + category = "required" or query = // `Query` instance for the `missingCheckedExceptions` query @@ -85,7 +92,8 @@ predicate isExceptions2QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `missingCheckedExceptions` query "cpp/autosar/missing-checked-exceptions" and - ruleId = "A15-4-5" + ruleId = "A15-4-5" and + category = "required" or query = // `Query` instance for the `inconsistentCheckedExceptions` query @@ -93,7 +101,8 @@ predicate isExceptions2QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `inconsistentCheckedExceptions` query "cpp/autosar/inconsistent-checked-exceptions" and - ruleId = "A15-4-5" + ruleId = "A15-4-5" and + category = "required" or query = // `Query` instance for the `specialFunctionExitsWithException` query @@ -101,7 +110,8 @@ predicate isExceptions2QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `specialFunctionExitsWithException` query "cpp/autosar/special-function-exits-with-exception" and - ruleId = "A15-5-1" + ruleId = "A15-5-1" and + category = "required" or query = // `Query` instance for the `specialFunctionMissingNoExceptSpecification` query @@ -109,7 +119,8 @@ predicate isExceptions2QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `specialFunctionMissingNoExceptSpecification` query "cpp/autosar/special-function-missing-no-except-specification" and - ruleId = "A15-5-1" + ruleId = "A15-5-1" and + category = "required" or query = // `Query` instance for the `exceptionRaisedDuringStartup` query @@ -117,7 +128,8 @@ predicate isExceptions2QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `exceptionRaisedDuringStartup` query "cpp/autosar/exception-raised-during-startup" and - ruleId = "M15-3-1" + ruleId = "M15-3-1" and + category = "required" or query = // `Query` instance for the `exceptionRaisedDuringTermination` query @@ -125,7 +137,8 @@ predicate isExceptions2QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `exceptionRaisedDuringTermination` query "cpp/autosar/exception-raised-during-termination" and - ruleId = "M15-3-1" + ruleId = "M15-3-1" and + category = "required" or query = // `Query` instance for the `destroyedValueReferencedInDestructorCatchBlock` query @@ -133,7 +146,8 @@ predicate isExceptions2QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `destroyedValueReferencedInDestructorCatchBlock` query "cpp/autosar/destroyed-value-referenced-in-destructor-catch-block" and - ruleId = "M15-3-3" + ruleId = "M15-3-3" and + category = "required" or query = // `Query` instance for the `catchBlockShadowingMisra` query @@ -141,7 +155,8 @@ predicate isExceptions2QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `catchBlockShadowingMisra` query "cpp/autosar/catch-block-shadowing-misra" and - ruleId = "M15-3-6" + ruleId = "M15-3-6" and + category = "required" or query = // `Query` instance for the `doNotLetExceptionsEscapeFromDestructorsOrDeallocationFunctions` query @@ -149,7 +164,8 @@ predicate isExceptions2QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `doNotLetExceptionsEscapeFromDestructorsOrDeallocationFunctions` query "cpp/cert/do-not-let-exceptions-escape-from-destructors-or-deallocation-functions" and - ruleId = "DCL57-CPP" + ruleId = "DCL57-CPP" and + category = "rule" or query = // `Query` instance for the `catchBlockShadowingCert` query @@ -157,7 +173,8 @@ predicate isExceptions2QueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `catchBlockShadowingCert` query "cpp/cert/catch-block-shadowing-cert" and - ruleId = "ERR54-CPP" + ruleId = "ERR54-CPP" and + category = "rule" } module Exceptions2Package { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Expressions.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Expressions.qll index 049209d3fa..9797b874e5 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Expressions.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Expressions.qll @@ -21,14 +21,15 @@ newtype ExpressionsQuery = TPassReferenceTypeToVaStartQuery() or TPassNonTrivialObjectToVaStartQuery() -predicate isExpressionsQueryMetadata(Query query, string queryId, string ruleId) { +predicate isExpressionsQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `operationsAssumingMemoryLayoutPerformedOnObjects` query ExpressionsPackage::operationsAssumingMemoryLayoutPerformedOnObjectsQuery() and queryId = // `@id` for the `operationsAssumingMemoryLayoutPerformedOnObjects` query "cpp/autosar/operations-assuming-memory-layout-performed-on-objects" and - ruleId = "A12-0-2" + ruleId = "A12-0-2" and + category = "required" or query = // `Query` instance for the `enumUsedInArithmeticContexts` query @@ -36,7 +37,8 @@ predicate isExpressionsQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `enumUsedInArithmeticContexts` query "cpp/autosar/enum-used-in-arithmetic-contexts" and - ruleId = "A4-5-1" + ruleId = "A4-5-1" and + category = "required" or query = // `Query` instance for the `divisorEqualToZero` query @@ -44,7 +46,8 @@ predicate isExpressionsQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `divisorEqualToZero` query "cpp/autosar/divisor-equal-to-zero" and - ruleId = "A5-6-1" + ruleId = "A5-6-1" and + category = "required" or query = // `Query` instance for the `functionErroneousReturnValueNotTested` query @@ -52,7 +55,8 @@ predicate isExpressionsQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `functionErroneousReturnValueNotTested` query "cpp/autosar/function-erroneous-return-value-not-tested" and - ruleId = "M0-3-2" + ruleId = "M0-3-2" and + category = "required" or query = // `Query` instance for the `boolOperandsToDisallowedBuiltInOperators` query @@ -60,7 +64,8 @@ predicate isExpressionsQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `boolOperandsToDisallowedBuiltInOperators` query "cpp/autosar/bool-operands-to-disallowed-built-in-operators" and - ruleId = "M4-5-1" + ruleId = "M4-5-1" and + category = "required" or query = // `Query` instance for the `charUsedAsOperandsToDisallowedBuiltInOperators` query @@ -68,7 +73,8 @@ predicate isExpressionsQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `charUsedAsOperandsToDisallowedBuiltInOperators` query "cpp/autosar/char-used-as-operands-to-disallowed-built-in-operators" and - ruleId = "M4-5-3" + ruleId = "M4-5-3" and + category = "required" or query = // `Query` instance for the `ternaryOperatorConditionNotTypeBool` query @@ -76,7 +82,8 @@ predicate isExpressionsQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `ternaryOperatorConditionNotTypeBool` query "cpp/autosar/ternary-operator-condition-not-type-bool" and - ruleId = "M5-0-14" + ruleId = "M5-0-14" and + category = "required" or query = // `Query` instance for the `bitwiseOperatorOperandsHaveDifferentUnderlyingType` query @@ -84,7 +91,8 @@ predicate isExpressionsQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `bitwiseOperatorOperandsHaveDifferentUnderlyingType` query "cpp/autosar/bitwise-operator-operands-have-different-underlying-type" and - ruleId = "M5-0-20" + ruleId = "M5-0-20" and + category = "required" or query = // `Query` instance for the `bitwiseOperatorAppliedToSignedTypes` query @@ -92,7 +100,8 @@ predicate isExpressionsQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `bitwiseOperatorAppliedToSignedTypes` query "cpp/autosar/bitwise-operator-applied-to-signed-types" and - ruleId = "M5-0-21" + ruleId = "M5-0-21" and + category = "required" or query = // `Query` instance for the `cvalueExpressionConvertedToDifferentUnderlyingType` query @@ -100,7 +109,8 @@ predicate isExpressionsQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `cvalueExpressionConvertedToDifferentUnderlyingType` query "cpp/autosar/cvalue-expression-converted-to-different-underlying-type" and - ruleId = "M5-0-3" + ruleId = "M5-0-3" and + category = "required" or query = // `Query` instance for the `constantUnsignedIntegerExpressionsWrapAround` query @@ -108,7 +118,8 @@ predicate isExpressionsQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `constantUnsignedIntegerExpressionsWrapAround` query "cpp/autosar/constant-unsigned-integer-expressions-wrap-around" and - ruleId = "M5-19-1" + ruleId = "M5-19-1" and + category = "required" or query = // `Query` instance for the `rightBitShiftOperandIsNegativeOrTooWide` query @@ -116,7 +127,8 @@ predicate isExpressionsQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `rightBitShiftOperandIsNegativeOrTooWide` query "cpp/autosar/right-bit-shift-operand-is-negative-or-too-wide" and - ruleId = "M5-8-1" + ruleId = "M5-8-1" and + category = "required" or query = // `Query` instance for the `floatsTestedForEquality` query @@ -124,7 +136,8 @@ predicate isExpressionsQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `floatsTestedForEquality` query "cpp/autosar/floats-tested-for-equality" and - ruleId = "M6-2-2" + ruleId = "M6-2-2" and + category = "required" or query = // `Query` instance for the `passPromotablePrimitiveTypeToVaStart` query @@ -132,7 +145,8 @@ predicate isExpressionsQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `passPromotablePrimitiveTypeToVaStart` query "cpp/cert/pass-promotable-primitive-type-to-va-start" and - ruleId = "EXP58-CPP" + ruleId = "EXP58-CPP" and + category = "rule" or query = // `Query` instance for the `passReferenceTypeToVaStart` query @@ -140,7 +154,8 @@ predicate isExpressionsQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `passReferenceTypeToVaStart` query "cpp/cert/pass-reference-type-to-va-start" and - ruleId = "EXP58-CPP" + ruleId = "EXP58-CPP" and + category = "rule" or query = // `Query` instance for the `passNonTrivialObjectToVaStart` query @@ -148,7 +163,8 @@ predicate isExpressionsQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `passNonTrivialObjectToVaStart` query "cpp/cert/pass-non-trivial-object-to-va-start" and - ruleId = "EXP58-CPP" + ruleId = "EXP58-CPP" and + category = "rule" } module ExpressionsPackage { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Freed.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Freed.qll index a7122cb236..00d3bbdf99 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Freed.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Freed.qll @@ -14,14 +14,15 @@ newtype FreedQuery = TObjectAccessedAfterLifetimeCertQuery() or TUseAfterFreeQuery() -predicate isFreedQueryMetadata(Query query, string queryId, string ruleId) { +predicate isFreedQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `newDeleteArrayMismatch` query FreedPackage::newDeleteArrayMismatchQuery() and queryId = // `@id` for the `newDeleteArrayMismatch` query "cpp/autosar/new-delete-array-mismatch" and - ruleId = "A18-5-3" + ruleId = "A18-5-3" and + category = "required" or query = // `Query` instance for the `newArrayDeleteMismatch` query @@ -29,7 +30,8 @@ predicate isFreedQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `newArrayDeleteMismatch` query "cpp/autosar/new-array-delete-mismatch" and - ruleId = "A18-5-3" + ruleId = "A18-5-3" and + category = "required" or query = // `Query` instance for the `objectAccessedBeforeLifetimeAutosar` query @@ -37,7 +39,8 @@ predicate isFreedQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `objectAccessedBeforeLifetimeAutosar` query "cpp/autosar/object-accessed-before-lifetime-autosar" and - ruleId = "A3-8-1" + ruleId = "A3-8-1" and + category = "required" or query = // `Query` instance for the `objectAccessedAfterLifetimeAutosar` query @@ -45,7 +48,8 @@ predicate isFreedQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `objectAccessedAfterLifetimeAutosar` query "cpp/autosar/object-accessed-after-lifetime-autosar" and - ruleId = "A3-8-1" + ruleId = "A3-8-1" and + category = "required" or query = // `Query` instance for the `assignmentOfEscapingAutoStorage` query @@ -53,7 +57,8 @@ predicate isFreedQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `assignmentOfEscapingAutoStorage` query "cpp/autosar/assignment-of-escaping-auto-storage" and - ruleId = "M7-5-2" + ruleId = "M7-5-2" and + category = "required" or query = // `Query` instance for the `doNotDeleteAnArrayThroughAPointerOfTheIncorrectType` query @@ -61,7 +66,8 @@ predicate isFreedQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `doNotDeleteAnArrayThroughAPointerOfTheIncorrectType` query "cpp/cert/do-not-delete-an-array-through-a-pointer-of-the-incorrect-type" and - ruleId = "EXP51-CPP" + ruleId = "EXP51-CPP" and + category = "rule" or query = // `Query` instance for the `objectAccessedBeforeLifetimeCert` query @@ -69,7 +75,8 @@ predicate isFreedQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `objectAccessedBeforeLifetimeCert` query "cpp/cert/object-accessed-before-lifetime-cert" and - ruleId = "EXP54-CPP" + ruleId = "EXP54-CPP" and + category = "rule" or query = // `Query` instance for the `objectAccessedAfterLifetimeCert` query @@ -77,7 +84,8 @@ predicate isFreedQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `objectAccessedAfterLifetimeCert` query "cpp/cert/object-accessed-after-lifetime-cert" and - ruleId = "EXP54-CPP" + ruleId = "EXP54-CPP" and + category = "rule" or query = // `Query` instance for the `useAfterFree` query @@ -85,7 +93,8 @@ predicate isFreedQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `useAfterFree` query "cpp/cert/use-after-free" and - ruleId = "MEM50-CPP" + ruleId = "MEM50-CPP" and + category = "rule" } module FreedPackage { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Functions.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Functions.qll index 73ef5a2ea3..c83fd189d8 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Functions.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Functions.qll @@ -19,14 +19,15 @@ newtype FunctionsQuery = TNonVoidFunctionDoesNotReturnCertQuery() or TFunctionNoReturnAttributeConditionCertQuery() -predicate isFunctionsQueryMetadata(Query query, string queryId, string ruleId) { +predicate isFunctionsQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `cStandardLibraryFunctionCalls` query FunctionsPackage::cStandardLibraryFunctionCallsQuery() and queryId = // `@id` for the `cStandardLibraryFunctionCalls` query "cpp/autosar/c-standard-library-function-calls" and - ruleId = "A17-1-1" + ruleId = "A17-1-1" and + category = "required" or query = // `Query` instance for the `trivialAccessorAndMutatorFunctionsNotInlined` query @@ -34,7 +35,8 @@ predicate isFunctionsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `trivialAccessorAndMutatorFunctionsNotInlined` query "cpp/autosar/trivial-accessor-and-mutator-functions-not-inlined" and - ruleId = "A3-1-6" + ruleId = "A3-1-6" and + category = "advisory" or query = // `Query` instance for the `invalidFunctionReturnType` query @@ -42,7 +44,8 @@ predicate isFunctionsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `invalidFunctionReturnType` query "cpp/autosar/invalid-function-return-type" and - ruleId = "A7-5-1" + ruleId = "A7-5-1" and + category = "required" or query = // `Query` instance for the `recursiveFunctions` query @@ -50,7 +53,8 @@ predicate isFunctionsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `recursiveFunctions` query "cpp/autosar/recursive-functions" and - ruleId = "A7-5-2" + ruleId = "A7-5-2" and + category = "required" or query = // `Query` instance for the `functionNoReturnAttributeConditionAutosar` query @@ -58,7 +62,8 @@ predicate isFunctionsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `functionNoReturnAttributeConditionAutosar` query "cpp/autosar/function-no-return-attribute-condition-autosar" and - ruleId = "A7-6-1" + ruleId = "A7-6-1" and + category = "required" or query = // `Query` instance for the `nonVoidFunctionDoesNotReturnAutosar` query @@ -66,7 +71,8 @@ predicate isFunctionsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `nonVoidFunctionDoesNotReturnAutosar` query "cpp/autosar/non-void-function-does-not-return-autosar" and - ruleId = "A8-4-2" + ruleId = "A8-4-2" and + category = "required" or query = // `Query` instance for the `functionReturnMultipleValueCondition` query @@ -74,7 +80,8 @@ predicate isFunctionsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `functionReturnMultipleValueCondition` query "cpp/autosar/function-return-multiple-value-condition" and - ruleId = "A8-4-4" + ruleId = "A8-4-4" and + category = "advisory" or query = // `Query` instance for the `assmemblerInstructionsCondition` query @@ -82,7 +89,8 @@ predicate isFunctionsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `assmemblerInstructionsCondition` query "cpp/autosar/assmembler-instructions-condition" and - ruleId = "M7-4-2" + ruleId = "M7-4-2" and + category = "required" or query = // `Query` instance for the `assemblyLanguageCondition` query @@ -90,7 +98,8 @@ predicate isFunctionsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `assemblyLanguageCondition` query "cpp/autosar/assembly-language-condition" and - ruleId = "M7-4-3" + ruleId = "M7-4-3" and + category = "required" or query = // `Query` instance for the `functionReturnAutomaticVarCondition` query @@ -98,7 +107,8 @@ predicate isFunctionsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `functionReturnAutomaticVarCondition` query "cpp/autosar/function-return-automatic-var-condition" and - ruleId = "M7-5-1" + ruleId = "M7-5-1" and + category = "required" or query = // `Query` instance for the `functionIdentifierCondition` query @@ -106,7 +116,8 @@ predicate isFunctionsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `functionIdentifierCondition` query "cpp/autosar/function-identifier-condition" and - ruleId = "M8-4-4" + ruleId = "M8-4-4" and + category = "required" or query = // `Query` instance for the `functionWithMismatchedLanguageLinkage` query @@ -114,7 +125,8 @@ predicate isFunctionsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `functionWithMismatchedLanguageLinkage` query "cpp/cert/function-with-mismatched-language-linkage" and - ruleId = "EXP56-CPP" + ruleId = "EXP56-CPP" and + category = "rule" or query = // `Query` instance for the `nonVoidFunctionDoesNotReturnCert` query @@ -122,7 +134,8 @@ predicate isFunctionsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `nonVoidFunctionDoesNotReturnCert` query "cpp/cert/non-void-function-does-not-return-cert" and - ruleId = "MSC52-CPP" + ruleId = "MSC52-CPP" and + category = "rule" or query = // `Query` instance for the `functionNoReturnAttributeConditionCert` query @@ -130,7 +143,8 @@ predicate isFunctionsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `functionNoReturnAttributeConditionCert` query "cpp/cert/function-no-return-attribute-condition-cert" and - ruleId = "MSC53-CPP" + ruleId = "MSC53-CPP" and + category = "rule" } module FunctionsPackage { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/IO.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/IO.qll index cefa031820..d8cadfc184 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/IO.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/IO.qll @@ -8,14 +8,15 @@ newtype IOQuery = TInterleavedInputOutputWithoutPositionQuery() or TCloseFilesWhenTheyAreNoLongerNeededQuery() -predicate isIOQueryMetadata(Query query, string queryId, string ruleId) { +predicate isIOQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `interleavedInputOutputWithoutFlush` query IOPackage::interleavedInputOutputWithoutFlushQuery() and queryId = // `@id` for the `interleavedInputOutputWithoutFlush` query "cpp/autosar/interleaved-input-output-without-flush" and - ruleId = "A27-0-3" + ruleId = "A27-0-3" and + category = "required" or query = // `Query` instance for the `interleavedInputOutputWithoutPosition` query @@ -23,7 +24,8 @@ predicate isIOQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `interleavedInputOutputWithoutPosition` query "cpp/cert/interleaved-input-output-without-position" and - ruleId = "FIO50-CPP" + ruleId = "FIO50-CPP" and + category = "rule" or query = // `Query` instance for the `closeFilesWhenTheyAreNoLongerNeeded` query @@ -31,7 +33,8 @@ predicate isIOQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `closeFilesWhenTheyAreNoLongerNeeded` query "cpp/cert/close-files-when-they-are-no-longer-needed" and - ruleId = "FIO51-CPP" + ruleId = "FIO51-CPP" and + category = "rule" } module IOPackage { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Includes.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Includes.qll index f446959ac5..f4eb83bc3e 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Includes.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Includes.qll @@ -11,14 +11,15 @@ newtype IncludesQuery = TExternalLinkageNotDeclaredInHeaderFileQuery() or TIncludeGuardsNotProvidedQuery() -predicate isIncludesQueryMetadata(Query query, string queryId, string ruleId) { +predicate isIncludesQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `unusedIncludeDirectives` query IncludesPackage::unusedIncludeDirectivesQuery() and queryId = // `@id` for the `unusedIncludeDirectives` query "cpp/autosar/unused-include-directives" and - ruleId = "A16-2-2" + ruleId = "A16-2-2" and + category = "required" or query = // `Query` instance for the `violationsOfOneDefinitionRule` query @@ -26,7 +27,8 @@ predicate isIncludesQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `violationsOfOneDefinitionRule` query "cpp/autosar/violations-of-one-definition-rule" and - ruleId = "A3-1-1" + ruleId = "A3-1-1" and + category = "required" or query = // `Query` instance for the `headerFileExpectedFileNameExtension` query @@ -34,7 +36,8 @@ predicate isIncludesQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `headerFileExpectedFileNameExtension` query "cpp/autosar/header-file-expected-file-name-extension" and - ruleId = "A3-1-2" + ruleId = "A3-1-2" and + category = "required" or query = // `Query` instance for the `fileNameExtensionCpp` query @@ -42,7 +45,8 @@ predicate isIncludesQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `fileNameExtensionCpp` query "cpp/autosar/file-name-extension-cpp" and - ruleId = "A3-1-3" + ruleId = "A3-1-3" and + category = "advisory" or query = // `Query` instance for the `externalLinkageNotDeclaredInHeaderFile` query @@ -50,7 +54,8 @@ predicate isIncludesQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `externalLinkageNotDeclaredInHeaderFile` query "cpp/autosar/external-linkage-not-declared-in-header-file" and - ruleId = "A3-3-1" + ruleId = "A3-3-1" and + category = "required" or query = // `Query` instance for the `includeGuardsNotProvided` query @@ -58,7 +63,8 @@ predicate isIncludesQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `includeGuardsNotProvided` query "cpp/autosar/include-guards-not-provided" and - ruleId = "M16-2-3" + ruleId = "M16-2-3" and + category = "required" } module IncludesPackage { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Inheritance.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Inheritance.qll index fe8ae3f155..a3775b87d6 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Inheritance.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Inheritance.qll @@ -18,14 +18,15 @@ newtype InheritanceQuery = TDoNotSliceDerivedObjectsQuery() or TDoNotDeleteAPolymorphicObjectWithoutAVirtualDestructorQuery() -predicate isInheritanceQueryMetadata(Query query, string queryId, string ruleId) { +predicate isInheritanceQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `publicInheritanceNotUsedForIsARelationship` query InheritancePackage::publicInheritanceNotUsedForIsARelationshipQuery() and queryId = // `@id` for the `publicInheritanceNotUsedForIsARelationship` query "cpp/autosar/public-inheritance-not-used-for-is-a-relationship" and - ruleId = "A10-0-1" + ruleId = "A10-0-1" and + category = "required" or query = // `Query` instance for the `nonPublicInheritanceNotUsedForHasARelationship` query @@ -33,7 +34,8 @@ predicate isInheritanceQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `nonPublicInheritanceNotUsedForHasARelationship` query "cpp/autosar/non-public-inheritance-not-used-for-has-a-relationship" and - ruleId = "A10-0-2" + ruleId = "A10-0-2" and + category = "required" or query = // `Query` instance for the `classDerivedFromMoreThanOneNonInterfaceBaseClass` query @@ -41,7 +43,8 @@ predicate isInheritanceQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `classDerivedFromMoreThanOneNonInterfaceBaseClass` query "cpp/autosar/class-derived-from-more-than-one-non-interface-base-class" and - ruleId = "A10-1-1" + ruleId = "A10-1-1" and + category = "required" or query = // `Query` instance for the `hierarchiesShouldBeBasedOnInterfaceClasses` query @@ -49,7 +52,8 @@ predicate isInheritanceQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `hierarchiesShouldBeBasedOnInterfaceClasses` query "cpp/autosar/hierarchies-should-be-based-on-interface-classes" and - ruleId = "A10-4-1" + ruleId = "A10-4-1" and + category = "advisory" or query = // `Query` instance for the `classesShouldNotBeDerivedFromVirtualBases` query @@ -57,7 +61,8 @@ predicate isInheritanceQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `classesShouldNotBeDerivedFromVirtualBases` query "cpp/autosar/classes-should-not-be-derived-from-virtual-bases" and - ruleId = "M10-1-1" + ruleId = "M10-1-1" and + category = "advisory" or query = // `Query` instance for the `baseClassCanBeVirtualOnlyInDiamondHierarchy` query @@ -65,7 +70,8 @@ predicate isInheritanceQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `baseClassCanBeVirtualOnlyInDiamondHierarchy` query "cpp/autosar/base-class-can-be-virtual-only-in-diamond-hierarchy" and - ruleId = "M10-1-2" + ruleId = "M10-1-2" and + category = "required" or query = // `Query` instance for the `accessibleBaseClassBothVirtualAndNonVirtualInHierarchy` query @@ -73,7 +79,8 @@ predicate isInheritanceQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `accessibleBaseClassBothVirtualAndNonVirtualInHierarchy` query "cpp/autosar/accessible-base-class-both-virtual-and-non-virtual-in-hierarchy" and - ruleId = "M10-1-3" + ruleId = "M10-1-3" and + category = "required" or query = // `Query` instance for the `uniqueAccessibleEntityNamesInMultipleInheritance` query @@ -81,7 +88,8 @@ predicate isInheritanceQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `uniqueAccessibleEntityNamesInMultipleInheritance` query "cpp/autosar/unique-accessible-entity-names-in-multiple-inheritance" and - ruleId = "M10-2-1" + ruleId = "M10-2-1" and + category = "advisory" or query = // `Query` instance for the `dynamicTypeOfThisUsedFromConstructorOrDestructor` query @@ -89,7 +97,8 @@ predicate isInheritanceQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `dynamicTypeOfThisUsedFromConstructorOrDestructor` query "cpp/autosar/dynamic-type-of-this-used-from-constructor-or-destructor" and - ruleId = "M12-1-1" + ruleId = "M12-1-1" and + category = "required" or query = // `Query` instance for the `downcastingShouldNotBePerformedOnPolymorphicTypes` query @@ -97,7 +106,8 @@ predicate isInheritanceQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `downcastingShouldNotBePerformedOnPolymorphicTypes` query "cpp/autosar/downcasting-should-not-be-performed-on-polymorphic-types" and - ruleId = "M5-2-3" + ruleId = "M5-2-3" and + category = "advisory" or query = // `Query` instance for the `doNotInvokeVirtualFunctionsFromConstructorsOrDestructors` query @@ -105,7 +115,8 @@ predicate isInheritanceQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `doNotInvokeVirtualFunctionsFromConstructorsOrDestructors` query "cpp/cert/do-not-invoke-virtual-functions-from-constructors-or-destructors" and - ruleId = "OOP50-CPP" + ruleId = "OOP50-CPP" and + category = "rule" or query = // `Query` instance for the `doNotSliceDerivedObjects` query @@ -113,7 +124,8 @@ predicate isInheritanceQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `doNotSliceDerivedObjects` query "cpp/cert/do-not-slice-derived-objects" and - ruleId = "OOP51-CPP" + ruleId = "OOP51-CPP" and + category = "rule" or query = // `Query` instance for the `doNotDeleteAPolymorphicObjectWithoutAVirtualDestructor` query @@ -121,7 +133,8 @@ predicate isInheritanceQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `doNotDeleteAPolymorphicObjectWithoutAVirtualDestructor` query "cpp/cert/do-not-delete-a-polymorphic-object-without-a-virtual-destructor" and - ruleId = "OOP52-CPP" + ruleId = "OOP52-CPP" and + category = "rule" } module InheritancePackage { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Initialization.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Initialization.qll index 45ce339b25..6c8d0f5258 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Initialization.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Initialization.qll @@ -26,14 +26,15 @@ newtype InitializationQuery = TBadlySeededRandomNumberGeneratorQuery() or TUseCanonicalOrderForMemberInitQuery() -predicate isInitializationQueryMetadata(Query query, string queryId, string ruleId) { +predicate isInitializationQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `explicitConstructorBaseClassInitialization` query InitializationPackage::explicitConstructorBaseClassInitializationQuery() and queryId = // `@id` for the `explicitConstructorBaseClassInitialization` query "cpp/autosar/explicit-constructor-base-class-initialization" and - ruleId = "A12-1-1" + ruleId = "A12-1-1" and + category = "required" or query = // `Query` instance for the `nonStaticMemberMultipleInit` query @@ -41,7 +42,8 @@ predicate isInitializationQueryMetadata(Query query, string queryId, string rule queryId = // `@id` for the `nonStaticMemberMultipleInit` query "cpp/autosar/non-static-member-multiple-init" and - ruleId = "A12-1-2" + ruleId = "A12-1-2" and + category = "required" or query = // `Query` instance for the `missedNSDMIOpportunity` query @@ -49,7 +51,8 @@ predicate isInitializationQueryMetadata(Query query, string queryId, string rule queryId = // `@id` for the `missedNSDMIOpportunity` query "cpp/autosar/missed-nsdmi-opportunity" and - ruleId = "A12-1-3" + ruleId = "A12-1-3" and + category = "required" or query = // `Query` instance for the `constructorWithFundamentalArgMissingExplicit` query @@ -57,7 +60,8 @@ predicate isInitializationQueryMetadata(Query query, string queryId, string rule queryId = // `@id` for the `constructorWithFundamentalArgMissingExplicit` query "cpp/autosar/constructor-with-fundamental-arg-missing-explicit" and - ruleId = "A12-1-4" + ruleId = "A12-1-4" and + category = "required" or query = // `Query` instance for the `avoidDuplicationInConstructors` query @@ -65,7 +69,8 @@ predicate isInitializationQueryMetadata(Query query, string queryId, string rule queryId = // `@id` for the `avoidDuplicationInConstructors` query "cpp/autosar/avoid-duplication-in-constructors" and - ruleId = "A12-1-5" + ruleId = "A12-1-5" and + category = "required" or query = // `Query` instance for the `useInheritingConstructors` query @@ -73,7 +78,8 @@ predicate isInitializationQueryMetadata(Query query, string queryId, string rule queryId = // `@id` for the `useInheritingConstructors` query "cpp/autosar/use-inheriting-constructors" and - ruleId = "A12-1-6" + ruleId = "A12-1-6" and + category = "required" or query = // `Query` instance for the `moveConstructorUsesCopySemantics` query @@ -81,7 +87,8 @@ predicate isInitializationQueryMetadata(Query query, string queryId, string rule queryId = // `@id` for the `moveConstructorUsesCopySemantics` query "cpp/autosar/move-constructor-uses-copy-semantics" and - ruleId = "A12-8-4" + ruleId = "A12-8-4" and + category = "required" or query = // `Query` instance for the `randomNumberEnginesDefaultInitialized` query @@ -89,7 +96,8 @@ predicate isInitializationQueryMetadata(Query query, string queryId, string rule queryId = // `@id` for the `randomNumberEnginesDefaultInitialized` query "cpp/autosar/random-number-engines-default-initialized" and - ruleId = "A26-5-2" + ruleId = "A26-5-2" and + category = "required" or query = // `Query` instance for the `staticOrThreadLocalObjectsNonConstantInit` query @@ -97,7 +105,8 @@ predicate isInitializationQueryMetadata(Query query, string queryId, string rule queryId = // `@id` for the `staticOrThreadLocalObjectsNonConstantInit` query "cpp/autosar/static-or-thread-local-objects-non-constant-init" and - ruleId = "A3-3-2" + ruleId = "A3-3-2" and + category = "required" or query = // `Query` instance for the `initializationListOutOfOrder` query @@ -105,7 +114,8 @@ predicate isInitializationQueryMetadata(Query query, string queryId, string rule queryId = // `@id` for the `initializationListOutOfOrder` query "cpp/autosar/initialization-list-out-of-order" and - ruleId = "A8-5-1" + ruleId = "A8-5-1" and + category = "required" or query = // `Query` instance for the `useBracedVariableInitialization` query @@ -113,7 +123,8 @@ predicate isInitializationQueryMetadata(Query query, string queryId, string rule queryId = // `@id` for the `useBracedVariableInitialization` query "cpp/autosar/use-braced-variable-initialization" and - ruleId = "A8-5-2" + ruleId = "A8-5-2" and + category = "required" or query = // `Query` instance for the `avoidAutoWithBracedInitialization` query @@ -121,7 +132,8 @@ predicate isInitializationQueryMetadata(Query query, string queryId, string rule queryId = // `@id` for the `avoidAutoWithBracedInitialization` query "cpp/autosar/avoid-auto-with-braced-initialization" and - ruleId = "A8-5-3" + ruleId = "A8-5-3" and + category = "required" or query = // `Query` instance for the `confusingUseOfInitializerListConstructors` query @@ -129,7 +141,8 @@ predicate isInitializationQueryMetadata(Query query, string queryId, string rule queryId = // `@id` for the `confusingUseOfInitializerListConstructors` query "cpp/autosar/confusing-use-of-initializer-list-constructors" and - ruleId = "A8-5-4" + ruleId = "A8-5-4" and + category = "advisory" or query = // `Query` instance for the `multipleLocalDeclarators` query @@ -137,7 +150,8 @@ predicate isInitializationQueryMetadata(Query query, string queryId, string rule queryId = // `@id` for the `multipleLocalDeclarators` query "cpp/autosar/multiple-local-declarators" and - ruleId = "M8-0-1" + ruleId = "M8-0-1" and + category = "required" or query = // `Query` instance for the `multipleGlobalOrMemberDeclarators` query @@ -145,7 +159,8 @@ predicate isInitializationQueryMetadata(Query query, string queryId, string rule queryId = // `@id` for the `multipleGlobalOrMemberDeclarators` query "cpp/autosar/multiple-global-or-member-declarators" and - ruleId = "M8-0-1" + ruleId = "M8-0-1" and + category = "required" or query = // `Query` instance for the `useInitBracesToMatchTypeStructure` query @@ -153,7 +168,8 @@ predicate isInitializationQueryMetadata(Query query, string queryId, string rule queryId = // `@id` for the `useInitBracesToMatchTypeStructure` query "cpp/autosar/use-init-braces-to-match-type-structure" and - ruleId = "M8-5-2" + ruleId = "M8-5-2" and + category = "required" or query = // `Query` instance for the `missingExplicitInitializers` query @@ -161,7 +177,8 @@ predicate isInitializationQueryMetadata(Query query, string queryId, string rule queryId = // `@id` for the `missingExplicitInitializers` query "cpp/autosar/missing-explicit-initializers" and - ruleId = "M8-5-2" + ruleId = "M8-5-2" and + category = "required" or query = // `Query` instance for the `nestedZeroValueInitialization` query @@ -169,7 +186,8 @@ predicate isInitializationQueryMetadata(Query query, string queryId, string rule queryId = // `@id` for the `nestedZeroValueInitialization` query "cpp/autosar/nested-zero-value-initialization" and - ruleId = "M8-5-2" + ruleId = "M8-5-2" and + category = "required" or query = // `Query` instance for the `cyclesDuringStaticObjectInit` query @@ -177,7 +195,8 @@ predicate isInitializationQueryMetadata(Query query, string queryId, string rule queryId = // `@id` for the `cyclesDuringStaticObjectInit` query "cpp/cert/cycles-during-static-object-init" and - ruleId = "DCL56-CPP" + ruleId = "DCL56-CPP" and + category = "rule" or query = // `Query` instance for the `badlySeededRandomNumberGenerator` query @@ -185,7 +204,8 @@ predicate isInitializationQueryMetadata(Query query, string queryId, string rule queryId = // `@id` for the `badlySeededRandomNumberGenerator` query "cpp/cert/badly-seeded-random-number-generator" and - ruleId = "MSC51-CPP" + ruleId = "MSC51-CPP" and + category = "rule" or query = // `Query` instance for the `useCanonicalOrderForMemberInit` query @@ -193,7 +213,8 @@ predicate isInitializationQueryMetadata(Query query, string queryId, string rule queryId = // `@id` for the `useCanonicalOrderForMemberInit` query "cpp/cert/use-canonical-order-for-member-init" and - ruleId = "OOP53-CPP" + ruleId = "OOP53-CPP" and + category = "rule" } module InitializationPackage { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/IntegerConversion.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/IntegerConversion.qll index 2387f7f4c4..522ddbe31c 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/IntegerConversion.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/IntegerConversion.qll @@ -15,14 +15,15 @@ newtype IntegerConversionQuery = TExplicitWideningConversionOfACValueExprQuery() or TExplicitSignednessConversionOfCValueQuery() -predicate isIntegerConversionQueryMetadata(Query query, string queryId, string ruleId) { +predicate isIntegerConversionQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `integerExpressionLeadToDataLoss` query IntegerConversionPackage::integerExpressionLeadToDataLossQuery() and queryId = // `@id` for the `integerExpressionLeadToDataLoss` query "cpp/autosar/integer-expression-lead-to-data-loss" and - ruleId = "A4-7-1" + ruleId = "A4-7-1" and + category = "required" or query = // `Query` instance for the `intMultToLong` query @@ -30,7 +31,8 @@ predicate isIntegerConversionQueryMetadata(Query query, string queryId, string r queryId = // `@id` for the `intMultToLong` query "cpp/autosar/int-mult-to-long" and - ruleId = "A4-7-1" + ruleId = "A4-7-1" and + category = "required" or query = // `Query` instance for the `implicitChangeOfTheSignednessOfTheUnderlyingType` query @@ -38,7 +40,8 @@ predicate isIntegerConversionQueryMetadata(Query query, string queryId, string r queryId = // `@id` for the `implicitChangeOfTheSignednessOfTheUnderlyingType` query "cpp/autosar/implicit-change-of-the-signedness-of-the-underlying-type" and - ruleId = "M5-0-4" + ruleId = "M5-0-4" and + category = "required" or query = // `Query` instance for the `implicitNonConstFloatingIntegralConversion` query @@ -46,7 +49,8 @@ predicate isIntegerConversionQueryMetadata(Query query, string queryId, string r queryId = // `@id` for the `implicitNonConstFloatingIntegralConversion` query "cpp/autosar/implicit-non-const-floating-integral-conversion" and - ruleId = "M5-0-5" + ruleId = "M5-0-5" and + category = "required" or query = // `Query` instance for the `implicitConstFloatingIntegralConversion` query @@ -54,7 +58,8 @@ predicate isIntegerConversionQueryMetadata(Query query, string queryId, string r queryId = // `@id` for the `implicitConstFloatingIntegralConversion` query "cpp/autosar/implicit-const-floating-integral-conversion" and - ruleId = "M5-0-5" + ruleId = "M5-0-5" and + category = "required" or query = // `Query` instance for the `implicitNonConstConversionToSmallerUnderlyingType` query @@ -62,7 +67,8 @@ predicate isIntegerConversionQueryMetadata(Query query, string queryId, string r queryId = // `@id` for the `implicitNonConstConversionToSmallerUnderlyingType` query "cpp/autosar/implicit-non-const-conversion-to-smaller-underlying-type" and - ruleId = "M5-0-6" + ruleId = "M5-0-6" and + category = "required" or query = // `Query` instance for the `implicitConstConversionToSmallerUnderlyingType` query @@ -70,7 +76,8 @@ predicate isIntegerConversionQueryMetadata(Query query, string queryId, string r queryId = // `@id` for the `implicitConstConversionToSmallerUnderlyingType` query "cpp/autosar/implicit-const-conversion-to-smaller-underlying-type" and - ruleId = "M5-0-6" + ruleId = "M5-0-6" and + category = "required" or query = // `Query` instance for the `explicitFloatingIntegralConversionOfACValueExpr` query @@ -78,7 +85,8 @@ predicate isIntegerConversionQueryMetadata(Query query, string queryId, string r queryId = // `@id` for the `explicitFloatingIntegralConversionOfACValueExpr` query "cpp/autosar/explicit-floating-integral-conversion-of-ac-value-expr" and - ruleId = "M5-0-7" + ruleId = "M5-0-7" and + category = "required" or query = // `Query` instance for the `explicitWideningConversionOfACValueExpr` query @@ -86,7 +94,8 @@ predicate isIntegerConversionQueryMetadata(Query query, string queryId, string r queryId = // `@id` for the `explicitWideningConversionOfACValueExpr` query "cpp/autosar/explicit-widening-conversion-of-ac-value-expr" and - ruleId = "M5-0-8" + ruleId = "M5-0-8" and + category = "required" or query = // `Query` instance for the `explicitSignednessConversionOfCValue` query @@ -94,7 +103,8 @@ predicate isIntegerConversionQueryMetadata(Query query, string queryId, string r queryId = // `@id` for the `explicitSignednessConversionOfCValue` query "cpp/autosar/explicit-signedness-conversion-of-c-value" and - ruleId = "M5-0-9" + ruleId = "M5-0-9" and + category = "required" } module IntegerConversionPackage { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Invariants.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Invariants.qll index a084dfcdf8..7633df480a 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Invariants.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Invariants.qll @@ -11,14 +11,15 @@ newtype InvariantsQuery = THonorTerminationReplacementHandlerRequirementsQuery() or THonorNewReplacementHandlerRequirementsQuery() -predicate isInvariantsQueryMetadata(Query query, string queryId, string ruleId) { +predicate isInvariantsQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `memoryManagementFunctionInvariants` query InvariantsPackage::memoryManagementFunctionInvariantsQuery() and queryId = // `@id` for the `memoryManagementFunctionInvariants` query "cpp/autosar/memory-management-function-invariants" and - ruleId = "A18-5-5" + ruleId = "A18-5-5" and + category = "required" or query = // `Query` instance for the `orderingPredicatesInvariants` query @@ -26,7 +27,8 @@ predicate isInvariantsQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `orderingPredicatesInvariants` query "cpp/autosar/ordering-predicates-invariants" and - ruleId = "A25-4-1" + ruleId = "A25-4-1" and + category = "required" or query = // `Query` instance for the `provideAValidOrderingPredicate` query @@ -34,7 +36,8 @@ predicate isInvariantsQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `provideAValidOrderingPredicate` query "cpp/cert/provide-a-valid-ordering-predicate" and - ruleId = "CTR57-CPP" + ruleId = "CTR57-CPP" and + category = "rule" or query = // `Query` instance for the `signalHandlerMustBeAPlainOldFunction` query @@ -42,7 +45,8 @@ predicate isInvariantsQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `signalHandlerMustBeAPlainOldFunction` query "cpp/cert/signal-handler-must-be-a-plain-old-function" and - ruleId = "MSC54-CPP" + ruleId = "MSC54-CPP" and + category = "rule" or query = // `Query` instance for the `honorTerminationReplacementHandlerRequirements` query @@ -50,7 +54,8 @@ predicate isInvariantsQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `honorTerminationReplacementHandlerRequirements` query "cpp/cert/honor-termination-replacement-handler-requirements" and - ruleId = "OOP56-CPP" + ruleId = "OOP56-CPP" and + category = "rule" or query = // `Query` instance for the `honorNewReplacementHandlerRequirements` query @@ -58,7 +63,8 @@ predicate isInvariantsQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `honorNewReplacementHandlerRequirements` query "cpp/cert/honor-new-replacement-handler-requirements" and - ruleId = "OOP56-CPP" + ruleId = "OOP56-CPP" and + category = "rule" } module InvariantsPackage { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Iterators.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Iterators.qll index 619e955fd4..5dac989603 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Iterators.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Iterators.qll @@ -12,14 +12,15 @@ newtype IteratorsQuery = TDoNotUseAnAdditiveOperatorOnAnIteratorQuery() or TUseValidReferencesForElementsOfStringQuery() -predicate isIteratorsQueryMetadata(Query query, string queryId, string ruleId) { +predicate isIteratorsQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `iteratorImplicitlyConvertedToConstIterator` query IteratorsPackage::iteratorImplicitlyConvertedToConstIteratorQuery() and queryId = // `@id` for the `iteratorImplicitlyConvertedToConstIterator` query "cpp/autosar/iterator-implicitly-converted-to-const-iterator" and - ruleId = "A23-0-1" + ruleId = "A23-0-1" and + category = "required" or query = // `Query` instance for the `validContainerElementAccess` query @@ -27,7 +28,8 @@ predicate isIteratorsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `validContainerElementAccess` query "cpp/autosar/valid-container-element-access" and - ruleId = "A23-0-2" + ruleId = "A23-0-2" and + category = "required" or query = // `Query` instance for the `usesValidContainerElementAccess` query @@ -35,7 +37,8 @@ predicate isIteratorsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `usesValidContainerElementAccess` query "cpp/cert/uses-valid-container-element-access" and - ruleId = "CTR51-CPP" + ruleId = "CTR51-CPP" and + category = "rule" or query = // `Query` instance for the `useValidIteratorRanges` query @@ -43,7 +46,8 @@ predicate isIteratorsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `useValidIteratorRanges` query "cpp/cert/use-valid-iterator-ranges" and - ruleId = "CTR53-CPP" + ruleId = "CTR53-CPP" and + category = "rule" or query = // `Query` instance for the `doNotSubtractIteratorsForDifferentContainers` query @@ -51,7 +55,8 @@ predicate isIteratorsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `doNotSubtractIteratorsForDifferentContainers` query "cpp/cert/do-not-subtract-iterators-for-different-containers" and - ruleId = "CTR54-CPP" + ruleId = "CTR54-CPP" and + category = "rule" or query = // `Query` instance for the `doNotUseAnAdditiveOperatorOnAnIterator` query @@ -59,7 +64,8 @@ predicate isIteratorsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `doNotUseAnAdditiveOperatorOnAnIterator` query "cpp/cert/do-not-use-an-additive-operator-on-an-iterator" and - ruleId = "CTR55-CPP" + ruleId = "CTR55-CPP" and + category = "rule" or query = // `Query` instance for the `useValidReferencesForElementsOfString` query @@ -67,7 +73,8 @@ predicate isIteratorsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `useValidReferencesForElementsOfString` query "cpp/cert/use-valid-references-for-elements-of-string" and - ruleId = "STR52-CPP" + ruleId = "STR52-CPP" and + category = "rule" } module IteratorsPackage { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Lambdas.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Lambdas.qll index 7d51a5022d..279b39ba9b 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Lambdas.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Lambdas.qll @@ -16,14 +16,15 @@ newtype LambdasQuery = TReturningLambdaObjectWithCaptureByReferenceQuery() or TEscapingLambdaObjectWithCaptureByReferenceQuery() -predicate isLambdasQueryMetadata(Query query, string queryId, string ruleId) { +predicate isLambdasQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `implicitLambdaCapture` query LambdasPackage::implicitLambdaCaptureQuery() and queryId = // `@id` for the `implicitLambdaCapture` query "cpp/autosar/implicit-lambda-capture" and - ruleId = "A5-1-2" + ruleId = "A5-1-2" and + category = "required" or query = // `Query` instance for the `lambdaExpressionWithoutParameterList` query @@ -31,7 +32,8 @@ predicate isLambdasQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `lambdaExpressionWithoutParameterList` query "cpp/autosar/lambda-expression-without-parameter-list" and - ruleId = "A5-1-3" + ruleId = "A5-1-3" and + category = "required" or query = // `Query` instance for the `returnedLambdaObjectOutlivesCaptureByReference` query @@ -39,7 +41,8 @@ predicate isLambdasQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `returnedLambdaObjectOutlivesCaptureByReference` query "cpp/autosar/returned-lambda-object-outlives-capture-by-reference" and - ruleId = "A5-1-4" + ruleId = "A5-1-4" and + category = "required" or query = // `Query` instance for the `movedLambdaObjectOutlivesCaptureByReference` query @@ -47,7 +50,8 @@ predicate isLambdasQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `movedLambdaObjectOutlivesCaptureByReference` query "cpp/autosar/moved-lambda-object-outlives-capture-by-reference" and - ruleId = "A5-1-4" + ruleId = "A5-1-4" and + category = "required" or query = // `Query` instance for the `lambdaWithImplicitNonVoidReturnType` query @@ -55,7 +59,8 @@ predicate isLambdasQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `lambdaWithImplicitNonVoidReturnType` query "cpp/autosar/lambda-with-implicit-non-void-return-type" and - ruleId = "A5-1-6" + ruleId = "A5-1-6" and + category = "advisory" or query = // `Query` instance for the `lambdaPassedToDecltype` query @@ -63,7 +68,8 @@ predicate isLambdasQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `lambdaPassedToDecltype` query "cpp/autosar/lambda-passed-to-decltype" and - ruleId = "A5-1-7" + ruleId = "A5-1-7" and + category = "required" or query = // `Query` instance for the `lambdaPassedToTypeid` query @@ -71,7 +77,8 @@ predicate isLambdasQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `lambdaPassedToTypeid` query "cpp/autosar/lambda-passed-to-typeid" and - ruleId = "A5-1-7" + ruleId = "A5-1-7" and + category = "required" or query = // `Query` instance for the `lambdaExpressionInLambdaExpression` query @@ -79,7 +86,8 @@ predicate isLambdasQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `lambdaExpressionInLambdaExpression` query "cpp/autosar/lambda-expression-in-lambda-expression" and - ruleId = "A5-1-8" + ruleId = "A5-1-8" and + category = "advisory" or query = // `Query` instance for the `identicalLambdaExpressions` query @@ -87,7 +95,8 @@ predicate isLambdasQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `identicalLambdaExpressions` query "cpp/autosar/identical-lambda-expressions" and - ruleId = "A5-1-9" + ruleId = "A5-1-9" and + category = "advisory" or query = // `Query` instance for the `returningLambdaObjectWithCaptureByReference` query @@ -95,7 +104,8 @@ predicate isLambdasQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `returningLambdaObjectWithCaptureByReference` query "cpp/cert/returning-lambda-object-with-capture-by-reference" and - ruleId = "EXP61-CPP" + ruleId = "EXP61-CPP" and + category = "rule" or query = // `Query` instance for the `escapingLambdaObjectWithCaptureByReference` query @@ -103,7 +113,8 @@ predicate isLambdasQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `escapingLambdaObjectWithCaptureByReference` query "cpp/cert/escaping-lambda-object-with-capture-by-reference" and - ruleId = "EXP61-CPP" + ruleId = "EXP61-CPP" and + category = "rule" } module LambdasPackage { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Literals.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Literals.qll index 1413b0a6fc..16befefd32 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Literals.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Literals.qll @@ -16,14 +16,15 @@ newtype LiteralsQuery = TNullUsedAsIntegerValueQuery() or TLiteralZeroUsedAsNullPointerConstantQuery() -predicate isLiteralsQueryMetadata(Query query, string queryId, string ruleId) { +predicate isLiteralsQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `useCorrectIntervalForDigitSequencesSeparators` query LiteralsPackage::useCorrectIntervalForDigitSequencesSeparatorsQuery() and queryId = // `@id` for the `useCorrectIntervalForDigitSequencesSeparators` query "cpp/autosar/use-correct-interval-for-digit-sequences-separators" and - ruleId = "A13-6-1" + ruleId = "A13-6-1" and + category = "required" or query = // `Query` instance for the `escapeSequenceOutsideISO` query @@ -31,7 +32,8 @@ predicate isLiteralsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `escapeSequenceOutsideISO` query "cpp/autosar/escape-sequence-outside-iso" and - ruleId = "A2-13-1" + ruleId = "A2-13-1" and + category = "required" or query = // `Query` instance for the `hexadecimalConstantsShouldBeUpperCase` query @@ -39,7 +41,8 @@ predicate isLiteralsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `hexadecimalConstantsShouldBeUpperCase` query "cpp/autosar/hexadecimal-constants-should-be-upper-case" and - ruleId = "A2-13-5" + ruleId = "A2-13-5" and + category = "advisory" or query = // `Query` instance for the `nullPointerConstantNotNullptr` query @@ -47,7 +50,8 @@ predicate isLiteralsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `nullPointerConstantNotNullptr` query "cpp/autosar/null-pointer-constant-not-nullptr" and - ruleId = "A4-10-1" + ruleId = "A4-10-1" and + category = "required" or query = // `Query` instance for the `literalValueUsedOutsideTypeInit` query @@ -55,7 +59,8 @@ predicate isLiteralsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `literalValueUsedOutsideTypeInit` query "cpp/autosar/literal-value-used-outside-type-init" and - ruleId = "A5-1-1" + ruleId = "A5-1-1" and + category = "required" or query = // `Query` instance for the `useOfNonZeroOctalLiteral` query @@ -63,7 +68,8 @@ predicate isLiteralsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `useOfNonZeroOctalLiteral` query "cpp/autosar/use-of-non-zero-octal-literal" and - ruleId = "M2-13-2" + ruleId = "M2-13-2" and + category = "required" or query = // `Query` instance for the `useOfNonZeroOctalEscape` query @@ -71,7 +77,8 @@ predicate isLiteralsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `useOfNonZeroOctalEscape` query "cpp/autosar/use-of-non-zero-octal-escape" and - ruleId = "M2-13-2" + ruleId = "M2-13-2" and + category = "required" or query = // `Query` instance for the `missingUSuffix` query @@ -79,7 +86,8 @@ predicate isLiteralsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `missingUSuffix` query "cpp/autosar/missing-u-suffix" and - ruleId = "M2-13-3" + ruleId = "M2-13-3" and + category = "required" or query = // `Query` instance for the `literalSuffixNotUpperCase` query @@ -87,7 +95,8 @@ predicate isLiteralsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `literalSuffixNotUpperCase` query "cpp/autosar/literal-suffix-not-upper-case" and - ruleId = "M2-13-4" + ruleId = "M2-13-4" and + category = "required" or query = // `Query` instance for the `nullUsedAsIntegerValue` query @@ -95,7 +104,8 @@ predicate isLiteralsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `nullUsedAsIntegerValue` query "cpp/autosar/null-used-as-integer-value" and - ruleId = "M4-10-1" + ruleId = "M4-10-1" and + category = "required" or query = // `Query` instance for the `literalZeroUsedAsNullPointerConstant` query @@ -103,7 +113,8 @@ predicate isLiteralsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `literalZeroUsedAsNullPointerConstant` query "cpp/autosar/literal-zero-used-as-null-pointer-constant" and - ruleId = "M4-10-2" + ruleId = "M4-10-2" and + category = "required" } module LiteralsPackage { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Loops.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Loops.qll index 65286eed6f..9d9b99989a 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Loops.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Loops.qll @@ -18,14 +18,15 @@ newtype LoopsQuery = TLoopControlVariableModifiedInLoopExpressionQuery() or TNonBooleanLoopControlVariableQuery() -predicate isLoopsQueryMetadata(Query query, string queryId, string ruleId) { +predicate isLoopsQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `unusedLoopCounterForContainerIteration` query LoopsPackage::unusedLoopCounterForContainerIterationQuery() and queryId = // `@id` for the `unusedLoopCounterForContainerIteration` query "cpp/autosar/unused-loop-counter-for-container-iteration" and - ruleId = "A6-5-1" + ruleId = "A6-5-1" and + category = "required" or query = // `Query` instance for the `multipleLoopCounters` query @@ -33,7 +34,8 @@ predicate isLoopsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `multipleLoopCounters` query "cpp/autosar/multiple-loop-counters" and - ruleId = "A6-5-2" + ruleId = "A6-5-2" and + category = "required" or query = // `Query` instance for the `floatingPointLoopCounter` query @@ -41,7 +43,8 @@ predicate isLoopsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `floatingPointLoopCounter` query "cpp/autosar/floating-point-loop-counter" and - ruleId = "A6-5-2" + ruleId = "A6-5-2" and + category = "required" or query = // `Query` instance for the `doStatementsShouldNotBeUsed` query @@ -49,7 +52,8 @@ predicate isLoopsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `doStatementsShouldNotBeUsed` query "cpp/autosar/do-statements-should-not-be-used" and - ruleId = "A6-5-3" + ruleId = "A6-5-3" and + category = "advisory" or query = // `Query` instance for the `forLoopInitializesNonLoopCounter` query @@ -57,7 +61,8 @@ predicate isLoopsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `forLoopInitializesNonLoopCounter` query "cpp/autosar/for-loop-initializes-non-loop-counter" and - ruleId = "A6-5-4" + ruleId = "A6-5-4" and + category = "advisory" or query = // `Query` instance for the `forLoopModifiesNonLoopCounter` query @@ -65,7 +70,8 @@ predicate isLoopsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `forLoopModifiesNonLoopCounter` query "cpp/autosar/for-loop-modifies-non-loop-counter" and - ruleId = "A6-5-4" + ruleId = "A6-5-4" and + category = "advisory" or query = // `Query` instance for the `notEqualsInLoopCondition` query @@ -73,7 +79,8 @@ predicate isLoopsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `notEqualsInLoopCondition` query "cpp/autosar/not-equals-in-loop-condition" and - ruleId = "M6-5-2" + ruleId = "M6-5-2" and + category = "required" or query = // `Query` instance for the `loopCounterModifiedWithinCondition` query @@ -81,7 +88,8 @@ predicate isLoopsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `loopCounterModifiedWithinCondition` query "cpp/autosar/loop-counter-modified-within-condition" and - ruleId = "M6-5-3" + ruleId = "M6-5-3" and + category = "required" or query = // `Query` instance for the `loopCounterModifiedWithinStatement` query @@ -89,7 +97,8 @@ predicate isLoopsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `loopCounterModifiedWithinStatement` query "cpp/autosar/loop-counter-modified-within-statement" and - ruleId = "M6-5-3" + ruleId = "M6-5-3" and + category = "required" or query = // `Query` instance for the `irregularLoopCounterModification` query @@ -97,7 +106,8 @@ predicate isLoopsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `irregularLoopCounterModification` query "cpp/autosar/irregular-loop-counter-modification" and - ruleId = "M6-5-4" + ruleId = "M6-5-4" and + category = "required" or query = // `Query` instance for the `loopControlVariableModifiedInLoopCondition` query @@ -105,7 +115,8 @@ predicate isLoopsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `loopControlVariableModifiedInLoopCondition` query "cpp/autosar/loop-control-variable-modified-in-loop-condition" and - ruleId = "M6-5-5" + ruleId = "M6-5-5" and + category = "required" or query = // `Query` instance for the `loopControlVariableModifiedInLoopExpression` query @@ -113,7 +124,8 @@ predicate isLoopsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `loopControlVariableModifiedInLoopExpression` query "cpp/autosar/loop-control-variable-modified-in-loop-expression" and - ruleId = "M6-5-5" + ruleId = "M6-5-5" and + category = "required" or query = // `Query` instance for the `nonBooleanLoopControlVariable` query @@ -121,7 +133,8 @@ predicate isLoopsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `nonBooleanLoopControlVariable` query "cpp/autosar/non-boolean-loop-control-variable" and - ruleId = "M6-5-6" + ruleId = "M6-5-6" and + category = "required" } module LoopsPackage { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Macros.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Macros.qll index e9055e8083..0753ffeb48 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Macros.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Macros.qll @@ -17,14 +17,15 @@ newtype MacrosQuery = TMoreThanOneOccurrenceHashOperatorInMacroDefinitionQuery() or THashOperatorsShouldNotBeUsedQuery() -predicate isMacrosQueryMetadata(Query query, string queryId, string ruleId) { +predicate isMacrosQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `preProcessorShallOnlyBeUsedForCertainDirectivesPatterns` query MacrosPackage::preProcessorShallOnlyBeUsedForCertainDirectivesPatternsQuery() and queryId = // `@id` for the `preProcessorShallOnlyBeUsedForCertainDirectivesPatterns` query "cpp/autosar/pre-processor-shall-only-be-used-for-certain-directives-patterns" and - ruleId = "A16-0-1" + ruleId = "A16-0-1" and + category = "required" or query = // `Query` instance for the `charactersOccurInHeaderFileNameOrInIncludeDirective` query @@ -32,7 +33,8 @@ predicate isMacrosQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `charactersOccurInHeaderFileNameOrInIncludeDirective` query "cpp/autosar/characters-occur-in-header-file-name-or-in-include-directive" and - ruleId = "A16-2-1" + ruleId = "A16-2-1" and + category = "required" or query = // `Query` instance for the `errorDirectiveUsed` query @@ -40,7 +42,8 @@ predicate isMacrosQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `errorDirectiveUsed` query "cpp/autosar/error-directive-used" and - ruleId = "A16-6-1" + ruleId = "A16-6-1" and + category = "required" or query = // `Query` instance for the `pragmaDirectiveUsed` query @@ -48,7 +51,8 @@ predicate isMacrosQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `pragmaDirectiveUsed` query "cpp/autosar/pragma-directive-used" and - ruleId = "A16-7-1" + ruleId = "A16-7-1" and + category = "required" or query = // `Query` instance for the `includeDirectivesNotPrecededByDirectivesOrComments` query @@ -56,7 +60,8 @@ predicate isMacrosQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `includeDirectivesNotPrecededByDirectivesOrComments` query "cpp/autosar/include-directives-not-preceded-by-directives-or-comments" and - ruleId = "M16-0-1" + ruleId = "M16-0-1" and + category = "required" or query = // `Query` instance for the `macrosShallOnlyBeDefinedOrUndefdInTheGlobalNamespace` query @@ -64,7 +69,8 @@ predicate isMacrosQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `macrosShallOnlyBeDefinedOrUndefdInTheGlobalNamespace` query "cpp/autosar/macros-shall-only-be-defined-or-undefd-in-the-global-namespace" and - ruleId = "M16-0-2" + ruleId = "M16-0-2" and + category = "required" or query = // `Query` instance for the `functionLikeMacroArgsContainHashToken` query @@ -72,7 +78,8 @@ predicate isMacrosQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `functionLikeMacroArgsContainHashToken` query "cpp/autosar/function-like-macro-args-contain-hash-token" and - ruleId = "M16-0-5" + ruleId = "M16-0-5" and + category = "required" or query = // `Query` instance for the `functionLikeMacroParameterNotEnclosedInParentheses` query @@ -80,7 +87,8 @@ predicate isMacrosQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `functionLikeMacroParameterNotEnclosedInParentheses` query "cpp/autosar/function-like-macro-parameter-not-enclosed-in-parentheses" and - ruleId = "M16-0-6" + ruleId = "M16-0-6" and + category = "required" or query = // `Query` instance for the `undefinedMacroIdentifiersUsedIn` query @@ -88,7 +96,8 @@ predicate isMacrosQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `undefinedMacroIdentifiersUsedIn` query "cpp/autosar/undefined-macro-identifiers-used-in" and - ruleId = "M16-0-7" + ruleId = "M16-0-7" and + category = "required" or query = // `Query` instance for the `definedPreProcessorOperatorInOneOfTheTwoStandardForms` query @@ -96,7 +105,8 @@ predicate isMacrosQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `definedPreProcessorOperatorInOneOfTheTwoStandardForms` query "cpp/autosar/defined-pre-processor-operator-in-one-of-the-two-standard-forms" and - ruleId = "M16-1-1" + ruleId = "M16-1-1" and + category = "required" or query = // `Query` instance for the `moreThanOneOccurrenceHashOperatorInMacroDefinition` query @@ -104,7 +114,8 @@ predicate isMacrosQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `moreThanOneOccurrenceHashOperatorInMacroDefinition` query "cpp/autosar/more-than-one-occurrence-hash-operator-in-macro-definition" and - ruleId = "M16-3-1" + ruleId = "M16-3-1" and + category = "required" or query = // `Query` instance for the `hashOperatorsShouldNotBeUsed` query @@ -112,7 +123,8 @@ predicate isMacrosQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `hashOperatorsShouldNotBeUsed` query "cpp/autosar/hash-operators-should-not-be-used" and - ruleId = "M16-3-2" + ruleId = "M16-3-2" and + category = "advisory" } module MacrosPackage { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/MoveForward.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/MoveForward.qll index c79931bf58..4d61136610 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/MoveForward.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/MoveForward.qll @@ -12,14 +12,15 @@ newtype MoveForwardQuery = TForwardForwardingReferencesQuery() or TDoNotRelyOnTheValueOfAMovedFromObjectQuery() -predicate isMoveForwardQueryMetadata(Query query, string queryId, string ruleId) { +predicate isMoveForwardQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `movedFromObjectReadAccessed` query MoveForwardPackage::movedFromObjectReadAccessedQuery() and queryId = // `@id` for the `movedFromObjectReadAccessed` query "cpp/autosar/moved-from-object-read-accessed" and - ruleId = "A12-8-3" + ruleId = "A12-8-3" and + category = "required" or query = // `Query` instance for the `forwardingValuesToOtherFunctions` query @@ -27,7 +28,8 @@ predicate isMoveForwardQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `forwardingValuesToOtherFunctions` query "cpp/autosar/forwarding-values-to-other-functions" and - ruleId = "A18-9-2" + ruleId = "A18-9-2" and + category = "required" or query = // `Query` instance for the `moveUsedOnConstObjects` query @@ -35,7 +37,8 @@ predicate isMoveForwardQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `moveUsedOnConstObjects` query "cpp/autosar/move-used-on-const-objects" and - ruleId = "A18-9-3" + ruleId = "A18-9-3" and + category = "required" or query = // `Query` instance for the `argumentToForwardSubsequentlyUsed` query @@ -43,7 +46,8 @@ predicate isMoveForwardQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `argumentToForwardSubsequentlyUsed` query "cpp/autosar/argument-to-forward-subsequently-used" and - ruleId = "A18-9-4" + ruleId = "A18-9-4" and + category = "required" or query = // `Query` instance for the `moveFromConsumeParametersRvalRef` query @@ -51,7 +55,8 @@ predicate isMoveForwardQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `moveFromConsumeParametersRvalRef` query "cpp/autosar/move-from-consume-parameters-rval-ref" and - ruleId = "A8-4-5" + ruleId = "A8-4-5" and + category = "required" or query = // `Query` instance for the `forwardForwardingReferences` query @@ -59,7 +64,8 @@ predicate isMoveForwardQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `forwardForwardingReferences` query "cpp/autosar/forward-forwarding-references" and - ruleId = "A8-4-6" + ruleId = "A8-4-6" and + category = "required" or query = // `Query` instance for the `doNotRelyOnTheValueOfAMovedFromObject` query @@ -67,7 +73,8 @@ predicate isMoveForwardQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `doNotRelyOnTheValueOfAMovedFromObject` query "cpp/cert/do-not-rely-on-the-value-of-a-moved-from-object" and - ruleId = "EXP63-CPP" + ruleId = "EXP63-CPP" and + category = "rule" } module MoveForwardPackage { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Naming.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Naming.qll index 5ab4fc7647..18f03e9c66 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Naming.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Naming.qll @@ -32,14 +32,15 @@ newtype NamingQuery = TFunctionReusesReservedNameQuery() or TEnumeratorReusesReservedNameQuery() -predicate isNamingQueryMetadata(Query query, string queryId, string ruleId) { +predicate isNamingQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `userDefinedLiteralOperatorSuffixViolation` query NamingPackage::userDefinedLiteralOperatorSuffixViolationQuery() and queryId = // `@id` for the `userDefinedLiteralOperatorSuffixViolation` query "cpp/autosar/user-defined-literal-operator-suffix-violation" and - ruleId = "A13-1-2" + ruleId = "A13-1-2" and + category = "required" or query = // `Query` instance for the `identifierHiding` query @@ -47,7 +48,8 @@ predicate isNamingQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `identifierHiding` query "cpp/autosar/identifier-hiding" and - ruleId = "A2-10-1" + ruleId = "A2-10-1" and + category = "required" or query = // `Query` instance for the `identifierNameOfStaticNonMemberObjectReusedInNamespace` query @@ -55,7 +57,8 @@ predicate isNamingQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `identifierNameOfStaticNonMemberObjectReusedInNamespace` query "cpp/autosar/identifier-name-of-static-non-member-object-reused-in-namespace" and - ruleId = "A2-10-4" + ruleId = "A2-10-4" and + category = "required" or query = // `Query` instance for the `identifierNameOfStaticFunctionReusedInNamespace` query @@ -63,7 +66,8 @@ predicate isNamingQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `identifierNameOfStaticFunctionReusedInNamespace` query "cpp/autosar/identifier-name-of-static-function-reused-in-namespace" and - ruleId = "A2-10-4" + ruleId = "A2-10-4" and + category = "required" or query = // `Query` instance for the `identifierNameOfAStaticFunctionIsReused` query @@ -71,7 +75,8 @@ predicate isNamingQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `identifierNameOfAStaticFunctionIsReused` query "cpp/autosar/identifier-name-of-a-static-function-is-reused" and - ruleId = "A2-10-5" + ruleId = "A2-10-5" and + category = "advisory" or query = // `Query` instance for the `identifierNameOfANonMemberObjectWithExternalOrInternalLinkageIsReused` query @@ -79,7 +84,8 @@ predicate isNamingQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `identifierNameOfANonMemberObjectWithExternalOrInternalLinkageIsReused` query "cpp/autosar/identifier-name-of-a-non-member-object-with-external-or-internal-linkage-is-reused" and - ruleId = "A2-10-5" + ruleId = "A2-10-5" and + category = "advisory" or query = // `Query` instance for the `classOrEnumerationNameHiddenByAVariableInTheSameScope` query @@ -87,7 +93,8 @@ predicate isNamingQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `classOrEnumerationNameHiddenByAVariableInTheSameScope` query "cpp/autosar/class-or-enumeration-name-hidden-by-a-variable-in-the-same-scope" and - ruleId = "A2-10-6" + ruleId = "A2-10-6" and + category = "required" or query = // `Query` instance for the `classOrEnumerationNameHiddenByAFunctionInTheSameScope` query @@ -95,7 +102,8 @@ predicate isNamingQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `classOrEnumerationNameHiddenByAFunctionInTheSameScope` query "cpp/autosar/class-or-enumeration-name-hidden-by-a-function-in-the-same-scope" and - ruleId = "A2-10-6" + ruleId = "A2-10-6" and + category = "required" or query = // `Query` instance for the `classOrEnumerationNameHiddenByAnEnumeratorInTheSameScope` query @@ -103,7 +111,8 @@ predicate isNamingQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `classOrEnumerationNameHiddenByAnEnumeratorInTheSameScope` query "cpp/autosar/class-or-enumeration-name-hidden-by-an-enumerator-in-the-same-scope" and - ruleId = "A2-10-6" + ruleId = "A2-10-6" and + category = "required" or query = // `Query` instance for the `universalCharacterNamesUsedOutsideCharacterOrStringLiterals` query @@ -111,7 +120,8 @@ predicate isNamingQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `universalCharacterNamesUsedOutsideCharacterOrStringLiterals` query "cpp/autosar/universal-character-names-used-outside-character-or-string-literals" and - ruleId = "A2-13-6" + ruleId = "A2-13-6" and + category = "required" or query = // `Query` instance for the `characterOutsideTheLanguageStandardBasicSourceCharacterSetUsedInTheSourceCode` query @@ -119,7 +129,8 @@ predicate isNamingQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `characterOutsideTheLanguageStandardBasicSourceCharacterSetUsedInTheSourceCode` query "cpp/autosar/character-outside-the-language-standard-basic-source-character-set-used-in-the-source-code" and - ruleId = "A2-3-1" + ruleId = "A2-3-1" and + category = "required" or query = // `Query` instance for the `invalidCharacterInStringLiteral` query @@ -127,7 +138,8 @@ predicate isNamingQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `invalidCharacterInStringLiteral` query "cpp/autosar/invalid-character-in-string-literal" and - ruleId = "A2-3-1" + ruleId = "A2-3-1" and + category = "required" or query = // `Query` instance for the `invalidCharacterInComment` query @@ -135,7 +147,8 @@ predicate isNamingQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `invalidCharacterInComment` query "cpp/autosar/invalid-character-in-comment" and - ruleId = "A2-3-1" + ruleId = "A2-3-1" and + category = "required" or query = // `Query` instance for the `nameOfStandardLibraryMacroOrObjectReused` query @@ -143,7 +156,8 @@ predicate isNamingQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `nameOfStandardLibraryMacroOrObjectReused` query "cpp/autosar/name-of-standard-library-macro-or-object-reused" and - ruleId = "M17-0-2" + ruleId = "M17-0-2" and + category = "required" or query = // `Query` instance for the `nameOfStandardLibraryFunctionIsOverridden` query @@ -151,7 +165,8 @@ predicate isNamingQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `nameOfStandardLibraryFunctionIsOverridden` query "cpp/autosar/name-of-standard-library-function-is-overridden" and - ruleId = "M17-0-3" + ruleId = "M17-0-3" and + category = "required" or query = // `Query` instance for the `differentIdentifiersNotTypographicallyUnambiguous` query @@ -159,7 +174,8 @@ predicate isNamingQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `differentIdentifiersNotTypographicallyUnambiguous` query "cpp/autosar/different-identifiers-not-typographically-unambiguous" and - ruleId = "M2-10-1" + ruleId = "M2-10-1" and + category = "required" or query = // `Query` instance for the `identifierMainUsedForAFunctionOtherThanTheGlobalFunctionMain` query @@ -167,7 +183,8 @@ predicate isNamingQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `identifierMainUsedForAFunctionOtherThanTheGlobalFunctionMain` query "cpp/autosar/identifier-main-used-for-a-function-other-than-the-global-function-main" and - ruleId = "M7-3-2" + ruleId = "M7-3-2" and + category = "required" or query = // `Query` instance for the `unnamedNamespacesInHeaderFile` query @@ -175,7 +192,8 @@ predicate isNamingQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `unnamedNamespacesInHeaderFile` query "cpp/autosar/unnamed-namespaces-in-header-file" and - ruleId = "M7-3-3" + ruleId = "M7-3-3" and + category = "required" or query = // `Query` instance for the `nonIdenticalIdentifierUsedForTheParameterInReDeclarationOfAFunction` query @@ -183,7 +201,8 @@ predicate isNamingQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `nonIdenticalIdentifierUsedForTheParameterInReDeclarationOfAFunction` query "cpp/autosar/non-identical-identifier-used-for-the-parameter-in-re-declaration-of-a-function" and - ruleId = "M8-4-2" + ruleId = "M8-4-2" and + category = "required" or query = // `Query` instance for the `redefiningOfStandardLibraryName` query @@ -191,7 +210,8 @@ predicate isNamingQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `redefiningOfStandardLibraryName` query "cpp/cert/redefining-of-standard-library-name" and - ruleId = "DCL51-CPP" + ruleId = "DCL51-CPP" and + category = "rule" or query = // `Query` instance for the `reuseOfReservedIdentifier` query @@ -199,7 +219,8 @@ predicate isNamingQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `reuseOfReservedIdentifier` query "cpp/cert/reuse-of-reserved-identifier" and - ruleId = "DCL51-CPP" + ruleId = "DCL51-CPP" and + category = "rule" or query = // `Query` instance for the `useOfSingleUnderscoreReservedPrefix` query @@ -207,7 +228,8 @@ predicate isNamingQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `useOfSingleUnderscoreReservedPrefix` query "cpp/cert/use-of-single-underscore-reserved-prefix" and - ruleId = "DCL51-CPP" + ruleId = "DCL51-CPP" and + category = "rule" or query = // `Query` instance for the `useOfDoubleUnderscoreReservedPrefix` query @@ -215,7 +237,8 @@ predicate isNamingQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `useOfDoubleUnderscoreReservedPrefix` query "cpp/cert/use-of-double-underscore-reserved-prefix" and - ruleId = "DCL51-CPP" + ruleId = "DCL51-CPP" and + category = "rule" or query = // `Query` instance for the `useOfReservedLiteralSuffixIdentifier` query @@ -223,7 +246,8 @@ predicate isNamingQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `useOfReservedLiteralSuffixIdentifier` query "cpp/cert/use-of-reserved-literal-suffix-identifier" and - ruleId = "DCL51-CPP" + ruleId = "DCL51-CPP" and + category = "rule" or query = // `Query` instance for the `objectReusesReservedName` query @@ -231,7 +255,8 @@ predicate isNamingQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `objectReusesReservedName` query "cpp/cert/object-reuses-reserved-name" and - ruleId = "DCL51-CPP" + ruleId = "DCL51-CPP" and + category = "rule" or query = // `Query` instance for the `functionReusesReservedName` query @@ -239,7 +264,8 @@ predicate isNamingQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `functionReusesReservedName` query "cpp/cert/function-reuses-reserved-name" and - ruleId = "DCL51-CPP" + ruleId = "DCL51-CPP" and + category = "rule" or query = // `Query` instance for the `enumeratorReusesReservedName` query @@ -247,7 +273,8 @@ predicate isNamingQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `enumeratorReusesReservedName` query "cpp/cert/enumerator-reuses-reserved-name" and - ruleId = "DCL51-CPP" + ruleId = "DCL51-CPP" and + category = "rule" } module NamingPackage { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Null.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Null.qll index c0befae569..203bf242a6 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Null.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Null.qll @@ -8,14 +8,15 @@ newtype NullQuery = TParameterNotPassedByReferenceQuery() or TDoNotAttemptToCreateAStringFromANullPointerQuery() -predicate isNullQueryMetadata(Query query, string queryId, string ruleId) { +predicate isNullQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `nullPointersDereferenced` query NullPackage::nullPointersDereferencedQuery() and queryId = // `@id` for the `nullPointersDereferenced` query "cpp/autosar/null-pointers-dereferenced" and - ruleId = "A5-3-2" + ruleId = "A5-3-2" and + category = "required" or query = // `Query` instance for the `parameterNotPassedByReference` query @@ -23,7 +24,8 @@ predicate isNullQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `parameterNotPassedByReference` query "cpp/autosar/parameter-not-passed-by-reference" and - ruleId = "A8-4-10" + ruleId = "A8-4-10" and + category = "required" or query = // `Query` instance for the `doNotAttemptToCreateAStringFromANullPointer` query @@ -31,7 +33,8 @@ predicate isNullQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `doNotAttemptToCreateAStringFromANullPointer` query "cpp/cert/do-not-attempt-to-create-a-string-from-a-null-pointer" and - ruleId = "STR51-CPP" + ruleId = "STR51-CPP" and + category = "rule" } module NullPackage { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/OperatorInvariants.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/OperatorInvariants.qll index 51026ef8b4..052af31dbb 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/OperatorInvariants.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/OperatorInvariants.qll @@ -14,14 +14,15 @@ newtype OperatorInvariantsQuery = TGracefullyHandleSelfCopyAssignmentQuery() or TCopyOperationsMustNotMutateTheSourceObjectQuery() -predicate isOperatorInvariantsQueryMetadata(Query query, string queryId, string ruleId) { +predicate isOperatorInvariantsQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `userDefinedCopyAndMoveUseNoThrowSwapFunction` query OperatorInvariantsPackage::userDefinedCopyAndMoveUseNoThrowSwapFunctionQuery() and queryId = // `@id` for the `userDefinedCopyAndMoveUseNoThrowSwapFunction` query "cpp/autosar/user-defined-copy-and-move-use-no-throw-swap-function" and - ruleId = "A12-8-2" + ruleId = "A12-8-2" and + category = "advisory" or query = // `Query` instance for the `copyAssignmentAndAMoveHandleSelfAssignment` query @@ -29,7 +30,8 @@ predicate isOperatorInvariantsQueryMetadata(Query query, string queryId, string queryId = // `@id` for the `copyAssignmentAndAMoveHandleSelfAssignment` query "cpp/autosar/copy-assignment-and-a-move-handle-self-assignment" and - ruleId = "A12-8-5" + ruleId = "A12-8-5" and + category = "required" or query = // `Query` instance for the `assignmentOperatorReturnThis` query @@ -37,7 +39,8 @@ predicate isOperatorInvariantsQueryMetadata(Query query, string queryId, string queryId = // `@id` for the `assignmentOperatorReturnThis` query "cpp/autosar/assignment-operator-return-this" and - ruleId = "A13-2-1" + ruleId = "A13-2-1" and + category = "required" or query = // `Query` instance for the `binaryOperatorAndBitwiseOperatorReturnAPrvalue` query @@ -45,7 +48,8 @@ predicate isOperatorInvariantsQueryMetadata(Query query, string queryId, string queryId = // `@id` for the `binaryOperatorAndBitwiseOperatorReturnAPrvalue` query "cpp/autosar/binary-operator-and-bitwise-operator-return-a-prvalue" and - ruleId = "A13-2-2" + ruleId = "A13-2-2" and + category = "required" or query = // `Query` instance for the `oppositeOperatorsNotDefinedInTermsOfOther` query @@ -53,7 +57,8 @@ predicate isOperatorInvariantsQueryMetadata(Query query, string queryId, string queryId = // `@id` for the `oppositeOperatorsNotDefinedInTermsOfOther` query "cpp/autosar/opposite-operators-not-defined-in-terms-of-other" and - ruleId = "A13-5-4" + ruleId = "A13-5-4" and + category = "required" or query = // `Query` instance for the `hashSpecializationsHaveANoexceptFunctionCallOperator` query @@ -61,7 +66,8 @@ predicate isOperatorInvariantsQueryMetadata(Query query, string queryId, string queryId = // `@id` for the `hashSpecializationsHaveANoexceptFunctionCallOperator` query "cpp/autosar/hash-specializations-have-a-noexcept-function-call-operator" and - ruleId = "A18-1-6" + ruleId = "A18-1-6" and + category = "required" or query = // `Query` instance for the `semanticEquivalenceBetweenOperatorFormNotPreserved` query @@ -69,7 +75,8 @@ predicate isOperatorInvariantsQueryMetadata(Query query, string queryId, string queryId = // `@id` for the `semanticEquivalenceBetweenOperatorFormNotPreserved` query "cpp/autosar/semantic-equivalence-between-operator-form-not-preserved" and - ruleId = "M5-17-1" + ruleId = "M5-17-1" and + category = "required" or query = // `Query` instance for the `gracefullyHandleSelfCopyAssignment` query @@ -77,7 +84,8 @@ predicate isOperatorInvariantsQueryMetadata(Query query, string queryId, string queryId = // `@id` for the `gracefullyHandleSelfCopyAssignment` query "cpp/cert/gracefully-handle-self-copy-assignment" and - ruleId = "OOP54-CPP" + ruleId = "OOP54-CPP" and + category = "rule" or query = // `Query` instance for the `copyOperationsMustNotMutateTheSourceObject` query @@ -85,7 +93,8 @@ predicate isOperatorInvariantsQueryMetadata(Query query, string queryId, string queryId = // `@id` for the `copyOperationsMustNotMutateTheSourceObject` query "cpp/cert/copy-operations-must-not-mutate-the-source-object" and - ruleId = "OOP58-CPP" + ruleId = "OOP58-CPP" and + category = "rule" } module OperatorInvariantsPackage { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Operators.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Operators.qll index d395d6fd5a..fe71289dbc 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Operators.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Operators.qll @@ -20,14 +20,15 @@ newtype OperatorsQuery = TUnaryMinusOperatorAppliedToAnExpressionWhoseUnderlyingTypeIsUnsignedQuery() or TUnaryOperatorOverloadedQuery() -predicate isOperatorsQueryMetadata(Query query, string queryId, string ruleId) { +predicate isOperatorsQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `userDefinedAssignmentOperatorVirtual` query OperatorsPackage::userDefinedAssignmentOperatorVirtualQuery() and queryId = // `@id` for the `userDefinedAssignmentOperatorVirtual` query "cpp/autosar/user-defined-assignment-operator-virtual" and - ruleId = "A10-3-5" + ruleId = "A10-3-5" and + category = "required" or query = // `Query` instance for the `copyAndMoveNotDeclaredProtected` query @@ -35,7 +36,8 @@ predicate isOperatorsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `copyAndMoveNotDeclaredProtected` query "cpp/autosar/copy-and-move-not-declared-protected" and - ruleId = "A12-8-6" + ruleId = "A12-8-6" and + category = "required" or query = // `Query` instance for the `operatorsShouldBeDeclaredWithTheRefQualifier` query @@ -43,7 +45,8 @@ predicate isOperatorsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `operatorsShouldBeDeclaredWithTheRefQualifier` query "cpp/autosar/operators-should-be-declared-with-the-ref-qualifier" and - ruleId = "A12-8-7" + ruleId = "A12-8-7" and + category = "advisory" or query = // `Query` instance for the `relationalOperatorShallReturnABooleanValue` query @@ -51,7 +54,8 @@ predicate isOperatorsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `relationalOperatorShallReturnABooleanValue` query "cpp/autosar/relational-operator-shall-return-a-boolean-value" and - ruleId = "A13-2-3" + ruleId = "A13-2-3" and + category = "required" or query = // `Query` instance for the `functionThatContainsForwardingReferenceAsItsArgumentOverloaded` query @@ -59,7 +63,8 @@ predicate isOperatorsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `functionThatContainsForwardingReferenceAsItsArgumentOverloaded` query "cpp/autosar/function-that-contains-forwarding-reference-as-its-argument-overloaded" and - ruleId = "A13-3-1" + ruleId = "A13-3-1" and + category = "required" or query = // `Query` instance for the `missingConstOperatorSubscript` query @@ -67,7 +72,8 @@ predicate isOperatorsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `missingConstOperatorSubscript` query "cpp/autosar/missing-const-operator-subscript" and - ruleId = "A13-5-1" + ruleId = "A13-5-1" and + category = "required" or query = // `Query` instance for the `userDefinedConversionOperatorsNotDefinedExplicit` query @@ -75,7 +81,8 @@ predicate isOperatorsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `userDefinedConversionOperatorsNotDefinedExplicit` query "cpp/autosar/user-defined-conversion-operators-not-defined-explicit" and - ruleId = "A13-5-2" + ruleId = "A13-5-2" and + category = "required" or query = // `Query` instance for the `userDefinedConversionOperatorsShouldNotBeUsed` query @@ -83,7 +90,8 @@ predicate isOperatorsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `userDefinedConversionOperatorsShouldNotBeUsed` query "cpp/autosar/user-defined-conversion-operators-should-not-be-used" and - ruleId = "A13-5-3" + ruleId = "A13-5-3" and + category = "advisory" or query = // `Query` instance for the `comparisonOperatorsNotNonMemberFunctionsWithIdenticalParameterTypesAndNoexcept` query @@ -91,7 +99,8 @@ predicate isOperatorsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `comparisonOperatorsNotNonMemberFunctionsWithIdenticalParameterTypesAndNoexcept` query "cpp/autosar/comparison-operators-not-non-member-functions-with-identical-parameter-types-and-noexcept" and - ruleId = "A13-5-5" + ruleId = "A13-5-5" and + category = "required" or query = // `Query` instance for the `nonMemberGenericOperatorCondition` query @@ -99,7 +108,8 @@ predicate isOperatorsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `nonMemberGenericOperatorCondition` query "cpp/autosar/non-member-generic-operator-condition" and - ruleId = "A14-5-3" + ruleId = "A14-5-3" and + category = "advisory" or query = // `Query` instance for the `unsignedBitwiseOperatorWithoutCast` query @@ -107,7 +117,8 @@ predicate isOperatorsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `unsignedBitwiseOperatorWithoutCast` query "cpp/autosar/unsigned-bitwise-operator-without-cast" and - ruleId = "M5-0-10" + ruleId = "M5-0-10" and + category = "required" or query = // `Query` instance for the `commaOperatorAndOperatorAndTheOperatorOverloaded` query @@ -115,7 +126,8 @@ predicate isOperatorsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `commaOperatorAndOperatorAndTheOperatorOverloaded` query "cpp/autosar/comma-operator-and-operator-and-the-operator-overloaded" and - ruleId = "M5-2-11" + ruleId = "M5-2-11" and + category = "required" or query = // `Query` instance for the `eachOperandOfTheOperatorTheLogicalAndOrTheLogicalOperatorsShallHaveTypeBool` query @@ -123,7 +135,8 @@ predicate isOperatorsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `eachOperandOfTheOperatorTheLogicalAndOrTheLogicalOperatorsShallHaveTypeBool` query "cpp/autosar/each-operand-of-the-operator-the-logical-and-or-the-logical-operators-shall-have-type-bool" and - ruleId = "M5-3-1" + ruleId = "M5-3-1" and + category = "required" or query = // `Query` instance for the `unaryMinusOperatorAppliedToAnExpressionWhoseUnderlyingTypeIsUnsigned` query @@ -131,7 +144,8 @@ predicate isOperatorsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `unaryMinusOperatorAppliedToAnExpressionWhoseUnderlyingTypeIsUnsigned` query "cpp/autosar/unary-minus-operator-applied-to-an-expression-whose-underlying-type-is-unsigned" and - ruleId = "M5-3-2" + ruleId = "M5-3-2" and + category = "required" or query = // `Query` instance for the `unaryOperatorOverloaded` query @@ -139,7 +153,8 @@ predicate isOperatorsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `unaryOperatorOverloaded` query "cpp/autosar/unary-operator-overloaded" and - ruleId = "M5-3-3" + ruleId = "M5-3-3" and + category = "required" } module OperatorsPackage { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/OrderOfEvaluation.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/OrderOfEvaluation.qll index 2ac5b428da..71464fe027 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/OrderOfEvaluation.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/OrderOfEvaluation.qll @@ -11,14 +11,15 @@ newtype OrderOfEvaluationQuery = TIncrementAndDecrementOperatorsMixedWithOtherOperatorsInExpressionQuery() or TAssignmentInSubExpressionQuery() -predicate isOrderOfEvaluationQueryMetadata(Query query, string queryId, string ruleId) { +predicate isOrderOfEvaluationQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `expressionShouldNotRelyOnOrderOfEvaluation` query OrderOfEvaluationPackage::expressionShouldNotRelyOnOrderOfEvaluationQuery() and queryId = // `@id` for the `expressionShouldNotRelyOnOrderOfEvaluation` query "cpp/autosar/expression-should-not-rely-on-order-of-evaluation" and - ruleId = "A5-0-1" + ruleId = "A5-0-1" and + category = "required" or query = // `Query` instance for the `operandsOfALogicalAndOrNotParenthesized` query @@ -26,7 +27,8 @@ predicate isOrderOfEvaluationQueryMetadata(Query query, string queryId, string r queryId = // `@id` for the `operandsOfALogicalAndOrNotParenthesized` query "cpp/autosar/operands-of-a-logical-and-or-not-parenthesized" and - ruleId = "A5-2-6" + ruleId = "A5-2-6" and + category = "required" or query = // `Query` instance for the `explicitConstructionOfUnnamedTemporary` query @@ -34,7 +36,8 @@ predicate isOrderOfEvaluationQueryMetadata(Query query, string queryId, string r queryId = // `@id` for the `explicitConstructionOfUnnamedTemporary` query "cpp/autosar/explicit-construction-of-unnamed-temporary" and - ruleId = "A6-2-2" + ruleId = "A6-2-2" and + category = "required" or query = // `Query` instance for the `gratuitousUseOfParentheses` query @@ -42,7 +45,8 @@ predicate isOrderOfEvaluationQueryMetadata(Query query, string queryId, string r queryId = // `@id` for the `gratuitousUseOfParentheses` query "cpp/autosar/gratuitous-use-of-parentheses" and - ruleId = "M5-0-2" + ruleId = "M5-0-2" and + category = "advisory" or query = // `Query` instance for the `incrementAndDecrementOperatorsMixedWithOtherOperatorsInExpression` query @@ -50,7 +54,8 @@ predicate isOrderOfEvaluationQueryMetadata(Query query, string queryId, string r queryId = // `@id` for the `incrementAndDecrementOperatorsMixedWithOtherOperatorsInExpression` query "cpp/autosar/increment-and-decrement-operators-mixed-with-other-operators-in-expression" and - ruleId = "M5-2-10" + ruleId = "M5-2-10" and + category = "required" or query = // `Query` instance for the `assignmentInSubExpression` query @@ -58,7 +63,8 @@ predicate isOrderOfEvaluationQueryMetadata(Query query, string queryId, string r queryId = // `@id` for the `assignmentInSubExpression` query "cpp/autosar/assignment-in-sub-expression" and - ruleId = "M6-2-1" + ruleId = "M6-2-1" and + category = "required" } module OrderOfEvaluationPackage { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/OutOfBounds.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/OutOfBounds.qll index c85fa998e1..d1c3087339 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/OutOfBounds.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/OutOfBounds.qll @@ -9,14 +9,15 @@ newtype OutOfBoundsQuery = TGuaranteeGenericCppLibraryFunctionsDoNotOverflowQuery() or TRangeCheckStringElementAccessQuery() -predicate isOutOfBoundsQueryMetadata(Query query, string queryId, string ruleId) { +predicate isOutOfBoundsQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `containerAccessWithoutRangeCheckAutosar` query OutOfBoundsPackage::containerAccessWithoutRangeCheckAutosarQuery() and queryId = // `@id` for the `containerAccessWithoutRangeCheckAutosar` query "cpp/autosar/container-access-without-range-check-autosar" and - ruleId = "A5-2-5" + ruleId = "A5-2-5" and + category = "required" or query = // `Query` instance for the `containerAccessWithoutRangeCheckCert` query @@ -24,7 +25,8 @@ predicate isOutOfBoundsQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `containerAccessWithoutRangeCheckCert` query "cpp/cert/container-access-without-range-check-cert" and - ruleId = "CTR50-CPP" + ruleId = "CTR50-CPP" and + category = "rule" or query = // `Query` instance for the `guaranteeGenericCppLibraryFunctionsDoNotOverflow` query @@ -32,7 +34,8 @@ predicate isOutOfBoundsQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `guaranteeGenericCppLibraryFunctionsDoNotOverflow` query "cpp/cert/guarantee-generic-cpp-library-functions-do-not-overflow" and - ruleId = "CTR52-CPP" + ruleId = "CTR52-CPP" and + category = "rule" or query = // `Query` instance for the `rangeCheckStringElementAccess` query @@ -40,7 +43,8 @@ predicate isOutOfBoundsQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `rangeCheckStringElementAccess` query "cpp/cert/range-check-string-element-access" and - ruleId = "STR53-CPP" + ruleId = "STR53-CPP" and + category = "rule" } module OutOfBoundsPackage { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Pointers.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Pointers.qll index 07e68a5a9c..1dd5bef4c8 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Pointers.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Pointers.qll @@ -28,14 +28,15 @@ newtype PointersQuery = TMemberAccessWithUninitializedStaticPointerToMemberQuery() or TUseOfPointerToMemberToAccessNonexistentMemberQuery() -predicate isPointersQueryMetadata(Query query, string queryId, string ruleId) { +predicate isPointersQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `pointerToAnElementOfAnArrayPassedToASmartPointer` query PointersPackage::pointerToAnElementOfAnArrayPassedToASmartPointerQuery() and queryId = // `@id` for the `pointerToAnElementOfAnArrayPassedToASmartPointer` query "cpp/autosar/pointer-to-an-element-of-an-array-passed-to-a-smart-pointer" and - ruleId = "A18-1-4" + ruleId = "A18-1-4" and + category = "required" or query = // `Query` instance for the `declarationContainLessThanTwoLevelsOfIndirection` query @@ -43,7 +44,8 @@ predicate isPointersQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `declarationContainLessThanTwoLevelsOfIndirection` query "cpp/autosar/declaration-contain-less-than-two-levels-of-indirection" and - ruleId = "A5-0-3" + ruleId = "A5-0-3" and + category = "required" or query = // `Query` instance for the `pointerArithmeticUsedWithPointersToNonFinalClasses` query @@ -51,7 +53,8 @@ predicate isPointersQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `pointerArithmeticUsedWithPointersToNonFinalClasses` query "cpp/autosar/pointer-arithmetic-used-with-pointers-to-non-final-classes" and - ruleId = "A5-0-4" + ruleId = "A5-0-4" and + category = "required" or query = // `Query` instance for the `pointerToMemberVirtualFunctionWithNullPointerConstant` query @@ -59,7 +62,8 @@ predicate isPointersQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `pointerToMemberVirtualFunctionWithNullPointerConstant` query "cpp/autosar/pointer-to-member-virtual-function-with-null-pointer-constant" and - ruleId = "A5-10-1" + ruleId = "A5-10-1" and + category = "required" or query = // `Query` instance for the `deletingPointerToIncompleteType` query @@ -67,7 +71,8 @@ predicate isPointersQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `deletingPointerToIncompleteType` query "cpp/autosar/deleting-pointer-to-incomplete-type" and - ruleId = "A5-3-3" + ruleId = "A5-3-3" and + category = "required" or query = // `Query` instance for the `pointerToMemberAccessNonExistentClassMembers` query @@ -75,7 +80,8 @@ predicate isPointersQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `pointerToMemberAccessNonExistentClassMembers` query "cpp/autosar/pointer-to-member-access-non-existent-class-members" and - ruleId = "A5-5-1" + ruleId = "A5-5-1" and + category = "required" or query = // `Query` instance for the `nullPointerToMemberAccessNonExistentClassMembers` query @@ -83,7 +89,8 @@ predicate isPointersQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `nullPointerToMemberAccessNonExistentClassMembers` query "cpp/autosar/null-pointer-to-member-access-non-existent-class-members" and - ruleId = "A5-5-1" + ruleId = "A5-5-1" and + category = "required" or query = // `Query` instance for the `uninitializedStaticPointerToMemberUse` query @@ -91,7 +98,8 @@ predicate isPointersQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `uninitializedStaticPointerToMemberUse` query "cpp/autosar/uninitialized-static-pointer-to-member-use" and - ruleId = "A5-5-1" + ruleId = "A5-5-1" and + category = "required" or query = // `Query` instance for the `indexingNotTheOnlyFormOfPointerArithmetic` query @@ -99,7 +107,8 @@ predicate isPointersQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `indexingNotTheOnlyFormOfPointerArithmetic` query "cpp/autosar/indexing-not-the-only-form-of-pointer-arithmetic" and - ruleId = "M5-0-15" + ruleId = "M5-0-15" and + category = "required" or query = // `Query` instance for the `pointerAndDerivedPointerAccessDifferentArray` query @@ -107,7 +116,8 @@ predicate isPointersQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `pointerAndDerivedPointerAccessDifferentArray` query "cpp/autosar/pointer-and-derived-pointer-access-different-array" and - ruleId = "M5-0-16" + ruleId = "M5-0-16" and + category = "required" or query = // `Query` instance for the `pointerSubtractionOnDifferentArrays` query @@ -115,7 +125,8 @@ predicate isPointersQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `pointerSubtractionOnDifferentArrays` query "cpp/autosar/pointer-subtraction-on-different-arrays" and - ruleId = "M5-0-17" + ruleId = "M5-0-17" and + category = "required" or query = // `Query` instance for the `appliedToObjectsOfPointerType` query @@ -123,7 +134,8 @@ predicate isPointersQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `appliedToObjectsOfPointerType` query "cpp/autosar/applied-to-objects-of-pointer-type" and - ruleId = "M5-0-18" + ruleId = "M5-0-18" and + category = "required" or query = // `Query` instance for the `identifierWithArrayTypePassedAsFunctionArgumentDecayToAPointer` query @@ -131,7 +143,8 @@ predicate isPointersQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `identifierWithArrayTypePassedAsFunctionArgumentDecayToAPointer` query "cpp/autosar/identifier-with-array-type-passed-as-function-argument-decay-to-a-pointer" and - ruleId = "M5-2-12" + ruleId = "M5-2-12" and + category = "required" or query = // `Query` instance for the `pointerToAVirtualBaseClassCastToAPointer` query @@ -139,7 +152,8 @@ predicate isPointersQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `pointerToAVirtualBaseClassCastToAPointer` query "cpp/autosar/pointer-to-a-virtual-base-class-cast-to-a-pointer" and - ruleId = "M5-2-2" + ruleId = "M5-2-2" and + category = "required" or query = // `Query` instance for the `castNotConvertPointerToFunction` query @@ -147,7 +161,8 @@ predicate isPointersQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `castNotConvertPointerToFunction` query "cpp/autosar/cast-not-convert-pointer-to-function" and - ruleId = "M5-2-6" + ruleId = "M5-2-6" and + category = "required" or query = // `Query` instance for the `integerOrPointerToVoidConvertedToPointerType` query @@ -155,7 +170,8 @@ predicate isPointersQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `integerOrPointerToVoidConvertedToPointerType` query "cpp/autosar/integer-or-pointer-to-void-converted-to-pointer-type" and - ruleId = "M5-2-8" + ruleId = "M5-2-8" and + category = "required" or query = // `Query` instance for the `castConvertAPointerTypeToAnIntegralType` query @@ -163,7 +179,8 @@ predicate isPointersQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `castConvertAPointerTypeToAnIntegralType` query "cpp/autosar/cast-convert-a-pointer-type-to-an-integral-type" and - ruleId = "M5-2-9" + ruleId = "M5-2-9" and + category = "required" or query = // `Query` instance for the `doNotUsePointerArithmeticOnPolymorphicObjects` query @@ -171,7 +188,8 @@ predicate isPointersQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `doNotUsePointerArithmeticOnPolymorphicObjects` query "cpp/cert/do-not-use-pointer-arithmetic-on-polymorphic-objects" and - ruleId = "CTR56-CPP" + ruleId = "CTR56-CPP" and + category = "rule" or query = // `Query` instance for the `deletingPointerToIncompleteClass` query @@ -179,7 +197,8 @@ predicate isPointersQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `deletingPointerToIncompleteClass` query "cpp/cert/deleting-pointer-to-incomplete-class" and - ruleId = "EXP57-CPP" + ruleId = "EXP57-CPP" and + category = "rule" or query = // `Query` instance for the `castOfPointerToIncompleteClass` query @@ -187,7 +206,8 @@ predicate isPointersQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `castOfPointerToIncompleteClass` query "cpp/cert/cast-of-pointer-to-incomplete-class" and - ruleId = "EXP57-CPP" + ruleId = "EXP57-CPP" and + category = "rule" or query = // `Query` instance for the `useOfPointerToMemberToAccessUndefinedMember` query @@ -195,7 +215,8 @@ predicate isPointersQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `useOfPointerToMemberToAccessUndefinedMember` query "cpp/cert/use-of-pointer-to-member-to-access-undefined-member" and - ruleId = "OOP55-CPP" + ruleId = "OOP55-CPP" and + category = "rule" or query = // `Query` instance for the `memberAccessWithUninitializedStaticPointerToMember` query @@ -203,7 +224,8 @@ predicate isPointersQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `memberAccessWithUninitializedStaticPointerToMember` query "cpp/cert/member-access-with-uninitialized-static-pointer-to-member" and - ruleId = "OOP55-CPP" + ruleId = "OOP55-CPP" and + category = "rule" or query = // `Query` instance for the `useOfPointerToMemberToAccessNonexistentMember` query @@ -211,7 +233,8 @@ predicate isPointersQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `useOfPointerToMemberToAccessNonexistentMember` query "cpp/cert/use-of-pointer-to-member-to-access-nonexistent-member" and - ruleId = "OOP55-CPP" + ruleId = "OOP55-CPP" and + category = "rule" } module PointersPackage { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Representation.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Representation.qll index d9f2850f95..a423cfd4ff 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Representation.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Representation.qll @@ -13,14 +13,15 @@ newtype RepresentationQuery = TMemcmpUsedToAccessObjectRepresentationQuery() or TMemcpyUsedToAccessObjectRepresentationQuery() -predicate isRepresentationQueryMetadata(Query query, string queryId, string ruleId) { +predicate isRepresentationQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `bitFieldsShallBeUsedOnlyWhenInterfacingToHardwareOrConformingToCommunicationProtocols` query RepresentationPackage::bitFieldsShallBeUsedOnlyWhenInterfacingToHardwareOrConformingToCommunicationProtocolsQuery() and queryId = // `@id` for the `bitFieldsShallBeUsedOnlyWhenInterfacingToHardwareOrConformingToCommunicationProtocols` query "cpp/autosar/bit-fields-shall-be-used-only-when-interfacing-to-hardware-or-conforming-to-communication-protocols" and - ruleId = "A9-6-2" + ruleId = "A9-6-2" and + category = "required" or query = // `Query` instance for the `auditPossibleHardwareInterfaceDueToBitFieldUsageInDataTypeDefinition` query @@ -28,7 +29,8 @@ predicate isRepresentationQueryMetadata(Query query, string queryId, string rule queryId = // `@id` for the `auditPossibleHardwareInterfaceDueToBitFieldUsageInDataTypeDefinition` query "cpp/autosar/audit-possible-hardware-interface-due-to-bit-field-usage-in-data-type-definition" and - ruleId = "A9-6-2" + ruleId = "A9-6-2" and + category = "required" or query = // `Query` instance for the `objectAssignedToAnOverlappingObject` query @@ -36,7 +38,8 @@ predicate isRepresentationQueryMetadata(Query query, string queryId, string rule queryId = // `@id` for the `objectAssignedToAnOverlappingObject` query "cpp/autosar/object-assigned-to-an-overlapping-object" and - ruleId = "M0-2-1" + ruleId = "M0-2-1" and + category = "required" or query = // `Query` instance for the `underlyingBitRepresentationsOfFloatingPointValuesUsed` query @@ -44,7 +47,8 @@ predicate isRepresentationQueryMetadata(Query query, string queryId, string rule queryId = // `@id` for the `underlyingBitRepresentationsOfFloatingPointValuesUsed` query "cpp/autosar/underlying-bit-representations-of-floating-point-values-used" and - ruleId = "M3-9-3" + ruleId = "M3-9-3" and + category = "required" or query = // `Query` instance for the `namedBitFieldsWithSignedIntegerTypeShallHaveALengthOfMoreThanOneBit` query @@ -52,7 +56,8 @@ predicate isRepresentationQueryMetadata(Query query, string queryId, string rule queryId = // `@id` for the `namedBitFieldsWithSignedIntegerTypeShallHaveALengthOfMoreThanOneBit` query "cpp/autosar/named-bit-fields-with-signed-integer-type-shall-have-a-length-of-more-than-one-bit" and - ruleId = "M9-6-4" + ruleId = "M9-6-4" and + category = "required" or query = // `Query` instance for the `memsetUsedToAccessObjectRepresentation` query @@ -60,7 +65,8 @@ predicate isRepresentationQueryMetadata(Query query, string queryId, string rule queryId = // `@id` for the `memsetUsedToAccessObjectRepresentation` query "cpp/cert/memset-used-to-access-object-representation" and - ruleId = "EXP62-CPP" + ruleId = "EXP62-CPP" and + category = "rule" or query = // `Query` instance for the `memcmpUsedToAccessObjectRepresentation` query @@ -68,7 +74,8 @@ predicate isRepresentationQueryMetadata(Query query, string queryId, string rule queryId = // `@id` for the `memcmpUsedToAccessObjectRepresentation` query "cpp/cert/memcmp-used-to-access-object-representation" and - ruleId = "EXP62-CPP" + ruleId = "EXP62-CPP" and + category = "rule" or query = // `Query` instance for the `memcpyUsedToAccessObjectRepresentation` query @@ -76,7 +83,8 @@ predicate isRepresentationQueryMetadata(Query query, string queryId, string rule queryId = // `@id` for the `memcpyUsedToAccessObjectRepresentation` query "cpp/cert/memcpy-used-to-access-object-representation" and - ruleId = "EXP62-CPP" + ruleId = "EXP62-CPP" and + category = "rule" } module RepresentationPackage { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/RuleMetadata.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/RuleMetadata.qll index 89c804c4ca..8dfbf9feaa 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/RuleMetadata.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/RuleMetadata.qll @@ -107,55 +107,55 @@ newtype TCPPQuery = TVirtualFunctionsPackageQuery(VirtualFunctionsQuery q) /** The metadata predicate * */ -predicate isQueryMetadata(Query query, string queryId, string ruleId) { - isAllocationsQueryMetadata(query, queryId, ruleId) or - isBannedFunctionsQueryMetadata(query, queryId, ruleId) or - isBannedLibrariesQueryMetadata(query, queryId, ruleId) or - isBannedSyntaxQueryMetadata(query, queryId, ruleId) or - isBannedTypesQueryMetadata(query, queryId, ruleId) or - isClassesQueryMetadata(query, queryId, ruleId) or - isCommentsQueryMetadata(query, queryId, ruleId) or - isConcurrencyQueryMetadata(query, queryId, ruleId) or - isConditionalsQueryMetadata(query, queryId, ruleId) or - isConstQueryMetadata(query, queryId, ruleId) or - isDeadCodeQueryMetadata(query, queryId, ruleId) or - isDeclarationsQueryMetadata(query, queryId, ruleId) or - isExceptionSafetyQueryMetadata(query, queryId, ruleId) or - isExceptions1QueryMetadata(query, queryId, ruleId) or - isExceptions2QueryMetadata(query, queryId, ruleId) or - isExpressionsQueryMetadata(query, queryId, ruleId) or - isFreedQueryMetadata(query, queryId, ruleId) or - isFunctionsQueryMetadata(query, queryId, ruleId) or - isIOQueryMetadata(query, queryId, ruleId) or - isIncludesQueryMetadata(query, queryId, ruleId) or - isInheritanceQueryMetadata(query, queryId, ruleId) or - isInitializationQueryMetadata(query, queryId, ruleId) or - isIntegerConversionQueryMetadata(query, queryId, ruleId) or - isInvariantsQueryMetadata(query, queryId, ruleId) or - isIteratorsQueryMetadata(query, queryId, ruleId) or - isLambdasQueryMetadata(query, queryId, ruleId) or - isLiteralsQueryMetadata(query, queryId, ruleId) or - isLoopsQueryMetadata(query, queryId, ruleId) or - isMacrosQueryMetadata(query, queryId, ruleId) or - isMoveForwardQueryMetadata(query, queryId, ruleId) or - isNamingQueryMetadata(query, queryId, ruleId) or - isNullQueryMetadata(query, queryId, ruleId) or - isOperatorInvariantsQueryMetadata(query, queryId, ruleId) or - isOperatorsQueryMetadata(query, queryId, ruleId) or - isOrderOfEvaluationQueryMetadata(query, queryId, ruleId) or - isOutOfBoundsQueryMetadata(query, queryId, ruleId) or - isPointersQueryMetadata(query, queryId, ruleId) or - isRepresentationQueryMetadata(query, queryId, ruleId) or - isScopeQueryMetadata(query, queryId, ruleId) or - isSideEffects1QueryMetadata(query, queryId, ruleId) or - isSideEffects2QueryMetadata(query, queryId, ruleId) or - isSmartPointers1QueryMetadata(query, queryId, ruleId) or - isSmartPointers2QueryMetadata(query, queryId, ruleId) or - isStringsQueryMetadata(query, queryId, ruleId) or - isTemplatesQueryMetadata(query, queryId, ruleId) or - isToolchainQueryMetadata(query, queryId, ruleId) or - isTrustBoundariesQueryMetadata(query, queryId, ruleId) or - isTypeRangesQueryMetadata(query, queryId, ruleId) or - isUninitializedQueryMetadata(query, queryId, ruleId) or - isVirtualFunctionsQueryMetadata(query, queryId, ruleId) +predicate isQueryMetadata(Query query, string queryId, string ruleId, string category) { + isAllocationsQueryMetadata(query, queryId, ruleId, category) or + isBannedFunctionsQueryMetadata(query, queryId, ruleId, category) or + isBannedLibrariesQueryMetadata(query, queryId, ruleId, category) or + isBannedSyntaxQueryMetadata(query, queryId, ruleId, category) or + isBannedTypesQueryMetadata(query, queryId, ruleId, category) or + isClassesQueryMetadata(query, queryId, ruleId, category) or + isCommentsQueryMetadata(query, queryId, ruleId, category) or + isConcurrencyQueryMetadata(query, queryId, ruleId, category) or + isConditionalsQueryMetadata(query, queryId, ruleId, category) or + isConstQueryMetadata(query, queryId, ruleId, category) or + isDeadCodeQueryMetadata(query, queryId, ruleId, category) or + isDeclarationsQueryMetadata(query, queryId, ruleId, category) or + isExceptionSafetyQueryMetadata(query, queryId, ruleId, category) or + isExceptions1QueryMetadata(query, queryId, ruleId, category) or + isExceptions2QueryMetadata(query, queryId, ruleId, category) or + isExpressionsQueryMetadata(query, queryId, ruleId, category) or + isFreedQueryMetadata(query, queryId, ruleId, category) or + isFunctionsQueryMetadata(query, queryId, ruleId, category) or + isIOQueryMetadata(query, queryId, ruleId, category) or + isIncludesQueryMetadata(query, queryId, ruleId, category) or + isInheritanceQueryMetadata(query, queryId, ruleId, category) or + isInitializationQueryMetadata(query, queryId, ruleId, category) or + isIntegerConversionQueryMetadata(query, queryId, ruleId, category) or + isInvariantsQueryMetadata(query, queryId, ruleId, category) or + isIteratorsQueryMetadata(query, queryId, ruleId, category) or + isLambdasQueryMetadata(query, queryId, ruleId, category) or + isLiteralsQueryMetadata(query, queryId, ruleId, category) or + isLoopsQueryMetadata(query, queryId, ruleId, category) or + isMacrosQueryMetadata(query, queryId, ruleId, category) or + isMoveForwardQueryMetadata(query, queryId, ruleId, category) or + isNamingQueryMetadata(query, queryId, ruleId, category) or + isNullQueryMetadata(query, queryId, ruleId, category) or + isOperatorInvariantsQueryMetadata(query, queryId, ruleId, category) or + isOperatorsQueryMetadata(query, queryId, ruleId, category) or + isOrderOfEvaluationQueryMetadata(query, queryId, ruleId, category) or + isOutOfBoundsQueryMetadata(query, queryId, ruleId, category) or + isPointersQueryMetadata(query, queryId, ruleId, category) or + isRepresentationQueryMetadata(query, queryId, ruleId, category) or + isScopeQueryMetadata(query, queryId, ruleId, category) or + isSideEffects1QueryMetadata(query, queryId, ruleId, category) or + isSideEffects2QueryMetadata(query, queryId, ruleId, category) or + isSmartPointers1QueryMetadata(query, queryId, ruleId, category) or + isSmartPointers2QueryMetadata(query, queryId, ruleId, category) or + isStringsQueryMetadata(query, queryId, ruleId, category) or + isTemplatesQueryMetadata(query, queryId, ruleId, category) or + isToolchainQueryMetadata(query, queryId, ruleId, category) or + isTrustBoundariesQueryMetadata(query, queryId, ruleId, category) or + isTypeRangesQueryMetadata(query, queryId, ruleId, category) or + isUninitializedQueryMetadata(query, queryId, ruleId, category) or + isVirtualFunctionsQueryMetadata(query, queryId, ruleId, category) } diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Scope.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Scope.qll index 0157347d3b..c4a21040eb 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Scope.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Scope.qll @@ -22,14 +22,15 @@ newtype ScopeQuery = TUnnamedNamespaceInHeaderFileQuery() or TOneDefinitionRuleNotObeyedQuery() -predicate isScopeQueryMetadata(Query query, string queryId, string ruleId) { +predicate isScopeQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `nonStandardEntitiesInStandardNamespaces` query ScopePackage::nonStandardEntitiesInStandardNamespacesQuery() and queryId = // `@id` for the `nonStandardEntitiesInStandardNamespaces` query "cpp/autosar/non-standard-entities-in-standard-namespaces" and - ruleId = "A17-6-1" + ruleId = "A17-6-1" and + category = "required" or query = // `Query` instance for the `externalLinkageArrayWithoutExplicitSize` query @@ -37,7 +38,8 @@ predicate isScopeQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `externalLinkageArrayWithoutExplicitSize` query "cpp/autosar/external-linkage-array-without-explicit-size" and - ruleId = "A3-1-4" + ruleId = "A3-1-4" and + category = "required" or query = // `Query` instance for the `hiddenInheritedNonOverridableMemberFunction` query @@ -45,7 +47,8 @@ predicate isScopeQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `hiddenInheritedNonOverridableMemberFunction` query "cpp/autosar/hidden-inherited-non-overridable-member-function" and - ruleId = "A7-3-1" + ruleId = "A7-3-1" and + category = "required" or query = // `Query` instance for the `hiddenInheritedOverridableMemberFunction` query @@ -53,7 +56,8 @@ predicate isScopeQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `hiddenInheritedOverridableMemberFunction` query "cpp/autosar/hidden-inherited-overridable-member-function" and - ruleId = "A7-3-1" + ruleId = "A7-3-1" and + category = "required" or query = // `Query` instance for the `definitionNotConsideredForUnqualifiedLookup` query @@ -61,7 +65,8 @@ predicate isScopeQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `definitionNotConsideredForUnqualifiedLookup` query "cpp/autosar/definition-not-considered-for-unqualified-lookup" and - ruleId = "A7-3-1" + ruleId = "A7-3-1" and + category = "required" or query = // `Query` instance for the `oneDefinitionRuleViolation` query @@ -69,7 +74,8 @@ predicate isScopeQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `oneDefinitionRuleViolation` query "cpp/autosar/one-definition-rule-violation" and - ruleId = "M3-2-2" + ruleId = "M3-2-2" and + category = "required" or query = // `Query` instance for the `multipleDeclarationViolation` query @@ -77,7 +83,8 @@ predicate isScopeQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `multipleDeclarationViolation` query "cpp/autosar/multiple-declaration-violation" and - ruleId = "M3-2-3" + ruleId = "M3-2-3" and + category = "required" or query = // `Query` instance for the `identifierWithExternalLinkageShallHaveOneDefinition` query @@ -85,7 +92,8 @@ predicate isScopeQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `identifierWithExternalLinkageShallHaveOneDefinition` query "cpp/autosar/identifier-with-external-linkage-shall-have-one-definition" and - ruleId = "M3-2-4" + ruleId = "M3-2-4" and + category = "required" or query = // `Query` instance for the `missingStaticSpecifierOnFunctionRedeclaration` query @@ -93,7 +101,8 @@ predicate isScopeQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `missingStaticSpecifierOnFunctionRedeclaration` query "cpp/autosar/missing-static-specifier-on-function-redeclaration" and - ruleId = "M3-3-2" + ruleId = "M3-3-2" and + category = "required" or query = // `Query` instance for the `unnecessaryExposedIdentifierDeclaration` query @@ -101,7 +110,8 @@ predicate isScopeQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `unnecessaryExposedIdentifierDeclaration` query "cpp/autosar/unnecessary-exposed-identifier-declaration" and - ruleId = "M3-4-1" + ruleId = "M3-4-1" and + category = "required" or query = // `Query` instance for the `globalNamespaceMembershipViolation` query @@ -109,7 +119,8 @@ predicate isScopeQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `globalNamespaceMembershipViolation` query "cpp/autosar/global-namespace-membership-violation" and - ruleId = "M7-3-1" + ruleId = "M7-3-1" and + category = "required" or query = // `Query` instance for the `localFunctionDeclaration` query @@ -117,7 +128,8 @@ predicate isScopeQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `localFunctionDeclaration` query "cpp/cert/local-function-declaration" and - ruleId = "DCL53-CPP" + ruleId = "DCL53-CPP" and + category = "rule" or query = // `Query` instance for the `localConstructorInitializedObjectHidesIdentifier` query @@ -125,7 +137,8 @@ predicate isScopeQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `localConstructorInitializedObjectHidesIdentifier` query "cpp/cert/local-constructor-initialized-object-hides-identifier" and - ruleId = "DCL53-CPP" + ruleId = "DCL53-CPP" and + category = "rule" or query = // `Query` instance for the `singularOverloadOfMemoryFunction` query @@ -133,7 +146,8 @@ predicate isScopeQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `singularOverloadOfMemoryFunction` query "cpp/cert/singular-overload-of-memory-function" and - ruleId = "DCL54-CPP" + ruleId = "DCL54-CPP" and + category = "rule" or query = // `Query` instance for the `modificationOfTheStandardNamespaces` query @@ -141,7 +155,8 @@ predicate isScopeQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `modificationOfTheStandardNamespaces` query "cpp/cert/modification-of-the-standard-namespaces" and - ruleId = "DCL58-CPP" + ruleId = "DCL58-CPP" and + category = "rule" or query = // `Query` instance for the `unnamedNamespaceInHeaderFile` query @@ -149,7 +164,8 @@ predicate isScopeQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `unnamedNamespaceInHeaderFile` query "cpp/cert/unnamed-namespace-in-header-file" and - ruleId = "DCL59-CPP" + ruleId = "DCL59-CPP" and + category = "rule" or query = // `Query` instance for the `oneDefinitionRuleNotObeyed` query @@ -157,7 +173,8 @@ predicate isScopeQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `oneDefinitionRuleNotObeyed` query "cpp/cert/one-definition-rule-not-obeyed" and - ruleId = "DCL60-CPP" + ruleId = "DCL60-CPP" and + category = "rule" } module ScopePackage { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/SideEffects1.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/SideEffects1.qll index 03a0ea4f70..37f323a6cb 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/SideEffects1.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/SideEffects1.qll @@ -15,14 +15,15 @@ newtype SideEffects1Query = TDoNotRelyOnSideEffectsInDeclTypeOperandQuery() or TDoNotRelyOnSideEffectsInDeclValExpressionQuery() -predicate isSideEffects1QueryMetadata(Query query, string queryId, string ruleId) { +predicate isSideEffects1QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `evaluationOfTheOperandToTheTypeidOperatorContainSideEffects` query SideEffects1Package::evaluationOfTheOperandToTheTypeidOperatorContainSideEffectsQuery() and queryId = // `@id` for the `evaluationOfTheOperandToTheTypeidOperatorContainSideEffects` query "cpp/autosar/evaluation-of-the-operand-to-the-typeid-operator-contain-side-effects" and - ruleId = "A5-3-1" + ruleId = "A5-3-1" and + category = "required" or query = // `Query` instance for the `rightHandOperandOfALogicalAndOperatorsContainSideEffects` query @@ -30,7 +31,8 @@ predicate isSideEffects1QueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `rightHandOperandOfALogicalAndOperatorsContainSideEffects` query "cpp/autosar/right-hand-operand-of-a-logical-and-operators-contain-side-effects" and - ruleId = "M5-14-1" + ruleId = "M5-14-1" and + category = "required" or query = // `Query` instance for the `evaluationOfTheOperandToTheSizeofOperatorContainSideEffects` query @@ -38,7 +40,8 @@ predicate isSideEffects1QueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `evaluationOfTheOperandToTheSizeofOperatorContainSideEffects` query "cpp/autosar/evaluation-of-the-operand-to-the-sizeof-operator-contain-side-effects" and - ruleId = "M5-3-4" + ruleId = "M5-3-4" and + category = "required" or query = // `Query` instance for the `doNotDependOnTheOrderOfScalarObjectEvaluationForSideEffects` query @@ -46,7 +49,8 @@ predicate isSideEffects1QueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `doNotDependOnTheOrderOfScalarObjectEvaluationForSideEffects` query "cpp/cert/do-not-depend-on-the-order-of-scalar-object-evaluation-for-side-effects" and - ruleId = "EXP50-CPP" + ruleId = "EXP50-CPP" and + category = "rule" or query = // `Query` instance for the `doNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments` query @@ -54,7 +58,8 @@ predicate isSideEffects1QueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `doNotDependOnTheOrderOfEvaluationForSideEffectsInFunctionCallsAsFunctionArguments` query "cpp/cert/do-not-depend-on-the-order-of-evaluation-for-side-effects-in-function-calls-as-function-arguments" and - ruleId = "EXP50-CPP" + ruleId = "EXP50-CPP" and + category = "rule" or query = // `Query` instance for the `doNotRelyOnSideEffectsInSizeOfOperand` query @@ -62,7 +67,8 @@ predicate isSideEffects1QueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `doNotRelyOnSideEffectsInSizeOfOperand` query "cpp/cert/do-not-rely-on-side-effects-in-size-of-operand" and - ruleId = "EXP52-CPP" + ruleId = "EXP52-CPP" and + category = "rule" or query = // `Query` instance for the `doNotRelyOnSideEffectsInTypeIdOperand` query @@ -70,7 +76,8 @@ predicate isSideEffects1QueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `doNotRelyOnSideEffectsInTypeIdOperand` query "cpp/cert/do-not-rely-on-side-effects-in-type-id-operand" and - ruleId = "EXP52-CPP" + ruleId = "EXP52-CPP" and + category = "rule" or query = // `Query` instance for the `doNotRelyOnSideEffectsInNoExceptOperand` query @@ -78,7 +85,8 @@ predicate isSideEffects1QueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `doNotRelyOnSideEffectsInNoExceptOperand` query "cpp/cert/do-not-rely-on-side-effects-in-no-except-operand" and - ruleId = "EXP52-CPP" + ruleId = "EXP52-CPP" and + category = "rule" or query = // `Query` instance for the `doNotRelyOnSideEffectsInDeclTypeOperand` query @@ -86,7 +94,8 @@ predicate isSideEffects1QueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `doNotRelyOnSideEffectsInDeclTypeOperand` query "cpp/cert/do-not-rely-on-side-effects-in-decl-type-operand" and - ruleId = "EXP52-CPP" + ruleId = "EXP52-CPP" and + category = "rule" or query = // `Query` instance for the `doNotRelyOnSideEffectsInDeclValExpression` query @@ -94,7 +103,8 @@ predicate isSideEffects1QueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `doNotRelyOnSideEffectsInDeclValExpression` query "cpp/cert/do-not-rely-on-side-effects-in-decl-val-expression" and - ruleId = "EXP52-CPP" + ruleId = "EXP52-CPP" and + category = "rule" } module SideEffects1Package { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/SideEffects2.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/SideEffects2.qll index ba930c214c..7ba094b13e 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/SideEffects2.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/SideEffects2.qll @@ -14,14 +14,15 @@ newtype SideEffects2Query = TFunctionsWithVoidReturnTypeShallHaveExternalSideEffectsQuery() or TPredicateFunctionObjectsShouldNotBeMutableQuery() -predicate isSideEffects2QueryMetadata(Query query, string queryId, string ruleId) { +predicate isSideEffects2QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `moveConstructorShallOnlyMoveObject` query SideEffects2Package::moveConstructorShallOnlyMoveObjectQuery() and queryId = // `@id` for the `moveConstructorShallOnlyMoveObject` query "cpp/autosar/move-constructor-shall-only-move-object" and - ruleId = "A12-8-1" + ruleId = "A12-8-1" and + category = "required" or query = // `Query` instance for the `copyConstructorShallOnlyCopyObject` query @@ -29,7 +30,8 @@ predicate isSideEffects2QueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `copyConstructorShallOnlyCopyObject` query "cpp/autosar/copy-constructor-shall-only-copy-object" and - ruleId = "A12-8-1" + ruleId = "A12-8-1" and + category = "required" or query = // `Query` instance for the `userDefinedLiteralsOperatorsShallOnlyPerformConversionOfPassedParameters` query @@ -37,7 +39,8 @@ predicate isSideEffects2QueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `userDefinedLiteralsOperatorsShallOnlyPerformConversionOfPassedParameters` query "cpp/autosar/user-defined-literals-operators-shall-only-perform-conversion-of-passed-parameters" and - ruleId = "A13-1-3" + ruleId = "A13-1-3" and + category = "required" or query = // `Query` instance for the `userDefinedLiteralsOperatorsShallNotHaveSideEffects` query @@ -45,7 +48,8 @@ predicate isSideEffects2QueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `userDefinedLiteralsOperatorsShallNotHaveSideEffects` query "cpp/autosar/user-defined-literals-operators-shall-not-have-side-effects" and - ruleId = "A13-1-3" + ruleId = "A13-1-3" and + category = "required" or query = // `Query` instance for the `stateRelatedToFunctionObjectIdentityShallNotBeCopied` query @@ -53,7 +57,8 @@ predicate isSideEffects2QueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `stateRelatedToFunctionObjectIdentityShallNotBeCopied` query "cpp/autosar/state-related-to-function-object-identity-shall-not-be-copied" and - ruleId = "A25-1-1" + ruleId = "A25-1-1" and + category = "required" or query = // `Query` instance for the `moveOperatorShallOnlyMoveObject` query @@ -61,7 +66,8 @@ predicate isSideEffects2QueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `moveOperatorShallOnlyMoveObject` query "cpp/autosar/move-operator-shall-only-move-object" and - ruleId = "A6-2-1" + ruleId = "A6-2-1" and + category = "required" or query = // `Query` instance for the `copyOperatorShallOnlyCopyObject` query @@ -69,7 +75,8 @@ predicate isSideEffects2QueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `copyOperatorShallOnlyCopyObject` query "cpp/autosar/copy-operator-shall-only-copy-object" and - ruleId = "A6-2-1" + ruleId = "A6-2-1" and + category = "required" or query = // `Query` instance for the `functionsWithVoidReturnTypeShallHaveExternalSideEffects` query @@ -77,7 +84,8 @@ predicate isSideEffects2QueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `functionsWithVoidReturnTypeShallHaveExternalSideEffects` query "cpp/autosar/functions-with-void-return-type-shall-have-external-side-effects" and - ruleId = "M0-1-8" + ruleId = "M0-1-8" and + category = "required" or query = // `Query` instance for the `predicateFunctionObjectsShouldNotBeMutable` query @@ -85,7 +93,8 @@ predicate isSideEffects2QueryMetadata(Query query, string queryId, string ruleId queryId = // `@id` for the `predicateFunctionObjectsShouldNotBeMutable` query "cpp/cert/predicate-function-objects-should-not-be-mutable" and - ruleId = "CTR58-CPP" + ruleId = "CTR58-CPP" and + category = "rule" } module SideEffects2Package { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/SmartPointers1.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/SmartPointers1.qll index 7750c2396b..5b11807014 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/SmartPointers1.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/SmartPointers1.qll @@ -14,14 +14,15 @@ newtype SmartPointers1Query = TUniquePtrPassedToFunctionWithImproperSemanticsQuery() or TSharedPtrPassedToFunctionWithImproperSemanticsQuery() -predicate isSmartPointers1QueryMetadata(Query query, string queryId, string ruleId) { +predicate isSmartPointers1QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `ownedPointerValueStoredInUnrelatedSmartPointerAsar` query SmartPointers1Package::ownedPointerValueStoredInUnrelatedSmartPointerAsarQuery() and queryId = // `@id` for the `ownedPointerValueStoredInUnrelatedSmartPointerAsar` query "cpp/autosar/owned-pointer-value-stored-in-unrelated-smart-pointer-asar" and - ruleId = "A20-8-1" + ruleId = "A20-8-1" and + category = "required" or query = // `Query` instance for the `uniquePtrNotUsedToRepresentExclusiveOwnership` query @@ -29,7 +30,8 @@ predicate isSmartPointers1QueryMetadata(Query query, string queryId, string rule queryId = // `@id` for the `uniquePtrNotUsedToRepresentExclusiveOwnership` query "cpp/autosar/unique-ptr-not-used-to-represent-exclusive-ownership" and - ruleId = "A20-8-2" + ruleId = "A20-8-2" and + category = "required" or query = // `Query` instance for the `sharedPtrNotUsedToRepresentSharedOwnership` query @@ -37,7 +39,8 @@ predicate isSmartPointers1QueryMetadata(Query query, string queryId, string rule queryId = // `@id` for the `sharedPtrNotUsedToRepresentSharedOwnership` query "cpp/autosar/shared-ptr-not-used-to-represent-shared-ownership" and - ruleId = "A20-8-3" + ruleId = "A20-8-3" and + category = "required" or query = // `Query` instance for the `sharedPointerUsedWithNoOwnershipSharing` query @@ -45,7 +48,8 @@ predicate isSmartPointers1QueryMetadata(Query query, string queryId, string rule queryId = // `@id` for the `sharedPointerUsedWithNoOwnershipSharing` query "cpp/autosar/shared-pointer-used-with-no-ownership-sharing" and - ruleId = "A20-8-4" + ruleId = "A20-8-4" and + category = "required" or query = // `Query` instance for the `makeUniqueNotUsedToConstructObjectOwnedByUniquePtr` query @@ -53,7 +57,8 @@ predicate isSmartPointers1QueryMetadata(Query query, string queryId, string rule queryId = // `@id` for the `makeUniqueNotUsedToConstructObjectOwnedByUniquePtr` query "cpp/autosar/make-unique-not-used-to-construct-object-owned-by-unique-ptr" and - ruleId = "A20-8-5" + ruleId = "A20-8-5" and + category = "required" or query = // `Query` instance for the `makeSharedNotUsedToConstructObjectOwnedBySharedPtr` query @@ -61,7 +66,8 @@ predicate isSmartPointers1QueryMetadata(Query query, string queryId, string rule queryId = // `@id` for the `makeSharedNotUsedToConstructObjectOwnedBySharedPtr` query "cpp/autosar/make-shared-not-used-to-construct-object-owned-by-shared-ptr" and - ruleId = "A20-8-6" + ruleId = "A20-8-6" and + category = "required" or query = // `Query` instance for the `smartPointerAsParameterWithoutLifetimeSemantics` query @@ -69,7 +75,8 @@ predicate isSmartPointers1QueryMetadata(Query query, string queryId, string rule queryId = // `@id` for the `smartPointerAsParameterWithoutLifetimeSemantics` query "cpp/autosar/smart-pointer-as-parameter-without-lifetime-semantics" and - ruleId = "A8-4-11" + ruleId = "A8-4-11" and + category = "required" or query = // `Query` instance for the `uniquePtrPassedToFunctionWithImproperSemantics` query @@ -77,7 +84,8 @@ predicate isSmartPointers1QueryMetadata(Query query, string queryId, string rule queryId = // `@id` for the `uniquePtrPassedToFunctionWithImproperSemantics` query "cpp/autosar/unique-ptr-passed-to-function-with-improper-semantics" and - ruleId = "A8-4-12" + ruleId = "A8-4-12" and + category = "required" or query = // `Query` instance for the `sharedPtrPassedToFunctionWithImproperSemantics` query @@ -85,7 +93,8 @@ predicate isSmartPointers1QueryMetadata(Query query, string queryId, string rule queryId = // `@id` for the `sharedPtrPassedToFunctionWithImproperSemantics` query "cpp/autosar/shared-ptr-passed-to-function-with-improper-semantics" and - ruleId = "A8-4-13" + ruleId = "A8-4-13" and + category = "required" } module SmartPointers1Package { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/SmartPointers2.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/SmartPointers2.qll index a64b418f2d..aa0755a024 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/SmartPointers2.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/SmartPointers2.qll @@ -7,14 +7,15 @@ newtype SmartPointers2Query = TWeakPtrNotUsedToRepresentTemporarySharedOwnershipQuery() or TOwnedPointerValueStoredInUnrelatedSmartPointerCertQuery() -predicate isSmartPointers2QueryMetadata(Query query, string queryId, string ruleId) { +predicate isSmartPointers2QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `weakPtrNotUsedToRepresentTemporarySharedOwnership` query SmartPointers2Package::weakPtrNotUsedToRepresentTemporarySharedOwnershipQuery() and queryId = // `@id` for the `weakPtrNotUsedToRepresentTemporarySharedOwnership` query "cpp/autosar/weak-ptr-not-used-to-represent-temporary-shared-ownership" and - ruleId = "A20-8-7" + ruleId = "A20-8-7" and + category = "required" or query = // `Query` instance for the `ownedPointerValueStoredInUnrelatedSmartPointerCert` query @@ -22,7 +23,8 @@ predicate isSmartPointers2QueryMetadata(Query query, string queryId, string rule queryId = // `@id` for the `ownedPointerValueStoredInUnrelatedSmartPointerCert` query "cpp/cert/owned-pointer-value-stored-in-unrelated-smart-pointer-cert" and - ruleId = "MEM56-CPP" + ruleId = "MEM56-CPP" and + category = "rule" } module SmartPointers2Package { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Strings.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Strings.qll index 457bac01b7..e40e1e7d7f 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Strings.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Strings.qll @@ -13,14 +13,15 @@ newtype StringsQuery = TBasicStringMayNotBeNullTerminatedCertQuery() or TOperationMayNotNullTerminateCStyleStringCertQuery() -predicate isStringsQueryMetadata(Query query, string queryId, string ruleId) { +predicate isStringsQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `stringLiteralsAssignedToNonConstantPointers` query StringsPackage::stringLiteralsAssignedToNonConstantPointersQuery() and queryId = // `@id` for the `stringLiteralsAssignedToNonConstantPointers` query "cpp/autosar/string-literals-assigned-to-non-constant-pointers" and - ruleId = "A2-13-4" + ruleId = "A2-13-4" and + category = "required" or query = // `Query` instance for the `basicStringMayNotBeNullTerminatedAutosar` query @@ -28,7 +29,8 @@ predicate isStringsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `basicStringMayNotBeNullTerminatedAutosar` query "cpp/autosar/basic-string-may-not-be-null-terminated-autosar" and - ruleId = "A27-0-2" + ruleId = "A27-0-2" and + category = "advisory" or query = // `Query` instance for the `operationMayNotNullTerminateCStyleStringAutosar` query @@ -36,7 +38,8 @@ predicate isStringsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `operationMayNotNullTerminateCStyleStringAutosar` query "cpp/autosar/operation-may-not-null-terminate-c-style-string-autosar" and - ruleId = "A27-0-2" + ruleId = "A27-0-2" and + category = "advisory" or query = // `Query` instance for the `cStyleStringsUsed` query @@ -44,7 +47,8 @@ predicate isStringsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `cStyleStringsUsed` query "cpp/autosar/c-style-strings-used" and - ruleId = "A27-0-4" + ruleId = "A27-0-4" and + category = "required" or query = // `Query` instance for the `plainCharTypeShallOnlyBeUsedForTheStorageAndUseOfCharacterValues` query @@ -52,7 +56,8 @@ predicate isStringsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `plainCharTypeShallOnlyBeUsedForTheStorageAndUseOfCharacterValues` query "cpp/autosar/plain-char-type-shall-only-be-used-for-the-storage-and-use-of-character-values" and - ruleId = "M5-0-11" + ruleId = "M5-0-11" and + category = "required" or query = // `Query` instance for the `signedCharAndUnsignedCharTypeShallOnlyBeUsedForTheStorageAndUseOfNumericValues` query @@ -60,7 +65,8 @@ predicate isStringsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `signedCharAndUnsignedCharTypeShallOnlyBeUsedForTheStorageAndUseOfNumericValues` query "cpp/autosar/signed-char-and-unsigned-char-type-shall-only-be-used-for-the-storage-and-use-of-numeric-values" and - ruleId = "M5-0-12" + ruleId = "M5-0-12" and + category = "required" or query = // `Query` instance for the `basicStringMayNotBeNullTerminatedCert` query @@ -68,7 +74,8 @@ predicate isStringsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `basicStringMayNotBeNullTerminatedCert` query "cpp/cert/basic-string-may-not-be-null-terminated-cert" and - ruleId = "STR50-CPP" + ruleId = "STR50-CPP" and + category = "rule" or query = // `Query` instance for the `operationMayNotNullTerminateCStyleStringCert` query @@ -76,7 +83,8 @@ predicate isStringsQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `operationMayNotNullTerminateCStyleStringCert` query "cpp/cert/operation-may-not-null-terminate-c-style-string-cert" and - ruleId = "STR50-CPP" + ruleId = "STR50-CPP" and + category = "rule" } module StringsPackage { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Templates.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Templates.qll index 5ad07851ab..d5eeb959a4 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Templates.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Templates.qll @@ -13,14 +13,15 @@ newtype TemplatesQuery = TNameNotReferredUsingAQualifiedIdOrThisQuery() or TNameNotReferredUsingAQualifiedIdOrThisAuditQuery() -predicate isTemplatesQueryMetadata(Query query, string queryId, string ruleId) { +predicate isTemplatesQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `templateShouldCheckArg` query TemplatesPackage::templateShouldCheckArgQuery() and queryId = // `@id` for the `templateShouldCheckArg` query "cpp/autosar/template-should-check-arg" and - ruleId = "A14-1-1" + ruleId = "A14-1-1" and + category = "advisory" or query = // `Query` instance for the `templateConstructorOverloadResolution` query @@ -28,7 +29,8 @@ predicate isTemplatesQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `templateConstructorOverloadResolution` query "cpp/autosar/template-constructor-overload-resolution" and - ruleId = "A14-5-1" + ruleId = "A14-5-1" and + category = "required" or query = // `Query` instance for the `typeUsedAsTemplateArgShallProvideAllMembers` query @@ -36,7 +38,8 @@ predicate isTemplatesQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `typeUsedAsTemplateArgShallProvideAllMembers` query "cpp/autosar/type-used-as-template-arg-shall-provide-all-members" and - ruleId = "A14-7-1" + ruleId = "A14-7-1" and + category = "required" or query = // `Query` instance for the `templateSpecializationNotDeclaredInTheSameFile` query @@ -44,7 +47,8 @@ predicate isTemplatesQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `templateSpecializationNotDeclaredInTheSameFile` query "cpp/autosar/template-specialization-not-declared-in-the-same-file" and - ruleId = "A14-7-2" + ruleId = "A14-7-2" and + category = "required" or query = // `Query` instance for the `explicitSpecializationsOfFunctionTemplatesUsed` query @@ -52,7 +56,8 @@ predicate isTemplatesQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `explicitSpecializationsOfFunctionTemplatesUsed` query "cpp/autosar/explicit-specializations-of-function-templates-used" and - ruleId = "A14-8-2" + ruleId = "A14-8-2" and + category = "required" or query = // `Query` instance for the `copyAssignmentOperatorNotDeclared` query @@ -60,7 +65,8 @@ predicate isTemplatesQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `copyAssignmentOperatorNotDeclared` query "cpp/autosar/copy-assignment-operator-not-declared" and - ruleId = "M14-5-3" + ruleId = "M14-5-3" and + category = "required" or query = // `Query` instance for the `nameNotReferredUsingAQualifiedIdOrThis` query @@ -68,7 +74,8 @@ predicate isTemplatesQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `nameNotReferredUsingAQualifiedIdOrThis` query "cpp/autosar/name-not-referred-using-a-qualified-id-or-this" and - ruleId = "M14-6-1" + ruleId = "M14-6-1" and + category = "required" or query = // `Query` instance for the `nameNotReferredUsingAQualifiedIdOrThisAudit` query @@ -76,7 +83,8 @@ predicate isTemplatesQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `nameNotReferredUsingAQualifiedIdOrThisAudit` query "cpp/autosar/name-not-referred-using-a-qualified-id-or-this-audit" and - ruleId = "M14-6-1" + ruleId = "M14-6-1" and + category = "required" } module TemplatesPackage { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Toolchain.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Toolchain.qll index 969405c785..7dcf9f523a 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Toolchain.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Toolchain.qll @@ -16,14 +16,15 @@ newtype ToolchainQuery = TCompilerWarningLevelNotInComplianceQuery() or TUncompliantOptimizationOptionMustBeDisabledInCompilerQuery() -predicate isToolchainQueryMetadata(Query query, string queryId, string ruleId) { +predicate isToolchainQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `floatingPointImplementationShallComplyWithIeeeStandard` query ToolchainPackage::floatingPointImplementationShallComplyWithIeeeStandardQuery() and queryId = // `@id` for the `floatingPointImplementationShallComplyWithIeeeStandard` query "cpp/autosar/floating-point-implementation-shall-comply-with-ieee-standard" and - ruleId = "A0-4-1" + ruleId = "A0-4-1" and + category = "required" or query = // `Query` instance for the `compilerImplementationShallComplyWithCPP14Standard` query @@ -31,7 +32,8 @@ predicate isToolchainQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `compilerImplementationShallComplyWithCPP14Standard` query "cpp/autosar/compiler-implementation-shall-comply-with-cpp14standard" and - ruleId = "A0-4-3" + ruleId = "A0-4-3" and + category = "required" or query = // `Query` instance for the `incrementOperatorWithBoolOperandIsDeprecated` query @@ -39,7 +41,8 @@ predicate isToolchainQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `incrementOperatorWithBoolOperandIsDeprecated` query "cpp/autosar/increment-operator-with-bool-operand-is-deprecated" and - ruleId = "A1-1-1" + ruleId = "A1-1-1" and + category = "required" or query = // `Query` instance for the `registerKeywordIsDeprecated` query @@ -47,7 +50,8 @@ predicate isToolchainQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `registerKeywordIsDeprecated` query "cpp/autosar/register-keyword-is-deprecated" and - ruleId = "A1-1-1" + ruleId = "A1-1-1" and + category = "required" or query = // `Query` instance for the `implicitCopyConstructorIsDeprecated` query @@ -55,7 +59,8 @@ predicate isToolchainQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `implicitCopyConstructorIsDeprecated` query "cpp/autosar/implicit-copy-constructor-is-deprecated" and - ruleId = "A1-1-1" + ruleId = "A1-1-1" and + category = "required" or query = // `Query` instance for the `implicitCopyAssignmentOperatorIsDeprecated` query @@ -63,7 +68,8 @@ predicate isToolchainQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `implicitCopyAssignmentOperatorIsDeprecated` query "cpp/autosar/implicit-copy-assignment-operator-is-deprecated" and - ruleId = "A1-1-1" + ruleId = "A1-1-1" and + category = "required" or query = // `Query` instance for the `dynamicExceptionsAreDeprecated` query @@ -71,7 +77,8 @@ predicate isToolchainQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `dynamicExceptionsAreDeprecated` query "cpp/autosar/dynamic-exceptions-are-deprecated" and - ruleId = "A1-1-1" + ruleId = "A1-1-1" and + category = "required" or query = // `Query` instance for the `cStandardLibraryHeadersAreDeprecated` query @@ -79,7 +86,8 @@ predicate isToolchainQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `cStandardLibraryHeadersAreDeprecated` query "cpp/autosar/c-standard-library-headers-are-deprecated" and - ruleId = "A1-1-1" + ruleId = "A1-1-1" and + category = "required" or query = // `Query` instance for the `strstreamTypesAreDeprecated` query @@ -87,7 +95,8 @@ predicate isToolchainQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `strstreamTypesAreDeprecated` query "cpp/autosar/strstream-types-are-deprecated" and - ruleId = "A1-1-1" + ruleId = "A1-1-1" and + category = "required" or query = // `Query` instance for the `compilerWarningLevelNotInCompliance` query @@ -95,7 +104,8 @@ predicate isToolchainQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `compilerWarningLevelNotInCompliance` query "cpp/autosar/compiler-warning-level-not-in-compliance" and - ruleId = "A1-1-2" + ruleId = "A1-1-2" and + category = "required" or query = // `Query` instance for the `uncompliantOptimizationOptionMustBeDisabledInCompiler` query @@ -103,7 +113,8 @@ predicate isToolchainQueryMetadata(Query query, string queryId, string ruleId) { queryId = // `@id` for the `uncompliantOptimizationOptionMustBeDisabledInCompiler` query "cpp/autosar/uncompliant-optimization-option-must-be-disabled-in-compiler" and - ruleId = "A1-1-3" + ruleId = "A1-1-3" and + category = "required" } module ToolchainPackage { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/TrustBoundaries.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/TrustBoundaries.qll index b6135deba8..38014aea5f 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/TrustBoundaries.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/TrustBoundaries.qll @@ -8,14 +8,15 @@ newtype TrustBoundariesQuery = TDoNotThrowAnExceptionAcrossExecutionBoundariesQuery() or TDoNotPassANonstandardObjectAcrossBoundariesQuery() -predicate isTrustBoundariesQueryMetadata(Query query, string queryId, string ruleId) { +predicate isTrustBoundariesQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `exceptionsThrownAcrossExecutionBoundaries` query TrustBoundariesPackage::exceptionsThrownAcrossExecutionBoundariesQuery() and queryId = // `@id` for the `exceptionsThrownAcrossExecutionBoundaries` query "cpp/autosar/exceptions-thrown-across-execution-boundaries" and - ruleId = "A15-1-5" + ruleId = "A15-1-5" and + category = "required" or query = // `Query` instance for the `doNotThrowAnExceptionAcrossExecutionBoundaries` query @@ -23,7 +24,8 @@ predicate isTrustBoundariesQueryMetadata(Query query, string queryId, string rul queryId = // `@id` for the `doNotThrowAnExceptionAcrossExecutionBoundaries` query "cpp/cert/do-not-throw-an-exception-across-execution-boundaries" and - ruleId = "ERR59-CPP" + ruleId = "ERR59-CPP" and + category = "rule" or query = // `Query` instance for the `doNotPassANonstandardObjectAcrossBoundaries` query @@ -31,7 +33,8 @@ predicate isTrustBoundariesQueryMetadata(Query query, string queryId, string rul queryId = // `@id` for the `doNotPassANonstandardObjectAcrossBoundaries` query "cpp/cert/do-not-pass-a-nonstandard-object-across-boundaries" and - ruleId = "EXP60-CPP" + ruleId = "EXP60-CPP" and + category = "rule" } module TrustBoundariesPackage { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/TypeRanges.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/TypeRanges.qll index 5104a03793..4dce9bbfe7 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/TypeRanges.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/TypeRanges.qll @@ -15,14 +15,15 @@ newtype TypeRangesQuery = TDetectErrorsWhenConvertingAStringToANumberQuery() or TDoNotCastToAnOutOfRangeEnumerationValueQuery() -predicate isTypeRangesQueryMetadata(Query query, string queryId, string ruleId) { +predicate isTypeRangesQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `uncheckedRangeDomainPoleErrors` query TypeRangesPackage::uncheckedRangeDomainPoleErrorsQuery() and queryId = // `@id` for the `uncheckedRangeDomainPoleErrors` query "cpp/autosar/unchecked-range-domain-pole-errors" and - ruleId = "A0-4-4" + ruleId = "A0-4-4" and + category = "required" or query = // `Query` instance for the `stringNumberConversionMissingErrorCheck` query @@ -30,7 +31,8 @@ predicate isTypeRangesQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `stringNumberConversionMissingErrorCheck` query "cpp/autosar/string-number-conversion-missing-error-check" and - ruleId = "A18-0-2" + ruleId = "A18-0-2" and + category = "required" or query = // `Query` instance for the `useOfUnsafeCStringToNumberConversion` query @@ -38,7 +40,8 @@ predicate isTypeRangesQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `useOfUnsafeCStringToNumberConversion` query "cpp/autosar/use-of-unsafe-c-string-to-number-conversion" and - ruleId = "A18-0-2" + ruleId = "A18-0-2" and + category = "required" or query = // `Query` instance for the `signedValPassedToChar` query @@ -46,7 +49,8 @@ predicate isTypeRangesQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `signedValPassedToChar` query "cpp/autosar/signed-val-passed-to-char" and - ruleId = "A21-8-1" + ruleId = "A21-8-1" and + category = "required" or query = // `Query` instance for the `inputsFromIndependentComponentsNotValidated` query @@ -54,7 +58,8 @@ predicate isTypeRangesQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `inputsFromIndependentComponentsNotValidated` query "cpp/autosar/inputs-from-independent-components-not-validated" and - ruleId = "A27-0-1" + ruleId = "A27-0-1" and + category = "required" or query = // `Query` instance for the `nonEnumeratorEnumValue` query @@ -62,7 +67,8 @@ predicate isTypeRangesQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `nonEnumeratorEnumValue` query "cpp/autosar/non-enumerator-enum-value" and - ruleId = "A7-2-1" + ruleId = "A7-2-1" and + category = "required" or query = // `Query` instance for the `useOfEnumForRelatedConstants` query @@ -70,7 +76,8 @@ predicate isTypeRangesQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `useOfEnumForRelatedConstants` query "cpp/autosar/use-of-enum-for-related-constants" and - ruleId = "A7-2-5" + ruleId = "A7-2-5" and + category = "advisory" or query = // `Query` instance for the `integerUsedForEnum` query @@ -78,7 +85,8 @@ predicate isTypeRangesQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `integerUsedForEnum` query "cpp/autosar/integer-used-for-enum" and - ruleId = "A7-2-5" + ruleId = "A7-2-5" and + category = "advisory" or query = // `Query` instance for the `detectErrorsWhenConvertingAStringToANumber` query @@ -86,7 +94,8 @@ predicate isTypeRangesQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `detectErrorsWhenConvertingAStringToANumber` query "cpp/cert/detect-errors-when-converting-a-string-to-a-number" and - ruleId = "ERR62-CPP" + ruleId = "ERR62-CPP" and + category = "rule" or query = // `Query` instance for the `doNotCastToAnOutOfRangeEnumerationValue` query @@ -94,7 +103,8 @@ predicate isTypeRangesQueryMetadata(Query query, string queryId, string ruleId) queryId = // `@id` for the `doNotCastToAnOutOfRangeEnumerationValue` query "cpp/cert/do-not-cast-to-an-out-of-range-enumeration-value" and - ruleId = "INT50-CPP" + ruleId = "INT50-CPP" and + category = "rule" } module TypeRangesPackage { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Uninitialized.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Uninitialized.qll index ce5e0ad2a0..e5eddf1b04 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Uninitialized.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Uninitialized.qll @@ -8,14 +8,15 @@ newtype UninitializedQuery = TInformationLeakageAcrossTrustBoundariesQuery() or TDoNotReadUninitializedMemoryQuery() -predicate isUninitializedQueryMetadata(Query query, string queryId, string ruleId) { +predicate isUninitializedQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `memoryNotInitializedBeforeItIsRead` query UninitializedPackage::memoryNotInitializedBeforeItIsReadQuery() and queryId = // `@id` for the `memoryNotInitializedBeforeItIsRead` query "cpp/autosar/memory-not-initialized-before-it-is-read" and - ruleId = "A8-5-0" + ruleId = "A8-5-0" and + category = "required" or query = // `Query` instance for the `informationLeakageAcrossTrustBoundaries` query @@ -23,7 +24,8 @@ predicate isUninitializedQueryMetadata(Query query, string queryId, string ruleI queryId = // `@id` for the `informationLeakageAcrossTrustBoundaries` query "cpp/cert/information-leakage-across-trust-boundaries" and - ruleId = "DCL55-CPP" + ruleId = "DCL55-CPP" and + category = "rule" or query = // `Query` instance for the `doNotReadUninitializedMemory` query @@ -31,7 +33,8 @@ predicate isUninitializedQueryMetadata(Query query, string queryId, string ruleI queryId = // `@id` for the `doNotReadUninitializedMemory` query "cpp/cert/do-not-read-uninitialized-memory" and - ruleId = "EXP53-CPP" + ruleId = "EXP53-CPP" and + category = "rule" } module UninitializedPackage { diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/VirtualFunctions.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/VirtualFunctions.qll index a55c48d4dd..bce43ef45c 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/VirtualFunctions.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/VirtualFunctions.qll @@ -13,14 +13,15 @@ newtype VirtualFunctionsQuery = TVirtualFunctionOverriddenByAPureVirtualFunctionQuery() or TVirtualFunctionParametersUseTheSameDefaultArgumentsQuery() -predicate isVirtualFunctionsQueryMetadata(Query query, string queryId, string ruleId) { +predicate isVirtualFunctionsQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `nonVirtualPublicOrProtectedFunctionsRedefined` query VirtualFunctionsPackage::nonVirtualPublicOrProtectedFunctionsRedefinedQuery() and queryId = // `@id` for the `nonVirtualPublicOrProtectedFunctionsRedefined` query "cpp/autosar/non-virtual-public-or-protected-functions-redefined" and - ruleId = "A10-2-1" + ruleId = "A10-2-1" and + category = "required" or query = // `Query` instance for the `virtualFunctionsShallContainOneSpecifier` query @@ -28,7 +29,8 @@ predicate isVirtualFunctionsQueryMetadata(Query query, string queryId, string ru queryId = // `@id` for the `virtualFunctionsShallContainOneSpecifier` query "cpp/autosar/virtual-functions-shall-contain-one-specifier" and - ruleId = "A10-3-1" + ruleId = "A10-3-1" and + category = "required" or query = // `Query` instance for the `overridingFunctionNotDeclaredOverrideOrFinal` query @@ -36,7 +38,8 @@ predicate isVirtualFunctionsQueryMetadata(Query query, string queryId, string ru queryId = // `@id` for the `overridingFunctionNotDeclaredOverrideOrFinal` query "cpp/autosar/overriding-function-not-declared-override-or-final" and - ruleId = "A10-3-2" + ruleId = "A10-3-2" and + category = "required" or query = // `Query` instance for the `virtualFunctionsIntroducedInFinalClass` query @@ -44,7 +47,8 @@ predicate isVirtualFunctionsQueryMetadata(Query query, string queryId, string ru queryId = // `@id` for the `virtualFunctionsIntroducedInFinalClass` query "cpp/autosar/virtual-functions-introduced-in-final-class" and - ruleId = "A10-3-3" + ruleId = "A10-3-3" and + category = "required" or query = // `Query` instance for the `destructorOfABaseClassNotPublicVirtual` query @@ -52,7 +56,8 @@ predicate isVirtualFunctionsQueryMetadata(Query query, string queryId, string ru queryId = // `@id` for the `destructorOfABaseClassNotPublicVirtual` query "cpp/autosar/destructor-of-a-base-class-not-public-virtual" and - ruleId = "A12-4-1" + ruleId = "A12-4-1" and + category = "required" or query = // `Query` instance for the `nonVirtualPublicDestructorInNonFinalClass` query @@ -60,7 +65,8 @@ predicate isVirtualFunctionsQueryMetadata(Query query, string queryId, string ru queryId = // `@id` for the `nonVirtualPublicDestructorInNonFinalClass` query "cpp/autosar/non-virtual-public-destructor-in-non-final-class" and - ruleId = "A12-4-2" + ruleId = "A12-4-2" and + category = "advisory" or query = // `Query` instance for the `virtualFunctionOverriddenByAPureVirtualFunction` query @@ -68,7 +74,8 @@ predicate isVirtualFunctionsQueryMetadata(Query query, string queryId, string ru queryId = // `@id` for the `virtualFunctionOverriddenByAPureVirtualFunction` query "cpp/autosar/virtual-function-overridden-by-a-pure-virtual-function" and - ruleId = "M10-3-3" + ruleId = "M10-3-3" and + category = "required" or query = // `Query` instance for the `virtualFunctionParametersUseTheSameDefaultArguments` query @@ -76,7 +83,8 @@ predicate isVirtualFunctionsQueryMetadata(Query query, string queryId, string ru queryId = // `@id` for the `virtualFunctionParametersUseTheSameDefaultArguments` query "cpp/autosar/virtual-function-parameters-use-the-same-default-arguments" and - ruleId = "M8-3-1" + ruleId = "M8-3-1" and + category = "required" } module VirtualFunctionsPackage { diff --git a/scripts/generate_metadata/templates/rulemetadata.qll.template b/scripts/generate_metadata/templates/rulemetadata.qll.template index 802fa44641..64b903f5c2 100644 --- a/scripts/generate_metadata/templates/rulemetadata.qll.template +++ b/scripts/generate_metadata/templates/rulemetadata.qll.template @@ -18,9 +18,9 @@ newtype T{{ language_name.upper() }}Query = {% endif %} /** The metadata predicate * */ -predicate isQueryMetadata(Query query, string queryId, string ruleId) { +predicate isQueryMetadata(Query query, string queryId, string ruleId, string category) { {% for package in packages %} - is{{ package }}QueryMetadata(query, queryId, ruleId){% if not loop.last %} or + is{{ package }}QueryMetadata(query, queryId, ruleId, category){% if not loop.last %} or {% endif %}{% endfor %} } diff --git a/scripts/generate_rules/coding_standards_utils.py b/scripts/generate_rules/coding_standards_utils.py index ca3410c311..06366a5806 100644 --- a/scripts/generate_rules/coding_standards_utils.py +++ b/scripts/generate_rules/coding_standards_utils.py @@ -65,7 +65,7 @@ def write_exclusion_template(template: Type[Template], args: Dict[str, str], pac with open(file, "w", newline="\n") as f: f.write(output) -def extract_metadata_from_query(rule_id, title, q, rule_query_tags, language_name, ql_language_name, standard_name, standard_short_name, standard_metadata, anonymise): +def extract_metadata_from_query(rule_id, title, rule_category, q, rule_query_tags, language_name, ql_language_name, standard_name, standard_short_name, standard_metadata, anonymise): metadata = q.copy() @@ -92,6 +92,7 @@ def extract_metadata_from_query(rule_id, title, q, rule_query_tags, language_nam exclusion_model["queryname"] = metadata["short_name"] exclusion_model["queryname_camelcase"] = metadata["short_name"][0].lower( ) + metadata["short_name"][1:] + exclusion_model["category"] = rule_category if not "kind" in metadata: # default to problem if not specified diff --git a/scripts/generate_rules/generate_package_files.py b/scripts/generate_rules/generate_package_files.py index 8f2f23f025..ecec553fa8 100644 --- a/scripts/generate_rules/generate_package_files.py +++ b/scripts/generate_rules/generate_package_files.py @@ -274,6 +274,9 @@ def write_non_shared_testfiles(query, language_name, query_path, test_src_dir, s test_src_dir = standard_dir.joinpath( "test/rules").joinpath(rule_id) test_src_dir.mkdir(exist_ok=True, parents=True) + # Extract the rule category from the obligation property. + assert("properties" in rule_details and "obligation" in rule_details["properties"]) + rule_category = rule_details["properties"]["obligation"] # Build list of tags for this rule to apply to each query rule_query_tags = [] for key, value in rule_details["properties"].items(): @@ -291,6 +294,7 @@ def write_non_shared_testfiles(query, language_name, query_path, test_src_dir, s query, exclusion_model = extract_metadata_from_query( rule_id, rule_details["title"], + rule_category, q, rule_query_tags, language_name, diff --git a/scripts/generate_rules/templates/exclusions.qll.template b/scripts/generate_rules/templates/exclusions.qll.template index 25d1927722..5d7dc726a3 100644 --- a/scripts/generate_rules/templates/exclusions.qll.template +++ b/scripts/generate_rules/templates/exclusions.qll.template @@ -13,7 +13,7 @@ newtype {{ package_name }}Query = {% endif %} -predicate is{{package_name}}QueryMetadata(Query query, string queryId, string ruleId) { +predicate is{{package_name}}QueryMetadata(Query query, string queryId, string ruleId, string category) { {% for item in data %} query = // `Query` instance for the `{{item['queryname_camelcase']}}` query @@ -21,7 +21,8 @@ predicate is{{package_name}}QueryMetadata(Query query, string queryId, string ru queryId = // `@id` for the `{{item['queryname_camelcase']}}` query "{{ item['queryid'] }}" and - ruleId = "{{ item['ruleid'] }}" + ruleId = "{{ item['ruleid'] }}" and + category = "{{ item['category'] }}" {% if not loop.last %} or {% endif %} From aa0a8352623991c5cb54c866b9080728f34c972f Mon Sep 17 00:00:00 2001 From: Remco Vermeulen Date: Tue, 23 Aug 2022 15:08:44 -0700 Subject: [PATCH 02/43] Add support for guideline recategorizations This commit adds: - A new section `guideline-recategorizations` to the configuration specification for `coding-standards.yml`. - Two tests to list all the indexed guideline recategorizations and all the invalid guideline recategorizations. This commit does not include the application of the effective category. --- cpp/common/src/codingstandards/cpp/Config.qll | 32 ++++++ .../cpp/deviations/Deviations.qll | 35 +----- .../GuidelineRecategorizations.qll | 105 ++++++++++++++++++ .../InvalidGuidelineRecategorizations.ql | 13 +++ .../ListGuidelineRecategorizations.ql | 12 ++ ...InvalidGuidelineRecategorizations.expected | 5 + .../InvalidGuidelineRecategorizations.qlref | 1 + .../ListGuidelineRecategorizations.expected | 9 ++ .../ListGuidelineRecategorizations.qlref | 1 + .../guideline_recategorizations/dummy.xml | 2 + .../invalid/coding-standards.xml | 26 +++++ .../invalid/coding-standards.yml | 11 ++ .../test/guideline_recategorizations/test.cpp | 0 .../valid/coding-standards.xml | 22 ++++ .../valid/coding-standards.yml | 9 ++ 15 files changed, 253 insertions(+), 30 deletions(-) create mode 100644 cpp/common/src/codingstandards/cpp/Config.qll create mode 100644 cpp/common/src/codingstandards/cpp/guideline_recategorizations/GuidelineRecategorizations.qll create mode 100644 cpp/common/src/codingstandards/cpp/guideline_recategorizations/InvalidGuidelineRecategorizations.ql create mode 100644 cpp/common/src/codingstandards/cpp/guideline_recategorizations/ListGuidelineRecategorizations.ql create mode 100644 cpp/common/test/guideline_recategorizations/InvalidGuidelineRecategorizations.expected create mode 100644 cpp/common/test/guideline_recategorizations/InvalidGuidelineRecategorizations.qlref create mode 100644 cpp/common/test/guideline_recategorizations/ListGuidelineRecategorizations.expected create mode 100644 cpp/common/test/guideline_recategorizations/ListGuidelineRecategorizations.qlref create mode 100644 cpp/common/test/guideline_recategorizations/dummy.xml create mode 100644 cpp/common/test/guideline_recategorizations/invalid/coding-standards.xml create mode 100644 cpp/common/test/guideline_recategorizations/invalid/coding-standards.yml create mode 100644 cpp/common/test/guideline_recategorizations/test.cpp create mode 100644 cpp/common/test/guideline_recategorizations/valid/coding-standards.xml create mode 100644 cpp/common/test/guideline_recategorizations/valid/coding-standards.yml diff --git a/cpp/common/src/codingstandards/cpp/Config.qll b/cpp/common/src/codingstandards/cpp/Config.qll new file mode 100644 index 0000000000..7d12340719 --- /dev/null +++ b/cpp/common/src/codingstandards/cpp/Config.qll @@ -0,0 +1,32 @@ +/** + * A module for runtime configuration settings specified in a `conding-standards.yml` file. + */ + +import cpp +import semmle.code.cpp.XML +import codingstandards.cpp.exclusions.RuleMetadata +import codingstandards.cpp.deviations.Deviations + +/** A `coding-standards.xml` configuration file (usually generated from an YAML configuration file). */ +class CodingStandardsFile extends XMLFile { + CodingStandardsFile() { + this.getBaseName() = "coding-standards.xml" and + // Must be within the users source code. + exists(this.getRelativePath()) + } +} + +class CodingStandardsConfigSection extends XMLElement { + CodingStandardsConfigSection() { getParent() instanceof CodingStandardsConfig } +} + +/** A "Coding Standards" configuration file */ +class CodingStandardsConfig extends XMLElement { + CodingStandardsConfig() { + any(CodingStandardsFile csf).getARootElement() = this and + this.getName() = "codingstandards" + } + + /** Get a section in this configuration file. */ + CodingStandardsConfigSection getASection() { result.getParent() = this } +} diff --git a/cpp/common/src/codingstandards/cpp/deviations/Deviations.qll b/cpp/common/src/codingstandards/cpp/deviations/Deviations.qll index dbc6a240cd..18f022cff2 100644 --- a/cpp/common/src/codingstandards/cpp/deviations/Deviations.qll +++ b/cpp/common/src/codingstandards/cpp/deviations/Deviations.qll @@ -7,6 +7,7 @@ import cpp import semmle.code.cpp.XML import codingstandards.cpp.exclusions.RuleMetadata +import codingstandards.cpp.Config predicate applyDeviationsAtQueryLevel() { not exists(CodingStandardsReportDeviatedAlerts reportDeviatedResults | @@ -15,26 +16,6 @@ predicate applyDeviationsAtQueryLevel() { ) } -/** A `coding-standards.xml` configuration file (usually generated from an YAML configuration file). */ -class CodingStandardsFile extends XMLFile { - CodingStandardsFile() { - this.getBaseName() = "coding-standards.xml" and - // Must be within the users source code. - exists(this.getRelativePath()) - } -} - -/** A "Coding Standards" configuration file */ -class CodingStandardsConfig extends XMLElement { - CodingStandardsConfig() { - any(CodingStandardsFile csf).getARootElement() = this and - this.getName() = "codingstandards" - } - - /** Gets a deviation record for this configuration. */ - DeviationRecord getADeviationRecord() { result = getAChild().(DeviationRecords).getAChild() } -} - /** An element which tells the analysis whether to report deviated results. */ class CodingStandardsReportDeviatedAlerts extends XMLElement { CodingStandardsReportDeviatedAlerts() { @@ -44,19 +25,13 @@ class CodingStandardsReportDeviatedAlerts extends XMLElement { } /** A container of deviation records. */ -class DeviationRecords extends XMLElement { - DeviationRecords() { - getParent() instanceof CodingStandardsConfig and - hasName("deviations") - } +class DeviationRecords extends CodingStandardsConfigSection { + DeviationRecords() { hasName("deviations") } } /** A container for the deviation permits records. */ -class DeviationPermits extends XMLElement { - DeviationPermits() { - getParent() instanceof CodingStandardsConfig and - hasName("deviation-permits") - } +class DeviationPermits extends CodingStandardsConfigSection { + DeviationPermits() { hasName("deviation-permits") } } /** A deviation permit record, that is specified by a permit identifier */ diff --git a/cpp/common/src/codingstandards/cpp/guideline_recategorizations/GuidelineRecategorizations.qll b/cpp/common/src/codingstandards/cpp/guideline_recategorizations/GuidelineRecategorizations.qll new file mode 100644 index 0000000000..69eb862ea2 --- /dev/null +++ b/cpp/common/src/codingstandards/cpp/guideline_recategorizations/GuidelineRecategorizations.qll @@ -0,0 +1,105 @@ +/** + * A module for identifying guideline recategorizations specified in a `conding-standards.yml` file. + */ + +import cpp +import semmle.code.cpp.XML +import codingstandards.cpp.exclusions.RuleMetadata +import codingstandards.cpp.Config + +/** A container of guideline recategorizations. */ +class GuidelineRecategorizations extends CodingStandardsConfigSection { + GuidelineRecategorizations() { hasName("guideline-recategorizations") } +} + +newtype TEffectiveCategory = + TInvalid(string reason) { + exists(GuidelineRecategorization gr | reason = gr.getAnInvalidReason()) + } or + TDisapplied() or + TAdvisory() or + TRequired() or + TMandatory() + +class EffectiveCategory extends TEffectiveCategory { + string toString() { + this instanceof TInvalid and result = "invalid" + or + this instanceof TDisapplied and result = "disapplied" + or + this instanceof TAdvisory and result = "advisory" + or + this instanceof TRequired and result = "required" + or + this instanceof TMandatory and result = "mandatory" + } + + /** Holds if the effective category permits a deviation */ + predicate permitsDeviation() { not this instanceof TMandatory and not this instanceof TInvalid } +} + +class GuidelineRecategorization extends XMLElement { + GuidelineRecategorization() { + getParent() instanceof GuidelineRecategorizations and + hasName("guideline-recategorizations-entry") + } + + string getRuleId() { result = getAChild("rule-id").getTextValue() } + + string getCategory() { result = getAChild("category").getTextValue() } + + /** Get a query for which a recategorization is specified. */ + Query getQuery() { result.getRuleId() = getRuleId() } + + private EffectiveCategory getValidEffectiveCategory() { + exists(string category, string recategorization | + category = getQuery().getCategory() and + recategorization = getCategory() + | + result = TMandatory() and + category = ["advisory", "required"] and + recategorization = "mandatory" + or + result = TRequired() and + category = "advisory" and + recategorization = "required" + or + result = TDisapplied() and + category = "advisory" and + recategorization = "disapplied" + ) + } + + private predicate isValidRecategorization(string category, string recategorization) { + category = ["advisory", "required"] and + recategorization = "mandatory" + or + category = "advisory" and + recategorization = "required" + or + category = "advisory" and + recategorization = "disapplied" + } + + string getAnInvalidReason() { + not isValidRecategorization(this.getQuery().getCategory(), this.getCategory()) and + if exists(this.getQuery()) + then + result = + "Invalid recategorization from '" + this.getQuery().getCategory() + "' to '" + + this.getCategory() + "'." + else result = "Unknown rule id '" + this.getRuleId() + "'." + } + + predicate isValid() { not isInvalid() } + + predicate isInvalid() { getEffectiveCategory() = TInvalid(_) } + + EffectiveCategory getEffectiveCategory() { + ( + if exists(getValidEffectiveCategory()) + then result = getValidEffectiveCategory() + else result = TInvalid(getAnInvalidReason()) + ) + } +} diff --git a/cpp/common/src/codingstandards/cpp/guideline_recategorizations/InvalidGuidelineRecategorizations.ql b/cpp/common/src/codingstandards/cpp/guideline_recategorizations/InvalidGuidelineRecategorizations.ql new file mode 100644 index 0000000000..6df3f3cf57 --- /dev/null +++ b/cpp/common/src/codingstandards/cpp/guideline_recategorizations/InvalidGuidelineRecategorizations.ql @@ -0,0 +1,13 @@ +/** + * @id cpp/coding-standards/invalid-guideline-recategorizations + * @name Invalid guideline recategorizations + * @description Guideline recategorizations marked as invalid will not be applied. + */ + +import cpp +import GuidelineRecategorizations + +from GuidelineRecategorization gr +select gr, + gr.getFile().getRelativePath() + ": '" + gr.getAnInvalidReason() + "' for rule " + gr.getRuleId() + + "." diff --git a/cpp/common/src/codingstandards/cpp/guideline_recategorizations/ListGuidelineRecategorizations.ql b/cpp/common/src/codingstandards/cpp/guideline_recategorizations/ListGuidelineRecategorizations.ql new file mode 100644 index 0000000000..421385e6db --- /dev/null +++ b/cpp/common/src/codingstandards/cpp/guideline_recategorizations/ListGuidelineRecategorizations.ql @@ -0,0 +1,12 @@ +/** + * @id cpp/coding-standards/list-guideline-recategorizations + * @kind table + * @name List all guideline recategorizations observed in a database + * @description Lists all the guideline recategorizations that were indexed in the database. + */ + +import cpp +import GuidelineRecategorizations + +from GuidelineRecategorization gr +select gr.getRuleId(), gr.getCategory() diff --git a/cpp/common/test/guideline_recategorizations/InvalidGuidelineRecategorizations.expected b/cpp/common/test/guideline_recategorizations/InvalidGuidelineRecategorizations.expected new file mode 100644 index 0000000000..971c70a9b6 --- /dev/null +++ b/cpp/common/test/guideline_recategorizations/InvalidGuidelineRecategorizations.expected @@ -0,0 +1,5 @@ +| invalid/coding-standards.xml:5:7:8:43 | guideline-recategorizations-entry | guideline_recategorizations/invalid/coding-standards.xml: 'Invalid recategorization from 'required' to 'advisory'.' for rule A0-1-1. | +| invalid/coding-standards.xml:9:7:12:43 | guideline-recategorizations-entry | guideline_recategorizations/invalid/coding-standards.xml: 'Invalid recategorization from 'required' to 'disapplied'.' for rule A0-1-2. | +| invalid/coding-standards.xml:13:7:16:43 | guideline-recategorizations-entry | guideline_recategorizations/invalid/coding-standards.xml: 'Unknown rule id 'A1-4-3'.' for rule A1-4-3. | +| invalid/coding-standards.xml:17:7:20:43 | guideline-recategorizations-entry | guideline_recategorizations/invalid/coding-standards.xml: 'Invalid recategorization from 'mandatory' to 'required'.' for rule RULE-13-6. | +| invalid/coding-standards.xml:21:7:24:43 | guideline-recategorizations-entry | guideline_recategorizations/invalid/coding-standards.xml: 'Invalid recategorization from 'rule' to 'required'.' for rule CON50-CPP. | diff --git a/cpp/common/test/guideline_recategorizations/InvalidGuidelineRecategorizations.qlref b/cpp/common/test/guideline_recategorizations/InvalidGuidelineRecategorizations.qlref new file mode 100644 index 0000000000..516ca4187e --- /dev/null +++ b/cpp/common/test/guideline_recategorizations/InvalidGuidelineRecategorizations.qlref @@ -0,0 +1 @@ +codingstandards/cpp/guideline_recategorizations/InvalidGuidelineRecategorizations.ql \ No newline at end of file diff --git a/cpp/common/test/guideline_recategorizations/ListGuidelineRecategorizations.expected b/cpp/common/test/guideline_recategorizations/ListGuidelineRecategorizations.expected new file mode 100644 index 0000000000..8718623c80 --- /dev/null +++ b/cpp/common/test/guideline_recategorizations/ListGuidelineRecategorizations.expected @@ -0,0 +1,9 @@ +| A0-1-1 | advisory | +| A0-1-1 | mandatory | +| A0-1-2 | disapplied | +| A0-1-6 | disapplied | +| A1-4-3 | mandatory | +| A10-4-1 | required | +| A11-0-1 | mandatory | +| CON50-CPP | required | +| RULE-13-6 | required | diff --git a/cpp/common/test/guideline_recategorizations/ListGuidelineRecategorizations.qlref b/cpp/common/test/guideline_recategorizations/ListGuidelineRecategorizations.qlref new file mode 100644 index 0000000000..a6720a0ddb --- /dev/null +++ b/cpp/common/test/guideline_recategorizations/ListGuidelineRecategorizations.qlref @@ -0,0 +1 @@ +codingstandards/cpp/guideline_recategorizations/ListGuidelineRecategorizations.ql \ No newline at end of file diff --git a/cpp/common/test/guideline_recategorizations/dummy.xml b/cpp/common/test/guideline_recategorizations/dummy.xml new file mode 100644 index 0000000000..c390fb1e16 --- /dev/null +++ b/cpp/common/test/guideline_recategorizations/dummy.xml @@ -0,0 +1,2 @@ + + \ No newline at end of file diff --git a/cpp/common/test/guideline_recategorizations/invalid/coding-standards.xml b/cpp/common/test/guideline_recategorizations/invalid/coding-standards.xml new file mode 100644 index 0000000000..d89f27050b --- /dev/null +++ b/cpp/common/test/guideline_recategorizations/invalid/coding-standards.xml @@ -0,0 +1,26 @@ + + + + + + A0-1-1 + advisory + + + A0-1-2 + disapplied + + + A1-4-3 + mandatory + + + RULE-13-6 + required + + + CON50-CPP + required + + + diff --git a/cpp/common/test/guideline_recategorizations/invalid/coding-standards.yml b/cpp/common/test/guideline_recategorizations/invalid/coding-standards.yml new file mode 100644 index 0000000000..89e562c05c --- /dev/null +++ b/cpp/common/test/guideline_recategorizations/invalid/coding-standards.yml @@ -0,0 +1,11 @@ +guideline-recategorizations: + - rule-id: "A0-1-1" + category: "advisory" + - rule-id: "A0-1-2" + category: "disapplied" + - rule-id: "A1-4-3" + category: "mandatory" + - rule-id: "RULE-13-6" + category: "required" + - rule-id: "CON50-CPP" + category: "required" diff --git a/cpp/common/test/guideline_recategorizations/test.cpp b/cpp/common/test/guideline_recategorizations/test.cpp new file mode 100644 index 0000000000..e69de29bb2 diff --git a/cpp/common/test/guideline_recategorizations/valid/coding-standards.xml b/cpp/common/test/guideline_recategorizations/valid/coding-standards.xml new file mode 100644 index 0000000000..afc7919a89 --- /dev/null +++ b/cpp/common/test/guideline_recategorizations/valid/coding-standards.xml @@ -0,0 +1,22 @@ + + + + + + A0-1-1 + mandatory + + + A0-1-6 + disapplied + + + A10-4-1 + required + + + A11-0-1 + mandatory + + + diff --git a/cpp/common/test/guideline_recategorizations/valid/coding-standards.yml b/cpp/common/test/guideline_recategorizations/valid/coding-standards.yml new file mode 100644 index 0000000000..ed778a5cc1 --- /dev/null +++ b/cpp/common/test/guideline_recategorizations/valid/coding-standards.yml @@ -0,0 +1,9 @@ +guideline-recategorizations: + - rule-id: "A0-1-1" + category: "mandatory" + - rule-id: "A0-1-6" + category: "disapplied" + - rule-id: "A10-4-1" + category: "required" + - rule-id: "A11-0-1" + category: "mandatory" From ebf64e6cc2be4a46b4146eb0626b640210b7d484 Mon Sep 17 00:00:00 2001 From: Remco Vermeulen Date: Wed, 24 Aug 2022 16:22:10 -0700 Subject: [PATCH 03/43] Move coding standards config processing script With the additional support of a Guideline Recategorization Plan and possible other further configuration options we are moving the script into the generic configuration folder instead of the deviations folder. --- .github/workflows/code-scanning-pack-gen.yml | 2 +- docs/user_manual.md | 6 +++--- integration-tests/deviations/build.sh | 2 +- .../process_coding_standards_config.py | 0 scripts/{deviations => configuration}/requirements.txt | 0 5 files changed, 5 insertions(+), 5 deletions(-) rename scripts/{deviations => configuration}/process_coding_standards_config.py (100%) rename scripts/{deviations => configuration}/requirements.txt (100%) diff --git a/.github/workflows/code-scanning-pack-gen.yml b/.github/workflows/code-scanning-pack-gen.yml index 5a0ef0fb07..2c501b541b 100644 --- a/.github/workflows/code-scanning-pack-gen.yml +++ b/.github/workflows/code-scanning-pack-gen.yml @@ -86,7 +86,7 @@ jobs: codeql query compile --search-path c --search-path cpp --threads 0 c cd .. - zip -r codeql-coding-standards/code-scanning-cpp-query-pack.zip codeql-coding-standards/c/ codeql-coding-standards/cpp/ codeql-coding-standards/.codeqlmanifest.json codeql-coding-standards/supported_codeql_configs.json codeql-coding-standards/scripts/deviations codeql-coding-standards/scripts/reports + zip -r codeql-coding-standards/code-scanning-cpp-query-pack.zip codeql-coding-standards/c/ codeql-coding-standards/cpp/ codeql-coding-standards/.codeqlmanifest.json codeql-coding-standards/supported_codeql_configs.json codeql-coding-standards/scripts/configuration codeql-coding-standards/scripts/reports - name: Upload GHAS Query Pack uses: actions/upload-artifact@v2 diff --git a/docs/user_manual.md b/docs/user_manual.md index 02328ad9af..fe31db6c0f 100644 --- a/docs/user_manual.md +++ b/docs/user_manual.md @@ -284,16 +284,16 @@ The example describes three ways of scoping a deviation: 3. The deviation for `A0-4-2` applies to any source element that has a comment residing on **the same line** containing the identifier specified in `code-identifier`. The activation of the deviation mechanism requires an extra step in the database creation process. -This extra step is the invocation of the Python script `path/to/codeql-coding-standards/scripts/deviations/process_coding_standards_config.py` that is part of the coding standards code scanning pack. +This extra step is the invocation of the Python script `path/to/codeql-coding-standards/scripts/configuration/process_coding_standards_config.py` that is part of the coding standards code scanning pack. The script should be invoked as follows: ```codeql -codeql database create --language cpp --command 'python3 path/to/codeql-coding-standards/scripts/deviations/process_coding_standards_config.py' --command +codeql database create --language cpp --command 'python3 path/to/codeql-coding-standards/scripts/configuration/process_coding_standards_config.py' --command ``` The `process_coding_standards_config.py` has a dependency on the package `pyyaml` that can be installed using the provided PIP package manifest by running the following command: -`pip install -r path/to/codeql-coding-standards/scripts/deviations/requirements.txt` +`pip install -r path/to/codeql-coding-standards/scripts/configuration/requirements.txt` ##### Deviation permit diff --git a/integration-tests/deviations/build.sh b/integration-tests/deviations/build.sh index 1ca9f8daca..3196e5de54 100755 --- a/integration-tests/deviations/build.sh +++ b/integration-tests/deviations/build.sh @@ -1,3 +1,3 @@ #!/bin/bash -~/codeql-home/codeqls/codeql-2.6.3/codeql database create --overwrite --language cpp --command "clang++ main.cpp" --command "python3 ../../scripts/deviations/process_coding_standards_config.py" ~/codeql-home/databases/deviations-test \ No newline at end of file +~/codeql-home/codeqls/codeql-2.6.3/codeql database create --overwrite --language cpp --command "clang++ main.cpp" --command "python3 ../../scripts/configuration/process_coding_standards_config.py" ~/codeql-home/databases/deviations-test \ No newline at end of file diff --git a/scripts/deviations/process_coding_standards_config.py b/scripts/configuration/process_coding_standards_config.py similarity index 100% rename from scripts/deviations/process_coding_standards_config.py rename to scripts/configuration/process_coding_standards_config.py diff --git a/scripts/deviations/requirements.txt b/scripts/configuration/requirements.txt similarity index 100% rename from scripts/deviations/requirements.txt rename to scripts/configuration/requirements.txt From 86bc3f8af6ceffb35f45857d006a679358214bd4 Mon Sep 17 00:00:00 2001 From: Remco Vermeulen Date: Thu, 25 Aug 2022 13:05:49 -0700 Subject: [PATCH 04/43] Format generated exclusion files The format depends on the length of the package name so we format the generated file with the CLI instead of mirror the formating behavior in the template. --- .../src/codingstandards/cpp/exclusions/c/Banned.qll | 4 +++- .../cpp/exclusions/c/Concurrency1.qll | 4 +++- .../cpp/exclusions/c/Concurrency2.qll | 4 +++- .../cpp/exclusions/c/Concurrency3.qll | 4 +++- .../codingstandards/cpp/exclusions/c/Contracts1.qll | 4 +++- .../cpp/exclusions/c/Declarations1.qll | 4 +++- .../codingstandards/cpp/exclusions/c/Expressions.qll | 4 +++- .../src/codingstandards/cpp/exclusions/c/IO1.qll | 4 +++- .../src/codingstandards/cpp/exclusions/c/IO2.qll | 4 +++- .../src/codingstandards/cpp/exclusions/c/IO3.qll | 4 +++- .../src/codingstandards/cpp/exclusions/c/Misc.qll | 4 +++- .../codingstandards/cpp/exclusions/c/Pointers1.qll | 4 +++- .../codingstandards/cpp/exclusions/c/Pointers2.qll | 4 +++- .../cpp/exclusions/c/Preprocessor1.qll | 4 +++- .../cpp/exclusions/c/Preprocessor2.qll | 4 +++- .../cpp/exclusions/c/Preprocessor3.qll | 4 +++- .../cpp/exclusions/c/Preprocessor4.qll | 4 +++- .../cpp/exclusions/c/Preprocessor5.qll | 4 +++- .../cpp/exclusions/c/SideEffects1.qll | 4 +++- .../cpp/exclusions/c/SideEffects2.qll | 4 +++- .../codingstandards/cpp/exclusions/c/Strings1.qll | 4 +++- .../codingstandards/cpp/exclusions/c/Strings2.qll | 4 +++- .../codingstandards/cpp/exclusions/c/Strings3.qll | 4 +++- .../src/codingstandards/cpp/exclusions/c/Syntax.qll | 4 +++- .../cpp/exclusions/cpp/Allocations.qll | 4 +++- .../cpp/exclusions/cpp/BannedFunctions.qll | 4 +++- .../cpp/exclusions/cpp/BannedLibraries.qll | 4 +++- .../cpp/exclusions/cpp/BannedSyntax.qll | 4 +++- .../cpp/exclusions/cpp/BannedTypes.qll | 4 +++- .../codingstandards/cpp/exclusions/cpp/Classes.qll | 4 +++- .../codingstandards/cpp/exclusions/cpp/Comments.qll | 4 +++- .../cpp/exclusions/cpp/Concurrency.qll | 4 +++- .../cpp/exclusions/cpp/Conditionals.qll | 4 +++- .../src/codingstandards/cpp/exclusions/cpp/Const.qll | 4 +++- .../codingstandards/cpp/exclusions/cpp/DeadCode.qll | 4 +++- .../cpp/exclusions/cpp/Declarations.qll | 4 +++- .../cpp/exclusions/cpp/ExceptionSafety.qll | 4 +++- .../cpp/exclusions/cpp/Exceptions1.qll | 4 +++- .../cpp/exclusions/cpp/Exceptions2.qll | 4 +++- .../cpp/exclusions/cpp/Expressions.qll | 4 +++- .../src/codingstandards/cpp/exclusions/cpp/Freed.qll | 4 +++- .../codingstandards/cpp/exclusions/cpp/Functions.qll | 4 +++- .../src/codingstandards/cpp/exclusions/cpp/IO.qll | 4 +++- .../codingstandards/cpp/exclusions/cpp/Includes.qll | 4 +++- .../cpp/exclusions/cpp/Inheritance.qll | 4 +++- .../cpp/exclusions/cpp/Initialization.qll | 4 +++- .../cpp/exclusions/cpp/IntegerConversion.qll | 4 +++- .../cpp/exclusions/cpp/Invariants.qll | 4 +++- .../codingstandards/cpp/exclusions/cpp/Iterators.qll | 4 +++- .../codingstandards/cpp/exclusions/cpp/Lambdas.qll | 4 +++- .../codingstandards/cpp/exclusions/cpp/Literals.qll | 4 +++- .../src/codingstandards/cpp/exclusions/cpp/Loops.qll | 4 +++- .../codingstandards/cpp/exclusions/cpp/Macros.qll | 4 +++- .../cpp/exclusions/cpp/MoveForward.qll | 4 +++- .../codingstandards/cpp/exclusions/cpp/Naming.qll | 4 +++- .../src/codingstandards/cpp/exclusions/cpp/Null.qll | 4 +++- .../cpp/exclusions/cpp/OperatorInvariants.qll | 4 +++- .../codingstandards/cpp/exclusions/cpp/Operators.qll | 4 +++- .../cpp/exclusions/cpp/OrderOfEvaluation.qll | 4 +++- .../cpp/exclusions/cpp/OutOfBounds.qll | 4 +++- .../codingstandards/cpp/exclusions/cpp/Pointers.qll | 4 +++- .../cpp/exclusions/cpp/Representation.qll | 4 +++- .../src/codingstandards/cpp/exclusions/cpp/Scope.qll | 4 +++- .../cpp/exclusions/cpp/SideEffects1.qll | 4 +++- .../cpp/exclusions/cpp/SideEffects2.qll | 4 +++- .../cpp/exclusions/cpp/SmartPointers1.qll | 4 +++- .../cpp/exclusions/cpp/SmartPointers2.qll | 4 +++- .../codingstandards/cpp/exclusions/cpp/Strings.qll | 4 +++- .../codingstandards/cpp/exclusions/cpp/Templates.qll | 4 +++- .../codingstandards/cpp/exclusions/cpp/Toolchain.qll | 4 +++- .../cpp/exclusions/cpp/TrustBoundaries.qll | 4 +++- .../cpp/exclusions/cpp/TypeRanges.qll | 4 +++- .../cpp/exclusions/cpp/Uninitialized.qll | 4 +++- .../cpp/exclusions/cpp/VirtualFunctions.qll | 4 +++- scripts/generate_rules/coding_standards_utils.py | 12 +++++++++++- scripts/shared/codeql.py | 10 +++++++++- 76 files changed, 242 insertions(+), 76 deletions(-) diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Banned.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Banned.qll index 888e0863a3..c8f199ace7 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Banned.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Banned.qll @@ -24,7 +24,9 @@ newtype BannedQuery = TOctalConstantsUsedQuery() or TRestrictTypeQualifierUsedQuery() -predicate isBannedQueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isBannedQueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `doNotCallSystem` query BannedPackage::doNotCallSystemQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Concurrency1.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Concurrency1.qll index ed3a82c28d..0821bf38ad 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Concurrency1.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Concurrency1.qll @@ -8,7 +8,9 @@ newtype Concurrency1Query = TRaceConditionsWhenUsingLibraryFunctionsQuery() or TDoNotCallSignalInMultithreadedProgramQuery() -predicate isConcurrency1QueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isConcurrency1QueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `preventDataRacesWithMultipleThreads` query Concurrency1Package::preventDataRacesWithMultipleThreadsQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Concurrency2.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Concurrency2.qll index 38a3eaa513..4577431951 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Concurrency2.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Concurrency2.qll @@ -7,7 +7,9 @@ newtype Concurrency2Query = TDeadlockByLockingInPredefinedOrderQuery() or TWrapFunctionsThatCanSpuriouslyWakeUpInLoopQuery() -predicate isConcurrency2QueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isConcurrency2QueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `deadlockByLockingInPredefinedOrder` query Concurrency2Package::deadlockByLockingInPredefinedOrderQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Concurrency3.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Concurrency3.qll index 982ea21543..ec3ada4552 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Concurrency3.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Concurrency3.qll @@ -9,7 +9,9 @@ newtype Concurrency3Query = TPreserveSafetyWhenUsingConditionVariablesQuery() or TWrapFunctionsThatCanFailSpuriouslyInLoopQuery() -predicate isConcurrency3QueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isConcurrency3QueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `doNotAllowAMutexToGoOutOfScopeWhileLocked` query Concurrency3Package::doNotAllowAMutexToGoOutOfScopeWhileLockedQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Contracts1.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Contracts1.qll index 3336438b98..75ed7605fb 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Contracts1.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Contracts1.qll @@ -7,7 +7,9 @@ newtype Contracts1Query = TDoNotModifyTheReturnValueOfCertainFunctionsQuery() or TEnvPointerIsInvalidAfterCertainOperationsQuery() -predicate isContracts1QueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isContracts1QueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `doNotModifyTheReturnValueOfCertainFunctions` query Contracts1Package::doNotModifyTheReturnValueOfCertainFunctionsQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Declarations1.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Declarations1.qll index c5ffaa56e3..238c43e511 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Declarations1.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Declarations1.qll @@ -11,7 +11,9 @@ newtype Declarations1Query = TMacroIdentifiersNotDistinctQuery() or TMacroIdentifierNotDistinctFromParameterQuery() -predicate isDeclarations1QueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isDeclarations1QueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `declareIdentifiersBeforeUsingThem` query Declarations1Package::declareIdentifiersBeforeUsingThemQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Expressions.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Expressions.qll index fab8e21d01..58bd9237cc 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Expressions.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Expressions.qll @@ -9,7 +9,9 @@ newtype ExpressionsQuery = TCallPOSIXOpenWithCorrectArgumentCountQuery() or TDoNotUseABitwiseOperatorWithABooleanLikeOperandQuery() -predicate isExpressionsQueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isExpressionsQueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `doNotCallFunctionPointerWithIncompatibleType` query ExpressionsPackage::doNotCallFunctionPointerWithIncompatibleTypeQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/IO1.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/IO1.qll index b3c1bdd428..bbb1778c86 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/IO1.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/IO1.qll @@ -12,7 +12,9 @@ newtype IO1Query = TUndefinedBehaviorAccessingAClosedFileQuery() or TFileUsedAfterClosedQuery() -predicate isIO1QueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isIO1QueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `excludeUserInputFromFormatStrings` query IO1Package::excludeUserInputFromFormatStringsQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/IO2.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/IO2.qll index 6208470e24..f909539540 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/IO2.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/IO2.qll @@ -9,7 +9,9 @@ newtype IO2Query = TDoNotCallGetcAndPutcWithSideEffectsQuery() or TOnlyUseValuesForFsetposThatAreReturnedFromFgetposQuery() -predicate isIO2QueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isIO2QueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `doNotCopyAFileObject` query IO2Package::doNotCopyAFileObjectQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/IO3.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/IO3.qll index 9aac753c0b..16e34ecb27 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/IO3.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/IO3.qll @@ -11,7 +11,9 @@ newtype IO3Query = TPointerToAFileObjectDereferencedQuery() or TEofShallBeComparedWithUnmodifiedReturnValuesQuery() -predicate isIO3QueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isIO3QueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `doNotPerformFileOperationsOnDevices` query IO3Package::doNotPerformFileOperationsOnDevicesQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Misc.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Misc.qll index 9535c8a6d1..fa372c0ffb 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Misc.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Misc.qll @@ -8,7 +8,9 @@ newtype MiscQuery = TProperlySeedPseudorandomNumberGeneratorsQuery() or TControlFlowReachesTheEndOfANonVoidFunctionQuery() -predicate isMiscQueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isMiscQueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `randUsedForGeneratingPseudorandomNumbers` query MiscPackage::randUsedForGeneratingPseudorandomNumbersQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Pointers1.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Pointers1.qll index e35f0f3a88..35fbcef3fd 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Pointers1.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Pointers1.qll @@ -22,7 +22,9 @@ newtype Pointers1Query = TObjectWithNoPointerDereferenceShouldBeOpaqueQuery() or TPointerShouldPointToConstTypeWhenPossibleQuery() -predicate isPointers1QueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isPointers1QueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `conversionBetweenFunctionPointerAndOtherType` query Pointers1Package::conversionBetweenFunctionPointerAndOtherTypeQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Pointers2.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Pointers2.qll index 476388612e..558c57144a 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Pointers2.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Pointers2.qll @@ -5,7 +5,9 @@ import codingstandards.cpp.exclusions.RuleMetadata newtype Pointers2Query = TDoNotAddOrSubtractAScaledIntegerToAPointerQuery() -predicate isPointers2QueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isPointers2QueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `doNotAddOrSubtractAScaledIntegerToAPointer` query Pointers2Package::doNotAddOrSubtractAScaledIntegerToAPointerQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor1.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor1.qll index 1f3c9bba38..9231d99e46 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor1.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor1.qll @@ -9,7 +9,9 @@ newtype Preprocessor1Query = TForbiddenCharactersInHeaderFileNameQuery() or TIdentifiersUsedInPreprocessorExpressionQuery() -predicate isPreprocessor1QueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isPreprocessor1QueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `includeDirectivesPrecededByDirectivesOrComments` query Preprocessor1Package::includeDirectivesPrecededByDirectivesOrCommentsQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor2.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor2.qll index bc6fc91da6..0442ccf74c 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor2.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor2.qll @@ -9,7 +9,9 @@ newtype Preprocessor2Query = TUndefShouldNotBeUsedQuery() or TPrecautionIncludeGuardsNotProvidedQuery() -predicate isPreprocessor2QueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isPreprocessor2QueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `moreThanOneHashOperatorInMacroDefinition` query Preprocessor2Package::moreThanOneHashOperatorInMacroDefinitionQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor3.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor3.qll index 1b9ed9374e..51708339a1 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor3.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor3.qll @@ -5,7 +5,9 @@ import codingstandards.cpp.exclusions.RuleMetadata newtype Preprocessor3Query = TControllingExpressionIfDirectiveQuery() -predicate isPreprocessor3QueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isPreprocessor3QueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `controllingExpressionIfDirective` query Preprocessor3Package::controllingExpressionIfDirectiveQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor4.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor4.qll index 8b30501183..3baabc600b 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor4.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor4.qll @@ -8,7 +8,9 @@ newtype Preprocessor4Query = TFunctionLikeMacroArgsContainHashTokenCQueryQuery() or TDefineAndUndefUsedOnReservedIdentifierOrMacroNameQuery() -predicate isPreprocessor4QueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isPreprocessor4QueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `macroDefinedWithTheSameNameAsKeyword` query Preprocessor4Package::macroDefinedWithTheSameNameAsKeywordQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor5.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor5.qll index 0d35690408..e0a7743aaf 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor5.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor5.qll @@ -8,7 +8,9 @@ newtype Preprocessor5Query = TMacroOrFunctionArgsContainHashTokenQuery() or TMacroParameterNotEnclosedInParenthesesCQueryQuery() -predicate isPreprocessor5QueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isPreprocessor5QueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `doNotTreatAPredefinedIdentifierAsObject` query Preprocessor5Package::doNotTreatAPredefinedIdentifierAsObjectQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/SideEffects1.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/SideEffects1.qll index 24175cdfb7..af5c529bc3 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/SideEffects1.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/SideEffects1.qll @@ -15,7 +15,9 @@ newtype SideEffects1Query = TPossibleSuppressedSideEffectInLogicOperatorOperandQuery() or TSizeofOperandWithSideEffectQuery() -predicate isSideEffects1QueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isSideEffects1QueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `dependenceOnOrderOfScalarEvaluationForSideEffects` query SideEffects1Package::dependenceOnOrderOfScalarEvaluationForSideEffectsQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/SideEffects2.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/SideEffects2.qll index 82e5c0c5d2..d02b2d16e7 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/SideEffects2.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/SideEffects2.qll @@ -7,7 +7,9 @@ newtype SideEffects2Query = TSideEffectAndCrementInFullExpressionQuery() or TModificationOfFunctionParameterQuery() -predicate isSideEffects2QueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isSideEffects2QueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `sideEffectAndCrementInFullExpression` query SideEffects2Package::sideEffectAndCrementInFullExpressionQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Strings1.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Strings1.qll index e306df55bf..9fd719a7fb 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Strings1.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Strings1.qll @@ -8,7 +8,9 @@ newtype Strings1Query = TStringsHasSufficientSpaceForTheNullTerminatorQuery() or TNonNullTerminatedToFunctionThatExpectsAStringQuery() -predicate isStrings1QueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isStrings1QueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `doNotAttemptToModifyStringLiterals` query Strings1Package::doNotAttemptToModifyStringLiteralsQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Strings2.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Strings2.qll index 99dd98d68e..44ef427314 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Strings2.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Strings2.qll @@ -5,7 +5,9 @@ import codingstandards.cpp.exclusions.RuleMetadata newtype Strings2Query = TToCharacterHandlingFunctionsRepresentableAsUCharQuery() -predicate isStrings2QueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isStrings2QueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `toCharacterHandlingFunctionsRepresentableAsUChar` query Strings2Package::toCharacterHandlingFunctionsRepresentableAsUCharQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Strings3.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Strings3.qll index 760f54b9fa..0b20b59e90 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Strings3.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Strings3.qll @@ -7,7 +7,9 @@ newtype Strings3Query = TCastCharBeforeConvertingToLargerSizesQuery() or TDoNotConfuseNarrowAndWideFunctionsQuery() -predicate isStrings3QueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isStrings3QueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `castCharBeforeConvertingToLargerSizes` query Strings3Package::castCharBeforeConvertingToLargerSizesQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Syntax.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Syntax.qll index 3a53cf05c3..4c949da3b8 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Syntax.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Syntax.qll @@ -12,7 +12,9 @@ newtype SyntaxQuery = TUOrUSuffixRepresentedInUnsignedTypeQuery() or TLowercaseCharacterLUsedInLiteralSuffixQuery() -predicate isSyntaxQueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isSyntaxQueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `characterSequencesAndUsedWithinAComment` query SyntaxPackage::characterSequencesAndUsedWithinACommentQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Allocations.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Allocations.qll index 56bdf2b954..b030945851 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Allocations.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Allocations.qll @@ -26,7 +26,9 @@ newtype AllocationsQuery = TOperatorDeleteMissingPartnerCertQuery() or TUsingDefaultOperatorNewForOverAlignedTypesQuery() -predicate isAllocationsQueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isAllocationsQueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `placementNewNotProperlyAlignedAutosar` query AllocationsPackage::placementNewNotProperlyAlignedAutosarQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/BannedFunctions.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/BannedFunctions.qll index c17972650b..2bd4c25284 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/BannedFunctions.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/BannedFunctions.qll @@ -16,7 +16,9 @@ newtype BannedFunctionsQuery = TDoNotUseRandForGeneratingPseudorandomNumbersQuery() or TPreferSpecialMemberFunctionsAndOverloadedOperatorsToCStandardLibraryFunctionsQuery() -predicate isBannedFunctionsQueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isBannedFunctionsQueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `functionsMallocCallocReallocAndFreeUsed` query BannedFunctionsPackage::functionsMallocCallocReallocAndFreeUsedQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/BannedLibraries.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/BannedLibraries.qll index 9a314e79c6..4b35ba7d90 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/BannedLibraries.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/BannedLibraries.qll @@ -17,7 +17,9 @@ newtype BannedLibrariesQuery = TCstdioTypesUsedQuery() or TUsageOfAssemblerNotDocumentedQuery() -predicate isBannedLibrariesQueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isBannedLibrariesQueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `reservedIdentifiersMacrosAndFunctionsAreDefinedRedefinedOrUndefined` query BannedLibrariesPackage::reservedIdentifiersMacrosAndFunctionsAreDefinedRedefinedOrUndefinedQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/BannedSyntax.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/BannedSyntax.qll index c473616374..d78a7a5e3e 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/BannedSyntax.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/BannedSyntax.qll @@ -22,7 +22,9 @@ newtype BannedSyntaxQuery = TUsingDeclarationsUsedInHeaderFilesQuery() or TDoNotDefineACStyleVariadicFunctionQuery() -predicate isBannedSyntaxQueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isBannedSyntaxQueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `friendDeclarationsUsed` query BannedSyntaxPackage::friendDeclarationsUsedQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/BannedTypes.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/BannedTypes.qll index 8328a0f4d4..b53c0e2381 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/BannedTypes.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/BannedTypes.qll @@ -9,7 +9,9 @@ newtype BannedTypesQuery = TAutoPtrTypeUsedQuery() or TTypeWcharTUsedQuery() -predicate isBannedTypesQueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isBannedTypesQueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `typeLongDoubleUsed` query BannedTypesPackage::typeLongDoubleUsedQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Classes.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Classes.qll index 92c7a4280e..15bef7ea1a 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Classes.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Classes.qll @@ -23,7 +23,9 @@ newtype ClassesQuery = TMemberDataInNonPodClassTypesNotPrivateQuery() or TOffsetUsedOnInvalidTypeOrMemberQuery() -predicate isClassesQueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isClassesQueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `nonPodTypeShouldBeDefinedAsClass` query ClassesPackage::nonPodTypeShouldBeDefinedAsClassQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Comments.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Comments.qll index 9d4d186122..1d32994c0c 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Comments.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Comments.qll @@ -10,7 +10,9 @@ newtype CommentsQuery = TSlashStarUsedWithinACStyleCommentQuery() or TNullOnSharedLineQuery() -predicate isCommentsQueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isCommentsQueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `singleLineCommentEndsWithSlash` query CommentsPackage::singleLineCommentEndsWithSlashQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Concurrency.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Concurrency.qll index 8038d4e51e..936b09705a 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Concurrency.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Concurrency.qll @@ -14,7 +14,9 @@ newtype ConcurrencyQuery = TDoNotSpeculativelyLockALockedNonRecursiveMutexQuery() or TLockedALockedNonRecursiveMutexAuditQuery() -predicate isConcurrencyQueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isConcurrencyQueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `doNotAllowAMutexToGoOutOfScopeWhileLocked` query ConcurrencyPackage::doNotAllowAMutexToGoOutOfScopeWhileLockedQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Conditionals.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Conditionals.qll index 979e51e5c8..90538feaf6 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Conditionals.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Conditionals.qll @@ -22,7 +22,9 @@ newtype ConditionalsQuery = TGotoStatementJumpConditionQuery() or TContinueInForLoopConditionQuery() -predicate isConditionalsQueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isConditionalsQueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `nonBooleanIfCondition` query ConditionalsPackage::nonBooleanIfConditionQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Const.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Const.qll index 1245139eb1..74da377047 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Const.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Const.qll @@ -18,7 +18,9 @@ newtype ConstQuery = TMemberFunctionConstIfPossibleQuery() or TRemoveConstOrVolatileQualificationCertQuery() -predicate isConstQueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isConstQueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `removeConstOrVolatileQualificationAutosar` query ConstPackage::removeConstOrVolatileQualificationAutosarQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/DeadCode.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/DeadCode.qll index 40b8795e5e..d2c2dd31a6 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/DeadCode.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/DeadCode.qll @@ -21,7 +21,9 @@ newtype DeadCodeQuery = TSingleUseMemberPODVariableQuery() or TDeadCodeQuery() -predicate isDeadCodeQueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isDeadCodeQueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `uselessAssignment` query DeadCodePackage::uselessAssignmentQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Declarations.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Declarations.qll index 5d51fd522f..fc48d7c195 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Declarations.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Declarations.qll @@ -22,7 +22,9 @@ newtype DeclarationsQuery = TTypesNotIdenticalInObjectDeclarationsQuery() or TTypesNotIdenticalInReturnDeclarationsQuery() -predicate isDeclarationsQueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isDeclarationsQueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `operatorNewAndOperatorDeleteNotDefinedLocally` query DeclarationsPackage::operatorNewAndOperatorDeleteNotDefinedLocallyQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/ExceptionSafety.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/ExceptionSafety.qll index bab954a505..f75670da7d 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/ExceptionSafety.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/ExceptionSafety.qll @@ -10,7 +10,9 @@ newtype ExceptionSafetyQuery = TGuaranteeExceptionSafetyQuery() or TDoNotLeakResourcesWhenHandlingExceptionsQuery() -predicate isExceptionSafetyQueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isExceptionSafetyQueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `exceptionSafetyGuaranteesNotProvided` query ExceptionSafetyPackage::exceptionSafetyGuaranteesNotProvidedQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Exceptions1.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Exceptions1.qll index c4937348e8..63d77d621b 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Exceptions1.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Exceptions1.qll @@ -39,7 +39,9 @@ newtype Exceptions1Query = TExceptionObjectsMustBeNothrowCopyConstructibleQuery() or TCatchExceptionsByLvalueReferenceQuery() -predicate isExceptions1QueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isExceptions1QueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `exceptionThrownOnCompletion` query Exceptions1Package::exceptionThrownOnCompletionQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Exceptions2.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Exceptions2.qll index fa990c8f0f..d182e0ba06 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Exceptions2.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Exceptions2.qll @@ -22,7 +22,9 @@ newtype Exceptions2Query = TDoNotLetExceptionsEscapeFromDestructorsOrDeallocationFunctionsQuery() or TCatchBlockShadowingCertQuery() -predicate isExceptions2QueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isExceptions2QueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `onlyThrowStdExceptionDerivedTypes` query Exceptions2Package::onlyThrowStdExceptionDerivedTypesQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Expressions.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Expressions.qll index 9797b874e5..97010da072 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Expressions.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Expressions.qll @@ -21,7 +21,9 @@ newtype ExpressionsQuery = TPassReferenceTypeToVaStartQuery() or TPassNonTrivialObjectToVaStartQuery() -predicate isExpressionsQueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isExpressionsQueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `operationsAssumingMemoryLayoutPerformedOnObjects` query ExpressionsPackage::operationsAssumingMemoryLayoutPerformedOnObjectsQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Freed.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Freed.qll index 00d3bbdf99..2be85fad11 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Freed.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Freed.qll @@ -14,7 +14,9 @@ newtype FreedQuery = TObjectAccessedAfterLifetimeCertQuery() or TUseAfterFreeQuery() -predicate isFreedQueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isFreedQueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `newDeleteArrayMismatch` query FreedPackage::newDeleteArrayMismatchQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Functions.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Functions.qll index c83fd189d8..41a02da4a1 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Functions.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Functions.qll @@ -19,7 +19,9 @@ newtype FunctionsQuery = TNonVoidFunctionDoesNotReturnCertQuery() or TFunctionNoReturnAttributeConditionCertQuery() -predicate isFunctionsQueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isFunctionsQueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `cStandardLibraryFunctionCalls` query FunctionsPackage::cStandardLibraryFunctionCallsQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/IO.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/IO.qll index d8cadfc184..c6a5748455 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/IO.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/IO.qll @@ -8,7 +8,9 @@ newtype IOQuery = TInterleavedInputOutputWithoutPositionQuery() or TCloseFilesWhenTheyAreNoLongerNeededQuery() -predicate isIOQueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isIOQueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `interleavedInputOutputWithoutFlush` query IOPackage::interleavedInputOutputWithoutFlushQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Includes.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Includes.qll index f4eb83bc3e..305d7dbdd7 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Includes.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Includes.qll @@ -11,7 +11,9 @@ newtype IncludesQuery = TExternalLinkageNotDeclaredInHeaderFileQuery() or TIncludeGuardsNotProvidedQuery() -predicate isIncludesQueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isIncludesQueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `unusedIncludeDirectives` query IncludesPackage::unusedIncludeDirectivesQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Inheritance.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Inheritance.qll index a3775b87d6..8e79ed1ee2 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Inheritance.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Inheritance.qll @@ -18,7 +18,9 @@ newtype InheritanceQuery = TDoNotSliceDerivedObjectsQuery() or TDoNotDeleteAPolymorphicObjectWithoutAVirtualDestructorQuery() -predicate isInheritanceQueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isInheritanceQueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `publicInheritanceNotUsedForIsARelationship` query InheritancePackage::publicInheritanceNotUsedForIsARelationshipQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Initialization.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Initialization.qll index 6c8d0f5258..ec134439e3 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Initialization.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Initialization.qll @@ -26,7 +26,9 @@ newtype InitializationQuery = TBadlySeededRandomNumberGeneratorQuery() or TUseCanonicalOrderForMemberInitQuery() -predicate isInitializationQueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isInitializationQueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `explicitConstructorBaseClassInitialization` query InitializationPackage::explicitConstructorBaseClassInitializationQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/IntegerConversion.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/IntegerConversion.qll index 522ddbe31c..56b5f68ce4 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/IntegerConversion.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/IntegerConversion.qll @@ -15,7 +15,9 @@ newtype IntegerConversionQuery = TExplicitWideningConversionOfACValueExprQuery() or TExplicitSignednessConversionOfCValueQuery() -predicate isIntegerConversionQueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isIntegerConversionQueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `integerExpressionLeadToDataLoss` query IntegerConversionPackage::integerExpressionLeadToDataLossQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Invariants.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Invariants.qll index 7633df480a..c775dc05b9 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Invariants.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Invariants.qll @@ -11,7 +11,9 @@ newtype InvariantsQuery = THonorTerminationReplacementHandlerRequirementsQuery() or THonorNewReplacementHandlerRequirementsQuery() -predicate isInvariantsQueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isInvariantsQueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `memoryManagementFunctionInvariants` query InvariantsPackage::memoryManagementFunctionInvariantsQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Iterators.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Iterators.qll index 5dac989603..0a6b8ffaba 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Iterators.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Iterators.qll @@ -12,7 +12,9 @@ newtype IteratorsQuery = TDoNotUseAnAdditiveOperatorOnAnIteratorQuery() or TUseValidReferencesForElementsOfStringQuery() -predicate isIteratorsQueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isIteratorsQueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `iteratorImplicitlyConvertedToConstIterator` query IteratorsPackage::iteratorImplicitlyConvertedToConstIteratorQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Lambdas.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Lambdas.qll index 279b39ba9b..29a6cd5175 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Lambdas.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Lambdas.qll @@ -16,7 +16,9 @@ newtype LambdasQuery = TReturningLambdaObjectWithCaptureByReferenceQuery() or TEscapingLambdaObjectWithCaptureByReferenceQuery() -predicate isLambdasQueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isLambdasQueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `implicitLambdaCapture` query LambdasPackage::implicitLambdaCaptureQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Literals.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Literals.qll index 16befefd32..ab4cb729c6 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Literals.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Literals.qll @@ -16,7 +16,9 @@ newtype LiteralsQuery = TNullUsedAsIntegerValueQuery() or TLiteralZeroUsedAsNullPointerConstantQuery() -predicate isLiteralsQueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isLiteralsQueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `useCorrectIntervalForDigitSequencesSeparators` query LiteralsPackage::useCorrectIntervalForDigitSequencesSeparatorsQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Loops.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Loops.qll index 9d9b99989a..7740922b1f 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Loops.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Loops.qll @@ -18,7 +18,9 @@ newtype LoopsQuery = TLoopControlVariableModifiedInLoopExpressionQuery() or TNonBooleanLoopControlVariableQuery() -predicate isLoopsQueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isLoopsQueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `unusedLoopCounterForContainerIteration` query LoopsPackage::unusedLoopCounterForContainerIterationQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Macros.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Macros.qll index 0753ffeb48..65365eb1f0 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Macros.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Macros.qll @@ -17,7 +17,9 @@ newtype MacrosQuery = TMoreThanOneOccurrenceHashOperatorInMacroDefinitionQuery() or THashOperatorsShouldNotBeUsedQuery() -predicate isMacrosQueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isMacrosQueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `preProcessorShallOnlyBeUsedForCertainDirectivesPatterns` query MacrosPackage::preProcessorShallOnlyBeUsedForCertainDirectivesPatternsQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/MoveForward.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/MoveForward.qll index 4d61136610..3d4884d6e7 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/MoveForward.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/MoveForward.qll @@ -12,7 +12,9 @@ newtype MoveForwardQuery = TForwardForwardingReferencesQuery() or TDoNotRelyOnTheValueOfAMovedFromObjectQuery() -predicate isMoveForwardQueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isMoveForwardQueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `movedFromObjectReadAccessed` query MoveForwardPackage::movedFromObjectReadAccessedQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Naming.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Naming.qll index 18f03e9c66..3c64ed08f8 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Naming.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Naming.qll @@ -32,7 +32,9 @@ newtype NamingQuery = TFunctionReusesReservedNameQuery() or TEnumeratorReusesReservedNameQuery() -predicate isNamingQueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isNamingQueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `userDefinedLiteralOperatorSuffixViolation` query NamingPackage::userDefinedLiteralOperatorSuffixViolationQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Null.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Null.qll index 203bf242a6..5a13a9dab3 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Null.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Null.qll @@ -8,7 +8,9 @@ newtype NullQuery = TParameterNotPassedByReferenceQuery() or TDoNotAttemptToCreateAStringFromANullPointerQuery() -predicate isNullQueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isNullQueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `nullPointersDereferenced` query NullPackage::nullPointersDereferencedQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/OperatorInvariants.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/OperatorInvariants.qll index 052af31dbb..186b200ba2 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/OperatorInvariants.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/OperatorInvariants.qll @@ -14,7 +14,9 @@ newtype OperatorInvariantsQuery = TGracefullyHandleSelfCopyAssignmentQuery() or TCopyOperationsMustNotMutateTheSourceObjectQuery() -predicate isOperatorInvariantsQueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isOperatorInvariantsQueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `userDefinedCopyAndMoveUseNoThrowSwapFunction` query OperatorInvariantsPackage::userDefinedCopyAndMoveUseNoThrowSwapFunctionQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Operators.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Operators.qll index fe71289dbc..a71ce704e1 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Operators.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Operators.qll @@ -20,7 +20,9 @@ newtype OperatorsQuery = TUnaryMinusOperatorAppliedToAnExpressionWhoseUnderlyingTypeIsUnsignedQuery() or TUnaryOperatorOverloadedQuery() -predicate isOperatorsQueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isOperatorsQueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `userDefinedAssignmentOperatorVirtual` query OperatorsPackage::userDefinedAssignmentOperatorVirtualQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/OrderOfEvaluation.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/OrderOfEvaluation.qll index 71464fe027..2c7da3d64a 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/OrderOfEvaluation.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/OrderOfEvaluation.qll @@ -11,7 +11,9 @@ newtype OrderOfEvaluationQuery = TIncrementAndDecrementOperatorsMixedWithOtherOperatorsInExpressionQuery() or TAssignmentInSubExpressionQuery() -predicate isOrderOfEvaluationQueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isOrderOfEvaluationQueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `expressionShouldNotRelyOnOrderOfEvaluation` query OrderOfEvaluationPackage::expressionShouldNotRelyOnOrderOfEvaluationQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/OutOfBounds.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/OutOfBounds.qll index d1c3087339..7d28b2c2a7 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/OutOfBounds.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/OutOfBounds.qll @@ -9,7 +9,9 @@ newtype OutOfBoundsQuery = TGuaranteeGenericCppLibraryFunctionsDoNotOverflowQuery() or TRangeCheckStringElementAccessQuery() -predicate isOutOfBoundsQueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isOutOfBoundsQueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `containerAccessWithoutRangeCheckAutosar` query OutOfBoundsPackage::containerAccessWithoutRangeCheckAutosarQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Pointers.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Pointers.qll index 1dd5bef4c8..19c0d5b55d 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Pointers.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Pointers.qll @@ -28,7 +28,9 @@ newtype PointersQuery = TMemberAccessWithUninitializedStaticPointerToMemberQuery() or TUseOfPointerToMemberToAccessNonexistentMemberQuery() -predicate isPointersQueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isPointersQueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `pointerToAnElementOfAnArrayPassedToASmartPointer` query PointersPackage::pointerToAnElementOfAnArrayPassedToASmartPointerQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Representation.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Representation.qll index a423cfd4ff..be6293d77a 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Representation.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Representation.qll @@ -13,7 +13,9 @@ newtype RepresentationQuery = TMemcmpUsedToAccessObjectRepresentationQuery() or TMemcpyUsedToAccessObjectRepresentationQuery() -predicate isRepresentationQueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isRepresentationQueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `bitFieldsShallBeUsedOnlyWhenInterfacingToHardwareOrConformingToCommunicationProtocols` query RepresentationPackage::bitFieldsShallBeUsedOnlyWhenInterfacingToHardwareOrConformingToCommunicationProtocolsQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Scope.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Scope.qll index c4a21040eb..b01c79063c 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Scope.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Scope.qll @@ -22,7 +22,9 @@ newtype ScopeQuery = TUnnamedNamespaceInHeaderFileQuery() or TOneDefinitionRuleNotObeyedQuery() -predicate isScopeQueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isScopeQueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `nonStandardEntitiesInStandardNamespaces` query ScopePackage::nonStandardEntitiesInStandardNamespacesQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/SideEffects1.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/SideEffects1.qll index 37f323a6cb..5442969616 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/SideEffects1.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/SideEffects1.qll @@ -15,7 +15,9 @@ newtype SideEffects1Query = TDoNotRelyOnSideEffectsInDeclTypeOperandQuery() or TDoNotRelyOnSideEffectsInDeclValExpressionQuery() -predicate isSideEffects1QueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isSideEffects1QueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `evaluationOfTheOperandToTheTypeidOperatorContainSideEffects` query SideEffects1Package::evaluationOfTheOperandToTheTypeidOperatorContainSideEffectsQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/SideEffects2.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/SideEffects2.qll index 7ba094b13e..6ae64ce070 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/SideEffects2.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/SideEffects2.qll @@ -14,7 +14,9 @@ newtype SideEffects2Query = TFunctionsWithVoidReturnTypeShallHaveExternalSideEffectsQuery() or TPredicateFunctionObjectsShouldNotBeMutableQuery() -predicate isSideEffects2QueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isSideEffects2QueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `moveConstructorShallOnlyMoveObject` query SideEffects2Package::moveConstructorShallOnlyMoveObjectQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/SmartPointers1.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/SmartPointers1.qll index 5b11807014..f678b53437 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/SmartPointers1.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/SmartPointers1.qll @@ -14,7 +14,9 @@ newtype SmartPointers1Query = TUniquePtrPassedToFunctionWithImproperSemanticsQuery() or TSharedPtrPassedToFunctionWithImproperSemanticsQuery() -predicate isSmartPointers1QueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isSmartPointers1QueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `ownedPointerValueStoredInUnrelatedSmartPointerAsar` query SmartPointers1Package::ownedPointerValueStoredInUnrelatedSmartPointerAsarQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/SmartPointers2.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/SmartPointers2.qll index aa0755a024..a0a93ebca5 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/SmartPointers2.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/SmartPointers2.qll @@ -7,7 +7,9 @@ newtype SmartPointers2Query = TWeakPtrNotUsedToRepresentTemporarySharedOwnershipQuery() or TOwnedPointerValueStoredInUnrelatedSmartPointerCertQuery() -predicate isSmartPointers2QueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isSmartPointers2QueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `weakPtrNotUsedToRepresentTemporarySharedOwnership` query SmartPointers2Package::weakPtrNotUsedToRepresentTemporarySharedOwnershipQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Strings.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Strings.qll index e40e1e7d7f..c267571625 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Strings.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Strings.qll @@ -13,7 +13,9 @@ newtype StringsQuery = TBasicStringMayNotBeNullTerminatedCertQuery() or TOperationMayNotNullTerminateCStyleStringCertQuery() -predicate isStringsQueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isStringsQueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `stringLiteralsAssignedToNonConstantPointers` query StringsPackage::stringLiteralsAssignedToNonConstantPointersQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Templates.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Templates.qll index d5eeb959a4..2b35c0e7c2 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Templates.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Templates.qll @@ -13,7 +13,9 @@ newtype TemplatesQuery = TNameNotReferredUsingAQualifiedIdOrThisQuery() or TNameNotReferredUsingAQualifiedIdOrThisAuditQuery() -predicate isTemplatesQueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isTemplatesQueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `templateShouldCheckArg` query TemplatesPackage::templateShouldCheckArgQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Toolchain.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Toolchain.qll index 7dcf9f523a..a9a17f7eb8 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Toolchain.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Toolchain.qll @@ -16,7 +16,9 @@ newtype ToolchainQuery = TCompilerWarningLevelNotInComplianceQuery() or TUncompliantOptimizationOptionMustBeDisabledInCompilerQuery() -predicate isToolchainQueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isToolchainQueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `floatingPointImplementationShallComplyWithIeeeStandard` query ToolchainPackage::floatingPointImplementationShallComplyWithIeeeStandardQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/TrustBoundaries.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/TrustBoundaries.qll index 38014aea5f..967974a661 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/TrustBoundaries.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/TrustBoundaries.qll @@ -8,7 +8,9 @@ newtype TrustBoundariesQuery = TDoNotThrowAnExceptionAcrossExecutionBoundariesQuery() or TDoNotPassANonstandardObjectAcrossBoundariesQuery() -predicate isTrustBoundariesQueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isTrustBoundariesQueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `exceptionsThrownAcrossExecutionBoundaries` query TrustBoundariesPackage::exceptionsThrownAcrossExecutionBoundariesQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/TypeRanges.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/TypeRanges.qll index 4dce9bbfe7..96f4e4dfad 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/TypeRanges.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/TypeRanges.qll @@ -15,7 +15,9 @@ newtype TypeRangesQuery = TDetectErrorsWhenConvertingAStringToANumberQuery() or TDoNotCastToAnOutOfRangeEnumerationValueQuery() -predicate isTypeRangesQueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isTypeRangesQueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `uncheckedRangeDomainPoleErrors` query TypeRangesPackage::uncheckedRangeDomainPoleErrorsQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Uninitialized.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Uninitialized.qll index e5eddf1b04..8c116a8095 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Uninitialized.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Uninitialized.qll @@ -8,7 +8,9 @@ newtype UninitializedQuery = TInformationLeakageAcrossTrustBoundariesQuery() or TDoNotReadUninitializedMemoryQuery() -predicate isUninitializedQueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isUninitializedQueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `memoryNotInitializedBeforeItIsRead` query UninitializedPackage::memoryNotInitializedBeforeItIsReadQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/VirtualFunctions.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/VirtualFunctions.qll index bce43ef45c..e2c73fc33d 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/VirtualFunctions.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/VirtualFunctions.qll @@ -13,7 +13,9 @@ newtype VirtualFunctionsQuery = TVirtualFunctionOverriddenByAPureVirtualFunctionQuery() or TVirtualFunctionParametersUseTheSameDefaultArgumentsQuery() -predicate isVirtualFunctionsQueryMetadata(Query query, string queryId, string ruleId, string category) { +predicate isVirtualFunctionsQueryMetadata( + Query query, string queryId, string ruleId, string category +) { query = // `Query` instance for the `nonVirtualPublicOrProtectedFunctionsRedefined` query VirtualFunctionsPackage::nonVirtualPublicOrProtectedFunctionsRedefinedQuery() and diff --git a/scripts/generate_rules/coding_standards_utils.py b/scripts/generate_rules/coding_standards_utils.py index 06366a5806..055ea4ba94 100644 --- a/scripts/generate_rules/coding_standards_utils.py +++ b/scripts/generate_rules/coding_standards_utils.py @@ -8,12 +8,15 @@ import tempfile import sys - # Add the shared module to the path script_path = Path(__file__) sys.path.append(str(script_path.parent.parent / 'shared')) +from codeql import CodeQL, CodeQLError from markdown_helpers import HeadingFormatUpdateSpec, update_help_file, HeadingDiffUpdateSpec +# Global holding an instance of CodeQL that can be shared too prevent repeated instantiation costs. +codeql = None + def split_camel_case(short_name : str) -> List[str]: """Split a camel case string to a list.""" matches = re.finditer( @@ -65,6 +68,13 @@ def write_exclusion_template(template: Type[Template], args: Dict[str, str], pac with open(file, "w", newline="\n") as f: f.write(output) + global codeql + if codeql == None: + codeql = CodeQL() + # Format the generated exclusion file because we don't want to handle this in the template. + # The format relies on the length of the package name. + codeql.format(file) + def extract_metadata_from_query(rule_id, title, rule_category, q, rule_query_tags, language_name, ql_language_name, standard_name, standard_short_name, standard_metadata, anonymise): metadata = q.copy() diff --git a/scripts/shared/codeql.py b/scripts/shared/codeql.py index 41100ed6d7..4f23f6d6db 100644 --- a/scripts/shared/codeql.py +++ b/scripts/shared/codeql.py @@ -130,4 +130,12 @@ def generate_query_help(self, query_help_path: Path, output: Path, format : str result = subprocess.run(command, capture_output=True) if not result.returncode == 0: raise CodeQLError( - f"Failed to generate query help file {query_help_path}", stdout=result.stdout, stderr=result.stderr, returncode=result.returncode) \ No newline at end of file + f"Failed to generate query help file {query_help_path}", stdout=result.stdout, stderr=result.stderr, returncode=result.returncode) + + def format(self, path: Path) -> None: + command = ['codeql', 'query', 'format', '--in-place', str(path)] + + result = subprocess.run(command, capture_output=True) + if not result.returncode == 0: + raise CodeQLError( + f"Failed to format file {path}", stdout=result.stdout, stderr=result.stderr, returncode=result.returncode) From 8738fe1f1138b5d4cea7ee25486740389c328376 Mon Sep 17 00:00:00 2001 From: Remco Vermeulen Date: Thu, 25 Aug 2022 13:07:23 -0700 Subject: [PATCH 05/43] Add support for generating files for multiple packages This allows us to reduce the number of CodeQL CLI invocations for performance improvements. --- .../generate_rules/coding_standards_utils.py | 1 - .../generate_rules/generate_package_files.py | 399 +++++++++--------- 2 files changed, 204 insertions(+), 196 deletions(-) diff --git a/scripts/generate_rules/coding_standards_utils.py b/scripts/generate_rules/coding_standards_utils.py index 055ea4ba94..6f96460ef7 100644 --- a/scripts/generate_rules/coding_standards_utils.py +++ b/scripts/generate_rules/coding_standards_utils.py @@ -59,7 +59,6 @@ def render_template(template: Type[Template], args: Dict[str, str], package_name output = template.render(args, package_name=package_name) file.write(output) - def write_exclusion_template(template: Type[Template], args: Dict[str, str], package_name: str, language_name: str, file: TextIO): """Render the template with the given args, and write it to the file using \n newlines.""" output = template.render( diff --git a/scripts/generate_rules/generate_package_files.py b/scripts/generate_rules/generate_package_files.py index ecec553fa8..e34a2c1f3b 100644 --- a/scripts/generate_rules/generate_package_files.py +++ b/scripts/generate_rules/generate_package_files.py @@ -80,8 +80,8 @@ help="create anonymized versions of the queries, without identifying rule information", ) # Skip the generation of tests. This is useful when creating releases -# wherein we should preserve the author's intention to not provide c-specific -# test cases. +# wherein we should preserve the author's intention to not provide c-specific +# test cases. parser.add_argument( "--skip-shared-test-generation", action="store_true", @@ -99,36 +99,33 @@ help="directory containing external help files" ) parser.add_argument( - "package_name", help="the name of the package to generate query files for") + "package_names", help="the name of the package to generate query files for", metavar='FILE', nargs='+') ######################################################## args = parser.parse_args() language_name = args.language_name.lower() -package_name = args.package_name -# validate language +# validate language if not language_name in ql_language_mappings: exit(f"Unsupported language '{language_name}'") else: ql_language_name = ql_language_mappings[language_name] -# set up some basic paths +# set up some basic paths repo_root = Path(__file__).parent.parent.parent rule_packages_file_path = repo_root.joinpath("rule_packages") -rule_package_file_path = rule_packages_file_path.joinpath( - language_name, package_name + ".json") env = Environment(loader=FileSystemLoader(Path(__file__).parent.joinpath( "templates")), trim_blocks=True, lstrip_blocks=True) -def write_shared_implementation(package_name, rule_id, query, language_name, ql_language_name, common_src_pack_dir, common_test_pack_dir, skip_tests=False): +def write_shared_implementation(package_name, rule_id, query, language_name, ql_language_name, common_src_pack_dir, common_test_pack_dir, test_src_dir, skip_tests=False): shared_impl_dir_name = query["shared_implementation_short_name"].lower() shared_impl_dir = common_src_pack_dir.joinpath( - "codingstandards", - ql_language_name, - "rules", + "codingstandards", + ql_language_name, + "rules", shared_impl_dir_name ) @@ -138,33 +135,33 @@ def write_shared_implementation(package_name, rule_id, query, language_name, ql_ # # Write out the implementation. Implementations are - # always stored in the `ql_language_name` directory. + # always stored in the `ql_language_name` directory. # if not shared_impl_query_library_path.exists(): - + if len(query["short_name"]) > 50: exit(f"Error: {query['short_name']} has more than 50 characters.") - + shared_library_template = env.get_template( "shared_library.ql.template" ) print(f"{rule_id}: Writing out shared implementation file to {str(shared_impl_query_library_path)}") - + write_template( - shared_library_template, - query, - package_name, + shared_library_template, + query, + package_name, shared_impl_query_library_path ) else: print(f"{rule_id}: Skipping writing shared implementation file to {str(shared_impl_query_library_path)}") # Write out the test. Test are always stored under the `language_name` - # directory. + # directory. if not skip_tests: shared_impl_test_dir = common_test_pack_dir.joinpath( - "rules", + "rules", shared_impl_dir_name ) @@ -174,7 +171,7 @@ def write_shared_implementation(package_name, rule_id, query, language_name, ql_ shared_impl_test_query_path = shared_impl_test_dir.joinpath( f"{query['shared_implementation_short_name']}.ql" ) - + with open(shared_impl_test_query_path, "w", newline="\n") as f: f.write("// GENERATED FILE - DO NOT MODIFY\n") f.write( @@ -202,13 +199,13 @@ def write_shared_implementation(package_name, rule_id, query, language_name, ql_ test_ref_file = test_src_dir.joinpath( query["short_name"] + ".testref") - # don't write it if it already exists + # don't write it if it already exists if not test_ref_file.exists(): with open(test_ref_file, "w", newline="\n") as f: f.write(str(shared_impl_test_query_path.relative_to( repo_root)).replace("\\", "/")) -def write_non_shared_testfiles(query, language_name, query_path, test_src_dir, src_pack_dir): +def write_non_shared_testfiles(rule_id, query, language_name, query_path, test_src_dir, src_pack_dir): # Add qlref test file print( rule_id + ": Writing out query test files to " + str(test_src_dir)) @@ -221,185 +218,197 @@ def write_non_shared_testfiles(query, language_name, query_path, test_src_dir, s expected_results_file = test_src_dir.joinpath( f"{query['short_name']}.expected" ) - + if not expected_results_file.exists(): with open(expected_results_file, "w", newline="\n") as f: f.write( "No expected results have yet been specified") -try: - rule_package_file = open(rule_package_file_path, "r") -except PermissionError: - print("Error: No permission to read the rule package file located at '" + - str(rule_package_file_path) + "'") - sys.exit(1) -else: - with rule_package_file: - package_definition = json.load(rule_package_file) - - # Initialize exclusion - exclusion_query = [] - - # Check query standard name is unique before proceeding - query_names = [] - for standard_name, rules in package_definition.items(): - for rule_id, rule_details in rules.items(): - for query in rule_details["queries"]: - query_names.append(query["short_name"]) - if len(query_names) > len(set(query_names)): - print( - "Error: " + "Duplicate query name detected, each query must have a unique query name.") - sys.exit(1) - - for standard_name, rules in package_definition.items(): - - # Identify the short name for the standard, used for directory and tag names - standard_short_name = standard_name.split("-")[0].lower() - # Currently assumes that language_name is also the subdirectory name - standard_dir = repo_root.joinpath( - language_name).joinpath(standard_short_name) - # Identify common src and test packs - common_dir = repo_root.joinpath( - ql_language_name).joinpath("common") - common_src_pack_dir = common_dir.joinpath("src") - # The language specific files always live under the commons for that - # language - common_test_pack_dir = repo_root.joinpath(language_name, "common", "test") - # Identify the source pack for this standard - src_pack_dir = standard_dir.joinpath("src") - for rule_id, rule_details in rules.items(): - # Identify and create the directories required for this rule - rule_src_dir = src_pack_dir.joinpath("rules").joinpath(rule_id) - rule_src_dir.mkdir(exist_ok=True, parents=True) - test_src_dir = standard_dir.joinpath( - "test/rules").joinpath(rule_id) - test_src_dir.mkdir(exist_ok=True, parents=True) - # Extract the rule category from the obligation property. - assert("properties" in rule_details and "obligation" in rule_details["properties"]) - rule_category = rule_details["properties"]["obligation"] - # Build list of tags for this rule to apply to each query - rule_query_tags = [] - for key, value in rule_details["properties"].items(): - if isinstance(value, list): - for v in value: - rule_query_tags.append( - standard_tag(standard_short_name, key, v)) - else: - rule_query_tags.append(standard_tag( - standard_short_name, key, value)) - - for q in rule_details["queries"]: - - # extract metadata and model - query, exclusion_model = extract_metadata_from_query( - rule_id, - rule_details["title"], - rule_category, - q, - rule_query_tags, - language_name, - ql_language_name, - standard_name, - standard_short_name, - standard_metadata, - args.anonymise - ) - # add query to each dict - exclusion_query.append(exclusion_model) - - # Path to query file we want to generate or modify - query_path = rule_src_dir.joinpath( - query["short_name"] + ".ql") - if not query_path.exists(): - # Doesn't already exist, generate full template, including imports and select - if len(query["short_name"]) > 50: - print( - "Error: " + query["short_name"] + " has more than 50 characters. Query name should be less than 50 characters. ") - sys.exit(1) - print(rule_id + ": Writing out query file to " + - str(query_path)) - query_template = env.get_template("query.ql.template") - write_template(query_template, query, - package_name, query_path) - else: - # Query file does already exist, so we only re-write the metadata - print( - rule_id + ": Re-writing metadata for query file at " + str(query_path)) - query_metadata_template = env.get_template( - "query.metadata.template") - # Generate the new metadata - new_metadata = query_metadata_template.render(**query) - with open(query_path, "r+", newline="\n") as query_file: - # Read the existing query file contents - existing_contents = query_file.read() - # Move cursor back to the start of the file, so we can write later - query_file.seek(0) - # Confirm that the query file is valid - if not existing_contents.startswith("/**"): - print("Error: " + " cannot modify the metadata for query file at " + str( - query_path) + " - does not start with /**.") - sys.exit(1) - pos_of_comment_end = existing_contents.find("*/") - if pos_of_comment_end == -1: - print("Error: " + " cannot modify the metadata for query file at " + str( - query_path) + " - does not include a */.") - sys.exit(1) - # Write the new contents to the query file - new_contents = new_metadata + \ - existing_contents[pos_of_comment_end + 2:] - # Write the new contents to the file - query_file.writelines(new_contents) - # Ensure any trailing old data is deleted - query_file.truncate() - - # Add some metadata for each supported standard - if standard_name == "CERT-C++": - query["standard_title"] = "CERT-C++" - query["standard_url"] = "https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=88046682" - elif standard_name == "AUTOSAR": - query["standard_title"] = "AUTOSAR: Guidelines for the use of the C++14 language in critical and safety-related systems" - query[ - "standard_url" - ] = "https://www.autosar.org/fileadmin/user_upload/standards/adaptive/19-11/AUTOSAR_RS_CPP14Guidelines.pdf" - - help_dir = None - if standard_name in external_help_file_standards: - if args.external_help_dir.is_dir() and args.external_help_dir.exists(): - help_dir = Path(args.external_help_dir).resolve() / (rule_src_dir.relative_to(repo_root)) - help_dir.mkdir(parents=True, exist_ok=True) +def resolve_package(package_name: str) -> Path: + global rule_packages_file_path, language_name + return rule_packages_file_path.joinpath( + language_name, package_name + ".json") + +def generate_package_files(package_name: str) -> None: + global language_name, env + rule_package_file_path = resolve_package(package_name) + print(str(rule_package_file_path)) + try: + rule_package_file = rule_package_file_path.open("r") + except PermissionError: + print("Error: No permission to read the rule package file located at '" + + str(rule_package_file_path) + "'") + sys.exit(1) + else: + with rule_package_file: + package_definition = json.load(rule_package_file) + + # Initialize exclusion + exclusion_query = [] + + # Check query standard name is unique before proceeding + query_names = [] + for standard_name, rules in package_definition.items(): + for rule_id, rule_details in rules.items(): + for query in rule_details["queries"]: + query_names.append(query["short_name"]) + if len(query_names) > len(set(query_names)): + print( + "Error: " + "Duplicate query name detected, each query must have a unique query name.") + sys.exit(1) + + for standard_name, rules in package_definition.items(): + + # Identify the short name for the standard, used for directory and tag names + standard_short_name = standard_name.split("-")[0].lower() + # Currently assumes that language_name is also the subdirectory name + standard_dir = repo_root.joinpath( + language_name).joinpath(standard_short_name) + # Identify common src and test packs + common_dir = repo_root.joinpath( + ql_language_name).joinpath("common") + common_src_pack_dir = common_dir.joinpath("src") + # The language specific files always live under the commons for that + # language + common_test_pack_dir = repo_root.joinpath(language_name, "common", "test") + # Identify the source pack for this standard + src_pack_dir = standard_dir.joinpath("src") + for rule_id, rule_details in rules.items(): + # Identify and create the directories required for this rule + rule_src_dir = src_pack_dir.joinpath("rules").joinpath(rule_id) + rule_src_dir.mkdir(exist_ok=True, parents=True) + test_src_dir = standard_dir.joinpath( + "test/rules").joinpath(rule_id) + test_src_dir.mkdir(exist_ok=True, parents=True) + # Extract the rule category from the obligation property. + assert("properties" in rule_details and "obligation" in rule_details["properties"]) + rule_category = rule_details["properties"]["obligation"] + # Build list of tags for this rule to apply to each query + rule_query_tags = [] + for key, value in rule_details["properties"].items(): + if isinstance(value, list): + for v in value: + rule_query_tags.append( + standard_tag(standard_short_name, key, v)) else: - print(f"{rule_id} : Skipping writing of help file for {query_path} because no existing external help directory is provided!") - else: - help_dir = rule_src_dir - if help_dir: - write_query_help_file(help_dir, env, query, package_name, rule_id, standard_name) - - if "shared_implementation_short_name" in query: - write_shared_implementation(package_name, rule_id, query, language_name, ql_language_name, common_src_pack_dir, common_test_pack_dir, args.skip_shared_test_generation) - else: - write_non_shared_testfiles(query, language_name, query_path, test_src_dir, src_pack_dir) - # Exclusions - exclusions_template = env.get_template("exclusions.qll.template") - common_exclusions_dir = common_src_pack_dir.joinpath( - "codingstandards", - ql_language_name, - "exclusions") - # assign package and sanitize - package_name = package_name.replace("-", "") - package_name = package_name[:1].upper() + package_name[1:] - exclusion_library_file = common_exclusions_dir.joinpath(language_name, - package_name + ".qll") - # write exclusions file - print(package_name + ": Writing out exclusions file to " + - str(exclusion_library_file)) - - os.makedirs(common_exclusions_dir.joinpath( - language_name), exist_ok=True) - - write_exclusion_template(exclusions_template, exclusion_query, - package_name, language_name, exclusion_library_file) + rule_query_tags.append(standard_tag( + standard_short_name, key, value)) + + for q in rule_details["queries"]: + + # extract metadata and model + query, exclusion_model = extract_metadata_from_query( + rule_id, + rule_details["title"], + rule_category, + q, + rule_query_tags, + language_name, + ql_language_name, + standard_name, + standard_short_name, + standard_metadata, + args.anonymise + ) + # add query to each dict + exclusion_query.append(exclusion_model) + + # Path to query file we want to generate or modify + query_path = rule_src_dir.joinpath( + query["short_name"] + ".ql") + if not query_path.exists(): + # Doesn't already exist, generate full template, including imports and select + if len(query["short_name"]) > 50: + print( + "Error: " + query["short_name"] + " has more than 50 characters. Query name should be less than 50 characters. ") + sys.exit(1) + print(rule_id + ": Writing out query file to " + + str(query_path)) + query_template = env.get_template("query.ql.template") + write_template(query_template, query, + package_name, query_path) + else: + # Query file does already exist, so we only re-write the metadata + print( + rule_id + ": Re-writing metadata for query file at " + str(query_path)) + query_metadata_template = env.get_template( + "query.metadata.template") + # Generate the new metadata + new_metadata = query_metadata_template.render(**query) + with open(query_path, "r+", newline="\n") as query_file: + # Read the existing query file contents + existing_contents = query_file.read() + # Move cursor back to the start of the file, so we can write later + query_file.seek(0) + # Confirm that the query file is valid + if not existing_contents.startswith("/**"): + print("Error: " + " cannot modify the metadata for query file at " + str( + query_path) + " - does not start with /**.") + sys.exit(1) + pos_of_comment_end = existing_contents.find("*/") + if pos_of_comment_end == -1: + print("Error: " + " cannot modify the metadata for query file at " + str( + query_path) + " - does not include a */.") + sys.exit(1) + + # Write the new contents to the query file + new_contents = new_metadata + \ + existing_contents[pos_of_comment_end + 2:] + # Write the new contents to the file + query_file.writelines(new_contents) + # Ensure any trailing old data is deleted + query_file.truncate() + + # Add some metadata for each supported standard + if standard_name == "CERT-C++": + query["standard_title"] = "CERT-C++" + query["standard_url"] = "https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=88046682" + elif standard_name == "AUTOSAR": + query["standard_title"] = "AUTOSAR: Guidelines for the use of the C++14 language in critical and safety-related systems" + query[ + "standard_url" + ] = "https://www.autosar.org/fileadmin/user_upload/standards/adaptive/19-11/AUTOSAR_RS_CPP14Guidelines.pdf" + + help_dir = None + if standard_name in external_help_file_standards: + if args.external_help_dir.is_dir() and args.external_help_dir.exists(): + help_dir = Path(args.external_help_dir).resolve() / (rule_src_dir.relative_to(repo_root)) + help_dir.mkdir(parents=True, exist_ok=True) + else: + print(f"{rule_id} : Skipping writing of help file for {query_path} because no existing external help directory is provided!") + else: + help_dir = rule_src_dir + if help_dir: + write_query_help_file(help_dir, env, query, package_name, rule_id, standard_name) + if "shared_implementation_short_name" in query: + write_shared_implementation(package_name, rule_id, query, language_name, ql_language_name, common_src_pack_dir, common_test_pack_dir, test_src_dir, args.skip_shared_test_generation) + else: + write_non_shared_testfiles(rule_id, query, language_name, query_path, test_src_dir, src_pack_dir) + # Exclusions + exclusions_template = env.get_template("exclusions.qll.template") + common_exclusions_dir = common_src_pack_dir.joinpath( + "codingstandards", + ql_language_name, + "exclusions") + # assign package and sanitize + package_name = package_name.replace("-", "") + package_name = package_name[:1].upper() + package_name[1:] + exclusion_library_file = common_exclusions_dir.joinpath(language_name, + package_name + ".qll") + # write exclusions file + print(package_name + ": Writing out exclusions file to " + + str(exclusion_library_file)) + + os.makedirs(common_exclusions_dir.joinpath( + language_name), exist_ok=True) + + write_exclusion_template(exclusions_template, exclusion_query, + package_name, language_name, exclusion_library_file) + +for package_name in args.package_names: + generate_package_files(package_name) # After updating these files, the metadata should be regenerated print("==========================================================") From 1d4b947eb6ac50202667fff9d74c8a552b624d73 Mon Sep 17 00:00:00 2001 From: Remco Vermeulen Date: Thu, 25 Aug 2022 13:57:04 -0700 Subject: [PATCH 06/43] Address incorrect format exclusion files --- cpp/common/src/codingstandards/cpp/exclusions/c/Banned.qll | 4 +--- .../src/codingstandards/cpp/exclusions/c/Concurrency1.qll | 4 +--- .../src/codingstandards/cpp/exclusions/c/Concurrency2.qll | 4 +--- .../src/codingstandards/cpp/exclusions/c/Concurrency3.qll | 4 +--- .../src/codingstandards/cpp/exclusions/c/Contracts1.qll | 4 +--- .../src/codingstandards/cpp/exclusions/c/Declarations1.qll | 4 +--- .../src/codingstandards/cpp/exclusions/c/Expressions.qll | 4 +--- cpp/common/src/codingstandards/cpp/exclusions/c/IO1.qll | 4 +--- cpp/common/src/codingstandards/cpp/exclusions/c/IO2.qll | 4 +--- cpp/common/src/codingstandards/cpp/exclusions/c/IO3.qll | 4 +--- cpp/common/src/codingstandards/cpp/exclusions/c/Misc.qll | 4 +--- cpp/common/src/codingstandards/cpp/exclusions/c/Pointers1.qll | 4 +--- cpp/common/src/codingstandards/cpp/exclusions/c/Pointers2.qll | 4 +--- .../src/codingstandards/cpp/exclusions/c/Preprocessor1.qll | 4 +--- .../src/codingstandards/cpp/exclusions/c/Preprocessor2.qll | 4 +--- .../src/codingstandards/cpp/exclusions/c/Preprocessor3.qll | 4 +--- .../src/codingstandards/cpp/exclusions/c/Preprocessor4.qll | 4 +--- .../src/codingstandards/cpp/exclusions/c/Preprocessor5.qll | 4 +--- .../src/codingstandards/cpp/exclusions/c/SideEffects1.qll | 4 +--- .../src/codingstandards/cpp/exclusions/c/SideEffects2.qll | 4 +--- cpp/common/src/codingstandards/cpp/exclusions/c/Strings1.qll | 4 +--- cpp/common/src/codingstandards/cpp/exclusions/c/Strings2.qll | 4 +--- cpp/common/src/codingstandards/cpp/exclusions/c/Strings3.qll | 4 +--- cpp/common/src/codingstandards/cpp/exclusions/c/Syntax.qll | 4 +--- 24 files changed, 24 insertions(+), 72 deletions(-) diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Banned.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Banned.qll index c8f199ace7..888e0863a3 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Banned.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Banned.qll @@ -24,9 +24,7 @@ newtype BannedQuery = TOctalConstantsUsedQuery() or TRestrictTypeQualifierUsedQuery() -predicate isBannedQueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isBannedQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `doNotCallSystem` query BannedPackage::doNotCallSystemQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Concurrency1.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Concurrency1.qll index 0821bf38ad..ed3a82c28d 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Concurrency1.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Concurrency1.qll @@ -8,9 +8,7 @@ newtype Concurrency1Query = TRaceConditionsWhenUsingLibraryFunctionsQuery() or TDoNotCallSignalInMultithreadedProgramQuery() -predicate isConcurrency1QueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isConcurrency1QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `preventDataRacesWithMultipleThreads` query Concurrency1Package::preventDataRacesWithMultipleThreadsQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Concurrency2.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Concurrency2.qll index 4577431951..38a3eaa513 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Concurrency2.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Concurrency2.qll @@ -7,9 +7,7 @@ newtype Concurrency2Query = TDeadlockByLockingInPredefinedOrderQuery() or TWrapFunctionsThatCanSpuriouslyWakeUpInLoopQuery() -predicate isConcurrency2QueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isConcurrency2QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `deadlockByLockingInPredefinedOrder` query Concurrency2Package::deadlockByLockingInPredefinedOrderQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Concurrency3.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Concurrency3.qll index ec3ada4552..982ea21543 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Concurrency3.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Concurrency3.qll @@ -9,9 +9,7 @@ newtype Concurrency3Query = TPreserveSafetyWhenUsingConditionVariablesQuery() or TWrapFunctionsThatCanFailSpuriouslyInLoopQuery() -predicate isConcurrency3QueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isConcurrency3QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `doNotAllowAMutexToGoOutOfScopeWhileLocked` query Concurrency3Package::doNotAllowAMutexToGoOutOfScopeWhileLockedQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Contracts1.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Contracts1.qll index 75ed7605fb..3336438b98 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Contracts1.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Contracts1.qll @@ -7,9 +7,7 @@ newtype Contracts1Query = TDoNotModifyTheReturnValueOfCertainFunctionsQuery() or TEnvPointerIsInvalidAfterCertainOperationsQuery() -predicate isContracts1QueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isContracts1QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `doNotModifyTheReturnValueOfCertainFunctions` query Contracts1Package::doNotModifyTheReturnValueOfCertainFunctionsQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Declarations1.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Declarations1.qll index 238c43e511..c5ffaa56e3 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Declarations1.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Declarations1.qll @@ -11,9 +11,7 @@ newtype Declarations1Query = TMacroIdentifiersNotDistinctQuery() or TMacroIdentifierNotDistinctFromParameterQuery() -predicate isDeclarations1QueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isDeclarations1QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `declareIdentifiersBeforeUsingThem` query Declarations1Package::declareIdentifiersBeforeUsingThemQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Expressions.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Expressions.qll index 58bd9237cc..fab8e21d01 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Expressions.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Expressions.qll @@ -9,9 +9,7 @@ newtype ExpressionsQuery = TCallPOSIXOpenWithCorrectArgumentCountQuery() or TDoNotUseABitwiseOperatorWithABooleanLikeOperandQuery() -predicate isExpressionsQueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isExpressionsQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `doNotCallFunctionPointerWithIncompatibleType` query ExpressionsPackage::doNotCallFunctionPointerWithIncompatibleTypeQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/IO1.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/IO1.qll index bbb1778c86..b3c1bdd428 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/IO1.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/IO1.qll @@ -12,9 +12,7 @@ newtype IO1Query = TUndefinedBehaviorAccessingAClosedFileQuery() or TFileUsedAfterClosedQuery() -predicate isIO1QueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isIO1QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `excludeUserInputFromFormatStrings` query IO1Package::excludeUserInputFromFormatStringsQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/IO2.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/IO2.qll index f909539540..6208470e24 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/IO2.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/IO2.qll @@ -9,9 +9,7 @@ newtype IO2Query = TDoNotCallGetcAndPutcWithSideEffectsQuery() or TOnlyUseValuesForFsetposThatAreReturnedFromFgetposQuery() -predicate isIO2QueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isIO2QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `doNotCopyAFileObject` query IO2Package::doNotCopyAFileObjectQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/IO3.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/IO3.qll index 16e34ecb27..9aac753c0b 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/IO3.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/IO3.qll @@ -11,9 +11,7 @@ newtype IO3Query = TPointerToAFileObjectDereferencedQuery() or TEofShallBeComparedWithUnmodifiedReturnValuesQuery() -predicate isIO3QueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isIO3QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `doNotPerformFileOperationsOnDevices` query IO3Package::doNotPerformFileOperationsOnDevicesQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Misc.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Misc.qll index fa372c0ffb..9535c8a6d1 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Misc.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Misc.qll @@ -8,9 +8,7 @@ newtype MiscQuery = TProperlySeedPseudorandomNumberGeneratorsQuery() or TControlFlowReachesTheEndOfANonVoidFunctionQuery() -predicate isMiscQueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isMiscQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `randUsedForGeneratingPseudorandomNumbers` query MiscPackage::randUsedForGeneratingPseudorandomNumbersQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Pointers1.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Pointers1.qll index 35fbcef3fd..e35f0f3a88 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Pointers1.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Pointers1.qll @@ -22,9 +22,7 @@ newtype Pointers1Query = TObjectWithNoPointerDereferenceShouldBeOpaqueQuery() or TPointerShouldPointToConstTypeWhenPossibleQuery() -predicate isPointers1QueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isPointers1QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `conversionBetweenFunctionPointerAndOtherType` query Pointers1Package::conversionBetweenFunctionPointerAndOtherTypeQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Pointers2.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Pointers2.qll index 558c57144a..476388612e 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Pointers2.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Pointers2.qll @@ -5,9 +5,7 @@ import codingstandards.cpp.exclusions.RuleMetadata newtype Pointers2Query = TDoNotAddOrSubtractAScaledIntegerToAPointerQuery() -predicate isPointers2QueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isPointers2QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `doNotAddOrSubtractAScaledIntegerToAPointer` query Pointers2Package::doNotAddOrSubtractAScaledIntegerToAPointerQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor1.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor1.qll index 9231d99e46..1f3c9bba38 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor1.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor1.qll @@ -9,9 +9,7 @@ newtype Preprocessor1Query = TForbiddenCharactersInHeaderFileNameQuery() or TIdentifiersUsedInPreprocessorExpressionQuery() -predicate isPreprocessor1QueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isPreprocessor1QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `includeDirectivesPrecededByDirectivesOrComments` query Preprocessor1Package::includeDirectivesPrecededByDirectivesOrCommentsQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor2.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor2.qll index 0442ccf74c..bc6fc91da6 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor2.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor2.qll @@ -9,9 +9,7 @@ newtype Preprocessor2Query = TUndefShouldNotBeUsedQuery() or TPrecautionIncludeGuardsNotProvidedQuery() -predicate isPreprocessor2QueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isPreprocessor2QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `moreThanOneHashOperatorInMacroDefinition` query Preprocessor2Package::moreThanOneHashOperatorInMacroDefinitionQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor3.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor3.qll index 51708339a1..1b9ed9374e 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor3.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor3.qll @@ -5,9 +5,7 @@ import codingstandards.cpp.exclusions.RuleMetadata newtype Preprocessor3Query = TControllingExpressionIfDirectiveQuery() -predicate isPreprocessor3QueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isPreprocessor3QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `controllingExpressionIfDirective` query Preprocessor3Package::controllingExpressionIfDirectiveQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor4.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor4.qll index 3baabc600b..8b30501183 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor4.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor4.qll @@ -8,9 +8,7 @@ newtype Preprocessor4Query = TFunctionLikeMacroArgsContainHashTokenCQueryQuery() or TDefineAndUndefUsedOnReservedIdentifierOrMacroNameQuery() -predicate isPreprocessor4QueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isPreprocessor4QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `macroDefinedWithTheSameNameAsKeyword` query Preprocessor4Package::macroDefinedWithTheSameNameAsKeywordQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor5.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor5.qll index e0a7743aaf..0d35690408 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor5.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Preprocessor5.qll @@ -8,9 +8,7 @@ newtype Preprocessor5Query = TMacroOrFunctionArgsContainHashTokenQuery() or TMacroParameterNotEnclosedInParenthesesCQueryQuery() -predicate isPreprocessor5QueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isPreprocessor5QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `doNotTreatAPredefinedIdentifierAsObject` query Preprocessor5Package::doNotTreatAPredefinedIdentifierAsObjectQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/SideEffects1.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/SideEffects1.qll index af5c529bc3..24175cdfb7 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/SideEffects1.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/SideEffects1.qll @@ -15,9 +15,7 @@ newtype SideEffects1Query = TPossibleSuppressedSideEffectInLogicOperatorOperandQuery() or TSizeofOperandWithSideEffectQuery() -predicate isSideEffects1QueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isSideEffects1QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `dependenceOnOrderOfScalarEvaluationForSideEffects` query SideEffects1Package::dependenceOnOrderOfScalarEvaluationForSideEffectsQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/SideEffects2.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/SideEffects2.qll index d02b2d16e7..82e5c0c5d2 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/SideEffects2.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/SideEffects2.qll @@ -7,9 +7,7 @@ newtype SideEffects2Query = TSideEffectAndCrementInFullExpressionQuery() or TModificationOfFunctionParameterQuery() -predicate isSideEffects2QueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isSideEffects2QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `sideEffectAndCrementInFullExpression` query SideEffects2Package::sideEffectAndCrementInFullExpressionQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Strings1.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Strings1.qll index 9fd719a7fb..e306df55bf 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Strings1.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Strings1.qll @@ -8,9 +8,7 @@ newtype Strings1Query = TStringsHasSufficientSpaceForTheNullTerminatorQuery() or TNonNullTerminatedToFunctionThatExpectsAStringQuery() -predicate isStrings1QueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isStrings1QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `doNotAttemptToModifyStringLiterals` query Strings1Package::doNotAttemptToModifyStringLiteralsQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Strings2.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Strings2.qll index 44ef427314..99dd98d68e 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Strings2.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Strings2.qll @@ -5,9 +5,7 @@ import codingstandards.cpp.exclusions.RuleMetadata newtype Strings2Query = TToCharacterHandlingFunctionsRepresentableAsUCharQuery() -predicate isStrings2QueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isStrings2QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `toCharacterHandlingFunctionsRepresentableAsUChar` query Strings2Package::toCharacterHandlingFunctionsRepresentableAsUCharQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Strings3.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Strings3.qll index 0b20b59e90..760f54b9fa 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Strings3.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Strings3.qll @@ -7,9 +7,7 @@ newtype Strings3Query = TCastCharBeforeConvertingToLargerSizesQuery() or TDoNotConfuseNarrowAndWideFunctionsQuery() -predicate isStrings3QueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isStrings3QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `castCharBeforeConvertingToLargerSizes` query Strings3Package::castCharBeforeConvertingToLargerSizesQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/c/Syntax.qll b/cpp/common/src/codingstandards/cpp/exclusions/c/Syntax.qll index 4c949da3b8..3a53cf05c3 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/c/Syntax.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/c/Syntax.qll @@ -12,9 +12,7 @@ newtype SyntaxQuery = TUOrUSuffixRepresentedInUnsignedTypeQuery() or TLowercaseCharacterLUsedInLiteralSuffixQuery() -predicate isSyntaxQueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isSyntaxQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `characterSequencesAndUsedWithinAComment` query SyntaxPackage::characterSequencesAndUsedWithinACommentQuery() and From aeab8c3ed583abff8963f878d55f7b0686f2d49d Mon Sep 17 00:00:00 2001 From: Remco Vermeulen Date: Thu, 25 Aug 2022 15:44:54 -0700 Subject: [PATCH 07/43] Switch to GH managed CodeQL cli --- .../workflows/validate-coding-standards.yml | 22 ++++++++++++++----- 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/.github/workflows/validate-coding-standards.yml b/.github/workflows/validate-coding-standards.yml index adc2b32908..0346227b7f 100644 --- a/.github/workflows/validate-coding-standards.yml +++ b/.github/workflows/validate-coding-standards.yml @@ -28,6 +28,15 @@ jobs: with: python-version: "3.9" + - name: Install CodeQL + run: | + VERSION="v$( jq -r '.supported_environment | .[0] | .codeql_cli' supported_codeql_configs.json)" + gh extensions install github/gh-codeql + gh codeql set-version "$VERSION" + gh codeql install-stub + env: + GITHUB_TOKEN: ${{ github.token }} + - name: Install generate_package_files.py dependencies run: pip install -r scripts/requirements.txt @@ -68,17 +77,18 @@ jobs: - name: Checkout uses: actions/checkout@v2 - - name: Fetch CodeQL + - name: Install CodeQL run: | - TAG="v$( jq -r '.supported_environment | .[0] | .codeql_cli' supported_codeql_configs.json)" - gh release download $TAG --repo https://github.com/github/codeql-cli-binaries --pattern codeql-linux64.zip - unzip -q codeql-linux64.zip + VERSION="v$( jq -r '.supported_environment | .[0] | .codeql_cli' supported_codeql_configs.json)" + gh extensions install github/gh-codeql + gh codeql set-version "$VERSION" + gh codeql install-stub env: GITHUB_TOKEN: ${{ github.token }} - name: Validate CodeQL Format (CPP) run: | - find cpp -name \*.ql -or -name \*.qll -print0 | xargs -0 --max-procs "$XARGS_MAX_PROCS" codeql/codeql query format --in-place + find cpp -name \*.ql -or -name \*.qll -print0 | xargs -0 --max-procs "$XARGS_MAX_PROCS" codeql query format --in-place git diff git diff --compact-summary @@ -86,7 +96,7 @@ jobs: - name: Validate CodeQL Format (C) run: | - find c -name \*.ql -or -name \*.qll -print0 | xargs -0 --max-procs "$XARGS_MAX_PROCS" codeql/codeql query format --in-place + find c -name \*.ql -or -name \*.qll -print0 | xargs -0 --max-procs "$XARGS_MAX_PROCS" codeql query format --in-place git diff git diff --compact-summary From acb0ff1a3fa8a5bebb1c9ffb3ed581e3b5de2b9b Mon Sep 17 00:00:00 2001 From: Remco Vermeulen Date: Thu, 25 Aug 2022 15:56:56 -0700 Subject: [PATCH 08/43] Address race condition in package file generation Each file generation for a package will update the shared meta data value for the language the package belongs to. Running generation in parallel will result in a race condition which may result in inconsistent meta data files. --- .github/workflows/validate-coding-standards.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/validate-coding-standards.yml b/.github/workflows/validate-coding-standards.yml index 0346227b7f..a57634dfc0 100644 --- a/.github/workflows/validate-coding-standards.yml +++ b/.github/workflows/validate-coding-standards.yml @@ -58,14 +58,14 @@ jobs: - name: Validate Package Files (CPP) run: | - find rule_packages/cpp -name \*.json -exec basename {} .json \; | xargs --max-procs "$XARGS_MAX_PROCS" --max-args 1 python scripts/generate_rules/generate_package_files.py cpp + find rule_packages/cpp -name \*.json -exec basename {} .json \; | xargs python scripts/generate_rules/generate_package_files.py cpp git diff git diff --compact-summary git diff --quiet - name: Validate Package Files (C) run: | - find rule_packages/c -name \*.json -exec basename {} .json \; | xargs --max-procs "$XARGS_MAX_PROCS" --max-args 1 python scripts/generate_rules/generate_package_files.py c + find rule_packages/c -name \*.json -exec basename {} .json \; | xargs python scripts/generate_rules/generate_package_files.py c git diff git diff --compact-summary git diff --quiet From 0bdf01120b5b90fda1fc193a39a7502ac3562c5b Mon Sep 17 00:00:00 2001 From: Remco Vermeulen Date: Mon, 29 Aug 2022 12:19:28 -0700 Subject: [PATCH 09/43] Address incorrect formatting --- .../src/codingstandards/cpp/exclusions/cpp/Allocations.qll | 4 +--- .../codingstandards/cpp/exclusions/cpp/BannedFunctions.qll | 4 +--- .../codingstandards/cpp/exclusions/cpp/BannedLibraries.qll | 4 +--- .../src/codingstandards/cpp/exclusions/cpp/BannedSyntax.qll | 4 +--- .../src/codingstandards/cpp/exclusions/cpp/BannedTypes.qll | 4 +--- cpp/common/src/codingstandards/cpp/exclusions/cpp/Classes.qll | 4 +--- .../src/codingstandards/cpp/exclusions/cpp/Comments.qll | 4 +--- .../src/codingstandards/cpp/exclusions/cpp/Concurrency.qll | 4 +--- .../src/codingstandards/cpp/exclusions/cpp/Conditionals.qll | 4 +--- cpp/common/src/codingstandards/cpp/exclusions/cpp/Const.qll | 4 +--- .../src/codingstandards/cpp/exclusions/cpp/DeadCode.qll | 4 +--- .../src/codingstandards/cpp/exclusions/cpp/Declarations.qll | 4 +--- .../codingstandards/cpp/exclusions/cpp/ExceptionSafety.qll | 4 +--- .../src/codingstandards/cpp/exclusions/cpp/Exceptions1.qll | 4 +--- .../src/codingstandards/cpp/exclusions/cpp/Exceptions2.qll | 4 +--- .../src/codingstandards/cpp/exclusions/cpp/Expressions.qll | 4 +--- cpp/common/src/codingstandards/cpp/exclusions/cpp/Freed.qll | 4 +--- .../src/codingstandards/cpp/exclusions/cpp/Functions.qll | 4 +--- cpp/common/src/codingstandards/cpp/exclusions/cpp/IO.qll | 4 +--- .../src/codingstandards/cpp/exclusions/cpp/Includes.qll | 4 +--- .../src/codingstandards/cpp/exclusions/cpp/Inheritance.qll | 4 +--- .../src/codingstandards/cpp/exclusions/cpp/Initialization.qll | 4 +--- .../src/codingstandards/cpp/exclusions/cpp/Invariants.qll | 4 +--- .../src/codingstandards/cpp/exclusions/cpp/Iterators.qll | 4 +--- cpp/common/src/codingstandards/cpp/exclusions/cpp/Lambdas.qll | 4 +--- .../src/codingstandards/cpp/exclusions/cpp/Literals.qll | 4 +--- cpp/common/src/codingstandards/cpp/exclusions/cpp/Loops.qll | 4 +--- cpp/common/src/codingstandards/cpp/exclusions/cpp/Macros.qll | 4 +--- .../src/codingstandards/cpp/exclusions/cpp/MoveForward.qll | 4 +--- cpp/common/src/codingstandards/cpp/exclusions/cpp/Naming.qll | 4 +--- cpp/common/src/codingstandards/cpp/exclusions/cpp/Null.qll | 4 +--- .../src/codingstandards/cpp/exclusions/cpp/Operators.qll | 4 +--- .../src/codingstandards/cpp/exclusions/cpp/OutOfBounds.qll | 4 +--- .../src/codingstandards/cpp/exclusions/cpp/Pointers.qll | 4 +--- .../src/codingstandards/cpp/exclusions/cpp/Representation.qll | 4 +--- cpp/common/src/codingstandards/cpp/exclusions/cpp/Scope.qll | 4 +--- .../src/codingstandards/cpp/exclusions/cpp/SideEffects1.qll | 4 +--- .../src/codingstandards/cpp/exclusions/cpp/SideEffects2.qll | 4 +--- .../src/codingstandards/cpp/exclusions/cpp/SmartPointers1.qll | 4 +--- .../src/codingstandards/cpp/exclusions/cpp/SmartPointers2.qll | 4 +--- cpp/common/src/codingstandards/cpp/exclusions/cpp/Strings.qll | 4 +--- .../src/codingstandards/cpp/exclusions/cpp/Templates.qll | 4 +--- .../src/codingstandards/cpp/exclusions/cpp/Toolchain.qll | 4 +--- .../codingstandards/cpp/exclusions/cpp/TrustBoundaries.qll | 4 +--- .../src/codingstandards/cpp/exclusions/cpp/TypeRanges.qll | 4 +--- .../src/codingstandards/cpp/exclusions/cpp/Uninitialized.qll | 4 +--- 46 files changed, 46 insertions(+), 138 deletions(-) diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Allocations.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Allocations.qll index b030945851..56bdf2b954 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Allocations.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Allocations.qll @@ -26,9 +26,7 @@ newtype AllocationsQuery = TOperatorDeleteMissingPartnerCertQuery() or TUsingDefaultOperatorNewForOverAlignedTypesQuery() -predicate isAllocationsQueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isAllocationsQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `placementNewNotProperlyAlignedAutosar` query AllocationsPackage::placementNewNotProperlyAlignedAutosarQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/BannedFunctions.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/BannedFunctions.qll index 2bd4c25284..c17972650b 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/BannedFunctions.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/BannedFunctions.qll @@ -16,9 +16,7 @@ newtype BannedFunctionsQuery = TDoNotUseRandForGeneratingPseudorandomNumbersQuery() or TPreferSpecialMemberFunctionsAndOverloadedOperatorsToCStandardLibraryFunctionsQuery() -predicate isBannedFunctionsQueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isBannedFunctionsQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `functionsMallocCallocReallocAndFreeUsed` query BannedFunctionsPackage::functionsMallocCallocReallocAndFreeUsedQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/BannedLibraries.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/BannedLibraries.qll index 4b35ba7d90..9a314e79c6 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/BannedLibraries.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/BannedLibraries.qll @@ -17,9 +17,7 @@ newtype BannedLibrariesQuery = TCstdioTypesUsedQuery() or TUsageOfAssemblerNotDocumentedQuery() -predicate isBannedLibrariesQueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isBannedLibrariesQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `reservedIdentifiersMacrosAndFunctionsAreDefinedRedefinedOrUndefined` query BannedLibrariesPackage::reservedIdentifiersMacrosAndFunctionsAreDefinedRedefinedOrUndefinedQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/BannedSyntax.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/BannedSyntax.qll index d78a7a5e3e..c473616374 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/BannedSyntax.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/BannedSyntax.qll @@ -22,9 +22,7 @@ newtype BannedSyntaxQuery = TUsingDeclarationsUsedInHeaderFilesQuery() or TDoNotDefineACStyleVariadicFunctionQuery() -predicate isBannedSyntaxQueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isBannedSyntaxQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `friendDeclarationsUsed` query BannedSyntaxPackage::friendDeclarationsUsedQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/BannedTypes.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/BannedTypes.qll index b53c0e2381..8328a0f4d4 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/BannedTypes.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/BannedTypes.qll @@ -9,9 +9,7 @@ newtype BannedTypesQuery = TAutoPtrTypeUsedQuery() or TTypeWcharTUsedQuery() -predicate isBannedTypesQueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isBannedTypesQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `typeLongDoubleUsed` query BannedTypesPackage::typeLongDoubleUsedQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Classes.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Classes.qll index 15bef7ea1a..92c7a4280e 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Classes.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Classes.qll @@ -23,9 +23,7 @@ newtype ClassesQuery = TMemberDataInNonPodClassTypesNotPrivateQuery() or TOffsetUsedOnInvalidTypeOrMemberQuery() -predicate isClassesQueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isClassesQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `nonPodTypeShouldBeDefinedAsClass` query ClassesPackage::nonPodTypeShouldBeDefinedAsClassQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Comments.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Comments.qll index 1d32994c0c..9d4d186122 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Comments.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Comments.qll @@ -10,9 +10,7 @@ newtype CommentsQuery = TSlashStarUsedWithinACStyleCommentQuery() or TNullOnSharedLineQuery() -predicate isCommentsQueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isCommentsQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `singleLineCommentEndsWithSlash` query CommentsPackage::singleLineCommentEndsWithSlashQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Concurrency.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Concurrency.qll index 936b09705a..8038d4e51e 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Concurrency.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Concurrency.qll @@ -14,9 +14,7 @@ newtype ConcurrencyQuery = TDoNotSpeculativelyLockALockedNonRecursiveMutexQuery() or TLockedALockedNonRecursiveMutexAuditQuery() -predicate isConcurrencyQueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isConcurrencyQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `doNotAllowAMutexToGoOutOfScopeWhileLocked` query ConcurrencyPackage::doNotAllowAMutexToGoOutOfScopeWhileLockedQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Conditionals.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Conditionals.qll index 90538feaf6..979e51e5c8 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Conditionals.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Conditionals.qll @@ -22,9 +22,7 @@ newtype ConditionalsQuery = TGotoStatementJumpConditionQuery() or TContinueInForLoopConditionQuery() -predicate isConditionalsQueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isConditionalsQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `nonBooleanIfCondition` query ConditionalsPackage::nonBooleanIfConditionQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Const.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Const.qll index 74da377047..1245139eb1 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Const.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Const.qll @@ -18,9 +18,7 @@ newtype ConstQuery = TMemberFunctionConstIfPossibleQuery() or TRemoveConstOrVolatileQualificationCertQuery() -predicate isConstQueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isConstQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `removeConstOrVolatileQualificationAutosar` query ConstPackage::removeConstOrVolatileQualificationAutosarQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/DeadCode.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/DeadCode.qll index d2c2dd31a6..40b8795e5e 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/DeadCode.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/DeadCode.qll @@ -21,9 +21,7 @@ newtype DeadCodeQuery = TSingleUseMemberPODVariableQuery() or TDeadCodeQuery() -predicate isDeadCodeQueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isDeadCodeQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `uselessAssignment` query DeadCodePackage::uselessAssignmentQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Declarations.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Declarations.qll index fc48d7c195..5d51fd522f 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Declarations.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Declarations.qll @@ -22,9 +22,7 @@ newtype DeclarationsQuery = TTypesNotIdenticalInObjectDeclarationsQuery() or TTypesNotIdenticalInReturnDeclarationsQuery() -predicate isDeclarationsQueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isDeclarationsQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `operatorNewAndOperatorDeleteNotDefinedLocally` query DeclarationsPackage::operatorNewAndOperatorDeleteNotDefinedLocallyQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/ExceptionSafety.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/ExceptionSafety.qll index f75670da7d..bab954a505 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/ExceptionSafety.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/ExceptionSafety.qll @@ -10,9 +10,7 @@ newtype ExceptionSafetyQuery = TGuaranteeExceptionSafetyQuery() or TDoNotLeakResourcesWhenHandlingExceptionsQuery() -predicate isExceptionSafetyQueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isExceptionSafetyQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `exceptionSafetyGuaranteesNotProvided` query ExceptionSafetyPackage::exceptionSafetyGuaranteesNotProvidedQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Exceptions1.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Exceptions1.qll index 63d77d621b..c4937348e8 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Exceptions1.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Exceptions1.qll @@ -39,9 +39,7 @@ newtype Exceptions1Query = TExceptionObjectsMustBeNothrowCopyConstructibleQuery() or TCatchExceptionsByLvalueReferenceQuery() -predicate isExceptions1QueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isExceptions1QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `exceptionThrownOnCompletion` query Exceptions1Package::exceptionThrownOnCompletionQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Exceptions2.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Exceptions2.qll index d182e0ba06..fa990c8f0f 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Exceptions2.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Exceptions2.qll @@ -22,9 +22,7 @@ newtype Exceptions2Query = TDoNotLetExceptionsEscapeFromDestructorsOrDeallocationFunctionsQuery() or TCatchBlockShadowingCertQuery() -predicate isExceptions2QueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isExceptions2QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `onlyThrowStdExceptionDerivedTypes` query Exceptions2Package::onlyThrowStdExceptionDerivedTypesQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Expressions.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Expressions.qll index 97010da072..9797b874e5 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Expressions.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Expressions.qll @@ -21,9 +21,7 @@ newtype ExpressionsQuery = TPassReferenceTypeToVaStartQuery() or TPassNonTrivialObjectToVaStartQuery() -predicate isExpressionsQueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isExpressionsQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `operationsAssumingMemoryLayoutPerformedOnObjects` query ExpressionsPackage::operationsAssumingMemoryLayoutPerformedOnObjectsQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Freed.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Freed.qll index 2be85fad11..00d3bbdf99 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Freed.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Freed.qll @@ -14,9 +14,7 @@ newtype FreedQuery = TObjectAccessedAfterLifetimeCertQuery() or TUseAfterFreeQuery() -predicate isFreedQueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isFreedQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `newDeleteArrayMismatch` query FreedPackage::newDeleteArrayMismatchQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Functions.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Functions.qll index 41a02da4a1..c83fd189d8 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Functions.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Functions.qll @@ -19,9 +19,7 @@ newtype FunctionsQuery = TNonVoidFunctionDoesNotReturnCertQuery() or TFunctionNoReturnAttributeConditionCertQuery() -predicate isFunctionsQueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isFunctionsQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `cStandardLibraryFunctionCalls` query FunctionsPackage::cStandardLibraryFunctionCallsQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/IO.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/IO.qll index c6a5748455..d8cadfc184 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/IO.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/IO.qll @@ -8,9 +8,7 @@ newtype IOQuery = TInterleavedInputOutputWithoutPositionQuery() or TCloseFilesWhenTheyAreNoLongerNeededQuery() -predicate isIOQueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isIOQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `interleavedInputOutputWithoutFlush` query IOPackage::interleavedInputOutputWithoutFlushQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Includes.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Includes.qll index 305d7dbdd7..f4eb83bc3e 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Includes.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Includes.qll @@ -11,9 +11,7 @@ newtype IncludesQuery = TExternalLinkageNotDeclaredInHeaderFileQuery() or TIncludeGuardsNotProvidedQuery() -predicate isIncludesQueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isIncludesQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `unusedIncludeDirectives` query IncludesPackage::unusedIncludeDirectivesQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Inheritance.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Inheritance.qll index 8e79ed1ee2..a3775b87d6 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Inheritance.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Inheritance.qll @@ -18,9 +18,7 @@ newtype InheritanceQuery = TDoNotSliceDerivedObjectsQuery() or TDoNotDeleteAPolymorphicObjectWithoutAVirtualDestructorQuery() -predicate isInheritanceQueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isInheritanceQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `publicInheritanceNotUsedForIsARelationship` query InheritancePackage::publicInheritanceNotUsedForIsARelationshipQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Initialization.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Initialization.qll index ec134439e3..6c8d0f5258 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Initialization.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Initialization.qll @@ -26,9 +26,7 @@ newtype InitializationQuery = TBadlySeededRandomNumberGeneratorQuery() or TUseCanonicalOrderForMemberInitQuery() -predicate isInitializationQueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isInitializationQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `explicitConstructorBaseClassInitialization` query InitializationPackage::explicitConstructorBaseClassInitializationQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Invariants.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Invariants.qll index c775dc05b9..7633df480a 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Invariants.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Invariants.qll @@ -11,9 +11,7 @@ newtype InvariantsQuery = THonorTerminationReplacementHandlerRequirementsQuery() or THonorNewReplacementHandlerRequirementsQuery() -predicate isInvariantsQueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isInvariantsQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `memoryManagementFunctionInvariants` query InvariantsPackage::memoryManagementFunctionInvariantsQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Iterators.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Iterators.qll index 0a6b8ffaba..5dac989603 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Iterators.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Iterators.qll @@ -12,9 +12,7 @@ newtype IteratorsQuery = TDoNotUseAnAdditiveOperatorOnAnIteratorQuery() or TUseValidReferencesForElementsOfStringQuery() -predicate isIteratorsQueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isIteratorsQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `iteratorImplicitlyConvertedToConstIterator` query IteratorsPackage::iteratorImplicitlyConvertedToConstIteratorQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Lambdas.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Lambdas.qll index 29a6cd5175..279b39ba9b 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Lambdas.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Lambdas.qll @@ -16,9 +16,7 @@ newtype LambdasQuery = TReturningLambdaObjectWithCaptureByReferenceQuery() or TEscapingLambdaObjectWithCaptureByReferenceQuery() -predicate isLambdasQueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isLambdasQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `implicitLambdaCapture` query LambdasPackage::implicitLambdaCaptureQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Literals.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Literals.qll index ab4cb729c6..16befefd32 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Literals.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Literals.qll @@ -16,9 +16,7 @@ newtype LiteralsQuery = TNullUsedAsIntegerValueQuery() or TLiteralZeroUsedAsNullPointerConstantQuery() -predicate isLiteralsQueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isLiteralsQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `useCorrectIntervalForDigitSequencesSeparators` query LiteralsPackage::useCorrectIntervalForDigitSequencesSeparatorsQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Loops.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Loops.qll index 7740922b1f..9d9b99989a 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Loops.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Loops.qll @@ -18,9 +18,7 @@ newtype LoopsQuery = TLoopControlVariableModifiedInLoopExpressionQuery() or TNonBooleanLoopControlVariableQuery() -predicate isLoopsQueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isLoopsQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `unusedLoopCounterForContainerIteration` query LoopsPackage::unusedLoopCounterForContainerIterationQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Macros.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Macros.qll index 65365eb1f0..0753ffeb48 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Macros.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Macros.qll @@ -17,9 +17,7 @@ newtype MacrosQuery = TMoreThanOneOccurrenceHashOperatorInMacroDefinitionQuery() or THashOperatorsShouldNotBeUsedQuery() -predicate isMacrosQueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isMacrosQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `preProcessorShallOnlyBeUsedForCertainDirectivesPatterns` query MacrosPackage::preProcessorShallOnlyBeUsedForCertainDirectivesPatternsQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/MoveForward.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/MoveForward.qll index 3d4884d6e7..4d61136610 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/MoveForward.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/MoveForward.qll @@ -12,9 +12,7 @@ newtype MoveForwardQuery = TForwardForwardingReferencesQuery() or TDoNotRelyOnTheValueOfAMovedFromObjectQuery() -predicate isMoveForwardQueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isMoveForwardQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `movedFromObjectReadAccessed` query MoveForwardPackage::movedFromObjectReadAccessedQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Naming.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Naming.qll index 3c64ed08f8..18f03e9c66 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Naming.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Naming.qll @@ -32,9 +32,7 @@ newtype NamingQuery = TFunctionReusesReservedNameQuery() or TEnumeratorReusesReservedNameQuery() -predicate isNamingQueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isNamingQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `userDefinedLiteralOperatorSuffixViolation` query NamingPackage::userDefinedLiteralOperatorSuffixViolationQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Null.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Null.qll index 5a13a9dab3..203bf242a6 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Null.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Null.qll @@ -8,9 +8,7 @@ newtype NullQuery = TParameterNotPassedByReferenceQuery() or TDoNotAttemptToCreateAStringFromANullPointerQuery() -predicate isNullQueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isNullQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `nullPointersDereferenced` query NullPackage::nullPointersDereferencedQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Operators.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Operators.qll index a71ce704e1..fe71289dbc 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Operators.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Operators.qll @@ -20,9 +20,7 @@ newtype OperatorsQuery = TUnaryMinusOperatorAppliedToAnExpressionWhoseUnderlyingTypeIsUnsignedQuery() or TUnaryOperatorOverloadedQuery() -predicate isOperatorsQueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isOperatorsQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `userDefinedAssignmentOperatorVirtual` query OperatorsPackage::userDefinedAssignmentOperatorVirtualQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/OutOfBounds.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/OutOfBounds.qll index 7d28b2c2a7..d1c3087339 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/OutOfBounds.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/OutOfBounds.qll @@ -9,9 +9,7 @@ newtype OutOfBoundsQuery = TGuaranteeGenericCppLibraryFunctionsDoNotOverflowQuery() or TRangeCheckStringElementAccessQuery() -predicate isOutOfBoundsQueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isOutOfBoundsQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `containerAccessWithoutRangeCheckAutosar` query OutOfBoundsPackage::containerAccessWithoutRangeCheckAutosarQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Pointers.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Pointers.qll index 19c0d5b55d..1dd5bef4c8 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Pointers.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Pointers.qll @@ -28,9 +28,7 @@ newtype PointersQuery = TMemberAccessWithUninitializedStaticPointerToMemberQuery() or TUseOfPointerToMemberToAccessNonexistentMemberQuery() -predicate isPointersQueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isPointersQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `pointerToAnElementOfAnArrayPassedToASmartPointer` query PointersPackage::pointerToAnElementOfAnArrayPassedToASmartPointerQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Representation.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Representation.qll index be6293d77a..a423cfd4ff 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Representation.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Representation.qll @@ -13,9 +13,7 @@ newtype RepresentationQuery = TMemcmpUsedToAccessObjectRepresentationQuery() or TMemcpyUsedToAccessObjectRepresentationQuery() -predicate isRepresentationQueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isRepresentationQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `bitFieldsShallBeUsedOnlyWhenInterfacingToHardwareOrConformingToCommunicationProtocols` query RepresentationPackage::bitFieldsShallBeUsedOnlyWhenInterfacingToHardwareOrConformingToCommunicationProtocolsQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Scope.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Scope.qll index b01c79063c..c4a21040eb 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Scope.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Scope.qll @@ -22,9 +22,7 @@ newtype ScopeQuery = TUnnamedNamespaceInHeaderFileQuery() or TOneDefinitionRuleNotObeyedQuery() -predicate isScopeQueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isScopeQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `nonStandardEntitiesInStandardNamespaces` query ScopePackage::nonStandardEntitiesInStandardNamespacesQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/SideEffects1.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/SideEffects1.qll index 5442969616..37f323a6cb 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/SideEffects1.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/SideEffects1.qll @@ -15,9 +15,7 @@ newtype SideEffects1Query = TDoNotRelyOnSideEffectsInDeclTypeOperandQuery() or TDoNotRelyOnSideEffectsInDeclValExpressionQuery() -predicate isSideEffects1QueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isSideEffects1QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `evaluationOfTheOperandToTheTypeidOperatorContainSideEffects` query SideEffects1Package::evaluationOfTheOperandToTheTypeidOperatorContainSideEffectsQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/SideEffects2.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/SideEffects2.qll index 6ae64ce070..7ba094b13e 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/SideEffects2.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/SideEffects2.qll @@ -14,9 +14,7 @@ newtype SideEffects2Query = TFunctionsWithVoidReturnTypeShallHaveExternalSideEffectsQuery() or TPredicateFunctionObjectsShouldNotBeMutableQuery() -predicate isSideEffects2QueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isSideEffects2QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `moveConstructorShallOnlyMoveObject` query SideEffects2Package::moveConstructorShallOnlyMoveObjectQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/SmartPointers1.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/SmartPointers1.qll index f678b53437..5b11807014 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/SmartPointers1.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/SmartPointers1.qll @@ -14,9 +14,7 @@ newtype SmartPointers1Query = TUniquePtrPassedToFunctionWithImproperSemanticsQuery() or TSharedPtrPassedToFunctionWithImproperSemanticsQuery() -predicate isSmartPointers1QueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isSmartPointers1QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `ownedPointerValueStoredInUnrelatedSmartPointerAsar` query SmartPointers1Package::ownedPointerValueStoredInUnrelatedSmartPointerAsarQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/SmartPointers2.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/SmartPointers2.qll index a0a93ebca5..aa0755a024 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/SmartPointers2.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/SmartPointers2.qll @@ -7,9 +7,7 @@ newtype SmartPointers2Query = TWeakPtrNotUsedToRepresentTemporarySharedOwnershipQuery() or TOwnedPointerValueStoredInUnrelatedSmartPointerCertQuery() -predicate isSmartPointers2QueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isSmartPointers2QueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `weakPtrNotUsedToRepresentTemporarySharedOwnership` query SmartPointers2Package::weakPtrNotUsedToRepresentTemporarySharedOwnershipQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Strings.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Strings.qll index c267571625..e40e1e7d7f 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Strings.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Strings.qll @@ -13,9 +13,7 @@ newtype StringsQuery = TBasicStringMayNotBeNullTerminatedCertQuery() or TOperationMayNotNullTerminateCStyleStringCertQuery() -predicate isStringsQueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isStringsQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `stringLiteralsAssignedToNonConstantPointers` query StringsPackage::stringLiteralsAssignedToNonConstantPointersQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Templates.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Templates.qll index 2b35c0e7c2..d5eeb959a4 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Templates.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Templates.qll @@ -13,9 +13,7 @@ newtype TemplatesQuery = TNameNotReferredUsingAQualifiedIdOrThisQuery() or TNameNotReferredUsingAQualifiedIdOrThisAuditQuery() -predicate isTemplatesQueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isTemplatesQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `templateShouldCheckArg` query TemplatesPackage::templateShouldCheckArgQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Toolchain.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Toolchain.qll index a9a17f7eb8..7dcf9f523a 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Toolchain.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Toolchain.qll @@ -16,9 +16,7 @@ newtype ToolchainQuery = TCompilerWarningLevelNotInComplianceQuery() or TUncompliantOptimizationOptionMustBeDisabledInCompilerQuery() -predicate isToolchainQueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isToolchainQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `floatingPointImplementationShallComplyWithIeeeStandard` query ToolchainPackage::floatingPointImplementationShallComplyWithIeeeStandardQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/TrustBoundaries.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/TrustBoundaries.qll index 967974a661..38014aea5f 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/TrustBoundaries.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/TrustBoundaries.qll @@ -8,9 +8,7 @@ newtype TrustBoundariesQuery = TDoNotThrowAnExceptionAcrossExecutionBoundariesQuery() or TDoNotPassANonstandardObjectAcrossBoundariesQuery() -predicate isTrustBoundariesQueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isTrustBoundariesQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `exceptionsThrownAcrossExecutionBoundaries` query TrustBoundariesPackage::exceptionsThrownAcrossExecutionBoundariesQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/TypeRanges.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/TypeRanges.qll index 96f4e4dfad..4dce9bbfe7 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/TypeRanges.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/TypeRanges.qll @@ -15,9 +15,7 @@ newtype TypeRangesQuery = TDetectErrorsWhenConvertingAStringToANumberQuery() or TDoNotCastToAnOutOfRangeEnumerationValueQuery() -predicate isTypeRangesQueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isTypeRangesQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `uncheckedRangeDomainPoleErrors` query TypeRangesPackage::uncheckedRangeDomainPoleErrorsQuery() and diff --git a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Uninitialized.qll b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Uninitialized.qll index 8c116a8095..e5eddf1b04 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/cpp/Uninitialized.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/cpp/Uninitialized.qll @@ -8,9 +8,7 @@ newtype UninitializedQuery = TInformationLeakageAcrossTrustBoundariesQuery() or TDoNotReadUninitializedMemoryQuery() -predicate isUninitializedQueryMetadata( - Query query, string queryId, string ruleId, string category -) { +predicate isUninitializedQueryMetadata(Query query, string queryId, string ruleId, string category) { query = // `Query` instance for the `memoryNotInitializedBeforeItIsRead` query UninitializedPackage::memoryNotInitializedBeforeItIsReadQuery() and From 9edb1dad7dee39651c73a1df8c1bc4ab97fd8acc Mon Sep 17 00:00:00 2001 From: Remco Vermeulen Date: Mon, 29 Aug 2022 15:29:51 -0700 Subject: [PATCH 10/43] Use the effective category in the exclusion process In this commit we expand the meta data `Query` class to provide an effective category that is determined by combining a query's category and a possible active Guideline Recategorization Plan. The exclusion process now validates for a query with an associated deviation record whether the effective category allows a deviation. If this is not allowed, then the deviation record is not applied. Any deviation record applied to a query with an effective category not permitting deviation is considered invalid and will be listed in the analysis report. --- .../src/codingstandards/cpp/Exclusions.qll | 3 +- .../cpp/deviations/Deviations.qll | 7 +++ .../cpp/exclusions/RuleMetadata.qll | 45 +++++++++++++++++++ .../GuidelineRecategorizations.qll | 26 ----------- .../InvalidDeviationPermits.expected | 4 +- .../InvalidDeviationRecords.expected | 3 +- .../invalid_deviations/coding-standards.xml | 14 +++--- .../invalid_deviations/coding-standards.yml | 2 + 8 files changed, 69 insertions(+), 35 deletions(-) diff --git a/cpp/common/src/codingstandards/cpp/Exclusions.qll b/cpp/common/src/codingstandards/cpp/Exclusions.qll index af4b8521d4..6c0078bded 100644 --- a/cpp/common/src/codingstandards/cpp/Exclusions.qll +++ b/cpp/common/src/codingstandards/cpp/Exclusions.qll @@ -32,7 +32,8 @@ predicate isExcluded(Element e, Query query) { or not exists(e.getFile()) or - // There exists a `DeviationRecord` that applies to this element and query + // There exists a `DeviationRecord` that applies to this element and query, and the query's effective category permits deviation. + query.getEffectiveCategory().permitsDeviation() and exists(DeviationRecord dr | applyDeviationsAtQueryLevel() | // The element is in a file which has a deviation for this query exists(string path | diff --git a/cpp/common/src/codingstandards/cpp/deviations/Deviations.qll b/cpp/common/src/codingstandards/cpp/deviations/Deviations.qll index 18f022cff2..9399607e3d 100644 --- a/cpp/common/src/codingstandards/cpp/deviations/Deviations.qll +++ b/cpp/common/src/codingstandards/cpp/deviations/Deviations.qll @@ -332,6 +332,13 @@ class DeviationRecord extends XMLElement { hasPermitId() and not hasADeviationPermit() and result = "There is no deviation permit with id `" + getPermitId() + "`." + or + exists(Query q | q.getQueryId() = getQueryId() | + not q.getEffectiveCategory().permitsDeviation() and + result = + "The deviation is applied to a query with the rule category '" + + q.getEffectiveCategory().toString() + "' that does not permit a deviation." + ) } /** Holds if the deviation record is valid */ diff --git a/cpp/common/src/codingstandards/cpp/exclusions/RuleMetadata.qll b/cpp/common/src/codingstandards/cpp/exclusions/RuleMetadata.qll index 4fece00b92..72b91c3e29 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/RuleMetadata.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/RuleMetadata.qll @@ -1,11 +1,47 @@ import cpp private import cpp.RuleMetadata as CPPRuleMetadata private import c.RuleMetadata as CRuleMetadata +private import codingstandards.cpp.guideline_recategorizations.GuidelineRecategorizations newtype TQuery = TQueryCPP(CPPRuleMetadata::TCPPQuery t) or TQueryC(CRuleMetadata::TCQuery t) +private predicate isMisraRuleCategory(string category) { + category = ["disapplied", "advisory", "required", "mandatory"] +} + +newtype TEffectiveCategory = + TInvalid(string reason) { + exists(GuidelineRecategorization gr | reason = gr.getAnInvalidReason()) + } or + TDisapplied() or + TAdvisory() or + TRequired() or + TMandatory() or + TNonMisraRuleCategory(string category) { + exists(Query q | q.getCategory() = category | not isMisraRuleCategory(category)) + } + +class EffectiveCategory extends TEffectiveCategory { + string toString() { + this instanceof TInvalid and result = "invalid" + or + this instanceof TDisapplied and result = "disapplied" + or + this instanceof TAdvisory and result = "advisory" + or + this instanceof TRequired and result = "required" + or + this instanceof TMandatory and result = "mandatory" + or + this = TNonMisraRuleCategory(result) + } + + /** Holds if the effective category permits a deviation */ + predicate permitsDeviation() { not this instanceof TMandatory and not this instanceof TInvalid } +} + class Query extends TQuery { string getQueryId() { CPPRuleMetadata::isQueryMetadata(this, result, _, _) or @@ -22,5 +58,14 @@ class Query extends TQuery { CRuleMetadata::isQueryMetadata(this, _, _, result) } + EffectiveCategory getEffectiveCategory() { + if exists(GuidelineRecategorization gr | gr.getQuery() = this) + then + exists(GuidelineRecategorization gr | gr.getQuery() = this | + result = gr.getEffectiveCategory() + ) + else result.toString() = this.getCategory() + } + string toString() { result = getQueryId() } } diff --git a/cpp/common/src/codingstandards/cpp/guideline_recategorizations/GuidelineRecategorizations.qll b/cpp/common/src/codingstandards/cpp/guideline_recategorizations/GuidelineRecategorizations.qll index 69eb862ea2..ff148a4a72 100644 --- a/cpp/common/src/codingstandards/cpp/guideline_recategorizations/GuidelineRecategorizations.qll +++ b/cpp/common/src/codingstandards/cpp/guideline_recategorizations/GuidelineRecategorizations.qll @@ -12,32 +12,6 @@ class GuidelineRecategorizations extends CodingStandardsConfigSection { GuidelineRecategorizations() { hasName("guideline-recategorizations") } } -newtype TEffectiveCategory = - TInvalid(string reason) { - exists(GuidelineRecategorization gr | reason = gr.getAnInvalidReason()) - } or - TDisapplied() or - TAdvisory() or - TRequired() or - TMandatory() - -class EffectiveCategory extends TEffectiveCategory { - string toString() { - this instanceof TInvalid and result = "invalid" - or - this instanceof TDisapplied and result = "disapplied" - or - this instanceof TAdvisory and result = "advisory" - or - this instanceof TRequired and result = "required" - or - this instanceof TMandatory and result = "mandatory" - } - - /** Holds if the effective category permits a deviation */ - predicate permitsDeviation() { not this instanceof TMandatory and not this instanceof TInvalid } -} - class GuidelineRecategorization extends XMLElement { GuidelineRecategorization() { getParent() instanceof GuidelineRecategorizations and diff --git a/cpp/common/test/deviations/invalid_deviations/InvalidDeviationPermits.expected b/cpp/common/test/deviations/invalid_deviations/InvalidDeviationPermits.expected index f5630aa947..433dc8a342 100644 --- a/cpp/common/test/deviations/invalid_deviations/InvalidDeviationPermits.expected +++ b/cpp/common/test/deviations/invalid_deviations/InvalidDeviationPermits.expected @@ -1,2 +1,2 @@ -| coding-standards.xml:96:7:99:33 | deviation-permits-entry | deviations/invalid_deviations/coding-standards.xml: Deviation permit does not specify a permit identifier. | -| coding-standards.xml:100:7:103:33 | deviation-permits-entry | deviations/invalid_deviations/coding-standards.xml: Deviation permit specifies unknown property `invalid-property`. | +| coding-standards.xml:100:7:103:33 | deviation-permits-entry | deviations/invalid_deviations/coding-standards.xml: Deviation permit does not specify a permit identifier. | +| coding-standards.xml:104:7:107:33 | deviation-permits-entry | deviations/invalid_deviations/coding-standards.xml: Deviation permit specifies unknown property `invalid-property`. | diff --git a/cpp/common/test/deviations/invalid_deviations/InvalidDeviationRecords.expected b/cpp/common/test/deviations/invalid_deviations/InvalidDeviationRecords.expected index f68aa49e43..c4f66eeaf5 100644 --- a/cpp/common/test/deviations/invalid_deviations/InvalidDeviationRecords.expected +++ b/cpp/common/test/deviations/invalid_deviations/InvalidDeviationRecords.expected @@ -1,4 +1,4 @@ -| coding-standards.xml:5:7:5:26 | deviations-entry | deviations/invalid_deviations/coding-standards.xml: No rule-id and query-id specified for this deviation record. | +| coding-standards.xml:5:7:5:27 | deviations-entry | deviations/invalid_deviations/coding-standards.xml: No rule-id and query-id specified for this deviation record. | | coding-standards.xml:6:7:8:26 | deviations-entry | deviations/invalid_deviations/coding-standards.xml: The rule-id `bad rule id` for this deviation matches none of the available queries. | | coding-standards.xml:9:7:11:26 | deviations-entry | deviations/invalid_deviations/coding-standards.xml: A query-id of `bad rule id` is specified for this deviation, but not rule-id is specified. | | coding-standards.xml:15:7:17:26 | deviations-entry | deviations/invalid_deviations/coding-standards.xml: A query-id of `cpp/autosar/useless-assignment` is specified for this deviation, but not rule-id is specified. | @@ -11,3 +11,4 @@ | coding-standards.xml:51:7:61:26 | deviations-entry | deviations/invalid_deviations/coding-standards.xml: A deviation `approved-by` is specified without providing both a `name` and `date`. | | coding-standards.xml:74:7:78:26 | deviations-entry | deviations/invalid_deviations/coding-standards.xml: There is no deviation permit with id `non-existing-permit`. | | coding-standards.xml:79:7:81:26 | deviations-entry | deviations/invalid_deviations/coding-standards.xml: No rule-id and query-id specified for this deviation record. | +| coding-standards.xml:85:7:88:26 | deviations-entry | deviations/invalid_deviations/coding-standards.xml: The deviation is applied to a query with the rule category 'mandatory' that does not permit a deviation. | diff --git a/cpp/common/test/deviations/invalid_deviations/coding-standards.xml b/cpp/common/test/deviations/invalid_deviations/coding-standards.xml index 9667878e0f..179227a13d 100644 --- a/cpp/common/test/deviations/invalid_deviations/coding-standards.xml +++ b/cpp/common/test/deviations/invalid_deviations/coding-standards.xml @@ -1,8 +1,8 @@ - + - + bad rule id @@ -22,7 +22,7 @@ A0-1-1 cpp/autosar/useless-assignment - + A0-1-1 @@ -46,7 +46,7 @@ foo3 1970-01-01Z - + A0-1-1 @@ -82,6 +82,10 @@ DP2 + + RULE-13-6 + c/misra/sizeof-operand-with-side-effect + @@ -102,4 +106,4 @@ invalid-property - + \ No newline at end of file diff --git a/cpp/common/test/deviations/invalid_deviations/coding-standards.yml b/cpp/common/test/deviations/invalid_deviations/coding-standards.yml index 1f0b1b3b09..7b12c7a8c2 100644 --- a/cpp/common/test/deviations/invalid_deviations/coding-standards.yml +++ b/cpp/common/test/deviations/invalid_deviations/coding-standards.yml @@ -44,6 +44,8 @@ deviations: permit-id: non-existing-permit - permit-id: DP1 - permit-id: DP2 + - rule-id: RULE-13-6 + query-id: c/misra/sizeof-operand-with-side-effect deviation-permits: - permit-id: DP1 justification: foo bar baz From c33952eb22bc1ab386025cc4bafbf82e9bcbfad0 Mon Sep 17 00:00:00 2001 From: Remco Vermeulen Date: Tue, 30 Aug 2022 16:09:18 -0700 Subject: [PATCH 11/43] Add `isExcluded/3` that includes the reason for exclusion This is used for debugging and testing purposes and cannot be used in our standard queries due to the required negation and the possible infinite possible values for reason. --- .../src/codingstandards/cpp/Exclusions.qll | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/cpp/common/src/codingstandards/cpp/Exclusions.qll b/cpp/common/src/codingstandards/cpp/Exclusions.qll index 6c0078bded..1178120b1c 100644 --- a/cpp/common/src/codingstandards/cpp/Exclusions.qll +++ b/cpp/common/src/codingstandards/cpp/Exclusions.qll @@ -25,12 +25,15 @@ predicate isExcluded(Element e) { } bindingset[e, query] -predicate isExcluded(Element e, Query query) { - e instanceof ExcludedElement +predicate isExcluded(Element e, Query query) { isExcluded(e, query, _) } + +bindingset[e, query] +predicate isExcluded(Element e, Query query, string reason) { + e instanceof ExcludedElement and reason = "Element is an excluded element." or - e.getFile() instanceof ExcludedFile + e.getFile() instanceof ExcludedFile and reason = "Element is part of an excluded file." or - not exists(e.getFile()) + not exists(e.getFile()) and reason = "Element is not part of the source repository." or // There exists a `DeviationRecord` that applies to this element and query, and the query's effective category permits deviation. query.getEffectiveCategory().permitsDeviation() and @@ -39,7 +42,8 @@ predicate isExcluded(Element e, Query query) { exists(string path | dr.isDeviated(query, path) and e.getFile().getRelativePath().prefix(path.length()) = path - ) + ) and + reason = "Query has an associated deviation record for the element's file." or // The element is on the same line as a suppression comment exists(Comment c | @@ -51,6 +55,8 @@ predicate isExcluded(Element e, Query query) { e.getLocation().hasLocationInfo(filepath, _, _, endLine, _) and c.getLocation().hasLocationInfo(filepath, endLine, _, _, _) ) - ) + ) and + reason = + "Query has an associated deviation record with a code identifier that is applied to the element." ) } From 61c33be1ef13f8755d5f674c59ebf8ad0cf40140 Mon Sep 17 00:00:00 2001 From: Remco Vermeulen Date: Tue, 30 Aug 2022 16:11:08 -0700 Subject: [PATCH 12/43] Exclude queries with effective category disapplied. --- cpp/common/src/codingstandards/cpp/Exclusions.qll | 5 +++++ .../src/codingstandards/cpp/exclusions/RuleMetadata.qll | 3 +++ 2 files changed, 8 insertions(+) diff --git a/cpp/common/src/codingstandards/cpp/Exclusions.qll b/cpp/common/src/codingstandards/cpp/Exclusions.qll index 1178120b1c..bdc11eeb43 100644 --- a/cpp/common/src/codingstandards/cpp/Exclusions.qll +++ b/cpp/common/src/codingstandards/cpp/Exclusions.qll @@ -59,4 +59,9 @@ predicate isExcluded(Element e, Query query, string reason) { reason = "Query has an associated deviation record with a code identifier that is applied to the element." ) + or + // The effective category of the query is 'Disapplied'. + // This can occur when a Guideline Recategorization Plan is applied. + query.getEffectiveCategory().isDisapplied() and + reason = "The query is disapplied." } diff --git a/cpp/common/src/codingstandards/cpp/exclusions/RuleMetadata.qll b/cpp/common/src/codingstandards/cpp/exclusions/RuleMetadata.qll index 72b91c3e29..189da2a2e0 100644 --- a/cpp/common/src/codingstandards/cpp/exclusions/RuleMetadata.qll +++ b/cpp/common/src/codingstandards/cpp/exclusions/RuleMetadata.qll @@ -40,6 +40,9 @@ class EffectiveCategory extends TEffectiveCategory { /** Holds if the effective category permits a deviation */ predicate permitsDeviation() { not this instanceof TMandatory and not this instanceof TInvalid } + + /** Holds if the effective category is 'Disapplied'. */ + predicate isDisapplied() { this instanceof TDisapplied } } class Query extends TQuery { From 703c3e96c1a7c7bffa462db8dbe85507250dfac4 Mon Sep 17 00:00:00 2001 From: Remco Vermeulen Date: Tue, 30 Aug 2022 16:11:56 -0700 Subject: [PATCH 13/43] Add test case for disapplied queries. --- .../DisappliedQuery.expected | 1 + .../DisappliedQuery.ql | 25 +++++++++++++++++++ .../guideline_recategorizations/a0-1-6.cpp | 1 + 3 files changed, 27 insertions(+) create mode 100644 cpp/common/test/guideline_recategorizations/DisappliedQuery.expected create mode 100644 cpp/common/test/guideline_recategorizations/DisappliedQuery.ql create mode 100644 cpp/common/test/guideline_recategorizations/a0-1-6.cpp diff --git a/cpp/common/test/guideline_recategorizations/DisappliedQuery.expected b/cpp/common/test/guideline_recategorizations/DisappliedQuery.expected new file mode 100644 index 0000000000..215a334c23 --- /dev/null +++ b/cpp/common/test/guideline_recategorizations/DisappliedQuery.expected @@ -0,0 +1 @@ +| a0-1-6.cpp:1:7:1:7 | A | Unused type declaration A is not reported with reason 'The query is disapplied.'. | diff --git a/cpp/common/test/guideline_recategorizations/DisappliedQuery.ql b/cpp/common/test/guideline_recategorizations/DisappliedQuery.ql new file mode 100644 index 0000000000..0254eca9bd --- /dev/null +++ b/cpp/common/test/guideline_recategorizations/DisappliedQuery.ql @@ -0,0 +1,25 @@ +/** + * @id cpp/guideline-recategorizations/disapplied-query + * @name Query based on A0-1-6 to test disapplied category + * @kind problem + * @precision very-high + * @problem.severity warning + * @tags external/autosar/id/a0-1-6 + * external/autosar/obligation/advisory + */ + +import cpp +import codingstandards.cpp.CodingStandards +import codingstandards.cpp.TypeUses +import codingstandards.cpp.exclusions.cpp.RuleMetadata + +from UserType ut, string reason +where + isExcluded(ut, DeadCodePackage::unusedTypeDeclarationsQuery(), reason) and + exists(ut.getFile()) and + not ut instanceof TemplateParameter and + not ut instanceof ProxyClass and + not exists(getATypeUse(ut)) and + not ut.isFromUninstantiatedTemplate(_) +select ut, + "Unused type declaration " + ut.getName() + " is not reported with reason '" + reason + "'." diff --git a/cpp/common/test/guideline_recategorizations/a0-1-6.cpp b/cpp/common/test/guideline_recategorizations/a0-1-6.cpp new file mode 100644 index 0000000000..f0dae258ba --- /dev/null +++ b/cpp/common/test/guideline_recategorizations/a0-1-6.cpp @@ -0,0 +1 @@ +class A {}; // Unused type declaration \ No newline at end of file From 87d7d82847169eb2a01af0205c57a1caa492bd93 Mon Sep 17 00:00:00 2001 From: Remco Vermeulen Date: Thu, 13 Oct 2022 18:29:43 -0700 Subject: [PATCH 14/43] Add guideline recategorization post processing script --- schemas/coding-standards-schema-1.0.0.json | 54 + schemas/sarif-schema-2.1.0.json | 3370 +++++++++++++++++ .../recategorize.py | 188 + .../requirements.txt | 6 + 4 files changed, 3618 insertions(+) create mode 100644 schemas/coding-standards-schema-1.0.0.json create mode 100644 schemas/sarif-schema-2.1.0.json create mode 100644 scripts/guideline_recategorization/recategorize.py create mode 100644 scripts/guideline_recategorization/requirements.txt diff --git a/schemas/coding-standards-schema-1.0.0.json b/schemas/coding-standards-schema-1.0.0.json new file mode 100644 index 0000000000..d7ed2fc240 --- /dev/null +++ b/schemas/coding-standards-schema-1.0.0.json @@ -0,0 +1,54 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema", + "$id": "https://raw.githubusercontent.com/github/codeql-coding-standards/main/schemas/coding-standards-schema-1.0.0.json", + "additionalProperties": false, + "definitions": { + "guideline-category": { + "enum": [ + "mandatory", + "required", + "advisory", + "disapplied" + ] + }, + "guideline-recategorization": { + "type": "object", + "properties": { + "rule-id": { + "type": "string" + }, + "category": { + "$ref": "#/definitions/guideline-category" + } + }, + "required": [ + "rule-id", + "category" + ] + } + }, + "properties": { + "report-deviated-alerts": { + "description": "When true includes alerts with an applicable deviation. Used for report generation.", + "type": "boolean" + }, + "deviations": { + "description": "A set of deviation records.", + "type": "array" + }, + "deviation-permits": { + "description": "A set of deviation permits.", + "type": "array" + }, + "guideline-recategorizations": { + "type": "array", + "minProperties": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/guideline-recategorization" + } + } + }, + "required": [], + "type": "object" +} \ No newline at end of file diff --git a/schemas/sarif-schema-2.1.0.json b/schemas/sarif-schema-2.1.0.json new file mode 100644 index 0000000000..e0b6524571 --- /dev/null +++ b/schemas/sarif-schema-2.1.0.json @@ -0,0 +1,3370 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "Static Analysis Results Format (SARIF) Version 2.1.0 JSON Schema", + "$id": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", + "description": "Static Analysis Results Format (SARIF) Version 2.1.0 JSON Schema: a standard format for the output of static analysis tools.", + "additionalProperties": false, + "type": "object", + "properties": { + + "$schema": { + "description": "The URI of the JSON schema corresponding to the version.", + "type": "string", + "format": "uri" + }, + + "version": { + "description": "The SARIF format version of this log file.", + "enum": [ "2.1.0" ] + }, + + "runs": { + "description": "The set of runs contained in this log file.", + "type": "array", + "minItems": 0, + "uniqueItems": false, + "items": { + "$ref": "#/definitions/run" + } + }, + + "inlineExternalProperties": { + "description": "References to external property files that share data between runs.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/externalProperties" + } + }, + + "properties": { + "description": "Key/value pairs that provide additional information about the log file.", + "$ref": "#/definitions/propertyBag" + } + }, + + "required": [ "version", "runs" ], + + "definitions": { + + "address": { + "description": "A physical or virtual address, or a range of addresses, in an 'addressable region' (memory or a binary file).", + "additionalProperties": false, + "type": "object", + "properties": { + + "absoluteAddress": { + "description": "The address expressed as a byte offset from the start of the addressable region.", + "type": "integer", + "minimum": -1, + "default": -1 + + }, + + "relativeAddress": { + "description": "The address expressed as a byte offset from the absolute address of the top-most parent object.", + "type": "integer" + + }, + + "length": { + "description": "The number of bytes in this range of addresses.", + "type": "integer" + }, + + "kind": { + "description": "An open-ended string that identifies the address kind. 'data', 'function', 'header','instruction', 'module', 'page', 'section', 'segment', 'stack', 'stackFrame', 'table' are well-known values.", + "type": "string" + }, + + "name": { + "description": "A name that is associated with the address, e.g., '.text'.", + "type": "string" + }, + + "fullyQualifiedName": { + "description": "A human-readable fully qualified name that is associated with the address.", + "type": "string" + }, + + "offsetFromParent": { + "description": "The byte offset of this address from the absolute or relative address of the parent object.", + "type": "integer" + }, + + "index": { + "description": "The index within run.addresses of the cached object for this address.", + "type": "integer", + "default": -1, + "minimum": -1 + }, + + "parentIndex": { + "description": "The index within run.addresses of the parent object.", + "type": "integer", + "default": -1, + "minimum": -1 + }, + + "properties": { + "description": "Key/value pairs that provide additional information about the address.", + "$ref": "#/definitions/propertyBag" + } + } + }, + + "artifact": { + "description": "A single artifact. In some cases, this artifact might be nested within another artifact.", + "additionalProperties": false, + "type": "object", + "properties": { + + "description": { + "description": "A short description of the artifact.", + "$ref": "#/definitions/message" + }, + + "location": { + "description": "The location of the artifact.", + "$ref": "#/definitions/artifactLocation" + }, + + "parentIndex": { + "description": "Identifies the index of the immediate parent of the artifact, if this artifact is nested.", + "type": "integer", + "default": -1, + "minimum": -1 + }, + + "offset": { + "description": "The offset in bytes of the artifact within its containing artifact.", + "type": "integer", + "minimum": 0 + }, + + "length": { + "description": "The length of the artifact in bytes.", + "type": "integer", + "default": -1, + "minimum": -1 + }, + + "roles": { + "description": "The role or roles played by the artifact in the analysis.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "enum": [ + "analysisTarget", + "attachment", + "responseFile", + "resultFile", + "standardStream", + "tracedFile", + "unmodified", + "modified", + "added", + "deleted", + "renamed", + "uncontrolled", + "driver", + "extension", + "translation", + "taxonomy", + "policy", + "referencedOnCommandLine", + "memoryContents", + "directory", + "userSpecifiedConfiguration", + "toolSpecifiedConfiguration", + "debugOutputFile" + ] + } + }, + + "mimeType": { + "description": "The MIME type (RFC 2045) of the artifact.", + "type": "string", + "pattern": "[^/]+/.+" + }, + + "contents": { + "description": "The contents of the artifact.", + "$ref": "#/definitions/artifactContent" + }, + + "encoding": { + "description": "Specifies the encoding for an artifact object that refers to a text file.", + "type": "string" + }, + + "sourceLanguage": { + "description": "Specifies the source language for any artifact object that refers to a text file that contains source code.", + "type": "string" + }, + + "hashes": { + "description": "A dictionary, each of whose keys is the name of a hash function and each of whose values is the hashed value of the artifact produced by the specified hash function.", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + + "lastModifiedTimeUtc": { + "description": "The Coordinated Universal Time (UTC) date and time at which the artifact was most recently modified. See \"Date/time properties\" in the SARIF spec for the required format.", + "type": "string", + "format": "date-time" + }, + + "properties": { + "description": "Key/value pairs that provide additional information about the artifact.", + "$ref": "#/definitions/propertyBag" + } + } + }, + + "artifactChange": { + "description": "A change to a single artifact.", + "additionalProperties": false, + "type": "object", + "properties": { + + "artifactLocation": { + "description": "The location of the artifact to change.", + "$ref": "#/definitions/artifactLocation" + }, + + "replacements": { + "description": "An array of replacement objects, each of which represents the replacement of a single region in a single artifact specified by 'artifactLocation'.", + "type": "array", + "minItems": 1, + "uniqueItems": false, + "items": { + "$ref": "#/definitions/replacement" + } + }, + + "properties": { + "description": "Key/value pairs that provide additional information about the change.", + "$ref": "#/definitions/propertyBag" + } + + }, + + "required": [ "artifactLocation", "replacements" ] + }, + + "artifactContent": { + "description": "Represents the contents of an artifact.", + "type": "object", + "additionalProperties": false, + "properties": { + + "text": { + "description": "UTF-8-encoded content from a text artifact.", + "type": "string" + }, + + "binary": { + "description": "MIME Base64-encoded content from a binary artifact, or from a text artifact in its original encoding.", + "type": "string" + }, + + "rendered": { + "description": "An alternate rendered representation of the artifact (e.g., a decompiled representation of a binary region).", + "$ref": "#/definitions/multiformatMessageString" + }, + + "properties": { + "description": "Key/value pairs that provide additional information about the artifact content.", + "$ref": "#/definitions/propertyBag" + } + } + }, + + "artifactLocation": { + "description": "Specifies the location of an artifact.", + "additionalProperties": false, + "type": "object", + "properties": { + + "uri": { + "description": "A string containing a valid relative or absolute URI.", + "type": "string", + "format": "uri-reference" + }, + + "uriBaseId": { + "description": "A string which indirectly specifies the absolute URI with respect to which a relative URI in the \"uri\" property is interpreted.", + "type": "string" + }, + + "index": { + "description": "The index within the run artifacts array of the artifact object associated with the artifact location.", + "type": "integer", + "default": -1, + "minimum": -1 + }, + + "description": { + "description": "A short description of the artifact location.", + "$ref": "#/definitions/message" + }, + + "properties": { + "description": "Key/value pairs that provide additional information about the artifact location.", + "$ref": "#/definitions/propertyBag" + } + } + }, + + "attachment": { + "description": "An artifact relevant to a result.", + "type": "object", + "additionalProperties": false, + "properties": { + + "description": { + "description": "A message describing the role played by the attachment.", + "$ref": "#/definitions/message" + }, + + "artifactLocation": { + "description": "The location of the attachment.", + "$ref": "#/definitions/artifactLocation" + }, + + "regions": { + "description": "An array of regions of interest within the attachment.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "$ref": "#/definitions/region" + } + }, + + "rectangles": { + "description": "An array of rectangles specifying areas of interest within the image.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "$ref": "#/definitions/rectangle" + } + }, + + "properties": { + "description": "Key/value pairs that provide additional information about the attachment.", + "$ref": "#/definitions/propertyBag" + } + }, + + "required": [ "artifactLocation" ] + }, + + "codeFlow": { + "description": "A set of threadFlows which together describe a pattern of code execution relevant to detecting a result.", + "additionalProperties": false, + "type": "object", + "properties": { + + "message": { + "description": "A message relevant to the code flow.", + "$ref": "#/definitions/message" + }, + + "threadFlows": { + "description": "An array of one or more unique threadFlow objects, each of which describes the progress of a program through a thread of execution.", + "type": "array", + "minItems": 1, + "uniqueItems": false, + "items": { + "$ref": "#/definitions/threadFlow" + } + }, + + "properties": { + "description": "Key/value pairs that provide additional information about the code flow.", + "$ref": "#/definitions/propertyBag" + } + }, + + "required": [ "threadFlows" ] + }, + + "configurationOverride": { + "description": "Information about how a specific rule or notification was reconfigured at runtime.", + "type": "object", + "additionalProperties": false, + "properties": { + + "configuration": { + "description": "Specifies how the rule or notification was configured during the scan.", + "$ref": "#/definitions/reportingConfiguration" + }, + + "descriptor": { + "description": "A reference used to locate the descriptor whose configuration was overridden.", + "$ref": "#/definitions/reportingDescriptorReference" + }, + + "properties": { + "description": "Key/value pairs that provide additional information about the configuration override.", + "$ref": "#/definitions/propertyBag" + } + }, + "required": [ "configuration", "descriptor" ] + }, + + "conversion": { + "description": "Describes how a converter transformed the output of a static analysis tool from the analysis tool's native output format into the SARIF format.", + "additionalProperties": false, + "type": "object", + "properties": { + + "tool": { + "description": "A tool object that describes the converter.", + "$ref": "#/definitions/tool" + }, + + "invocation": { + "description": "An invocation object that describes the invocation of the converter.", + "$ref": "#/definitions/invocation" + }, + + "analysisToolLogFiles": { + "description": "The locations of the analysis tool's per-run log files.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "$ref": "#/definitions/artifactLocation" + } + }, + + "properties": { + "description": "Key/value pairs that provide additional information about the conversion.", + "$ref": "#/definitions/propertyBag" + } + + }, + + "required": [ "tool" ] + }, + + "edge": { + "description": "Represents a directed edge in a graph.", + "type": "object", + "additionalProperties": false, + "properties": { + + "id": { + "description": "A string that uniquely identifies the edge within its graph.", + "type": "string" + }, + + "label": { + "description": "A short description of the edge.", + "$ref": "#/definitions/message" + }, + + "sourceNodeId": { + "description": "Identifies the source node (the node at which the edge starts).", + "type": "string" + }, + + "targetNodeId": { + "description": "Identifies the target node (the node at which the edge ends).", + "type": "string" + }, + + "properties": { + "description": "Key/value pairs that provide additional information about the edge.", + "$ref": "#/definitions/propertyBag" + } + }, + + "required": [ "id", "sourceNodeId", "targetNodeId" ] + }, + + "edgeTraversal": { + "description": "Represents the traversal of a single edge during a graph traversal.", + "type": "object", + "additionalProperties": false, + "properties": { + + "edgeId": { + "description": "Identifies the edge being traversed.", + "type": "string" + }, + + "message": { + "description": "A message to display to the user as the edge is traversed.", + "$ref": "#/definitions/message" + }, + + "finalState": { + "description": "The values of relevant expressions after the edge has been traversed.", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/multiformatMessageString" + } + }, + + "stepOverEdgeCount": { + "description": "The number of edge traversals necessary to return from a nested graph.", + "type": "integer", + "minimum": 0 + }, + + "properties": { + "description": "Key/value pairs that provide additional information about the edge traversal.", + "$ref": "#/definitions/propertyBag" + } + }, + + "required": [ "edgeId" ] + }, + + "exception": { + "description": "Describes a runtime exception encountered during the execution of an analysis tool.", + "type": "object", + "additionalProperties": false, + "properties": { + + "kind": { + "type": "string", + "description": "A string that identifies the kind of exception, for example, the fully qualified type name of an object that was thrown, or the symbolic name of a signal." + }, + + "message": { + "description": "A message that describes the exception.", + "type": "string" + }, + + "stack": { + "description": "The sequence of function calls leading to the exception.", + "$ref": "#/definitions/stack" + }, + + "innerExceptions": { + "description": "An array of exception objects each of which is considered a cause of this exception.", + "type": "array", + "minItems": 0, + "uniqueItems": false, + "default": [], + "items": { + "$ref": "#/definitions/exception" + } + }, + + "properties": { + "description": "Key/value pairs that provide additional information about the exception.", + "$ref": "#/definitions/propertyBag" + } + } + }, + + "externalProperties": { + "description": "The top-level element of an external property file.", + "type": "object", + "additionalProperties": false, + "properties": { + + "schema": { + "description": "The URI of the JSON schema corresponding to the version of the external property file format.", + "type": "string", + "format": "uri" + }, + + "version": { + "description": "The SARIF format version of this external properties object.", + "enum": [ "2.1.0" ] + }, + + "guid": { + "description": "A stable, unique identifer for this external properties object, in the form of a GUID.", + "type": "string", + "pattern": "^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$" + }, + + "runGuid": { + "description": "A stable, unique identifer for the run associated with this external properties object, in the form of a GUID.", + "type": "string", + "pattern": "^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$" + }, + + "conversion": { + "description": "A conversion object that will be merged with a separate run.", + "$ref": "#/definitions/conversion" + }, + + "graphs": { + "description": "An array of graph objects that will be merged with a separate run.", + "type": "array", + "minItems": 0, + "default": [], + "uniqueItems": true, + "items": { + "$ref": "#/definitions/graph" + } + }, + + "externalizedProperties": { + "description": "Key/value pairs that provide additional information that will be merged with a separate run.", + "$ref": "#/definitions/propertyBag" + }, + + "artifacts": { + "description": "An array of artifact objects that will be merged with a separate run.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/artifact" + } + }, + + "invocations": { + "description": "Describes the invocation of the analysis tool that will be merged with a separate run.", + "type": "array", + "minItems": 0, + "uniqueItems": false, + "default": [], + "items": { + "$ref": "#/definitions/invocation" + } + }, + + "logicalLocations": { + "description": "An array of logical locations such as namespaces, types or functions that will be merged with a separate run.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "$ref": "#/definitions/logicalLocation" + } + }, + + "threadFlowLocations": { + "description": "An array of threadFlowLocation objects that will be merged with a separate run.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "$ref": "#/definitions/threadFlowLocation" + } + }, + + "results": { + "description": "An array of result objects that will be merged with a separate run.", + "type": "array", + "minItems": 0, + "uniqueItems": false, + "default": [], + "items": { + "$ref": "#/definitions/result" + } + }, + + "taxonomies": { + "description": "Tool taxonomies that will be merged with a separate run.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "$ref": "#/definitions/toolComponent" + } + }, + + "driver": { + "description": "The analysis tool object that will be merged with a separate run.", + "$ref": "#/definitions/toolComponent" + }, + + "extensions": { + "description": "Tool extensions that will be merged with a separate run.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "$ref": "#/definitions/toolComponent" + } + }, + + "policies": { + "description": "Tool policies that will be merged with a separate run.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "$ref": "#/definitions/toolComponent" + } + }, + + "translations": { + "description": "Tool translations that will be merged with a separate run.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "$ref": "#/definitions/toolComponent" + } + }, + + "addresses": { + "description": "Addresses that will be merged with a separate run.", + "type": "array", + "minItems": 0, + "uniqueItems": false, + "default": [], + "items": { + "$ref": "#/definitions/address" + } + }, + + "webRequests": { + "description": "Requests that will be merged with a separate run.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "$ref": "#/definitions/webRequest" + } + }, + + "webResponses": { + "description": "Responses that will be merged with a separate run.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "$ref": "#/definitions/webResponse" + } + }, + + "properties": { + "description": "Key/value pairs that provide additional information about the external properties.", + "$ref": "#/definitions/propertyBag" + } + } + }, + + "externalPropertyFileReference": { + "description": "Contains information that enables a SARIF consumer to locate the external property file that contains the value of an externalized property associated with the run.", + "type": "object", + "additionalProperties": false, + "properties": { + + "location": { + "description": "The location of the external property file.", + "$ref": "#/definitions/artifactLocation" + }, + + "guid": { + "description": "A stable, unique identifer for the external property file in the form of a GUID.", + "type": "string", + "pattern": "^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$" + }, + + "itemCount": { + "description": "A non-negative integer specifying the number of items contained in the external property file.", + "type": "integer", + "default": -1, + "minimum": -1 + }, + + "properties": { + "description": "Key/value pairs that provide additional information about the external property file.", + "$ref": "#/definitions/propertyBag" + } + }, + "anyOf": [ + { "required": [ "location" ] }, + { "required": [ "guid" ] } + ] + }, + + "externalPropertyFileReferences": { + "description": "References to external property files that should be inlined with the content of a root log file.", + "additionalProperties": false, + "type": "object", + "properties": { + + "conversion": { + "description": "An external property file containing a run.conversion object to be merged with the root log file.", + "$ref": "#/definitions/externalPropertyFileReference" + }, + + "graphs": { + "description": "An array of external property files containing a run.graphs object to be merged with the root log file.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "$ref": "#/definitions/externalPropertyFileReference" + } + }, + + "externalizedProperties": { + "description": "An external property file containing a run.properties object to be merged with the root log file.", + "$ref": "#/definitions/externalPropertyFileReference" + }, + + "artifacts": { + "description": "An array of external property files containing run.artifacts arrays to be merged with the root log file.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "$ref": "#/definitions/externalPropertyFileReference" + } + }, + + "invocations": { + "description": "An array of external property files containing run.invocations arrays to be merged with the root log file.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "$ref": "#/definitions/externalPropertyFileReference" + } + }, + + "logicalLocations": { + "description": "An array of external property files containing run.logicalLocations arrays to be merged with the root log file.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "$ref": "#/definitions/externalPropertyFileReference" + } + }, + + "threadFlowLocations": { + "description": "An array of external property files containing run.threadFlowLocations arrays to be merged with the root log file.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "$ref": "#/definitions/externalPropertyFileReference" + } + }, + + "results": { + "description": "An array of external property files containing run.results arrays to be merged with the root log file.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "$ref": "#/definitions/externalPropertyFileReference" + } + }, + + "taxonomies": { + "description": "An array of external property files containing run.taxonomies arrays to be merged with the root log file.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "$ref": "#/definitions/externalPropertyFileReference" + } + }, + + "addresses": { + "description": "An array of external property files containing run.addresses arrays to be merged with the root log file.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "$ref": "#/definitions/externalPropertyFileReference" + } + }, + + "driver": { + "description": "An external property file containing a run.driver object to be merged with the root log file.", + "$ref": "#/definitions/externalPropertyFileReference" + }, + + "extensions": { + "description": "An array of external property files containing run.extensions arrays to be merged with the root log file.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "$ref": "#/definitions/externalPropertyFileReference" + } + }, + + "policies": { + "description": "An array of external property files containing run.policies arrays to be merged with the root log file.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "$ref": "#/definitions/externalPropertyFileReference" + } + }, + + "translations": { + "description": "An array of external property files containing run.translations arrays to be merged with the root log file.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "$ref": "#/definitions/externalPropertyFileReference" + } + }, + + "webRequests": { + "description": "An array of external property files containing run.requests arrays to be merged with the root log file.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "$ref": "#/definitions/externalPropertyFileReference" + } + }, + + "webResponses": { + "description": "An array of external property files containing run.responses arrays to be merged with the root log file.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "$ref": "#/definitions/externalPropertyFileReference" + } + }, + + "properties": { + "description": "Key/value pairs that provide additional information about the external property files.", + "$ref": "#/definitions/propertyBag" + } + } + }, + + "fix": { + "description": "A proposed fix for the problem represented by a result object. A fix specifies a set of artifacts to modify. For each artifact, it specifies a set of bytes to remove, and provides a set of new bytes to replace them.", + "additionalProperties": false, + "type": "object", + "properties": { + + "description": { + "description": "A message that describes the proposed fix, enabling viewers to present the proposed change to an end user.", + "$ref": "#/definitions/message" + }, + + "artifactChanges": { + "description": "One or more artifact changes that comprise a fix for a result.", + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/artifactChange" + } + }, + + "properties": { + "description": "Key/value pairs that provide additional information about the fix.", + "$ref": "#/definitions/propertyBag" + } + }, + "required": [ "artifactChanges" ] + }, + + "graph": { + "description": "A network of nodes and directed edges that describes some aspect of the structure of the code (for example, a call graph).", + "type": "object", + "additionalProperties": false, + "properties": { + + "description": { + "description": "A description of the graph.", + "$ref": "#/definitions/message" + }, + + "nodes": { + "description": "An array of node objects representing the nodes of the graph.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "$ref": "#/definitions/node" + } + }, + + "edges": { + "description": "An array of edge objects representing the edges of the graph.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "$ref": "#/definitions/edge" + } + }, + + "properties": { + "description": "Key/value pairs that provide additional information about the graph.", + "$ref": "#/definitions/propertyBag" + } + } + }, + + "graphTraversal": { + "description": "Represents a path through a graph.", + "type": "object", + "additionalProperties": false, + "properties": { + + "runGraphIndex": { + "description": "The index within the run.graphs to be associated with the result.", + "type": "integer", + "default": -1, + "minimum": -1 + }, + + "resultGraphIndex": { + "description": "The index within the result.graphs to be associated with the result.", + "type": "integer", + "default": -1, + "minimum": -1 + }, + + "description": { + "description": "A description of this graph traversal.", + "$ref": "#/definitions/message" + }, + + "initialState": { + "description": "Values of relevant expressions at the start of the graph traversal that may change during graph traversal.", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/multiformatMessageString" + } + }, + + "immutableState": { + "description": "Values of relevant expressions at the start of the graph traversal that remain constant for the graph traversal.", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/multiformatMessageString" + } + }, + + "edgeTraversals": { + "description": "The sequences of edges traversed by this graph traversal.", + "type": "array", + "minItems": 0, + "uniqueItems": false, + "default": [], + "items": { + "$ref": "#/definitions/edgeTraversal" + } + }, + + "properties": { + "description": "Key/value pairs that provide additional information about the graph traversal.", + "$ref": "#/definitions/propertyBag" + } + }, + "oneOf": [ + { "required": [ "runGraphIndex" ] }, + { "required": [ "resultGraphIndex" ] } + ] + }, + + "invocation": { + "description": "The runtime environment of the analysis tool run.", + "additionalProperties": false, + "type": "object", + "properties": { + + "commandLine": { + "description": "The command line used to invoke the tool.", + "type": "string" + }, + + "arguments": { + "description": "An array of strings, containing in order the command line arguments passed to the tool from the operating system.", + "type": "array", + "minItems": 0, + "uniqueItems": false, + "items": { + "type": "string" + } + }, + + "responseFiles": { + "description": "The locations of any response files specified on the tool's command line.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/artifactLocation" + } + }, + + "startTimeUtc": { + "description": "The Coordinated Universal Time (UTC) date and time at which the invocation started. See \"Date/time properties\" in the SARIF spec for the required format.", + "type": "string", + "format": "date-time" + }, + + "endTimeUtc": { + "description": "The Coordinated Universal Time (UTC) date and time at which the invocation ended. See \"Date/time properties\" in the SARIF spec for the required format.", + "type": "string", + "format": "date-time" + }, + + "exitCode": { + "description": "The process exit code.", + "type": "integer" + }, + + "ruleConfigurationOverrides": { + "description": "An array of configurationOverride objects that describe rules related runtime overrides.", + "type": "array", + "minItems": 0, + "default": [], + "uniqueItems": true, + "items": { + "$ref": "#/definitions/configurationOverride" + } + }, + + "notificationConfigurationOverrides": { + "description": "An array of configurationOverride objects that describe notifications related runtime overrides.", + "type": "array", + "minItems": 0, + "default": [], + "uniqueItems": true, + "items": { + "$ref": "#/definitions/configurationOverride" + } + }, + + "toolExecutionNotifications": { + "description": "A list of runtime conditions detected by the tool during the analysis.", + "type": "array", + "minItems": 0, + "uniqueItems": false, + "default": [], + "items": { + "$ref": "#/definitions/notification" + } + }, + + "toolConfigurationNotifications": { + "description": "A list of conditions detected by the tool that are relevant to the tool's configuration.", + "type": "array", + "minItems": 0, + "uniqueItems": false, + "default": [], + "items": { + "$ref": "#/definitions/notification" + } + }, + + "exitCodeDescription": { + "description": "The reason for the process exit.", + "type": "string" + }, + + "exitSignalName": { + "description": "The name of the signal that caused the process to exit.", + "type": "string" + }, + + "exitSignalNumber": { + "description": "The numeric value of the signal that caused the process to exit.", + "type": "integer" + }, + + "processStartFailureMessage": { + "description": "The reason given by the operating system that the process failed to start.", + "type": "string" + }, + + "executionSuccessful": { + "description": "Specifies whether the tool's execution completed successfully.", + "type": "boolean" + }, + + "machine": { + "description": "The machine on which the invocation occurred.", + "type": "string" + }, + + "account": { + "description": "The account under which the invocation occurred.", + "type": "string" + }, + + "processId": { + "description": "The id of the process in which the invocation occurred.", + "type": "integer" + }, + + "executableLocation": { + "description": "An absolute URI specifying the location of the executable that was invoked.", + "$ref": "#/definitions/artifactLocation" + }, + + "workingDirectory": { + "description": "The working directory for the invocation.", + "$ref": "#/definitions/artifactLocation" + }, + + "environmentVariables": { + "description": "The environment variables associated with the analysis tool process, expressed as key/value pairs.", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + + "stdin": { + "description": "A file containing the standard input stream to the process that was invoked.", + "$ref": "#/definitions/artifactLocation" + }, + + "stdout": { + "description": "A file containing the standard output stream from the process that was invoked.", + "$ref": "#/definitions/artifactLocation" + }, + + "stderr": { + "description": "A file containing the standard error stream from the process that was invoked.", + "$ref": "#/definitions/artifactLocation" + }, + + "stdoutStderr": { + "description": "A file containing the interleaved standard output and standard error stream from the process that was invoked.", + "$ref": "#/definitions/artifactLocation" + }, + + "properties": { + "description": "Key/value pairs that provide additional information about the invocation.", + "$ref": "#/definitions/propertyBag" + } + }, + "required": [ "executionSuccessful" ] + }, + + "location": { + "description": "A location within a programming artifact.", + "additionalProperties": false, + "type": "object", + "properties": { + + "id": { + "description": "Value that distinguishes this location from all other locations within a single result object.", + "type": "integer", + "minimum": -1, + "default": -1 + }, + + "physicalLocation": { + "description": "Identifies the artifact and region.", + "$ref": "#/definitions/physicalLocation" + }, + + "logicalLocations": { + "description": "The logical locations associated with the result.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "$ref": "#/definitions/logicalLocation" + } + }, + + "message": { + "description": "A message relevant to the location.", + "$ref": "#/definitions/message" + }, + + "annotations": { + "description": "A set of regions relevant to the location.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "$ref": "#/definitions/region" + } + }, + + "relationships": { + "description": "An array of objects that describe relationships between this location and others.", + "type": "array", + "default": [], + "minItems": 0, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/locationRelationship" + } + }, + + "properties": { + "description": "Key/value pairs that provide additional information about the location.", + "$ref": "#/definitions/propertyBag" + } + } + }, + + "locationRelationship": { + "description": "Information about the relation of one location to another.", + "type": "object", + "additionalProperties": false, + "properties": { + + "target": { + "description": "A reference to the related location.", + "type": "integer", + "minimum": 0 + }, + + "kinds": { + "description": "A set of distinct strings that categorize the relationship. Well-known kinds include 'includes', 'isIncludedBy' and 'relevant'.", + "type": "array", + "default": [ "relevant" ], + "uniqueItems": true, + "items": { + "type": "string" + } + }, + + "description": { + "description": "A description of the location relationship.", + "$ref": "#/definitions/message" + }, + + "properties": { + "description": "Key/value pairs that provide additional information about the location relationship.", + "$ref": "#/definitions/propertyBag" + } + }, + "required": [ "target" ] + }, + + "logicalLocation": { + "description": "A logical location of a construct that produced a result.", + "additionalProperties": false, + "type": "object", + "properties": { + + "name": { + "description": "Identifies the construct in which the result occurred. For example, this property might contain the name of a class or a method.", + "type": "string" + }, + + "index": { + "description": "The index within the logical locations array.", + "type": "integer", + "default": -1, + "minimum": -1 + }, + + "fullyQualifiedName": { + "description": "The human-readable fully qualified name of the logical location.", + "type": "string" + }, + + "decoratedName": { + "description": "The machine-readable name for the logical location, such as a mangled function name provided by a C++ compiler that encodes calling convention, return type and other details along with the function name.", + "type": "string" + }, + + "parentIndex": { + "description": "Identifies the index of the immediate parent of the construct in which the result was detected. For example, this property might point to a logical location that represents the namespace that holds a type.", + "type": "integer", + "default": -1, + "minimum": -1 + }, + + "kind": { + "description": "The type of construct this logical location component refers to. Should be one of 'function', 'member', 'module', 'namespace', 'parameter', 'resource', 'returnType', 'type', 'variable', 'object', 'array', 'property', 'value', 'element', 'text', 'attribute', 'comment', 'declaration', 'dtd' or 'processingInstruction', if any of those accurately describe the construct.", + "type": "string" + }, + + "properties": { + "description": "Key/value pairs that provide additional information about the logical location.", + "$ref": "#/definitions/propertyBag" + } + } + }, + + "message": { + "description": "Encapsulates a message intended to be read by the end user.", + "type": "object", + "additionalProperties": false, + + "properties": { + + "text": { + "description": "A plain text message string.", + "type": "string" + }, + + "markdown": { + "description": "A Markdown message string.", + "type": "string" + }, + + "id": { + "description": "The identifier for this message.", + "type": "string" + }, + + "arguments": { + "description": "An array of strings to substitute into the message string.", + "type": "array", + "minItems": 0, + "uniqueItems": false, + "default": [], + "items": { + "type": "string" + } + }, + + "properties": { + "description": "Key/value pairs that provide additional information about the message.", + "$ref": "#/definitions/propertyBag" + } + }, + "anyOf": [ + { "required": [ "text" ] }, + { "required": [ "id" ] } + ] + }, + + "multiformatMessageString": { + "description": "A message string or message format string rendered in multiple formats.", + "type": "object", + "additionalProperties": false, + + "properties": { + + "text": { + "description": "A plain text message string or format string.", + "type": "string" + }, + + "markdown": { + "description": "A Markdown message string or format string.", + "type": "string" + }, + + "properties": { + "description": "Key/value pairs that provide additional information about the message.", + "$ref": "#/definitions/propertyBag" + } + }, + "required": [ "text" ] + }, + + "node": { + "description": "Represents a node in a graph.", + "type": "object", + "additionalProperties": false, + + "properties": { + + "id": { + "description": "A string that uniquely identifies the node within its graph.", + "type": "string" + }, + + "label": { + "description": "A short description of the node.", + "$ref": "#/definitions/message" + }, + + "location": { + "description": "A code location associated with the node.", + "$ref": "#/definitions/location" + }, + + "children": { + "description": "Array of child nodes.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "$ref": "#/definitions/node" + } + }, + + "properties": { + "description": "Key/value pairs that provide additional information about the node.", + "$ref": "#/definitions/propertyBag" + } + }, + + "required": [ "id" ] + }, + + "notification": { + "description": "Describes a condition relevant to the tool itself, as opposed to being relevant to a target being analyzed by the tool.", + "type": "object", + "additionalProperties": false, + "properties": { + + "locations": { + "description": "The locations relevant to this notification.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "$ref": "#/definitions/location" + } + }, + + "message": { + "description": "A message that describes the condition that was encountered.", + "$ref": "#/definitions/message" + }, + + "level": { + "description": "A value specifying the severity level of the notification.", + "default": "warning", + "enum": [ "none", "note", "warning", "error" ] + }, + + "threadId": { + "description": "The thread identifier of the code that generated the notification.", + "type": "integer" + }, + + "timeUtc": { + "description": "The Coordinated Universal Time (UTC) date and time at which the analysis tool generated the notification.", + "type": "string", + "format": "date-time" + }, + + "exception": { + "description": "The runtime exception, if any, relevant to this notification.", + "$ref": "#/definitions/exception" + }, + + "descriptor": { + "description": "A reference used to locate the descriptor relevant to this notification.", + "$ref": "#/definitions/reportingDescriptorReference" + }, + + "associatedRule": { + "description": "A reference used to locate the rule descriptor associated with this notification.", + "$ref": "#/definitions/reportingDescriptorReference" + }, + + "properties": { + "description": "Key/value pairs that provide additional information about the notification.", + "$ref": "#/definitions/propertyBag" + } + }, + + "required": [ "message" ] + }, + + "physicalLocation": { + "description": "A physical location relevant to a result. Specifies a reference to a programming artifact together with a range of bytes or characters within that artifact.", + "additionalProperties": false, + "type": "object", + "properties": { + + "address": { + "description": "The address of the location.", + "$ref": "#/definitions/address" + }, + + "artifactLocation": { + "description": "The location of the artifact.", + "$ref": "#/definitions/artifactLocation" + }, + + "region": { + "description": "Specifies a portion of the artifact.", + "$ref": "#/definitions/region" + }, + + "contextRegion": { + "description": "Specifies a portion of the artifact that encloses the region. Allows a viewer to display additional context around the region.", + "$ref": "#/definitions/region" + }, + + "properties": { + "description": "Key/value pairs that provide additional information about the physical location.", + "$ref": "#/definitions/propertyBag" + } + }, + + "anyOf": [ + { + "required": [ "address" ] + }, + { + "required": [ "artifactLocation" ] + } + ] + }, + + "propertyBag": { + "description": "Key/value pairs that provide additional information about the object.", + "type": "object", + "additionalProperties": true, + "properties": { + "tags": { + + "description": "A set of distinct strings that provide additional information.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "type": "string" + } + } + } + }, + + "rectangle": { + "description": "An area within an image.", + "additionalProperties": false, + "type": "object", + "properties": { + + "top": { + "description": "The Y coordinate of the top edge of the rectangle, measured in the image's natural units.", + "type": "number" + }, + + "left": { + "description": "The X coordinate of the left edge of the rectangle, measured in the image's natural units.", + "type": "number" + }, + + "bottom": { + "description": "The Y coordinate of the bottom edge of the rectangle, measured in the image's natural units.", + "type": "number" + }, + + "right": { + "description": "The X coordinate of the right edge of the rectangle, measured in the image's natural units.", + "type": "number" + }, + + "message": { + "description": "A message relevant to the rectangle.", + "$ref": "#/definitions/message" + }, + + "properties": { + "description": "Key/value pairs that provide additional information about the rectangle.", + "$ref": "#/definitions/propertyBag" + } + } + }, + + "region": { + "description": "A region within an artifact where a result was detected.", + "additionalProperties": false, + "type": "object", + "properties": { + + "startLine": { + "description": "The line number of the first character in the region.", + "type": "integer", + "minimum": 1 + }, + + "startColumn": { + "description": "The column number of the first character in the region.", + "type": "integer", + "minimum": 1 + }, + + "endLine": { + "description": "The line number of the last character in the region.", + "type": "integer", + "minimum": 1 + }, + + "endColumn": { + "description": "The column number of the character following the end of the region.", + "type": "integer", + "minimum": 1 + }, + + "charOffset": { + "description": "The zero-based offset from the beginning of the artifact of the first character in the region.", + "type": "integer", + "default": -1, + "minimum": -1 + }, + + "charLength": { + "description": "The length of the region in characters.", + "type": "integer", + "minimum": 0 + }, + + "byteOffset": { + "description": "The zero-based offset from the beginning of the artifact of the first byte in the region.", + "type": "integer", + "default": -1, + "minimum": -1 + }, + + "byteLength": { + "description": "The length of the region in bytes.", + "type": "integer", + "minimum": 0 + }, + + "snippet": { + "description": "The portion of the artifact contents within the specified region.", + "$ref": "#/definitions/artifactContent" + }, + + "message": { + "description": "A message relevant to the region.", + "$ref": "#/definitions/message" + }, + + "sourceLanguage": { + "description": "Specifies the source language, if any, of the portion of the artifact specified by the region object.", + "type": "string" + }, + + "properties": { + "description": "Key/value pairs that provide additional information about the region.", + "$ref": "#/definitions/propertyBag" + } + } + }, + + "replacement": { + "description": "The replacement of a single region of an artifact.", + "additionalProperties": false, + "type": "object", + "properties": { + + "deletedRegion": { + "description": "The region of the artifact to delete.", + "$ref": "#/definitions/region" + }, + + "insertedContent": { + "description": "The content to insert at the location specified by the 'deletedRegion' property.", + "$ref": "#/definitions/artifactContent" + }, + + "properties": { + "description": "Key/value pairs that provide additional information about the replacement.", + "$ref": "#/definitions/propertyBag" + } + }, + + "required": [ "deletedRegion" ] + }, + + "reportingDescriptor": { + "description": "Metadata that describes a specific report produced by the tool, as part of the analysis it provides or its runtime reporting.", + "additionalProperties": false, + "type": "object", + "properties": { + + "id": { + "description": "A stable, opaque identifier for the report.", + "type": "string" + }, + + "deprecatedIds": { + "description": "An array of stable, opaque identifiers by which this report was known in some previous version of the analysis tool.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "items": { + "type": "string" + } + }, + + "guid": { + "description": "A unique identifer for the reporting descriptor in the form of a GUID.", + "type": "string", + "pattern": "^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$" + }, + + "deprecatedGuids": { + "description": "An array of unique identifies in the form of a GUID by which this report was known in some previous version of the analysis tool.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "items": { + "type": "string", + "pattern": "^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$" + } + }, + + "name": { + "description": "A report identifier that is understandable to an end user.", + "type": "string" + }, + + "deprecatedNames": { + "description": "An array of readable identifiers by which this report was known in some previous version of the analysis tool.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "items": { + "type": "string" + } + }, + + "shortDescription": { + "description": "A concise description of the report. Should be a single sentence that is understandable when visible space is limited to a single line of text.", + "$ref": "#/definitions/multiformatMessageString" + }, + + "fullDescription": { + "description": "A description of the report. Should, as far as possible, provide details sufficient to enable resolution of any problem indicated by the result.", + "$ref": "#/definitions/multiformatMessageString" + }, + + "messageStrings": { + "description": "A set of name/value pairs with arbitrary names. Each value is a multiformatMessageString object, which holds message strings in plain text and (optionally) Markdown format. The strings can include placeholders, which can be used to construct a message in combination with an arbitrary number of additional string arguments.", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/multiformatMessageString" + } + }, + + "defaultConfiguration": { + "description": "Default reporting configuration information.", + "$ref": "#/definitions/reportingConfiguration" + }, + + "helpUri": { + "description": "A URI where the primary documentation for the report can be found.", + "type": "string", + "format": "uri" + }, + + "help": { + "description": "Provides the primary documentation for the report, useful when there is no online documentation.", + "$ref": "#/definitions/multiformatMessageString" + }, + + "relationships": { + "description": "An array of objects that describe relationships between this reporting descriptor and others.", + "type": "array", + "default": [], + "minItems": 0, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/reportingDescriptorRelationship" + } + }, + + "properties": { + "description": "Key/value pairs that provide additional information about the report.", + "$ref": "#/definitions/propertyBag" + } + }, + "required": [ "id" ] + }, + + "reportingConfiguration": { + "description": "Information about a rule or notification that can be configured at runtime.", + "type": "object", + "additionalProperties": false, + "properties": { + + "enabled": { + "description": "Specifies whether the report may be produced during the scan.", + "type": "boolean", + "default": true + }, + + "level": { + "description": "Specifies the failure level for the report.", + "default": "warning", + "enum": [ "none", "note", "warning", "error" ] + }, + + "rank": { + "description": "Specifies the relative priority of the report. Used for analysis output only.", + "type": "number", + "default": -1.0, + "minimum": -1.0, + "maximum": 100.0 + }, + + "parameters": { + "description": "Contains configuration information specific to a report.", + "$ref": "#/definitions/propertyBag" + }, + + "properties": { + "description": "Key/value pairs that provide additional information about the reporting configuration.", + "$ref": "#/definitions/propertyBag" + } + } + }, + + "reportingDescriptorReference": { + "description": "Information about how to locate a relevant reporting descriptor.", + "type": "object", + "additionalProperties": false, + "properties": { + + "id": { + "description": "The id of the descriptor.", + "type": "string" + }, + + "index": { + "description": "The index into an array of descriptors in toolComponent.ruleDescriptors, toolComponent.notificationDescriptors, or toolComponent.taxonomyDescriptors, depending on context.", + "type": "integer", + "default": -1, + "minimum": -1 + }, + + "guid": { + "description": "A guid that uniquely identifies the descriptor.", + "type": "string", + "pattern": "^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$" + }, + + "toolComponent": { + "description": "A reference used to locate the toolComponent associated with the descriptor.", + "$ref": "#/definitions/toolComponentReference" + }, + + "properties": { + "description": "Key/value pairs that provide additional information about the reporting descriptor reference.", + "$ref": "#/definitions/propertyBag" + } + }, + "anyOf": [ + { "required": [ "index" ] }, + { "required": [ "guid" ] }, + { "required": [ "id" ] } + ] + }, + + "reportingDescriptorRelationship": { + "description": "Information about the relation of one reporting descriptor to another.", + "type": "object", + "additionalProperties": false, + "properties": { + + "target": { + "description": "A reference to the related reporting descriptor.", + "$ref": "#/definitions/reportingDescriptorReference" + }, + + "kinds": { + "description": "A set of distinct strings that categorize the relationship. Well-known kinds include 'canPrecede', 'canFollow', 'willPrecede', 'willFollow', 'superset', 'subset', 'equal', 'disjoint', 'relevant', and 'incomparable'.", + "type": "array", + "default": [ "relevant" ], + "uniqueItems": true, + "items": { + "type": "string" + } + }, + + "description": { + "description": "A description of the reporting descriptor relationship.", + "$ref": "#/definitions/message" + }, + + "properties": { + "description": "Key/value pairs that provide additional information about the reporting descriptor reference.", + "$ref": "#/definitions/propertyBag" + } + }, + "required": [ "target" ] + }, + + "result": { + "description": "A result produced by an analysis tool.", + "additionalProperties": false, + "type": "object", + "properties": { + + "ruleId": { + "description": "The stable, unique identifier of the rule, if any, to which this result is relevant.", + "type": "string" + }, + + "ruleIndex": { + "description": "The index within the tool component rules array of the rule object associated with this result.", + "type": "integer", + "default": -1, + "minimum": -1 + }, + + "rule": { + "description": "A reference used to locate the rule descriptor relevant to this result.", + "$ref": "#/definitions/reportingDescriptorReference" + }, + + "kind": { + "description": "A value that categorizes results by evaluation state.", + "default": "fail", + "enum": [ "notApplicable", "pass", "fail", "review", "open", "informational" ] + }, + + "level": { + "description": "A value specifying the severity level of the result.", + "default": "warning", + "enum": [ "none", "note", "warning", "error" ] + }, + + "message": { + "description": "A message that describes the result. The first sentence of the message only will be displayed when visible space is limited.", + "$ref": "#/definitions/message" + }, + + "analysisTarget": { + "description": "Identifies the artifact that the analysis tool was instructed to scan. This need not be the same as the artifact where the result actually occurred.", + "$ref": "#/definitions/artifactLocation" + }, + + "locations": { + "description": "The set of locations where the result was detected. Specify only one location unless the problem indicated by the result can only be corrected by making a change at every specified location.", + "type": "array", + "minItems": 0, + "uniqueItems": false, + "default": [], + "items": { + "$ref": "#/definitions/location" + } + }, + + "guid": { + "description": "A stable, unique identifer for the result in the form of a GUID.", + "type": "string", + "pattern": "^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$" + }, + + "correlationGuid": { + "description": "A stable, unique identifier for the equivalence class of logically identical results to which this result belongs, in the form of a GUID.", + "type": "string", + "pattern": "^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$" + }, + + "occurrenceCount": { + "description": "A positive integer specifying the number of times this logically unique result was observed in this run.", + "type": "integer", + "minimum": 1 + }, + + "partialFingerprints": { + "description": "A set of strings that contribute to the stable, unique identity of the result.", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + + "fingerprints": { + "description": "A set of strings each of which individually defines a stable, unique identity for the result.", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + + "stacks": { + "description": "An array of 'stack' objects relevant to the result.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "$ref": "#/definitions/stack" + } + }, + + "codeFlows": { + "description": "An array of 'codeFlow' objects relevant to the result.", + "type": "array", + "minItems": 0, + "uniqueItems": false, + "default": [], + "items": { + "$ref": "#/definitions/codeFlow" + } + }, + + "graphs": { + "description": "An array of zero or more unique graph objects associated with the result.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "$ref": "#/definitions/graph" + } + }, + + "graphTraversals": { + "description": "An array of one or more unique 'graphTraversal' objects.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "$ref": "#/definitions/graphTraversal" + } + }, + + "relatedLocations": { + "description": "A set of locations relevant to this result.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "$ref": "#/definitions/location" + } + }, + + "suppressions": { + "description": "A set of suppressions relevant to this result.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/suppression" + } + }, + + "baselineState": { + "description": "The state of a result relative to a baseline of a previous run.", + "enum": [ + "new", + "unchanged", + "updated", + "absent" + ] + }, + + "rank": { + "description": "A number representing the priority or importance of the result.", + "type": "number", + "default": -1.0, + "minimum": -1.0, + "maximum": 100.0 + }, + + "attachments": { + "description": "A set of artifacts relevant to the result.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "$ref": "#/definitions/attachment" + } + }, + + "hostedViewerUri": { + "description": "An absolute URI at which the result can be viewed.", + "type": "string", + "format": "uri" + }, + + "workItemUris": { + "description": "The URIs of the work items associated with this result.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "items": { + "type": "string", + "format": "uri" + } + }, + + "provenance": { + "description": "Information about how and when the result was detected.", + "$ref": "#/definitions/resultProvenance" + }, + + "fixes": { + "description": "An array of 'fix' objects, each of which represents a proposed fix to the problem indicated by the result.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "$ref": "#/definitions/fix" + } + }, + + "taxa": { + "description": "An array of references to taxonomy reporting descriptors that are applicable to the result.", + "type": "array", + "default": [], + "minItems": 0, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/reportingDescriptorReference" + } + }, + + "webRequest": { + "description": "A web request associated with this result.", + "$ref": "#/definitions/webRequest" + }, + + "webResponse": { + "description": "A web response associated with this result.", + "$ref": "#/definitions/webResponse" + }, + + "properties": { + "description": "Key/value pairs that provide additional information about the result.", + "$ref": "#/definitions/propertyBag" + } + }, + "required": [ "message" ] + }, + + "resultProvenance": { + "description": "Contains information about how and when a result was detected.", + "additionalProperties": false, + "type": "object", + "properties": { + + "firstDetectionTimeUtc": { + "description": "The Coordinated Universal Time (UTC) date and time at which the result was first detected. See \"Date/time properties\" in the SARIF spec for the required format.", + "type": "string", + "format": "date-time" + }, + + "lastDetectionTimeUtc": { + "description": "The Coordinated Universal Time (UTC) date and time at which the result was most recently detected. See \"Date/time properties\" in the SARIF spec for the required format.", + "type": "string", + "format": "date-time" + }, + + "firstDetectionRunGuid": { + "description": "A GUID-valued string equal to the automationDetails.guid property of the run in which the result was first detected.", + "type": "string", + "pattern": "^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$" + }, + + "lastDetectionRunGuid": { + "description": "A GUID-valued string equal to the automationDetails.guid property of the run in which the result was most recently detected.", + "type": "string", + "pattern": "^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$" + }, + + "invocationIndex": { + "description": "The index within the run.invocations array of the invocation object which describes the tool invocation that detected the result.", + "type": "integer", + "default": -1, + "minimum": -1 + }, + + "conversionSources": { + "description": "An array of physicalLocation objects which specify the portions of an analysis tool's output that a converter transformed into the result.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "$ref": "#/definitions/physicalLocation" + } + }, + + "properties": { + "description": "Key/value pairs that provide additional information about the result.", + "$ref": "#/definitions/propertyBag" + } + } + }, + + "run": { + "description": "Describes a single run of an analysis tool, and contains the reported output of that run.", + "additionalProperties": false, + "type": "object", + "properties": { + + "tool": { + "description": "Information about the tool or tool pipeline that generated the results in this run. A run can only contain results produced by a single tool or tool pipeline. A run can aggregate results from multiple log files, as long as context around the tool run (tool command-line arguments and the like) is identical for all aggregated files.", + "$ref": "#/definitions/tool" + }, + + "invocations": { + "description": "Describes the invocation of the analysis tool.", + "type": "array", + "minItems": 0, + "uniqueItems": false, + "default": [], + "items": { + "$ref": "#/definitions/invocation" + } + }, + + "conversion": { + "description": "A conversion object that describes how a converter transformed an analysis tool's native reporting format into the SARIF format.", + "$ref": "#/definitions/conversion" + }, + + "language": { + "description": "The language of the messages emitted into the log file during this run (expressed as an ISO 639-1 two-letter lowercase culture code) and an optional region (expressed as an ISO 3166-1 two-letter uppercase subculture code associated with a country or region). The casing is recommended but not required (in order for this data to conform to RFC5646).", + "type": "string", + "default": "en-US", + "pattern": "^[a-zA-Z]{2}|^[a-zA-Z]{2}-[a-zA-Z]{2}]?$" + }, + + "versionControlProvenance": { + "description": "Specifies the revision in version control of the artifacts that were scanned.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "$ref": "#/definitions/versionControlDetails" + } + }, + + "originalUriBaseIds": { + "description": "The artifact location specified by each uriBaseId symbol on the machine where the tool originally ran.", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/artifactLocation" + } + }, + + "artifacts": { + "description": "An array of artifact objects relevant to the run.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/artifact" + } + }, + + "logicalLocations": { + "description": "An array of logical locations such as namespaces, types or functions.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "$ref": "#/definitions/logicalLocation" + } + }, + + "graphs": { + "description": "An array of zero or more unique graph objects associated with the run.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "$ref": "#/definitions/graph" + } + }, + + "results": { + "description": "The set of results contained in an SARIF log. The results array can be omitted when a run is solely exporting rules metadata. It must be present (but may be empty) if a log file represents an actual scan.", + "type": "array", + "minItems": 0, + "uniqueItems": false, + "items": { + "$ref": "#/definitions/result" + } + }, + + "automationDetails": { + "description": "Automation details that describe this run.", + "$ref": "#/definitions/runAutomationDetails" + }, + + "runAggregates": { + "description": "Automation details that describe the aggregate of runs to which this run belongs.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "$ref": "#/definitions/runAutomationDetails" + } + }, + + "baselineGuid": { + "description": "The 'guid' property of a previous SARIF 'run' that comprises the baseline that was used to compute result 'baselineState' properties for the run.", + "type": "string", + "pattern": "^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$" + }, + + "redactionTokens": { + "description": "An array of strings used to replace sensitive information in a redaction-aware property.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "type": "string" + } + }, + + "defaultEncoding": { + "description": "Specifies the default encoding for any artifact object that refers to a text file.", + "type": "string" + }, + + "defaultSourceLanguage": { + "description": "Specifies the default source language for any artifact object that refers to a text file that contains source code.", + "type": "string" + }, + + "newlineSequences": { + "description": "An ordered list of character sequences that were treated as line breaks when computing region information for the run.", + "type": "array", + "minItems": 1, + "uniqueItems": true, + "default": [ "\r\n", "\n" ], + "items": { + "type": "string" + } + }, + + "columnKind": { + "description": "Specifies the unit in which the tool measures columns.", + "enum": [ "utf16CodeUnits", "unicodeCodePoints" ] + }, + + "externalPropertyFileReferences": { + "description": "References to external property files that should be inlined with the content of a root log file.", + "$ref": "#/definitions/externalPropertyFileReferences" + }, + + "threadFlowLocations": { + "description": "An array of threadFlowLocation objects cached at run level.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "$ref": "#/definitions/threadFlowLocation" + } + }, + + "taxonomies": { + "description": "An array of toolComponent objects relevant to a taxonomy in which results are categorized.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "$ref": "#/definitions/toolComponent" + } + }, + + "addresses": { + "description": "Addresses associated with this run instance, if any.", + "type": "array", + "minItems": 0, + "uniqueItems": false, + "default": [], + "items": { + "$ref": "#/definitions/address" + } + }, + + "translations": { + "description": "The set of available translations of the localized data provided by the tool.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "$ref": "#/definitions/toolComponent" + } + }, + + "policies": { + "description": "Contains configurations that may potentially override both reportingDescriptor.defaultConfiguration (the tool's default severities) and invocation.configurationOverrides (severities established at run-time from the command line).", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "$ref": "#/definitions/toolComponent" + } + }, + + "webRequests": { + "description": "An array of request objects cached at run level.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "$ref": "#/definitions/webRequest" + } + }, + + "webResponses": { + "description": "An array of response objects cached at run level.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "$ref": "#/definitions/webResponse" + } + }, + + "specialLocations": { + "description": "A specialLocations object that defines locations of special significance to SARIF consumers.", + "$ref": "#/definitions/specialLocations" + }, + + "properties": { + "description": "Key/value pairs that provide additional information about the run.", + "$ref": "#/definitions/propertyBag" + } + }, + + "required": [ "tool" ] + }, + + "runAutomationDetails": { + "description": "Information that describes a run's identity and role within an engineering system process.", + "additionalProperties": false, + "type": "object", + "properties": { + + "description": { + "description": "A description of the identity and role played within the engineering system by this object's containing run object.", + "$ref": "#/definitions/message" + }, + + "id": { + "description": "A hierarchical string that uniquely identifies this object's containing run object.", + "type": "string" + }, + + "guid": { + "description": "A stable, unique identifer for this object's containing run object in the form of a GUID.", + "type": "string", + "pattern": "^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$" + }, + + "correlationGuid": { + "description": "A stable, unique identifier for the equivalence class of runs to which this object's containing run object belongs in the form of a GUID.", + "type": "string", + "pattern": "^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$" + }, + + "properties": { + "description": "Key/value pairs that provide additional information about the run automation details.", + "$ref": "#/definitions/propertyBag" + } + } + }, + + "specialLocations": { + "description": "Defines locations of special significance to SARIF consumers.", + "type": "object", + "additionalProperties": false, + "properties": { + + "displayBase": { + "description": "Provides a suggestion to SARIF consumers to display file paths relative to the specified location.", + "$ref": "#/definitions/artifactLocation" + }, + + "properties": { + "description": "Key/value pairs that provide additional information about the special locations.", + "$ref": "#/definitions/propertyBag" + } + } + }, + + "stack": { + "description": "A call stack that is relevant to a result.", + "additionalProperties": false, + "type": "object", + "properties": { + + "message": { + "description": "A message relevant to this call stack.", + "$ref": "#/definitions/message" + }, + + "frames": { + "description": "An array of stack frames that represents a sequence of calls, rendered in reverse chronological order, that comprise the call stack.", + "type": "array", + "minItems": 0, + "uniqueItems": false, + "items": { + "$ref": "#/definitions/stackFrame" + } + }, + + "properties": { + "description": "Key/value pairs that provide additional information about the stack.", + "$ref": "#/definitions/propertyBag" + } + }, + "required": [ "frames" ] + }, + + "stackFrame": { + "description": "A function call within a stack trace.", + "additionalProperties": false, + "type": "object", + "properties": { + + "location": { + "description": "The location to which this stack frame refers.", + "$ref": "#/definitions/location" + }, + + "module": { + "description": "The name of the module that contains the code of this stack frame.", + "type": "string" + }, + + "threadId": { + "description": "The thread identifier of the stack frame.", + "type": "integer" + }, + + "parameters": { + "description": "The parameters of the call that is executing.", + "type": "array", + "minItems": 0, + "uniqueItems": false, + "default": [], + "items": { + "type": "string", + "default": [] + } + }, + + "properties": { + "description": "Key/value pairs that provide additional information about the stack frame.", + "$ref": "#/definitions/propertyBag" + } + } + }, + + "suppression": { + "description": "A suppression that is relevant to a result.", + "additionalProperties": false, + "type": "object", + "properties": { + + "guid": { + "description": "A stable, unique identifer for the suprression in the form of a GUID.", + "type": "string", + "pattern": "^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$" + }, + + "kind": { + "description": "A string that indicates where the suppression is persisted.", + "enum": [ + "inSource", + "external" + ] + }, + + "status": { + "description": "A string that indicates the review status of the suppression.", + "enum": [ + "accepted", + "underReview", + "rejected" + ] + }, + + "justification": { + "description": "A string representing the justification for the suppression.", + "type": "string" + }, + + "location": { + "description": "Identifies the location associated with the suppression.", + "$ref": "#/definitions/location" + }, + + "properties": { + "description": "Key/value pairs that provide additional information about the suppression.", + "$ref": "#/definitions/propertyBag" + } + }, + "required": [ "kind" ] + }, + + "threadFlow": { + "description": "Describes a sequence of code locations that specify a path through a single thread of execution such as an operating system or fiber.", + "type": "object", + "additionalProperties": false, + "properties": { + + "id": { + "description": "An string that uniquely identifies the threadFlow within the codeFlow in which it occurs.", + "type": "string" + }, + + "message": { + "description": "A message relevant to the thread flow.", + "$ref": "#/definitions/message" + }, + + + "initialState": { + "description": "Values of relevant expressions at the start of the thread flow that may change during thread flow execution.", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/multiformatMessageString" + } + }, + + "immutableState": { + "description": "Values of relevant expressions at the start of the thread flow that remain constant.", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/multiformatMessageString" + } + }, + + "locations": { + "description": "A temporally ordered array of 'threadFlowLocation' objects, each of which describes a location visited by the tool while producing the result.", + "type": "array", + "minItems": 1, + "uniqueItems": false, + "items": { + "$ref": "#/definitions/threadFlowLocation" + } + }, + + "properties": { + "description": "Key/value pairs that provide additional information about the thread flow.", + "$ref": "#/definitions/propertyBag" + } + }, + + "required": [ "locations" ] + }, + + "threadFlowLocation": { + "description": "A location visited by an analysis tool while simulating or monitoring the execution of a program.", + "additionalProperties": false, + "type": "object", + "properties": { + + "index": { + "description": "The index within the run threadFlowLocations array.", + "type": "integer", + "default": -1, + "minimum": -1 + }, + + "location": { + "description": "The code location.", + "$ref": "#/definitions/location" + }, + + "stack": { + "description": "The call stack leading to this location.", + "$ref": "#/definitions/stack" + }, + + "kinds": { + "description": "A set of distinct strings that categorize the thread flow location. Well-known kinds include 'acquire', 'release', 'enter', 'exit', 'call', 'return', 'branch', 'implicit', 'false', 'true', 'caution', 'danger', 'unknown', 'unreachable', 'taint', 'function', 'handler', 'lock', 'memory', 'resource', 'scope' and 'value'.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "type": "string" + } + }, + + "taxa": { + "description": "An array of references to rule or taxonomy reporting descriptors that are applicable to the thread flow location.", + "type": "array", + "default": [], + "minItems": 0, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/reportingDescriptorReference" + } + }, + + "module": { + "description": "The name of the module that contains the code that is executing.", + "type": "string" + }, + + "state": { + "description": "A dictionary, each of whose keys specifies a variable or expression, the associated value of which represents the variable or expression value. For an annotation of kind 'continuation', for example, this dictionary might hold the current assumed values of a set of global variables.", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/multiformatMessageString" + } + }, + + "nestingLevel": { + "description": "An integer representing a containment hierarchy within the thread flow.", + "type": "integer", + "minimum": 0 + }, + + "executionOrder": { + "description": "An integer representing the temporal order in which execution reached this location.", + "type": "integer", + "default": -1, + "minimum": -1 + }, + + "executionTimeUtc": { + "description": "The Coordinated Universal Time (UTC) date and time at which this location was executed.", + "type": "string", + "format": "date-time" + }, + + "importance": { + "description": "Specifies the importance of this location in understanding the code flow in which it occurs. The order from most to least important is \"essential\", \"important\", \"unimportant\". Default: \"important\".", + "enum": [ "important", "essential", "unimportant" ], + "default": "important" + }, + + "webRequest": { + "description": "A web request associated with this thread flow location.", + "$ref": "#/definitions/webRequest" + }, + + "webResponse": { + "description": "A web response associated with this thread flow location.", + "$ref": "#/definitions/webResponse" + }, + + "properties": { + "description": "Key/value pairs that provide additional information about the threadflow location.", + "$ref": "#/definitions/propertyBag" + } + } + }, + + "tool": { + "description": "The analysis tool that was run.", + "additionalProperties": false, + "type": "object", + "properties": { + + "driver": { + "description": "The analysis tool that was run.", + "$ref": "#/definitions/toolComponent" + }, + + "extensions": { + "description": "Tool extensions that contributed to or reconfigured the analysis tool that was run.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "$ref": "#/definitions/toolComponent" + } + }, + + "properties": { + "description": "Key/value pairs that provide additional information about the tool.", + "$ref": "#/definitions/propertyBag" + } + }, + + "required": [ "driver" ] + }, + + "toolComponent": { + "description": "A component, such as a plug-in or the driver, of the analysis tool that was run.", + "additionalProperties": false, + "type": "object", + "properties": { + + "guid": { + "description": "A unique identifer for the tool component in the form of a GUID.", + "type": "string", + "pattern": "^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$" + }, + + "name": { + "description": "The name of the tool component.", + "type": "string" + }, + + "organization": { + "description": "The organization or company that produced the tool component.", + "type": "string" + }, + + "product": { + "description": "A product suite to which the tool component belongs.", + "type": "string" + }, + + "productSuite": { + "description": "A localizable string containing the name of the suite of products to which the tool component belongs.", + "type": "string" + }, + + "shortDescription": { + "description": "A brief description of the tool component.", + "$ref": "#/definitions/multiformatMessageString" + }, + + "fullDescription": { + "description": "A comprehensive description of the tool component.", + "$ref": "#/definitions/multiformatMessageString" + }, + + "fullName": { + "description": "The name of the tool component along with its version and any other useful identifying information, such as its locale.", + "type": "string" + }, + + "version": { + "description": "The tool component version, in whatever format the component natively provides.", + "type": "string" + }, + + "semanticVersion": { + "description": "The tool component version in the format specified by Semantic Versioning 2.0.", + "type": "string" + }, + + "dottedQuadFileVersion": { + "description": "The binary version of the tool component's primary executable file expressed as four non-negative integers separated by a period (for operating systems that express file versions in this way).", + "type": "string", + "pattern": "[0-9]+(\\.[0-9]+){3}" + }, + + "releaseDateUtc": { + "description": "A string specifying the UTC date (and optionally, the time) of the component's release.", + "type": "string" + }, + + "downloadUri": { + "description": "The absolute URI from which the tool component can be downloaded.", + "type": "string", + "format": "uri" + }, + + "informationUri": { + "description": "The absolute URI at which information about this version of the tool component can be found.", + "type": "string", + "format": "uri" + }, + + "globalMessageStrings": { + "description": "A dictionary, each of whose keys is a resource identifier and each of whose values is a multiformatMessageString object, which holds message strings in plain text and (optionally) Markdown format. The strings can include placeholders, which can be used to construct a message in combination with an arbitrary number of additional string arguments.", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/multiformatMessageString" + } + }, + + "notifications": { + "description": "An array of reportingDescriptor objects relevant to the notifications related to the configuration and runtime execution of the tool component.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "$ref": "#/definitions/reportingDescriptor" + } + }, + + "rules": { + "description": "An array of reportingDescriptor objects relevant to the analysis performed by the tool component.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "$ref": "#/definitions/reportingDescriptor" + } + }, + + "taxa": { + "description": "An array of reportingDescriptor objects relevant to the definitions of both standalone and tool-defined taxonomies.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "$ref": "#/definitions/reportingDescriptor" + } + }, + + "locations": { + "description": "An array of the artifactLocation objects associated with the tool component.", + "type": "array", + "minItems": 0, + "default": [], + "items": { + "$ref": "#/definitions/artifactLocation" + } + }, + + "language": { + "description": "The language of the messages emitted into the log file during this run (expressed as an ISO 639-1 two-letter lowercase language code) and an optional region (expressed as an ISO 3166-1 two-letter uppercase subculture code associated with a country or region). The casing is recommended but not required (in order for this data to conform to RFC5646).", + "type": "string", + "default": "en-US", + "pattern": "^[a-zA-Z]{2}|^[a-zA-Z]{2}-[a-zA-Z]{2}]?$" + }, + + "contents": { + "description": "The kinds of data contained in this object.", + "type": "array", + "uniqueItems": true, + "default": [ "localizedData", "nonLocalizedData" ], + "items": { + "enum": [ + "localizedData", + "nonLocalizedData" + ] + } + }, + + "isComprehensive": { + "description": "Specifies whether this object contains a complete definition of the localizable and/or non-localizable data for this component, as opposed to including only data that is relevant to the results persisted to this log file.", + "type": "boolean", + "default": false + }, + + "localizedDataSemanticVersion": { + "description": "The semantic version of the localized strings defined in this component; maintained by components that provide translations.", + "type": "string" + }, + + "minimumRequiredLocalizedDataSemanticVersion": { + "description": "The minimum value of localizedDataSemanticVersion required in translations consumed by this component; used by components that consume translations.", + "type": "string" + }, + + "associatedComponent": { + "description": "The component which is strongly associated with this component. For a translation, this refers to the component which has been translated. For an extension, this is the driver that provides the extension's plugin model.", + "$ref": "#/definitions/toolComponentReference" + }, + + "translationMetadata": { + "description": "Translation metadata, required for a translation, not populated by other component types.", + "$ref": "#/definitions/translationMetadata" + }, + + "supportedTaxonomies": { + "description": "An array of toolComponentReference objects to declare the taxonomies supported by the tool component.", + "type": "array", + "minItems": 0, + "uniqueItems": true, + "default": [], + "items": { + "$ref": "#/definitions/toolComponentReference" + } + }, + + "properties": { + "description": "Key/value pairs that provide additional information about the tool component.", + "$ref": "#/definitions/propertyBag" + } + }, + + "required": [ "name" ] + }, + + "toolComponentReference": { + "description": "Identifies a particular toolComponent object, either the driver or an extension.", + "type": "object", + "additionalProperties": false, + "properties": { + + "name": { + "description": "The 'name' property of the referenced toolComponent.", + "type": "string" + }, + + "index": { + "description": "An index into the referenced toolComponent in tool.extensions.", + "type": "integer", + "default": -1, + "minimum": -1 + }, + + "guid": { + "description": "The 'guid' property of the referenced toolComponent.", + "type": "string", + "pattern": "^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$" + }, + + "properties": { + "description": "Key/value pairs that provide additional information about the toolComponentReference.", + "$ref": "#/definitions/propertyBag" + } + } + }, + + "translationMetadata": { + "description": "Provides additional metadata related to translation.", + "type": "object", + "additionalProperties": false, + "properties": { + + "name": { + "description": "The name associated with the translation metadata.", + "type": "string" + }, + + "fullName": { + "description": "The full name associated with the translation metadata.", + "type": "string" + }, + + "shortDescription": { + "description": "A brief description of the translation metadata.", + "$ref": "#/definitions/multiformatMessageString" + }, + + "fullDescription": { + "description": "A comprehensive description of the translation metadata.", + "$ref": "#/definitions/multiformatMessageString" + }, + + "downloadUri": { + "description": "The absolute URI from which the translation metadata can be downloaded.", + "type": "string", + "format": "uri" + }, + + "informationUri": { + "description": "The absolute URI from which information related to the translation metadata can be downloaded.", + "type": "string", + "format": "uri" + }, + + "properties": { + "description": "Key/value pairs that provide additional information about the translation metadata.", + "$ref": "#/definitions/propertyBag" + } + }, + "required": [ "name" ] + }, + + "versionControlDetails": { + "description": "Specifies the information necessary to retrieve a desired revision from a version control system.", + "type": "object", + "additionalProperties": false, + "properties": { + + "repositoryUri": { + "description": "The absolute URI of the repository.", + "type": "string", + "format": "uri" + }, + + "revisionId": { + "description": "A string that uniquely and permanently identifies the revision within the repository.", + "type": "string" + }, + + "branch": { + "description": "The name of a branch containing the revision.", + "type": "string" + }, + + "revisionTag": { + "description": "A tag that has been applied to the revision.", + "type": "string" + }, + + "asOfTimeUtc": { + "description": "A Coordinated Universal Time (UTC) date and time that can be used to synchronize an enlistment to the state of the repository at that time.", + "type": "string", + "format": "date-time" + }, + + "mappedTo": { + "description": "The location in the local file system to which the root of the repository was mapped at the time of the analysis.", + "$ref": "#/definitions/artifactLocation" + }, + + "properties": { + "description": "Key/value pairs that provide additional information about the version control details.", + "$ref": "#/definitions/propertyBag" + } + }, + + "required": [ "repositoryUri" ] + }, + + "webRequest": { + "description": "Describes an HTTP request.", + "type": "object", + "additionalProperties": false, + "properties": { + + "index": { + "description": "The index within the run.webRequests array of the request object associated with this result.", + "type": "integer", + "default": -1, + "minimum": -1 + + }, + + "protocol": { + "description": "The request protocol. Example: 'http'.", + "type": "string" + }, + + "version": { + "description": "The request version. Example: '1.1'.", + "type": "string" + }, + + "target": { + "description": "The target of the request.", + "type": "string" + }, + + "method": { + "description": "The HTTP method. Well-known values are 'GET', 'PUT', 'POST', 'DELETE', 'PATCH', 'HEAD', 'OPTIONS', 'TRACE', 'CONNECT'.", + "type": "string" + }, + + "headers": { + "description": "The request headers.", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + + "parameters": { + "description": "The request parameters.", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + + "body": { + "description": "The body of the request.", + "$ref": "#/definitions/artifactContent" + }, + + "properties": { + "description": "Key/value pairs that provide additional information about the request.", + "$ref": "#/definitions/propertyBag" + } + } + }, + + "webResponse": { + "description": "Describes the response to an HTTP request.", + "type": "object", + "additionalProperties": false, + "properties": { + + "index": { + "description": "The index within the run.webResponses array of the response object associated with this result.", + "type": "integer", + "default": -1, + "minimum": -1 + }, + + "protocol": { + "description": "The response protocol. Example: 'http'.", + "type": "string" + }, + + "version": { + "description": "The response version. Example: '1.1'.", + "type": "string" + }, + + "statusCode": { + "description": "The response status code. Example: 451.", + "type": "integer" + }, + + "reasonPhrase": { + "description": "The response reason. Example: 'Not found'.", + "type": "string" + }, + + "headers": { + "description": "The response headers.", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + + "body": { + "description": "The body of the response.", + "$ref": "#/definitions/artifactContent" + }, + + "noResponseReceived": { + "description": "Specifies whether a response was received from the server.", + "type": "boolean", + "default": false + }, + + "properties": { + "description": "Key/value pairs that provide additional information about the response.", + "$ref": "#/definitions/propertyBag" + } + } + } + } +} diff --git a/scripts/guideline_recategorization/recategorize.py b/scripts/guideline_recategorization/recategorize.py new file mode 100644 index 0000000000..645b4ef6d8 --- /dev/null +++ b/scripts/guideline_recategorization/recategorize.py @@ -0,0 +1,188 @@ +import argparse +import sys +from dataclasses import asdict, dataclass +from typing import Any, Generator, Iterator, Mapping, Optional, TextIO, TypedDict, Union, cast +from pathlib import Path +import jsonschema +import json +from jsonpath_ng import jsonpath +import jsonpath_ng.ext +import jsonpointer +import yaml +import re +import jsonpatch +from functools import reduce + +CODING_STANDARDS_SCHEMA_ID = 'https://raw.githubusercontent.com/github/codeql-coding-standards/main/schemas/coding-standards-schema-1.0.0.json' +SARIF_SCHEMA_ID = 'https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json' + +script_path = Path(__file__).resolve() +root_path = script_path.parent.parent.parent + +@dataclass(frozen=True) +class GuidelineRecategorization(): + """ + This is a class to represent a guideline recategorization as specified in a + `coding-standard.yml` configuration. + """ + rule_id: str + category: str + +class JsonPatch(TypedDict): + """ + This is a class that represents a JSON Patch as specified in + https://datatracker.ietf.org/doc/html/rfc6902/. + """ + op: str + path: str + value: str + +def json_path_to_pointer(path: Union[str, jsonpath.JSONPath], subject: Mapping[str, Any]) -> Iterator[jsonpointer.JsonPointer]: + """ Convert a JSON Path to, possible multiple, JSON Pointers""" + if isinstance(path, str): + path = jsonpath_ng.ext.parse(path) + + # Convert a resolved JSON Path to Pointer through the following steps: + # 1. Replace the indexing expression `.[i].` with it's pointer equivalent `/i` with `i` being a positive integer. + translate_indexing = lambda path: re.sub(r'\.\[(\d+)\]', '.\\1', path) + # 2. Split the path in to paths + split_into_parts = lambda path: path.split('.') + # 3. Convert the paths into a JSON pointer. + convert_to_pointer = jsonpointer.JsonPointer.from_parts + + def apply(a, f): + return f(a) + path_to_pointer = lambda p: reduce(apply, [str, translate_indexing, split_into_parts, convert_to_pointer], p) + + return map(path_to_pointer, [match.full_path for match in cast(jsonpath.JSONPath, path).find(subject)]) + +def recategorization_to_json_path_for_rule(recategorization: GuidelineRecategorization) -> str: + """ + Compute a JSON path to the rule specified in the guideline recategorization. + To remain composable the path is returned as a string. + """ + return f'$.runs[?(@.tool.driver.name="CodeQL")].tool.driver.rules[?(@.properties.tags[*]=~"external/[^/]+/id/{recategorization.rule_id.lower()}")]' + +def recategorization_to_json_path_for_category(recategorization: GuidelineRecategorization) -> str: + """ + Compute a JSON path to the rule's category tag specified in the guideline recategorization. + To remain composable the path is returned as a string. + """ + return f'{recategorization_to_json_path_for_rule(recategorization)}.properties.tags[?(@=~"external/[^/]+/obligation/")]' + +def generate_json_patches_for_recategorization(recategorization: GuidelineRecategorization, subject: dict) -> Iterator[JsonPatch]: + """ + Compute as set of JSON patches to apply the recategorization to the subject Sarif file. + """ + def to_jsonpatch(pointer:jsonpointer.JsonPointer): + standard = cast(str, pointer.get(subject)).split('/')[1] + return JsonPatch( + op = 'replace', + path = pointer.path, + value = f'external/{standard}/obligation/{recategorization.category}' + ) + return map(to_jsonpatch, json_path_to_pointer(recategorization_to_json_path_for_category(recategorization), subject)) + + +def get_guideline_recategorizations(coding_standards_config: Mapping[str, Any]) -> Generator[GuidelineRecategorization, None, None]: + """ + Return the guideline recategorizations for a given Coding Standards configuration. + """ + for spec in coding_standards_config['guideline-recategorizations']: + yield GuidelineRecategorization(spec['rule-id'], spec['category']) + +def load_schema(path: Path, defaultname: str) -> Optional[Mapping[str, Any]]: + def resolve_path(path : Path) -> Optional[Path]: + if path.is_file(): + return path + + if path.is_dir(): + if (path / defaultname).is_file(): + return (path / defaultname) + + if (path / 'schemas' / defaultname).is_file(): + return (path / 'schemas' / defaultname) + + if path.parent != path: + return resolve_path(path.parent) + else: + return None + resolved_schema_path = resolve_path(path.resolve()) + if resolved_schema_path: + with resolved_schema_path.open(mode='r') as fp: + return json.load(fp) + else: + return None + +def load_config(path: Path) -> Optional[Mapping[str, Any]]: + if path.is_file(): + with path.open('r') as fp: + return yaml.safe_load(fp) + else: + return None + +def validate_against_schema(schema: Mapping[str, Any], instance: Mapping[str, Any]) -> None: + jsonschema.validate(schema=schema, instance=instance) + +def print_warning(*values): + print(*values, file=sys.stderr) + +def print_failure(*values): + print(*values, file=sys.stderr) + exit(1) + +def main(args: argparse.Namespace): + coding_standards_schema = load_schema(args.coding_standards_schema_file, 'coding-standards-schema-1.0.0.json') + if not coding_standards_schema: + print_failure("Failed to load Coding Standards schema!") + + if coding_standards_schema['$id'] != CODING_STANDARDS_SCHEMA_ID: + print_failure(f"Unexpected id for Coding Standards schema, expecting '{CODING_STANDARDS_SCHEMA_ID}'!") + + sarif_schema = load_schema(args.sarif_schema_file, 'sarif-schema-2.1.0.json') + if not sarif_schema: + print("Failed to load Sarif schema!", file=sys.stderr) + sys.exit(1) + sarif_schema = cast(Mapping[str, Any], sarif_schema) + + if sarif_schema['$id'] != SARIF_SCHEMA_ID: + print_failure(f"Unexpected id for Sarif schema, expecting '{SARIF_SCHEMA_ID}'!") + + coding_standards_config = load_config(args.coding_standards_config_file) + if not coding_standards_schema: + print(f"Failed to load Coding Standards configuration file: {args.coding_standards_config_file}!", file=sys.stderr) + sys.exit(1) + + coding_standards_config = cast(Mapping[str, Any], coding_standards_config) + validate_against_schema(coding_standards_schema, coding_standards_config) + + sarif = json.load(args.sarif_in) + validate_against_schema(sarif_schema, sarif) + + recategorizations = get_guideline_recategorizations(coding_standards_config) + patch = jsonpatch.JsonPatch([patch for r in recategorizations for patch in generate_json_patches_for_recategorization(r, sarif)]) + if args.dump_json_patch != None: + dump_json_patch = Path(args.dump_json_patch) + if dump_json_patch.is_dir(): + dump_json_patch /= 'json-patch.json' + + if not dump_json_patch.exists(): + dump_json_patch.write_text(patch.to_string()) + else: + print_warning(f"Skipping dumping of JSON patch to file {dump_json_patch} because it already exists!") + + patched_sarif = patch.apply(sarif) + validate_against_schema(sarif_schema, patched_sarif) + + json.dump(patched_sarif, args.sarif_out) + +if __name__ == '__main__': + parser = argparse.ArgumentParser(description='Apply a guideline re-categorization specification to a Sarif results file.') + parser.add_argument('--coding-standards-schema-file', type=Path, default=Path.cwd()) + parser.add_argument('--sarif-schema-file', type=Path, default=Path.cwd()) + parser.add_argument('--dump-json-patch', type=Path) + parser.add_argument('coding_standards_config_file', type=Path) + parser.add_argument('sarif_in', nargs='?', type=argparse.FileType('r'), default=sys.stdin) + parser.add_argument('sarif_out', nargs='?', type=argparse.FileType('w'), default=sys.stdout) + + main(parser.parse_args()) \ No newline at end of file diff --git a/scripts/guideline_recategorization/requirements.txt b/scripts/guideline_recategorization/requirements.txt new file mode 100644 index 0000000000..a980410d07 --- /dev/null +++ b/scripts/guideline_recategorization/requirements.txt @@ -0,0 +1,6 @@ +jsonpath-ng==1.5.3 +jsonschema==4.9.1 +jsonpatch==1.32 +jsonpointer==2.3 +PyYAML==5.4 + From a4d2e3a161dacda745ecbf5d0ebe36474673110f Mon Sep 17 00:00:00 2001 From: Remco Vermeulen Date: Tue, 25 Oct 2022 12:17:12 -0700 Subject: [PATCH 15/43] Add tag with original category --- .../guideline_recategorization/recategorize.py | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/scripts/guideline_recategorization/recategorize.py b/scripts/guideline_recategorization/recategorize.py index 645b4ef6d8..5e8dcff57e 100644 --- a/scripts/guideline_recategorization/recategorize.py +++ b/scripts/guideline_recategorization/recategorize.py @@ -1,7 +1,7 @@ import argparse import sys from dataclasses import asdict, dataclass -from typing import Any, Generator, Iterator, Mapping, Optional, TextIO, TypedDict, Union, cast +from typing import Any, Generator, Iterator, List, Mapping, Optional, TextIO, TypedDict, Union, cast from pathlib import Path import jsonschema import json @@ -74,14 +74,15 @@ def generate_json_patches_for_recategorization(recategorization: GuidelineRecate """ Compute as set of JSON patches to apply the recategorization to the subject Sarif file. """ - def to_jsonpatch(pointer:jsonpointer.JsonPointer): - standard = cast(str, pointer.get(subject)).split('/')[1] - return JsonPatch( + def to_jsonpatch(pointer:jsonpointer.JsonPointer) -> Iterator[JsonPatch]: + obligation_tag = cast(str, pointer.get(subject)) + _, standard, _, category = obligation_tag.split('/') + yield JsonPatch( op = 'replace', path = pointer.path, - value = f'external/{standard}/obligation/{recategorization.category}' - ) - return map(to_jsonpatch, json_path_to_pointer(recategorization_to_json_path_for_category(recategorization), subject)) + value = f'external/{standard}/obligation/{recategorization.category}') + yield JsonPatch(op = 'add', path = pointer.path, value = f'external/{standard}/original-obligation/{category}') + return (patch for pointer in json_path_to_pointer(recategorization_to_json_path_for_category(recategorization), subject) for patch in to_jsonpatch(pointer)) def get_guideline_recategorizations(coding_standards_config: Mapping[str, Any]) -> Generator[GuidelineRecategorization, None, None]: From a0a40cd68e37f2f49e843f5e159cc85d9c468b50 Mon Sep 17 00:00:00 2001 From: Remco Vermeulen Date: Wed, 2 Nov 2022 14:32:53 -0700 Subject: [PATCH 16/43] Handle schema validation exception --- scripts/guideline_recategorization/recategorize.py | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/scripts/guideline_recategorization/recategorize.py b/scripts/guideline_recategorization/recategorize.py index 5e8dcff57e..81c43d2104 100644 --- a/scripts/guideline_recategorization/recategorize.py +++ b/scripts/guideline_recategorization/recategorize.py @@ -155,10 +155,18 @@ def main(args: argparse.Namespace): sys.exit(1) coding_standards_config = cast(Mapping[str, Any], coding_standards_config) - validate_against_schema(coding_standards_schema, coding_standards_config) + try: + validate_against_schema(coding_standards_schema, coding_standards_config) + except jsonschema.ValidationError as e: + print(f"Failed to validate the Coding Standards configuration file: {args.coding_standards_config_file} with the message: '{e.message}'!", file=sys.stderr) + sys.exit(1) sarif = json.load(args.sarif_in) - validate_against_schema(sarif_schema, sarif) + try: + validate_against_schema(sarif_schema, sarif) + except jsonschema.ValidationError as e: + print(f"Failed to validate the provided Sarif with the message: '{e.message}'!", file=sys.stderr) + sys.exit(1) recategorizations = get_guideline_recategorizations(coding_standards_config) patch = jsonpatch.JsonPatch([patch for r in recategorizations for patch in generate_json_patches_for_recategorization(r, sarif)]) From 8b7be7562b14ab04cc25fb96b16f2b760ffc3cb3 Mon Sep 17 00:00:00 2001 From: Remco Vermeulen Date: Wed, 2 Nov 2022 16:41:27 -0700 Subject: [PATCH 17/43] Properly handle json and yml decoding errors. --- .../recategorize.py | 21 +++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/scripts/guideline_recategorization/recategorize.py b/scripts/guideline_recategorization/recategorize.py index 81c43d2104..04d619b2a1 100644 --- a/scripts/guideline_recategorization/recategorize.py +++ b/scripts/guideline_recategorization/recategorize.py @@ -9,6 +9,7 @@ import jsonpath_ng.ext import jsonpointer import yaml +import yaml.parser import re import jsonpatch from functools import reduce @@ -111,14 +112,20 @@ def resolve_path(path : Path) -> Optional[Path]: resolved_schema_path = resolve_path(path.resolve()) if resolved_schema_path: with resolved_schema_path.open(mode='r') as fp: - return json.load(fp) + try: + return json.load(fp) + except json.decoder.JSONDecodeError as e: + print_failure(f"Failed to load schema with error \"{e.msg}\" at {resolved_schema_path}:{e.lineno}:{e.colno}!") else: return None def load_config(path: Path) -> Optional[Mapping[str, Any]]: if path.is_file(): with path.open('r') as fp: - return yaml.safe_load(fp) + try: + return yaml.safe_load(fp) + except yaml.parser.ParserError as e: + print_failure(f"Failed to load config with error \"{e.problem}\" at {path}:{e.problem_mark.line}:{e.problem_mark.column}!") else: return None @@ -137,17 +144,23 @@ def main(args: argparse.Namespace): if not coding_standards_schema: print_failure("Failed to load Coding Standards schema!") + if not '$id' in coding_standards_schema: + print_failure(f"Missing id for Coding Standards schema: '{args.coding_standards_schema_file}'") + if coding_standards_schema['$id'] != CODING_STANDARDS_SCHEMA_ID: print_failure(f"Unexpected id for Coding Standards schema, expecting '{CODING_STANDARDS_SCHEMA_ID}'!") sarif_schema = load_schema(args.sarif_schema_file, 'sarif-schema-2.1.0.json') if not sarif_schema: - print("Failed to load Sarif schema!", file=sys.stderr) + print(f"Failed to load Sarif schema: '{args.sarif_schema_file}'!", file=sys.stderr) sys.exit(1) sarif_schema = cast(Mapping[str, Any], sarif_schema) + if not '$id' in sarif_schema: + print_failure(f"Missing id for Sarif schema: '{args.sarif_schema_file}'") + if sarif_schema['$id'] != SARIF_SCHEMA_ID: - print_failure(f"Unexpected id for Sarif schema, expecting '{SARIF_SCHEMA_ID}'!") + print_failure(f"Unexpected id for Sarif schema: '{args.sarif_schema_file}, expecting '{SARIF_SCHEMA_ID}'!") coding_standards_config = load_config(args.coding_standards_config_file) if not coding_standards_schema: From 4f180531f27570b9d274196b70eeccf6ce8f4502 Mon Sep 17 00:00:00 2001 From: Remco Vermeulen Date: Wed, 2 Nov 2022 16:42:22 -0700 Subject: [PATCH 18/43] Add unit tests for the recategorization script. --- .../recategorize_test.py | 101 + .../requirements.txt | 1 + .../empty-coding-standards-config.yml | 0 .../invalid-coding-standards-config.yml | 2 + .../test-data/invalid-json.json | 3 + .../test-data/invalid-sarif.json | 4 + .../test-data/invalid-yaml.yml | 3 + .../test-data/json-patch.expected | 1 + ...pported-coding-standards-schema-0.0.1.json | 54 + .../unsupported-sarif-schema-2.0.0.json | 1769 +++++++++++++++++ .../valid-coding-standards-config.yml | 7 + .../valid-sarif-recategorized.expected | 1 + .../test-data/valid-sarif.json | 115 ++ 13 files changed, 2061 insertions(+) create mode 100644 scripts/guideline_recategorization/recategorize_test.py create mode 100644 scripts/guideline_recategorization/test-data/empty-coding-standards-config.yml create mode 100644 scripts/guideline_recategorization/test-data/invalid-coding-standards-config.yml create mode 100644 scripts/guideline_recategorization/test-data/invalid-json.json create mode 100644 scripts/guideline_recategorization/test-data/invalid-sarif.json create mode 100644 scripts/guideline_recategorization/test-data/invalid-yaml.yml create mode 100644 scripts/guideline_recategorization/test-data/json-patch.expected create mode 100644 scripts/guideline_recategorization/test-data/unsupported-coding-standards-schema-0.0.1.json create mode 100644 scripts/guideline_recategorization/test-data/unsupported-sarif-schema-2.0.0.json create mode 100644 scripts/guideline_recategorization/test-data/valid-coding-standards-config.yml create mode 100644 scripts/guideline_recategorization/test-data/valid-sarif-recategorized.expected create mode 100644 scripts/guideline_recategorization/test-data/valid-sarif.json diff --git a/scripts/guideline_recategorization/recategorize_test.py b/scripts/guideline_recategorization/recategorize_test.py new file mode 100644 index 0000000000..185c92272d --- /dev/null +++ b/scripts/guideline_recategorization/recategorize_test.py @@ -0,0 +1,101 @@ +import pytest +import difflib +import recategorize +import jsonschema +from pathlib import Path +import argparse +import sys + +TEST_DATA_DIR = Path(__file__).resolve().parent / 'test-data' + +class TestsInputs: + def test_invalid_codeql_config(self): + with pytest.raises(SystemExit): + recategorize.main(argparse.Namespace( + coding_standards_schema_file= Path.cwd(), + sarif_schema_file= Path.cwd(), + coding_standards_config_file= TEST_DATA_DIR / 'invalid-coding-standards-config.yml' + )) + + def test_valid_codeql_config(self): + with (TEST_DATA_DIR / 'valid-sarif.json').open(mode='r') as sarif_in: + recategorize.main(argparse.Namespace( + coding_standards_schema_file= Path.cwd(), + sarif_schema_file= Path.cwd(), + coding_standards_config_file= TEST_DATA_DIR / 'valid-coding-standards-config.yml', + sarif_in=sarif_in, + sarif_out=sys.stdout, + dump_json_patch=None + )) + + def test_invalid_sarif_file(self): + with pytest.raises(SystemExit): + with (TEST_DATA_DIR / 'invalid-sarif.json').open(mode='r') as sarif_in: + recategorize.main(argparse.Namespace( + coding_standards_schema_file= Path.cwd(), + sarif_schema_file= Path.cwd(), + coding_standards_config_file= TEST_DATA_DIR / 'valid-coding-standards-config.yml', + sarif_in=sarif_in + )) + + def test_valid_sarif_file(self): + with (TEST_DATA_DIR / 'valid-sarif.json').open(mode='r') as sarif_in: + recategorize.main(argparse.Namespace( + coding_standards_schema_file= Path.cwd(), + sarif_schema_file= Path.cwd(), + coding_standards_config_file= TEST_DATA_DIR / 'valid-coding-standards-config.yml', + sarif_in=sarif_in, + sarif_out=sys.stdout, + dump_json_patch=None + )) + + def test_invalid_yaml(self): + with pytest.raises(SystemExit): + recategorize.main(argparse.Namespace( + coding_standards_schema_file= Path.cwd(), + sarif_schema_file= Path.cwd(), + coding_standards_config_file= TEST_DATA_DIR / 'invalid-yaml.yml' + )) + + def test_invalid_json_for_schema(self): + with pytest.raises(SystemExit): + recategorize.main(argparse.Namespace( + coding_standards_schema_file= TEST_DATA_DIR / 'invalid-json.json' + )) + +class TestUnsupportedSchemas: + def test_unsupported_sarif_schema(self): + with pytest.raises(SystemExit): + recategorize.main(argparse.Namespace( + coding_standards_schema_file= Path.cwd(), + sarif_schema_file= TEST_DATA_DIR / 'unsupported-sarif-schema-2.0.0.json', + coding_standards_config_file= Path.cwd() + )) + def test_unsupported_coding_standards_config_schema(self): + with pytest.raises(SystemExit): + recategorize.main(argparse.Namespace( + coding_standards_schema_file= Path.cwd(), + sarif_schema_file= TEST_DATA_DIR / 'unsupported-coding-standards-schema-0.0.1.json', + coding_standards_config_file= Path.cwd() + )) + +class TestRecategorization: + def test_recategorization(self, tmp_path): + with (TEST_DATA_DIR / 'valid-sarif.json').open(mode='r') as sarif_in: + with (tmp_path / 'sarif.json').open(mode='w') as sarif_out: + recategorize.main(argparse.Namespace( + coding_standards_schema_file= Path.cwd(), + sarif_schema_file= Path.cwd(), + coding_standards_config_file= TEST_DATA_DIR / 'valid-coding-standards-config.yml', + sarif_in=sarif_in, + sarif_out=sarif_out, + dump_json_patch=tmp_path / 'json-patch.json' + )) + + expected_patch = (TEST_DATA_DIR / 'json-patch.expected').read_text() + actual_patch = (tmp_path / 'json-patch.json').read_text() + assert(expected_patch == actual_patch) + + expected_sarif = (TEST_DATA_DIR / 'valid-sarif-recategorized.expected').read_text() + actual_sarif = (tmp_path / 'sarif.json').read_text() + assert(expected_sarif == actual_sarif) \ No newline at end of file diff --git a/scripts/guideline_recategorization/requirements.txt b/scripts/guideline_recategorization/requirements.txt index a980410d07..3fa3a6ceae 100644 --- a/scripts/guideline_recategorization/requirements.txt +++ b/scripts/guideline_recategorization/requirements.txt @@ -3,4 +3,5 @@ jsonschema==4.9.1 jsonpatch==1.32 jsonpointer==2.3 PyYAML==5.4 +pytest==7.2.0 diff --git a/scripts/guideline_recategorization/test-data/empty-coding-standards-config.yml b/scripts/guideline_recategorization/test-data/empty-coding-standards-config.yml new file mode 100644 index 0000000000..e69de29bb2 diff --git a/scripts/guideline_recategorization/test-data/invalid-coding-standards-config.yml b/scripts/guideline_recategorization/test-data/invalid-coding-standards-config.yml new file mode 100644 index 0000000000..16a72ca981 --- /dev/null +++ b/scripts/guideline_recategorization/test-data/invalid-coding-standards-config.yml @@ -0,0 +1,2 @@ +guideline-recategorizations: + - rule-id: "A0-1-1" diff --git a/scripts/guideline_recategorization/test-data/invalid-json.json b/scripts/guideline_recategorization/test-data/invalid-json.json new file mode 100644 index 0000000000..ab61ba76e1 --- /dev/null +++ b/scripts/guideline_recategorization/test-data/invalid-json.json @@ -0,0 +1,3 @@ +{ + "foo": "bar", +} \ No newline at end of file diff --git a/scripts/guideline_recategorization/test-data/invalid-sarif.json b/scripts/guideline_recategorization/test-data/invalid-sarif.json new file mode 100644 index 0000000000..ed161bd6fd --- /dev/null +++ b/scripts/guideline_recategorization/test-data/invalid-sarif.json @@ -0,0 +1,4 @@ +{ + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", + "version": "2.1.0" +} \ No newline at end of file diff --git a/scripts/guideline_recategorization/test-data/invalid-yaml.yml b/scripts/guideline_recategorization/test-data/invalid-yaml.yml new file mode 100644 index 0000000000..f761ce92ad --- /dev/null +++ b/scripts/guideline_recategorization/test-data/invalid-yaml.yml @@ -0,0 +1,3 @@ +key: + key1: "value" + key2: "value" \ No newline at end of file diff --git a/scripts/guideline_recategorization/test-data/json-patch.expected b/scripts/guideline_recategorization/test-data/json-patch.expected new file mode 100644 index 0000000000..9ca8544d9f --- /dev/null +++ b/scripts/guideline_recategorization/test-data/json-patch.expected @@ -0,0 +1 @@ +[{"op": "replace", "path": "/runs/0/tool/driver/rules/0/properties/tags/5", "value": "external/autosar/obligation/mandatory"}, {"op": "add", "path": "/runs/0/tool/driver/rules/0/properties/tags/5", "value": "external/autosar/original-obligation/required"}, {"op": "replace", "path": "/runs/0/tool/driver/rules/1/properties/tags/5", "value": "external/autosar/obligation/disapplied"}, {"op": "add", "path": "/runs/0/tool/driver/rules/1/properties/tags/5", "value": "external/autosar/original-obligation/advisory"}, {"op": "replace", "path": "/runs/0/tool/driver/rules/2/properties/tags/4", "value": "external/autosar/obligation/mandatory"}, {"op": "add", "path": "/runs/0/tool/driver/rules/2/properties/tags/4", "value": "external/autosar/original-obligation/advisory"}] \ No newline at end of file diff --git a/scripts/guideline_recategorization/test-data/unsupported-coding-standards-schema-0.0.1.json b/scripts/guideline_recategorization/test-data/unsupported-coding-standards-schema-0.0.1.json new file mode 100644 index 0000000000..035f218ed7 --- /dev/null +++ b/scripts/guideline_recategorization/test-data/unsupported-coding-standards-schema-0.0.1.json @@ -0,0 +1,54 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema", + "$id": "https://raw.githubusercontent.com/github/codeql-coding-standards/main/schemas/coding-standards-schema-0.0.1.json", + "additionalProperties": false, + "definitions": { + "guideline-category": { + "enum": [ + "mandatory", + "required", + "advisory", + "disapplied" + ] + }, + "guideline-recategorization": { + "type": "object", + "properties": { + "rule-id": { + "type": "string" + }, + "category": { + "$ref": "#/definitions/guideline-category" + } + }, + "required": [ + "rule-id", + "category" + ] + } + }, + "properties": { + "report-deviated-alerts": { + "description": "When true includes alerts with an applicable deviation. Used for report generation.", + "type": "boolean" + }, + "deviations": { + "description": "A set of deviation records.", + "type": "array" + }, + "deviation-permits": { + "description": "A set of deviation permits.", + "type": "array" + }, + "guideline-recategorizations": { + "type": "array", + "minProperties": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/guideline-recategorization" + } + } + }, + "required": [], + "type": "object" +} \ No newline at end of file diff --git a/scripts/guideline_recategorization/test-data/unsupported-sarif-schema-2.0.0.json b/scripts/guideline_recategorization/test-data/unsupported-sarif-schema-2.0.0.json new file mode 100644 index 0000000000..10ba2ba3c9 --- /dev/null +++ b/scripts/guideline_recategorization/test-data/unsupported-sarif-schema-2.0.0.json @@ -0,0 +1,1769 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "Static Analysis Results Format (SARIF) Version 2.0.0 JSON Schema", + "description": "Static Analysis Results Format (SARIF) Version 2.0.0 JSON Schema: a standard format for the output of static analysis tools.", + "additionalProperties": false, + "type": "object", + "properties": { + "$schema": { + "description": "The URI of the JSON schema corresponding to the version.", + "type": "string", + "format": "uri" + }, + "version": { + "description": "The SARIF format version of this log file.", + "enum": [ + "2.0.0" + ] + }, + "runs": { + "description": "The set of runs contained in this log file.", + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/run" + } + } + }, + "required": [ + "version", + "runs" + ], + "definitions": { + "attachment": { + "description": "A file relevant to a tool invocation or to a result.", + "type": "object", + "additionalProperties": false, + "properties": { + "description": { + "description": "A message describing the role played by the attachment.", + "$ref": "#/definitions/message" + }, + "fileLocation": { + "description": "The location of the attachment.", + "$ref": "#/definitions/fileLocation" + }, + "regions": { + "description": "An array of regions of interest within the attachment.", + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/region" + } + }, + "rectangles": { + "description": "An array of rectangles specifying areas of interest within the image.", + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/rectangle" + } + } + }, + "required": [ + "fileLocation" + ] + }, + "codeFlow": { + "description": "A set of threadFlows which together describe a pattern of code execution relevant to detecting a result.", + "additionalProperties": false, + "type": "object", + "properties": { + "message": { + "description": "A message relevant to the code flow.", + "$ref": "#/definitions/message" + }, + "threadFlows": { + "description": "An array of one or more unique threadFlow objects, each of which describes the progress of a program through a thread of execution.", + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/threadFlow" + } + }, + "properties": { + "description": "Key/value pairs that provide additional information about the code flow.", + "type": "object", + "additionalProperties": true, + "properties": { + "tags": { + "description": "A set of distinct strings that provide additional information.", + "type": "array", + "uniqueItems": true, + "default": [], + "items": { + "type": "string" + } + } + } + } + }, + "required": [ + "threadFlows" + ] + }, + "threadFlowLocation": { + "description": "A location visited by an analysis tool in the course of simulating or monitoring the execution of a program.", + "additionalProperties": false, + "type": "object", + "properties": { + "step": { + "description": "The 0-based sequence number of the location in the code flow within which it occurs.", + "type": "integer", + "minimum": 0 + }, + "location": { + "description": "The code location.", + "$ref": "#/definitions/location" + }, + "stack": { + "description": "The call stack leading to this location.", + "$ref": "#/definitions/stack" + }, + "kind": { + "description": "A string describing the type of this location.", + "type": "string" + }, + "module": { + "description": "The name of the module that contains the code that is executing.", + "type": "string" + }, + "state": { + "description": "A dictionary, each of whose keys specifies a variable or expression, the associated value of which represents the variable or expression value. For an annotation of kind 'continuation', for example, this dictionary might hold the current assumed values of a set of global variables.", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "nestingLevel": { + "description": "An integer representing a containment hierarchy within the thread flow", + "type": "integer" + }, + "executionOrder": { + "description": "An integer representing the temporal order in which execution reached this location.", + "type": "integer" + }, + "timestamp": { + "description": "The time at which this location was executed.", + "type": "string", + "format": "date-time" + }, + "importance": { + "description": "Specifies the importance of this location in understanding the code flow in which it occurs. The order from most to least important is \"essential\", \"important\", \"unimportant\". Default: \"important\".", + "enum": [ + "important", + "essential", + "unimportant" + ] + }, + "properties": { + "description": "Key/value pairs that provide additional information about the code location.", + "type": "object", + "additionalProperties": true, + "properties": { + "tags": { + "description": "A set of distinct strings that provide additional information.", + "type": "array", + "uniqueItems": true, + "default": [], + "items": { + "type": "string" + } + } + } + } + } + }, + "conversion": { + "description": "Describes how a converter transformed the output of a static analysis tool from the analysis tool's native output format into the SARIF format.", + "additionalProperties": false, + "type": "object", + "properties": { + "tool": { + "description": "A tool object that describes the converter.", + "$ref": "#/definitions/tool" + }, + "invocation": { + "description": "An invocation object that describes the invocation of the converter.", + "$ref": "#/definitions/invocation" + }, + "analysisToolLogFiles": { + "description": "The locations of the analysis tool's per-run log files.", + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/fileLocation" + } + } + }, + "required": [ + "tool" + ] + }, + "edge": { + "description": "Represents a directed edge in a graph.", + "type": "object", + "additionalProperties": false, + "properties": { + "id": { + "description": "A string that uniquely identifies the edge within its graph.", + "type": "string" + }, + "label": { + "description": "A short description of the edge.", + "$ref": "#/definitions/message" + }, + "sourceNodeId": { + "description": "Identifies the source node (the node at which the edge starts).", + "type": "string" + }, + "targetNodeId": { + "description": "Identifies the target node (the node at which the edge ends).", + "type": "string" + }, + "properties": { + "description": "Key/value pairs that provide additional information about the edge.", + "type": "object", + "additionalProperties": true, + "properties": { + "tags": { + "description": "A set of distinct strings that provide additional information.", + "type": "array", + "uniqueItems": true, + "default": [], + "items": { + "type": "string" + } + } + } + } + }, + "required": [ + "id", + "sourceNodeId", + "targetNodeId" + ] + }, + "edgeTraversal": { + "description": "Represents the traversal of a single edge in the course of a graph traversal.", + "type": "object", + "additionalProperties": false, + "properties": { + "edgeId": { + "description": "Identifies the edge being traversed.", + "type": "string" + }, + "message": { + "description": "A message to display to the user as the edge is traversed.", + "$ref": "#/definitions/message" + }, + "finalState": { + "description": "The values of relevant expressions after the edge has been traversed.", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "stepOverEdgeCount": { + "description": "The number of edge traversals necessary to return from a nested graph.", + "type": "integer" + }, + "properties": { + "description": "Key/value pairs that provide additional information about the edge traversal.", + "type": "object", + "additionalProperties": true, + "properties": { + "tags": { + "description": "A set of distinct strings that provide additional information.", + "type": "array", + "uniqueItems": true, + "default": [], + "items": { + "type": "string" + } + } + } + } + }, + "required": [ + "edgeId" + ] + }, + "exception": { + "type": "object", + "properties": { + "kind": { + "type": "string", + "description": "A string that identifies the kind of exception, for example, the fully qualified type name of an object that was thrown, or the symbolic name of a signal." + }, + "message": { + "type": "string", + "description": "A plain text message that describes the exception." + }, + "stack": { + "description": "The sequence of function calls leading to the exception.", + "$ref": "#/definitions/stack" + }, + "innerExceptions": { + "type": "array", + "description": "An array of exception objects each of which is considered a cause of this exception.", + "items": { + "$ref": "#/definitions/exception" + } + } + } + }, + "file": { + "description": "A single file. In some cases, this file might be nested within another file.", + "additionalProperties": false, + "type": "object", + "properties": { + "fileLocation": { + "description": "The location of the file.", + "$ref": "#/definitions/fileLocation" + }, + "parentKey": { + "description": "Identifies the key of the immediate parent of the file, if this file is nested.", + "type": "string" + }, + "offset": { + "description": "The offset in bytes of the file within its containing file.", + "type": "integer" + }, + "length": { + "description": "The length of the file in bytes.", + "type": "integer" + }, + "roles": { + "description": "The role or roles played by the file in the analysis.", + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "enum": [ + "analysisTarget", + "attachment", + "responseFile", + "resultFile", + "standardStream", + "traceFile", + "unmodifiedFile", + "modifiedFile", + "addedFile", + "deletedFile", + "renamedFile", + "uncontrolledFile" + ] + } + }, + "mimeType": { + "description": "The MIME type (RFC 2045) of the file.", + "type": "string", + "pattern": "[^/]+/.+" + }, + "contents": { + "description": "The contents of the file.", + "$ref": "#/definitions/fileContent" + }, + "encoding": { + "description": "Specifies the encoding for a file object that refers to a text file.", + "type": "string" + }, + "hashes": { + "description": "An array of hash objects, each of which specifies a hashed value for the file, along with the name of the hash function used to compute the hash.", + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/hash" + } + }, + "lastModifiedTime": { + "description": "The date and time at which the file was most recently modified. See \"Date/time properties\" in the SARIF spec for the required format.", + "type": "string", + "format": "date-time" + }, + "properties": { + "description": "Key/value pairs that provide additional information about the file.", + "type": "object", + "additionalProperties": true, + "properties": { + "tags": { + "description": "A set of distinct strings that provide additional information.", + "type": "array", + "uniqueItems": true, + "default": [], + "items": { + "type": "string" + } + } + } + } + } + }, + "fileChange": { + "description": "A change to a single file.", + "additionalProperties": false, + "type": "object", + "properties": { + "fileLocation": { + "description": "The location of the file to change.", + "$ref": "#/definitions/fileLocation" + }, + "replacements": { + "description": "An array of replacement objects, each of which represents the replacement of a single range of bytes in a single file specified by 'uri'.", + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/replacement" + } + } + }, + "required": [ + "fileLocation", + "replacements" + ] + }, + "fileContent": { + "description": "Represents content from an external file.", + "type": "object", + "additionalProperties": false, + "properties": { + "text": { + "description": "UTF-8-encoded content from a text file.", + "type": "string" + }, + "binary": { + "description": "MIME Base64-encoded content from a binary file, or from a text file in its original encoding.", + "type": "string" + } + } + }, + "fileLocation": { + "description": "Specifies the location of a file.", + "additionalProperties": false, + "type": "object", + "properties": { + "uri": { + "description": "A string containing a valid relative or absolute URI.", + "type": "string", + "format": "uri-reference" + }, + "uriBaseId": { + "description": "A string which indirectly specifies the absolute URI with respect to which a relative URI in the \"uri\" property is interpreted.", + "type": "string" + } + }, + "required": [ + "uri" + ] + }, + "fix": { + "description": "A proposed fix for the problem represented by a result object. A fix specifies a set of file to modify. For each file, it specifies a set of bytes to remove, and provides a set of new bytes to replace them.", + "additionalProperties": false, + "type": "object", + "properties": { + "description": { + "description": "A plain text message that describes the proposed fix, enabling viewers to present the proposed change to an end user.", + "$ref": "#/definitions/message" + }, + "fileChanges": { + "description": "One or more file changes that comprise a fix for a result.", + "type": "array", + "items": { + "$ref": "#/definitions/fileChange" + } + } + }, + "required": [ + "fileChanges" + ] + }, + "graph": { + "description": "A network of nodes and directed edges that describes some aspect of the structure of the code (for example, a call graph).", + "type": "object", + "additionalProperties": false, + "properties": { + "id": { + "description": "A string that uniquely identifies the graph within a run.graphs or result.graphs array.", + "type": "string" + }, + "description": { + "description": "A description of the graph.", + "$ref": "#/definitions/message" + }, + "nodes": { + "description": "An array of node objects representing the nodes of the graph.", + "type": "array", + "items": { + "$ref": "#/definitions/node" + } + }, + "edges": { + "description": "An array of edge objects representing the edges of the graph.", + "type": "array", + "items": { + "$ref": "#/definitions/edge" + } + }, + "properties": { + "description": "Key/value pairs that provide additional information about the graph.", + "type": "object", + "additionalProperties": true, + "properties": { + "tags": { + "description": "A set of distinct strings that provide additional information.", + "type": "array", + "uniqueItems": true, + "default": [], + "items": { + "type": "string" + } + } + } + } + }, + "required": [ + "id", + "nodes", + "edges" + ] + }, + "graphTraversal": { + "description": "Represents a path through a graph.", + "type": "object", + "additionalProperties": false, + "properties": { + "graphId": { + "description": "A string that uniquely identifies that graph being traversed.", + "type": "string" + }, + "description": { + "description": "A description of this graph traversal.", + "$ref": "#/definitions/message" + }, + "initialState": { + "description": "Values of relevant expressions at the start of the graph traversal.", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "edgeTraversals": { + "description": "The sequences of edges traversed by this graph traversal.", + "type": "array", + "items": { + "$ref": "#/definitions/edgeTraversal" + } + }, + "properties": { + "description": "Key/value pairs that provide additional information about the graph traversal.", + "type": "object", + "additionalProperties": true, + "properties": { + "tags": { + "description": "A set of distinct strings that provide additional information.", + "type": "array", + "uniqueItems": true, + "default": [], + "items": { + "type": "string" + } + } + } + } + }, + "required": [ + "graphId", + "edgeTraversals" + ] + }, + "hash": { + "description": "A hash value of some file or collection of files, together with the hash function used to compute the hash.", + "additionalProperties": false, + "type": "object", + "properties": { + "value": { + "description": "The hash value of some file or collection of files, computed by the hash function named in the 'algorithm' property.", + "type": "string" + }, + "algorithm": { + "description": "The name of the hash function used to compute the hash value specified in the 'value' property.", + "type": "string" + } + }, + "required": [ + "value", + "algorithm" + ] + }, + "invocation": { + "description": "The runtime environment of the analysis tool run.", + "additionalProperties": false, + "type": "object", + "properties": { + "commandLine": { + "description": "The command line used to invoke the tool.", + "type": "string" + }, + "arguments": { + "description": "An array of strings, containing in order the command line arguments passed to the tool from the operating system.", + "type": "array", + "items": { + "type": "string" + } + }, + "responseFiles": { + "description": "The locations of any response files specified on the tool's command line.", + "type": "array", + "items": { + "$ref": "#/definitions/fileLocation" + } + }, + "attachments": { + "description": "A set of files relevant to the invocation of the tool.", + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/attachment" + } + }, + "startTime": { + "description": "The date and time at which the run started. See \"Date/time properties\" in the SARIF spec for the required format.", + "type": "string", + "format": "date-time" + }, + "endTime": { + "description": "The date and time at which the run ended. See \"Date/time properties\" in the SARIF spec for the required format.", + "type": "string", + "format": "date-time" + }, + "exitCode": { + "description": "The process exit code.", + "type": "integer" + }, + "toolNotifications": { + "description": "A list of runtime conditions detected by the tool in the course of the analysis.", + "type": "array", + "items": { + "$ref": "#/definitions/notification" + } + }, + "configurationNotifications": { + "description": "A list of conditions detected by the tool that are relevant to the tool's configuration.", + "type": "array", + "items": { + "$ref": "#/definitions/notification" + } + }, + "exitCodeDescription": { + "description": "The reason for the process exit.", + "type": "string" + }, + "exitSignalName": { + "description": "The name of the signal that caused the process to exit.", + "type": "string" + }, + "exitSignalNumber": { + "description": "The numeric value of the signal that caused the process to exit.", + "type": "integer" + }, + "processStartFailureMessage": { + "description": "The reason given by the operating system that the process failed to start.", + "type": "string" + }, + "toolExecutionSuccessful": { + "description": "A value indicating whether the tool's execution completed successfully.", + "type": "boolean" + }, + "machine": { + "description": "The machine that hosted the analysis tool run.", + "type": "string" + }, + "account": { + "description": "The account that ran the analysis tool.", + "type": "string" + }, + "processId": { + "description": "The process id for the analysis tool run.", + "type": "integer" + }, + "executableLocation": { + "description": "An absolute URI specifying the location of the analysis tool's executable.", + "$ref": "#/definitions/fileLocation" + }, + "workingDirectory": { + "description": "The working directory for the analysis rool run.", + "type": "string" + }, + "environmentVariables": { + "description": "The environment variables associated with the analysis tool process, expressed as key/value pairs.", + "type": "object", + "additionalProperties": true, + "default": {} + }, + "stdin": { + "description": "A file containing the standard input stream to the process that was invoked.", + "$ref": "#/definitions/fileLocation" + }, + "stdout": { + "description": "A file containing the standard output stream from the process that was invoked.", + "$ref": "#/definitions/fileLocation" + }, + "stderr": { + "description": "A file containing the standard error stream from the process that was invoked.", + "$ref": "#/definitions/fileLocation" + }, + "stdoutStderr": { + "description": "A file containing the interleaved standard output and standard error stream from the process that was invoked.", + "$ref": "#/definitions/fileLocation" + }, + "properties": { + "description": "Key/value pairs that provide additional information about the invocation.", + "type": "object", + "additionalProperties": true, + "properties": { + "tags": { + "description": "A set of distinct strings that provide additional information.", + "type": "array", + "uniqueItems": true, + "default": [], + "items": { + "type": "string" + } + } + } + } + } + }, + "location": { + "description": "A location within a programming artifact.", + "additionalProperties": false, + "type": "object", + "properties": { + "physicalLocation": { + "description": "Identifies the file and region.", + "$ref": "#/definitions/physicalLocation" + }, + "fullyQualifiedLogicalName": { + "description": "The human-readable fully qualified name of the logical location. If run.logicalLocations is present, this value matches a property name within that object, from which further information about the logical location can be obtained.", + "type": "string" + }, + "message": { + "description": "A message relevant to the location.", + "$ref": "#/definitions/message" + }, + "annotations": { + "description": "A set of regions relevant to the location.", + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/region" + } + }, + "properties": { + "description": "Key/value pairs that provide additional information about the location.", + "type": "object", + "additionalProperties": true, + "properties": { + "tags": { + "description": "A set of distinct strings that provide additional information.", + "type": "array", + "uniqueItems": true, + "default": [], + "items": { + "type": "string" + } + } + } + } + } + }, + "logicalLocation": { + "description": "A logical location of a construct that produced a result.", + "additionalProperties": false, + "type": "object", + "properties": { + "name": { + "description": "Identifies the construct in which the result occurred. For example, this property might contain the name of a class or a method.", + "type": "string" + }, + "fullyQualifiedName": { + "description": "The human-readable fully qualified name of the logical location.", + "type": "string" + }, + "decoratedName": { + "description": "The machine-readable name for the logical location, such as a mangled function name provided by a C++ compiler that encodes calling convention, return type and other details along with the function name.", + "type": "string" + }, + "parentKey": { + "description": "Identifies the key of the immediate parent of the construct in which the result was detected. For example, this property might point to a logical location that represents the namespace that holds a type.", + "type": "string" + }, + "kind": { + "description": "The type of construct this logicalLocationComponent refers to. Should be one of 'function', 'member', 'module', 'namespace', 'package', 'parameter', 'resource', 'returnType', 'type', or 'variable', if any of those accurately describe the construct.", + "type": "string" + } + } + }, + "message": { + "description": "Encapsulates a message intended to be read by the end user.", + "type": "object", + "additionalProperties": false, + "properties": { + "text": { + "description": "A plain text message string.", + "type": "string" + }, + "messageId": { + "description": "The resource id for a plain text message string.", + "type": "string" + }, + "richText": { + "description": "A rich text message string.", + "type": "string" + }, + "richMessageId": { + "description": "The resource id for a rich text message string.", + "type": "string" + }, + "arguments": { + "description": "An array of strings to substitute into the message string.", + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "node": { + "description": "Represents a node in a graph.", + "type": "object", + "additionalProperties": false, + "properties": { + "id": { + "description": "A string that uniquely identifies the node within its graph.", + "type": "string" + }, + "label": { + "description": "A short description of the node.", + "$ref": "#/definitions/message" + }, + "location": { + "description": "A code location associated with the node.", + "$ref": "#/definitions/location" + }, + "children": { + "description": "Array of child nodes.", + "type": "array", + "uniqueItems": true, + "items": { + "$ref": "#/definitions/node" + } + }, + "properties": { + "description": "Key/value pairs that provide additional information about the node.", + "type": "object", + "additionalProperties": true, + "properties": { + "tags": { + "description": "A set of distinct strings that provide additional information.", + "type": "array", + "uniqueItems": true, + "default": [], + "items": { + "type": "string" + } + } + } + } + }, + "required": [ + "id" + ] + }, + "notification": { + "description": "Describes a condition relevant to the tool itself, as opposed to being relevant to a target being analyzed by the tool.", + "type": "object", + "additionalProperties": false, + "properties": { + "id": { + "description": "An identifier for the condition that was encountered.", + "type": "string" + }, + "ruleId": { + "description": "The stable, unique identifier of the rule (if any) to which this notification is relevant. This member can be used to retrieve rule metadata from the rules dictionary, if it exists.", + "type": "string" + }, + "physicalLocation": { + "description": "The file and region relevant to this notification.", + "$ref": "#/definitions/physicalLocation" + }, + "message": { + "description": "A message that describes the condition that was encountered.", + "$ref": "#/definitions/message" + }, + "level": { + "description": "A value specifying the severity level of the notification.", + "default": "warning", + "enum": [ + "note", + "warning", + "error" + ] + }, + "threadId": { + "description": "The thread identifier of the code that generated the notification.", + "type": "integer" + }, + "time": { + "description": "The date and time at which the analysis tool generated the notification.", + "type": "string", + "format": "date-time" + }, + "exception": { + "description": "The runtime exception, if any, relevant to this notification.", + "$ref": "#/definitions/exception" + }, + "properties": { + "description": "Key/value pairs that provide additional information about the notification.", + "type": "object", + "additionalProperties": true, + "properties": { + "tags": { + "description": "A set of distinct strings that provide additional information.", + "type": "array", + "uniqueItems": true, + "default": [], + "items": { + "type": "string" + } + } + } + } + }, + "required": [ + "message" + ] + }, + "physicalLocation": { + "description": "A physical location relevant to a result. Specifies a reference to a programming artifact together with a range of bytes or characters within that artifact.", + "additionalProperties": false, + "type": "object", + "properties": { + "id": { + "description": "Value that distinguishes this physical location from all other physical locations in this run object.", + "type": "integer" + }, + "fileLocation": { + "description": "The location of the file.", + "$ref": "#/definitions/fileLocation" + }, + "region": { + "description": "Specifies a portion of the file.", + "$ref": "#/definitions/region" + }, + "contextRegion": { + "description": "Specifies a portion of the file that encloses the region. Allows a viewer to display additional context around the region.", + "$ref": "#/definitions/region" + } + }, + "required": [ + "fileLocation" + ] + }, + "rectangle": { + "description": "An area within an image.", + "additionalProperties": false, + "type": "object", + "properties": { + "top": { + "description": "The Y coordinate of the top edge of the rectangle, measured in the image's natural units.", + "type": "number" + }, + "left": { + "description": "The X coordinate of the left edge of the rectangle, measured in the image's natural units.", + "type": "number" + }, + "bottom": { + "description": "The Y coordinate of the bottom edge of the rectangle, measured in the image's natural units.", + "type": "number" + }, + "right": { + "description": "The X coordinate of the right edge of the rectangle, measured in the image's natural units.", + "type": "number" + }, + "message": { + "description": "A message relevant to the rectangle.", + "$ref": "#/definitions/message" + } + } + }, + "region": { + "description": "A region within a file where a result was detected.", + "additionalProperties": false, + "type": "object", + "properties": { + "startLine": { + "description": "The line number of the first character in the region.", + "type": "integer", + "minimum": 1 + }, + "startColumn": { + "description": "The column number of the first character in the region.", + "type": "integer", + "minimum": 1 + }, + "endLine": { + "description": "The line number of the last character in the region.", + "type": "integer", + "minimum": 1 + }, + "endColumn": { + "description": "The column number of the character following the end of the region.", + "type": "integer", + "minimum": 1 + }, + "charOffset": { + "description": "The zero-based offset from the beginning of the file of the first character in the region.", + "type": "integer", + "minimum": 0 + }, + "charLength": { + "description": "The length of the region in characters.", + "type": "integer", + "minimum": 0 + }, + "byteOffset": { + "description": "The zero-based offset from the beginning of the file of the first byte in the region.", + "type": "integer", + "minimum": 0 + }, + "byteLength": { + "description": "The length of the region in bytes.", + "type": "integer", + "minimum": 0 + }, + "snippet": { + "description": "The portion of the file contents within the specified region.", + "$ref": "#/definitions/fileContent" + }, + "message": { + "description": "A message relevant to the region.", + "$ref": "#/definitions/message" + } + } + }, + "replacement": { + "description": "The replacement of a single region of a file.", + "additionalProperties": false, + "type": "object", + "properties": { + "deletedRegion": { + "description": "The region of the file to delete.", + "$ref": "#/definitions/region" + }, + "insertedContent": { + "description": "The content to insert at the location specified by the 'deletedRegion' property.", + "$ref": "#/definitions/fileContent" + } + }, + "required": [ + "deletedRegion" + ] + }, + "resources": { + "description": "Container for items that require localization.", + "type": "object", + "properties": { + "messageStrings": { + "description": "A dictionary, each of whose keys is a resource identifier and each of whose values is a localized string.", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "rules": { + "description": "A dictionary, each of whose keys is a string and each of whose values is a 'rule' object, that describe all rules associated with an analysis tool or a specific run of an analysis tool.", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/rule" + } + } + } + }, + "result": { + "description": "A result produced by an analysis tool.", + "additionalProperties": false, + "type": "object", + "properties": { + "ruleId": { + "description": "The stable, unique identifier of the rule (if any) to which this notification is relevant. This member can be used to retrieve rule metadata from the rules dictionary, if it exists.", + "type": "string" + }, + "level": { + "description": "A value specifying the severity level of the result.", + "enum": [ + "notApplicable", + "pass", + "note", + "warning", + "error", + "open" + ] + }, + "message": { + "description": "A message that describes the result. The first sentence of the message only will be displayed when visible space is limited.", + "$ref": "#/definitions/message" + }, + "ruleMessageId": { + "description": "A string that identifies the message within the metadata for the rule used in this result.", + "type": "string" + }, + "locations": { + "description": "One or more locations where the result occurred. Specify only one location unless the problem indicated by the result can only be corrected by making a change at every specified location.", + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/location" + } + }, + "analysisTarget": { + "description": "Identifies the file that the analysis tool was instructed to scan. This need not be the same as the file where the result actually occurred.", + "$ref": "#/definitions/fileLocation" + }, + "instanceGuid": { + "description": "A stable, unique identifer for the result in the form of a GUID.", + "type": "string" + }, + "partialFingerprints": { + "description": "A set of strings that contribute to the stable, unique identity of the result.", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "fingerprints": { + "description": "A set of strings each of which individually defines a stable, unique identity for the result.", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "stacks": { + "description": "An array of 'stack' objects relevant to the result.", + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/stack" + } + }, + "codeFlows": { + "description": "An array of 'codeFlow' objects relevant to the result.", + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/codeFlow" + } + }, + "graphs": { + "description": "An array of one or more unique 'graph' objects.", + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/graph" + } + }, + "graphTraversals": { + "description": "An array of one or more unique 'graphTraversal' objects.", + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/graphTraversal" + } + }, + "relatedLocations": { + "description": "A set of locations relevant to this result.", + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/location" + } + }, + "suppressionStates": { + "description": "A set of flags indicating one or more suppression conditions.", + "type": "array", + "items": { + "enum": [ + "suppressedInSource", + "suppressedExternally" + ] + } + }, + "baselineState": { + "description": "The state of a result relative to a baseline of a previous run.", + "enum": [ + "new", + "existing", + "absent" + ] + }, + "attachments": { + "description": "A set of files relevant to the result.", + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/attachment" + } + }, + "workItemUris": { + "description": "The URIs of the work items associated with this result", + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "type": "string", + "format": "uri" + } + }, + "conversionProvenance": { + "description": "An array of physicalLocation objects which specify the portions of an analysis tool's output that a converter transformed into the result object.", + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/physicalLocation" + } + }, + "fixes": { + "description": "An array of 'fix' objects, each of which represents a proposed fix to the problem indicated by the result.", + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/fix" + } + }, + "properties": { + "description": "Key/value pairs that provide additional information about the result.", + "type": "object", + "additionalProperties": true, + "properties": { + "tags": { + "description": "A set of distinct strings that provide additional information.", + "type": "array", + "uniqueItems": true, + "default": [], + "items": { + "type": "string" + } + } + } + } + } + }, + "rule": { + "description": "Describes an analysis rule.", + "additionalProperties": false, + "type": "object", + "properties": { + "id": { + "description": "A stable, opaque identifier for the rule.", + "type": "string" + }, + "name": { + "description": "A rule identifier that is understandable to an end user.", + "$ref": "#/definitions/message" + }, + "shortDescription": { + "description": "A concise description of the rule. Should be a single sentence that is understandable when visible space is limited to a single line of text.", + "$ref": "#/definitions/message" + }, + "fullDescription": { + "description": "A description of the rule. Should, as far as possible, provide details sufficient to enable resolution of any problem indicated by the result.", + "$ref": "#/definitions/message" + }, + "messageStrings": { + "description": "A set of name/value pairs with arbitrary names. The value within each name/value pair consists of plain text interspersed with placeholders, which can be used to construct a message in combination with an arbitrary number of additional string arguments.", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "richMessageStrings": { + "description": "A set of name/value pairs with arbitrary names. The value within each name/value pair consists of rich text interspersed with placeholders, which can be used to construct a message in combination with an arbitrary number of additional string arguments.", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "configuration": { + "description": "Information about the rule that can be configured at runtime.", + "$ref": "#/definitions/ruleConfiguration" + }, + "helpUri": { + "description": "A URI where the primary documentation for the rule can be found.", + "type": "string", + "format": "uri" + }, + "help": { + "description": "Provides the primary documentation for the rule, useful when there is no online documentation.", + "$ref": "#/definitions/message" + }, + "properties": { + "description": "Key/value pairs that provide additional information about the rule.", + "type": "object", + "additionalProperties": true, + "properties": { + "tags": { + "description": "A set of distinct strings that provide additional information.", + "type": "array", + "uniqueItems": true, + "default": [], + "items": { + "type": "string" + } + } + } + } + }, + "required": [ + "id" + ] + }, + "ruleConfiguration": { + "description": "Information about a rule that can be configured at runtime.", + "type": "object", + "additionalProperties": false, + "properties": { + "enabled": { + "description": "Specifies whether the rule will be evaluated during the scan.", + "type": "boolean" + }, + "defaultLevel": { + "description": "Specifies the default severity level of the result.", + "enum": [ + "note", + "warning", + "error", + "open" + ] + }, + "parameters": { + "description": "Contains configuration information specific to this rule.", + "type": "object", + "additionalProperties": true, + "properties": { + "tags": { + "description": "A set of distinct strings that provide additional configuration information.", + "type": "array", + "uniqueItems": true, + "default": [], + "items": { + "type": "string" + } + } + } + } + } + }, + "run": { + "description": "Describes a single run of an analysis tool, and contains the output of that run.", + "additionalProperties": false, + "type": "object", + "properties": { + "tool": { + "description": "Information about the tool or tool pipeline that generated the results in this run. A run can only contain results produced by a single tool or tool pipeline. A run can aggregate results from multiple log files, as long as context around the tool run (tool command-line arguments and the like) is identical for all aggregated files.", + "$ref": "#/definitions/tool" + }, + "invocations": { + "description": "Describes the invocation of the analysis tool.", + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/invocation" + } + }, + "conversion": { + "description": "A conversion object that describes how a converter transformed an analysis tool's native output format into the SARIF format.", + "$ref": "#/definitions/conversion" + }, + "versionControlProvenance": { + "description": "Specifies the revision in version control of the files that were scanned.", + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/versionControlDetails" + } + }, + "originalUriBaseIds": { + "description": "The absolute URI specified by each uriBaseId symbol on the machine where the tool originally ran.", + "type": "object", + "additionalProperties": { + "type": "string", + "format": "uri" + } + }, + "files": { + "description": "A dictionary each of whose keys is a URI and each of whose values is a file object.", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/file" + } + }, + "logicalLocations": { + "description": "A dictionary each of whose keys specifies a logical location such as a namespace, type or function.", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/logicalLocation" + } + }, + "graphs": { + "description": "An array of one or more unique 'graph' objects.", + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "$ref": "#/definitions/graph" + } + }, + "results": { + "description": "The set of results contained in an SARIF log. The results array can be omitted when a run is solely exporting rules metadata. It must be present (but may be empty) in the event that a log file represents an actual scan.", + "type": "array", + "minItems": 0, + "items": { + "$ref": "#/definitions/result" + } + }, + "resources": { + "description": "Items that can be localized, such as message strings and rule metadata.", + "$ref": "#/definitions/resources" + }, + "instanceGuid": { + "description": "A stable, unique identifier for the run, in the form of a GUID.", + "type": "string" + }, + "correlationGuid": { + "description": "A stable, unique identifier for the equivalence class of logically identical results to which this result belongs, in the form of a GUID.", + "type": "string" + }, + "logicalId": { + "description": "A logical identifier for a run, for example, 'nightly Clang analyzer run'. Multiple runs of the same type can have the same stableId.", + "type": "string" + }, + "description": { + "description": "A description of the run.", + "$ref": "#/definitions/message" + }, + "automationLogicalId": { + "description": "A global identifier that allows the run to be correlated with other artifacts produced by a larger automation process.", + "type": "string" + }, + "baselineInstanceGuid": { + "description": "The 'instanceGuid' property of a previous SARIF 'run' that comprises the baseline that was used to compute result 'baselineState' properties for the run.", + "type": "string" + }, + "architecture": { + "description": "The hardware architecture for which the run was targeted.", + "type": "string" + }, + "richMessageMimeType": { + "description": "The MIME type of all rich text message properties in the run. Default: \"text/markdown;variant=GFM\"", + "type": "string", + "default": "text/markdown;variant=GFM" + }, + "redactionToken": { + "description": "The string used to replace sensitive information in a redaction-aware property.", + "type": "string" + }, + "defaultFileEncoding": { + "description": "Specifies the default encoding for any file object that refers to a text file.", + "type": "string" + }, + "columnKind": { + "description": "Specifies the unit in which the tool measures columns.", + "enum": [ + "utf16CodeUnits", + "unicodeCodePoints" + ] + }, + "properties": { + "description": "Key/value pairs that provide additional information about the run.", + "type": "object", + "additionalProperties": true, + "properties": { + "tags": { + "description": "A set of distinct strings that provide additional information about the run.", + "type": "array", + "uniqueItems": true, + "default": [], + "items": { + "type": "string" + } + } + } + } + }, + "required": [ + "tool", + "results" + ] + }, + "stack": { + "description": "A call stack that is relevant to a result.", + "additionalProperties": false, + "type": "object", + "properties": { + "message": { + "description": "A message relevant to this call stack.", + "$ref": "#/definitions/message" + }, + "frames": { + "description": "An array of stack frames that represent a sequence of calls, rendered in reverse chronological order, that comprise the call stack.", + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/stackFrame" + } + }, + "properties": { + "description": "Key/value pairs that provide additional information about the stack.", + "type": "object", + "additionalProperties": true, + "properties": { + "tags": { + "description": "A set of distinct strings that provide additional information.", + "type": "array", + "uniqueItems": true, + "default": [], + "items": { + "type": "string" + } + } + } + } + }, + "required": [ + "frames" + ] + }, + "stackFrame": { + "description": "A function call within a stack trace.", + "additionalProperties": false, + "type": "object", + "properties": { + "location": { + "description": "The location to which this stack frame refers.", + "$ref": "#/definitions/location" + }, + "module": { + "description": "The name of the module that contains the code of this stack frame.", + "type": "string" + }, + "threadId": { + "description": "The thread identifier of the stack frame.", + "type": "integer" + }, + "address": { + "description": "The address of the method or function that is executing.", + "type": "integer" + }, + "offset": { + "description": "The offset from the method or function that is executing.", + "type": "integer" + }, + "parameters": { + "description": "The parameters of the call that is executing.", + "type": "array", + "items": { + "type": "string", + "default": [] + } + }, + "properties": { + "description": "Key/value pairs that provide additional information about the stack frame.", + "type": "object", + "additionalProperties": true, + "properties": { + "tags": { + "description": "A set of distinct strings that provide additional information.", + "type": "array", + "uniqueItems": true, + "default": [], + "items": { + "type": "string" + } + } + } + } + }, + "required": [ + "fullyQualifiedLogicalName" + ] + }, + "threadFlow": { + "type": "object", + "properties": { + "id": { + "description": "An string that uniquely identifies the threadFlow within the codeFlow in which it occurs.", + "type": "string" + }, + "message": { + "description": "A message relevant to the thread flow.", + "$ref": "#/definitions/message" + }, + "locations": { + "description": "A temporally ordered array of 'threadFlowLocation' objects, each of which describes a location visited by the tool in the course of producing the result.", + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/definitions/threadFlowLocation" + } + }, + "properties": { + "description": "Key/value pairs that provide additional information about the thread flow.", + "type": "object", + "additionalProperties": true, + "properties": { + "tags": { + "description": "A set of distinct strings that provide additional information.", + "type": "array", + "uniqueItems": true, + "default": [], + "items": { + "type": "string" + } + } + } + } + }, + "required": [ + "locations" + ] + }, + "tool": { + "description": "The analysis tool that was run.", + "additionalProperties": false, + "type": "object", + "properties": { + "name": { + "description": "The name of the tool.", + "type": "string" + }, + "fullName": { + "description": "The name of the tool along with its version and any other useful identifying information, such as its locale.", + "type": "string" + }, + "version": { + "description": "The tool version, in whatever format the tool natively provides.", + "type": "string" + }, + "semanticVersion": { + "description": "The tool version in the format specified by Semantic Versioning 2.0.", + "type": "string" + }, + "fileVersion": { + "description": "The binary version of the tool's primary executable file (for operating systems such as Windows that provide that information).", + "type": "string", + "pattern": "[0-9]+(\\.[0-9]+){3}" + }, + "downloadUri": { + "description": "The absolute URI from which the tool can be downloaded.", + "type": "string", + "format": "uri" + }, + "sarifLoggerVersion": { + "description": "A version that uniquely identifies the SARIF logging component that generated this file, if it is versioned separately from the tool.", + "type": "string" + }, + "language": { + "description": "The tool language (expressed as an ISO 649 two-letter lowercase culture code) and region (expressed as an ISO 3166 two-letter uppercase subculture code associated with a country or region).", + "type": "string", + "default": "en-US" + }, + "properties": { + "description": "Key/value pairs that provide additional information about the tool.", + "type": "object", + "additionalProperties": true, + "properties": { + "tags": { + "description": "A set of distinct strings that provide additional information.", + "type": "array", + "uniqueItems": true, + "default": [], + "items": { + "type": "string" + } + } + } + } + }, + "required": [ + "name" + ] + }, + "versionControlDetails": { + "descriptipn": "Specifies the information necessary to retrieve a desired revision from a version control system.", + "type": "object", + "additionalProperties": false, + "properties": { + "uri": { + "description": "The absolute URI of the repository.", + "type": "string", + "format": "uri" + }, + "revisionId": { + "description": "A string that uniquely and permanently identifies the revision within the repository.", + "type": "string" + }, + "branch": { + "description": "The name of a branch containing the revision.", + "type": "string" + }, + "tag": { + "description": "A tag that has been applied to the revision.", + "type": "string" + }, + "timestamp": { + "description": "The date and time at which the revision was created.", + "type": "string", + "format": "date-time" + }, + "properties": { + "description": "Key/value pairs that provide additional information about the revision.", + "type": "object", + "additionalProperties": true, + "properties": { + "tags": { + "description": "A set of distinct strings that provide additional information.", + "type": "array", + "uniqueItems": true, + "default": [], + "items": { + "type": "string" + } + } + } + } + }, + "required": [ + "uri" + ] + } + } +} \ No newline at end of file diff --git a/scripts/guideline_recategorization/test-data/valid-coding-standards-config.yml b/scripts/guideline_recategorization/test-data/valid-coding-standards-config.yml new file mode 100644 index 0000000000..6576920696 --- /dev/null +++ b/scripts/guideline_recategorization/test-data/valid-coding-standards-config.yml @@ -0,0 +1,7 @@ +guideline-recategorizations: + - rule-id: "A0-1-1" + category: "mandatory" + - rule-id: "A0-1-6" + category: "disapplied" + - rule-id: "A11-0-1" + category: "mandatory" diff --git a/scripts/guideline_recategorization/test-data/valid-sarif-recategorized.expected b/scripts/guideline_recategorization/test-data/valid-sarif-recategorized.expected new file mode 100644 index 0000000000..6de1af0fbf --- /dev/null +++ b/scripts/guideline_recategorization/test-data/valid-sarif-recategorized.expected @@ -0,0 +1 @@ +{"runs": [{"automationDetails": {"id": ".github/workflows/codeql-analysis.yml:analyze/language:python/"}, "conversion": {"tool": {"driver": {"name": "GitHub Code Scanning"}}}, "tool": {"driver": {"name": "CodeQL", "semanticVersion": "2.10.1", "rules": [{"id": "cpp/autosar/useless-assignment", "name": "cpp/autosar/useless-assignment", "shortDescription": {"text": "A0-1-1: Non-volatile variable assigned a value which is never used"}, "fullDescription": {"text": "A project shall not contain instances of non-volatile variables being given values that are not subsequently used."}, "defaultConfiguration": {"enabled": true, "level": "warning"}, "properties": {"tags": ["external/autosar/id/a0-1-1", "readability", "maintainability", "external/autosar/allocated-target/implementation", "external/autosar/enforcement/automated", "external/autosar/original-obligation/required", "external/autosar/obligation/mandatory"], "description": "A project shall not contain instances of non-volatile variables being given values\n that are not subsequently used.", "id": "cpp/autosar/useless-assignment", "kind": "problem", "name": "A0-1-1: Non-volatile variable assigned a value which is never used", "precision": "very-high", "problem.severity": "warning"}}, {"id": "cpp/autosar/unused-type-declarations", "name": "cpp/autosar/unused-type-declarations", "shortDescription": {"text": "A0-1-6: There should be no unused type declarations"}, "fullDescription": {"text": "Unused type declarations are either redundant or indicate a possible mistake on the part of the programmer."}, "defaultConfiguration": {"enabled": true, "level": "warning"}, "properties": {"tags": ["external/autosar/id/a0-1-6", "readability", "maintainability", "external/autosar/allocated-target/implementation", "external/autosar/enforcement/automated", "external/autosar/original-obligation/advisory", "external/autosar/obligation/disapplied"], "description": "Unused type declarations are either redundant or indicate a possible mistake on the\n part of the programmer.", "id": "cpp/autosar/unused-type-declarations", "kind": "problem", "name": "A0-1-6: There should be no unused type declarations", "precision": "very-high", "problem.severity": "warning"}}, {"id": "cpp/autosar/non-pod-type-should-be-defined-as-class", "name": "cpp/autosar/non-pod-type-should-be-defined-as-class", "shortDescription": {"text": "A11-0-1: A non-POD type should be defined as class"}, "fullDescription": {"text": "The class specifier forces the type to provide private access control for all its members by default. This is consistent with developer expectations, because it is expected that a class has its invariant, interface and could provide custom-defined constructors."}, "defaultConfiguration": {"enabled": true, "level": "note"}, "properties": {"tags": ["external/autosar/id/a11-0-1", "maintainability", "external/autosar/allocated-target/implementation", "external/autosar/enforcement/automated", "external/autosar/original-obligation/advisory", "external/autosar/obligation/mandatory"], "description": "The class specifier forces the type to provide private access control for all its\n members by default. This is consistent with developer expectations, because it is\n expected that a class has its invariant, interface and could provide custom-defined\n constructors.", "id": "cpp/autosar/non-pod-type-should-be-defined-as-class", "kind": "problem", "name": "A11-0-1: A non-POD type should be defined as class", "precision": "very-high", "problem.severity": "recommendation"}}]}}}], "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", "version": "2.1.0"} \ No newline at end of file diff --git a/scripts/guideline_recategorization/test-data/valid-sarif.json b/scripts/guideline_recategorization/test-data/valid-sarif.json new file mode 100644 index 0000000000..d9df2d2c19 --- /dev/null +++ b/scripts/guideline_recategorization/test-data/valid-sarif.json @@ -0,0 +1,115 @@ +{ + "runs": [ + { + "automationDetails": { + "id": ".github/workflows/codeql-analysis.yml:analyze/language:python/" + }, + "conversion": { + "tool": { + "driver": { + "name": "GitHub Code Scanning" + } + } + }, + "tool": { + "driver": { + "name": "CodeQL", + "semanticVersion": "2.10.1", + "rules": [ + { + "id": "cpp/autosar/useless-assignment", + "name": "cpp/autosar/useless-assignment", + "shortDescription": { + "text": "A0-1-1: Non-volatile variable assigned a value which is never used" + }, + "fullDescription": { + "text": "A project shall not contain instances of non-volatile variables being given values that are not subsequently used." + }, + "defaultConfiguration": { + "enabled": true, + "level": "warning" + }, + "properties": { + "tags": [ + "external/autosar/id/a0-1-1", + "readability", + "maintainability", + "external/autosar/allocated-target/implementation", + "external/autosar/enforcement/automated", + "external/autosar/obligation/required" + ], + "description": "A project shall not contain instances of non-volatile variables being given values\n that are not subsequently used.", + "id": "cpp/autosar/useless-assignment", + "kind": "problem", + "name": "A0-1-1: Non-volatile variable assigned a value which is never used", + "precision": "very-high", + "problem.severity": "warning" + } + }, + { + "id": "cpp/autosar/unused-type-declarations", + "name": "cpp/autosar/unused-type-declarations", + "shortDescription": { + "text": "A0-1-6: There should be no unused type declarations" + }, + "fullDescription": { + "text": "Unused type declarations are either redundant or indicate a possible mistake on the part of the programmer." + }, + "defaultConfiguration": { + "enabled": true, + "level": "warning" + }, + "properties": { + "tags": [ + "external/autosar/id/a0-1-6", + "readability", + "maintainability", + "external/autosar/allocated-target/implementation", + "external/autosar/enforcement/automated", + "external/autosar/obligation/advisory" + ], + "description": "Unused type declarations are either redundant or indicate a possible mistake on the\n part of the programmer.", + "id": "cpp/autosar/unused-type-declarations", + "kind": "problem", + "name": "A0-1-6: There should be no unused type declarations", + "precision": "very-high", + "problem.severity": "warning" + } + }, + { + "id": "cpp/autosar/non-pod-type-should-be-defined-as-class", + "name": "cpp/autosar/non-pod-type-should-be-defined-as-class", + "shortDescription": { + "text": "A11-0-1: A non-POD type should be defined as class" + }, + "fullDescription": { + "text": "The class specifier forces the type to provide private access control for all its members by default. This is consistent with developer expectations, because it is expected that a class has its invariant, interface and could provide custom-defined constructors." + }, + "defaultConfiguration": { + "enabled": true, + "level": "note" + }, + "properties": { + "tags": [ + "external/autosar/id/a11-0-1", + "maintainability", + "external/autosar/allocated-target/implementation", + "external/autosar/enforcement/automated", + "external/autosar/obligation/advisory" + ], + "description": "The class specifier forces the type to provide private access control for all its\n members by default. This is consistent with developer expectations, because it is\n expected that a class has its invariant, interface and could provide custom-defined\n constructors.", + "id": "cpp/autosar/non-pod-type-should-be-defined-as-class", + "kind": "problem", + "name": "A11-0-1: A non-POD type should be defined as class", + "precision": "very-high", + "problem.severity": "recommendation" + } + } + ] + } + } + } + ], + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", + "version": "2.1.0" +} \ No newline at end of file From 4c5407bdd8584ddf7d644f41d904834112dd30a0 Mon Sep 17 00:00:00 2001 From: Remco Vermeulen Date: Wed, 2 Nov 2022 16:47:55 -0700 Subject: [PATCH 19/43] Add workflow to run recategorize tests --- .github/workflows/tooling-unit-tests.yml | 33 ++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 .github/workflows/tooling-unit-tests.yml diff --git a/.github/workflows/tooling-unit-tests.yml b/.github/workflows/tooling-unit-tests.yml new file mode 100644 index 0000000000..89ccde5965 --- /dev/null +++ b/.github/workflows/tooling-unit-tests.yml @@ -0,0 +1,33 @@ +name: Tooling unit tests + +on: + push: + branches: + - main + - "rc/**" + - next + pull_request: + branches: + - main + - "rc/**" + - next + +jobs: + recategorization-tests: + name: Run Guideline Recategorization tests + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + + - name: Install Python + uses: actions/setup-python@v4 + with: + python-version: "3.9" + + - name: Install Python dependencies + run: pip install -r scripts/guideline_recategorization/requirements.txt + + - name: Run PyTest + run: | + pytest scripts/guideline_recategorization/recategorize_test.py From 8e91bccc7660e6e6e55f2d2496eb39d9eb389b2b Mon Sep 17 00:00:00 2001 From: Remco Vermeulen Date: Thu, 3 Nov 2022 18:03:39 -0700 Subject: [PATCH 20/43] Add missing deviation analysis report tables --- docs/user_manual.md | 30 +++++++++++++++++++++++------- 1 file changed, 23 insertions(+), 7 deletions(-) diff --git a/docs/user_manual.md b/docs/user_manual.md index fe31db6c0f..ecac845690 100644 --- a/docs/user_manual.md +++ b/docs/user_manual.md @@ -17,7 +17,8 @@ | 0.9.0 | 2022-02-17 | Remco Vermeulen | Finalize scope deviation records | | 0.10.0 | 2022-02-28 | Remco Vermeulen | Describe database correctness in the Hazard and Risk Analysis (HARA). | | 0.11.0 | 2022-02-28 | Remco Vermeulen | Updated version to 1.1.0 | -| 0.11.0 | 2022-10-21 | Luke Cartey | Updated version to 2.10.0 | +| 0.12.0 | 2022-10-21 | Luke Cartey | Updated version to 2.10.0 | +| 0.13.0 | 2022-11-03 | Remco Vermeulen | Add missing deviation analysis report tables to section 'Producing an analysis report'. | ## Release information @@ -44,12 +45,12 @@ A _coding standard_ is a set of rules or guidelines which restrict or prohibit t The _CodeQL Coding Standards_ product is a set of CodeQL queries for identifying contraventions of rules in the following coding standards: -| Standard | Version | Total rules | Total supportable rules | Status | -| ---------------------------------------------------------------------------------------------------------------------- | ------- | ----------- | ----------------------- | ----------- | -| [AUTOSAR C++](https://www.autosar.org/fileadmin/user_upload/standards/adaptive/20-11/AUTOSAR_RS_CPP14Guidelines.pdf) | 20-11 | 397 | 375 | Implemented | -| [CERT-C++](https://resources.sei.cmu.edu/downloads/secure-coding/assets/sei-cert-cpp-coding-standard-2016-v01.pdf) | 2016 | 83 | 83 | Implemented | -| [CERT C](https://resources.sei.cmu.edu/downloads/secure-coding/assets/sei-cert-c-coding-standard-2016-v01.pdf) | 2016 | 99 | 99 | Under development | -| [MISRA C](https://www.misra.org.uk/product/misra-c2012-third-edition-first-revision/) | 2012 | 172 | 169 | Under development | +| Standard | Version | Total rules | Total supportable rules | Status | +| -------------------------------------------------------------------------------------------------------------------- | ------- | ----------- | ----------------------- | ----------------- | +| [AUTOSAR C++](https://www.autosar.org/fileadmin/user_upload/standards/adaptive/20-11/AUTOSAR_RS_CPP14Guidelines.pdf) | 20-11 | 397 | 375 | Implemented | +| [CERT-C++](https://resources.sei.cmu.edu/downloads/secure-coding/assets/sei-cert-cpp-coding-standard-2016-v01.pdf) | 2016 | 83 | 83 | Implemented | +| [CERT C](https://resources.sei.cmu.edu/downloads/secure-coding/assets/sei-cert-c-coding-standard-2016-v01.pdf) | 2016 | 99 | 99 | Under development | +| [MISRA C](https://www.misra.org.uk/product/misra-c2012-third-edition-first-revision/) | 2012 | 172 | 169 | Under development | Not all rules in these standards are amenable to static analysis by CodeQL - some rules require external or domain specific knowledge to validate, or refer to properties which are not present in the our representation of the codebase under analysis. For each rule we therefore identify whether it is supportable or not. Furthermore, a rule can be supported in two ways: @@ -225,6 +226,21 @@ This will produce a directory (``) containing the following re - A textual justification of the deviation. - A textual description of background information. - A textual description of the requirements which must be satisfied to use the deviation. + - A table of invalid deviation records for which we list: + - The location of the invalid deviation record in the database. + - The reason why it is considered invalid. + - A table of deviation permits for which we list: + - An identifier that identifies the permit. + - An identifier for the coding standards rule the deviation applies to. + - The query identifier that implements the guideline. + - An inferred scope that shows the files or code-identifier the deviation is applied to. + - A textual description of the scope when the deviation can be applied. + - A textual justification of the deviation. + - A textual description of background information. + - A textual description of the requirements which must be satisfied to use the deviation. + - A table of invalid deviation permits for which we list: + - The location of the invalid permit in the database. + - The reason why it is considered invalid. #### Applying deviations From 993e1b2f09ae8d2ea4de9a1f29b6b9e84a58f33a Mon Sep 17 00:00:00 2001 From: Remco Vermeulen Date: Thu, 3 Nov 2022 18:04:10 -0700 Subject: [PATCH 21/43] Format fixes --- docs/user_manual.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/user_manual.md b/docs/user_manual.md index ecac845690..f19aeaf4fa 100644 --- a/docs/user_manual.md +++ b/docs/user_manual.md @@ -121,9 +121,11 @@ The environment used to generate these reports requires: - A Python interpreter version 3.9 - A CodeQL CLI version documented in the release artifact `supported_codeql_configs.json` + ## Operating manual This section describes how to operate the "CodeQL Coding Standards". + ### Command line #### Pre-requisite: downloading the CodeQL CLI From a759166b38cbf149204d69ec79341f3b37e1763f Mon Sep 17 00:00:00 2001 From: Remco Vermeulen Date: Thu, 3 Nov 2022 18:22:32 -0700 Subject: [PATCH 22/43] Add guideline recategorization plan description --- docs/user_manual.md | 63 ++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 57 insertions(+), 6 deletions(-) diff --git a/docs/user_manual.md b/docs/user_manual.md index f19aeaf4fa..b9c9666946 100644 --- a/docs/user_manual.md +++ b/docs/user_manual.md @@ -19,6 +19,7 @@ | 0.11.0 | 2022-02-28 | Remco Vermeulen | Updated version to 1.1.0 | | 0.12.0 | 2022-10-21 | Luke Cartey | Updated version to 2.10.0 | | 0.13.0 | 2022-11-03 | Remco Vermeulen | Add missing deviation analysis report tables to section 'Producing an analysis report'. | +| 0.14.0 | 2022-11-03 | Remco Vermeulen | Add guideline recategorization plan. | ## Release information @@ -54,10 +55,10 @@ The _CodeQL Coding Standards_ product is a set of CodeQL queries for identifying Not all rules in these standards are amenable to static analysis by CodeQL - some rules require external or domain specific knowledge to validate, or refer to properties which are not present in the our representation of the codebase under analysis. For each rule we therefore identify whether it is supportable or not. Furthermore, a rule can be supported in two ways: - + - **Automated** - the queries for the rule find contraventions directly. - **Audit only** - the queries for the rule does not find contraventions directly, but instead report a list of _candidates_ that can be used as input into a manual audit. For example, `A10-0-1` (_Public inheritance shall be used to implement 'is-a' relationship_) is not directly amenable to static analysis, but CodeQL can be used to produce a list of all the locations that use public inheritance so they can be manually reviewed. - + Each supported rule is implemented as one or more CodeQL queries, with each query covering an aspect of the rule. In many coding standards, the rules cover non-trivial semantic properties of the codebase under analysis. The datasheet _"CodeQL Coding Standards: supported rules"_, provided with each release, lists which rules are supported for that particular release, and the _scope of analysis_ for that rule. @@ -112,7 +113,7 @@ Use of the queries outside these scenarios is possible, but not validated for fu ### Analysis report requirements The Coding Standards ships with scripts to generate reports that summarizes: - + - The integrity and validity of the CodeQL database created for the project. - The findings reported by the default queries for the selected Coding Standards, grouped by categories as specified by MISRA Compliance 2020. - The CodeQL dependencies used for the analysis, and whether they comply with the stated requirements. @@ -133,7 +134,7 @@ This section describes how to operate the "CodeQL Coding Standards". You must download a compatible version of the CodeQL CLI and CodeQL Standard Library for C++. **Option 1:** Use the CodeQL CLI bundle, which includes both required components: - 1. Download the CodeQL CLI bundle from the [`github/codeql-action` releases page](https://github.com/github/codeql-action/releases). + 1. Download the CodeQL CLI bundle from the [`github/codeql-action` releases page](https://github.com/github/codeql-action/releases). 2. Expand the compressed archive to a specified location on your machine. 3. [Optional] Add the CodeQL CLI to your user or system path. @@ -154,7 +155,7 @@ In order to run the Coding Standards queries you must first build a CodeQL datab The database can be created using the CodeQL CLI like so: -```codeql +```bash codeql database create --language cpp --command ``` @@ -249,6 +250,7 @@ This will produce a directory (``) containing the following re The CodeQL Coding Standards supports the following features from the [MISRA Compliance 2020](https://www.misra.org.uk/app/uploads/2021/06/MISRA-Compliance-2020.pdf) document: - _Deviation records_ - an entry that states a particular instance, or set of instances, of a rule should be considered permitted. - _Deviation permit_ - an entry that provides authorization to apply a deviation to a project. + - _Guideline recategorization plan_ - an agreement on how the guidelines are applied. Whether a guideline may be violated, deviated from, or must always be applied. ##### Deviation records @@ -305,7 +307,7 @@ The activation of the deviation mechanism requires an extra step in the database This extra step is the invocation of the Python script `path/to/codeql-coding-standards/scripts/configuration/process_coding_standards_config.py` that is part of the coding standards code scanning pack. The script should be invoked as follows: -```codeql +```bash codeql database create --language cpp --command 'python3 path/to/codeql-coding-standards/scripts/configuration/process_coding_standards_config.py' --command ``` @@ -373,6 +375,55 @@ Unlike _deviation records_ their location in the source directory does not impac This means that _deviation permits_ can be made available at build time by any means available. An example of importing _deviation permits_ is through a [Git Submodule](https://git-scm.com/book/en/v2/Git-Tools-Submodules) that contains a repository of allowed _deviation permits_. + +##### Guideline recategorization plan + +The current implementation supports a _guideline recategorization plan_ as described in the [MISRA Compliance:2020](https://www.misra.org.uk/app/uploads/2021/06/MISRA-Compliance-2020.pdf) section *5 The guideline re-categorization plan*. + +A recategorization plan provides a mechanism to adjust the policy associated with a guideline that determines whether it may be violated or not and if it may be violated whether a deviation is required. +Each guideline recategorization **must** be specified in the `guideline-recategorizations` section of a `coding-standards.yml` file that **must** be anywhere in the source repository. + +A guideline recategorization specification **must** specify a `rule-id`, an identifier for the coding standards rule the recategorization applies to, and a `category`, a category that can be any of `disapplied`, `advisory`, `required`, or `mandatory`. + +An example guideline recategorization section is: + +```yaml +guideline-recategorizations: + - rule-id: "A0-1-1" + category: "mandatory" + - rule-id: "A0-1-6" + category: "disapplied" + - rule-id: "A11-0-1" + category: "mandatory" +``` + +Application of the guideline recategorization plan to the analysis results requires an additional post-processing step. +The post-processing step is implemented by the Python script `path/to/codeql-coding-standards/scripts/guideline_recategorization/recategorize.py`. +The script will update the `external//obligation/` tag for each query implementing a recategorized guideline such that `` is equal to the new category and +add the tag `external//original-obligation/` reflects the orignal category. + +The script should be invoked as follows: + +```bash +python3 path/to/codeql-coding-standards/scripts/guideline_recategorization/recategorize.py coding_standards_config_file +``` + +The `recategorize.py` scripts has a dependencies on the following Python packages that can be installed with the command `pip install -r path/to/codeql-coding-standards/scripts/guideline_recategorization/requirements.txt`: + +- Jsonpath-ng==1.5.3 +- Jsonschema +- Jsonpatch +- Jsonpointer +- PyYAML +- Pytest + +and the schema files: + +- `path/to/codeql-coding-standards/schemas/coding-standards-schema-1.0.0.json` +- `path/to/codeql-coding-standards/schemas/sarif-schema-2.1.0.json` + +The schema files **must** be available in the same directory as the `recategorize.py` file or in any ancestor directory. + ### GitHub Advanced Security and LGTM The only use cases that will be certified under ISO 26262 are those listed above. CodeQL Coding Standards is also compatible with, but not certified for, the following use cases: From ea455ed2fdfe621b190a277a829c360e8b5cac0c Mon Sep 17 00:00:00 2001 From: Remco Vermeulen Date: Fri, 4 Nov 2022 14:54:26 -0700 Subject: [PATCH 23/43] Address CodeQL module import issues --- scripts/reports/{codeql.py => codeqlvalidation.py} | 2 +- scripts/reports/deviations.py | 9 ++++++++- scripts/reports/diagnostics.py | 7 ++++++- 3 files changed, 15 insertions(+), 3 deletions(-) rename scripts/reports/{codeql.py => codeqlvalidation.py} (91%) diff --git a/scripts/reports/codeql.py b/scripts/reports/codeqlvalidation.py similarity index 91% rename from scripts/reports/codeql.py rename to scripts/reports/codeqlvalidation.py index 29a7d00c0e..e65a1c103f 100644 --- a/scripts/reports/codeql.py +++ b/scripts/reports/codeqlvalidation.py @@ -4,7 +4,7 @@ script_path = Path(__file__) # Add the shared modules to the path so we can import them. -sys.path.append(script_path.parent.parent / 'shared') +sys.path.append(str(script_path.parent.parent / 'shared')) from codeql import CodeQL diff --git a/scripts/reports/deviations.py b/scripts/reports/deviations.py index 29e977c3c0..d7baca5665 100644 --- a/scripts/reports/deviations.py +++ b/scripts/reports/deviations.py @@ -1,8 +1,15 @@ from contextlib import redirect_stdout from pathlib import Path -from codeql import CodeQLError, CodeQLValidationSummary +from codeqlvalidation import CodeQLValidationSummary from error import failure import re +import sys + +script_path = Path(__file__) +# Add the shared modules to the path so we can import them. +sys.path.append(str(script_path.parent.parent / 'shared')) +from codeql import CodeQLError + if __name__ == '__main__': failure("Error: this Python module does not support standalone execution!") diff --git a/scripts/reports/diagnostics.py b/scripts/reports/diagnostics.py index 3b95bef4a8..4cf17ec9a1 100644 --- a/scripts/reports/diagnostics.py +++ b/scripts/reports/diagnostics.py @@ -1,8 +1,13 @@ from contextlib import redirect_stdout from pathlib import Path -from codeql import CodeQLError, CodeQLValidationSummary +from codeqlvalidation import CodeQLValidationSummary from error import failure +import sys +script_path = Path(__file__) +# Add the shared modules to the path so we can import them. +sys.path.append(str(script_path.parent.parent / 'shared')) +from codeql import CodeQLError class DiagnosticsSummary: def __init__(self, database_path, repo_root): From 3a480e965d06e23d0588d9d10fe2e85af624eb3b Mon Sep 17 00:00:00 2001 From: Remco Vermeulen Date: Fri, 4 Nov 2022 17:38:34 -0700 Subject: [PATCH 24/43] Include the original rule category. --- .../ListGuidelineRecategorizations.ql | 2 +- .../ListGuidelineRecategorizations.expected | 17 ++++++++--------- 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/cpp/common/src/codingstandards/cpp/guideline_recategorizations/ListGuidelineRecategorizations.ql b/cpp/common/src/codingstandards/cpp/guideline_recategorizations/ListGuidelineRecategorizations.ql index 421385e6db..a51c1b5993 100644 --- a/cpp/common/src/codingstandards/cpp/guideline_recategorizations/ListGuidelineRecategorizations.ql +++ b/cpp/common/src/codingstandards/cpp/guideline_recategorizations/ListGuidelineRecategorizations.ql @@ -9,4 +9,4 @@ import cpp import GuidelineRecategorizations from GuidelineRecategorization gr -select gr.getRuleId(), gr.getCategory() +select gr.getRuleId(), gr.getQuery().getCategory(), gr.getCategory() diff --git a/cpp/common/test/guideline_recategorizations/ListGuidelineRecategorizations.expected b/cpp/common/test/guideline_recategorizations/ListGuidelineRecategorizations.expected index 8718623c80..0a8aeb9ba1 100644 --- a/cpp/common/test/guideline_recategorizations/ListGuidelineRecategorizations.expected +++ b/cpp/common/test/guideline_recategorizations/ListGuidelineRecategorizations.expected @@ -1,9 +1,8 @@ -| A0-1-1 | advisory | -| A0-1-1 | mandatory | -| A0-1-2 | disapplied | -| A0-1-6 | disapplied | -| A1-4-3 | mandatory | -| A10-4-1 | required | -| A11-0-1 | mandatory | -| CON50-CPP | required | -| RULE-13-6 | required | +| A0-1-1 | required | advisory | +| A0-1-1 | required | mandatory | +| A0-1-2 | required | disapplied | +| A0-1-6 | advisory | disapplied | +| A10-4-1 | advisory | required | +| A11-0-1 | advisory | mandatory | +| CON50-CPP | rule | required | +| RULE-13-6 | mandatory | required | From 72727449e173f05854cd45fb999da10875c0ea0a Mon Sep 17 00:00:00 2001 From: Remco Vermeulen Date: Fri, 4 Nov 2022 17:40:25 -0700 Subject: [PATCH 25/43] Remove unused imports --- scripts/guideline_recategorization/recategorize_test.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/scripts/guideline_recategorization/recategorize_test.py b/scripts/guideline_recategorization/recategorize_test.py index 185c92272d..f3efc4f337 100644 --- a/scripts/guideline_recategorization/recategorize_test.py +++ b/scripts/guideline_recategorization/recategorize_test.py @@ -1,7 +1,5 @@ import pytest -import difflib import recategorize -import jsonschema from pathlib import Path import argparse import sys From bc46b7544cdab63ded9cb83c8af7e9155741e03f Mon Sep 17 00:00:00 2001 From: Remco Vermeulen Date: Fri, 4 Nov 2022 17:48:16 -0700 Subject: [PATCH 26/43] Address incorrect type annotations --- scripts/shared/codeql.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/scripts/shared/codeql.py b/scripts/shared/codeql.py index 4f23f6d6db..afea4eaaa0 100644 --- a/scripts/shared/codeql.py +++ b/scripts/shared/codeql.py @@ -20,7 +20,7 @@ def __str__(self): class CodeQL(): - def __init__(self) -> 'CodeQL': + def __init__(self) -> None: codeql_result = subprocess.run( ["codeql", "version", "--format=json"], capture_output=True) if not codeql_result.returncode == 0: @@ -36,7 +36,7 @@ def __init__(self) -> 'CodeQL': raise CodeQLError( f"Failed to retrieve codeql version information with error: {e.msg}") - def __build_command_options(self, **options: Dict[str, str]) -> List[str]: + def __build_command_options(self, **options: str) -> List[str]: command_options = [] for key, value in options.items(): command_options.append(f"--{key.replace('_', '-')}") @@ -59,7 +59,7 @@ def cleanup(self, database_path: Path, mode: str = "normal") -> None: raise CodeQLError( f"Unable to cleanup database {database_path}", stdout=result.stdout, stderr=result.stderr, returncode=result.returncode) - def run_queries(self, database_path: Path, *queries: List[Path], **options: Dict[str, str]) -> None: + def run_queries(self, database_path: Path, *queries: Path, **options: str) -> None: database_path = database_path.resolve() command_options = self.__build_command_options(**options) @@ -91,7 +91,7 @@ def get_qlpack(self, qlpack_path: Path) -> Any: with qlpack_path.open() as f: return yaml.safe_load(f) - def decode_results(self, database_path: Path, query_path: Path, **options: Dict[str, str]) -> Iterator: + def decode_results(self, database_path: Path, query_path: Path, **options: str) -> List: qlpack_path = self.resolve_qlpack_path(query_path) qlpack = self.get_qlpack(qlpack_path) relative_query_path = query_path.relative_to(qlpack_path.parent) @@ -118,7 +118,7 @@ def decode_results(self, database_path: Path, query_path: Path, **options: Dict[ with open(temp_file) as tmp: return csv.reader(tmp) - def generate_query_help(self, query_help_path: Path, output: Path, format : str = "markdown", **options: Dict[str, str]) -> None: + def generate_query_help(self, query_help_path: Path, output: Path, format : str = "markdown", **options: str) -> None: command = ['codeql', 'generate', 'query-help'] options['output'] = str(output) options['format'] = format From c5ea428d598777b1dc4b5888828b5ae370f41460 Mon Sep 17 00:00:00 2001 From: Remco Vermeulen Date: Fri, 4 Nov 2022 17:48:48 -0700 Subject: [PATCH 27/43] Address returning CSV reader on closed file --- scripts/shared/codeql.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/shared/codeql.py b/scripts/shared/codeql.py index afea4eaaa0..3c0fc99995 100644 --- a/scripts/shared/codeql.py +++ b/scripts/shared/codeql.py @@ -116,7 +116,7 @@ def decode_results(self, database_path: Path, query_path: Path, **options: str) raise CodeQLError( f"Could not read the output of the query {query_path}", stdout=result.stdout, stderr=result.stderr, returncode=result.returncode) with open(temp_file) as tmp: - return csv.reader(tmp) + return list(csv.reader(tmp)) def generate_query_help(self, query_help_path: Path, output: Path, format : str = "markdown", **options: str) -> None: command = ['codeql', 'generate', 'query-help'] From 81240ca867c029efe4b08365a6fb63a13de6475d Mon Sep 17 00:00:00 2001 From: Remco Vermeulen Date: Fri, 4 Nov 2022 17:49:06 -0700 Subject: [PATCH 28/43] Add create database method --- scripts/shared/codeql.py | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/scripts/shared/codeql.py b/scripts/shared/codeql.py index 3c0fc99995..095348c618 100644 --- a/scripts/shared/codeql.py +++ b/scripts/shared/codeql.py @@ -139,3 +139,18 @@ def format(self, path: Path) -> None: if not result.returncode == 0: raise CodeQLError( f"Failed to format file {path}", stdout=result.stdout, stderr=result.stderr, returncode=result.returncode) + + def create_database(self, src_root: Path, language: str, database: Path, *build_commands : str, **options: str) -> None: + command = ['codeql', 'database', 'create'] + options['source-root'] = str(src_root) + options['language'] = language + + command_options = self.__build_command_options(**options) + command.extend(command_options) + command.extend([f'--command={build_command}' for build_command in build_commands]) + command.append(str(database)) + + result = subprocess.run(command, capture_output=True) + if not result.returncode == 0: + raise CodeQLError( + f"Failed to build database {database} from {src_root} with language {language} and commands [{','.join(build_commands)}]", stdout=result.stdout, stderr=result.stderr, returncode=result.returncode) \ No newline at end of file From 30a47e0b8c6f7a8fc1ba3695f80e863b0e9561ca Mon Sep 17 00:00:00 2001 From: Remco Vermeulen Date: Fri, 4 Nov 2022 17:50:05 -0700 Subject: [PATCH 29/43] Add guideline recategorization report generation --- scripts/reports/analysis_report.py | 3 + .../reports/guideline_recategorizations.py | 114 ++++++++++++++++++ 2 files changed, 117 insertions(+) create mode 100644 scripts/reports/guideline_recategorizations.py diff --git a/scripts/reports/analysis_report.py b/scripts/reports/analysis_report.py index b54237581a..1afc56d89b 100644 --- a/scripts/reports/analysis_report.py +++ b/scripts/reports/analysis_report.py @@ -1,5 +1,6 @@ import diagnostics import deviations +import guideline_recategorizations from pathlib import Path import sys import utils @@ -53,6 +54,8 @@ deviations.generate_deviations_report( database_path, repo_root, output_directory) +guideline_recategorizations.generate_guideline_recategorizations_report(database_path, repo_root, output_directory) + # Load the SARIF file and generate a results summary sarif_results_summary = utils.CodingStandardsResultSummary( sarif_results_file_path) diff --git a/scripts/reports/guideline_recategorizations.py b/scripts/reports/guideline_recategorizations.py new file mode 100644 index 0000000000..cc30182596 --- /dev/null +++ b/scripts/reports/guideline_recategorizations.py @@ -0,0 +1,114 @@ +from contextlib import redirect_stdout +from pathlib import Path +from codeqlvalidation import CodeQLValidationSummary +from error import failure +import sys + +script_path = Path(__file__) +# Add the shared modules to the path so we can import them. +sys.path.append(str(script_path.parent.parent / 'shared')) +from codeql import CodeQLError + + +if __name__ == '__main__': + failure("Error: this Python module does not support standalone execution!") + + +class GuidelineRecategorizationsSummary: + def __init__(self, database_path, repo_root): + if isinstance(database_path, str): + database_path = Path(database_path) + if isinstance(repo_root, str): + repo_root = Path(repo_root) + + self.database_path = database_path + try: + self.codeql_summary = CodeQLValidationSummary() + except CodeQLError as err: + failure("Error: Could not initialize CodeQL", err) + + guideline_recategorizations_path = repo_root.joinpath( + 'cpp', 'common', 'src', 'codingstandards', 'cpp', 'guideline_recategorizations') + + queries = ['ListGuidelineRecategorizations.ql', 'InvalidGuidelineRecategorizations.ql'] + + query_paths = map(guideline_recategorizations_path.joinpath, queries) + + try: + # Cleanup database cache to prevent potential cache issue + self.codeql_summary.codeql.cleanup(database_path, mode="brutal") + # Get a list of guideline recategorizations + print("Running the guideline recategorizations queries...") + self.codeql_summary.codeql.run_queries( + database_path, *query_paths, search_path=str(repo_root), no_rerun=True) + + print("Decoding guideline recategorizations queries results") + + for query in queries: + if query.startswith("List"): + decoded_results = self.codeql_summary.codeql.decode_results( + database_path, guideline_recategorizations_path.joinpath(query), no_titles=True) + self.guideline_recategorizations = decoded_results + elif query.startswith("Invalid"): + decoded_results = self.codeql_summary.codeql.decode_results( + database_path, guideline_recategorizations_path.joinpath(query), entities='url,string', no_titles=True) + self.invalid_guideline_recategorizations = decoded_results + else: + failure( + f"Error: Don't know how to decode query results for {query}") + except CodeQLError as err: + failure("Error: Failed to run guideline recategorizations queries", err) + + +def generate_guideline_recategorizations_report(database_path, repo_root, output_directory): + """Print a "guideline recategorizations report".""" + + guideline_recategorizations_summary = GuidelineRecategorizationsSummary(database_path, repo_root) + guideline_recategorizations_report_path = output_directory.joinpath( + "guideline_recategorizations_report.md") + try: + guideline_recategorizations_report_file = open( + guideline_recategorizations_report_path, "w") + except PermissionError: + failure( + f"Error: No permission to write to the output file located at '{guideline_recategorizations_report_path}'") + else: + with guideline_recategorizations_report_file: + # Print to report file, rather than stdout + with redirect_stdout(guideline_recategorizations_report_file): + print("# Guideline recategorizations report") + print() + print("## Overview") + print() + print( + f" - Report generated with {'supported' if guideline_recategorizations_summary.codeql_summary.supported_cli else 'unsupported'} CodeQL version {guideline_recategorizations_summary.codeql_summary.codeql.version}") + print( + f" - Database path: {str(guideline_recategorizations_summary.database_path.resolve())}") + number_of_guideline_recategorizations = len( + guideline_recategorizations_summary.guideline_recategorizations) + number_of_invalid_guideline_recategorizations = len( + guideline_recategorizations_summary.invalid_guideline_recategorizations) + print( + f" - { number_of_guideline_recategorizations } applicable guideline recategorizations and {number_of_invalid_guideline_recategorizations} invalid guideline recategorizations found in the database") + print() + print("## Guideline recategorizations") + print() + print( + "| Rule ID | Category | Recategorized category") + print( + "| --- | --- | --- |") + for guideline_recategorization in guideline_recategorizations_summary.guideline_recategorizations: + rule_id = guideline_recategorization[0] + category = guideline_recategorization[1] + recategorized_category = guideline_recategorization[2] + print( + f"| { rule_id } | { category } | { recategorized_category } | ") + print() + print("## Invalid guideline recategorizations") + print("| Path | Reason |") + print("| --- | --- |") + for invalid_guideline_recategorization in guideline_recategorizations_summary.invalid_guideline_recategorizations: + location = invalid_guideline_recategorization[1].split(':', 2)[2] + path, reason = map( + str.strip, invalid_guideline_recategorization[2].split(':')) + print(f"| {path}:{location} | {reason} |") From 77b561137d0b8f0d0f571969dddaadfa44fb4764 Mon Sep 17 00:00:00 2001 From: Remco Vermeulen Date: Fri, 4 Nov 2022 17:51:20 -0700 Subject: [PATCH 30/43] Add unit test for guideline recategorization report generation --- scripts/reports/analysis_report_test.py | 37 +++++++++++++++++++ scripts/reports/requirements.txt | 3 +- .../coding-standards.yml | 0 ...eline_recategorizations_report.md.expected | 29 +++++++++++++++ .../invalid/coding-standards.yml | 11 ++++++ .../guideline-recategorizations/test.cpp | 0 .../valid/coding-standards.yml | 9 +++++ 7 files changed, 88 insertions(+), 1 deletion(-) create mode 100644 scripts/reports/analysis_report_test.py create mode 100644 scripts/reports/test-data/guideline-recategorizations/coding-standards.yml create mode 100644 scripts/reports/test-data/guideline-recategorizations/guideline_recategorizations_report.md.expected create mode 100644 scripts/reports/test-data/guideline-recategorizations/invalid/coding-standards.yml create mode 100644 scripts/reports/test-data/guideline-recategorizations/test.cpp create mode 100644 scripts/reports/test-data/guideline-recategorizations/valid/coding-standards.yml diff --git a/scripts/reports/analysis_report_test.py b/scripts/reports/analysis_report_test.py new file mode 100644 index 0000000000..dafa7185a1 --- /dev/null +++ b/scripts/reports/analysis_report_test.py @@ -0,0 +1,37 @@ +import pytest +from pathlib import Path +import sys +from guideline_recategorizations import generate_guideline_recategorizations_report + +script_path = Path(__file__) +# Add the shared modules to the path so we can import them. +sys.path.append(str(script_path.parent.parent / 'shared')) +from codeql import CodeQL, CodeQLError + +REPO_ROOT = Path(__file__).resolve().parent.parent.parent +SCRIPTS_DIR = REPO_ROOT / 'scripts' +TEST_DATA_DIR = Path(__file__).resolve().parent / 'test-data' + +def test_guideline_recategorizations_report(tmp_path): + + db_path = tmp_path / 'test-db' + src_root = TEST_DATA_DIR / 'guideline-recategorizations' + codeql = CodeQL() + + compile_src_command = "clang -fsyntax-only test.cpp" + index_coding_standards_config_command = f"python3 {SCRIPTS_DIR}/configuration/process_coding_standards_config.py" + + try: + codeql.create_database(src_root, 'cpp', db_path, compile_src_command, index_coding_standards_config_command) + except CodeQLError as err: + print(err.stdout) + print(err.stderr) + raise err + + generate_guideline_recategorizations_report(db_path, REPO_ROOT, tmp_path) + + expected = (TEST_DATA_DIR / 'guideline-recategorizations' / 'guideline_recategorizations_report.md.expected').read_text() + expected = expected.replace("$codeql-version$", codeql.version).replace("$database-path$", str(db_path)) + actual = (tmp_path / "guideline_recategorizations_report.md").read_text() + + assert(expected == actual) \ No newline at end of file diff --git a/scripts/reports/requirements.txt b/scripts/reports/requirements.txt index 9d90467955..219271be96 100644 --- a/scripts/reports/requirements.txt +++ b/scripts/reports/requirements.txt @@ -1 +1,2 @@ -pyyaml==5.4 \ No newline at end of file +pyyaml==5.4 +pytest==7.2.0 \ No newline at end of file diff --git a/scripts/reports/test-data/guideline-recategorizations/coding-standards.yml b/scripts/reports/test-data/guideline-recategorizations/coding-standards.yml new file mode 100644 index 0000000000..e69de29bb2 diff --git a/scripts/reports/test-data/guideline-recategorizations/guideline_recategorizations_report.md.expected b/scripts/reports/test-data/guideline-recategorizations/guideline_recategorizations_report.md.expected new file mode 100644 index 0000000000..54fb25ae83 --- /dev/null +++ b/scripts/reports/test-data/guideline-recategorizations/guideline_recategorizations_report.md.expected @@ -0,0 +1,29 @@ +# Guideline recategorizations report + +## Overview + + - Report generated with supported CodeQL version $codeql-version$ + - Database path: $database-path$ + - 8 applicable guideline recategorizations and 5 invalid guideline recategorizations found in the database + +## Guideline recategorizations + +| Rule ID | Category | Recategorized category +| --- | --- | --- | +| A0-1-1 | required | advisory | +| A0-1-1 | required | mandatory | +| A0-1-2 | required | disapplied | +| RULE-13-6 | mandatory | required | +| CON50-CPP | rule | required | +| A0-1-6 | advisory | disapplied | +| A10-4-1 | advisory | required | +| A11-0-1 | advisory | mandatory | + +## Invalid guideline recategorizations +| Path | Reason | +| --- | --- | +| invalid/coding-standards.xml:5:7:8:43 | 'Invalid recategorization from 'required' to 'advisory'.' for rule A0-1-1. | +| invalid/coding-standards.xml:9:7:12:43 | 'Invalid recategorization from 'required' to 'disapplied'.' for rule A0-1-2. | +| invalid/coding-standards.xml:13:7:16:43 | 'Unknown rule id 'A1-4-3'.' for rule A1-4-3. | +| invalid/coding-standards.xml:17:7:20:43 | 'Invalid recategorization from 'mandatory' to 'required'.' for rule RULE-13-6. | +| invalid/coding-standards.xml:21:7:24:43 | 'Invalid recategorization from 'rule' to 'required'.' for rule CON50-CPP. | diff --git a/scripts/reports/test-data/guideline-recategorizations/invalid/coding-standards.yml b/scripts/reports/test-data/guideline-recategorizations/invalid/coding-standards.yml new file mode 100644 index 0000000000..89e562c05c --- /dev/null +++ b/scripts/reports/test-data/guideline-recategorizations/invalid/coding-standards.yml @@ -0,0 +1,11 @@ +guideline-recategorizations: + - rule-id: "A0-1-1" + category: "advisory" + - rule-id: "A0-1-2" + category: "disapplied" + - rule-id: "A1-4-3" + category: "mandatory" + - rule-id: "RULE-13-6" + category: "required" + - rule-id: "CON50-CPP" + category: "required" diff --git a/scripts/reports/test-data/guideline-recategorizations/test.cpp b/scripts/reports/test-data/guideline-recategorizations/test.cpp new file mode 100644 index 0000000000..e69de29bb2 diff --git a/scripts/reports/test-data/guideline-recategorizations/valid/coding-standards.yml b/scripts/reports/test-data/guideline-recategorizations/valid/coding-standards.yml new file mode 100644 index 0000000000..ed778a5cc1 --- /dev/null +++ b/scripts/reports/test-data/guideline-recategorizations/valid/coding-standards.yml @@ -0,0 +1,9 @@ +guideline-recategorizations: + - rule-id: "A0-1-1" + category: "mandatory" + - rule-id: "A0-1-6" + category: "disapplied" + - rule-id: "A10-4-1" + category: "required" + - rule-id: "A11-0-1" + category: "mandatory" From 9e1be4dd073e2dfab179f66a53e2c9d704b8bb3b Mon Sep 17 00:00:00 2001 From: Remco Vermeulen Date: Fri, 4 Nov 2022 17:53:29 -0700 Subject: [PATCH 31/43] Add distinguishing icon to tooling unit tests workflow --- .github/workflows/tooling-unit-tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tooling-unit-tests.yml b/.github/workflows/tooling-unit-tests.yml index 89ccde5965..3269eefd13 100644 --- a/.github/workflows/tooling-unit-tests.yml +++ b/.github/workflows/tooling-unit-tests.yml @@ -1,4 +1,4 @@ -name: Tooling unit tests +name: 🧰 Tooling unit tests on: push: From 557145332f7f09e2326dea60374c1e6c9d75ca3e Mon Sep 17 00:00:00 2001 From: Remco Vermeulen Date: Fri, 4 Nov 2022 17:59:17 -0700 Subject: [PATCH 32/43] Add analysis report unit tests to testing workflow --- .github/workflows/tooling-unit-tests.yml | 58 ++++++++++++++++++++++++ 1 file changed, 58 insertions(+) diff --git a/.github/workflows/tooling-unit-tests.yml b/.github/workflows/tooling-unit-tests.yml index 3269eefd13..5531c11d72 100644 --- a/.github/workflows/tooling-unit-tests.yml +++ b/.github/workflows/tooling-unit-tests.yml @@ -13,6 +13,64 @@ on: - next jobs: + prepare-supported-codeql-env-matrix: + name: Prepare supported CodeQL environment matrix + runs-on: ubuntu-latest + outputs: + matrix: ${{ steps.export-supported-codeql-env-matrix.outputs.matrix }} + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + - name: Export supported CodeQL environment matrix + id: export-supported-codeql-env-matrix + run: | + echo "::set-output name=matrix::$( + jq --compact-output '.supported_environment | {include: .}' supported_codeql_configs.json + )" + + analysis-report-tests: + name: Run analysis report tests + needs: prepare-supported-codeql-env-matrix + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: ${{ fromJSON(needs.prepare-supported-codeql-env-matrix.outputs.matrix) }} + steps: + - name: Checkout + uses: actions/checkout@v2 + + - name: Install Python + uses: actions/setup-python@v4 + with: + python-version: "3.9" + + - name: Install Python dependencies + run: pip install -r scripts/reports/requirements.txt + + - name: Cache CodeQL + id: cache-codeql + uses: actions/cache@v2.1.3 + with: + path: ${{ github.workspace }}/codeql_home + key: codeql-home-${{ matrix.os }}-${{ matrix.codeql_cli }}-${{ matrix.codeql_standard_library }} + + - name: Install CodeQL + if: steps.cache-codeql.outputs.cache-hit != 'true' + uses: ./.github/actions/install-codeql + with: + codeql-cli-version: ${{ matrix.codeql_cli }} + codeql-stdlib-version: ${{ matrix.codeql_standard_library }} + codeql-home: ${{ github.workspace }}/codeql_home + add-to-path: false + + - name: Run PyTest + env: + CODEQL_HOME: ${{ github.workspace }}/codeql_home + run: | + PATH=$PATH:$CODEQL_HOME/codeql + pytest scripts/reports/analysis_report_test.py + recategorization-tests: name: Run Guideline Recategorization tests runs-on: ubuntu-latest From 40f8ee6a654e90a141eb7ccdec0384b38d81771b Mon Sep 17 00:00:00 2001 From: Remco Vermeulen Date: Mon, 7 Nov 2022 12:30:40 -0800 Subject: [PATCH 33/43] Add minimal test case for deviation report generation --- scripts/reports/analysis_report_test.py | 25 ++++++++ .../test-data/deviations/coding-standards.yml | 0 .../deviations/deviations_report.md.expected | 48 +++++++++++++++ .../deviations/invalid/coding-standards.yml | 58 +++++++++++++++++++ scripts/reports/test-data/deviations/test.cpp | 0 .../deviations/valid/coding-standards.yml | 7 +++ 6 files changed, 138 insertions(+) create mode 100644 scripts/reports/test-data/deviations/coding-standards.yml create mode 100644 scripts/reports/test-data/deviations/deviations_report.md.expected create mode 100644 scripts/reports/test-data/deviations/invalid/coding-standards.yml create mode 100644 scripts/reports/test-data/deviations/test.cpp create mode 100644 scripts/reports/test-data/deviations/valid/coding-standards.yml diff --git a/scripts/reports/analysis_report_test.py b/scripts/reports/analysis_report_test.py index dafa7185a1..aaa90cf0e1 100644 --- a/scripts/reports/analysis_report_test.py +++ b/scripts/reports/analysis_report_test.py @@ -2,6 +2,7 @@ from pathlib import Path import sys from guideline_recategorizations import generate_guideline_recategorizations_report +from deviations import generate_deviations_report script_path = Path(__file__) # Add the shared modules to the path so we can import them. @@ -34,4 +35,28 @@ def test_guideline_recategorizations_report(tmp_path): expected = expected.replace("$codeql-version$", codeql.version).replace("$database-path$", str(db_path)) actual = (tmp_path / "guideline_recategorizations_report.md").read_text() + assert(expected == actual) + +def test_deviations_report(tmp_path): + + db_path = tmp_path / 'test-db' + src_root = TEST_DATA_DIR / 'deviations' + codeql = CodeQL() + + compile_src_command = "clang -fsyntax-only test.cpp" + index_coding_standards_config_command = f"python3 {SCRIPTS_DIR}/configuration/process_coding_standards_config.py" + + try: + codeql.create_database(src_root, 'cpp', db_path, compile_src_command, index_coding_standards_config_command) + except CodeQLError as err: + print(err.stdout) + print(err.stderr) + raise err + + generate_deviations_report(db_path, REPO_ROOT, tmp_path) + + expected = (TEST_DATA_DIR / 'deviations' / 'deviations_report.md.expected').read_text() + expected = expected.replace("$codeql-version$", codeql.version).replace("$database-path$", str(db_path)) + actual = (tmp_path / "deviations_report.md").read_text() + assert(expected == actual) \ No newline at end of file diff --git a/scripts/reports/test-data/deviations/coding-standards.yml b/scripts/reports/test-data/deviations/coding-standards.yml new file mode 100644 index 0000000000..e69de29bb2 diff --git a/scripts/reports/test-data/deviations/deviations_report.md.expected b/scripts/reports/test-data/deviations/deviations_report.md.expected new file mode 100644 index 0000000000..e9874023dc --- /dev/null +++ b/scripts/reports/test-data/deviations/deviations_report.md.expected @@ -0,0 +1,48 @@ +# Deviations report + +## Overview + + - Report generated with supported CodeQL version $codeql-version$ + - Database path: $database-path$ + - 3 valid deviation records and 14 invalid deviation records found in the database + - 3 valid deviation permits and 2 invalid deviation permits found in the database + +## Deviation Records + +| Rule ID | Query ID | Automated Scope | Scope | Justification | Background | Requirements +| --- | --- | --- | --- | --- | --- | --- | +| A0-1-1 | cpp/autosar/useless-assignment | Applies to the following file paths: invalid | | | | | +| A0-1-1 | cpp/autosar/useless-assignment | Applies to the following file paths: valid | | This useless assignment is required. | | | +| A0-4-2 | cpp/autosar/type-long-double-used | Identified by the use of the code-identifier: a-0-4-2-deviation | | long double is required for interaction with third-party libraries. | | | + +## Invalid Deviation Records +| Path | Reason | +| --- | --- | +| invalid/coding-standards.xml:5:7:5:26 | No rule-id and query-id specified for this deviation record. | +| invalid/coding-standards.xml:6:7:8:26 | The rule-id `bad rule id` for this deviation matches none of the available queries. | +| invalid/coding-standards.xml:9:7:11:26 | A query-id of `bad rule id` is specified for this deviation, but not rule-id is specified. | +| invalid/coding-standards.xml:15:7:17:26 | A query-id of `cpp/autosar/useless-assignment` is specified for this deviation, but not rule-id is specified. | +| invalid/coding-standards.xml:22:7:26:26 | A deviation `raised-by` is specified without providing an `approved-by`. | +| invalid/coding-standards.xml:22:7:26:26 | A deviation `raised-by` is specified without providing both a `name` and `date`. | +| invalid/coding-standards.xml:27:7:33:26 | A deviation `raised-by` is specified without providing an `approved-by`. | +| invalid/coding-standards.xml:27:7:33:26 | A deviation `raised-by` is specified without providing both a `name` and `date`. | +| invalid/coding-standards.xml:34:7:41:26 | A deviation `raised-by` is specified without providing an `approved-by`. | +| invalid/coding-standards.xml:42:7:50:26 | A deviation `approved-by` is specified without providing both a `name` and `date`. | +| invalid/coding-standards.xml:51:7:61:26 | A deviation `approved-by` is specified without providing both a `name` and `date`. | +| invalid/coding-standards.xml:74:7:78:26 | There is no deviation permit with id `non-existing-permit`. | +| invalid/coding-standards.xml:79:7:81:26 | No rule-id and query-id specified for this deviation record. | +| invalid/coding-standards.xml:85:7:88:26 | The deviation is applied to a query with the rule category 'mandatory' that does not permit a deviation. | + +## Deviation Permits + +| Permit ID | Rule ID | Query ID | Automated Scope | Scope | Justification | Background | Requirements +| --- | --- | --- | --- | --- | --- | --- | --- | +| DP1 | | | Application depends on the associated deviation records | | foo bar baz | | | +| DP2 | A0-1-1 | cpp/autosar/useless-assignment | Application depends on the associated deviation records | | | | | +| DP3 | | | Application depends on the associated deviation records | | | | | + +## Invalid Deviation Permits +| Path | Reason | +| --- | --- | +| invalid/coding-standards.xml:100:7:103:33 | Deviation permit does not specify a permit identifier. | +| invalid/coding-standards.xml:104:7:107:33 | Deviation permit specifies unknown property `invalid-property`. | diff --git a/scripts/reports/test-data/deviations/invalid/coding-standards.yml b/scripts/reports/test-data/deviations/invalid/coding-standards.yml new file mode 100644 index 0000000000..7b12c7a8c2 --- /dev/null +++ b/scripts/reports/test-data/deviations/invalid/coding-standards.yml @@ -0,0 +1,58 @@ +deviations: + - + - rule-id: bad rule id + - query-id: bad rule id + - rule-id: A0-1-1 + - query-id: cpp/autosar/useless-assignment + - rule-id: A0-1-1 + query-id: cpp/autosar/useless-assignment + - rule-id: A0-1-1 + query-id: cpp/autosar/useless-assignment + raised-by: + - rule-id: A0-1-1 + query-id: cpp/autosar/useless-assignment + raised-by: + name: foo1 + - rule-id: A0-1-1 + query-id: cpp/autosar/useless-assignment + raised-by: + name: foo2 + date: 1970-01-01Z + - rule-id: A0-1-1 + query-id: cpp/autosar/useless-assignment + raised-by: + name: foo3 + date: 1970-01-01Z + approved-by: + - rule-id: A0-1-1 + query-id: cpp/autosar/useless-assignment + raised-by: + name: foo4 + date: 1970-01-01Z + approved-by: + name: bar1 + - rule-id: A0-1-1 + query-id: cpp/autosar/useless-assignment + raised-by: + name: foo5 + date: 1970-01-01Z + approved-by: + name: bar2 + date: 1970-01-01Z + - rule-id: A0-1-1 + query-id: cpp/autosar/useless-assignment + permit-id: non-existing-permit + - permit-id: DP1 + - permit-id: DP2 + - rule-id: RULE-13-6 + query-id: c/misra/sizeof-operand-with-side-effect +deviation-permits: + - permit-id: DP1 + justification: foo bar baz + - permit-id: DP2 + rule-id: A0-1-1 + query-id: cpp/autosar/useless-assignment + - rule-id: A0-1-1 + query-id: cpp/autosar/useless-assignment + - permit-id: DP3 + invalid-property: invalid-property diff --git a/scripts/reports/test-data/deviations/test.cpp b/scripts/reports/test-data/deviations/test.cpp new file mode 100644 index 0000000000..e69de29bb2 diff --git a/scripts/reports/test-data/deviations/valid/coding-standards.yml b/scripts/reports/test-data/deviations/valid/coding-standards.yml new file mode 100644 index 0000000000..34b12a3b90 --- /dev/null +++ b/scripts/reports/test-data/deviations/valid/coding-standards.yml @@ -0,0 +1,7 @@ +deviations: + - rule-id: A0-1-1 + query-id: cpp/autosar/useless-assignment + justification: This useless assignment is required. + - rule-id: A0-4-2 + justification: long double is required for interaction with third-party libraries. + code-identifier: a-0-4-2-deviation From cbd2fcfb9a1e8d7d7921dc0d0b3de8f78e6a79f1 Mon Sep 17 00:00:00 2001 From: Remco Vermeulen Date: Mon, 7 Nov 2022 13:40:40 -0800 Subject: [PATCH 34/43] Add shared components to code scanning pack The report relies on a shared components so that should be included in the distribution. --- .github/workflows/code-scanning-pack-gen.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/code-scanning-pack-gen.yml b/.github/workflows/code-scanning-pack-gen.yml index 2c501b541b..5c1be1f041 100644 --- a/.github/workflows/code-scanning-pack-gen.yml +++ b/.github/workflows/code-scanning-pack-gen.yml @@ -86,7 +86,7 @@ jobs: codeql query compile --search-path c --search-path cpp --threads 0 c cd .. - zip -r codeql-coding-standards/code-scanning-cpp-query-pack.zip codeql-coding-standards/c/ codeql-coding-standards/cpp/ codeql-coding-standards/.codeqlmanifest.json codeql-coding-standards/supported_codeql_configs.json codeql-coding-standards/scripts/configuration codeql-coding-standards/scripts/reports + zip -r codeql-coding-standards/code-scanning-cpp-query-pack.zip codeql-coding-standards/c/ codeql-coding-standards/cpp/ codeql-coding-standards/.codeqlmanifest.json codeql-coding-standards/supported_codeql_configs.json codeql-coding-standards/scripts/configuration codeql-coding-standards/scripts/reports codeql-coding-standards/scripts/shared - name: Upload GHAS Query Pack uses: actions/upload-artifact@v2 From 79839c416de6dd548e41a21db9b25f228cbfe172 Mon Sep 17 00:00:00 2001 From: Remco Vermeulen Date: Mon, 7 Nov 2022 14:04:51 -0800 Subject: [PATCH 35/43] Add guideline recategorization scripts to code scanning pack --- .github/workflows/code-scanning-pack-gen.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/code-scanning-pack-gen.yml b/.github/workflows/code-scanning-pack-gen.yml index 5c1be1f041..8c9fa46725 100644 --- a/.github/workflows/code-scanning-pack-gen.yml +++ b/.github/workflows/code-scanning-pack-gen.yml @@ -86,7 +86,7 @@ jobs: codeql query compile --search-path c --search-path cpp --threads 0 c cd .. - zip -r codeql-coding-standards/code-scanning-cpp-query-pack.zip codeql-coding-standards/c/ codeql-coding-standards/cpp/ codeql-coding-standards/.codeqlmanifest.json codeql-coding-standards/supported_codeql_configs.json codeql-coding-standards/scripts/configuration codeql-coding-standards/scripts/reports codeql-coding-standards/scripts/shared + zip -r codeql-coding-standards/code-scanning-cpp-query-pack.zip codeql-coding-standards/c/ codeql-coding-standards/cpp/ codeql-coding-standards/.codeqlmanifest.json codeql-coding-standards/supported_codeql_configs.json codeql-coding-standards/scripts/configuration codeql-coding-standards/scripts/reports codeql-coding-standards/scripts/shared codeql-coding-standards/scripts/guideline_recategorization codeql-coding-standards/scripts/shared codeql-coding-standards/scripts/schemas - name: Upload GHAS Query Pack uses: actions/upload-artifact@v2 From ea3f1112f4bfef6017a03ebb9faf21f1fdf88f71 Mon Sep 17 00:00:00 2001 From: Remco Vermeulen Date: Mon, 7 Nov 2022 14:08:35 -0800 Subject: [PATCH 36/43] Add changenote for guideline recategorization scripts The changenote is required because we have added new files to coding standards pack. --- .../2022-11-07-add-guideline-recategorization-scripts.md | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 change_notes/2022-11-07-add-guideline-recategorization-scripts.md diff --git a/change_notes/2022-11-07-add-guideline-recategorization-scripts.md b/change_notes/2022-11-07-add-guideline-recategorization-scripts.md new file mode 100644 index 0000000000..137f21216d --- /dev/null +++ b/change_notes/2022-11-07-add-guideline-recategorization-scripts.md @@ -0,0 +1,2 @@ +- Add the Python scripts under `scripts/guideline_recategorization` and the JSON schemas under `schemas`. +- Add the Python scripts under `scripts/shared` relied upon by the analysis report generation. \ No newline at end of file From fab2b27b637236cf42eea1cd0fc4f62c2ce9a380 Mon Sep 17 00:00:00 2001 From: Remco Vermeulen Date: Mon, 28 Nov 2022 14:41:05 -0800 Subject: [PATCH 37/43] Add guideline recategorization design document. --- docs/design/guideline_recategorization.md | 178 ++++++++++++++++++++++ 1 file changed, 178 insertions(+) create mode 100644 docs/design/guideline_recategorization.md diff --git a/docs/design/guideline_recategorization.md b/docs/design/guideline_recategorization.md new file mode 100644 index 0000000000..c8eb9555c1 --- /dev/null +++ b/docs/design/guideline_recategorization.md @@ -0,0 +1,178 @@ +# Coding Standards: Guideline Recategorization + +- [Coding Standards: Guideline Recategorization](#coding-standards-guideline-recategorization) + - [Document management](#document-management) + - [Introduction](#introduction) + - [Design](#design) + - [Guideline Recategorization Plan specification](#guideline-recategorization-plan-specification) + - [Implementation](#implementation) + - [Specification and deviation](#specification-and-deviation) + - [Specification validation](#specification-validation) + - [SARIF rewriting](#sarif-rewriting) + - [Non-MISRA standards](#non-misra-standards) + +## Document management + +**ID**: codeql-coding-standards/design/grp
+**Status**: Draft + +| Version | Date | Author(s) | Reviewer (s) | +| ------- | ---------- | --------------- | ------------ | +| 0.1 | 08/10/2022 | Remco Vermeulen | \ | +| 0.2 | 10/25/2022 | Remco Vermeulen | | + +## Introduction + +Each MISRA guideline belongs to a category that defines a policy to be followed to determine whether a guideline may be violated or not and whether a deviation is required. +The document [MISRA Compliance:2020](https://www.misra.org.uk/app/uploads/2021/06/MISRA-Compliance-2020.pdf) defines the following guideline categories, and their associated policies, in addition to a mechanism to recategorize guidelines. + +- Mandatory guidelines - guidelines for which violation is never permitted. +- Required guidelines - guidelines which can only be violated when supported by a deviation. +- Advisory guidelines - recommendations for which violations are identified but are not required to be supported by a deviation. + +Guideline recategorization is possible by means of a Guideline Recategorization Plan (GRP). A GRP is a contract between the acquirer and supplier to determine how guidelines are applied. +The GRP defines the additional category Disapplied to be used for Advisory guidelines which are to be ignored. Any other category can be recategorized into stricter categories to ensure that a guideline adheres to the associated policy. +The following table summarizes the possible recategorizations. + +| Category | Recategorizations | +| --------- | ------------------------------- | +| Mandatory | | +| Required | Mandatory | +| Advisory | Disapplied, Required, Mandatory | + +Other recategorizations, from here on denoted as invalid recategorizations, are not applied and are to be reported to the user. + +## Design + +Our design includes a Guideline Recategorization Plan specification, logic to apply the category policy to associated guidelines, and a SARIF result rewriter to reflect the new category in the results. +The application of a policy will modify the behavior of a CodeQL queries implementing guidelines as follows: + +| Category | Effect | +| ---------- | -------------------------------------------------------------------- | +| Mandatory | Violations are reported, even if a deviation is applicable! | +| Required | Violations are reported unless there exists an applicable deviation. | +| Advisory | Violations are reported unless there exists an applicable deviation. | +| Disapplied | Violations are not reported. | + +The SARIF rewriting will update the category of a guideline in a SARIF result file by updating the necessary tag information of a query. + +### Guideline Recategorization Plan specification + +The Guideline Recategorization Plan specification will build upon the configuration specification introduced for deviations by adding the additional primary section `guideline-recategorizations` to the `codeql-standards.yml` configuration file. +The `guideline-recategorizations` section will be a series of compact mappings in YAML with the keys: + +- `rule-id` - the rule identifier that is recategorized. +- `category` - the category assigned to the rule identified by rule-id + +Note: We specify the recategorization based on the rule-id instead of the query-id. This can be revised if feedback requires more fine-grained recategorization. + +For example: + +```yaml +guideline-recategorizations: +- rule-id: “M5-0-17” + category: “mandatory” +``` + +## Implementation + +This section discusses the implementation of the [design](#design). + +### Specification and deviation + +The implementation will rely on the existing rule meta-data and query exclusion mechanisms to apply policies associated with a rule’s category. +The rule meta-data already includes both the `query-id` and `rule-id` associated with a query and is available during query evaluation. +The rule meta-data needs to be extended with a category that contains the guideline’s category. + +For example: + +```ql + query = + // `Query` instance for the `pointerSubtractionOnDifferentArrays` query + PointersPackage::pointerSubtractionOnDifferentArraysQuery() and + queryId = + // `@id` for the `pointerSubtractionOnDifferentArrays` query + "cpp/autosar/pointer-subtraction-on-different-arrays" and + ruleId = "M5-0-17" and + category = “required” +``` + +The category defined by the rule meta-data and the category defined in the `guideline-recategorizations` of the applicable `codeql-standards.yml` configuration file is used to determine the *effective category* of a query. +The *effective category* is the category whose policy is applied during the evaluation of a query. +The policy of a category dictates if a result can be deviated from and implements the effect described in the design section. +The existing exclusion mechanism implemented in the predicate `isExcluded` defined in the `Exclusions.qll` library will be updated to consider the applicable policy of a guideline. + +Note: This will change the behavior of deviations which will no longer have an impact on Mandatory guidelines! This, however, will only impact MISRA C rules because there are no MISRA C++ Guidelines with a Mandatory category. + +### Specification validation + +To assist users with correctly specifying a Guideline Recategorization Plan (GRP) specification we can implement two validations mechanisms that validate the specification at two different points in a GRP life cycle. +The first validation mechanism will perform syntax validation of the specification provided in the guideline-recategorizations section of a `codeql-standards.yml` configuration file and can provide feedback in any editor that supports JSON schemas published at the [JSON schema store](https://www.schemastore.org/json/). +A schema for `codeql-standards.yml` can be extended with the definition of `guideline-category` and the property `guideline-recategorizations`: + +```json +{ + "$schema": "http://json-schema.org/draft-07/schema", + "additionalProperties": false, + "definitions": { + "guideline-category": { + "enum": [ + "mandatory", + "required", + "advisory", + "disapplied" + ] + } + }, + "properties": { + "report-deviated-alerts": {...}, + "deviations": {...}, + "deviation-permits": {...}, + "guideline-recategorizations": { + "description": "A set of guideline recategorizations", + "type": "array", + "items": { + "type": "object", + "properties": { + "rule-id": { + "type": "string" + }, + "category": { + "$ref": "#/definitions/guideline-category" + } + } + } + } + }, + "required": [], + "type": "object" +} +``` + +The second validation mechanism is the generation of a `guideline-recategorization-plan-report.md` containing alerts on semantically incorrect recategorizations. +That is, possible recategorizations that are not described as valid in the introduction. +Semantically invalid recategorizations will be detected by looking at a query’s categorization and its effective categorization (i.e., its applied recategorization). + +In addition, an update to the `deviations_report.md` report’s invalidate deviations table will provide feedback to users that apply deviations to guidelines with an effective category equal to `mandatory` which cannot be deviated from. +The changes to generate the new report and update the existing report will be made in the report generation script `scripts/reports/analysis_report.py`. + +### SARIF rewriting + +The *effective category* of a guideline is a runtime property that is not reflected in the SARIF result file and therefore is not visible in any viewer used to view the results (e.g., [Code Scanning](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning)). +To ensure that users can view the *effective category* we need to rewrite the `@tags` query metadata property in the SARIF result file. +The `@tags` value is a JSON array located at the [JSON path](https://datatracker.ietf.org/wg/jsonpath/about/): + +`$.runs[?(@.tool.driver.name="CodeQL")].tool.driver.rules[*].properties.tags` + +The category tag has the form `external//obligation/` +Each guideline has an `external//id/` tag that can be used to determine if a recategorization is applicable by performing a case insensitive compare on the `` extracted from the query’s tags array and the value of the rule-id key in a `guideline-recategorizations` section. +The rewriting replaces the `` part in `external//obligation/` with the newly specified category and adds a new tag `external//original-obligation/` with the rule’s original category. + +The rewrite process translates each entry in the guideline recategorization specification into a [JSON Patch](https://datatracker.ietf.org/doc/html/rfc6902) specific to the processed SARIF file. The JSON Patch is SARIF file specific due to its reliance on [JSON Pointer](https://www.rfc-editor.org/rfc/rfc6901) to locate the obligation tags. + +A new SARIF file is created by applying the JSON Patch to the processed SARIF file. + +## Non-MISRA standards + +Guideline recategorization applies to rules adhering to the MISRA categorizations. +For standards that deviate from these conventions we assume that the rules have a category equivalent to MISRA’s *required* category. \ No newline at end of file From a85c6fff0b71319603c6db20f42897c890f65412 Mon Sep 17 00:00:00 2001 From: Remco Vermeulen Date: Tue, 29 Nov 2022 10:59:36 -0800 Subject: [PATCH 38/43] Clarify the category of non Misra standard guidelines. --- docs/design/guideline_recategorization.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/design/guideline_recategorization.md b/docs/design/guideline_recategorization.md index c8eb9555c1..34a8c53022 100644 --- a/docs/design/guideline_recategorization.md +++ b/docs/design/guideline_recategorization.md @@ -175,4 +175,4 @@ A new SARIF file is created by applying the JSON Patch to the processed SARIF fi ## Non-MISRA standards Guideline recategorization applies to rules adhering to the MISRA categorizations. -For standards that deviate from these conventions we assume that the rules have a category equivalent to MISRA’s *required* category. \ No newline at end of file +For standards that deviate from these conventions we assume that the rules have an *effective category* equivalent to MISRA’s *required* category. From 60b3115b27a970d17995a7e9217adcb1bae95304 Mon Sep 17 00:00:00 2001 From: Remco Vermeulen Date: Wed, 30 Nov 2022 13:32:30 -0800 Subject: [PATCH 39/43] Apply wording suggestion from code review Co-authored-by: Robert C. Seacord --- docs/design/guideline_recategorization.md | 30 +++++++++++------------ 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/docs/design/guideline_recategorization.md b/docs/design/guideline_recategorization.md index 34a8c53022..55405f4ddd 100644 --- a/docs/design/guideline_recategorization.md +++ b/docs/design/guideline_recategorization.md @@ -30,7 +30,7 @@ The document [MISRA Compliance:2020](https://www.misra.org.uk/app/uploads/2021/0 - Required guidelines - guidelines which can only be violated when supported by a deviation. - Advisory guidelines - recommendations for which violations are identified but are not required to be supported by a deviation. -Guideline recategorization is possible by means of a Guideline Recategorization Plan (GRP). A GRP is a contract between the acquirer and supplier to determine how guidelines are applied. +Guideline recategorization is possible by means of a guideline recategorization plan (GRP). A GRP is a contract between the acquirer and supplier to determine how guidelines are applied. The GRP defines the additional category Disapplied to be used for Advisory guidelines which are to be ignored. Any other category can be recategorized into stricter categories to ensure that a guideline adheres to the associated policy. The following table summarizes the possible recategorizations. @@ -40,11 +40,11 @@ The following table summarizes the possible recategorizations. | Required | Mandatory | | Advisory | Disapplied, Required, Mandatory | -Other recategorizations, from here on denoted as invalid recategorizations, are not applied and are to be reported to the user. +Other recategorizations are invalid, not applied, and reported to the user. ## Design -Our design includes a Guideline Recategorization Plan specification, logic to apply the category policy to associated guidelines, and a SARIF result rewriter to reflect the new category in the results. +CodeQL Coding Standards includes a GRP, logic to apply the category policy to associated guidelines, and a SARIF result rewriter to reflect the new category in the results. The application of a policy will modify the behavior of a CodeQL queries implementing guidelines as follows: | Category | Effect | @@ -54,14 +54,14 @@ The application of a policy will modify the behavior of a CodeQL queries impleme | Advisory | Violations are reported unless there exists an applicable deviation. | | Disapplied | Violations are not reported. | -The SARIF rewriting will update the category of a guideline in a SARIF result file by updating the necessary tag information of a query. +The SARIF rewrite updates the guideline category in a SARIF result file by updating the query's tag information. -### Guideline Recategorization Plan specification +### Guideline Recategorization Plan -The Guideline Recategorization Plan specification will build upon the configuration specification introduced for deviations by adding the additional primary section `guideline-recategorizations` to the `codeql-standards.yml` configuration file. +The GRE builds upon the configuration specification introduced for deviations by adding the additional primary section `guideline-recategorizations` to the `codeql-standards.yml` configuration file. The `guideline-recategorizations` section will be a series of compact mappings in YAML with the keys: -- `rule-id` - the rule identifier that is recategorized. +- `rule-id` - the recategorized rule identifier. - `category` - the category assigned to the rule identified by rule-id Note: We specify the recategorization based on the rule-id instead of the query-id. This can be revised if feedback requires more fine-grained recategorization. @@ -80,9 +80,9 @@ This section discusses the implementation of the [design](#design). ### Specification and deviation -The implementation will rely on the existing rule meta-data and query exclusion mechanisms to apply policies associated with a rule’s category. +The implementation relies on the existing rule meta-data and query exclusion mechanisms to apply policies associated with a rule’s category. The rule meta-data already includes both the `query-id` and `rule-id` associated with a query and is available during query evaluation. -The rule meta-data needs to be extended with a category that contains the guideline’s category. +The rule meta-data must be extended with a category that contains the guideline’s category. For example: @@ -97,17 +97,17 @@ For example: category = “required” ``` -The category defined by the rule meta-data and the category defined in the `guideline-recategorizations` of the applicable `codeql-standards.yml` configuration file is used to determine the *effective category* of a query. +The category defined by the rule meta-data and the category defined in the `guideline-recategorizations` of the applicable `codeql-standards.yml` configuration file specifies the *effective category* of a query. The *effective category* is the category whose policy is applied during the evaluation of a query. The policy of a category dictates if a result can be deviated from and implements the effect described in the design section. The existing exclusion mechanism implemented in the predicate `isExcluded` defined in the `Exclusions.qll` library will be updated to consider the applicable policy of a guideline. -Note: This will change the behavior of deviations which will no longer have an impact on Mandatory guidelines! This, however, will only impact MISRA C rules because there are no MISRA C++ Guidelines with a Mandatory category. +Note: This changes the behavior of deviations which will no longer have an impact on Mandatory guidelines! However, this will only affect MISRA C rules because there are no MISRA C++ Guidelines with a Mandatory category. ### Specification validation -To assist users with correctly specifying a Guideline Recategorization Plan (GRP) specification we can implement two validations mechanisms that validate the specification at two different points in a GRP life cycle. -The first validation mechanism will perform syntax validation of the specification provided in the guideline-recategorizations section of a `codeql-standards.yml` configuration file and can provide feedback in any editor that supports JSON schemas published at the [JSON schema store](https://www.schemastore.org/json/). +To assist users with correctly specifying a GRP specification we can implement two validations mechanisms that validate the specification at two different points in a GRP life cycle. +The first validation mechanism performs syntax validation of the specification provided in the guideline-recategorizations section of a `codeql-standards.yml` configuration file and can provide feedback in any editor that supports JSON schemas published at the [JSON schema store](https://www.schemastore.org/json/). A schema for `codeql-standards.yml` can be extended with the definition of `guideline-category` and the property `guideline-recategorizations`: ```json @@ -151,9 +151,9 @@ A schema for `codeql-standards.yml` can be extended with the definition of `guid The second validation mechanism is the generation of a `guideline-recategorization-plan-report.md` containing alerts on semantically incorrect recategorizations. That is, possible recategorizations that are not described as valid in the introduction. -Semantically invalid recategorizations will be detected by looking at a query’s categorization and its effective categorization (i.e., its applied recategorization). +Semantically invalid recategorizations are detected by examining a query’s categorization and its effective categorization (i.e., its applied recategorization). -In addition, an update to the `deviations_report.md` report’s invalidate deviations table will provide feedback to users that apply deviations to guidelines with an effective category equal to `mandatory` which cannot be deviated from. +In addition, an update to the `deviations_report.md` report’s invalidate deviations table provides feedback to users that apply deviations to guidelines with an effective category equal to `mandatory` which cannot be deviated from. The changes to generate the new report and update the existing report will be made in the report generation script `scripts/reports/analysis_report.py`. ### SARIF rewriting From 36b466e656eadbccd3cfd967a535a7c9d95079bd Mon Sep 17 00:00:00 2001 From: Remco Vermeulen Date: Wed, 30 Nov 2022 13:37:20 -0800 Subject: [PATCH 40/43] Remove remnant of the GRP proposal Remove the note discussing the granularity options of applying a recategorization. --- docs/design/guideline_recategorization.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/docs/design/guideline_recategorization.md b/docs/design/guideline_recategorization.md index 55405f4ddd..e939d1ca1a 100644 --- a/docs/design/guideline_recategorization.md +++ b/docs/design/guideline_recategorization.md @@ -64,8 +64,6 @@ The `guideline-recategorizations` section will be a series of compact mappings i - `rule-id` - the recategorized rule identifier. - `category` - the category assigned to the rule identified by rule-id -Note: We specify the recategorization based on the rule-id instead of the query-id. This can be revised if feedback requires more fine-grained recategorization. - For example: ```yaml From 097d09189ab74c4557d7423c5a2c4ed46d694784 Mon Sep 17 00:00:00 2001 From: Remco Vermeulen Date: Wed, 30 Nov 2022 13:38:33 -0800 Subject: [PATCH 41/43] Update the TOC --- docs/design/guideline_recategorization.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/design/guideline_recategorization.md b/docs/design/guideline_recategorization.md index e939d1ca1a..f59fdbd58e 100644 --- a/docs/design/guideline_recategorization.md +++ b/docs/design/guideline_recategorization.md @@ -4,7 +4,7 @@ - [Document management](#document-management) - [Introduction](#introduction) - [Design](#design) - - [Guideline Recategorization Plan specification](#guideline-recategorization-plan-specification) + - [Guideline Recategorization Plan](#guideline-recategorization-plan) - [Implementation](#implementation) - [Specification and deviation](#specification-and-deviation) - [Specification validation](#specification-validation) From bdbaa07b9736ebc5f1a4086964ef1fb103bdc067 Mon Sep 17 00:00:00 2001 From: Remco Vermeulen Date: Wed, 30 Nov 2022 14:01:45 -0800 Subject: [PATCH 42/43] Update document management section --- docs/design/guideline_recategorization.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/design/guideline_recategorization.md b/docs/design/guideline_recategorization.md index f59fdbd58e..ffbf5310ef 100644 --- a/docs/design/guideline_recategorization.md +++ b/docs/design/guideline_recategorization.md @@ -19,7 +19,8 @@ | Version | Date | Author(s) | Reviewer (s) | | ------- | ---------- | --------------- | ------------ | | 0.1 | 08/10/2022 | Remco Vermeulen | \ | -| 0.2 | 10/25/2022 | Remco Vermeulen | | +| 0.2 | 10/25/2022 | Remco Vermeulen | Mauro Baludo, John Singleton | +| 0.3 | 11/30/2022 | Remco Vermeulen | Robert C. Seacord | ## Introduction From be60c7ba084e5260b917ad9e08737693f5daf5e1 Mon Sep 17 00:00:00 2001 From: Remco Vermeulen Date: Wed, 30 Nov 2022 14:22:42 -0800 Subject: [PATCH 43/43] Clarify GRP for non-MISRA standards --- docs/design/guideline_recategorization.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/design/guideline_recategorization.md b/docs/design/guideline_recategorization.md index ffbf5310ef..f520869f39 100644 --- a/docs/design/guideline_recategorization.md +++ b/docs/design/guideline_recategorization.md @@ -174,4 +174,6 @@ A new SARIF file is created by applying the JSON Patch to the processed SARIF fi ## Non-MISRA standards Guideline recategorization applies to rules adhering to the MISRA categorizations. -For standards that deviate from these conventions we assume that the rules have an *effective category* equivalent to MISRA’s *required* category. +For standards that deviate from these conventions the rules have an *effective category* equivalent to MISRA’s *required* category. + +CERT rules, for example, are handled in the same way as MISRA's rules recategorized to *required*.