Merge branch 'main' into michaelrfairhurst/implement-package-preprocessor

Author: lcartey

.github/workflows/dispatch-matrix-test-on-comment.yml

@@ -19,7 +19,7 @@ jobs:
 
       - name: Generate token
         id: generate-token
-        uses: actions/create-github-app-token@v1
+        uses: actions/create-github-app-token@v2
         with:
           app-id: ${{ vars.AUTOMATION_APP_ID }}
           private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}

.github/workflows/dispatch-release-performance-check.yml

@@ -19,7 +19,7 @@ jobs:
 
       - name: Generate token
         id: generate-token
-        uses: actions/create-github-app-token@v1
+        uses: actions/create-github-app-token@v2
         with:
           app-id: ${{ vars.AUTOMATION_APP_ID }}
           private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}

.github/workflows/finalize-release.yml

@@ -103,7 +103,7 @@ jobs:
       - name: Generate token
         if: env.HOTFIX_RELEASE == 'false'
         id: generate-token
-        uses: actions/create-github-app-token@v1
+        uses: actions/create-github-app-token@v2
         with:
           app-id: ${{ vars.AUTOMATION_APP_ID }}
           private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}

.github/workflows/prepare-release.yml

@@ -143,7 +143,7 @@ jobs:
 
       - name: Generate token
         id: generate-token
-        uses: actions/create-github-app-token@v1
+        uses: actions/create-github-app-token@v2
         with:
           app-id: ${{ vars.AUTOMATION_APP_ID }}
           private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}

.github/workflows/update-release.yml

@@ -43,7 +43,7 @@ jobs:
 
       - name: Generate token
         id: generate-token
-        uses: actions/create-github-app-token@v1
+        uses: actions/create-github-app-token@v2
         with:
           app-id: ${{ vars.AUTOMATION_APP_ID }}
           private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}

.github/workflows/validate-release.yml

@@ -40,7 +40,7 @@ jobs:
     steps:
       - name: Generate token
         id: generate-token
-        uses: actions/create-github-app-token@v1
+        uses: actions/create-github-app-token@v2
         with:
           app-id: ${{ vars.AUTOMATION_APP_ID }}
           private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}
@@ -108,7 +108,7 @@ jobs:
     steps:
       - name: Generate token
         id: generate-token
-        uses: actions/create-github-app-token@v1
+        uses: actions/create-github-app-token@v2
         with:
           app-id: ${{ vars.AUTOMATION_APP_ID }}
           private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}

README.md

@@ -15,14 +15,15 @@ The following coding standards are supported:
 - [MISRA C 2012, 3rd Edition, 1st revision](https://www.misra.org.uk/product/misra-c2012-third-edition-first-revision/) (incoporating Amendment 1 & Technical Corrigendum 1). In addition, we support the following additional amendments and technical corrigendums:
    - [MISRA C 2012 Amendment 2](https://misra.org.uk/app/uploads/2021/06/MISRA-C-2012-AMD2.pdf)
    - [MISRA C 2012 Technical Corrigendum 2](https://misra.org.uk/app/uploads/2022/04/MISRA-C-2012-TC2.pdf)
+   - [MISRA C 2012 Amendment 3](https://misra.org.uk/app/uploads/2021/06/MISRA-C-2012-AMD3.pdf)
+   - [MISRA C 2012 Amendment 4](https://misra.org.uk/app/uploads/2021/06/MISRA-C-2012-AMD4.pdf)
+- [MISRA C 2023](https://misra.org.uk/product/misra-c2023/)
 
 ## :construction: Standards under development :construction:
 
-The following standards are under active development:
+The following standards are under active development for [C++17](https://www.iso.org/standard/68564.html):
 
-- [MISRA C++ 2023](https://misra.org.uk/product/misra-cpp2023/) - under development - _scheduled for release 2025 Q1_
-- [MISRA C 2023](https://misra.org.uk/product/misra-c2023/) - under development - _scheduled for release 2025 Q1_
-  - This includes the development of [MISRA C 2012 Amendment 3](https://misra.org.uk/app/uploads/2021/06/MISRA-C-2012-AMD3.pdf) and [MISRA C 2012 Amendment 4](https://misra.org.uk/app/uploads/2021/06/MISRA-C-2012-AMD4.pdf), which are incorporated into MISRA C 2023.
+- [MISRA C++ 2023](https://misra.org.uk/product/misra-cpp2023/) - under development - _scheduled for release 2025 Q2/Q3_
 
 ## How do I use the CodeQL Coding Standards Queries?
 

amendments.csv

@@ -24,7 +24,7 @@ c,MISRA-C-2012,Amendment4,RULE-8-9,Yes,Clarification,Yes,Import
 c,MISRA-C-2012,Amendment4,RULE-9-4,Yes,Clarification,Yes,Import
 c,MISRA-C-2012,Amendment4,RULE-10-1,Yes,Clarification,Yes,Import
 c,MISRA-C-2012,Amendment4,RULE-18-3,Yes,Clarification,Yes,Import
-c,MISRA-C-2012,Amendment4,RULE-1-4,Yes,Replace,No,Easy
+c,MISRA-C-2012,Amendment4,RULE-1-4,Yes,Replace,Yes,Easy
 c,MISRA-C-2012,Amendment4,RULE-9-1,Yes,Refine,Yes,Easy
 c,MISRA-C-2012,Corrigendum2,DIR-4-10,Yes,Clarification,Yes,Import
 c,MISRA-C-2012,Corrigendum2,RULE-7-4,Yes,Refine,Yes,Easy

c/cert/src/codeql-suites/cert-c-default.qls

@@ -0,0 +1,10 @@
+- description: CERT C 2016 (Default)
+- qlpack: codeql/cert-c-coding-standards
+- include:
+    kind:
+    - problem
+    - path-problem
+    - external/cert/obligation/rule
+- exclude:
+    tags contain:
+    - external/cert/default-disabled

c/cert/src/codeql-suites/cert-c-l1.qls

@@ -0,0 +1,12 @@
+- description: CERT C 2016 Level 1 Rules (Priority 12 - Priority 27)
+- qlpack: codeql/cert-c-coding-standards
+- include:
+    kind:
+    - problem
+    - path-problem
+    - external/cert/obligation/rule
+    tags contain:
+    - external/cert/level/l1
+- exclude:
+    tags contain:
+    - external/cert/default-disabled

c/cert/src/codeql-suites/cert-c-l2.qls

@@ -0,0 +1,12 @@
+- description: CERT C 2016 Level 2 Rules (Priority 6 - Priority 9)
+- qlpack: codeql/cert-c-coding-standards
+- include:
+    kind:
+    - problem
+    - path-problem
+    - external/cert/obligation/rule
+    tags contain:
+    - external/cert/level/l2
+- exclude:
+    tags contain:
+    - external/cert/default-disabled

c/cert/src/codeql-suites/cert-c-l3.qls

@@ -0,0 +1,12 @@
+- description: CERT C 2016 Level 3 Rules (Priority 1 - Priority 4)
+- qlpack: codeql/cert-c-coding-standards
+- include:
+    kind:
+    - problem
+    - path-problem
+    - external/cert/obligation/rule
+    tags contain:
+    - external/cert/level/l3
+- exclude:
+    tags contain:
+    - external/cert/default-disabled

c/cert/src/codeql-suites/cert-c-recommendation.qls

@@ -0,0 +1,10 @@
+- description: CERT C 2016 (Recommendations)
+- qlpack: codeql/cert-c-coding-standards
+- include:
+    kind:
+    - problem
+    - path-problem
+    - external/cert/obligation/recommendation
+- exclude:
+    tags contain:
+    - external/cert/default-disabled

c/cert/src/codeql-suites/cert-default.qls

@@ -1,9 +1,2 @@
-- description: CERT C 2016 (Default)
-- qlpack: codeql/cert-c-coding-standards
-- include:
-    kind:
-    - problem
-    - path-problem
-- exclude:
-    tags contain:
-    - external/cert/default-disabled
+- description: "DEPRECATED - CERT C 2016 - use cert-c-default.qls instead"
+- import: codeql-suites/cert-c-default.qls

c/cert/src/qlpack.yml

@@ -1,8 +1,9 @@
 name: codeql/cert-c-coding-standards
-version: 2.44.0-dev
+version: 2.47.0-dev
 description: CERT C 2016
 suites: codeql-suites
 license: MIT
+default-suite-file: codeql-suites/cert-c-default.qls
 dependencies:
   codeql/common-c-coding-standards: '*'
   codeql/cpp-all: 2.1.1

c/cert/src/rules/ARR30-C/DoNotFormOutOfBoundsPointersOrArraySubscripts.ql

@@ -9,6 +9,11 @@
  * @tags external/cert/id/arr30-c
  *       correctness
  *       security
+ *       external/cert/severity/high
+ *       external/cert/likelihood/likely
+ *       external/cert/remediation-cost/high
+ *       external/cert/priority/p9
+ *       external/cert/level/l2
  *       external/cert/obligation/rule
  */
 

c/cert/src/rules/ARR32-C/VariableLengthArraySizeNotInValidRange.ql

@@ -9,6 +9,11 @@
  * @tags external/cert/id/arr32-c
  *       correctness
  *       security
+ *       external/cert/severity/high
+ *       external/cert/likelihood/probable
+ *       external/cert/remediation-cost/high
+ *       external/cert/priority/p6
+ *       external/cert/level/l2
  *       external/cert/obligation/rule
  */
 

c/cert/src/rules/ARR36-C/DoNotRelatePointersThatDoNotReferToTheSameArray.ql

@@ -8,6 +8,11 @@
  * @problem.severity warning
  * @tags external/cert/id/arr36-c
  *       correctness
+ *       external/cert/severity/medium
+ *       external/cert/likelihood/probable
+ *       external/cert/remediation-cost/medium
+ *       external/cert/priority/p8
+ *       external/cert/level/l2
  *       external/cert/obligation/rule
  */
 

c/cert/src/rules/ARR36-C/DoNotSubtractPointersThatDoNotReferToTheSameArray.ql

@@ -8,6 +8,11 @@
  * @problem.severity warning
  * @tags external/cert/id/arr36-c
  *       correctness
+ *       external/cert/severity/medium
+ *       external/cert/likelihood/probable
+ *       external/cert/remediation-cost/medium
+ *       external/cert/priority/p8
+ *       external/cert/level/l2
  *       external/cert/obligation/rule
  */
 

c/cert/src/rules/ARR37-C/DoNotUsePointerArithmeticOnNonArrayObjectPointers.ql

@@ -8,6 +8,11 @@
  * @problem.severity error
  * @tags external/cert/id/arr37-c
  *       correctness
+ *       external/cert/severity/medium
+ *       external/cert/likelihood/probable
+ *       external/cert/remediation-cost/medium
+ *       external/cert/priority/p8
+ *       external/cert/level/l2
  *       external/cert/obligation/rule
  */
 

c/cert/src/rules/ARR38-C/LibraryFunctionArgumentOutOfBounds.ql

@@ -9,6 +9,11 @@
  * @tags external/cert/id/arr38-c
  *       correctness
  *       security
+ *       external/cert/severity/high
+ *       external/cert/likelihood/likely
+ *       external/cert/remediation-cost/medium
+ *       external/cert/priority/p18
+ *       external/cert/level/l1
  *       external/cert/obligation/rule
  */
 

c/cert/src/rules/ARR39-C/DoNotAddOrSubtractAScaledIntegerToAPointer.ql

@@ -8,6 +8,11 @@
  * @problem.severity error
  * @tags external/cert/id/arr39-c
  *       correctness
+ *       external/cert/severity/high
+ *       external/cert/likelihood/probable
+ *       external/cert/remediation-cost/high
+ *       external/cert/priority/p6
+ *       external/cert/level/l2
  *       external/cert/obligation/rule
  */
 

c/cert/src/rules/CON30-C/CleanUpThreadSpecificStorage.ql

@@ -9,6 +9,11 @@
  * @tags external/cert/id/con30-c
  *       correctness
  *       concurrency
+ *       external/cert/severity/medium
+ *       external/cert/likelihood/unlikely
+ *       external/cert/remediation-cost/medium
+ *       external/cert/priority/p4
+ *       external/cert/level/l3
  *       external/cert/obligation/rule
  */
 

c/cert/src/rules/CON31-C/DoNotAllowAMutexToGoOutOfScopeWhileLocked.ql

@@ -9,6 +9,11 @@
  * @tags external/cert/id/con31-c
  *       correctness
  *       concurrency
+ *       external/cert/severity/medium
+ *       external/cert/likelihood/probable
+ *       external/cert/remediation-cost/high
+ *       external/cert/priority/p4
+ *       external/cert/level/l3
  *       external/cert/obligation/rule
  */
 

c/cert/src/rules/CON31-C/DoNotDestroyAMutexWhileItIsLocked.ql

@@ -8,6 +8,11 @@
  * @tags external/cert/id/con31-c
  *       correctness
  *       concurrency
+ *       external/cert/severity/medium
+ *       external/cert/likelihood/probable
+ *       external/cert/remediation-cost/high
+ *       external/cert/priority/p4
+ *       external/cert/level/l3
  *       external/cert/obligation/rule
  */
 

c/cert/src/rules/CON32-C/PreventDataRacesWithMultipleThreads.ql

@@ -9,6 +9,11 @@
  * @tags external/cert/id/con32-c
  *       correctness
  *       concurrency
+ *       external/cert/severity/medium
+ *       external/cert/likelihood/probable
+ *       external/cert/remediation-cost/medium
+ *       external/cert/priority/p8
+ *       external/cert/level/l2
  *       external/cert/obligation/rule
  */
 

c/cert/src/rules/CON33-C/RaceConditionsWhenUsingLibraryFunctions.ql

@@ -8,6 +8,11 @@
  * @tags external/cert/id/con33-c
  *       correctness
  *       concurrency
+ *       external/cert/severity/medium
+ *       external/cert/likelihood/probable
+ *       external/cert/remediation-cost/high
+ *       external/cert/priority/p4
+ *       external/cert/level/l3
  *       external/cert/obligation/rule
  */
 

c/cert/src/rules/CON34-C/AppropriateThreadObjectStorageDurations.ql

@@ -9,6 +9,11 @@
  * @tags external/cert/id/con34-c
  *       correctness
  *       concurrency
+ *       external/cert/severity/medium
+ *       external/cert/likelihood/probable
+ *       external/cert/remediation-cost/high
+ *       external/cert/priority/p4
+ *       external/cert/level/l3
  *       external/cert/obligation/rule
  */
 

c/cert/src/rules/CON34-C/ThreadObjectStorageDurationsNotInitialized.ql

@@ -10,6 +10,11 @@
  *       external/cert/audit
  *       correctness
  *       concurrency
+ *       external/cert/severity/medium
+ *       external/cert/likelihood/probable
+ *       external/cert/remediation-cost/high
+ *       external/cert/priority/p4
+ *       external/cert/level/l3
  *       external/cert/obligation/rule
  */
 

c/cert/src/rules/CON35-C/DeadlockByLockingInPredefinedOrder.ql

@@ -9,6 +9,11 @@
  * @tags external/cert/id/con35-c
  *       correctness
  *       concurrency
+ *       external/cert/severity/low
+ *       external/cert/likelihood/probable
+ *       external/cert/remediation-cost/medium
+ *       external/cert/priority/p4
+ *       external/cert/level/l3
  *       external/cert/obligation/rule
  */
 

c/cert/src/rules/CON36-C/WrapFunctionsThatCanSpuriouslyWakeUpInLoop.ql

@@ -9,6 +9,11 @@
  * @tags external/cert/id/con36-c
  *       correctness
  *       concurrency
+ *       external/cert/severity/low
+ *       external/cert/likelihood/unlikely
+ *       external/cert/remediation-cost/medium
+ *       external/cert/priority/p2
+ *       external/cert/level/l3
  *       external/cert/obligation/rule
  */
 

c/cert/src/rules/CON37-C/DoNotCallSignalInMultithreadedProgram.ql

@@ -9,6 +9,11 @@
  * @tags external/cert/id/con37-c
  *       correctness
  *       concurrency
+ *       external/cert/severity/low
+ *       external/cert/likelihood/probable
+ *       external/cert/remediation-cost/low
+ *       external/cert/priority/p6
+ *       external/cert/level/l2
  *       external/cert/obligation/rule
  */
 

c/cert/src/rules/CON38-C/PreserveSafetyWhenUsingConditionVariables.ql

@@ -9,6 +9,11 @@
  * @tags external/cert/id/con38-c
  *       correctness
  *       concurrency
+ *       external/cert/severity/low
+ *       external/cert/likelihood/unlikely
+ *       external/cert/remediation-cost/medium
+ *       external/cert/priority/p2
+ *       external/cert/level/l3
  *       external/cert/obligation/rule
  */