codeql-coding-standards
codeql-coding-standards copied to clipboard
github
This repository contains CodeQL queries and libraries which support various Coding Standards.
**Describe the bug** Whenever a guideline is positioned on an expanded element of a macro invocation spanning multiple lines, a deviation using a code identifier fails to suppress the guideline...
**Describe the issue** The 3 following queries share most of the logic and could be merged into one by abstracting the copy/assign operations and their operand types: - RULE-19-1/ObjectAssignedToAnOverlappingObject -...
### Affected rules - FIO32-C ### Description Currently the implementation simply checks that the filename used in a call to `fopen` is not tainted. However, the rule requires that certain...
as noted in [this issue](https://github.com/github/codeql-coding-standards/issues/192) this rule does not address the types case the reason was that at the time of writing this query it was discovered that we dont...
Context: [conversation in this PR](https://github.com/github/codeql-coding-standards/pull/165#discussion_r1089175774) this is a shared query. It currently covers many cases relating to missing initialization, however for the first NCE on the [rule description](https://wiki.sei.cmu.edu/confluence/display/c/DCL39-C.+Avoid+information+leakage+when+passing+a+structure+across+a+trust+boundary), where there...
### Affected rules - `A2-5-2` ### Description The checker for "Rule A2-5-2 (required, implementation, automated) Digraphs shall not be used." was not implemented. Presumably, the expectation was that compiler flags...
### Affected rules A8-2-1 ### Description A8-2-1 - “When declaring function templates, the trailing return type syntax shall be used if the return type depends on the type of parameters.”
### Affected rules - A7-1-8 ### Description AUTOSAR 19-03 rule A7-1-8 - “A non-type specifier shall be placed before a type specifier in a declaration” is missing and has not...
* Add an example of using a `code-identifier` for deviations. * Explain when file based deviations are appropriate (vs. individually deviating each instance in a file).
### Affected rules - `M0-2-1` ### Description The query currently identifies objects using an intra-procedural technique - we only check for equivalence of objects within the same function. We should...