Merge branch 'mbaluda-new-dataflow' into mbaluda-next

Author: mbaluda

.github/workflows/codeql_unit_tests.yml

@@ -168,7 +168,7 @@ jobs:
     steps:
       - name: Check if run-test-suites job failed to complete, if so fail
         if: ${{ needs.run-test-suites.result == 'failure' }}
-        uses: actions/github-script@v8
+        uses: actions/github-script@v9
         with:
           script: |
             core.setFailed('Test run job failed')

.github/workflows/dispatch-matrix-test-on-comment.yml

@@ -44,7 +44,7 @@ jobs:
           --json \
             -R github/codeql-coding-standards-release-engineering
 
-      - uses: actions/github-script@v8
+      - uses: actions/github-script@v9
         if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-matrix') && steps.check-write-permission.outputs.has-permission }}
         with:
           script: |

.github/workflows/dispatch-release-performance-check.yml

@@ -44,7 +44,7 @@ jobs:
           --json \
           -R github/codeql-coding-standards-release-engineering
 
-      - uses: actions/github-script@v8
+      - uses: actions/github-script@v9
         if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-performance') && steps.check-write-permission.outputs.has-permission }}
         with:
           script: |

.github/workflows/upgrade_codeql_dependencies.yml

@@ -56,7 +56,7 @@ jobs:
           find c \( -name '*.ql' -or -name '*.qll' \) -print0 | xargs -0 --max-procs "$XARGS_MAX_PROCS" codeql query format --in-place
 
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0
+        uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1
         with:
           title: "Upgrade `github/codeql` dependency to ${{ github.event.inputs.codeql_cli_version }}"
           body: |

README.md

@@ -6,12 +6,13 @@ This repository contains CodeQL queries and libraries which support various Codi
 
 _Carnegie Mellon and CERT are registered trademarks of Carnegie Mellon University._
 
-This repository contains CodeQL queries and libraries which support various Coding Standards for the [C++14](https://www.iso.org/standard/64029.html), [C99](https://www.iso.org/standard/29237.html) and [C11](https://www.iso.org/standard/57853.html) programming languages.
+This repository contains CodeQL queries and libraries which support various Coding Standards for the [C++14](https://www.iso.org/standard/64029.html), [C++17](https://www.iso.org/standard/68564.html), [C99](https://www.iso.org/standard/29237.html) and [C11](https://www.iso.org/standard/57853.html) programming languages.
 
 The following coding standards are supported:
 - [AUTOSAR - Guidelines for the use of C++14 language in critical and safety-related systems (Releases R22-11, R20-11, R19-11 and R19-03)](https://www.autosar.org/fileadmin/standards/R22-11/AP/AUTOSAR_RS_CPP14Guidelines.pdf). 
 - [SEI CERT C++ Coding Standard: Rules for Developing Safe, Reliable, and Secure Systems (2016 Edition)](https://resources.sei.cmu.edu/library/asset-view.cfm?assetID=494932)
 - [SEI CERT C Coding Standard: Rules for Developing Safe, Reliable, and Secure Systems (2016 Edition)](https://resources.sei.cmu.edu/downloads/secure-coding/assets/sei-cert-c-coding-standard-2016-v01.pdf)
+- [MISRA C++ 2023: Guidelines for the use of C++ in critical systems](https://misra.org.uk/product/misra-cpp2023/).
 - [MISRA C 2012, 3rd Edition, 1st revision](https://www.misra.org.uk/product/misra-c2012-third-edition-first-revision/) (incoporating Amendment 1 & Technical Corrigendum 1). In addition, we support the following additional amendments and technical corrigendums:
    - [MISRA C 2012 Amendment 2](https://misra.org.uk/app/uploads/2021/06/MISRA-C-2012-AMD2.pdf)
    - [MISRA C 2012 Technical Corrigendum 2](https://misra.org.uk/app/uploads/2022/04/MISRA-C-2012-TC2.pdf)
@@ -21,9 +22,13 @@ The following coding standards are supported:
 
 ## :construction: Standards under development :construction:
 
-The following standards are under active development for [C++17](https://www.iso.org/standard/68564.html):
+There are currently no new coding standards under active development.
 
-- [MISRA C++ 2023](https://misra.org.uk/product/misra-cpp2023/) - under development - _scheduled for release 2026 Q1/Q2_
+This project intends to begin development of the following standards in the near future:
+
+- [MISRA C 2025](https://misra.org.uk/product/misra-c2025/)
+
+If you are interested in this standard or when it will be available, consider contacting us via email or by filing an issue.
 
 ## How do I use the CodeQL Coding Standards Queries?
 

c/cert/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cert-c-coding-standards
-version: 2.57.0-dev
+version: 2.62.0-dev
 description: CERT C 2016
 suites: codeql-suites
 license: MIT

c/cert/src/rules/DCL40-C/ExternalIdentifiers.qll

@@ -21,42 +21,11 @@
 
 import cpp
 import codingstandards.c.cert
-import codingstandards.cpp.types.Compatible
-import ExternalIdentifiers
+import codingstandards.cpp.rules.incompatiblefunctiondeclaration.IncompatibleFunctionDeclaration
 
-predicate interestedInFunctions(
-  FunctionDeclarationEntry f1, FunctionDeclarationEntry f2, ExternalIdentifiers d
-) {
-  not f1 = f2 and
-  d = f1.getDeclaration() and
-  d = f2.getDeclaration()
+module IncompatibleFunctionDeclarationsCppConfig implements IncompatibleFunctionDeclarationConfigSig
+{
+  Query getQuery() { result = Declarations2Package::incompatibleFunctionDeclarationsQuery() }
 }
 
-predicate interestedInFunctions(FunctionDeclarationEntry f1, FunctionDeclarationEntry f2) {
-  interestedInFunctions(f1, f2, _)
-}
-
-module FuncDeclEquiv =
-  FunctionDeclarationTypeEquivalence<TypesCompatibleConfig, interestedInFunctions/2>;
-
-from ExternalIdentifiers d, FunctionDeclarationEntry f1, FunctionDeclarationEntry f2
-where
-  not isExcluded(f1, Declarations2Package::incompatibleFunctionDeclarationsQuery()) and
-  not isExcluded(f2, Declarations2Package::incompatibleFunctionDeclarationsQuery()) and
-  interestedInFunctions(f1, f2, d) and
-  (
-    //return type check
-    not FuncDeclEquiv::equalReturnTypes(f1, f2)
-    or
-    //parameter type check
-    not FuncDeclEquiv::equalParameterTypes(f1, f2)
-  ) and
-  // Apply ordering on start line, trying to avoid the optimiser applying this join too early
-  // in the pipeline
-  exists(int f1Line, int f2Line |
-    f1.getLocation().hasLocationInfo(_, f1Line, _, _, _) and
-    f2.getLocation().hasLocationInfo(_, f2Line, _, _, _) and
-    f1Line >= f2Line
-  )
-select f1, "The object $@ is not compatible with re-declaration $@", f1, f1.getName(), f2,
-  f2.getName()
+import IncompatibleFunctionDeclaration<IncompatibleFunctionDeclarationsCppConfig>

c/cert/src/rules/DCL40-C/IncompatibleFunctionDeclarations.ql

@@ -20,16 +20,10 @@
 
 import cpp
 import codingstandards.c.cert
-import ExternalIdentifiers
+import codingstandards.cpp.rules.incompatibleobjectdeclaration.IncompatibleObjectDeclaration
 
-from VariableDeclarationEntry decl1, VariableDeclarationEntry decl2
-where
-  not isExcluded(decl1, Declarations2Package::incompatibleObjectDeclarationsQuery()) and
-  not isExcluded(decl2, Declarations2Package::incompatibleObjectDeclarationsQuery()) and
-  not decl1.getUnspecifiedType() = decl2.getUnspecifiedType() and
-  decl1.getDeclaration() instanceof ExternalIdentifiers and
-  decl2.getDeclaration() instanceof ExternalIdentifiers and
-  decl1.getLocation().getStartLine() >= decl2.getLocation().getStartLine() and
-  decl1.getVariable().getName() = decl2.getVariable().getName()
-select decl1, "The object $@ is not compatible with re-declaration $@", decl1, decl1.getName(),
-  decl2, decl2.getName()
+module IncompatibleObjectDeclarationsCppConfig implements IncompatibleObjectDeclarationConfigSig {
+  Query getQuery() { result = Declarations2Package::incompatibleObjectDeclarationsQuery() }
+}
+
+import IncompatibleObjectDeclaration<IncompatibleObjectDeclarationsCppConfig>

c/cert/src/rules/DCL40-C/IncompatibleObjectDeclarations.ql

@@ -19,7 +19,7 @@
 import cpp
 import codingstandards.c.cert
 import codingstandards.cpp.SideEffect
-import semmle.code.cpp.dataflow.TaintTracking
+import semmle.code.cpp.dataflow.new.TaintTracking
 import semmle.code.cpp.valuenumbering.GlobalValueNumbering
 
 /** Holds if the function's return value is derived from the `AliasParamter` p. */