Merge branch 'main' into lcartey/extend-deviations

Author: lcartey

.github/workflows/code-scanning-pack-gen.yml

@@ -80,6 +80,8 @@ jobs:
 
       - name: Checkout external help files
         id: checkout-external-help-files
+        # PRs from forks and dependabot do not have access to an appropriate token for cloning the help files repos
+        if: ${{ !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]' }}
         uses: actions/checkout@v4
         with:
           ssh-key: ${{ secrets.CODEQL_CODING_STANDARDS_HELP_KEY }}
@@ -88,7 +90,7 @@ jobs:
           path: external-help-files
 
       - name: Include external help files
-        if: steps.checkout-external-help-files.outcome == 'success'
+        if: ${{ !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]'&& steps.checkout-external-help-files.outcome == 'success' }}
         run: |
           pushd external-help-files
           find . -name '*.md' -exec rsync -av --relative {} "$GITHUB_WORKSPACE" \;

.github/workflows/upgrade_codeql_dependencies.yml

@@ -53,7 +53,7 @@ jobs:
           find c \( -name '*.ql' -or -name '*.qll' \) -print0 | xargs -0 --max-procs "$XARGS_MAX_PROCS" codeql query format --in-place
 
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5
+        uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v7.0.6
         with:
           title: "Upgrade `github/codeql` dependency to ${{ github.event.inputs.codeql_cli_version }}"
           body: |

amendments.csv

@@ -9,41 +9,42 @@ c,MISRA-C-2012,Amendment3,RULE-10-4,Yes,Refine,No,Import
 c,MISRA-C-2012,Amendment3,RULE-10-5,Yes,Expand,No,Easy
 c,MISRA-C-2012,Amendment3,RULE-10-7,Yes,Refine,No,Import
 c,MISRA-C-2012,Amendment3,RULE-10-8,Yes,Refine,No,Import
-c,MISRA-C-2012,Amendment3,RULE-21-11,Yes,Clarification,No,Import
+c,MISRA-C-2012,Amendment3,RULE-21-11,Yes,Clarification,Yes,Import
 c,MISRA-C-2012,Amendment3,RULE-21-12,Yes,Replace,No,Easy
 c,MISRA-C-2012,Amendment4,RULE-11-3,Yes,Expand,No,Easy
 c,MISRA-C-2012,Amendment4,RULE-11-8,Yes,Expand,No,Easy
 c,MISRA-C-2012,Amendment4,RULE-13-2,Yes,Expand,No,Very Hard
 c,MISRA-C-2012,Amendment4,RULE-18-6,Yes,Expand,No,Medium
 c,MISRA-C-2012,Amendment4,RULE-18-8,Yes,Split,Yes,Easy
-c,MISRA-C-2012,Corrigendum2,RULE-2-2,Yes,Clarification,No,Import
-c,MISRA-C-2012,Corrigendum2,RULE-2-7,Yes,Clarification,No,Import
-c,MISRA-C-2012,Corrigendum2,RULE-3-1,Yes,Refine,No,Easy
-c,MISRA-C-2012,Corrigendum2,RULE-8-6,Yes,Clarification,No,Import
-c,MISRA-C-2012,Corrigendum2,RULE-8-9,Yes,Clarification,No,Import
-c,MISRA-C-2012,Corrigendum2,RULE-9-4,Yes,Clarification,No,Import
-c,MISRA-C-2012,Corrigendum2,RULE-10-1,Yes,Clarification,No,Import
-c,MISRA-C-2012,Corrigendum2,RULE-18-3,Yes,Clarification,No,Import
-c,MISRA-C-2012,Corrigendum2,RULE-1-4,Yes,Replace,No,Easy
-c,MISRA-C-2012,Corrigendum2,RULE-9-1,Yes,Refine,No,Easy
-c,MISRA-C-2012,Corrigendum2,RULE-9-2,Yes,Refine,No,Import
-c,MISRA-C-2012,Corrigendum2,DIR-4-10,Yes,Clarification,No,Import
+c,MISRA-C-2012,Amendment4,RULE-2-2,Yes,Clarification,Yes,Import
+c,MISRA-C-2012,Amendment4,RULE-2-7,Yes,Clarification,Yes,Import
+c,MISRA-C-2012,Amendment4,RULE-3-1,Yes,Refine,No,Easy
+c,MISRA-C-2012,Amendment4,RULE-8-6,Yes,Clarification,Yes,Import
+c,MISRA-C-2012,Amendment4,RULE-8-9,Yes,Clarification,Yes,Import
+c,MISRA-C-2012,Amendment4,RULE-9-4,Yes,Clarification,Yes,Import
+c,MISRA-C-2012,Amendment4,RULE-10-1,Yes,Clarification,Yes,Import
+c,MISRA-C-2012,Amendment4,RULE-18-3,Yes,Clarification,Yes,Import
+c,MISRA-C-2012,Amendment4,RULE-1-4,Yes,Replace,No,Easy
+c,MISRA-C-2012,Amendment4,RULE-9-1,Yes,Refine,No,Easy
+c,MISRA-C-2012,Amendment4,RULE-9-2,Yes,Refine,No,Import
+c,MISRA-C-2012,Corrigendum2,DIR-4-10,Yes,Clarification,Yes,Import
 c,MISRA-C-2012,Corrigendum2,RULE-7-4,Yes,Refine,No,Easy
-c,MISRA-C-2012,Corrigendum2,RULE-8-2,Yes,Clarification,No,Import
+c,MISRA-C-2012,Corrigendum2,RULE-8-2,Yes,Clarification,Yes,Import
 c,MISRA-C-2012,Corrigendum2,RULE-8-3,Yes,Refine,No,Easy
-c,MISRA-C-2012,Corrigendum2,RULE-8-7,Yes,Clarification,No,Import
+c,MISRA-C-2012,Corrigendum2,RULE-8-7,Yes,Clarification,Yes,Import
+c,MISRA-C-2012,Corrigendum2,RULE-10-1,Yes,Clarification,Yes,Import
 c,MISRA-C-2012,Corrigendum2,RULE-10-2,Yes,Refine,No,Easy
-c,MISRA-C-2012,Corrigendum2,RULE-10-3,Yes,Clarification,No,Import
-c,MISRA-C-2012,Corrigendum2,RULE-11-3,Yes,Clarification,No,Import
-c,MISRA-C-2012,Corrigendum2,RULE-11-6,Yes,Clarification,No,Import
-c,MISRA-C-2012,Corrigendum2,RULE-13-2,Yes,Clarification,No,Import
-c,MISRA-C-2012,Corrigendum2,RULE-13-6,Yes,Clarification,No,Import
+c,MISRA-C-2012,Corrigendum2,RULE-10-3,Yes,Clarification,Yes,Import
+c,MISRA-C-2012,Corrigendum2,RULE-11-3,Yes,Clarification,Yes,Import
+c,MISRA-C-2012,Corrigendum2,RULE-11-6,Yes,Clarification,Yes,Import
+c,MISRA-C-2012,Corrigendum2,RULE-13-2,Yes,Clarification,Yes,Import
+c,MISRA-C-2012,Corrigendum2,RULE-13-6,Yes,Clarification,Yes,Import
 c,MISRA-C-2012,Corrigendum2,RULE-14-3,Yes,Refine,No,Easy
-c,MISRA-C-2012,Corrigendum2,RULE-15-7,Yes,Clarification,No,Import
-c,MISRA-C-2012,Corrigendum2,RULE-17-4,Yes,Clarification,No,Import
-c,MISRA-C-2012,Corrigendum2,RULE-17-5,Yes,Clarification,No,Import
+c,MISRA-C-2012,Corrigendum2,RULE-15-7,Yes,Clarification,Yes,Import
+c,MISRA-C-2012,Corrigendum2,RULE-17-4,Yes,Clarification,Yes,Import
+c,MISRA-C-2012,Corrigendum2,RULE-17-5,Yes,Clarification,Yes,Import
 c,MISRA-C-2012,Corrigendum2,RULE-18-1,Yes,Refine,No,Easy
-c,MISRA-C-2012,Corrigendum2,RULE-20-14,No,Clarification,No,Import
-c,MISRA-C-2012,Corrigendum2,RULE-21-19,Yes,Clarification,No,Import
+c,MISRA-C-2012,Corrigendum2,RULE-20-14,No,Clarification,Yes,Import
+c,MISRA-C-2012,Corrigendum2,RULE-21-19,Yes,Clarification,Yes,Import
 c,MISRA-C-2012,Corrigendum2,RULE-21-20,Yes,Refine,No,Easy
-c,MISRA-C-2012,Corrigendum2,RULE-22-9,Yes,Clarification,No,Import
+c,MISRA-C-2012,Corrigendum2,RULE-22-9,Yes,Clarification,Yes,Import

c/cert/src/codeql-pack.lock.yml

@@ -2,17 +2,23 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/cpp-all:
-    version: 0.12.9
+    version: 2.1.1
   codeql/dataflow:
-    version: 0.2.3
+    version: 1.1.6
+  codeql/mad:
+    version: 1.0.12
   codeql/rangeanalysis:
-    version: 0.0.11
+    version: 1.0.12
   codeql/ssa:
-    version: 0.2.12
+    version: 1.0.12
   codeql/tutorial:
-    version: 0.2.12
+    version: 1.0.12
+  codeql/typeflow:
+    version: 1.0.12
   codeql/typetracking:
-    version: 0.2.12
+    version: 1.0.12
   codeql/util:
-    version: 0.2.12
+    version: 1.0.12
+  codeql/xml:
+    version: 1.0.12
 compiled: false

c/cert/src/qlpack.yml

@@ -1,8 +1,8 @@
 name: codeql/cert-c-coding-standards
-version: 2.39.0-dev
+version: 2.42.0-dev
 description: CERT C 2016
 suites: codeql-suites
 license: MIT
 dependencies:
   codeql/common-c-coding-standards: '*'
-  codeql/cpp-all: 0.12.9
+  codeql/cpp-all: 2.1.1

c/cert/src/rules/ARR37-C/DoNotUsePointerArithmeticOnNonArrayObjectPointers.ql

@@ -13,7 +13,7 @@
 
 import cpp
 import codingstandards.c.cert
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.DataFlow
 import NonArrayPointerToArrayIndexingExprFlow::PathGraph
 
 /**

c/cert/src/rules/ARR39-C/DoNotAddOrSubtractAScaledIntegerToAPointer.ql

@@ -14,7 +14,7 @@
 import cpp
 import codingstandards.c.cert
 import codingstandards.cpp.Pointers
-import codingstandards.cpp.dataflow.TaintTracking
+import semmle.code.cpp.dataflow.TaintTracking
 import ScaledIntegerPointerArithmeticFlow::PathGraph
 
 /**

c/cert/src/rules/CON30-C/CleanUpThreadSpecificStorage.ql

@@ -15,8 +15,7 @@
 import cpp
 import codingstandards.c.cert
 import codingstandards.cpp.Concurrency
-import codingstandards.cpp.dataflow.TaintTracking
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.DataFlow
 
 module TssCreateToTssDeleteConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node node) {

c/cert/src/rules/CON34-C/AppropriateThreadObjectStorageDurations.ql

@@ -15,8 +15,7 @@
 import cpp
 import codingstandards.c.cert
 import codingstandards.cpp.Concurrency
-import codingstandards.cpp.dataflow.TaintTracking
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.DataFlow
 import semmle.code.cpp.commons.Alloc
 
 from C11ThreadCreateCall tcc, StackVariable sv, Expr arg, Expr acc

c/cert/src/rules/CON34-C/ThreadObjectStorageDurationsNotInitialized.ql

@@ -16,8 +16,7 @@
 import cpp
 import codingstandards.c.cert
 import codingstandards.cpp.Concurrency
-import codingstandards.cpp.dataflow.TaintTracking
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.DataFlow
 
 from TSSGetFunctionCall tsg, ThreadedFunction tf
 where