Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
f0d4694
Convert `ThrowingOperatorNewReturnsNull` to the new dataflow library
jketema Aug 15, 2025
b6a4ae9
Convert `PredicateFunctionObjectsShouldNotBeMutable` to the new dataf…
jketema Aug 15, 2025
ca1667f
Remove redundant dataflow import
jketema Aug 15, 2025
e643526
Convert `OnlyFreeMemoryAllocatedDynamicallyShared` to the new dataflo…
jketema Aug 15, 2025
0f50470
Convert `InvalidatedEnvStringPointers` to the new dataflow library
jketema Aug 15, 2025
493a4c1
Convert `FunctionErroneousReturnValueNotTested` to the new dataflow l…
jketema Aug 18, 2025
8a672b1
Update `DoNotPassAliasedPointerToRestrictQualifiedParamShared` to the…
jketema Aug 18, 2025
3bfaf5b
Convert M9-3-1 to the new dataflow library
jketema Aug 19, 2025
56cc455
Convert A8-4-9 to the new dataflow library
jketema Aug 19, 2025
6384dbd
Conver A8-4-11 to the new dataflow library
jketema Aug 19, 2025
113c121
Convert STR31-C to the new dataflow library
jketema Aug 19, 2025
f265690
Convert `FileStreams.qll` to the new dataflow library
jketema Aug 19, 2025
146d85a
Convert `DoNotAccessAClosedFile` to the new dataflow library
jketema Aug 19, 2025
4d16b3b
Update `OwnedPointerValueStoredInUnrelatedSmartPointer` to the new da…
jketema Aug 21, 2025
3b05adc
Update `MovedFromObjectsUnspecifiedState` to the new dataflow library
jketema Aug 21, 2025
ab5a471
Update `DoNotUseRelationalOperatorsWithDifferingArrays` to the new da…
jketema Aug 21, 2025
590cd5a
Convert `DanglingCaptureWhenReturningLambdaObject` to the new dataflo…
jketema Aug 21, 2025
42838bf
Update `DanglingCaptureWhenMovingLambdaObject` to the new dataflow li…
jketema Aug 21, 2025
a11320c
Update `ConstLikeReturnValue` to the new dataflow library
jketema Aug 21, 2025
99b45ad
Remove redundant dataflow import
jketema Aug 21, 2025
5e701b5
Convert `BasicStringMayNotBeNullTerminated` to the new dataflow library
jketema Aug 21, 2025
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@

import cpp
import codingstandards.c.cert
import semmle.code.cpp.dataflow.TaintTracking
import semmle.code.cpp.dataflow.new.TaintTracking
import codingstandards.cpp.PossiblyUnsafeStringOperation

/**
Expand Down
Original file line number Diff line number Diff line change
@@ -1,9 +1,3 @@
WARNING: module 'DataFlow' has been deprecated and may be removed in future (StringsHasSufficientSpaceForTheNullTerminator.ql:62,31-39)
WARNING: module 'DataFlow' has been deprecated and may be removed in future (StringsHasSufficientSpaceForTheNullTerminator.ql:62,55-63)
WARNING: module 'DataFlow' has been deprecated and may be removed in future (StringsHasSufficientSpaceForTheNullTerminator.ql:68,31-39)
WARNING: module 'DataFlow' has been deprecated and may be removed in future (StringsHasSufficientSpaceForTheNullTerminator.ql:68,54-62)
WARNING: module 'TaintTracking' has been deprecated and may be removed in future (StringsHasSufficientSpaceForTheNullTerminator.ql:62,5-18)
WARNING: module 'TaintTracking' has been deprecated and may be removed in future (StringsHasSufficientSpaceForTheNullTerminator.ql:68,5-18)
| test.c:10:20:10:24 | Cod | Expression produces or consumes a string that may not have sufficient space for a null-terminator. |
| test.c:16:3:16:9 | call to strncpy | Expression produces or consumes a string that may not have sufficient space for a null-terminator. |
| test.c:26:3:26:10 | call to snprintf | Expression produces or consumes a string that may not have sufficient space for a null-terminator. |
Expand Down
Original file line number Diff line number Diff line change
@@ -1,20 +1,29 @@
problems
| test.c:11:8:11:12 | c_str | test.c:18:16:18:21 | call to getenv | test.c:11:8:11:12 | c_str | The object returned by the function getenv should not be modified. |
| test.c:11:7:11:12 | * ... | test.c:18:16:18:21 | call to getenv | test.c:11:7:11:12 | * ... | The object returned by the function getenv should not be modified. |
| test.c:11:8:11:12 | c_str | test.c:18:16:18:21 | call to getenv | test.c:11:7:11:12 | * ... | The object returned by the function getenv should not be modified. |
| test.c:67:5:67:9 | conv4 | test.c:64:11:64:20 | call to localeconv | test.c:67:5:67:9 | conv4 | The object returned by the function localeconv should not be modified. |
| test.c:76:5:76:8 | conv | test.c:72:25:72:34 | call to localeconv | test.c:76:5:76:8 | conv | The object returned by the function localeconv should not be modified. |
edges
| test.c:8:18:8:22 | c_str | test.c:11:8:11:12 | c_str | provenance | |
| test.c:8:18:8:22 | c_str | test.c:11:7:11:12 | * ... | provenance | |
| test.c:18:16:18:21 | call to getenv | test.c:18:16:18:21 | call to getenv | provenance | |
| test.c:18:16:18:21 | call to getenv | test.c:24:9:24:12 | env1 | provenance | |
| test.c:24:9:24:12 | env1 | test.c:8:18:8:22 | c_str | provenance | |
| test.c:64:11:64:20 | call to localeconv | test.c:67:5:67:9 | conv4 | provenance | |
| test.c:72:25:72:34 | call to localeconv | test.c:76:5:76:8 | conv | provenance | |
| test.c:64:3:64:22 | ... = ... | test.c:67:5:67:9 | conv4 | provenance | |
| test.c:64:11:64:20 | call to localeconv | test.c:64:3:64:22 | ... = ... | provenance | |
| test.c:72:25:72:34 | call to localeconv | test.c:72:25:72:34 | call to localeconv | provenance | |
| test.c:72:25:72:34 | call to localeconv | test.c:73:24:73:28 | conv4 | provenance | |
| test.c:73:24:73:28 | conv4 | test.c:76:5:76:8 | conv | provenance | |
nodes
| test.c:8:18:8:22 | c_str | semmle.label | c_str |
| test.c:11:8:11:12 | c_str | semmle.label | c_str |
| test.c:11:7:11:12 | * ... | semmle.label | * ... |
| test.c:18:16:18:21 | call to getenv | semmle.label | call to getenv |
| test.c:18:16:18:21 | call to getenv | semmle.label | call to getenv |
| test.c:24:9:24:12 | env1 | semmle.label | env1 |
| test.c:64:3:64:22 | ... = ... | semmle.label | ... = ... |
| test.c:64:11:64:20 | call to localeconv | semmle.label | call to localeconv |
| test.c:67:5:67:9 | conv4 | semmle.label | conv4 |
| test.c:72:25:72:34 | call to localeconv | semmle.label | call to localeconv |
| test.c:72:25:72:34 | call to localeconv | semmle.label | call to localeconv |
| test.c:73:24:73:28 | conv4 | semmle.label | conv4 |
| test.c:76:5:76:8 | conv | semmle.label | conv |
subpaths
Original file line number Diff line number Diff line change
Expand Up @@ -10,27 +10,35 @@ problems
| test.c:25:7:25:14 | ... >= ... | test.c:7:14:7:15 | l1 | test.c:25:7:25:8 | p1 | Compare operation >= comparing left operand pointing to array $@ and other operand pointing to array $@. | test.c:2:7:2:8 | l1 | l1 | test.c:4:7:4:8 | l3 | l3 |
| test.c:25:7:25:14 | ... >= ... | test.c:25:13:25:14 | l3 | test.c:25:13:25:14 | l3 | Compare operation >= comparing right operand pointing to array $@ and other operand pointing to array $@. | test.c:4:7:4:8 | l3 | l3 | test.c:2:7:2:8 | l1 | l1 |
edges
| test.c:6:13:6:14 | l1 | test.c:6:13:6:14 | l1 | provenance | |
| test.c:6:13:6:14 | l1 | test.c:13:12:13:13 | p0 | provenance | |
| test.c:7:14:7:15 | l1 | test.c:7:14:7:18 | access to array | provenance | Config |
| test.c:7:14:7:18 | access to array | test.c:11:7:11:8 | p1 | provenance | |
| test.c:7:14:7:18 | access to array | test.c:13:7:13:8 | p1 | provenance | |
| test.c:7:14:7:18 | access to array | test.c:15:13:15:14 | p1 | provenance | |
| test.c:7:14:7:18 | access to array | test.c:17:7:17:8 | p1 | provenance | |
| test.c:7:14:7:18 | access to array | test.c:23:13:23:14 | p1 | provenance | |
| test.c:7:14:7:18 | access to array | test.c:25:7:25:8 | p1 | provenance | |
| test.c:8:14:8:15 | l1 | test.c:8:14:8:18 | access to array | provenance | Config |
| test.c:8:14:8:18 | access to array | test.c:11:12:11:13 | p2 | provenance | |
| test.c:8:14:8:18 | access to array | test.c:21:7:21:8 | p2 | provenance | |
| test.c:9:14:9:15 | l2 | test.c:9:14:9:18 | access to array | provenance | Config |
| test.c:9:14:9:18 | access to array | test.c:21:12:21:13 | p3 | provenance | |
| test.c:7:13:7:18 | & ... | test.c:7:13:7:18 | & ... | provenance | |
| test.c:7:13:7:18 | & ... | test.c:11:7:11:8 | p1 | provenance | |
| test.c:7:13:7:18 | & ... | test.c:13:7:13:8 | p1 | provenance | |
| test.c:7:13:7:18 | & ... | test.c:15:13:15:14 | p1 | provenance | |
| test.c:7:13:7:18 | & ... | test.c:17:7:17:8 | p1 | provenance | |
| test.c:7:13:7:18 | & ... | test.c:23:13:23:14 | p1 | provenance | |
| test.c:7:13:7:18 | & ... | test.c:25:7:25:8 | p1 | provenance | |
| test.c:7:14:7:15 | l1 | test.c:7:13:7:18 | & ... | provenance | Config |
| test.c:8:13:8:18 | & ... | test.c:8:13:8:18 | & ... | provenance | |
| test.c:8:13:8:18 | & ... | test.c:11:12:11:13 | p2 | provenance | |
| test.c:8:13:8:18 | & ... | test.c:21:7:21:8 | p2 | provenance | |
| test.c:8:14:8:15 | l1 | test.c:8:13:8:18 | & ... | provenance | Config |
| test.c:9:13:9:18 | & ... | test.c:9:13:9:18 | & ... | provenance | |
| test.c:9:13:9:18 | & ... | test.c:21:12:21:13 | p3 | provenance | |
| test.c:9:14:9:15 | l2 | test.c:9:13:9:18 | & ... | provenance | Config |
nodes
| test.c:6:13:6:14 | l1 | semmle.label | l1 |
| test.c:6:13:6:14 | l1 | semmle.label | l1 |
| test.c:7:13:7:18 | & ... | semmle.label | & ... |
| test.c:7:13:7:18 | & ... | semmle.label | & ... |
| test.c:7:14:7:15 | l1 | semmle.label | l1 |
| test.c:7:14:7:18 | access to array | semmle.label | access to array |
| test.c:8:13:8:18 | & ... | semmle.label | & ... |
| test.c:8:13:8:18 | & ... | semmle.label | & ... |
| test.c:8:14:8:15 | l1 | semmle.label | l1 |
| test.c:8:14:8:18 | access to array | semmle.label | access to array |
| test.c:9:13:9:18 | & ... | semmle.label | & ... |
| test.c:9:13:9:18 | & ... | semmle.label | & ... |
| test.c:9:14:9:15 | l2 | semmle.label | l2 |
| test.c:9:14:9:18 | access to array | semmle.label | access to array |
| test.c:11:7:11:8 | p1 | semmle.label | p1 |
| test.c:11:12:11:13 | p2 | semmle.label | p2 |
| test.c:13:7:13:8 | p1 | semmle.label | p1 |
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,10 @@ problems
| test.c:26:8:26:8 | p | test.c:25:13:25:14 | & ... | test.c:26:8:26:8 | p | Free expression frees memory which was not dynamically allocated. |
edges
| test.c:18:24:18:26 | ptr | test.c:18:36:18:38 | ptr | provenance | |
| test.c:25:13:25:14 | & ... | test.c:25:13:25:14 | & ... | provenance | |
| test.c:25:13:25:14 | & ... | test.c:26:8:26:8 | p | provenance | |
| test.c:27:7:27:8 | & ... | test.c:28:15:28:15 | p | provenance | |
| test.c:27:3:27:8 | ... = ... | test.c:28:15:28:15 | p | provenance | |
| test.c:27:7:27:8 | & ... | test.c:27:3:27:8 | ... = ... | provenance | |
| test.c:28:15:28:15 | p | test.c:18:24:18:26 | ptr | provenance | |
nodes
| test.c:8:8:8:10 | g_p | semmle.label | g_p |
Expand All @@ -18,7 +20,9 @@ nodes
| test.c:18:24:18:26 | ptr | semmle.label | ptr |
| test.c:18:36:18:38 | ptr | semmle.label | ptr |
| test.c:25:13:25:14 | & ... | semmle.label | & ... |
| test.c:25:13:25:14 | & ... | semmle.label | & ... |
| test.c:26:8:26:8 | p | semmle.label | p |
| test.c:27:3:27:8 | ... = ... | semmle.label | ... = ... |
| test.c:27:7:27:8 | & ... | semmle.label | & ... |
| test.c:28:15:28:15 | p | semmle.label | p |
subpaths
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
import cpp
import codingstandards.cpp.autosar
import codingstandards.cpp.SmartPointers
import semmle.code.cpp.dataflow.DataFlow
import semmle.code.cpp.dataflow.new.DataFlow
import codingstandards.cpp.standardlibrary.Utility

Expr lifetimeAffectingSmartPointerExpr(Function f) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ import codingstandards.cpp.autosar
import codingstandards.cpp.FunctionParameter
import codingstandards.cpp.ConstHelpers
import codingstandards.cpp.Operator
import semmle.code.cpp.dataflow.DataFlow
import semmle.code.cpp.dataflow.new.DataFlow

/**
* Non-const T& `Parameter`s to `Function`s
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@

import cpp
import codingstandards.cpp.autosar
import semmle.code.cpp.dataflow.DataFlow
import semmle.code.cpp.dataflow.new.DataFlow

class ReferenceTypeWithNonConstBaseType extends ReferenceType {
ReferenceTypeWithNonConstBaseType() { not this.getBaseType().isConst() }
Expand Down Expand Up @@ -46,14 +46,16 @@ class ConstMemberFunctionWithRetNonConst extends ConstMemberFunction {
from ConstMemberFunctionWithRetNonConst fun, Locatable f
where
not isExcluded(fun, ConstPackage::constMemberFunctionReturnsNonConstPointerQuery()) and
exists(ReturnStmt ret |
exists(ReturnStmt ret, DataFlow::Node vaNode, DataFlow::Node retNode |
ret.getEnclosingFunction() = fun and
retNode.asIndirectExpr() = ret.getExpr() and
(
f.(MemberVariable).getDeclaringType() = fun.getDeclaringType() and
DataFlow::localExprFlow(f.(MemberVariable).getAnAccess(), ret.getExpr())
vaNode.asIndirectExpr() = f.(MemberVariable).getAnAccess() and
f.(MemberVariable).getDeclaringType() = fun.getDeclaringType()
or
DataFlow::localExprFlow(f.(ThisExpr), ret.getExpr())
)
vaNode.asIndirectExpr() = f.(ThisExpr)
) and
DataFlow::localFlow(vaNode, retNode)
)
select fun, "Const member function returns a " + fun.getReturnTypeCategory() + " to class data $@.",
f, f.toString()
Original file line number Diff line number Diff line change
@@ -1,5 +1,3 @@
WARNING: module 'DataFlow' has been deprecated and may be removed in future (SmartPointerAsParameterWithoutLifetimeSemantics.ql:47,3-11)
WARNING: module 'DataFlow' has been deprecated and may be removed in future (SmartPointerAsParameterWithoutLifetimeSemantics.ql:56,5-13)
| test.cpp:7:41:7:43 | up1 | Function $@ takes smart pointer parameter 'up1' but does not implement any lifetime-affecting operations. | test.cpp:7:6:7:18 | smart_ptr_get | smart_ptr_get |
| test.cpp:16:53:16:55 | sp1 | Function $@ takes smart pointer parameter 'sp1' but does not implement any lifetime-affecting operations. | test.cpp:16:6:16:29 | smart_ptr_ref_assign_ref | smart_ptr_ref_assign_ref |
| test.cpp:28:55:28:57 | sp1 | Function $@ takes smart pointer parameter 'sp1' but does not implement any lifetime-affecting operations. | test.cpp:28:6:28:31 | smart_ptr_ref_noncompliant | smart_ptr_ref_noncompliant |
Original file line number Diff line number Diff line change
@@ -1,5 +1,3 @@
WARNING: module 'DataFlow' has been deprecated and may be removed in future (InOutParametersDeclaredAsTNotModified.ql:50,7-15)
WARNING: module 'DataFlow' has been deprecated and may be removed in future (InOutParametersDeclaredAsTNotModified.ql:64,7-15)
| test.cpp:4:13:4:13 | i | In-out parameter i that is not written to. |
| test.cpp:7:22:7:24 | str | In-out parameter str that is not read from. |
| test.cpp:18:14:18:14 | i | In-out parameter i that is not read from. |
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,3 @@
WARNING: module 'DataFlow' has been deprecated and may be removed in future (ConstMemberFunctionReturnsNonConstPointer.ql:53,7-15)
WARNING: module 'DataFlow' has been deprecated and may be removed in future (ConstMemberFunctionReturnsNonConstPointer.ql:55,7-15)
| test.cpp:8:8:8:11 | getA | Const member function returns a pointer to class data $@. | test.cpp:3:8:3:8 | a | a |
| test.cpp:9:8:9:11 | getB | Const member function returns a pointer to class data $@. | test.cpp:4:8:4:8 | b | b |
| test.cpp:11:6:11:12 | getThis | Const member function returns a pointer to class data $@. | test.cpp:11:36:11:39 | this | this |
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,7 @@ import codingstandards.cpp.Customizations
import codingstandards.cpp.Exclusions
import semmle.code.cpp.security.BufferWrite
import semmle.code.cpp.commons.Buffer
import semmle.code.cpp.dataflow.DataFlow
import semmle.code.cpp.dataflow.TaintTracking
import semmle.code.cpp.dataflow.new.TaintTracking
import codingstandards.cpp.PossiblyUnsafeStringOperation

abstract class BasicStringMayNotBeNullTerminatedSharedQuery extends Query { }
Expand Down Expand Up @@ -40,8 +39,13 @@ query predicate problems(BasicStringConstructorCall cc, string message) {
// a) is not a string literal
not arg instanceof StringLiteral and
// b) may exist in a dataflow from an unsafe usage of a string function
exists(PossiblyUnsafeStringOperation op |
TaintTracking::localTaint(DataFlow::exprNode(op.getAnArgument()), DataFlow::exprNode(arg))
exists(
PossiblyUnsafeStringOperation op, DataFlow::DefinitionByReferenceNode opNode,
DataFlow::Node argNode
|
opNode.asDefiningArgument() = op.getAnArgument() and argNode.asIndirectExpr() = arg
|
TaintTracking::localTaint(opNode, argNode)
) and
message = "Construction of string object with possibly non-null terminated C-style string."
)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
import cpp
import codingstandards.cpp.Customizations
import codingstandards.cpp.Exclusions
import semmle.code.cpp.dataflow.DataFlow
import semmle.code.cpp.dataflow.new.DataFlow
import DFFlow::PathGraph

abstract class ConstLikeReturnValueSharedQuery extends Query { }
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
*/

import cpp
import semmle.code.cpp.dataflow.DataFlow
import semmle.code.cpp.dataflow.new.DataFlow
import codingstandards.cpp.Customizations
import codingstandards.cpp.Exclusions
import codingstandards.cpp.Expr
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
*/

import cpp
import semmle.code.cpp.dataflow.DataFlow
import semmle.code.cpp.dataflow.new.DataFlow
import codingstandards.cpp.Customizations
import codingstandards.cpp.Exclusions

Expand Down Expand Up @@ -48,7 +48,14 @@ query predicate problems(
not isExcluded(returnStmt, getQuery()) and
lambda.getACapture() = danglingCapture and
(
DataFlow::localExprFlow(lambda, returnStmt.getExpr())
returnStmt.getExpr() = lambda
or
exists(DataFlow::Node lambdaNode, DataFlow::Node returnNode |
lambdaNode.asExpr() = lambda and
returnNode.asIndirectExpr() = returnStmt.getExpr()
|
DataFlow::localFlow(lambdaNode, returnNode)
)
or
// implement a rough heuristic to catch the results of constructors (such as std::function's)
// which take an argument that has a dangling capture and flow to a return statement
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
import cpp
import codingstandards.cpp.Customizations
import codingstandards.cpp.Exclusions
import semmle.code.cpp.dataflow.DataFlow
import semmle.code.cpp.dataflow.new.DataFlow
import codingstandards.cpp.standardlibrary.FileAccess
import semmle.code.cpp.controlflow.SubBasicBlocks

Expand Down Expand Up @@ -40,9 +40,10 @@ SubBasicBlock followsFileClose(SubBasicBlock source, Expr closedFile) {

// the argument of a call to function `fclose(FILE*)` is subsequently accessed
predicate closedFileAccess(Expr closedFile, Expr fileAccess) {
exists(DataFlow::DefinitionByReferenceNode def |
exists(DataFlow::DefinitionByReferenceNode def, DataFlow::Node va |
va.asIndirectExpr() = fileAccess.(VariableAccess) and
def.asDefiningArgument() = closedFile and
Copy link

Copilot AI Aug 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Inconsistent API usage: def.asDefiningArgument() is used here but replaced with def.getArgument() in other files. This should be updated for consistency with the new dataflow library migration.

Suggested change
def.asDefiningArgument() = closedFile and
def.getArgument() = closedFile and

Copilot uses AI. Check for mistakes.
DataFlow::localFlow(def, DataFlow::exprNode(fileAccess.(VariableAccess)))
DataFlow::localFlow(def, va)
)
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ import codingstandards.cpp.Customizations
import codingstandards.cpp.Exclusions
import codingstandards.cpp.types.Pointers
import codingstandards.cpp.Variable
import semmle.code.cpp.dataflow.DataFlow
import semmle.code.cpp.dataflow.new.DataFlow
import semmle.code.cpp.pointsto.PointsTo
import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
import cpp
import codingstandards.cpp.Customizations
import codingstandards.cpp.Exclusions
import semmle.code.cpp.dataflow.DataFlow
import semmle.code.cpp.dataflow.new.DataFlow
import ArrayToRelationalOperationOperandFlow::PathGraph

abstract class DoNotUseRelationalOperatorsWithDifferingArraysSharedQuery extends Query { }
Expand Down Expand Up @@ -43,6 +43,8 @@ module ArrayToRelationalOperationOperandConfig implements DataFlow::ConfigSig {
// Add a flow step from the base to the array expression to track pointers to elements of the array.
exists(ArrayExpr e | e.getArrayBase() = pred.asExpr() and e = succ.asExpr())
}

predicate isBarrierIn(DataFlow::Node node) { isSource(node) }
}

module ArrayToRelationalOperationOperandFlow =
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@

import cpp
import codingstandards.cpp.Customizations
import semmle.code.cpp.dataflow.DataFlow
import semmle.code.cpp.dataflow.new.DataFlow
import semmle.code.cpp.controlflow.Guards
import codingstandards.cpp.Exclusions

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
import cpp
import codingstandards.cpp.Customizations
import codingstandards.cpp.Exclusions
import semmle.code.cpp.dataflow.DataFlow
import semmle.code.cpp.dataflow.new.DataFlow

abstract class InvalidatedEnvStringPointersSharedQuery extends Query { }

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
*/

import cpp
import semmle.code.cpp.dataflow.DataFlow
import semmle.code.cpp.dataflow.new.DataFlow
import codingstandards.cpp.Exclusions
import codingstandards.cpp.standardlibrary.Utility

Expand Down Expand Up @@ -75,9 +75,10 @@ query predicate problems(Expr e, string message, StdMoveCall f, string argDesc)
not e instanceof ReassignedExpression and
// object moved to safe functions are preserved
not exists(SafeRead safe | f = safe.getArgument(0)) and
exists(DataFlow::DefinitionByReferenceNode def |
def.asDefiningArgument() = f and
DataFlow::localFlow(def, DataFlow::exprNode(e))
exists(DataFlow::DefinitionByReferenceNode def, DataFlow::Node n |
f.getArgument(0) = def.getArgument() and
Copy link

Copilot AI Aug 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The API change from asDefiningArgument() to getArgument() may not be semantically equivalent. Consider verifying that def.getArgument() captures the same defining argument semantics as the original def.asDefiningArgument().

Suggested change
f.getArgument(0) = def.getArgument() and
f.getArgument(0) = def.asDefiningArgument() and

Copilot uses AI. Check for mistakes.
n.asIndirectExpr() = e and
DataFlow::localFlow(def, n)
) and
message = "The argument of the $@ may be indeterminate when accessed at this location." and
argDesc = f.toString()
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ import cpp
import codingstandards.cpp.Customizations
import codingstandards.cpp.Exclusions
import codingstandards.cpp.Allocations
import semmle.code.cpp.dataflow.DataFlow
import semmle.code.cpp.dataflow.new.DataFlow
import NonDynamicPointerToFreeFlow::PathGraph

/**
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ import cpp
import codingstandards.cpp.Customizations
import codingstandards.cpp.Exclusions
import codingstandards.cpp.SmartPointers
import semmle.code.cpp.dataflow.TaintTracking
import semmle.code.cpp.dataflow.new.TaintTracking
import PointerToSmartPointerConstructorFlowFlow::PathGraph

abstract class OwnedPointerValueStoredInUnrelatedSmartPointerSharedQuery extends Query { }
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@ import cpp
import codingstandards.cpp.Customizations
import codingstandards.cpp.Exclusions
import codingstandards.cpp.allocations.PlacementNew
import semmle.code.cpp.dataflow.DataFlow
import PlacementNewOriginFlow::PathGraph

abstract class PlacementNewInsufficientStorageSharedQuery extends Query { }
Expand Down
Loading
Loading