QL1.21: Finalize change notes for C/C++ #1413
Conversation
felicitymay
changed the title
| | **Query** | **Tags** | **Purpose** | | ||
| |-----------------------------|-----------|--------------------------------------------------------------------| | ||
| | `()`-declared function called with too few arguments (`cpp/too-few-arguments`) | Correctness | Find all cases where the number of arguments is less than the number of parameters of the function, provided the function is also properly declared/defined elsewhere. | | ||
| | `()`-declared function called with mismatched arguments (`cpp/mismatched-function-arguments`) | Correctness | Find all cases where the types of arguments do not match the types of parameters of the function, provided the function is also properly declared/defined elsewhere. | |
There was a problem hiding this comment.
Where did the changelog entry for cpp/mismatched-function-arguments go? The query has tags correctness, maintainability.
There was a problem hiding this comment.
My apologies - I got confused and thought these were the same query. There were problems with the @names which didn't help. I'll put it back and find the right @name for it.
There was a problem hiding this comment.
I can't find a query with that identifier at all. Maybe I'm looking in the wrong place.
There was a problem hiding this comment.
It looks as if it should be cpp/misttyped-function-arguments which was added in: #1136. I'll return the table row and amend accordingly. Please check that I've done the right thing.
There was a problem hiding this comment.
s/misttyped/mistyped/.
There was a problem hiding this comment.
Good point. Fortunately it's correct in the file, just not my comment!
change-notes/1.21/analysis-cpp.md
Outdated
| | `()`-declared function called with mismatched arguments (`cpp/mismatched-function-arguments`) | Correctness | Find all cases where the types of arguments do not match the types of parameters of the function, provided the function is also properly declared/defined elsewhere. | | ||
| | Call to alloca in a loop (`cpp/alloca-in-loop`) | reliability, correctness, external/cwe/cwe-770 | Finds calls to `alloca` in loops, which can lead to stack overflow if the number of iterations is large. Newly displayed on LGTM. | | ||
| | Use of dangerous function (`dangerous-function-overflow`) | reliability, security, external/cwe/cwe-242 | Finds calls to `gets`, which does not guard against buffer overflow. These results were previously detected by the `cpp/potentially-dangerous-function` query. | | ||
| | Call to alloca in a loop (`cpp/alloca-in-loop`) | reliability, correctness, external/cwe/cwe-770 | Finds calls to `alloca` in loops, which can lead to stack overflow if the number of iterations is large. Newly displayed on [LGTM](https://lgtm.com/rules/1508831665988/). | |
There was a problem hiding this comment.
I'd write [on LGTM] instead of on [LGTM] since otherwise readers might expect the link to just point to lgtm.com.
There was a problem hiding this comment.
The link will only point to LGTM.com. It's not currently possible to add a link that would work in an enterprise system. The benefit of including a link to LGTM.com is that people can see the type of results that the query generates.
There was a problem hiding this comment.
He means they would expect it to point to https://lgtm.com/ rather than https://lgtm.com/rules/1508831665988/.
There was a problem hiding this comment.
Thanks for clarifying.
change-notes/1.21/analysis-cpp.md
Outdated
| | Call to alloca in a loop (`cpp/alloca-in-loop`) | reliability, correctness, external/cwe/cwe-770 | Finds calls to `alloca` in loops, which can lead to stack overflow if the number of iterations is large. Newly displayed on LGTM. | | ||
| | Use of dangerous function (`dangerous-function-overflow`) | reliability, security, external/cwe/cwe-242 | Finds calls to `gets`, which does not guard against buffer overflow. These results were previously detected by the `cpp/potentially-dangerous-function` query. | | ||
| | Call to alloca in a loop (`cpp/alloca-in-loop`) | reliability, correctness, external/cwe/cwe-770 | Finds calls to `alloca` in loops, which can lead to stack overflow if the number of iterations is large. Newly displayed on [LGTM](https://lgtm.com/rules/1508831665988/). | | ||
| | Call to function with fewer arguments than declared parameters (`cpp/too-few-arguments`) | Correctness | Find all cases where the number of arguments is fewer than the number of parameters of the function, provided the function is also properly declared/defined elsewhere. Results are displayed by default on [LGTM](https://lgtm.com/rules/1508860726279/). | |
There was a problem hiding this comment.
The tags for this query are, in lower case: correctness, maintainability, security.
change-notes/1.21/analysis-cpp.md
Outdated
| | `()`-declared function called with too many arguments (`cpp/futile-params`) | Improved coverage | Query has been generalized to find all cases where the number of arguments exceedes the number of parameters of the function, provided the function is also properly declared/defined elsewhere. | | ||
| | Use of potentially dangerous function (`cpp/potentially-dangerous-function`) | Fewer results | Results relating to the standard library `gets` function have been moved into a new query (`dangerous-function-overflow`). | | ||
| | Constructor with default arguments will be used as a copy constructor (`cpp/constructor-used-as-copy-constructor`) | Lowered severity and precision | The severity and precision of this query have been reduced to "warning" and "low", respectively, due to this coding pattern being used intentionally and safely in a number of real-world projects. | | ||
| | Wrong type of arguments to formatting function (`cpp/wrong-type-format-argument`) | More correct results and fewer false positive results | This query now understands non-standard uses of `%L`. In addition, it more accurately identifies wide and non-wide string/character format arguments on different platforms. Platform detection has also been made more accurate for this query. | |
There was a problem hiding this comment.
The last sentence, about platform detection, seems redundant. What do you think, @geoffw0?
There was a problem hiding this comment.
Yeah, I was talking about two slightly different changes, but to a user they are the same. Happy for the last sentence to be deleted.
|
Thanks for the review @jbj. I've returned the incorrectly deleted new query with what I hope is the correct name and identifier. |
|
LGTM. |
change-notes/1.21/analysis-cpp.md
Outdated
| | `()`-declared function called with mismatched arguments (`cpp/mismatched-function-arguments`) | Correctness | Find all cases where the types of arguments do not match the types of parameters of the function, provided the function is also properly declared/defined elsewhere. | | ||
| | Call to alloca in a loop (`cpp/alloca-in-loop`) | reliability, correctness, external/cwe/cwe-770 | Finds calls to `alloca` in loops, which can lead to stack overflow if the number of iterations is large. Newly displayed on LGTM. | | ||
| | Use of dangerous function (`dangerous-function-overflow`) | reliability, security, external/cwe/cwe-242 | Finds calls to `gets`, which does not guard against buffer overflow. These results were previously detected by the `cpp/potentially-dangerous-function` query. | | ||
| | Call to alloca in a loop (`cpp/alloca-in-loop`) | reliability, correctness, external/cwe/cwe-770 | Finds calls to `alloca` in loops, which can lead to stack overflow if the number of iterations is large. Newly displayed on [LGTM](https://lgtm.com/rules/1508831665988/). | |
change-notes/1.21/analysis-cpp.md
Outdated
| | Use of dangerous function (`dangerous-function-overflow`) | reliability, security, external/cwe/cwe-242 | Finds calls to `gets`, which does not guard against buffer overflow. These results were previously detected by the `cpp/potentially-dangerous-function` query. | | ||
| | Call to alloca in a loop (`cpp/alloca-in-loop`) | reliability, correctness, external/cwe/cwe-770 | Finds calls to `alloca` in loops, which can lead to stack overflow if the number of iterations is large. Newly displayed on [LGTM](https://lgtm.com/rules/1508831665988/). | | ||
| | Call to function with fewer arguments than declared parameters (`cpp/too-few-arguments`) | correctness, maintainability, security | Finds all cases where the number of arguments is fewer than the number of parameters of the function, provided the function is also properly declared/defined elsewhere. Results are displayed by default on [LGTM](https://lgtm.com/rules/1508860726279/). | | ||
| | Call to a function with one or more incompatible arguments (`cpp/mismatched-function-arguments`) | correctness, maintainability | Finds all cases where the types of arguments do not match the types of parameters of the function, provided the function is also properly declared/defined elsewhere. Results are not displayed by default on [LGTM](https://lgtm.com/rules/1508849286093/). | |
There was a problem hiding this comment.
AFAICT, the id of this query is cpp/mistyped-function-arguments (mistyped instead of mismatched).
There was a problem hiding this comment.
Odd. I could have sworn that I made that change (once I found the right query).
There was a problem hiding this comment.
I also misremember it being called cpp/mismatched-function-arguments for some reason...
|
Thanks for the further comments. I think this now addresses all feedback. |
6 participants
This PR tidies up the C/C++ change notes ready for the release of 1.21.
There are three commits:
Note that the names of some queries seemed to be wrong. I've updated the ones that I noticed based on what I see on LGTM.com. Also, the first two queries mentioned in the New queries section appeared to be the same query. Please check the first commit carefully.
@Semmle/cpp