Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

A18-0-1: Consider more than just the file name when identifying use of C standard libraries #7

Closed
nicolaswill opened this issue Jul 15, 2022 · 0 comments · Fixed by #530
Closed

A18-0-1: Consider more than just the file name when identifying use of C standard libraries #7

nicolaswill opened this issue Jul 15, 2022 · 0 comments · Fixed by #530
Assignees
@knewbury01
Labels
Difficulty-Medium A false positive or false negative report which is expected to take 1-5 days effort to address false positive/false negative An issue related to observed false positives or false negatives. Impact-Medium user-report Issue reported by an end user of CodeQL Coding Standards

Comments

@nicolaswill
Copy link
Contributor

Affected rules

  • A18-0-1

Description

The query for this rule reports any use of headers with file names the same as a prohibited C standard library header. This can cause false positives if the included file is not from a C standard library implementation but just happens to have the same name as a C standard library header.

There's no certain way to determine whether an include is of a C Standard Library header file, because the files themselves are not universally distinguishable, so we will need to consider some heuristics for identification.

As an initial idea, we could only report cases where:

  • The #include specifies no file path (e.g. filename = i.getIncludeText().substring(1, i.getIncludeText().length() - 2))
  • And where the target file is not within the source location (e.g. not exists(i.getIncludedFile().getRelativePath())

Example

$ cat lib/example.h 
#ifndef LIB_EXAMPLE_H_
#define LIB_EXAMPLE_H_

#endif

$ cat test.cpp 
#include "lib/example.h"  // A18-0-1 reported here
#include <iostream>
@nicolaswill nicolaswill added Difficulty-Medium A false positive or false negative report which is expected to take 1-5 days effort to address Impact-Medium user-report Issue reported by an end user of CodeQL Coding Standards false positive/false negative An issue related to observed false positives or false negatives. labels Jul 15, 2022
@knewbury01 knewbury01 self-assigned this Feb 13, 2024
@knewbury01 knewbury01 mentioned this issue Feb 13, 2024
Merged
30 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@knewbury01 knewbury01

Labels
Difficulty-Medium A false positive or false negative report which is expected to take 1-5 days effort to address false positive/false negative An issue related to observed false positives or false negatives. Impact-Medium user-report Issue reported by an end user of CodeQL Coding Standards
Projects
Coding Standards Public Development Board
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

A18-0-1: improve query logic knewbury01/codeql-coding-standards
2 participants
@knewbury01 @nicolaswill