From b3f4c68a1d140eee63b9c9b5b288ab85f0683b8d Mon Sep 17 00:00:00 2001 From: Ian Lynagh Date: Thu, 11 Sep 2025 11:14:26 +0100 Subject: [PATCH] C++: Remove the BMN filter from some queries, but reduce precision to medium Remove the `not any(Compilation c).buildModeNone() and` clause from: cpp/wrong-type-format-argument cpp/comparison-with-wider-type cpp/integer-multiplication-cast-to-long cpp/implicit-function-declaration cpp/suspicious-add-sizeof but reduce their precision to `medium`. --- cpp/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql | 3 +-- cpp/ql/src/Likely Bugs/Format/WrongTypeFormatArguments.ql | 3 +-- .../Underspecified Functions/ImplicitFunctionDeclaration.ql | 3 +-- cpp/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql | 3 +-- cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql | 3 +-- 5 files changed, 5 insertions(+), 10 deletions(-) diff --git a/cpp/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql b/cpp/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql index 7eb465d35a9..a54ac9020c8 100644 --- a/cpp/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql +++ b/cpp/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql @@ -5,7 +5,7 @@ * @kind problem * @problem.severity warning * @security-severity 8.1 - * @precision high + * @precision medium * @id cpp/integer-multiplication-cast-to-long * @tags reliability * security @@ -179,7 +179,6 @@ predicate overflows(MulExpr me, Type t) { from MulExpr me, Type t1, Type t2 where - not any(Compilation c).buildModeNone() and t1 = me.getType().getUnderlyingType() and t2 = me.getConversion().getType().getUnderlyingType() and t1.getSize() < t2.getSize() and diff --git a/cpp/ql/src/Likely Bugs/Format/WrongTypeFormatArguments.ql b/cpp/ql/src/Likely Bugs/Format/WrongTypeFormatArguments.ql index 02975d2bdca..33fe3a0b7a1 100644 --- a/cpp/ql/src/Likely Bugs/Format/WrongTypeFormatArguments.ql +++ b/cpp/ql/src/Likely Bugs/Format/WrongTypeFormatArguments.ql @@ -5,7 +5,7 @@ * @kind problem * @problem.severity error * @security-severity 7.5 - * @precision high + * @precision medium * @id cpp/wrong-type-format-argument * @tags reliability * correctness @@ -154,7 +154,6 @@ int sizeof_IntType() { exists(IntType it | result = it.getSize()) } from FormattingFunctionCall ffc, int n, Expr arg, Type expected, Type actual where - not any(Compilation c).buildModeNone() and ( formattingFunctionCallExpectedType(ffc, n, expected) and formattingFunctionCallActualType(ffc, n, arg, actual) and diff --git a/cpp/ql/src/Likely Bugs/Underspecified Functions/ImplicitFunctionDeclaration.ql b/cpp/ql/src/Likely Bugs/Underspecified Functions/ImplicitFunctionDeclaration.ql index aa9d5d43c73..6a55557cf70 100644 --- a/cpp/ql/src/Likely Bugs/Underspecified Functions/ImplicitFunctionDeclaration.ql +++ b/cpp/ql/src/Likely Bugs/Underspecified Functions/ImplicitFunctionDeclaration.ql @@ -5,7 +5,7 @@ * may lead to unpredictable behavior. * @kind problem * @problem.severity warning - * @precision high + * @precision medium * @id cpp/implicit-function-declaration * @tags correctness * maintainability @@ -38,7 +38,6 @@ predicate isCompiledAsC(File f) { from FunctionDeclarationEntry fdeIm, FunctionCall fc where - not any(Compilation c).buildModeNone() and isCompiledAsC(fdeIm.getFile()) and not isFromMacroDefinition(fc) and fdeIm.isImplicit() and diff --git a/cpp/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql b/cpp/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql index 021be5d091b..3f330807304 100644 --- a/cpp/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql +++ b/cpp/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql @@ -6,7 +6,7 @@ * @kind problem * @problem.severity warning * @security-severity 7.8 - * @precision high + * @precision medium * @tags reliability * security * external/cwe/cwe-190 @@ -51,7 +51,6 @@ int getComparisonSizeAdjustment(Expr e) { from Loop l, RelationalOperation rel, VariableAccess small, Expr large where - not any(Compilation c).buildModeNone() and small = rel.getLesserOperand() and large = rel.getGreaterOperand() and rel = l.getCondition().getAChild*() and diff --git a/cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql b/cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql index da92c792432..d9c9df4fd91 100644 --- a/cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql +++ b/cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql @@ -6,7 +6,7 @@ * @kind problem * @problem.severity warning * @security-severity 8.8 - * @precision high + * @precision medium * @id cpp/suspicious-add-sizeof * @tags security * external/cwe/cwe-468 @@ -24,7 +24,6 @@ private predicate isCharSzPtrExpr(Expr e) { from Expr sizeofExpr, Expr e where - not any(Compilation c).buildModeNone() and // If we see an addWithSizeof then we expect the type of // the pointer expression to be `char*` or `void*`. Otherwise it // is probably a mistake.