codeql-coding-standards
codeql-coding-standards copied to clipboard
github
This repository contains CodeQL queries and libraries which support various Coding Standards.
Hello @knewbury01, This issue has been automatically created because there are missing attestations in the following pull requests you approved: | Pull Request | Problems | |--------------|----------| | https://github.com/github/codeql-coding-standards/pull/494 |...
### Affected rules - `A0-1-1` ### Description We need to update the exclusion mechanism to consider the `SsaDefinition` not the variable, otherwise the result cannot be deviated.
**Describe the bug** We have a user report that applying a deviation to `A15-4-4` fails. We may want to consider allowing users to deviate against any declaration of a function,...
### Affected rules - `DCL30-C` ### Description There have recently been improvements to the C++ standard query for returning stack allocated memory: https://github.com/github/codeql/blob/4de19b3ec97d4379ef5988bda591d749e1cd0f99/cpp/ql/src/Likely%20Bugs/Memory%20Management/ReturnStackAllocatedMemory.ql#L7 We should adopt this new and improved...
## Description This PR include the test case in FP/FN report #8. The test case could no reproduce the issue, but it is a good test case to have because...
### Affected rules - `EXP52-CPP` ### Description Exclude uses of operators with unevaluated operands where they are already in unevaluated contexts, as the scope for confusion is less. ### Example...
### Affected rules - `A5-6-1` ### Description The INT32-C implementation has a number of refinements that address false negatives - for example, detection of assign-div and assign-mul expressions and missing...
### Affected rules - `A4-7-1` ### Description The `IntegerExpressionLeadToDataLoss.ql` query should be replaced by the more refined queries from CERT, specifically INT30-C (`UnsignedIntegerOperationsWrapAround.ql`), INT31-C (`IntegerConversionCausesDataLoss.ql`), INT32-C (`SignedIntegerOverflow.ql`) and INT34-C (`ExprShiftedByNegativeOrGreaterPrecisionOperand.ql`)....
### Affected rules - `CON54-CPP` ### Description The [`std::condition_variable::wait`](https://en.cppreference.com/w/cpp/thread/condition_variable/wait), [`std::condition_variable::wait_until`](https://en.cppreference.com/w/cpp/thread/condition_variable/wait_until) and [`std::condition_variable::wait_for`](https://en.cppreference.com/w/cpp/thread/condition_variable/wait_for) functions include an overload with a `stop_waiting` predicate parameter. If this overload is used, spurious waking is avoided...
### Affected rules - `A7-1-2` ### Description A logging function cannot be marked as `constexpr` because it is intended to have a side-effect (writing a log entry). In certain cases...