From 3e1247257fa52162a3695a4d265bea4a27251248 Mon Sep 17 00:00:00 2001 From: Jonas Jensen Date: Tue, 14 Aug 2018 11:41:31 +0200 Subject: [PATCH] C++: Move C/C++ suites to ql repo As the queries live here, it makes sense for the suites to be versioned together with them. The LGTM suite has already been moved. This commit moves the actively-maintained non-LGTM suites. --- cpp/config/suites/c/code-review | 31 ++++++++++ cpp/config/suites/c/correctness | 38 ++++++++++++ cpp/config/suites/c/internal | 5 ++ cpp/config/suites/c/maintainability | 22 +++++++ cpp/config/suites/c/metric-defects | 17 ++++++ cpp/config/suites/c/metrics | 48 +++++++++++++++ cpp/config/suites/c/metrics-external | 3 + cpp/config/suites/c/readability | 35 +++++++++++ cpp/config/suites/c/useless-code | 8 +++ cpp/config/suites/cpp/code-review | 9 +++ cpp/config/suites/cpp/correctness | 45 +++++++++++++++ cpp/config/suites/cpp/internal | 5 ++ cpp/config/suites/cpp/maintainability | 20 +++++++ cpp/config/suites/cpp/metric-defects | 18 ++++++ cpp/config/suites/cpp/metrics | 61 ++++++++++++++++++++ cpp/config/suites/cpp/metrics-external | 3 + cpp/config/suites/cpp/readability | 49 ++++++++++++++++ cpp/config/suites/cpp/useless-code | 10 ++++ cpp/config/suites/default/c | 7 +++ cpp/config/suites/default/cpp | 7 +++ cpp/config/suites/security/all | 2 + cpp/config/suites/security/cwe-022 | 3 + cpp/config/suites/security/cwe-078 | 3 + cpp/config/suites/security/cwe-079 | 3 + cpp/config/suites/security/cwe-089 | 3 + cpp/config/suites/security/cwe-114 | 3 + cpp/config/suites/security/cwe-119 | 13 +++++ cpp/config/suites/security/cwe-120 | 13 +++++ cpp/config/suites/security/cwe-121 | 3 + cpp/config/suites/security/cwe-129 | 3 + cpp/config/suites/security/cwe-131 | 7 +++ cpp/config/suites/security/cwe-134 | 13 +++++ cpp/config/suites/security/cwe-170 | 5 ++ cpp/config/suites/security/cwe-190 | 13 +++++ cpp/config/suites/security/cwe-242 | 3 + cpp/config/suites/security/cwe-290 | 3 + cpp/config/suites/security/cwe-311 | 9 +++ cpp/config/suites/security/cwe-327 | 5 ++ cpp/config/suites/security/cwe-367 | 3 + cpp/config/suites/security/cwe-416 | 3 + cpp/config/suites/security/cwe-457 | 3 + cpp/config/suites/security/cwe-468 | 9 +++ cpp/config/suites/security/cwe-497-expensive | 3 + cpp/config/suites/security/cwe-676 | 5 ++ cpp/config/suites/security/cwe-732 | 3 + cpp/config/suites/security/cwe-764 | 7 +++ cpp/config/suites/security/cwe-772 | 3 + cpp/config/suites/security/cwe-772-expensive | 9 +++ cpp/config/suites/security/cwe-807 | 3 + cpp/config/suites/security/cwe-835 | 3 + cpp/config/suites/security/default | 28 +++++++++ cpp/config/suites/security/secondary | 3 + 52 files changed, 633 insertions(+) create mode 100644 cpp/config/suites/c/code-review create mode 100644 cpp/config/suites/c/correctness create mode 100644 cpp/config/suites/c/internal create mode 100644 cpp/config/suites/c/maintainability create mode 100644 cpp/config/suites/c/metric-defects create mode 100644 cpp/config/suites/c/metrics create mode 100644 cpp/config/suites/c/metrics-external create mode 100644 cpp/config/suites/c/readability create mode 100644 cpp/config/suites/c/useless-code create mode 100644 cpp/config/suites/cpp/code-review create mode 100644 cpp/config/suites/cpp/correctness create mode 100644 cpp/config/suites/cpp/internal create mode 100644 cpp/config/suites/cpp/maintainability create mode 100644 cpp/config/suites/cpp/metric-defects create mode 100644 cpp/config/suites/cpp/metrics create mode 100644 cpp/config/suites/cpp/metrics-external create mode 100644 cpp/config/suites/cpp/readability create mode 100644 cpp/config/suites/cpp/useless-code create mode 100644 cpp/config/suites/default/c create mode 100644 cpp/config/suites/default/cpp create mode 100644 cpp/config/suites/security/all create mode 100644 cpp/config/suites/security/cwe-022 create mode 100644 cpp/config/suites/security/cwe-078 create mode 100644 cpp/config/suites/security/cwe-079 create mode 100644 cpp/config/suites/security/cwe-089 create mode 100644 cpp/config/suites/security/cwe-114 create mode 100644 cpp/config/suites/security/cwe-119 create mode 100644 cpp/config/suites/security/cwe-120 create mode 100644 cpp/config/suites/security/cwe-121 create mode 100644 cpp/config/suites/security/cwe-129 create mode 100644 cpp/config/suites/security/cwe-131 create mode 100644 cpp/config/suites/security/cwe-134 create mode 100644 cpp/config/suites/security/cwe-170 create mode 100644 cpp/config/suites/security/cwe-190 create mode 100644 cpp/config/suites/security/cwe-242 create mode 100644 cpp/config/suites/security/cwe-290 create mode 100644 cpp/config/suites/security/cwe-311 create mode 100644 cpp/config/suites/security/cwe-327 create mode 100644 cpp/config/suites/security/cwe-367 create mode 100644 cpp/config/suites/security/cwe-416 create mode 100644 cpp/config/suites/security/cwe-457 create mode 100644 cpp/config/suites/security/cwe-468 create mode 100644 cpp/config/suites/security/cwe-497-expensive create mode 100644 cpp/config/suites/security/cwe-676 create mode 100644 cpp/config/suites/security/cwe-732 create mode 100644 cpp/config/suites/security/cwe-764 create mode 100644 cpp/config/suites/security/cwe-772 create mode 100644 cpp/config/suites/security/cwe-772-expensive create mode 100644 cpp/config/suites/security/cwe-807 create mode 100644 cpp/config/suites/security/cwe-835 create mode 100644 cpp/config/suites/security/default create mode 100644 cpp/config/suites/security/secondary diff --git a/cpp/config/suites/c/code-review b/cpp/config/suites/c/code-review new file mode 100644 index 00000000000..d5ae6f9afea --- /dev/null +++ b/cpp/config/suites/c/code-review @@ -0,0 +1,31 @@ ++ semmlecode-cpp-queries/Likely Bugs/Conversion/LossyPointerCast.ql: /Critical/Critical_Correctness/Dangerous Conversions ++ semmlecode-cpp-queries/Best Practices/Likely Errors/Slicing.ql: /Critical/Critical_Correctness/Dangerous Conversions ++ semmlecode-cpp-queries/Likely Bugs/Arithmetic/BadCheckOdd.ql: /Critical/Critical_Correctness/Dangerous Conversions ++ semmlecode-cpp-queries/Likely Bugs/Arithmetic/IntMultToLong.ql: /Critical/Critical_Correctness/Dangerous Conversions ++ semmlecode-cpp-queries/Likely Bugs/Conversion/NonzeroValueCastToPointer.ql: /Critical/Critical_Correctness/Dangerous Conversions ++ semmlecode-cpp-queries/Likely Bugs/Conversion/ImplicitDowncastFromBitfield.ql: /Critical/Critical_Correctness/Dangerous Conversions ++ semmlecode-cpp-queries/Likely Bugs/Likely Typos/AssignWhereCompareMeant.ql: /Critical/Critical_Correctness/Common Errors ++ semmlecode-cpp-queries/Likely Bugs/Likely Typos/CompareWhereAssignMeant.ql: /Critical/Critical_Correctness/Common Errors ++ semmlecode-cpp-queries/Likely Bugs/Likely Typos/ExprHasNoEffect.ql: /Critical/Critical_Correctness/Common Errors ++ semmlecode-cpp-queries/Likely Bugs/Likely Typos/ShortCircuitBitMask.ql: /Critical/Critical_Correctness/Common Errors ++ semmlecode-cpp-queries/Likely Bugs/Likely Typos/MissingEnumCaseInSwitch.ql: /Critical/Critical_Correctness/Common Errors ++ semmlecode-cpp-queries/Likely Bugs/Arithmetic/BitwiseSignCheck.ql: /Critical/Critical_Correctness/Common Errors ++ semmlecode-cpp-queries/Likely Bugs/Memory Management/SuspiciousCallToMemset.ql: /Critical/Critical_Correctness/Use of Libraries ++ semmlecode-cpp-queries/Likely Bugs/Memory Management/SuspiciousSizeof.ql: /Critical/Critical_Correctness/Use of Libraries ++ semmlecode-cpp-queries/Likely Bugs/Memory Management/UnsafeUseOfStrcat.ql: /Critical/Critical_Correctness/Use of Libraries ++ semmlecode-cpp-queries/Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql: /Critical/Critical_Correctness/Use of Libraries ++ semmlecode-cpp-queries/Likely Bugs/Memory Management/StrncpyFlippedArgs.ql: /Critical/Critical_Correctness/Use of Libraries ++ semmlecode-cpp-queries/Likely Bugs/Format/WrongNumberOfFormatArguments.ql: /Critical/Critical_Correctness/Use of Libraries ++ semmlecode-cpp-queries/Likely Bugs/Format/TooManyFormatArguments.ql: /Critical/Critical_Correctness/Use of Libraries ++ semmlecode-cpp-queries/jsf/4.21 Operators/AV Rule 166.ql: /Critical/Critical_Correctness/Use of Libraries # Sizeof with side effects ++ semmlecode-cpp-queries/jsf/4.07 Header Files/AV Rule 35.ql: /Critical/Critical_Maintainability/Coupling # Missing header guard ++ semmlecode-cpp-queries/Likely Bugs/Arithmetic/ComparisonPrecedence.ql: /Critical/Critical_Readability/Expressions ++ semmlecode-cpp-queries/Likely Bugs/Arithmetic/UnsignedGEZero.ql: /Critical/Critical_Readability/Expressions ++ semmlecode-cpp-queries/Likely Bugs/Arithmetic/PointlessComparison.ql: /Critical/Critical_Readability/Expressions ++ semmlecode-cpp-queries/Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql: /Critical/Critical_Readability/Expressions ++ semmlecode-cpp-queries/Likely Bugs/Arithmetic/PointlessSelfComparison.ql: /Critical/Critical_Readability/Expressions ++ semmlecode-cpp-queries/Likely Bugs/Likely Typos/DubiousNullCheck.ql: /Critical/Critical_Readability/Control Flow ++ semmlecode-cpp-queries/jsf/4.24 Control Flow Structures/AV Rule 197.ql: /Critical/Critical_Readability/Control Flow + +## FLinesOfCode.ql is used internally. ++ odasa-cpp-metrics/Files/FLinesOfCode.ql diff --git a/cpp/config/suites/c/correctness b/cpp/config/suites/c/correctness new file mode 100644 index 00000000000..f3f9bebf4a5 --- /dev/null +++ b/cpp/config/suites/c/correctness @@ -0,0 +1,38 @@ +# CORRECTNESS + # Dangerous Conversions ++ semmlecode-cpp-queries/Likely Bugs/Conversion/LossyPointerCast.ql: /Correctness/Dangerous Conversions ++ semmlecode-cpp-queries/Best Practices/Likely Errors/Slicing.ql: /Correctness/Dangerous Conversions ++ semmlecode-cpp-queries/Likely Bugs/Arithmetic/BadCheckOdd.ql: /Correctness/Dangerous Conversions ++ semmlecode-cpp-queries/Likely Bugs/Arithmetic/IntMultToLong.ql: /Correctness/Dangerous Conversions ++ semmlecode-cpp-queries/Likely Bugs/Conversion/NonzeroValueCastToPointer.ql: /Correctness/Dangerous Conversions ++ semmlecode-cpp-queries/Likely Bugs/Conversion/ImplicitDowncastFromBitfield.ql: /Correctness/Dangerous Conversions + # Consistent Use ++ semmlecode-cpp-queries/Critical/ReturnValueIgnored.ql: /Correctness/Consistent Use ++ semmlecode-cpp-queries/Likely Bugs/InconsistentCheckReturnNull.ql: /Correctness/Consistent Use ++ semmlecode-cpp-queries/Likely Bugs/InconsistentCallOnResult.ql: /Correctness/Consistent Use + # Common Errors ++ semmlecode-cpp-queries/Likely Bugs/Likely Typos/AssignWhereCompareMeant.ql: /Correctness/Common Errors ++ semmlecode-cpp-queries/Likely Bugs/Likely Typos/CompareWhereAssignMeant.ql: /Correctness/Common Errors ++ semmlecode-cpp-queries/Likely Bugs/Likely Typos/ExprHasNoEffect.ql: /Correctness/Common Errors ++ semmlecode-cpp-queries/Likely Bugs/Likely Typos/ShortCircuitBitMask.ql: /Correctness/Common Errors ++ semmlecode-cpp-queries/Likely Bugs/Likely Typos/MissingEnumCaseInSwitch.ql: /Correctness/Common Errors ++ semmlecode-cpp-queries/Likely Bugs/Arithmetic/FloatComparison.ql: /Correctness/Common Errors ++ semmlecode-cpp-queries/Likely Bugs/Arithmetic/BitwiseSignCheck.ql: /Correctness/Common Errors ++ semmlecode-cpp-queries/Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql: /Correctness/Common Errors ++ semmlecode-cpp-queries/Likely Bugs/NestedLoopSameVar.ql: /Correctness/Common Errors ++ semmlecode-cpp-queries/Likely Bugs/UseInOwnInitializer.ql: /Correctness/Common Errors ++ semmlecode-cpp-queries/Critical/NewArrayDeleteMismatch.ql: /Correctness/Common Errors ++ semmlecode-cpp-queries/Critical/NewDeleteArrayMismatch.ql: /Correctness/Common Errors ++ semmlecode-cpp-queries/Critical/NewFreeMismatch.ql: /Correctness/Common Errors + # Use of Libraries ++ semmlecode-cpp-queries/Likely Bugs/Memory Management/SuspiciousCallToMemset.ql: /Correctness/Use of Libraries ++ semmlecode-cpp-queries/Likely Bugs/Memory Management/SuspiciousSizeof.ql: /Correctness/Use of Libraries ++ semmlecode-cpp-queries/Likely Bugs/Memory Management/UnsafeUseOfStrcat.ql: /Correctness/Use of Libraries ++ semmlecode-cpp-queries/Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql: /Correctness/Use of Libraries ++ semmlecode-cpp-queries/Likely Bugs/Memory Management/StrncpyFlippedArgs.ql: /Correctness/Use of Libraries ++ semmlecode-cpp-queries/Likely Bugs/Format/WrongNumberOfFormatArguments.ql: /Correctness/Use of Libraries ++ semmlecode-cpp-queries/Likely Bugs/Format/TooManyFormatArguments.ql: /Correctness/Use of Libraries ++ semmlecode-cpp-queries/Likely Bugs/Format/WrongTypeFormatArguments.ql: /Correctness/Use of Libraries ++ semmlecode-cpp-queries/Likely Bugs/Format/NonConstantFormat.ql: /Correctness/Use of Libraries ++ semmlecode-cpp-queries/Likely Bugs/Format/SnprintfOverflow.ql: /Correctness/Use of Libraries ++ semmlecode-cpp-queries/jsf/4.21 Operators/AV Rule 166.ql: /Correctness/Use of Libraries # Sizeof with side effects diff --git a/cpp/config/suites/c/internal b/cpp/config/suites/c/internal new file mode 100644 index 00000000000..ba6a1573c32 --- /dev/null +++ b/cpp/config/suites/c/internal @@ -0,0 +1,5 @@ ++ odasa-cpp-metrics/Internal/CallableDisplayStrings.ql ++ odasa-cpp-metrics/Internal/CallableExtents.ql ++ odasa-cpp-metrics/Internal/CallableSourceLinks.ql ++ odasa-cpp-metrics/Internal/ReftypeDisplayStrings.ql ++ odasa-cpp-metrics/Internal/ReftypeSourceLinks.ql diff --git a/cpp/config/suites/c/maintainability b/cpp/config/suites/c/maintainability new file mode 100644 index 00000000000..a9d74de831f --- /dev/null +++ b/cpp/config/suites/c/maintainability @@ -0,0 +1,22 @@ +# MAINTAINABILITY + # Coupling ++ semmlecode-cpp-queries/jsf/4.06 Pre-Processing Directives/AV Rule 32.ql: /Maintainability/Coupling # Include header files only ++ semmlecode-cpp-queries/jsf/4.07 Header Files/AV Rule 35.ql: /Maintainability/Coupling # Missing header guard ++ semmlecode-cpp-queries/Header Cleanup/Cleanup-DuplicateIncludeGuard.ql: /Maintainability/Coupling # Duplicate header guards ++ semmlecode-cpp-queries/Architecture/FeatureEnvy.ql: /Maintainability/Coupling ++ semmlecode-cpp-queries/Architecture/InappropriateIntimacy.ql: /Maintainability/Coupling + # Size ++ semmlecode-cpp-queries/Architecture/Refactoring Opportunities/ClassesWithManyFields.ql: /Maintainability/Size + @name Structs with too many members + # Documentation ++ semmlecode-cpp-queries/Documentation/CommentedOutCode.ql: /Maintainability/Documentation ++ semmlecode-cpp-queries/Documentation/TodoComments.ql: /Maintainability/Documentation ++ semmlecode-cpp-queries/Documentation/FixmeComments.ql: /Maintainability/Documentation ++ semmlecode-cpp-queries/Documentation/UncommentedFunction.ql: /Maintainability/Documentation ++ semmlecode-cpp-queries/Documentation/DocumentApi.ql: /Maintainability/Documentation + # Declarations ++ semmlecode-cpp-queries/Best Practices/Magic Constants/MagicConstantsString.ql: /Maintainability/Declarations ++ semmlecode-cpp-queries/Best Practices/Magic Constants/MagicConstantsNumbers.ql: /Maintainability/Declarations ++ semmlecode-cpp-queries/Best Practices/SloppyGlobal.ql: /Maintainability/Declarations + # Memory management ++ semmlecode-cpp-queries/Likely Bugs/Memory Management/StackAddressEscapes.ql: /Maintainability/Memory Management diff --git a/cpp/config/suites/c/metric-defects b/cpp/config/suites/c/metric-defects new file mode 100644 index 00000000000..0e344b98cd1 --- /dev/null +++ b/cpp/config/suites/c/metric-defects @@ -0,0 +1,17 @@ ++ odasa-cpp-metrics/Files/NumberOfPublicGlobals.ql: /Maintainability/Coupling + @warning-from 11 ++ odasa-cpp-metrics/Files/FEfferentCoupling.ql: /Maintainability/Coupling + @warning-from 120 ++ odasa-cpp-metrics/Functions/FunNumberOfParameters.ql: /Maintainability/Size + @warning-from 9 ++ odasa-cpp-metrics/Functions/FunLinesOfCode.ql: /Maintainability/Size + @warning-from 250 ++ odasa-cpp-metrics/Files/FLinesOfCode.ql: /Maintainability/Size + @warning-from 1500 + # Complexity ++ odasa-cpp-metrics/Functions/FunNumberOfCalls.ql: /Maintainability/Complexity + @warning-from 100 ++ odasa-cpp-metrics/Functions/StatementNestingDepth.ql: /Maintainability/Complexity + @recommendation-from 7 ++ odasa-cpp-metrics/Functions/FunCyclomaticComplexity.ql: /Maintainability/Complexity + @recommendation-from 100 diff --git a/cpp/config/suites/c/metrics b/cpp/config/suites/c/metrics new file mode 100644 index 00000000000..e9587e5ce98 --- /dev/null +++ b/cpp/config/suites/c/metrics @@ -0,0 +1,48 @@ +# DASHBOARD METRICS + +@import metrics-external + + # Build ++ odasa-cpp-metrics/Files/FTimeInFrontend.ql: /Metrics/Build + + # Complexity ++ odasa-cpp-metrics/Files/FCyclomaticComplexity.ql: /Metrics/Complexity + @treemap.warnOn highValues ++ odasa-cpp-metrics/Files/NumberOfParameters.ql: /Metrics/Complexity + @treemap.warnOn highValues ++ odasa-cpp-metrics/Functions/StatementNestingDepth.ql: /Metrics/Complexity + @treemap.warnOn highValues + + # Coupling ++ odasa-cpp-metrics/Files/FAfferentCoupling.ql: /Metrics/Coupling ++ odasa-cpp-metrics/Files/FEfferentCoupling.ql: /Metrics/Coupling ++ semmlecode-cpp-queries/Metrics/Files/FLinesOfDuplicatedCode.ql: /Metrics/Coupling + + # Documentation ++ odasa-cpp-metrics/Files/FCommentRatio.ql: /Metrics/Documentation ++ odasa-cpp-metrics/Files/FLinesOfComments.ql: /Metrics/Documentation ++ odasa-cpp-metrics/Files/FTodoComments.ql: /Metrics/Documentation ++ odasa-cpp-metrics/Functions/FunLinesOfComments.ql: /Metrics/Documentation ++ odasa-cpp-metrics/Functions/FunPercentageOfComments.ql: /Metrics/Documentation + @treemap.warnOn lowValues ++ odasa-cpp-metrics/Files/FLinesOfCommentedOutCode.ql: /Metrics/Documentation + + # Globals ++ odasa-cpp-metrics/Files/NumberOfFunctions.ql: /Metrics/Globals ++ odasa-cpp-metrics/Files/NumberOfGlobals.ql: /Metrics/Globals ++ odasa-cpp-metrics/Files/NumberOfPublicFunctions.ql: /Metrics/Globals ++ odasa-cpp-metrics/Files/NumberOfPublicGlobals.ql: /Metrics/Globals + + # Preprocessor ++ odasa-cpp-metrics/Files/FDirectIncludes.ql: /Metrics/Preprocessor + @treemap.warnOn highValues ++ odasa-cpp-metrics/Files/FMacroRatio.ql: /Metrics/Preprocessor ++ odasa-cpp-metrics/Files/FTransitiveIncludes.ql: /Metrics/Preprocessor + @treemap.warnOn highValues + + # Size ++ odasa-cpp-metrics/Files/FLinesOfCode.ql: /Metrics/Size ++ odasa-cpp-metrics/Files/FNumberOfTests.ql: /Metrics/Size ++ odasa-cpp-metrics/Functions/FunLinesOfCode.ql: /Metrics/Size ++ odasa-cpp-metrics/Functions/FunNumberOfStatements.ql: /Metrics/Size + @treemap.warnOn highValues diff --git a/cpp/config/suites/c/metrics-external b/cpp/config/suites/c/metrics-external new file mode 100644 index 00000000000..c3e528d04a8 --- /dev/null +++ b/cpp/config/suites/c/metrics-external @@ -0,0 +1,3 @@ ++ odasa-cpp-metrics/External/FileCompilationSourceLinks.ql ++ odasa-cpp-metrics/External/FileCompilationDisplayStrings.ql + diff --git a/cpp/config/suites/c/readability b/cpp/config/suites/c/readability new file mode 100644 index 00000000000..94468de6803 --- /dev/null +++ b/cpp/config/suites/c/readability @@ -0,0 +1,35 @@ +# READABILITY + # Expressions ++ semmlecode-cpp-queries/Likely Bugs/Arithmetic/ComparisonPrecedence.ql: /Readability/Expressions ++ semmlecode-cpp-queries/Likely Bugs/Arithmetic/UnsignedGEZero.ql: /Readability/Expressions ++ semmlecode-cpp-queries/Likely Bugs/Arithmetic/PointlessComparison.ql: /Readability/Expressions ++ semmlecode-cpp-queries/Likely Bugs/Arithmetic/PointlessSelfComparison.ql: /Readability/Expressions ++ semmlecode-cpp-queries/Likely Bugs/Arithmetic/ComparisonWithCancelingSubExpr.ql: /Readability/Expressions + # Control Flow ++ semmlecode-cpp-queries/Best Practices/Likely Errors/EmptyBlock.ql: /Readability/Control Flow ++ semmlecode-cpp-queries/Likely Bugs/Likely Typos/FutileConditional.ql: /Readability/Control Flow ++ semmlecode-cpp-queries/Likely Bugs/Likely Typos/DubiousNullCheck.ql: /Readability/Control Flow ++ semmlecode-cpp-queries/jsf/4.24 Control Flow Structures/AV Rule 197.ql: /Readability/Control Flow # Avoid floats in for loops ++ semmlecode-cpp-queries/jsf/4.24 Control Flow Structures/AV Rule 201.ql: /Readability/Control Flow # For loop variable changed in body ++ semmlecode-cpp-queries/jsf/4.24 Control Flow Structures/AV Rule 196.ql: /Readability/Control Flow # No trivial switch statements ++ semmlecode-cpp-queries/Likely Bugs/ShortLoopVarName.ql: /Readability/Control Flow + # Declarations ++ semmlecode-cpp-queries/Best Practices/Hiding/LocalVariableHidesGlobalVariable.ql: /Readability/Declarations ++ semmlecode-cpp-queries/Best Practices/Hiding/DeclarationHidesParameter.ql: /Readability/Declarations ++ semmlecode-cpp-queries/Best Practices/Hiding/DeclarationHidesVariable.ql: /Readability/Declarations ++ semmlecode-cpp-queries/jsf/4.13 Functions/AV Rule 107.ql: /Readability/Declarations # Function declared in block ++ semmlecode-cpp-queries/Critical/LargeParameter.ql: /Readability/Declarations + # Size ++ semmlecode-cpp-queries/Best Practices/SwitchLongCase.ql: /Readability/Size ++ semmlecode-cpp-queries/Best Practices/BlockWithTooManyStatements.ql: /Readability/Size ++ semmlecode-cpp-queries/Best Practices/ComplexCondition.ql: /Readability/Size + # Safe Language ++ semmlecode-cpp-queries/Likely Bugs/AmbiguouslySignedBitField.ql: /Readability/Safe Language # Ambiguously signed bit-field member ++ semmlecode-cpp-queries/jsf/4.17 Types/AV Rule 148.ql: /Readability/Safe Language # Use of integer where enum is preferred ++ semmlecode-cpp-queries/jsf/4.16 Initialization/AV Rule 145.ql: /Readability/Safe Language # Enum initialisation ++ semmlecode-cpp-queries/jsf/4.10 Classes/AV Rule 97.ql: /Readability/Safe Language # No arrays in interfaces ++ semmlecode-cpp-queries/Likely Bugs/ReturnConstType.ql: /Readability/Safe Language ++ semmlecode-cpp-queries/jsf/4.13 Functions/AV Rule 114.ql: /Readability/Safe Language + @name Missing return statement ++ semmlecode-cpp-queries/Best Practices/UseOfGoto.ql: /Readability/Safe Language + diff --git a/cpp/config/suites/c/useless-code b/cpp/config/suites/c/useless-code new file mode 100644 index 00000000000..c04b5df6eec --- /dev/null +++ b/cpp/config/suites/c/useless-code @@ -0,0 +1,8 @@ +# USELESS CODE ++ semmlecode-cpp-queries/Best Practices/Unused Entities/UnusedStaticFunctions.ql: /Useless Code ++ semmlecode-cpp-queries/Best Practices/Unused Entities/UnusedStaticVariables.ql: /Useless Code ++ semmlecode-cpp-queries/Best Practices/Unused Entities/UnusedLocals.ql: /Useless Code ++ semmlecode-cpp-queries/external/DuplicateFunction.ql: /Useless Code/Duplicate Code ++ semmlecode-cpp-queries/external/MostlyDuplicateFile.ql: /Useless Code/Duplicate Code ++ semmlecode-cpp-queries/external/MostlyDuplicateFunction.ql: /Useless Code/Duplicate Code ++ semmlecode-cpp-queries/external/MostlySimilarFile.ql: /Useless Code/Duplicate Code diff --git a/cpp/config/suites/cpp/code-review b/cpp/config/suites/cpp/code-review new file mode 100644 index 00000000000..5e78b897635 --- /dev/null +++ b/cpp/config/suites/cpp/code-review @@ -0,0 +1,9 @@ ++ semmlecode-cpp-queries/Best Practices/Exceptions/AccidentalRethrow.ql: /Critical/Critical_Correctness/Exceptions ++ semmlecode-cpp-queries/Best Practices/Exceptions/CatchingByValue.ql: /Critical/Critical_Correctness/Exceptions ++ semmlecode-cpp-queries/Best Practices/Exceptions/LeakyCatch.ql: /Critical/Critical_Correctness/Exceptions ++ semmlecode-cpp-queries/Best Practices/Exceptions/ThrowingPointers.ql: /Critical/Critical_Correctness/Exceptions ++ semmlecode-cpp-queries/Likely Bugs/OO/ThrowInDestructor.ql: /Critical/Critical_Readability/Safe Language/C++ ++ semmlecode-cpp-queries/jsf/4.10 Classes/AV Rule 95.ql: /Critical/Critical_Readability/JSF # Redefined default parameter + +@import ../c/code-review + diff --git a/cpp/config/suites/cpp/correctness b/cpp/config/suites/cpp/correctness new file mode 100644 index 00000000000..e1195442623 --- /dev/null +++ b/cpp/config/suites/cpp/correctness @@ -0,0 +1,45 @@ +# CORRECTNESS + # Dangerous Conversions ++ semmlecode-cpp-queries/Likely Bugs/Conversion/LossyPointerCast.ql: /Correctness/Dangerous Conversions ++ semmlecode-cpp-queries/Best Practices/Likely Errors/Slicing.ql: /Correctness/Dangerous Conversions ++ semmlecode-cpp-queries/Likely Bugs/Arithmetic/BadCheckOdd.ql: /Correctness/Dangerous Conversions ++ semmlecode-cpp-queries/Likely Bugs/Arithmetic/IntMultToLong.ql: /Correctness/Dangerous Conversions ++ semmlecode-cpp-queries/Likely Bugs/Conversion/NonzeroValueCastToPointer.ql: /Correctness/Dangerous Conversions ++ semmlecode-cpp-queries/Likely Bugs/Conversion/ImplicitDowncastFromBitfield.ql: /Correctness/Dangerous Conversions ++ semmlecode-cpp-queries/Likely Bugs/Conversion/CastArrayPointerArithmetic.ql: /Correctness/Dangerous Conversions + # Consistent Use ++ semmlecode-cpp-queries/Critical/ReturnValueIgnored.ql: /Correctness/Consistent Use ++ semmlecode-cpp-queries/Likely Bugs/InconsistentCheckReturnNull.ql: /Correctness/Consistent Use ++ semmlecode-cpp-queries/Likely Bugs/InconsistentCallOnResult.ql: /Correctness/Consistent Use + # Common Errors ++ semmlecode-cpp-queries/Likely Bugs/Likely Typos/AssignWhereCompareMeant.ql: /Correctness/Common Errors ++ semmlecode-cpp-queries/Likely Bugs/Likely Typos/CompareWhereAssignMeant.ql: /Correctness/Common Errors ++ semmlecode-cpp-queries/Likely Bugs/Likely Typos/ExprHasNoEffect.ql: /Correctness/Common Errors ++ semmlecode-cpp-queries/Likely Bugs/Likely Typos/ShortCircuitBitMask.ql: /Correctness/Common Errors ++ semmlecode-cpp-queries/Likely Bugs/Likely Typos/MissingEnumCaseInSwitch.ql: /Correctness/Common Errors ++ semmlecode-cpp-queries/Likely Bugs/Arithmetic/FloatComparison.ql: /Correctness/Common Errors ++ semmlecode-cpp-queries/Likely Bugs/Arithmetic/BitwiseSignCheck.ql: /Correctness/Common Errors ++ semmlecode-cpp-queries/Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql: /Correctness/Common Errors ++ semmlecode-cpp-queries/Likely Bugs/NestedLoopSameVar.ql: /Correctness/Common Errors ++ semmlecode-cpp-queries/Likely Bugs/UseInOwnInitializer.ql: /Correctness/Common Errors ++ semmlecode-cpp-queries/Critical/NewArrayDeleteMismatch.ql: /Correctness/Common Errors ++ semmlecode-cpp-queries/Critical/NewDeleteArrayMismatch.ql: /Correctness/Common Errors ++ semmlecode-cpp-queries/Critical/NewFreeMismatch.ql: /Correctness/Common Errors + # Exceptions ++ semmlecode-cpp-queries/Best Practices/Exceptions/AccidentalRethrow.ql: /Correctness/Exceptions ++ semmlecode-cpp-queries/Best Practices/Exceptions/CatchingByValue.ql: /Correctness/Exceptions ++ semmlecode-cpp-queries/Best Practices/Exceptions/LeakyCatch.ql: /Correctness/Exceptions ++ semmlecode-cpp-queries/Best Practices/Exceptions/ThrowingPointers.ql: /Correctness/Exceptions + # Use of Libraries ++ semmlecode-cpp-queries/Likely Bugs/Memory Management/SuspiciousCallToMemset.ql: /Correctness/Use of Libraries ++ semmlecode-cpp-queries/Likely Bugs/Memory Management/SuspiciousSizeof.ql: /Correctness/Use of Libraries ++ semmlecode-cpp-queries/Likely Bugs/Memory Management/UnsafeUseOfStrcat.ql: /Correctness/Use of Libraries ++ semmlecode-cpp-queries/Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql: /Correctness/Use of Libraries ++ semmlecode-cpp-queries/Likely Bugs/Memory Management/StrncpyFlippedArgs.ql: /Correctness/Use of Libraries ++ semmlecode-cpp-queries/Likely Bugs/Memory Management/ReturnCstrOfLocalStdString.ql: /Correctness/Use of Libraries ++ semmlecode-cpp-queries/Likely Bugs/Format/WrongNumberOfFormatArguments.ql: /Correctness/Use of Libraries ++ semmlecode-cpp-queries/Likely Bugs/Format/TooManyFormatArguments.ql: /Correctness/Use of Libraries ++ semmlecode-cpp-queries/Likely Bugs/Format/WrongTypeFormatArguments.ql: /Correctness/Use of Libraries ++ semmlecode-cpp-queries/Likely Bugs/Format/NonConstantFormat.ql: /Correctness/Use of Libraries ++ semmlecode-cpp-queries/Likely Bugs/Format/SnprintfOverflow.ql: /Correctness/Use of Libraries ++ semmlecode-cpp-queries/jsf/4.21 Operators/AV Rule 166.ql: /Correctness/Use of Libraries # Sizeof with side effects diff --git a/cpp/config/suites/cpp/internal b/cpp/config/suites/cpp/internal new file mode 100644 index 00000000000..ba6a1573c32 --- /dev/null +++ b/cpp/config/suites/cpp/internal @@ -0,0 +1,5 @@ ++ odasa-cpp-metrics/Internal/CallableDisplayStrings.ql ++ odasa-cpp-metrics/Internal/CallableExtents.ql ++ odasa-cpp-metrics/Internal/CallableSourceLinks.ql ++ odasa-cpp-metrics/Internal/ReftypeDisplayStrings.ql ++ odasa-cpp-metrics/Internal/ReftypeSourceLinks.ql diff --git a/cpp/config/suites/cpp/maintainability b/cpp/config/suites/cpp/maintainability new file mode 100644 index 00000000000..9b08f4de8d2 --- /dev/null +++ b/cpp/config/suites/cpp/maintainability @@ -0,0 +1,20 @@ +# MAINTAINABILITY + # Coupling ++ semmlecode-cpp-queries/jsf/4.06 Pre-Processing Directives/AV Rule 32.ql: /Maintainability/Coupling # Include header files only ++ semmlecode-cpp-queries/jsf/4.07 Header Files/AV Rule 35.ql: /Maintainability/Coupling # Missing header guard ++ semmlecode-cpp-queries/Header Cleanup/Cleanup-DuplicateIncludeGuard.ql: /Maintainability/Coupling # Duplicate header guards ++ semmlecode-cpp-queries/Architecture/FeatureEnvy.ql: /Maintainability/Coupling ++ semmlecode-cpp-queries/Architecture/InappropriateIntimacy.ql: /Maintainability/Coupling ++ semmlecode-cpp-queries/Architecture/Refactoring Opportunities/ClassesWithManyFields.ql: /Maintainability/Size + # Documentation ++ semmlecode-cpp-queries/Documentation/CommentedOutCode.ql: /Maintainability/Documentation ++ semmlecode-cpp-queries/Documentation/TodoComments.ql: /Maintainability/Documentation ++ semmlecode-cpp-queries/Documentation/FixmeComments.ql: /Maintainability/Documentation ++ semmlecode-cpp-queries/Documentation/UncommentedFunction.ql: /Maintainability/Documentation ++ semmlecode-cpp-queries/Documentation/DocumentApi.ql: /Maintainability/Documentation + # Declarations ++ semmlecode-cpp-queries/Best Practices/Magic Constants/MagicConstantsString.ql: /Maintainability/Declarations ++ semmlecode-cpp-queries/Best Practices/Magic Constants/MagicConstantsNumbers.ql: /Maintainability/Declarations ++ semmlecode-cpp-queries/Best Practices/SloppyGlobal.ql: /Maintainability/Declarations + # Memory management ++ semmlecode-cpp-queries/Likely Bugs/Memory Management/StackAddressEscapes.ql: /Maintainability/Memory Management diff --git a/cpp/config/suites/cpp/metric-defects b/cpp/config/suites/cpp/metric-defects new file mode 100644 index 00000000000..c15a205b527 --- /dev/null +++ b/cpp/config/suites/cpp/metric-defects @@ -0,0 +1,18 @@ ++ odasa-cpp-metrics/Files/NumberOfPublicGlobals.ql: /Maintainability/Coupling + @warning-from 7 ++ odasa-cpp-metrics/Files/FEfferentCoupling.ql: /Maintainability/Coupling + @warning-from 120 + # Size ++ odasa-cpp-metrics/Functions/FunNumberOfParameters.ql: /Maintainability/Size + @warning-from 11 ++ odasa-cpp-metrics/Functions/FunLinesOfCode.ql: /Maintainability/Size + @warning-from 200 ++ odasa-cpp-metrics/Files/FLinesOfCode.ql: /Maintainability/Size + @warning-from 1000 + # Complexity ++ odasa-cpp-metrics/Functions/FunNumberOfCalls.ql: /Maintainability/Complexity + @warning-from 100 ++ odasa-cpp-metrics/Functions/StatementNestingDepth.ql: /Maintainability/Complexity + @recommendation-from 6 ++ odasa-cpp-metrics/Functions/FunCyclomaticComplexity.ql: /Maintainability/Complexity + @recommendation-from 75 diff --git a/cpp/config/suites/cpp/metrics b/cpp/config/suites/cpp/metrics new file mode 100644 index 00000000000..e874ce6be14 --- /dev/null +++ b/cpp/config/suites/cpp/metrics @@ -0,0 +1,61 @@ +# DASHBOARD METRICS + +@import metrics-external + + # Build ++ odasa-cpp-metrics/Files/FTimeInFrontend.ql: /Metrics/Build + + # Complexity ++ odasa-cpp-metrics/Classes/CPercentageOfComplexCode.ql: /Metrics/Complexity ++ odasa-cpp-metrics/Classes/CResponse.ql : /Metrics/Complexity ++ odasa-cpp-metrics/Files/FCyclomaticComplexity.ql: /Metrics/Complexity + @treemap.warnOn highValues ++ odasa-cpp-metrics/Files/NumberOfParameters.ql: /Metrics/Complexity + @treemap.warnOn highValues ++ odasa-cpp-metrics/Functions/StatementNestingDepth.ql: /Metrics/Complexity + @treemap.warnOn highValues + + # Coupling ++ odasa-cpp-metrics/Classes/CAfferentCoupling.ql: /Metrics/Coupling ++ odasa-cpp-metrics/Classes/CEfferentCoupling.ql: /Metrics/Coupling ++ odasa-cpp-metrics/Files/FAfferentCoupling.ql: /Metrics/Coupling ++ odasa-cpp-metrics/Files/FEfferentCoupling.ql: /Metrics/Coupling ++ semmlecode-cpp-queries/Metrics/Files/FLinesOfDuplicatedCode.ql: /Metrics/Coupling + + # Documentation ++ odasa-cpp-metrics/Files/FCommentRatio.ql: /Metrics/Documentation ++ odasa-cpp-metrics/Files/FLinesOfComments.ql: /Metrics/Documentation ++ odasa-cpp-metrics/Files/FTodoComments.ql: /Metrics/Documentation ++ odasa-cpp-metrics/Functions/FunLinesOfComments.ql: /Metrics/Documentation ++ odasa-cpp-metrics/Functions/FunPercentageOfComments.ql: /Metrics/Documentation + @treemap.warnOn lowValues ++ odasa-cpp-metrics/Files/FLinesOfCommentedOutCode.ql: /Metrics/Documentation + + # Encapsulation ++ odasa-cpp-metrics/Classes/CInheritanceDepth.ql: /Metrics/Encapsulation ++ odasa-cpp-metrics/Classes/CLackOfCohesionCK.ql: /Metrics/Encapsulation ++ odasa-cpp-metrics/Classes/CSizeOfAPI.ql: /Metrics/Encapsulation ++ odasa-cpp-metrics/Classes/CSpecialisation.ql: /Metrics/Encapsulation + + # Globals ++ odasa-cpp-metrics/Files/NumberOfFunctions.ql: /Metrics/Globals ++ odasa-cpp-metrics/Files/NumberOfGlobals.ql: /Metrics/Globals ++ odasa-cpp-metrics/Files/NumberOfPublicFunctions.ql: /Metrics/Globals ++ odasa-cpp-metrics/Files/NumberOfPublicGlobals.ql: /Metrics/Globals + + # Preprocessor ++ odasa-cpp-metrics/Files/FDirectIncludes.ql: /Metrics/Preprocessor + @treemap.warnOn highValues ++ odasa-cpp-metrics/Files/FMacroRatio.ql: /Metrics/Preprocessor ++ odasa-cpp-metrics/Files/FTransitiveIncludes.ql: /Metrics/Preprocessor + @treemap.warnOn highValues + + # Size ++ odasa-cpp-metrics/Files/FLinesOfCode.ql: /Metrics/Size ++ odasa-cpp-metrics/Files/FNumberOfTests.ql: /Metrics/Size ++ odasa-cpp-metrics/Functions/FunLinesOfCode.ql: /Metrics/Size ++ odasa-cpp-metrics/Functions/FunNumberOfStatements.ql: /Metrics/Size + @treemap.warnOn highValues ++ odasa-cpp-metrics/Classes/CLinesOfCode.ql: /Metrics/Size ++ odasa-cpp-metrics/Classes/CNumberOfFields.ql: /Metrics/Size ++ odasa-cpp-metrics/Classes/CNumberOfFunctions.ql: /Metrics/Size diff --git a/cpp/config/suites/cpp/metrics-external b/cpp/config/suites/cpp/metrics-external new file mode 100644 index 00000000000..c3e528d04a8 --- /dev/null +++ b/cpp/config/suites/cpp/metrics-external @@ -0,0 +1,3 @@ ++ odasa-cpp-metrics/External/FileCompilationSourceLinks.ql ++ odasa-cpp-metrics/External/FileCompilationDisplayStrings.ql + diff --git a/cpp/config/suites/cpp/readability b/cpp/config/suites/cpp/readability new file mode 100644 index 00000000000..336f3c7962d --- /dev/null +++ b/cpp/config/suites/cpp/readability @@ -0,0 +1,49 @@ +# READABILITY + # Expressions ++ semmlecode-cpp-queries/Likely Bugs/Arithmetic/ComparisonPrecedence.ql: /Readability/Expressions ++ semmlecode-cpp-queries/Likely Bugs/Arithmetic/UnsignedGEZero.ql: /Readability/Expressions ++ semmlecode-cpp-queries/Likely Bugs/Arithmetic/PointlessComparison.ql: /Readability/Expressions ++ semmlecode-cpp-queries/Likely Bugs/Arithmetic/PointlessSelfComparison.ql: /Readability/Expressions ++ semmlecode-cpp-queries/Likely Bugs/Arithmetic/ComparisonWithCancelingSubExpr.ql: /Readability/Expressions + # Control Flow ++ semmlecode-cpp-queries/Best Practices/Likely Errors/EmptyBlock.ql: /Readability/Control Flow ++ semmlecode-cpp-queries/Likely Bugs/Likely Typos/FutileConditional.ql: /Readability/Control Flow ++ semmlecode-cpp-queries/Likely Bugs/Likely Typos/DubiousNullCheck.ql: /Readability/Control Flow ++ semmlecode-cpp-queries/jsf/4.24 Control Flow Structures/AV Rule 197.ql: /Readability/Control Flow # Avoid floats in for loops ++ semmlecode-cpp-queries/jsf/4.24 Control Flow Structures/AV Rule 201.ql: /Readability/Control Flow # For loop variable changed in body ++ semmlecode-cpp-queries/jsf/4.24 Control Flow Structures/AV Rule 196.ql: /Readability/Control Flow # No trivial switch statements ++ semmlecode-cpp-queries/Likely Bugs/ShortLoopVarName.ql: /Readability/Control Flow + # Declarations ++ semmlecode-cpp-queries/Best Practices/Hiding/LocalVariableHidesGlobalVariable.ql: /Readability/Declarations ++ semmlecode-cpp-queries/Best Practices/Hiding/DeclarationHidesParameter.ql: /Readability/Declarations ++ semmlecode-cpp-queries/Best Practices/Hiding/DeclarationHidesVariable.ql: /Readability/Declarations ++ semmlecode-cpp-queries/jsf/4.13 Functions/AV Rule 107.ql: /Readability/Declarations # Function declared in block ++ semmlecode-cpp-queries/Critical/LargeParameter.ql: /Readability/Declarations + # Size ++ semmlecode-cpp-queries/Best Practices/SwitchLongCase.ql: /Readability/Size ++ semmlecode-cpp-queries/Best Practices/BlockWithTooManyStatements.ql: /Readability/Size ++ semmlecode-cpp-queries/Best Practices/ComplexCondition.ql: /Readability/Size + # Safe Language ++ semmlecode-cpp-queries/Likely Bugs/AmbiguouslySignedBitField.ql: /Readability/Safe Language # Ambiguously signed bit-field member ++ semmlecode-cpp-queries/jsf/4.17 Types/AV Rule 148.ql: /Readability/Safe Language # Use of integer where enum is preferred ++ semmlecode-cpp-queries/jsf/4.16 Initialization/AV Rule 145.ql: /Readability/Safe Language # Enum initialisation ++ semmlecode-cpp-queries/jsf/4.10 Classes/AV Rule 97.ql: /Readability/Safe Language # No arrays in interfaces ++ semmlecode-cpp-queries/Likely Bugs/ReturnConstType.ql: /Readability/Safe Language ++ semmlecode-cpp-queries/Best Practices/RuleOfTwo.ql: /Readability/Safe Language/C++ ++ semmlecode-cpp-queries/Likely Bugs/OO/IncorrectConstructorDelegation.ql: /Readability/Safe Language/C++ ++ semmlecode-cpp-queries/Likely Bugs/OO/ThrowInDestructor.ql: /Readability/Safe Language/C++ ++ semmlecode-cpp-queries/jsf/4.13 Functions/AV Rule 114.ql: /Readability/Safe Language + @name Missing return statement ++ semmlecode-cpp-queries/Best Practices/UseOfGoto.ql: /Readability/Safe Language + # Safe Language > C++ ++ semmlecode-cpp-queries/jsf/4.10 Classes/AV Rule 78.ql: /Readability/Safe Language/C++ # No virtual destructor ++ semmlecode-cpp-queries/jsf/4.10 Classes/AV Rule 71.1.ql: /Readability/Safe Language/C++ # Virtual call from constructor or destructor ++ semmlecode-cpp-queries/jsf/4.10 Classes/AV Rule 77.1.ql: /Readability/Safe Language/C++ # Confusion with implicit copy constructor ++ semmlecode-cpp-queries/jsf/4.10 Classes/AV Rule 82.ql: /Readability/Safe Language/C++ # Overloaded assignment does not return 'this' ++ semmlecode-cpp-queries/Likely Bugs/ReturnConstTypeMember.ql: /Readability/Safe Language/C++ + # JSF ++ semmlecode-cpp-queries/jsf/4.10 Classes/AV Rule 79.ql: /Readability/JSF # Resource not released in destructor ++ semmlecode-cpp-queries/jsf/4.10 Classes/AV Rule 88.ql: /Readability/JSF # Undisciplined multiple inheritance ++ semmlecode-cpp-queries/jsf/4.10 Classes/AV Rule 89.ql: /Readability/JSF # Inconsistent virtual inheritance ++ semmlecode-cpp-queries/jsf/4.10 Classes/AV Rule 95.ql: /Readability/JSF # Redefined default parameter + diff --git a/cpp/config/suites/cpp/useless-code b/cpp/config/suites/cpp/useless-code new file mode 100644 index 00000000000..d0015f70632 --- /dev/null +++ b/cpp/config/suites/cpp/useless-code @@ -0,0 +1,10 @@ +# USELESS CODE ++ semmlecode-cpp-queries/Best Practices/Unused Entities/UnusedStaticFunctions.ql: /Useless Code ++ semmlecode-cpp-queries/Best Practices/Unused Entities/UnusedStaticVariables.ql: /Useless Code ++ semmlecode-cpp-queries/Best Practices/Unused Entities/UnusedLocals.ql: /Useless Code ++ semmlecode-cpp-queries/external/DuplicateFunction.ql: /Useless Code/Duplicate Code ++ semmlecode-cpp-queries/external/MostlyDuplicateClass.ql: /Useless Code/Duplicate Code ++ semmlecode-cpp-queries/external/MostlyDuplicateFile.ql: /Useless Code/Duplicate Code ++ semmlecode-cpp-queries/external/MostlyDuplicateFunction.ql: /Useless Code/Duplicate Code ++ semmlecode-cpp-queries/external/MostlySimilarFile.ql: /Useless Code/Duplicate Code + diff --git a/cpp/config/suites/default/c b/cpp/config/suites/default/c new file mode 100644 index 00000000000..5f6cc15ed18 --- /dev/null +++ b/cpp/config/suites/default/c @@ -0,0 +1,7 @@ +@import "../../suites/c/correctness" +@import "../../suites/c/maintainability" +@import "../../suites/c/readability" +@import "../../suites/c/useless-code" + +@import "../../suites/c/metrics" +@import "../../suites/c/metric-defects" diff --git a/cpp/config/suites/default/cpp b/cpp/config/suites/default/cpp new file mode 100644 index 00000000000..b8e9fdc6d80 --- /dev/null +++ b/cpp/config/suites/default/cpp @@ -0,0 +1,7 @@ +@import "../../suites/cpp/correctness" +@import "../../suites/cpp/maintainability" +@import "../../suites/cpp/readability" +@import "../../suites/cpp/useless-code" + +@import "../../suites/cpp/metrics" +@import "../../suites/cpp/metric-defects" diff --git a/cpp/config/suites/security/all b/cpp/config/suites/security/all new file mode 100644 index 00000000000..0dfc54047b4 --- /dev/null +++ b/cpp/config/suites/security/all @@ -0,0 +1,2 @@ +@import "default" +@import "secondary" diff --git a/cpp/config/suites/security/cwe-022 b/cpp/config/suites/security/cwe-022 new file mode 100644 index 00000000000..ebc89a91d1b --- /dev/null +++ b/cpp/config/suites/security/cwe-022 @@ -0,0 +1,3 @@ +# CWE-078: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') ++ semmlecode-cpp-queries/Security/CWE/CWE-022/TaintedPath.ql: /CWE/CWE-022 + @name Uncontrolled data used in path expression (CWE-022) \ No newline at end of file diff --git a/cpp/config/suites/security/cwe-078 b/cpp/config/suites/security/cwe-078 new file mode 100644 index 00000000000..4e758b73096 --- /dev/null +++ b/cpp/config/suites/security/cwe-078 @@ -0,0 +1,3 @@ +# CWE-078: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') ++ semmlecode-cpp-queries/Security/CWE/CWE-078/ExecTainted.ql: /CWE/CWE-078 + @name Uncontrolled data used in OS command (CWE-078) diff --git a/cpp/config/suites/security/cwe-079 b/cpp/config/suites/security/cwe-079 new file mode 100644 index 00000000000..42c0bcbf9c3 --- /dev/null +++ b/cpp/config/suites/security/cwe-079 @@ -0,0 +1,3 @@ +# CWE-079: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') ++ semmlecode-cpp-queries/Security/CWE/CWE-079/CgiXss.ql: /CWE/CWE-079 + @name CGI script vulnerable to cross-site scripting (CWE-079) diff --git a/cpp/config/suites/security/cwe-089 b/cpp/config/suites/security/cwe-089 new file mode 100644 index 00000000000..05709902581 --- /dev/null +++ b/cpp/config/suites/security/cwe-089 @@ -0,0 +1,3 @@ +# CWE-089: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ++ semmlecode-cpp-queries/Security/CWE/CWE-089/SqlTainted.ql: /CWE/CWE-089 + @name Uncontrolled data in SQL query (CWE-089) diff --git a/cpp/config/suites/security/cwe-114 b/cpp/config/suites/security/cwe-114 new file mode 100644 index 00000000000..4d31afc5d51 --- /dev/null +++ b/cpp/config/suites/security/cwe-114 @@ -0,0 +1,3 @@ +# CWE-114: Process Control ++ semmlecode-cpp-queries/Security/CWE/CWE-114/UncontrolledProcessOperation.ql: /CWE/CWE-114 + @name Uncontrolled process operation (CWE-114) diff --git a/cpp/config/suites/security/cwe-119 b/cpp/config/suites/security/cwe-119 new file mode 100644 index 00000000000..2f8849beb42 --- /dev/null +++ b/cpp/config/suites/security/cwe-119 @@ -0,0 +1,13 @@ +# CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer ++ semmlecode-cpp-queries/Security/CWE/CWE-119/OverflowBuffer.ql: /CWE/CWE-119 + @name Call to memory access function may overflow buffer (CWE-119) ++ semmlecode-cpp-queries/Critical/OverflowStatic.ql: /CWE/CWE-119 + @name Static array access may cause overflow (CWE-119) +# + semmlecode-cpp-queries/Critical/OverflowDestination.ql: /CWE/CWE-119 +# ^ disabled due to timeout issue ++ semmlecode-cpp-queries/Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql: /CWE/CWE-119 + @name Potentially unsafe call to strncat (CWE-119) ++ semmlecode-cpp-queries/Likely Bugs/Memory Management/StrncpyFlippedArgs.ql: /CWE/CWE-119 + @name Possibly wrong buffer size in string copy (CWE-119) ++ semmlecode-cpp-queries/Likely Bugs/Conversion/CastArrayPointerArithmetic.ql: /CWE/CWE-119 + @name Upcast array used in pointer arithmetic (CWE-119) diff --git a/cpp/config/suites/security/cwe-120 b/cpp/config/suites/security/cwe-120 new file mode 100644 index 00000000000..0343041d79e --- /dev/null +++ b/cpp/config/suites/security/cwe-120 @@ -0,0 +1,13 @@ +# CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') ++ semmlecode-cpp-queries/Security/CWE/CWE-120/UnboundedWrite.ql: /CWE/CWE-120 + @name Unbounded write (CWE-120) ++ semmlecode-cpp-queries/Security/CWE/CWE-120/BadlyBoundedWrite.ql: /CWE/CWE-120 + @name Badly bounded write (CWE-120) ++ semmlecode-cpp-queries/Security/CWE/CWE-120/OverrunWrite.ql: /CWE/CWE-120 + @name Potentially overrunning write (CWE-120) ++ semmlecode-cpp-queries/Security/CWE/CWE-120/OverrunWriteFloat.ql: /CWE/CWE-120 + @name Potentially overrunning write with float to string conversion (CWE-120) ++ semmlecode-cpp-queries/Best Practices/Likely Errors/OffsetUseBeforeRangeCheck.ql: /CWE/CWE-120 + @name Array offset used before range check (CWE-120) ++ semmlecode-cpp-queries/Likely Bugs/Memory Management/UnsafeUseOfStrcat.ql: /CWE/CWE-120 + @name Potentially unsafe use of strcat (CWE-120) diff --git a/cpp/config/suites/security/cwe-121 b/cpp/config/suites/security/cwe-121 new file mode 100644 index 00000000000..c9f922d8c55 --- /dev/null +++ b/cpp/config/suites/security/cwe-121 @@ -0,0 +1,3 @@ +# CWE-121: Stack-based Buffer Overflow ++ semmlecode-cpp-queries/Security/CWE/CWE-121/UnterminatedVarargsCall.ql: /CWE/CWE-121 + @name Unterminated variadic call (CWE-121) diff --git a/cpp/config/suites/security/cwe-129 b/cpp/config/suites/security/cwe-129 new file mode 100644 index 00000000000..2ae414ef873 --- /dev/null +++ b/cpp/config/suites/security/cwe-129 @@ -0,0 +1,3 @@ +# CWE-129: Stack-based Buffer Overflow ++ semmlecode-cpp-queries/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql: /CWE/CWE-129 + @name Unclear validation of array index (CWE-129) diff --git a/cpp/config/suites/security/cwe-131 b/cpp/config/suites/security/cwe-131 new file mode 100644 index 00000000000..ae675145902 --- /dev/null +++ b/cpp/config/suites/security/cwe-131 @@ -0,0 +1,7 @@ +# CWE-131: Incorrect Calculation of Buffer Size ++ semmlecode-cpp-queries/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql: /CWE/CWE-131 + @name No space for zero terminator (CWE-131) ++ semmlecode-cpp-queries/Critical/SizeCheck.ql: /CWE/CWE-131 + @name Not enough memory allocated for pointer type (CWE-131) ++ semmlecode-cpp-queries/Critical/SizeCheck2.ql: /CWE/CWE-131 + @name Not enough memory allocated for array of pointer type (CWE-131) diff --git a/cpp/config/suites/security/cwe-134 b/cpp/config/suites/security/cwe-134 new file mode 100644 index 00000000000..b6c1d5411a5 --- /dev/null +++ b/cpp/config/suites/security/cwe-134 @@ -0,0 +1,13 @@ +# CWE-134: Uncontrolled Format String ++ semmlecode-cpp-queries/Likely Bugs/Format/NonConstantFormat.ql: /CWE/CWE-134 + @name Non-constant format string (CWE-134) +# This one runs out of memory. See ODASA-608. +#+ semmlecode-cpp-queries/PointsTo/TaintedFormatStrings.ql: /CWE/CWE-134 ++ semmlecode-cpp-queries/Likely Bugs/Format/WrongNumberOfFormatArguments.ql: /CWE/CWE-134 + @name Wrong number of arguments to formatting function (CWE-134) ++ semmlecode-cpp-queries/Likely Bugs/Format/WrongTypeFormatArguments.ql: /CWE/CWE-134 + @name Wrong type of arguments to formatting function (CWE-134) ++ semmlecode-cpp-queries/Security/CWE/CWE-134/UncontrolledFormatString.ql: /CWE/CWE-134 + @name Uncontrolled format string (CWE-134) ++ semmlecode-cpp-queries/Security/CWE/CWE-134/UncontrolledFormatStringThroughGlobalVar.ql: /CWE/CWE-134 + @name Uncontrolled format string (through global variable) (CWE-134) diff --git a/cpp/config/suites/security/cwe-170 b/cpp/config/suites/security/cwe-170 new file mode 100644 index 00000000000..10dd17cfcaf --- /dev/null +++ b/cpp/config/suites/security/cwe-170 @@ -0,0 +1,5 @@ +# CWE-170: Improper Null Termination ++ semmlecode-cpp-queries/Likely Bugs/Memory Management/ImproperNullTermination.ql: /CWE/CWE-170 + @name Potential improper null termination (CWE-170) ++ semmlecode-cpp-queries/Security/CWE/CWE-170/ImproperNullTerminationTainted.ql: /CWE/CWE-170 + @name User-controlled data may not be null terminated (CWE-170) diff --git a/cpp/config/suites/security/cwe-190 b/cpp/config/suites/security/cwe-190 new file mode 100644 index 00000000000..b0978c83c0d --- /dev/null +++ b/cpp/config/suites/security/cwe-190 @@ -0,0 +1,13 @@ +# CWE-190: Integer Overflow or Wraparound ++ semmlecode-cpp-queries/Security/CWE/CWE-190/ArithmeticTainted.ql: /CWE/CWE-190 + @name User-controlled data in arithmetic expression (CWE-190) ++ semmlecode-cpp-queries/Security/CWE/CWE-190/ArithmeticUncontrolled.ql: /CWE/CWE-190 + @name Uncontrolled data in arithmetic expression (CWE-190) ++ semmlecode-cpp-queries/Security/CWE/CWE-190/ArithmeticWithExtremeValues.ql: /CWE/CWE-190 + @name Use of extreme values in arithmetic expression (CWE-190) ++ semmlecode-cpp-queries/Security/CWE/CWE-190/TaintedAllocationSize.ql: /CWE/CWE-190 + @name Overflow in uncontrolled allocation size (CWE-190) ++ semmlecode-cpp-queries/Security/CWE/CWE-190/IntegerOverflowTainted.ql: /CWE/CWE-190 + @name Potential integer arithmetic overflow (CWE-190) ++ semmlecode-cpp-queries/Security/CWE/CWE-190/ComparisonWithWiderType.ql: /CWE/CWE-190 + @name Comparison of wide type with narrow type in loop condition (CWE-190) \ No newline at end of file diff --git a/cpp/config/suites/security/cwe-242 b/cpp/config/suites/security/cwe-242 new file mode 100644 index 00000000000..0a08d9620bf --- /dev/null +++ b/cpp/config/suites/security/cwe-242 @@ -0,0 +1,3 @@ +# CWE-242: Use of Inherently Dangerous Function ++ semmlecode-cpp-queries/Likely Bugs/Memory Management/PotentialBufferOverflow.ql: /CWE/CWE-242 + @name Use of inherently dangerous function (CWE-242) diff --git a/cpp/config/suites/security/cwe-290 b/cpp/config/suites/security/cwe-290 new file mode 100644 index 00000000000..13019122555 --- /dev/null +++ b/cpp/config/suites/security/cwe-290 @@ -0,0 +1,3 @@ +# CWE-290: Authentication Bypass by Spoofing ++ semmlecode-cpp-queries/Security/CWE/CWE-290/AuthenticationBypass.ql: /CWE/CWE-290 + @name Authentication bypass by spoofing (CWE-290) diff --git a/cpp/config/suites/security/cwe-311 b/cpp/config/suites/security/cwe-311 new file mode 100644 index 00000000000..22d34f5fdc8 --- /dev/null +++ b/cpp/config/suites/security/cwe-311 @@ -0,0 +1,9 @@ +# CWE-311 Missing Encryption of Sensitive Data ++ semmlecode-cpp-queries/Security/CWE/CWE-311/CleartextBufferWrite.ql: /CWE/CWE-311 + @name Cleartext storage of sensitive information in buffer (CWE-311) + ++ semmlecode-cpp-queries/Security/CWE/CWE-311/CleartextFileWrite.ql: /CWE/CWE-311 + @name Cleartext storage of sensitive information in file (CWE-311) + ++ semmlecode-cpp-queries/Security/CWE/CWE-313/CleartextSqliteDatabase.ql: /CWE/CWE-311 + @name Cleartext storage of sensitive information in an SQLite database (CWE-311) diff --git a/cpp/config/suites/security/cwe-327 b/cpp/config/suites/security/cwe-327 new file mode 100644 index 00000000000..47b081afe13 --- /dev/null +++ b/cpp/config/suites/security/cwe-327 @@ -0,0 +1,5 @@ +# CWE-327: Use of a Broken or Risky Cryptographic Algorithm ++ semmlecode-cpp-queries/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql: /CWE/CWE-327 + @name Use of a broken or risky cryptographic algorithm (CWE-327) ++ semmlecode-cpp-queries/Security/CWE/CWE-327/OpenSslHeartbleed.ql: /CWE/CWE-327 + @name Use of a version of OpenSSL with Heartbleed (CWE-327) diff --git a/cpp/config/suites/security/cwe-367 b/cpp/config/suites/security/cwe-367 new file mode 100644 index 00000000000..d5e55ed1a2f --- /dev/null +++ b/cpp/config/suites/security/cwe-367 @@ -0,0 +1,3 @@ +# CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition ++ semmlecode-cpp-queries/Security/CWE/CWE-367/TOCTOUFilesystemRace.ql: /CWE/CWE-367 + @name Time-of-check time-of-use filesystem race condition (CWE-367) diff --git a/cpp/config/suites/security/cwe-416 b/cpp/config/suites/security/cwe-416 new file mode 100644 index 00000000000..0f5253812cb --- /dev/null +++ b/cpp/config/suites/security/cwe-416 @@ -0,0 +1,3 @@ +# CWE-416: Use After Free ++ semmlecode-cpp-queries/Critical/UseAfterFree.ql: /CWE/CWE-416 + @name Potential use after free (CWE-416) diff --git a/cpp/config/suites/security/cwe-457 b/cpp/config/suites/security/cwe-457 new file mode 100644 index 00000000000..b70f3686d66 --- /dev/null +++ b/cpp/config/suites/security/cwe-457 @@ -0,0 +1,3 @@ +# CWE-457: Use of Uninitialized Variable ++ semmlecode-cpp-queries/Likely Bugs/Memory Management/UninitializedLocal.ql: /CWE/CWE-457 + @name Potentially uninitialized local variable (CWE-457) \ No newline at end of file diff --git a/cpp/config/suites/security/cwe-468 b/cpp/config/suites/security/cwe-468 new file mode 100644 index 00000000000..72cac42de2b --- /dev/null +++ b/cpp/config/suites/security/cwe-468 @@ -0,0 +1,9 @@ +# CWE-468: Incorrect pointer scaling ++ semmlecode-cpp-queries/Security/CWE/CWE-468/IncorrectPointerScaling.ql: /CWE/CWE-468 + @name Suspicious pointer scaling (CWE-468) ++ semmlecode-cpp-queries/Security/CWE/CWE-468/IncorrectPointerScalingChar.ql: /CWE/CWE-468 + @name Suspicious pointer scaling to char (CWE-468) ++ semmlecode-cpp-queries/Security/CWE/CWE-468/IncorrectPointerScalingVoid.ql: /CWE/CWE-468 + @name Suspicious pointer scaling to void (CWE-468) ++ semmlecode-cpp-queries/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql: /CWE/CWE-468 + @name Suspicious add with sizeof (CWE-468) diff --git a/cpp/config/suites/security/cwe-497-expensive b/cpp/config/suites/security/cwe-497-expensive new file mode 100644 index 00000000000..e9dd90c41ce --- /dev/null +++ b/cpp/config/suites/security/cwe-497-expensive @@ -0,0 +1,3 @@ +# CWE-497 Exposure of System Data to an Unauthorized Control Sphere ++ semmlecode-cpp-queries/Security/CWE/CWE-497/ExposedSystemData.ql: /CWE/CWE-497 + @name Exposure of system data to an unauthorized control sphere (CWE-497) diff --git a/cpp/config/suites/security/cwe-676 b/cpp/config/suites/security/cwe-676 new file mode 100644 index 00000000000..ad86d1a8998 --- /dev/null +++ b/cpp/config/suites/security/cwe-676 @@ -0,0 +1,5 @@ +# CWE-676: Use of Potentially Dangerous Function ++ semmlecode-cpp-queries/Security/CWE/CWE-676/DangerousUseOfCin.ql: /CWE/CWE-676 + @name Dangerous use of 'cin' (CWE-676) ++ semmlecode-cpp-queries/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql: /CWE/CWE-676 + @name Use of potentially dangerous function (CWE-676) diff --git a/cpp/config/suites/security/cwe-732 b/cpp/config/suites/security/cwe-732 new file mode 100644 index 00000000000..90af4998438 --- /dev/null +++ b/cpp/config/suites/security/cwe-732 @@ -0,0 +1,3 @@ +# CWE-732: Incorrect Permission Assignment for Critical Resource ++ semmlecode-cpp-queries/Security/CWE/CWE-732/DoNotCreateWorldWritable.ql: /CWE/CWE-732 + @name File created without restricting permissions (CWE-732) diff --git a/cpp/config/suites/security/cwe-764 b/cpp/config/suites/security/cwe-764 new file mode 100644 index 00000000000..3109956e7fb --- /dev/null +++ b/cpp/config/suites/security/cwe-764 @@ -0,0 +1,7 @@ +# CWE-764: Multiple Locks of a CriticalResource ++ semmlecode-cpp-queries/Security/CWE/CWE-764/UnreleasedLock.ql: /CWE/CWE-764 + @name Lock may not be released (CWE-764) ++ semmlecode-cpp-queries/Security/CWE/CWE-764/TwiceLocked.ql: /CWE/CWE-764 + @name Mutex locked twice (CWE-764) ++ semmlecode-cpp-queries/Security/CWE/CWE-764/LockOrderCycle.ql: /CWE/CWE-764 + @name Cyclic lock order dependency (CWE-764) diff --git a/cpp/config/suites/security/cwe-772 b/cpp/config/suites/security/cwe-772 new file mode 100644 index 00000000000..31de86f09a7 --- /dev/null +++ b/cpp/config/suites/security/cwe-772 @@ -0,0 +1,3 @@ +# CWE-772: Missing Release of Resource after Effective Lifetime ++ semmlecode-cpp-queries/Critical/NewFreeMismatch.ql: /CWE/CWE-772 + @name Mismatching new/free or malloc/delete (CWE-772) diff --git a/cpp/config/suites/security/cwe-772-expensive b/cpp/config/suites/security/cwe-772-expensive new file mode 100644 index 00000000000..50e791b63d9 --- /dev/null +++ b/cpp/config/suites/security/cwe-772-expensive @@ -0,0 +1,9 @@ +# CWE-772: Missing Release of Resource after Effective Lifetime ++ semmlecode-cpp-queries/Critical/FileMayNotBeClosed.ql: /CWE/CWE-772 + @name Open file may not be closed (CWE-772) ++ semmlecode-cpp-queries/Critical/FileNeverClosed.ql: /CWE/CWE-772 + @name Open file is not closed (CWE-772) ++ semmlecode-cpp-queries/Critical/MemoryMayNotBeFreed.ql: /CWE/CWE-772 + @name Memory may not be freed (CWE-772) ++ semmlecode-cpp-queries/Critical/MemoryNeverFreed.ql: /CWE/CWE-772 + @name Memory is never freed (CWE-772) diff --git a/cpp/config/suites/security/cwe-807 b/cpp/config/suites/security/cwe-807 new file mode 100644 index 00000000000..0213e0b4d5d --- /dev/null +++ b/cpp/config/suites/security/cwe-807 @@ -0,0 +1,3 @@ +# CWE-807: Reliance on Untrusted Inputs in a Security Decision ++ semmlecode-cpp-queries/Security/CWE/CWE-807/TaintedCondition.ql: /CWE/CWE-807 + @name Untrusted input for a condition (CWE-807) diff --git a/cpp/config/suites/security/cwe-835 b/cpp/config/suites/security/cwe-835 new file mode 100644 index 00000000000..067376b3437 --- /dev/null +++ b/cpp/config/suites/security/cwe-835 @@ -0,0 +1,3 @@ +# CWE-835: Infinite loop with unsatisfiable exit condition ++ semmlecode-cpp-queries/Security/CWE/CWE-835/InfiniteLoopWithUnsatisfiableExitCondition.ql: /CWE/CWE-835 + @name Infinite loop with unsatisfiable exit condition (CWE-835) diff --git a/cpp/config/suites/security/default b/cpp/config/suites/security/default new file mode 100644 index 00000000000..4225ae9808b --- /dev/null +++ b/cpp/config/suites/security/default @@ -0,0 +1,28 @@ +# All C++ security queries +@import "cwe-022" +@import "cwe-078" +@import "cwe-079" +@import "cwe-089" +@import "cwe-114" +@import "cwe-119" +@import "cwe-120" +@import "cwe-121" +@import "cwe-129" +@import "cwe-131" +@import "cwe-134" +@import "cwe-170" +@import "cwe-190" +@import "cwe-242" +@import "cwe-290" +@import "cwe-311" +@import "cwe-327" +@import "cwe-367" +@import "cwe-416" +@import "cwe-457" +@import "cwe-468" +@import "cwe-676" +@import "cwe-732" +@import "cwe-764" +@import "cwe-772" +@import "cwe-807" +@import "cwe-835" diff --git a/cpp/config/suites/security/secondary b/cpp/config/suites/security/secondary new file mode 100644 index 00000000000..19f450cb8bb --- /dev/null +++ b/cpp/config/suites/security/secondary @@ -0,0 +1,3 @@ +# Not in the default suite due to using expensive points-to analysis +@import "cwe-497-expensive" +@import "cwe-772-expensive"