C++: Move C/C++ suites to ql repo

As the queries live here, it makes sense for the suites to be versioned together with them. The LGTM suite has already been moved. This commit moves the actively-maintained non-LGTM suites.
2025-12-16 16:53:25 +01:00 · 2018-08-14 11:41:31 +02:00
parent bbee9a860b
commit 3e1247257f
52 changed files with 633 additions and 0 deletions
--- a/cpp/config/suites/c/code-review
+++ b/cpp/config/suites/c/code-review
@@ -0,0 +1,31 @@
+ semmlecode-cpp-queries/Likely Bugs/Conversion/LossyPointerCast.ql: /Critical/Critical_Correctness/Dangerous Conversions
+ semmlecode-cpp-queries/Best Practices/Likely Errors/Slicing.ql: /Critical/Critical_Correctness/Dangerous Conversions
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/BadCheckOdd.ql: /Critical/Critical_Correctness/Dangerous Conversions
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/IntMultToLong.ql: /Critical/Critical_Correctness/Dangerous Conversions
+ semmlecode-cpp-queries/Likely Bugs/Conversion/NonzeroValueCastToPointer.ql: /Critical/Critical_Correctness/Dangerous Conversions
+ semmlecode-cpp-queries/Likely Bugs/Conversion/ImplicitDowncastFromBitfield.ql: /Critical/Critical_Correctness/Dangerous Conversions
+ semmlecode-cpp-queries/Likely Bugs/Likely Typos/AssignWhereCompareMeant.ql: /Critical/Critical_Correctness/Common Errors
+ semmlecode-cpp-queries/Likely Bugs/Likely Typos/CompareWhereAssignMeant.ql: /Critical/Critical_Correctness/Common Errors
+ semmlecode-cpp-queries/Likely Bugs/Likely Typos/ExprHasNoEffect.ql: /Critical/Critical_Correctness/Common Errors
+ semmlecode-cpp-queries/Likely Bugs/Likely Typos/ShortCircuitBitMask.ql: /Critical/Critical_Correctness/Common Errors
+ semmlecode-cpp-queries/Likely Bugs/Likely Typos/MissingEnumCaseInSwitch.ql: /Critical/Critical_Correctness/Common Errors
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/BitwiseSignCheck.ql: /Critical/Critical_Correctness/Common Errors
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/SuspiciousCallToMemset.ql: /Critical/Critical_Correctness/Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/SuspiciousSizeof.ql: /Critical/Critical_Correctness/Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/UnsafeUseOfStrcat.ql: /Critical/Critical_Correctness/Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql: /Critical/Critical_Correctness/Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/StrncpyFlippedArgs.ql: /Critical/Critical_Correctness/Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Format/WrongNumberOfFormatArguments.ql: /Critical/Critical_Correctness/Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Format/TooManyFormatArguments.ql: /Critical/Critical_Correctness/Use of Libraries
+ semmlecode-cpp-queries/jsf/4.21 Operators/AV Rule 166.ql: /Critical/Critical_Correctness/Use of Libraries # Sizeof with side effects
+ semmlecode-cpp-queries/jsf/4.07 Header Files/AV Rule 35.ql: /Critical/Critical_Maintainability/Coupling # Missing header guard
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/ComparisonPrecedence.ql: /Critical/Critical_Readability/Expressions
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/UnsignedGEZero.ql: /Critical/Critical_Readability/Expressions
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/PointlessComparison.ql: /Critical/Critical_Readability/Expressions
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql: /Critical/Critical_Readability/Expressions
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/PointlessSelfComparison.ql: /Critical/Critical_Readability/Expressions
+ semmlecode-cpp-queries/Likely Bugs/Likely Typos/DubiousNullCheck.ql: /Critical/Critical_Readability/Control Flow
+ semmlecode-cpp-queries/jsf/4.24 Control Flow Structures/AV Rule 197.ql: /Critical/Critical_Readability/Control Flow
+
+## FLinesOfCode.ql is used internally.
+ odasa-cpp-metrics/Files/FLinesOfCode.ql
--- a/cpp/config/suites/c/correctness
+++ b/cpp/config/suites/c/correctness
@@ -0,0 +1,38 @@
+# CORRECTNESS
+  # Dangerous Conversions
+ semmlecode-cpp-queries/Likely Bugs/Conversion/LossyPointerCast.ql: /Correctness/Dangerous Conversions
+ semmlecode-cpp-queries/Best Practices/Likely Errors/Slicing.ql: /Correctness/Dangerous Conversions
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/BadCheckOdd.ql: /Correctness/Dangerous Conversions
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/IntMultToLong.ql: /Correctness/Dangerous Conversions
+ semmlecode-cpp-queries/Likely Bugs/Conversion/NonzeroValueCastToPointer.ql: /Correctness/Dangerous Conversions
+ semmlecode-cpp-queries/Likely Bugs/Conversion/ImplicitDowncastFromBitfield.ql: /Correctness/Dangerous Conversions
+  # Consistent Use 
+ semmlecode-cpp-queries/Critical/ReturnValueIgnored.ql: /Correctness/Consistent Use
+ semmlecode-cpp-queries/Likely Bugs/InconsistentCheckReturnNull.ql: /Correctness/Consistent Use
+ semmlecode-cpp-queries/Likely Bugs/InconsistentCallOnResult.ql: /Correctness/Consistent Use
+  # Common Errors
+ semmlecode-cpp-queries/Likely Bugs/Likely Typos/AssignWhereCompareMeant.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Likely Bugs/Likely Typos/CompareWhereAssignMeant.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Likely Bugs/Likely Typos/ExprHasNoEffect.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Likely Bugs/Likely Typos/ShortCircuitBitMask.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Likely Bugs/Likely Typos/MissingEnumCaseInSwitch.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/FloatComparison.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/BitwiseSignCheck.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Likely Bugs/NestedLoopSameVar.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Likely Bugs/UseInOwnInitializer.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Critical/NewArrayDeleteMismatch.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Critical/NewDeleteArrayMismatch.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Critical/NewFreeMismatch.ql: /Correctness/Common Errors
+  # Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/SuspiciousCallToMemset.ql: /Correctness/Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/SuspiciousSizeof.ql: /Correctness/Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/UnsafeUseOfStrcat.ql: /Correctness/Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql: /Correctness/Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/StrncpyFlippedArgs.ql: /Correctness/Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Format/WrongNumberOfFormatArguments.ql: /Correctness/Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Format/TooManyFormatArguments.ql: /Correctness/Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Format/WrongTypeFormatArguments.ql: /Correctness/Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Format/NonConstantFormat.ql: /Correctness/Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Format/SnprintfOverflow.ql: /Correctness/Use of Libraries
+ semmlecode-cpp-queries/jsf/4.21 Operators/AV Rule 166.ql: /Correctness/Use of Libraries # Sizeof with side effects
--- a/cpp/config/suites/c/internal
+++ b/cpp/config/suites/c/internal
@@ -0,0 +1,5 @@
+ odasa-cpp-metrics/Internal/CallableDisplayStrings.ql
+ odasa-cpp-metrics/Internal/CallableExtents.ql
+ odasa-cpp-metrics/Internal/CallableSourceLinks.ql
+ odasa-cpp-metrics/Internal/ReftypeDisplayStrings.ql
+ odasa-cpp-metrics/Internal/ReftypeSourceLinks.ql
--- a/cpp/config/suites/c/maintainability
+++ b/cpp/config/suites/c/maintainability
@@ -0,0 +1,22 @@
+# MAINTAINABILITY
+  # Coupling
+ semmlecode-cpp-queries/jsf/4.06 Pre-Processing Directives/AV Rule 32.ql: /Maintainability/Coupling # Include header files only
+ semmlecode-cpp-queries/jsf/4.07 Header Files/AV Rule 35.ql: /Maintainability/Coupling # Missing header guard
+ semmlecode-cpp-queries/Header Cleanup/Cleanup-DuplicateIncludeGuard.ql: /Maintainability/Coupling # Duplicate header guards
+ semmlecode-cpp-queries/Architecture/FeatureEnvy.ql: /Maintainability/Coupling
+ semmlecode-cpp-queries/Architecture/InappropriateIntimacy.ql: /Maintainability/Coupling
+  # Size
+ semmlecode-cpp-queries/Architecture/Refactoring Opportunities/ClassesWithManyFields.ql: /Maintainability/Size
+   @name Structs with too many members
+  # Documentation
+ semmlecode-cpp-queries/Documentation/CommentedOutCode.ql: /Maintainability/Documentation
+ semmlecode-cpp-queries/Documentation/TodoComments.ql: /Maintainability/Documentation
+ semmlecode-cpp-queries/Documentation/FixmeComments.ql: /Maintainability/Documentation
+ semmlecode-cpp-queries/Documentation/UncommentedFunction.ql: /Maintainability/Documentation
+ semmlecode-cpp-queries/Documentation/DocumentApi.ql: /Maintainability/Documentation
+  # Declarations
+ semmlecode-cpp-queries/Best Practices/Magic Constants/MagicConstantsString.ql: /Maintainability/Declarations
+ semmlecode-cpp-queries/Best Practices/Magic Constants/MagicConstantsNumbers.ql: /Maintainability/Declarations
+ semmlecode-cpp-queries/Best Practices/SloppyGlobal.ql: /Maintainability/Declarations
+  # Memory management
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/StackAddressEscapes.ql: /Maintainability/Memory Management
--- a/cpp/config/suites/c/metric-defects
+++ b/cpp/config/suites/c/metric-defects
@@ -0,0 +1,17 @@
+ odasa-cpp-metrics/Files/NumberOfPublicGlobals.ql: /Maintainability/Coupling 
+   @warning-from 11
+ odasa-cpp-metrics/Files/FEfferentCoupling.ql: /Maintainability/Coupling
+   @warning-from 120
+ odasa-cpp-metrics/Functions/FunNumberOfParameters.ql: /Maintainability/Size
+   @warning-from 9
+ odasa-cpp-metrics/Functions/FunLinesOfCode.ql: /Maintainability/Size
+   @warning-from 250
+ odasa-cpp-metrics/Files/FLinesOfCode.ql: /Maintainability/Size
+   @warning-from 1500
+  # Complexity
+ odasa-cpp-metrics/Functions/FunNumberOfCalls.ql: /Maintainability/Complexity
+  @warning-from 100
+ odasa-cpp-metrics/Functions/StatementNestingDepth.ql: /Maintainability/Complexity
+   @recommendation-from 7
+ odasa-cpp-metrics/Functions/FunCyclomaticComplexity.ql: /Maintainability/Complexity
+   @recommendation-from 100
--- a/cpp/config/suites/c/metrics
+++ b/cpp/config/suites/c/metrics
@@ -0,0 +1,48 @@
+# DASHBOARD METRICS
+
+@import metrics-external
+
+  # Build
+ odasa-cpp-metrics/Files/FTimeInFrontend.ql: /Metrics/Build
+
+  # Complexity
+ odasa-cpp-metrics/Files/FCyclomaticComplexity.ql: /Metrics/Complexity
+   @treemap.warnOn highValues
+ odasa-cpp-metrics/Files/NumberOfParameters.ql: /Metrics/Complexity
+   @treemap.warnOn highValues
+ odasa-cpp-metrics/Functions/StatementNestingDepth.ql: /Metrics/Complexity
+   @treemap.warnOn highValues
+
+  # Coupling
+ odasa-cpp-metrics/Files/FAfferentCoupling.ql: /Metrics/Coupling
+ odasa-cpp-metrics/Files/FEfferentCoupling.ql: /Metrics/Coupling
+ semmlecode-cpp-queries/Metrics/Files/FLinesOfDuplicatedCode.ql: /Metrics/Coupling
+
+  # Documentation
+ odasa-cpp-metrics/Files/FCommentRatio.ql: /Metrics/Documentation
+ odasa-cpp-metrics/Files/FLinesOfComments.ql: /Metrics/Documentation
+ odasa-cpp-metrics/Files/FTodoComments.ql: /Metrics/Documentation
+ odasa-cpp-metrics/Functions/FunLinesOfComments.ql: /Metrics/Documentation
+ odasa-cpp-metrics/Functions/FunPercentageOfComments.ql: /Metrics/Documentation
+   @treemap.warnOn lowValues
+ odasa-cpp-metrics/Files/FLinesOfCommentedOutCode.ql: /Metrics/Documentation
+
+  # Globals
+ odasa-cpp-metrics/Files/NumberOfFunctions.ql: /Metrics/Globals
+ odasa-cpp-metrics/Files/NumberOfGlobals.ql: /Metrics/Globals
+ odasa-cpp-metrics/Files/NumberOfPublicFunctions.ql: /Metrics/Globals
+ odasa-cpp-metrics/Files/NumberOfPublicGlobals.ql: /Metrics/Globals
+
+  # Preprocessor
+ odasa-cpp-metrics/Files/FDirectIncludes.ql: /Metrics/Preprocessor
+   @treemap.warnOn highValues
+ odasa-cpp-metrics/Files/FMacroRatio.ql: /Metrics/Preprocessor
+ odasa-cpp-metrics/Files/FTransitiveIncludes.ql: /Metrics/Preprocessor
+   @treemap.warnOn highValues
+
+  # Size
+ odasa-cpp-metrics/Files/FLinesOfCode.ql: /Metrics/Size
+ odasa-cpp-metrics/Files/FNumberOfTests.ql: /Metrics/Size
+ odasa-cpp-metrics/Functions/FunLinesOfCode.ql: /Metrics/Size
+ odasa-cpp-metrics/Functions/FunNumberOfStatements.ql: /Metrics/Size
+   @treemap.warnOn highValues
--- a/cpp/config/suites/c/metrics-external
+++ b/cpp/config/suites/c/metrics-external
@@ -0,0 +1,3 @@
+ odasa-cpp-metrics/External/FileCompilationSourceLinks.ql
+ odasa-cpp-metrics/External/FileCompilationDisplayStrings.ql
+
--- a/cpp/config/suites/c/readability
+++ b/cpp/config/suites/c/readability
@@ -0,0 +1,35 @@
+# READABILITY
+  # Expressions
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/ComparisonPrecedence.ql: /Readability/Expressions
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/UnsignedGEZero.ql: /Readability/Expressions
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/PointlessComparison.ql: /Readability/Expressions
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/PointlessSelfComparison.ql: /Readability/Expressions
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/ComparisonWithCancelingSubExpr.ql: /Readability/Expressions
+  # Control Flow
+ semmlecode-cpp-queries/Best Practices/Likely Errors/EmptyBlock.ql: /Readability/Control Flow 
+ semmlecode-cpp-queries/Likely Bugs/Likely Typos/FutileConditional.ql: /Readability/Control Flow
+ semmlecode-cpp-queries/Likely Bugs/Likely Typos/DubiousNullCheck.ql: /Readability/Control Flow
+ semmlecode-cpp-queries/jsf/4.24 Control Flow Structures/AV Rule 197.ql: /Readability/Control Flow # Avoid floats in for loops
+ semmlecode-cpp-queries/jsf/4.24 Control Flow Structures/AV Rule 201.ql: /Readability/Control Flow # For loop variable changed in body
+ semmlecode-cpp-queries/jsf/4.24 Control Flow Structures/AV Rule 196.ql: /Readability/Control Flow # No trivial switch statements
+ semmlecode-cpp-queries/Likely Bugs/ShortLoopVarName.ql: /Readability/Control Flow
+  # Declarations
+ semmlecode-cpp-queries/Best Practices/Hiding/LocalVariableHidesGlobalVariable.ql: /Readability/Declarations
+ semmlecode-cpp-queries/Best Practices/Hiding/DeclarationHidesParameter.ql: /Readability/Declarations
+ semmlecode-cpp-queries/Best Practices/Hiding/DeclarationHidesVariable.ql: /Readability/Declarations
+ semmlecode-cpp-queries/jsf/4.13 Functions/AV Rule 107.ql: /Readability/Declarations # Function declared in block
+ semmlecode-cpp-queries/Critical/LargeParameter.ql: /Readability/Declarations
+  # Size
+ semmlecode-cpp-queries/Best Practices/SwitchLongCase.ql: /Readability/Size
+ semmlecode-cpp-queries/Best Practices/BlockWithTooManyStatements.ql: /Readability/Size
+ semmlecode-cpp-queries/Best Practices/ComplexCondition.ql: /Readability/Size
+  # Safe Language
+ semmlecode-cpp-queries/Likely Bugs/AmbiguouslySignedBitField.ql: /Readability/Safe Language # Ambiguously signed bit-field member
+ semmlecode-cpp-queries/jsf/4.17 Types/AV Rule 148.ql: /Readability/Safe Language # Use of integer where enum is preferred
+ semmlecode-cpp-queries/jsf/4.16 Initialization/AV Rule 145.ql: /Readability/Safe Language # Enum initialisation
+ semmlecode-cpp-queries/jsf/4.10 Classes/AV Rule 97.ql: /Readability/Safe Language # No arrays in interfaces
+ semmlecode-cpp-queries/Likely Bugs/ReturnConstType.ql: /Readability/Safe Language
+ semmlecode-cpp-queries/jsf/4.13 Functions/AV Rule 114.ql: /Readability/Safe Language
+     @name Missing return statement
+ semmlecode-cpp-queries/Best Practices/UseOfGoto.ql: /Readability/Safe Language
+
--- a/cpp/config/suites/c/useless-code
+++ b/cpp/config/suites/c/useless-code
@@ -0,0 +1,8 @@
+# USELESS CODE
+ semmlecode-cpp-queries/Best Practices/Unused Entities/UnusedStaticFunctions.ql: /Useless Code
+ semmlecode-cpp-queries/Best Practices/Unused Entities/UnusedStaticVariables.ql: /Useless Code
+ semmlecode-cpp-queries/Best Practices/Unused Entities/UnusedLocals.ql: /Useless Code
+ semmlecode-cpp-queries/external/DuplicateFunction.ql: /Useless Code/Duplicate Code
+ semmlecode-cpp-queries/external/MostlyDuplicateFile.ql: /Useless Code/Duplicate Code
+ semmlecode-cpp-queries/external/MostlyDuplicateFunction.ql: /Useless Code/Duplicate Code
+ semmlecode-cpp-queries/external/MostlySimilarFile.ql: /Useless Code/Duplicate Code
--- a/cpp/config/suites/cpp/code-review
+++ b/cpp/config/suites/cpp/code-review
@@ -0,0 +1,9 @@
+ semmlecode-cpp-queries/Best Practices/Exceptions/AccidentalRethrow.ql: /Critical/Critical_Correctness/Exceptions
+ semmlecode-cpp-queries/Best Practices/Exceptions/CatchingByValue.ql: /Critical/Critical_Correctness/Exceptions
+ semmlecode-cpp-queries/Best Practices/Exceptions/LeakyCatch.ql: /Critical/Critical_Correctness/Exceptions
+ semmlecode-cpp-queries/Best Practices/Exceptions/ThrowingPointers.ql: /Critical/Critical_Correctness/Exceptions
+ semmlecode-cpp-queries/Likely Bugs/OO/ThrowInDestructor.ql: /Critical/Critical_Readability/Safe Language/C++
+ semmlecode-cpp-queries/jsf/4.10 Classes/AV Rule 95.ql: /Critical/Critical_Readability/JSF # Redefined default parameter
+
+@import ../c/code-review
+
--- a/cpp/config/suites/cpp/correctness
+++ b/cpp/config/suites/cpp/correctness
@@ -0,0 +1,45 @@
+# CORRECTNESS
+  # Dangerous Conversions
+ semmlecode-cpp-queries/Likely Bugs/Conversion/LossyPointerCast.ql: /Correctness/Dangerous Conversions
+ semmlecode-cpp-queries/Best Practices/Likely Errors/Slicing.ql: /Correctness/Dangerous Conversions
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/BadCheckOdd.ql: /Correctness/Dangerous Conversions
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/IntMultToLong.ql: /Correctness/Dangerous Conversions
+ semmlecode-cpp-queries/Likely Bugs/Conversion/NonzeroValueCastToPointer.ql: /Correctness/Dangerous Conversions
+ semmlecode-cpp-queries/Likely Bugs/Conversion/ImplicitDowncastFromBitfield.ql: /Correctness/Dangerous Conversions
+ semmlecode-cpp-queries/Likely Bugs/Conversion/CastArrayPointerArithmetic.ql: /Correctness/Dangerous Conversions
+  # Consistent Use 
+ semmlecode-cpp-queries/Critical/ReturnValueIgnored.ql: /Correctness/Consistent Use
+ semmlecode-cpp-queries/Likely Bugs/InconsistentCheckReturnNull.ql: /Correctness/Consistent Use
+ semmlecode-cpp-queries/Likely Bugs/InconsistentCallOnResult.ql: /Correctness/Consistent Use
+  # Common Errors
+ semmlecode-cpp-queries/Likely Bugs/Likely Typos/AssignWhereCompareMeant.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Likely Bugs/Likely Typos/CompareWhereAssignMeant.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Likely Bugs/Likely Typos/ExprHasNoEffect.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Likely Bugs/Likely Typos/ShortCircuitBitMask.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Likely Bugs/Likely Typos/MissingEnumCaseInSwitch.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/FloatComparison.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/BitwiseSignCheck.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Likely Bugs/NestedLoopSameVar.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Likely Bugs/UseInOwnInitializer.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Critical/NewArrayDeleteMismatch.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Critical/NewDeleteArrayMismatch.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Critical/NewFreeMismatch.ql: /Correctness/Common Errors
+  # Exceptions
+ semmlecode-cpp-queries/Best Practices/Exceptions/AccidentalRethrow.ql: /Correctness/Exceptions
+ semmlecode-cpp-queries/Best Practices/Exceptions/CatchingByValue.ql: /Correctness/Exceptions
+ semmlecode-cpp-queries/Best Practices/Exceptions/LeakyCatch.ql: /Correctness/Exceptions
+ semmlecode-cpp-queries/Best Practices/Exceptions/ThrowingPointers.ql: /Correctness/Exceptions
+  # Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/SuspiciousCallToMemset.ql: /Correctness/Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/SuspiciousSizeof.ql: /Correctness/Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/UnsafeUseOfStrcat.ql: /Correctness/Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql: /Correctness/Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/StrncpyFlippedArgs.ql: /Correctness/Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/ReturnCstrOfLocalStdString.ql: /Correctness/Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Format/WrongNumberOfFormatArguments.ql: /Correctness/Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Format/TooManyFormatArguments.ql: /Correctness/Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Format/WrongTypeFormatArguments.ql: /Correctness/Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Format/NonConstantFormat.ql: /Correctness/Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Format/SnprintfOverflow.ql: /Correctness/Use of Libraries
+ semmlecode-cpp-queries/jsf/4.21 Operators/AV Rule 166.ql: /Correctness/Use of Libraries # Sizeof with side effects
--- a/cpp/config/suites/cpp/internal
+++ b/cpp/config/suites/cpp/internal
@@ -0,0 +1,5 @@
+ odasa-cpp-metrics/Internal/CallableDisplayStrings.ql
+ odasa-cpp-metrics/Internal/CallableExtents.ql
+ odasa-cpp-metrics/Internal/CallableSourceLinks.ql
+ odasa-cpp-metrics/Internal/ReftypeDisplayStrings.ql
+ odasa-cpp-metrics/Internal/ReftypeSourceLinks.ql
--- a/cpp/config/suites/cpp/maintainability
+++ b/cpp/config/suites/cpp/maintainability
@@ -0,0 +1,20 @@
+# MAINTAINABILITY
+  # Coupling
+ semmlecode-cpp-queries/jsf/4.06 Pre-Processing Directives/AV Rule 32.ql: /Maintainability/Coupling # Include header files only
+ semmlecode-cpp-queries/jsf/4.07 Header Files/AV Rule 35.ql: /Maintainability/Coupling # Missing header guard
+ semmlecode-cpp-queries/Header Cleanup/Cleanup-DuplicateIncludeGuard.ql: /Maintainability/Coupling # Duplicate header guards
+ semmlecode-cpp-queries/Architecture/FeatureEnvy.ql: /Maintainability/Coupling
+ semmlecode-cpp-queries/Architecture/InappropriateIntimacy.ql: /Maintainability/Coupling
+ semmlecode-cpp-queries/Architecture/Refactoring Opportunities/ClassesWithManyFields.ql: /Maintainability/Size
+  # Documentation
+ semmlecode-cpp-queries/Documentation/CommentedOutCode.ql: /Maintainability/Documentation
+ semmlecode-cpp-queries/Documentation/TodoComments.ql: /Maintainability/Documentation
+ semmlecode-cpp-queries/Documentation/FixmeComments.ql: /Maintainability/Documentation
+ semmlecode-cpp-queries/Documentation/UncommentedFunction.ql: /Maintainability/Documentation
+ semmlecode-cpp-queries/Documentation/DocumentApi.ql: /Maintainability/Documentation
+  # Declarations
+ semmlecode-cpp-queries/Best Practices/Magic Constants/MagicConstantsString.ql: /Maintainability/Declarations
+ semmlecode-cpp-queries/Best Practices/Magic Constants/MagicConstantsNumbers.ql: /Maintainability/Declarations
+ semmlecode-cpp-queries/Best Practices/SloppyGlobal.ql: /Maintainability/Declarations
+  # Memory management
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/StackAddressEscapes.ql: /Maintainability/Memory Management
--- a/cpp/config/suites/cpp/metric-defects
+++ b/cpp/config/suites/cpp/metric-defects
@@ -0,0 +1,18 @@
+ odasa-cpp-metrics/Files/NumberOfPublicGlobals.ql: /Maintainability/Coupling 
+   @warning-from 7
+ odasa-cpp-metrics/Files/FEfferentCoupling.ql: /Maintainability/Coupling
+   @warning-from 120
+  # Size
+ odasa-cpp-metrics/Functions/FunNumberOfParameters.ql: /Maintainability/Size
+   @warning-from 11
+ odasa-cpp-metrics/Functions/FunLinesOfCode.ql: /Maintainability/Size
+   @warning-from 200
+ odasa-cpp-metrics/Files/FLinesOfCode.ql: /Maintainability/Size
+   @warning-from 1000
+  # Complexity
+ odasa-cpp-metrics/Functions/FunNumberOfCalls.ql: /Maintainability/Complexity
+  @warning-from 100
+ odasa-cpp-metrics/Functions/StatementNestingDepth.ql: /Maintainability/Complexity
+   @recommendation-from 6
+ odasa-cpp-metrics/Functions/FunCyclomaticComplexity.ql: /Maintainability/Complexity
+   @recommendation-from 75
--- a/cpp/config/suites/cpp/metrics
+++ b/cpp/config/suites/cpp/metrics
@@ -0,0 +1,61 @@
+# DASHBOARD METRICS
+
+@import metrics-external
+
+  # Build
+ odasa-cpp-metrics/Files/FTimeInFrontend.ql: /Metrics/Build
+
+  # Complexity
+ odasa-cpp-metrics/Classes/CPercentageOfComplexCode.ql: /Metrics/Complexity
+ odasa-cpp-metrics/Classes/CResponse.ql : /Metrics/Complexity
+ odasa-cpp-metrics/Files/FCyclomaticComplexity.ql: /Metrics/Complexity
+   @treemap.warnOn highValues
+ odasa-cpp-metrics/Files/NumberOfParameters.ql: /Metrics/Complexity
+   @treemap.warnOn highValues
+ odasa-cpp-metrics/Functions/StatementNestingDepth.ql: /Metrics/Complexity
+   @treemap.warnOn highValues
+
+  # Coupling
+ odasa-cpp-metrics/Classes/CAfferentCoupling.ql: /Metrics/Coupling
+ odasa-cpp-metrics/Classes/CEfferentCoupling.ql: /Metrics/Coupling
+ odasa-cpp-metrics/Files/FAfferentCoupling.ql: /Metrics/Coupling
+ odasa-cpp-metrics/Files/FEfferentCoupling.ql: /Metrics/Coupling
+ semmlecode-cpp-queries/Metrics/Files/FLinesOfDuplicatedCode.ql: /Metrics/Coupling
+
+  # Documentation
+ odasa-cpp-metrics/Files/FCommentRatio.ql: /Metrics/Documentation
+ odasa-cpp-metrics/Files/FLinesOfComments.ql: /Metrics/Documentation
+ odasa-cpp-metrics/Files/FTodoComments.ql: /Metrics/Documentation
+ odasa-cpp-metrics/Functions/FunLinesOfComments.ql: /Metrics/Documentation
+ odasa-cpp-metrics/Functions/FunPercentageOfComments.ql: /Metrics/Documentation
+   @treemap.warnOn lowValues
+ odasa-cpp-metrics/Files/FLinesOfCommentedOutCode.ql: /Metrics/Documentation
+
+  # Encapsulation
+ odasa-cpp-metrics/Classes/CInheritanceDepth.ql: /Metrics/Encapsulation
+ odasa-cpp-metrics/Classes/CLackOfCohesionCK.ql: /Metrics/Encapsulation
+ odasa-cpp-metrics/Classes/CSizeOfAPI.ql: /Metrics/Encapsulation
+ odasa-cpp-metrics/Classes/CSpecialisation.ql: /Metrics/Encapsulation
+
+  # Globals
+ odasa-cpp-metrics/Files/NumberOfFunctions.ql: /Metrics/Globals
+ odasa-cpp-metrics/Files/NumberOfGlobals.ql: /Metrics/Globals
+ odasa-cpp-metrics/Files/NumberOfPublicFunctions.ql: /Metrics/Globals
+ odasa-cpp-metrics/Files/NumberOfPublicGlobals.ql: /Metrics/Globals
+
+  # Preprocessor
+ odasa-cpp-metrics/Files/FDirectIncludes.ql: /Metrics/Preprocessor
+   @treemap.warnOn highValues
+ odasa-cpp-metrics/Files/FMacroRatio.ql: /Metrics/Preprocessor
+ odasa-cpp-metrics/Files/FTransitiveIncludes.ql: /Metrics/Preprocessor
+   @treemap.warnOn highValues
+
+  # Size
+ odasa-cpp-metrics/Files/FLinesOfCode.ql: /Metrics/Size
+ odasa-cpp-metrics/Files/FNumberOfTests.ql: /Metrics/Size
+ odasa-cpp-metrics/Functions/FunLinesOfCode.ql: /Metrics/Size
+ odasa-cpp-metrics/Functions/FunNumberOfStatements.ql: /Metrics/Size
+   @treemap.warnOn highValues
+ odasa-cpp-metrics/Classes/CLinesOfCode.ql: /Metrics/Size
+ odasa-cpp-metrics/Classes/CNumberOfFields.ql: /Metrics/Size
+ odasa-cpp-metrics/Classes/CNumberOfFunctions.ql: /Metrics/Size
--- a/cpp/config/suites/cpp/metrics-external
+++ b/cpp/config/suites/cpp/metrics-external
@@ -0,0 +1,3 @@
+ odasa-cpp-metrics/External/FileCompilationSourceLinks.ql
+ odasa-cpp-metrics/External/FileCompilationDisplayStrings.ql
+
--- a/cpp/config/suites/cpp/readability
+++ b/cpp/config/suites/cpp/readability
@@ -0,0 +1,49 @@
+# READABILITY
+  # Expressions
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/ComparisonPrecedence.ql: /Readability/Expressions
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/UnsignedGEZero.ql: /Readability/Expressions
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/PointlessComparison.ql: /Readability/Expressions
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/PointlessSelfComparison.ql: /Readability/Expressions
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/ComparisonWithCancelingSubExpr.ql: /Readability/Expressions
+  # Control Flow
+ semmlecode-cpp-queries/Best Practices/Likely Errors/EmptyBlock.ql: /Readability/Control Flow 
+ semmlecode-cpp-queries/Likely Bugs/Likely Typos/FutileConditional.ql: /Readability/Control Flow
+ semmlecode-cpp-queries/Likely Bugs/Likely Typos/DubiousNullCheck.ql: /Readability/Control Flow
+ semmlecode-cpp-queries/jsf/4.24 Control Flow Structures/AV Rule 197.ql: /Readability/Control Flow # Avoid floats in for loops
+ semmlecode-cpp-queries/jsf/4.24 Control Flow Structures/AV Rule 201.ql: /Readability/Control Flow # For loop variable changed in body
+ semmlecode-cpp-queries/jsf/4.24 Control Flow Structures/AV Rule 196.ql: /Readability/Control Flow # No trivial switch statements
+ semmlecode-cpp-queries/Likely Bugs/ShortLoopVarName.ql: /Readability/Control Flow
+  # Declarations
+ semmlecode-cpp-queries/Best Practices/Hiding/LocalVariableHidesGlobalVariable.ql: /Readability/Declarations
+ semmlecode-cpp-queries/Best Practices/Hiding/DeclarationHidesParameter.ql: /Readability/Declarations
+ semmlecode-cpp-queries/Best Practices/Hiding/DeclarationHidesVariable.ql: /Readability/Declarations
+ semmlecode-cpp-queries/jsf/4.13 Functions/AV Rule 107.ql: /Readability/Declarations # Function declared in block
+ semmlecode-cpp-queries/Critical/LargeParameter.ql: /Readability/Declarations
+  # Size
+ semmlecode-cpp-queries/Best Practices/SwitchLongCase.ql: /Readability/Size
+ semmlecode-cpp-queries/Best Practices/BlockWithTooManyStatements.ql: /Readability/Size
+ semmlecode-cpp-queries/Best Practices/ComplexCondition.ql: /Readability/Size
+  # Safe Language
+ semmlecode-cpp-queries/Likely Bugs/AmbiguouslySignedBitField.ql: /Readability/Safe Language # Ambiguously signed bit-field member
+ semmlecode-cpp-queries/jsf/4.17 Types/AV Rule 148.ql: /Readability/Safe Language # Use of integer where enum is preferred
+ semmlecode-cpp-queries/jsf/4.16 Initialization/AV Rule 145.ql: /Readability/Safe Language # Enum initialisation
+ semmlecode-cpp-queries/jsf/4.10 Classes/AV Rule 97.ql: /Readability/Safe Language # No arrays in interfaces
+ semmlecode-cpp-queries/Likely Bugs/ReturnConstType.ql: /Readability/Safe Language
+ semmlecode-cpp-queries/Best Practices/RuleOfTwo.ql: /Readability/Safe Language/C++
+ semmlecode-cpp-queries/Likely Bugs/OO/IncorrectConstructorDelegation.ql: /Readability/Safe Language/C++
+ semmlecode-cpp-queries/Likely Bugs/OO/ThrowInDestructor.ql: /Readability/Safe Language/C++
+ semmlecode-cpp-queries/jsf/4.13 Functions/AV Rule 114.ql: /Readability/Safe Language
+     @name Missing return statement
+ semmlecode-cpp-queries/Best Practices/UseOfGoto.ql: /Readability/Safe Language
+  # Safe Language > C++
+ semmlecode-cpp-queries/jsf/4.10 Classes/AV Rule 78.ql: /Readability/Safe Language/C++ # No virtual destructor
+ semmlecode-cpp-queries/jsf/4.10 Classes/AV Rule 71.1.ql: /Readability/Safe Language/C++ # Virtual call from constructor or destructor
+ semmlecode-cpp-queries/jsf/4.10 Classes/AV Rule 77.1.ql: /Readability/Safe Language/C++ # Confusion with implicit copy constructor
+ semmlecode-cpp-queries/jsf/4.10 Classes/AV Rule 82.ql: /Readability/Safe Language/C++ # Overloaded assignment does not return 'this'
+ semmlecode-cpp-queries/Likely Bugs/ReturnConstTypeMember.ql: /Readability/Safe Language/C++
+  # JSF
+ semmlecode-cpp-queries/jsf/4.10 Classes/AV Rule 79.ql: /Readability/JSF # Resource not released in destructor
+ semmlecode-cpp-queries/jsf/4.10 Classes/AV Rule 88.ql: /Readability/JSF # Undisciplined multiple inheritance
+ semmlecode-cpp-queries/jsf/4.10 Classes/AV Rule 89.ql: /Readability/JSF # Inconsistent virtual inheritance
+ semmlecode-cpp-queries/jsf/4.10 Classes/AV Rule 95.ql: /Readability/JSF # Redefined default parameter
+
--- a/cpp/config/suites/cpp/useless-code
+++ b/cpp/config/suites/cpp/useless-code
@@ -0,0 +1,10 @@
+# USELESS CODE
+ semmlecode-cpp-queries/Best Practices/Unused Entities/UnusedStaticFunctions.ql: /Useless Code
+ semmlecode-cpp-queries/Best Practices/Unused Entities/UnusedStaticVariables.ql: /Useless Code
+ semmlecode-cpp-queries/Best Practices/Unused Entities/UnusedLocals.ql: /Useless Code
+ semmlecode-cpp-queries/external/DuplicateFunction.ql: /Useless Code/Duplicate Code
+ semmlecode-cpp-queries/external/MostlyDuplicateClass.ql: /Useless Code/Duplicate Code
+ semmlecode-cpp-queries/external/MostlyDuplicateFile.ql: /Useless Code/Duplicate Code
+ semmlecode-cpp-queries/external/MostlyDuplicateFunction.ql: /Useless Code/Duplicate Code
+ semmlecode-cpp-queries/external/MostlySimilarFile.ql: /Useless Code/Duplicate Code
+
--- a/cpp/config/suites/default/c
+++ b/cpp/config/suites/default/c
@@ -0,0 +1,7 @@
+@import "../../suites/c/correctness"
+@import "../../suites/c/maintainability"
+@import "../../suites/c/readability"
+@import "../../suites/c/useless-code"
+
+@import "../../suites/c/metrics"
+@import "../../suites/c/metric-defects"
--- a/cpp/config/suites/default/cpp
+++ b/cpp/config/suites/default/cpp
@@ -0,0 +1,7 @@
+@import "../../suites/cpp/correctness"
+@import "../../suites/cpp/maintainability"
+@import "../../suites/cpp/readability"
+@import "../../suites/cpp/useless-code"
+
+@import "../../suites/cpp/metrics"
+@import "../../suites/cpp/metric-defects"
--- a/cpp/config/suites/security/all
+++ b/cpp/config/suites/security/all
@@ -0,0 +1,2 @@
+@import "default"
+@import "secondary"
--- a/cpp/config/suites/security/cwe-022
+++ b/cpp/config/suites/security/cwe-022
@@ -0,0 +1,3 @@
+# CWE-078: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
+ semmlecode-cpp-queries/Security/CWE/CWE-022/TaintedPath.ql: /CWE/CWE-022
+    @name Uncontrolled data used in path expression (CWE-022)
--- a/cpp/config/suites/security/cwe-078
+++ b/cpp/config/suites/security/cwe-078
@@ -0,0 +1,3 @@
+# CWE-078: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
+ semmlecode-cpp-queries/Security/CWE/CWE-078/ExecTainted.ql: /CWE/CWE-078
+    @name Uncontrolled data used in OS command (CWE-078)
--- a/cpp/config/suites/security/cwe-079
+++ b/cpp/config/suites/security/cwe-079
@@ -0,0 +1,3 @@
+# CWE-079: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
+ semmlecode-cpp-queries/Security/CWE/CWE-079/CgiXss.ql: /CWE/CWE-079
+    @name CGI script vulnerable to cross-site scripting (CWE-079)
--- a/cpp/config/suites/security/cwe-089
+++ b/cpp/config/suites/security/cwe-089
@@ -0,0 +1,3 @@
+# CWE-089: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
+ semmlecode-cpp-queries/Security/CWE/CWE-089/SqlTainted.ql: /CWE/CWE-089
+    @name Uncontrolled data in SQL query (CWE-089)
--- a/cpp/config/suites/security/cwe-114
+++ b/cpp/config/suites/security/cwe-114
@@ -0,0 +1,3 @@
+# CWE-114: Process Control
+ semmlecode-cpp-queries/Security/CWE/CWE-114/UncontrolledProcessOperation.ql: /CWE/CWE-114
+    @name Uncontrolled process operation (CWE-114)
--- a/cpp/config/suites/security/cwe-119
+++ b/cpp/config/suites/security/cwe-119
@@ -0,0 +1,13 @@
+# CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
+ semmlecode-cpp-queries/Security/CWE/CWE-119/OverflowBuffer.ql: /CWE/CWE-119
+    @name Call to memory access function may overflow buffer (CWE-119)
+ semmlecode-cpp-queries/Critical/OverflowStatic.ql: /CWE/CWE-119
+    @name Static array access may cause overflow (CWE-119)
+# + semmlecode-cpp-queries/Critical/OverflowDestination.ql: /CWE/CWE-119
+#    ^ disabled due to timeout issue
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql: /CWE/CWE-119
+    @name Potentially unsafe call to strncat (CWE-119)
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/StrncpyFlippedArgs.ql: /CWE/CWE-119
+    @name Possibly wrong buffer size in string copy (CWE-119)
+ semmlecode-cpp-queries/Likely Bugs/Conversion/CastArrayPointerArithmetic.ql: /CWE/CWE-119
+    @name Upcast array used in pointer arithmetic (CWE-119)
--- a/cpp/config/suites/security/cwe-120
+++ b/cpp/config/suites/security/cwe-120
@@ -0,0 +1,13 @@
+# CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
+ semmlecode-cpp-queries/Security/CWE/CWE-120/UnboundedWrite.ql: /CWE/CWE-120
+  @name Unbounded write (CWE-120)
+ semmlecode-cpp-queries/Security/CWE/CWE-120/BadlyBoundedWrite.ql: /CWE/CWE-120
+  @name Badly bounded write (CWE-120)
+ semmlecode-cpp-queries/Security/CWE/CWE-120/OverrunWrite.ql: /CWE/CWE-120
+  @name Potentially overrunning write (CWE-120)
+ semmlecode-cpp-queries/Security/CWE/CWE-120/OverrunWriteFloat.ql: /CWE/CWE-120
+  @name Potentially overrunning write with float to string conversion (CWE-120)
+ semmlecode-cpp-queries/Best Practices/Likely Errors/OffsetUseBeforeRangeCheck.ql: /CWE/CWE-120
+  @name Array offset used before range check (CWE-120)
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/UnsafeUseOfStrcat.ql: /CWE/CWE-120
+    @name Potentially unsafe use of strcat (CWE-120)
--- a/cpp/config/suites/security/cwe-121
+++ b/cpp/config/suites/security/cwe-121
@@ -0,0 +1,3 @@
+# CWE-121: Stack-based Buffer Overflow
+ semmlecode-cpp-queries/Security/CWE/CWE-121/UnterminatedVarargsCall.ql: /CWE/CWE-121
+    @name Unterminated variadic call (CWE-121)
--- a/cpp/config/suites/security/cwe-129
+++ b/cpp/config/suites/security/cwe-129
@@ -0,0 +1,3 @@
+# CWE-129: Stack-based Buffer Overflow
+ semmlecode-cpp-queries/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql: /CWE/CWE-129
+    @name Unclear validation of array index (CWE-129)
--- a/cpp/config/suites/security/cwe-131
+++ b/cpp/config/suites/security/cwe-131
@@ -0,0 +1,7 @@
+# CWE-131: Incorrect Calculation of Buffer Size
+ semmlecode-cpp-queries/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql: /CWE/CWE-131
+    @name No space for zero terminator (CWE-131)
+ semmlecode-cpp-queries/Critical/SizeCheck.ql: /CWE/CWE-131
+    @name Not enough memory allocated for pointer type (CWE-131)
+ semmlecode-cpp-queries/Critical/SizeCheck2.ql: /CWE/CWE-131
+    @name Not enough memory allocated for array of pointer type (CWE-131)
--- a/cpp/config/suites/security/cwe-134
+++ b/cpp/config/suites/security/cwe-134
@@ -0,0 +1,13 @@
+# CWE-134: Uncontrolled Format String
+ semmlecode-cpp-queries/Likely Bugs/Format/NonConstantFormat.ql: /CWE/CWE-134
+    @name Non-constant format string (CWE-134)
+# This one runs out of memory. See ODASA-608.
+#+ semmlecode-cpp-queries/PointsTo/TaintedFormatStrings.ql: /CWE/CWE-134
+ semmlecode-cpp-queries/Likely Bugs/Format/WrongNumberOfFormatArguments.ql: /CWE/CWE-134
+    @name Wrong number of arguments to formatting function (CWE-134)
+ semmlecode-cpp-queries/Likely Bugs/Format/WrongTypeFormatArguments.ql: /CWE/CWE-134
+    @name Wrong type of arguments to formatting function (CWE-134)
+ semmlecode-cpp-queries/Security/CWE/CWE-134/UncontrolledFormatString.ql: /CWE/CWE-134
+    @name Uncontrolled format string (CWE-134)
+ semmlecode-cpp-queries/Security/CWE/CWE-134/UncontrolledFormatStringThroughGlobalVar.ql: /CWE/CWE-134
+    @name Uncontrolled format string (through global variable) (CWE-134)
--- a/cpp/config/suites/security/cwe-170
+++ b/cpp/config/suites/security/cwe-170
@@ -0,0 +1,5 @@
+# CWE-170: Improper Null Termination
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/ImproperNullTermination.ql: /CWE/CWE-170
+    @name Potential improper null termination (CWE-170)
+ semmlecode-cpp-queries/Security/CWE/CWE-170/ImproperNullTerminationTainted.ql: /CWE/CWE-170
+    @name User-controlled data may not be null terminated (CWE-170)
--- a/cpp/config/suites/security/cwe-190
+++ b/cpp/config/suites/security/cwe-190
@@ -0,0 +1,13 @@
+# CWE-190: Integer Overflow or Wraparound
+ semmlecode-cpp-queries/Security/CWE/CWE-190/ArithmeticTainted.ql: /CWE/CWE-190
+    @name User-controlled data in arithmetic expression (CWE-190)
+ semmlecode-cpp-queries/Security/CWE/CWE-190/ArithmeticUncontrolled.ql: /CWE/CWE-190
+    @name Uncontrolled data in arithmetic expression (CWE-190)
+ semmlecode-cpp-queries/Security/CWE/CWE-190/ArithmeticWithExtremeValues.ql: /CWE/CWE-190
+    @name Use of extreme values in arithmetic expression (CWE-190)
+ semmlecode-cpp-queries/Security/CWE/CWE-190/TaintedAllocationSize.ql: /CWE/CWE-190
+    @name Overflow in uncontrolled allocation size (CWE-190)
+ semmlecode-cpp-queries/Security/CWE/CWE-190/IntegerOverflowTainted.ql: /CWE/CWE-190
+    @name Potential integer arithmetic overflow (CWE-190)
+ semmlecode-cpp-queries/Security/CWE/CWE-190/ComparisonWithWiderType.ql: /CWE/CWE-190
+    @name Comparison of wide type with narrow type in loop condition (CWE-190)
--- a/cpp/config/suites/security/cwe-242
+++ b/cpp/config/suites/security/cwe-242
@@ -0,0 +1,3 @@
+# CWE-242: Use of Inherently Dangerous Function
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/PotentialBufferOverflow.ql: /CWE/CWE-242
+    @name Use of inherently dangerous function (CWE-242)
--- a/cpp/config/suites/security/cwe-290
+++ b/cpp/config/suites/security/cwe-290
@@ -0,0 +1,3 @@
+# CWE-290: Authentication Bypass by Spoofing
+ semmlecode-cpp-queries/Security/CWE/CWE-290/AuthenticationBypass.ql: /CWE/CWE-290
+    @name Authentication bypass by spoofing (CWE-290)
--- a/cpp/config/suites/security/cwe-311
+++ b/cpp/config/suites/security/cwe-311
@@ -0,0 +1,9 @@
+# CWE-311 Missing Encryption of Sensitive Data
+ semmlecode-cpp-queries/Security/CWE/CWE-311/CleartextBufferWrite.ql: /CWE/CWE-311
+    @name Cleartext storage of sensitive information in buffer (CWE-311)
+    
+ semmlecode-cpp-queries/Security/CWE/CWE-311/CleartextFileWrite.ql: /CWE/CWE-311
+    @name Cleartext storage of sensitive information in file (CWE-311)
+
+ semmlecode-cpp-queries/Security/CWE/CWE-313/CleartextSqliteDatabase.ql: /CWE/CWE-311
+    @name Cleartext storage of sensitive information in an SQLite database (CWE-311)
--- a/cpp/config/suites/security/cwe-327
+++ b/cpp/config/suites/security/cwe-327
@@ -0,0 +1,5 @@
+# CWE-327: Use of a Broken or Risky Cryptographic Algorithm
+ semmlecode-cpp-queries/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql: /CWE/CWE-327
+    @name Use of a broken or risky cryptographic algorithm (CWE-327)
+ semmlecode-cpp-queries/Security/CWE/CWE-327/OpenSslHeartbleed.ql: /CWE/CWE-327
+    @name Use of a version of OpenSSL with Heartbleed (CWE-327)
--- a/cpp/config/suites/security/cwe-367
+++ b/cpp/config/suites/security/cwe-367
@@ -0,0 +1,3 @@
+# CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition
+ semmlecode-cpp-queries/Security/CWE/CWE-367/TOCTOUFilesystemRace.ql: /CWE/CWE-367
+    @name Time-of-check time-of-use filesystem race condition (CWE-367)
--- a/cpp/config/suites/security/cwe-416
+++ b/cpp/config/suites/security/cwe-416
@@ -0,0 +1,3 @@
+# CWE-416: Use After Free
+ semmlecode-cpp-queries/Critical/UseAfterFree.ql: /CWE/CWE-416
+    @name Potential use after free (CWE-416)
--- a/cpp/config/suites/security/cwe-457
+++ b/cpp/config/suites/security/cwe-457
@@ -0,0 +1,3 @@
+# CWE-457: Use of Uninitialized Variable
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/UninitializedLocal.ql: /CWE/CWE-457
+    @name Potentially uninitialized local variable (CWE-457)
--- a/cpp/config/suites/security/cwe-468
+++ b/cpp/config/suites/security/cwe-468
@@ -0,0 +1,9 @@
+# CWE-468: Incorrect pointer scaling
+ semmlecode-cpp-queries/Security/CWE/CWE-468/IncorrectPointerScaling.ql: /CWE/CWE-468
+    @name Suspicious pointer scaling (CWE-468)
+ semmlecode-cpp-queries/Security/CWE/CWE-468/IncorrectPointerScalingChar.ql: /CWE/CWE-468
+    @name Suspicious pointer scaling to char (CWE-468)
+ semmlecode-cpp-queries/Security/CWE/CWE-468/IncorrectPointerScalingVoid.ql: /CWE/CWE-468
+    @name Suspicious pointer scaling to void (CWE-468)
+ semmlecode-cpp-queries/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql: /CWE/CWE-468
+    @name Suspicious add with sizeof (CWE-468)
--- a/cpp/config/suites/security/cwe-497-expensive
+++ b/cpp/config/suites/security/cwe-497-expensive
@@ -0,0 +1,3 @@
+# CWE-497 Exposure of System Data to an Unauthorized Control Sphere
+ semmlecode-cpp-queries/Security/CWE/CWE-497/ExposedSystemData.ql: /CWE/CWE-497
+    @name Exposure of system data to an unauthorized control sphere (CWE-497)
--- a/cpp/config/suites/security/cwe-676
+++ b/cpp/config/suites/security/cwe-676
@@ -0,0 +1,5 @@
+# CWE-676: Use of Potentially Dangerous Function
+ semmlecode-cpp-queries/Security/CWE/CWE-676/DangerousUseOfCin.ql: /CWE/CWE-676
+    @name Dangerous use of 'cin' (CWE-676)
+ semmlecode-cpp-queries/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql: /CWE/CWE-676
+    @name Use of potentially dangerous function (CWE-676)
--- a/cpp/config/suites/security/cwe-732
+++ b/cpp/config/suites/security/cwe-732
@@ -0,0 +1,3 @@
+# CWE-732: Incorrect Permission Assignment for Critical Resource
+ semmlecode-cpp-queries/Security/CWE/CWE-732/DoNotCreateWorldWritable.ql: /CWE/CWE-732
+    @name File created without restricting permissions (CWE-732)
--- a/cpp/config/suites/security/cwe-764
+++ b/cpp/config/suites/security/cwe-764
@@ -0,0 +1,7 @@
+# CWE-764: Multiple Locks of a CriticalResource
+ semmlecode-cpp-queries/Security/CWE/CWE-764/UnreleasedLock.ql: /CWE/CWE-764
+    @name Lock may not be released (CWE-764)
+ semmlecode-cpp-queries/Security/CWE/CWE-764/TwiceLocked.ql: /CWE/CWE-764
+    @name Mutex locked twice (CWE-764)
+ semmlecode-cpp-queries/Security/CWE/CWE-764/LockOrderCycle.ql: /CWE/CWE-764
+    @name Cyclic lock order dependency (CWE-764)
--- a/cpp/config/suites/security/cwe-772
+++ b/cpp/config/suites/security/cwe-772
@@ -0,0 +1,3 @@
+# CWE-772: Missing Release of Resource after Effective Lifetime
+ semmlecode-cpp-queries/Critical/NewFreeMismatch.ql: /CWE/CWE-772
+    @name Mismatching new/free or malloc/delete (CWE-772)
--- a/cpp/config/suites/security/cwe-772-expensive
+++ b/cpp/config/suites/security/cwe-772-expensive
@@ -0,0 +1,9 @@
+# CWE-772: Missing Release of Resource after Effective Lifetime
+ semmlecode-cpp-queries/Critical/FileMayNotBeClosed.ql: /CWE/CWE-772
+    @name Open file may not be closed (CWE-772)
+ semmlecode-cpp-queries/Critical/FileNeverClosed.ql: /CWE/CWE-772
+    @name Open file is not closed (CWE-772)
+ semmlecode-cpp-queries/Critical/MemoryMayNotBeFreed.ql: /CWE/CWE-772
+    @name Memory may not be freed (CWE-772)
+ semmlecode-cpp-queries/Critical/MemoryNeverFreed.ql: /CWE/CWE-772
+    @name Memory is never freed (CWE-772)
--- a/cpp/config/suites/security/cwe-807
+++ b/cpp/config/suites/security/cwe-807
@@ -0,0 +1,3 @@
+# CWE-807: Reliance on Untrusted Inputs in a Security Decision
+ semmlecode-cpp-queries/Security/CWE/CWE-807/TaintedCondition.ql: /CWE/CWE-807
+    @name Untrusted input for a condition (CWE-807)
--- a/cpp/config/suites/security/cwe-835
+++ b/cpp/config/suites/security/cwe-835
@@ -0,0 +1,3 @@
+# CWE-835: Infinite loop with unsatisfiable exit condition
+ semmlecode-cpp-queries/Security/CWE/CWE-835/InfiniteLoopWithUnsatisfiableExitCondition.ql: /CWE/CWE-835
+    @name Infinite loop with unsatisfiable exit condition (CWE-835)
--- a/cpp/config/suites/security/default
+++ b/cpp/config/suites/security/default
@@ -0,0 +1,28 @@
+# All C++ security queries
+@import "cwe-022"
+@import "cwe-078"
+@import "cwe-079"
+@import "cwe-089"
+@import "cwe-114"
+@import "cwe-119"
+@import "cwe-120"
+@import "cwe-121"
+@import "cwe-129"
+@import "cwe-131"
+@import "cwe-134"
+@import "cwe-170"
+@import "cwe-190"
+@import "cwe-242"
+@import "cwe-290"
+@import "cwe-311"
+@import "cwe-327"
+@import "cwe-367"
+@import "cwe-416"
+@import "cwe-457"
+@import "cwe-468"
+@import "cwe-676"
+@import "cwe-732"
+@import "cwe-764"
+@import "cwe-772"
+@import "cwe-807"
+@import "cwe-835"
--- a/cpp/config/suites/security/secondary
+++ b/cpp/config/suites/security/secondary
@@ -0,0 +1,3 @@
+# Not in the default suite due to using expensive points-to analysis
+@import "cwe-497-expensive"
+@import "cwe-772-expensive"