C++: Autoformat.

cpp/ql/src/Security/CWE/CWE-119/OverflowBuffer.ql

@@ -34,22 +34,24 @@ where
   ) and
   if accessType = 1
   then
-    message = "This '" + ba.getName() + "' operation accesses " +
-        plural(accessSize, " byte", " bytes") + " but the $@ is only " +
-        plural(bufferSize, " byte", " bytes") + "."
+    message =
+      "This '" + ba.getName() + "' operation accesses " + plural(accessSize, " byte", " bytes") +
+        " but the $@ is only " + plural(bufferSize, " byte", " bytes") + "."
   else
     if accessType = 2
     then
-      message = "This '" + ba.getName() + "' operation may access " +
-          plural(accessSize, " byte", " bytes") + " but the $@ is only " +
-          plural(bufferSize, " byte", " bytes") + "."
+      message =
+        "This '" + ba.getName() + "' operation may access " + plural(accessSize, " byte", " bytes") +
+          " but the $@ is only " + plural(bufferSize, " byte", " bytes") + "."
     else (
       if accessSize > 0
       then
-        message = "This array indexing operation accesses byte offset " + (accessSize - 1) +
+        message =
+          "This array indexing operation accesses byte offset " + (accessSize - 1) +
             " but the $@ is only " + plural(bufferSize, " byte", " bytes") + "."
       else
-        message = "This array indexing operation accesses a negative index " +
+        message =
+          "This array indexing operation accesses a negative index " +
             ((accessSize / ba.getActualType().getSize()) - 1) + " on the $@."
     )
 select ba, message, bufferAlloc, bufferDesc

cpp/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql

@@ -56,9 +56,12 @@ where
   // very noisy on codebases that started as 32-bit
   small.getExplicitlyConverted().getType().getSize() < 4 and
   // Ignore cases where integer promotion has occurred on /, -, or >> expressions.
-  not getComparisonSize(large.(DivExpr).getLeftOperand().getExplicitlyConverted()) <= getComparisonSize(small) and
-  not getComparisonSize(large.(SubExpr).getLeftOperand().getExplicitlyConverted()) <= getComparisonSize(small) and
-  not getComparisonSize(large.(RShiftExpr).getLeftOperand().getExplicitlyConverted()) <= getComparisonSize(small) and
+  not getComparisonSize(large.(DivExpr).getLeftOperand().getExplicitlyConverted()) <=
+    getComparisonSize(small) and
+  not getComparisonSize(large.(SubExpr).getLeftOperand().getExplicitlyConverted()) <=
+    getComparisonSize(small) and
+  not getComparisonSize(large.(RShiftExpr).getLeftOperand().getExplicitlyConverted()) <=
+    getComparisonSize(small) and
   // ignore loop-invariant smaller variables
   loopVariant(small, l)
 select rel,

cpp/ql/src/Security/CWE/CWE-253/HResultBooleanConversion.ql

@@ -59,13 +59,15 @@ where
   (
     exists(BinaryLogicalOperation blop | blop.getAnOperand() = e1 |
       e1.getType().(TypedefType).hasName("HRESULT") and
-      msg = "Usage of a type " + e1.getType().toString() +
+      msg =
+        "Usage of a type " + e1.getType().toString() +
           " as an argument of a binary logical operation"
     )
     or
     exists(UnaryLogicalOperation ulop | ulop.getAnOperand() = e1 |
       e1.getType().(TypedefType).hasName("HRESULT") and
-      msg = "Usage of a type " + e1.getType().toString() +
+      msg =
+        "Usage of a type " + e1.getType().toString() +
           " as an argument of a unary logical operation"
     ) and
     not isHresultBooleanConverted(e1)

cpp/ql/src/Security/CWE/CWE-428/UnsafeCreateProcessCall.ql

@@ -108,7 +108,8 @@ where
   exists(Expr source, Expr cmd, QuotedCommandInCreateProcessFunctionConfiguration quotedConfig |
     cmd = call.getArgument(call.getCommandLineArgumentId()) and
     quotedConfig.hasFlow(DataFlow2::exprNode(source), DataFlow2::exprNode(cmd)) and
-    msg2 = " and with an unquoted lpCommandLine (" + cmd +
+    msg2 =
+      " and with an unquoted lpCommandLine (" + cmd +
         ") introduces a security vulnerability if the path contains spaces."
   )
 select call, msg1 + " " + msg2

cpp/ql/src/Security/CWE/CWE-457/InitializationFunctions.qll

@@ -90,9 +90,9 @@ class ParameterNullCheck extends ParameterCheck {
         va = this.(NotExpr).getOperand() or
         va = any(EQExpr eq | eq = this and eq.getAnOperand().getValue() = "0").getAnOperand() or
         va = getCheckedFalseCondition(this) or
-        va = any(NEExpr eq |
-            eq = getCheckedFalseCondition(this) and eq.getAnOperand().getValue() = "0"
-          ).getAnOperand()
+        va =
+          any(NEExpr eq | eq = getCheckedFalseCondition(this) and eq.getAnOperand().getValue() = "0")
+              .getAnOperand()
       )
       or
       nullSuccessor = getAFalseSuccessor() and
@@ -100,9 +100,9 @@ class ParameterNullCheck extends ParameterCheck {
       (
         va = this or
         va = any(NEExpr eq | eq = this and eq.getAnOperand().getValue() = "0").getAnOperand() or
-        va = any(EQExpr eq |
-            eq = getCheckedFalseCondition(this) and eq.getAnOperand().getValue() = "0"
-          ).getAnOperand()
+        va =
+          any(EQExpr eq | eq = getCheckedFalseCondition(this) and eq.getAnOperand().getValue() = "0")
+              .getAnOperand()
       )
     )
   }
@@ -188,7 +188,8 @@ class InitializationFunction extends Function {
       isPointerDereferenceAssignmentTarget(this.getParameter(i).getAnAccess()) or
       // Field wise assignment to the parameter
       any(Assignment e).getLValue() = getAFieldAccess(this.getParameter(i)) or
-      i = this
+      i =
+        this
             .(MemberFunction)
             .getAnOverridingFunction+()
             .(InitializationFunction)
@@ -231,7 +232,8 @@ class InitializationFunction extends Function {
         )
       )
       or
-      result = any(AssumeExpr e |
+      result =
+        any(AssumeExpr e |
           e.getEnclosingFunction() = this and e.getAChild().(Literal).getValue() = "0"
         )
     )
@@ -472,7 +474,8 @@ class ConditionalInitializationCall extends FunctionCall {
       a.getLValue() = fa and
       fa.getASuccessor+() = result
     ) and
-    result = this
+    result =
+      this
           .getArgument(getTarget(this)
                 .(ConditionalInitializationFunction)
                 .conditionallyInitializedParameter(_))
@@ -589,7 +592,8 @@ Expr getAConditionallyInitializedArgument(
  * Gets the type signature for the functions parameters.
  */
 private string typeSig(Function f) {
-  result = concat(int i, Type pt |
+  result =
+    concat(int i, Type pt |
       pt = f.getParameter(i).getType()
     |
       pt.getUnspecifiedType().toString(), "," order by i

cpp/ql/src/Security/CWE/CWE-732/DoNotCreateWorldWritable.ql

@@ -32,10 +32,12 @@ predicate setWorldWritable(FunctionCall fc, int mode) {
 from Expr fc, int mode, string message
 where
   worldWritableCreation(fc, mode) and
-  message = "A file may be created here with mode " + octalFileMode(mode) +
+  message =
+    "A file may be created here with mode " + octalFileMode(mode) +
       ", which would make it world-writable."
   or
   setWorldWritable(fc, mode) and
-  message = "This sets a file's permissions to " + octalFileMode(mode) +
+  message =
+    "This sets a file's permissions to " + octalFileMode(mode) +
       ", which would make it world-writable."
 select fc, message

cpp/ql/src/Security/CWE/CWE-732/FilePermissions.qll

@@ -15,8 +15,8 @@ bindingset[mode]
 string octalFileMode(int mode) {
   if mode >= 0 and mode <= 4095
   then
-    /* octal 07777 */ result = "0" + octalDigitOpt(mode, 3) + octalDigit(mode, 2) +
-        octalDigit(mode, 1) + octalDigit(mode, 0)
+    /* octal 07777 */ result =
+      "0" + octalDigitOpt(mode, 3) + octalDigit(mode, 2) + octalDigit(mode, 1) + octalDigit(mode, 0)
   else result = "[non-standard mode: decimal " + mode + "]"
 }
 
@@ -128,12 +128,8 @@ class OpenatCreationExpr extends FileCreationExpr {
 }
 
 private int fopenMode() {
-  result = s_irusr()
-        .bitOr(s_irgrp())
-        .bitOr(s_iroth())
-        .bitOr(s_iwusr())
-        .bitOr(s_iwgrp())
-        .bitOr(s_iwoth())
+  result =
+    s_irusr().bitOr(s_irgrp()).bitOr(s_iroth()).bitOr(s_iwusr()).bitOr(s_iwgrp()).bitOr(s_iwoth())
 }
 
 class FopenCreationExpr extends FileCreationExpr {

cpp/ql/src/Security/CWE/CWE-732/UnsafeDaclSecurityDescriptor.ql

@@ -52,9 +52,8 @@ class NonNullDaclConfig extends DataFlow2::Configuration {
   NonNullDaclConfig() { this = "NonNullDaclConfig" }
 
   override predicate isSource(DataFlow::Node source) {
-    source.getType().getUnspecifiedType().(PointerType).getBaseType() = any(Type t |
-        t.getName() = "ACL"
-      ).getUnspecifiedType() and
+    source.getType().getUnspecifiedType().(PointerType).getBaseType() =
+      any(Type t | t.getName() = "ACL").getUnspecifiedType() and
     (
       // If the value comes from a function whose body we can't see, assume
       // it's not null.
@@ -79,7 +78,8 @@ class NonNullDaclConfig extends DataFlow2::Configuration {
 from SetSecurityDescriptorDaclFunctionCall call, string message
 where
   exists(NullValue nullExpr |
-    message = "Setting a DACL to NULL in a SECURITY_DESCRIPTOR will result in an unprotected object."
+    message =
+      "Setting a DACL to NULL in a SECURITY_DESCRIPTOR will result in an unprotected object."
   |
     call.getArgument(1).getValue().toInt() != 0 and
     call.getArgument(2) = nullExpr
@@ -89,7 +89,8 @@ where
     Expr constassign, VariableAccess var, NullDaclConfig nullDaclConfig,
     NonNullDaclConfig nonNullDaclConfig
   |
-    message = "Setting a DACL to NULL in a SECURITY_DESCRIPTOR using variable " + var +
+    message =
+      "Setting a DACL to NULL in a SECURITY_DESCRIPTOR using variable " + var +
         " that is set to NULL will result in an unprotected object."
   |
     var = call.getArgument(2) and