Skip to content

Releases: github/codeql-coding-standards

v2.6.0

21 Jul 20:04
@jsinglet jsinglet
v2.6.0
f8700ba
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.6.0 Pre-release
Pre-release

Release summary

  • New queries added for the following rule packages: Banned, Concurrency2, Preprocessor4
  • The following changes have been made for this release:
    • A3-8-1, A5-3-2, EXP54-CPP, STR51-CPP
      • All queries for these rules are now enabled by default. They previously disabled due to performance concerns.
  • Address a false positive flagged by cpp/autosar/using-directives-used for anonymous namespaces.
  • A10-2-1 - NonVirtualPublicOrProtectedFunctionsRedefinedQuery:
    • Fixed a typo that caused the derived class not to be displayed in the alert message
  • A10-3-3 - VirtualFunctionsIntroducedInFinalClassQuery
    • Fixed a typo that caused the introducing class not to be displayed in the alert message
  • Address a false positive flagged by cpp/autosar/external-linkage-not-declared-in-header-file for declarations that actually were in header files
  • Update the create_release.sh script to include query artifacts with Markdown help files
  • M3-2-1 - DeclarationsOfAnObjectShallHaveCompatibleTypes.ql
    • Use the type of the variable declaration entries instead of the variables, as variables may exist that have multiple entries with different types.
  • CON53-CPP - DeadlockByLockingInPredefinedOrder.ql
    • Optimized performance and expanded coverage to include cases where locking
      order is not serialized
  • CON52-CPP - PreventBitFieldAccessFromMultipleThreads.ql
    • Fixed an issue with RAII-style locks and scope causing locks to not be
      correctly identified.
  • Remove support for the anonymized pack because it is no longer necessary. The code scanning pack is superseding this pack.
  • Remove support for the LGTM pack because LGTM is EOL.
  • M5-18-1: Update the alert message to conform with our query style-guide.
  • CON53-CPP - DeadlockByLockingInPredefinedOrder.ql
    • Optimized performance by removing unneeded conditionals.
  • CON35-C - DeadlockByLockingInPredefinedOrder.ql
    • Optimized performance by removing unneeded conditionals.

Supported versions

  • The Code Scanning pack is supported when:
    • Using the CodeQL CLI version 2.7.6 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.7.6.
    • Using the CodeQL Action or CodeQL runner with the codeql-bundle-20220120.

Appendix: MISRA-C-2012 new queries

New queries added to cover the following rules:

  • RULE-4-12 - StdLibDynamicMemoryAllocationUsed.ql
  • RULE-7-1 - OctalConstantsUsed.ql
  • RULE-8-14 - RestrictTypeQualifierUsed.ql
  • RULE-12-3 - CommaOperatorShouldNotBeUsed.ql
  • RULE-17-1 - FeaturesOfStdarghUsed.ql
  • RULE-19-2 - UnionKeywordShouldNotBeUsed.ql
  • RULE-20-4 - MacroDefinedWithTheSameNameAsKeyword.ql
  • RULE-20-6 - FunctionLikeMacroArgsContainHashTokenCQuery.ql
  • RULE-21-1 - DefineAndUndefUsedOnReservedIdentifierOrMacroName.ql
  • RULE-21-3 - MemoryAllocDeallocFunctionsOfStdlibhUsed.ql
  • RULE-21-4 - StandardHeaderFileUsedSetjmph.ql
  • RULE-21-5 - StandardHeaderFileUsedSignalh.ql
  • RULE-21-6 - StandardLibraryInputoutputFunctionsUsed.ql
  • RULE-21-7 - AtofAtoiAtolAndAtollOfStdlibhUsed.ql
  • RULE-21-8 - TerminationFunctionsOfStdlibhUsed.ql, TerminationMacrosOfStdlibhUsed.ql
  • RULE-21-9 - BsearchAndQsortOfStdlibhUsed.ql
  • RULE-21-10 - StandardLibraryTimeAndDateFunctionsUsed.ql
  • RULE-21-11 - StandardHeaderFileTgmathhUsed.ql
  • RULE-21-12 - ExceptionHandlingFeaturesOfFenvhUsed.ql
  • RULE-21-21 - SystemOfStdlibhUsed.ql

Appendix: CERT-C new queries

New queries added to cover the following rules:

  • CON35-C - DeadlockByLockingInPredefinedOrder.ql
  • CON36-C - WrapFunctionsThatCanSpuriouslyWakeUpInLoop.ql
  • ENV33-C - DoNotCallSystem.ql
Assets 6
Loading

v1.1.0 [Certified]

12 Jul 15:23
@rvermeulen rvermeulen
v1.1.0
c0b2e7d
Compare
Choose a tag to compare
v1.1.0 [Certified]

This release of CodeQL Coding Standards is certified as a software tool suitable for use in safety-related development projects according to ISO26262:2018 for any ASIL.

Release summary

  • No new queries were added for this release
  • The following changes have been made for this release:
    • A3-8-1, A5-3-2, EXP54-CPP, STR51-CPP
      • All queries for these rules are now enabled by default. They previously disabled due to performance concerns.
  • Address a false positive flagged by cpp/autosar/using-directives-used for anonymous namespaces.
  • A10-2-1 - NonVirtualPublicOrProtectedFunctionsRedefinedQuery:
    • Fixed a typo that caused the derived class not to be displayed in the alert message
  • A10-3-3 - VirtualFunctionsIntroducedInFinalClassQuery
    • Fixed a typo that caused the introducing class not to be displayed in the alert message
  • Address a false positive flagged by cpp/autosar/external-linkage-not-declared-in-header-file for declarations that actually were in header files
  • Updated release artifacts naming convention to include the explicit tag in the filename and updated the user manual.

Supported versions

  • The Code Scanning pack is supported when:
    • Using the CodeQL CLI version 2.7.6 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.7.6.
    • Using the CodeQL Action or CodeQL runner with the codeql-bundle-20220120.
Assets 8
Loading

v2.5.0

13 Jul 09:11
@rvermeulen rvermeulen
v2.5.0
e78f15b
Compare
Choose a tag to compare
v2.5.0 Pre-release
Pre-release

Release summary

  • New queries added for the following rule packages: Concurrency1, Pointers1, Preprocessor3, Strings3, Concurrency

Supported versions

  • The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
  • The Code Scanning pack is supported when:
    • Using the CodeQL CLI version 2.7.6 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.7.6.
    • Using the CodeQL Action or CodeQL runner with the codeql-bundle-20220120.

Appendix: CERT-C++ new queries

New queries added to cover the following rules:

  • CON52-CPP - PreventBitFieldAccessFromMultipleThreads.ql

Appendix: MISRA-C-2012 new queries

New queries added to cover the following rules:

  • RULE-4-8 - ObjectWithNoPointerDereferenceShouldBeOpaque.ql
  • RULE-8-13 - PointerShouldPointToConstTypeWhenPossible.ql
  • RULE-11-1 - ConversionBetweenFunctionPointerAndOtherType.ql
  • RULE-11-2 - ConversionBetweenIncompleteTypePointerAndOtherType.ql
  • RULE-11-3 - CastBetweenObjectPointerAndDifferentObjectType.ql
  • RULE-11-4 - ConversionBetweenPointerToObjectAndIntegerType.ql
  • RULE-11-5 - ConversionFromPointerToVoidIntoPointerToObject.ql
  • RULE-11-6 - CastBetweenPointerToVoidAndArithmeticType.ql
  • RULE-11-7 - CastBetweenPointerToObjectAndNonIntArithmeticType.ql
  • RULE-11-8 - CastRemovesConstOrVolatileQualification.ql
  • RULE-11-9 - MacroNullNotUsedAsIntegerNullPointerConstant.ql
  • RULE-18-1 - PointerAndDerivedPointerMustAddressSameArray.ql
  • RULE-18-2 - SubtractionBetweenPointersMustAddressSameArray.ql
  • RULE-18-3 - RelationalOperatorComparesPointerToDifferentArray.ql
  • RULE-18-4 - DoNotUseAdditionOrSubtractionOperatorsOnPointers.ql
  • RULE-18-5 - NoMoreThanTwoLevelsOfPointerNestingInDeclarations.ql
  • RULE-18-6 - AutomaticStorageObjectAddressCopiedToOtherObject.ql
  • RULE-20-8 - ControllingExpressionIfDirective.ql

Appendix: CERT-C new queries

New queries added to cover the following rules:

  • CON32-C - PreventDataRacesWithMultipleThreads.ql
  • CON33-C - RaceConditionsWhenUsingLibraryFunctions.ql
  • CON37-C - DoNotCallSignalInMultithreadedProgram.ql
  • STR34-C - CastCharBeforeConvertingToLargerSizes.ql
  • STR38-C - DoNotConfuseNarrowAndWideFunctions.ql
Assets 6
Loading

v2.4.0

13 Jul 09:09
@rvermeulen rvermeulen
v2.4.0
c921864
Compare
Choose a tag to compare
v2.4.0 Pre-release
Pre-release

Release summary

  • New queries added for the following rule packages: IO3, Preprocessor2, Strings2
  • The following changes have been made for this release:
  • M16-3-1 - MoreThanOneOccurrenceHashOperatorInMacroDefinition.ql:
    • Removes detection of more than one occurrence in non function like Macros.

Supported versions

  • The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
  • The Code Scanning pack is supported when:
    • Using the CodeQL CLI version 2.7.6 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.7.6.
    • Using the CodeQL Action or CodeQL runner with the codeql-bundle-20220120.

Appendix: MISRA-C-2012 new queries

New queries added to cover the following rules:

  • RULE-4-10 - PrecautionIncludeGuardsNotProvided.ql
  • RULE-20-5 - UndefShouldNotBeUsed.ql
  • RULE-20-11 - MoreThanOneHashOperatorInMacroDefinition.ql
  • RULE-20-12 - MacroParameterUsedAsHashOperand.ql
  • RULE-22-3 - FileOpenForReadAndWriteOnDifferentStreams.ql
  • RULE-22-4 - AttemptToWriteToAReadOnlyStream.ql
  • RULE-22-5 - PointerToAFileObjectDereferenced.ql
  • RULE-22-7 - EofShallBeComparedWithUnmodifiedReturnValues.ql

Appendix: CERT-C new queries

New queries added to cover the following rules:

  • FIO32-C - DoNotPerformFileOperationsOnDevices.ql
  • FIO37-C - SuccessfulFgetsOrFgetwsMayReturnAnEmptyString.ql
  • STR37-C - ToCharacterHandlingFunctionsRepresentableAsUChar.ql
Assets 6
Loading

v2.3.0

13 Jul 09:07
@rvermeulen rvermeulen
v2.3.0
73ac82c
Compare
Choose a tag to compare
v2.3.0 Pre-release
Pre-release

Release summary

  • New queries added for the following rule packages: Misc, SideEffects2, Strings1
  • The following changes have been made for this release:
  • Refactored A26-5-1 and MSC50-CPP to share the same query with MSC30-C.

Supported versions

  • The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
  • The Code Scanning pack is supported when:
    • Using the CodeQL CLI version 2.7.6 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.7.6.
    • Using the CodeQL Action or CodeQL runner with the codeql-bundle-20220120.

Appendix: MISRA-C-2012 new queries

New queries added to cover the following rules:

  • RULE-13-3 - SideEffectAndCrementInFullExpression.ql
  • RULE-17-8 - ModificationOfFunctionParameter.ql

Appendix: CERT-C new queries

New queries added to cover the following rules:

  • MSC30-C - RandUsedForGeneratingPseudorandomNumbers.ql
  • MSC32-C - ProperlySeedPseudorandomNumberGenerators.ql
  • MSC37-C - ControlFlowReachesTheEndOfANonVoidFunction.ql
  • STR30-C - DoNotAttemptToModifyStringLiterals.ql
  • STR31-C - StringsHasSufficientSpaceForTheNullTerminator.ql
  • STR32-C - NonNullTerminatedToFunctionThatExpectsAString.ql
Assets 6
Loading

v2.2.0

13 Jul 09:05
@rvermeulen rvermeulen
v2.2.0
9fd472d
Compare
Choose a tag to compare
v2.2.0 Pre-release
Pre-release

Release summary

  • New queries added for the following rule packages: Misc, SideEffects2
  • The following changes have been made for this release:
  • Refactored A26-5-1 and MSC50-CPP to share the same query with MSC30-C.

Supported versions

  • The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
  • The Code Scanning pack is supported when:
    • Using the CodeQL CLI version 2.7.6 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.7.6.
    • Using the CodeQL Action or CodeQL runner with the codeql-bundle-20220120.

Appendix: MISRA-C-2012 new queries

New queries added to cover the following rules:

  • RULE-13-3 - SideEffectAndCrementInFullExpression.ql
  • RULE-17-8 - ModificationOfFunctionParameter.ql

Appendix: CERT-C new queries

New queries added to cover the following rules:

  • MSC30-C - RandUsedForGeneratingPseudorandomNumbers.ql
  • MSC32-C - ProperlySeedPseudorandomNumberGenerators.ql
  • MSC37-C - ControlFlowReachesTheEndOfANonVoidFunction.ql
Assets 6
Loading

v2.1.0

13 Jul 09:03
@rvermeulen rvermeulen
v2.1.0
7205b5e
Compare
Choose a tag to compare
v2.1.0 Pre-release
Pre-release

Release summary

  • New queries added for the following rule packages: IO2, SideEffects1, Syntax

Supported versions

  • The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
  • The Code Scanning pack is supported when:
    • Using the CodeQL CLI version 2.7.6 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.7.6.
    • Using the CodeQL Action or CodeQL runner with the codeql-bundle-20220120.

Appendix: MISRA-C-2012 new queries

New queries added to cover the following rules:

  • DIR-4-5 - IdentifiersInTheSameNameSpaceUnambiguous.ql
  • RULE-3-1 - CharacterSequencesAndUsedWithinAComment.ql
  • RULE-3-2 - LineSplicingUsedInComments.ql
  • RULE-4-1 - OctalAndHexadecimalEscapeSequencesNotTerminated.ql
  • RULE-4-4 - SectionsOfCodeShallNotBeCommentedOut.ql
  • RULE-7-2 - UOrUSuffixRepresentedInUnsignedType.ql
  • RULE-7-3 - LowercaseCharacterLUsedInLiteralSuffix.ql
  • RULE-12-1 - UnenclosedSizeofOperand.ql, ImplicitPrecedenceOfOperatorsInExpression.ql
  • RULE-13-1 - InitializerListsContainPersistentSideEffects.ql
  • RULE-13-4 - ResultOfAnAssignmentOperatorShouldNotBeUsed.ql
  • RULE-13-5 - PossibleSuppressedSideEffectInLogicOperatorOperand.ql
  • RULE-13-6 - SizeofOperandWithSideEffect.ql

Appendix: CERT-C new queries

New queries added to cover the following rules:

  • EXP30-C - DependenceOnOrderOfScalarEvaluationForSideEffects.ql, DependenceOnOrderOfFunctionArgumentsForSideEffects.ql
  • EXP44-C - UnevaluatedOperandWithSideEffect.ql
  • EXP45-C - AssignmentsInSelectionStatements.ql
  • FIO38-C - DoNotCopyAFileObject.ql
  • FIO40-C - ResetStringsOnFgetsOrFgetwsFailure.ql
  • FIO41-C - DoNotCallGetcAndPutcWithSideEffects.ql
  • FIO44-C - OnlyUseValuesForFsetposThatAreReturnedFromFgetpos.ql

Supported versions

  • The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
  • The Code Scanning pack is supported when:
    • Using the CodeQL CLI version 2.7.6 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.7.6.
    • Using the CodeQL Action or CodeQL runner with the codeql-bundle-20220120.
Assets 6
Loading

v2.0.0

13 Jul 09:01
@rvermeulen rvermeulen
v2.0.0
ae69327
Compare
Choose a tag to compare
v2.0.0 Pre-release
Pre-release

Release summary

  • New queries added for the following rule packages: IO1, Preprocessor1

Supported versions

  • The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
  • The Code Scanning pack is supported when:
    • Using the CodeQL CLI version 2.6.3 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.6.3.
    • Using the CodeQL Action or CodeQL runner with the codeql-bundle-20211005.

Appendix: MISRA-C-2012 new queries

New queries added to cover the following rules:

  • RULE-20-1 - IncludeDirectivesPrecededByDirectivesOrComments.ql
  • RULE-20-2 - ForbiddenCharactersInHeaderFileName.ql
  • RULE-20-9 - IdentifiersUsedInPreprocessorExpression.ql
  • RULE-20-10 - PreprocessorHashOperatorsShouldNotBeUsed.ql
  • RULE-22-6 - FileUsedAfterClosed.ql

Appendix: CERT-C new queries

New queries added to cover the following rules:

  • FIO30-C - ExcludeUserInputFromFormatStrings.ql
  • FIO34-C - DistinguishBetweenCharReadFromAFileAndEofOrWeof.ql, EndOfFileCheckPortability.ql
  • FIO39-C - DoNotAlternatelyIOFromAStreamWithoutPositioning.ql
  • FIO42-C - CloseFilesWhenTheyAreNoLongerNeeded.ql
  • FIO46-C - UndefinedBehaviorAccessingAClosedFile.ql
Assets 6
Loading