From 560b876d6df531ac10927d79c71e7f89bb6e5103 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 2 Apr 2026 10:51:31 +0100 Subject: [PATCH] C++: Disable results from the 5 queries. --- cpp/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql | 3 ++- cpp/ql/src/Likely Bugs/Format/WrongTypeFormatArguments.ql | 3 ++- .../Underspecified Functions/ImplicitFunctionDeclaration.ql | 3 ++- cpp/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql | 3 ++- cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql | 3 ++- 5 files changed, 10 insertions(+), 5 deletions(-) diff --git a/cpp/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql b/cpp/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql index b05bd637dc2..c8b54b4acc1 100644 --- a/cpp/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql +++ b/cpp/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql @@ -220,7 +220,8 @@ where // maximum (resp. minimum) number we can compute. overflows(me, t1) and // exclude cases where the expression type may not have been extracted accurately - not me.getParent().(Call).getTarget().hasAmbiguousReturnType() + not me.getParent().(Call).getTarget().hasAmbiguousReturnType() and + none() select me, "Multiplication result may overflow '" + me.getType().toString() + "' before it is converted to '" + me.getFullyConverted().getType().toString() + "'." diff --git a/cpp/ql/src/Likely Bugs/Format/WrongTypeFormatArguments.ql b/cpp/ql/src/Likely Bugs/Format/WrongTypeFormatArguments.ql index 5842b9474f7..a040bc9d3f8 100644 --- a/cpp/ql/src/Likely Bugs/Format/WrongTypeFormatArguments.ql +++ b/cpp/ql/src/Likely Bugs/Format/WrongTypeFormatArguments.ql @@ -175,7 +175,8 @@ where not arg.getType().stripType().(RoutineType).getReturnType() instanceof ErroneousType and not arg.(Call).mayBeFromImplicitlyDeclaredFunction() and // Make sure that the format function definition is consistent - count(ffc.getTarget().getFormatParameterIndex()) = 1 + count(ffc.getTarget().getFormatParameterIndex()) = 1 and + none() select arg, "This format specifier for type '" + expected.getName() + "' does not match the argument type '" + actual.getUnspecifiedType().getName() + "'." diff --git a/cpp/ql/src/Likely Bugs/Underspecified Functions/ImplicitFunctionDeclaration.ql b/cpp/ql/src/Likely Bugs/Underspecified Functions/ImplicitFunctionDeclaration.ql index bc994589f34..a0bbe1f1193 100644 --- a/cpp/ql/src/Likely Bugs/Underspecified Functions/ImplicitFunctionDeclaration.ql +++ b/cpp/ql/src/Likely Bugs/Underspecified Functions/ImplicitFunctionDeclaration.ql @@ -45,5 +45,6 @@ where sameLocation(fdeIm, fc) and not mistypedFunctionArguments(fc, _, _) and not tooFewArguments(fc, _) and - not tooManyArguments(fc, _) + not tooManyArguments(fc, _) and + none() select fc, "Function call implicitly declares '" + fdeIm.getName() + "'." diff --git a/cpp/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql b/cpp/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql index 7d9ef88adea..5c670ccbbe8 100644 --- a/cpp/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql +++ b/cpp/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql @@ -73,7 +73,8 @@ where not getComparisonSize(large.(RShiftExpr).getLeftOperand().getExplicitlyConverted()) <= getComparisonSize(small) and // ignore loop-invariant smaller variables - loopVariant(small, l) + loopVariant(small, l) and + none() select rel, "Comparison between $@ of type " + small.getType().getName() + " and $@ of wider type " + large.getType().getName() + ".", friendlyLoc(small), small.toString(), friendlyLoc(large), diff --git a/cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql b/cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql index d5a5cd8f665..0c5ea7bb3fa 100644 --- a/cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql +++ b/cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql @@ -29,7 +29,8 @@ where // the pointer expression to be `char*` or `void*`. Otherwise it // is probably a mistake. addWithSizeof(e, sizeofExpr, _) and - not isCharSzPtrExpr(e) + not isCharSzPtrExpr(e) and + none() select sizeofExpr, "Suspicious sizeof offset in a pointer arithmetic expression. The type of the pointer is $@.", e.getFullyConverted().getType() as t, t.toString()