v2.5.0

Release summary

• New queries added for the following rule packages: Concurrency1, Pointers1, Preprocessor3, Strings3, Concurrency

Supported versions

• The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
• The Code Scanning pack is supported when:
  • Using the CodeQL CLI version 2.7.6 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.7.6.
  • Using the CodeQL Action or CodeQL runner with the codeql-bundle-20220120.

Appendix: CERT-C++ new queries

New queries added to cover the following rules:

• CON52-CPP - PreventBitFieldAccessFromMultipleThreads.ql

Appendix: MISRA-C-2012 new queries

New queries added to cover the following rules:

• RULE-4-8 - ObjectWithNoPointerDereferenceShouldBeOpaque.ql
• RULE-8-13 - PointerShouldPointToConstTypeWhenPossible.ql
• RULE-11-1 - ConversionBetweenFunctionPointerAndOtherType.ql
• RULE-11-2 - ConversionBetweenIncompleteTypePointerAndOtherType.ql
• RULE-11-3 - CastBetweenObjectPointerAndDifferentObjectType.ql
• RULE-11-4 - ConversionBetweenPointerToObjectAndIntegerType.ql
• RULE-11-5 - ConversionFromPointerToVoidIntoPointerToObject.ql
• RULE-11-6 - CastBetweenPointerToVoidAndArithmeticType.ql
• RULE-11-7 - CastBetweenPointerToObjectAndNonIntArithmeticType.ql
• RULE-11-8 - CastRemovesConstOrVolatileQualification.ql
• RULE-11-9 - MacroNullNotUsedAsIntegerNullPointerConstant.ql
• RULE-18-1 - PointerAndDerivedPointerMustAddressSameArray.ql
• RULE-18-2 - SubtractionBetweenPointersMustAddressSameArray.ql
• RULE-18-3 - RelationalOperatorComparesPointerToDifferentArray.ql
• RULE-18-4 - DoNotUseAdditionOrSubtractionOperatorsOnPointers.ql
• RULE-18-5 - NoMoreThanTwoLevelsOfPointerNestingInDeclarations.ql
• RULE-18-6 - AutomaticStorageObjectAddressCopiedToOtherObject.ql
• RULE-20-8 - ControllingExpressionIfDirective.ql

Appendix: CERT-C new queries

New queries added to cover the following rules:

• CON32-C - PreventDataRacesWithMultipleThreads.ql
• CON33-C - RaceConditionsWhenUsingLibraryFunctions.ql
• CON37-C - DoNotCallSignalInMultithreadedProgram.ql
• STR34-C - CastCharBeforeConvertingToLargerSizes.ql
• STR38-C - DoNotConfuseNarrowAndWideFunctions.ql

v2.4.0

Release summary

• New queries added for the following rule packages: IO3, Preprocessor2, Strings2
• The following changes have been made for this release:
• M16-3-1 - MoreThanOneOccurrenceHashOperatorInMacroDefinition.ql:
  • Removes detection of more than one occurrence in non function like Macros.

Supported versions

• The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
• The Code Scanning pack is supported when:
  • Using the CodeQL CLI version 2.7.6 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.7.6.
  • Using the CodeQL Action or CodeQL runner with the codeql-bundle-20220120.

Appendix: MISRA-C-2012 new queries

New queries added to cover the following rules:

• RULE-4-10 - PrecautionIncludeGuardsNotProvided.ql
• RULE-20-5 - UndefShouldNotBeUsed.ql
• RULE-20-11 - MoreThanOneHashOperatorInMacroDefinition.ql
• RULE-20-12 - MacroParameterUsedAsHashOperand.ql
• RULE-22-3 - FileOpenForReadAndWriteOnDifferentStreams.ql
• RULE-22-4 - AttemptToWriteToAReadOnlyStream.ql
• RULE-22-5 - PointerToAFileObjectDereferenced.ql
• RULE-22-7 - EofShallBeComparedWithUnmodifiedReturnValues.ql

Appendix: CERT-C new queries

New queries added to cover the following rules:

• FIO32-C - DoNotPerformFileOperationsOnDevices.ql
• FIO37-C - SuccessfulFgetsOrFgetwsMayReturnAnEmptyString.ql
• STR37-C - ToCharacterHandlingFunctionsRepresentableAsUChar.ql

v2.3.0

Release summary

• New queries added for the following rule packages: Misc, SideEffects2, Strings1
• The following changes have been made for this release:
• Refactored A26-5-1 and MSC50-CPP to share the same query with MSC30-C.

Supported versions

• The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
• The Code Scanning pack is supported when:
  • Using the CodeQL CLI version 2.7.6 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.7.6.
  • Using the CodeQL Action or CodeQL runner with the codeql-bundle-20220120.

Appendix: MISRA-C-2012 new queries

New queries added to cover the following rules:

• RULE-13-3 - SideEffectAndCrementInFullExpression.ql
• RULE-17-8 - ModificationOfFunctionParameter.ql

Appendix: CERT-C new queries

New queries added to cover the following rules:

• MSC30-C - RandUsedForGeneratingPseudorandomNumbers.ql
• MSC32-C - ProperlySeedPseudorandomNumberGenerators.ql
• MSC37-C - ControlFlowReachesTheEndOfANonVoidFunction.ql
• STR30-C - DoNotAttemptToModifyStringLiterals.ql
• STR31-C - StringsHasSufficientSpaceForTheNullTerminator.ql
• STR32-C - NonNullTerminatedToFunctionThatExpectsAString.ql

v2.2.0

Release summary

• New queries added for the following rule packages: Misc, SideEffects2
• The following changes have been made for this release:
• Refactored A26-5-1 and MSC50-CPP to share the same query with MSC30-C.

Supported versions

• The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
• The Code Scanning pack is supported when:
  • Using the CodeQL CLI version 2.7.6 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.7.6.
  • Using the CodeQL Action or CodeQL runner with the codeql-bundle-20220120.

Appendix: MISRA-C-2012 new queries

New queries added to cover the following rules:

• RULE-13-3 - SideEffectAndCrementInFullExpression.ql
• RULE-17-8 - ModificationOfFunctionParameter.ql

Appendix: CERT-C new queries

New queries added to cover the following rules:

• MSC30-C - RandUsedForGeneratingPseudorandomNumbers.ql
• MSC32-C - ProperlySeedPseudorandomNumberGenerators.ql
• MSC37-C - ControlFlowReachesTheEndOfANonVoidFunction.ql

v2.1.0

Release summary

• New queries added for the following rule packages: IO2, SideEffects1, Syntax

Supported versions

• The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
• The Code Scanning pack is supported when:
  • Using the CodeQL CLI version 2.7.6 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.7.6.
  • Using the CodeQL Action or CodeQL runner with the codeql-bundle-20220120.

Appendix: MISRA-C-2012 new queries

New queries added to cover the following rules:

• DIR-4-5 - IdentifiersInTheSameNameSpaceUnambiguous.ql
• RULE-3-1 - CharacterSequencesAndUsedWithinAComment.ql
• RULE-3-2 - LineSplicingUsedInComments.ql
• RULE-4-1 - OctalAndHexadecimalEscapeSequencesNotTerminated.ql
• RULE-4-4 - SectionsOfCodeShallNotBeCommentedOut.ql
• RULE-7-2 - UOrUSuffixRepresentedInUnsignedType.ql
• RULE-7-3 - LowercaseCharacterLUsedInLiteralSuffix.ql
• RULE-12-1 - UnenclosedSizeofOperand.ql, ImplicitPrecedenceOfOperatorsInExpression.ql
• RULE-13-1 - InitializerListsContainPersistentSideEffects.ql
• RULE-13-4 - ResultOfAnAssignmentOperatorShouldNotBeUsed.ql
• RULE-13-5 - PossibleSuppressedSideEffectInLogicOperatorOperand.ql
• RULE-13-6 - SizeofOperandWithSideEffect.ql

Appendix: CERT-C new queries

New queries added to cover the following rules:

• EXP30-C - DependenceOnOrderOfScalarEvaluationForSideEffects.ql, DependenceOnOrderOfFunctionArgumentsForSideEffects.ql
• EXP44-C - UnevaluatedOperandWithSideEffect.ql
• EXP45-C - AssignmentsInSelectionStatements.ql
• FIO38-C - DoNotCopyAFileObject.ql
• FIO40-C - ResetStringsOnFgetsOrFgetwsFailure.ql
• FIO41-C - DoNotCallGetcAndPutcWithSideEffects.ql
• FIO44-C - OnlyUseValuesForFsetposThatAreReturnedFromFgetpos.ql

Supported versions

• The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
• The Code Scanning pack is supported when:
  • Using the CodeQL CLI version 2.7.6 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.7.6.
  • Using the CodeQL Action or CodeQL runner with the codeql-bundle-20220120.

v2.0.0

Release summary

• New queries added for the following rule packages: IO1, Preprocessor1

Supported versions

• The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
• The Code Scanning pack is supported when:
  • Using the CodeQL CLI version 2.6.3 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.6.3.
  • Using the CodeQL Action or CodeQL runner with the codeql-bundle-20211005.

Appendix: MISRA-C-2012 new queries

New queries added to cover the following rules:

• RULE-20-1 - IncludeDirectivesPrecededByDirectivesOrComments.ql
• RULE-20-2 - ForbiddenCharactersInHeaderFileName.ql
• RULE-20-9 - IdentifiersUsedInPreprocessorExpression.ql
• RULE-20-10 - PreprocessorHashOperatorsShouldNotBeUsed.ql
• RULE-22-6 - FileUsedAfterClosed.ql

Appendix: CERT-C new queries

New queries added to cover the following rules:

• FIO30-C - ExcludeUserInputFromFormatStrings.ql
• FIO34-C - DistinguishBetweenCharReadFromAFileAndEofOrWeof.ql, EndOfFileCheckPortability.ql
• FIO39-C - DoNotAlternatelyIOFromAStreamWithoutPositioning.ql
• FIO42-C - CloseFilesWhenTheyAreNoLongerNeeded.ql
• FIO46-C - UndefinedBehaviorAccessingAClosedFile.ql