--- - description: C++ queries - queries: '.' from: codeql/cpp-queries ########################################################################################## # Queries ########################################################################################## ## Enable When Time is Available to Fix Issues # Hundreds of issues. Most appear valid. Type: Recommendation. #- include: # id: cpp/missing-null-test ## Errors - include: id: cpp/overrunning-write - include: id: cpp/overrunning-write-with-float - include: id: cpp/pointer-overflow-check - include: id: cpp/very-likely-overrunning-write ## Warnings - include: id: cpp/conditionallyuninitializedvariable - include: id: cpp/infinite-loop-with-unsatisfiable-exit-condition - include: id: cpp/overflow-buffer # Note: Some queries above are not active by default with the below filter. # Update the filter and run the queries again to get all results. - include: tags: - "security" - "correctness" severity: - "error" - "warning" - "recommendation" # Specifically hide the results of these. # # The following rules have been evaluated and explicitly not included for the following reasons: # - `cpp/allocation-too-small` - Appears to be hardcoded for C standard library functions `malloc`, `calloc`, # `realloc`, so it consumes time without much value with custom allocation functions in the codebase. # - `cpp/commented-out-code` - Triggers often. Needs further review. # - `cpp/duplicate-include-guard` - The EntryPoint.h files includes a common include guard value # `__MODULE_ENTRY_POINT_H__`. This was the only occurrence found. So not very useful. # - `cpp/invalid-pointer-deref` - Very limited results with what appear to be false positives. # - `cpp/use-of-goto` - Goto is valid and allowed in the codebase. # - `cpp/useless-expression` - Triggers too often on cases where a NULL lib implementation is provided for a function. # Because the implementation simply returns, the check considers it useless. # - `cpp/weak-crypto/*` - Crypto algorithms are tracked outside CodeQL. - exclude: id: cpp/allocation-too-small - exclude: id: cpp/commented-out-code - exclude: id: cpp/duplicate-include-guard - exclude: id: cpp/invalid-pointer-deref - exclude: id: cpp/use-of-goto - exclude: id: cpp/useless-expression - exclude: id: cpp/weak-crypto/banned-hash-algorithms - exclude: id: cpp/weak-crypto/capi/banned-modes - exclude: id: cpp/weak-crypto/openssl/banned-hash-algorithms