C++: Remove the BMN filter from some queries, but reduce precision to medium

Remove the `not any(Compilation c).buildModeNone() and` clause from: cpp/wrong-type-format-argument cpp/comparison-with-wider-type cpp/integer-multiplication-cast-to-long cpp/implicit-function-declaration cpp/suspicious-add-sizeof but reduce their precision to `medium`.
2026-04-20 22:44:52 +02:00 · 2025-09-11 11:14:26 +01:00
parent d87e9ec095
commit b3f4c68a1d
5 changed files with 5 additions and 10 deletions
--- a/cpp/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql
+++ b/cpp/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql
@@ -6,7 +6,7 @@
 * @kind problem
 * @problem.severity warning
 * @security-severity 7.8
- * @precision high
+ * @precision medium
 * @tags reliability
 *       security
 *       external/cwe/cwe-190
@@ -51,7 +51,6 @@ int getComparisonSizeAdjustment(Expr e) {

 from Loop l, RelationalOperation rel, VariableAccess small, Expr large
 where
-  not any(Compilation c).buildModeNone() and
  small = rel.getLesserOperand() and
  large = rel.getGreaterOperand() and
  rel = l.getCondition().getAChild*() and
--- a/cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql
+++ b/cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql
@@ -6,7 +6,7 @@
 * @kind problem
 * @problem.severity warning
 * @security-severity 8.8
- * @precision high
+ * @precision medium
 * @id cpp/suspicious-add-sizeof
 * @tags security
 *       external/cwe/cwe-468
@@ -24,7 +24,6 @@ private predicate isCharSzPtrExpr(Expr e) {

 from Expr sizeofExpr, Expr e
 where
-  not any(Compilation c).buildModeNone() and
  // If we see an addWithSizeof then we expect the type of
  // the pointer expression to be `char*` or `void*`. Otherwise it
  // is probably a mistake.