Merge master into next.

2025-12-16 16:53:25 +01:00 · 2018-11-23 16:36:31 +00:00
parent 3cee874ee3 f4ec168666
commit c20b688a3f
394 changed files with 5820 additions and 1727 deletions
--- a/change-notes/1.19/analysis-cpp.md
+++ b/change-notes/1.19/analysis-cpp.md
@@ -9,21 +9,33 @@
 | Cast between `HRESULT` and a Boolean type (`cpp/hresult-boolean-conversion`) | external/cwe/cwe-253 | Finds logic errors caused by mistakenly treating the Windows `HRESULT` type as a Boolean instead of testing it with the appropriate macros. Enabled by default. |
 | Setting a DACL to `NULL` in a `SECURITY_DESCRIPTOR` (`cpp/unsafe-dacl-security-descriptor`) | external/cwe/cwe-732 | This query finds code that creates world-writable objects on Windows by setting their DACL to `NULL`. Enabled by default. |
 | Cast from `char*` to `wchar_t*` | security, external/cwe/cwe-704 | Detects potentially dangerous casts from `char*` to `wchar_t*`.  Enabled by default on LGTM. |
-| Dead code due to `goto` or `break` statement (`cpp/dead-code-goto`) | maintainability, external/cwe/cwe-561 | Detects dead code following a goto or break statement. Enabled by default on LGTM. |
+| Dead code due to `goto` or `break` statement (`cpp/dead-code-goto`) | maintainability, external/cwe/cwe-561 | Detects dead code following a `goto` or `break` statement. Enabled by default on LGTM. |
+| Inconsistent direction of for loop | correctness, external/cwe/cwe-835 | This query detects `for` loops where the increment and guard condition don't appear to correspond.  Enabled by default on LGTM. |
+| Incorrect Not Operator Usage | security, external/cwe/cwe-480 | This query finds uses of the logical not (`!`) operator that look like they should be bit-wise not (`~`).  Available but not displayed by default on LGTM. |
+| NULL application name with an unquoted path in call to CreateProcess | security, external/cwe/cwe-428 | This query finds unsafe uses of the `CreateProcess` function.  Available but not displayed by default on LGTM. |

 ## Changes to existing queries

 | **Query**                  | **Expected impact**    | **Change**                                                       |
 |----------------------------|------------------------|------------------------------------------------------------------|
+| Array offset used before range check | More results and fewer false positive results | The query now recognizes array accesses in different positions within the expression.  False positives where the range is checked before and after the array access have been fixed. |
 | Empty branch of conditional | Fewer false positive results | The query now recognizes commented blocks more reliably. |
 | Expression has no effect | Fewer false positive results | Expressions in template instantiations are now excluded from this query. |
+| Global could be static | Fewer false positive results | Variables with declarations in header files are now excluded from this query. |
 | Resource not released in destructor | Fewer false positive results | Placement new is now excluded from the query. Also fixed an issue where false positives could occur if the destructor body was not in the snapshot. |
 | Missing return statement (`cpp/missing-return`) | Visible by default | The precision of this query has been increased from 'medium' to 'high', which makes it visible by default in LGTM. It was 'medium' in release 1.17 and 1.18 because it had false positives due to an extractor bug that was fixed in 1.18. |
-| Missing return statement | Fewer false positive results | The query is now produces correct results when a function returns a template-dependent type. |
+| Missing return statement | Fewer false positive results | The query is now produces correct results when a function returns a template-dependent type, or makes a non-returning call to another function. |
+| Static array access may cause overflow | More correct results | Data flow to the size argument of a buffer operation is now checked in this query. |
 | Call to memory access function may overflow buffer | More correct results | Array indexing with a negative index is now detected by this query. |
+| Self comparison | Fewer false positive results | Code inside macro invocations is now excluded from the query. |
 | Suspicious call to memset | Fewer false positive results | Types involving decltype are now correctly compared. |
 | Suspicious add with sizeof | Fewer false positive results | Arithmetic with void pointers (where allowed) is now excluded from this query. |
 | Wrong type of arguments to formatting function | Fewer false positive results | False positive results involving typedefs have been removed.  Expected argument types are determined more accurately, especially for wide string and pointer types.  Custom (non-standard) formatting functions are also identified more accurately. |
+| AV Rule 164 | Fewer false positive results | This query now accounts for explicit casts. |
+| Negation of unsigned value | Fewer false positive results | This query now accounts for explicit casts. |
+| Variable scope too large | Fewer false positive results | Variables with declarations in header files, or that are used at file scope, are now excluded from this query. |
+| Comparison result is always the same | Fewer false positive results | Comparisons in template instantiations are now excluded from this query. |
+| Unsigned comparison to zero | Fewer false positive results | Comparisons in template instantiations are now excluded from this query. |

 ## Changes to QL libraries

--- a/change-notes/1.19/analysis-csharp.md
+++ b/change-notes/1.19/analysis-csharp.md
@@ -29,3 +29,7 @@

 * `getArgument()` on `AccessorCall` has been improved so it now takes tuple assignments into account. For example, the argument for the implicit `value` parameter in the setter of property `P` is `0` in `(P, x) = (0, 1)`. Additionally, the argument for the `value` parameter in compound assignments is now only the expanded value, for example, in `P += 7` the argument is `P + 7` and not `7`.
 * The predicate `isInArgument()` has been added to the `AssignableAccess` class. This holds for expressions that are passed as arguments using `in`.
+
+## Changes to the autobuilder
+
+* When determining the target of `msbuild` or `dotnet build`, first look for `.proj` files, then `.sln` files, and finally `.csproj`/`.vcxproj` files. In all three cases, choose the project/solution file closest to the root.
--- a/change-notes/1.19/analysis-java.md
+++ b/change-notes/1.19/analysis-java.md
@@ -16,6 +16,7 @@
 | **Query**                  | **Expected impact**    | **Change**                                                       |
 |----------------------------|------------------------|------------------------------------------------------------------|
 | Array index out of bounds (`java/index-out-of-bounds`) | Fewer false positive results | False positives involving arrays with a length evenly divisible by 3 or some greater number and an index being increased with a similar stride length are no longer reported. |
+| Confusing overloading of methods (`java/confusing-method-signature`) | Fewer false positive results | A bugfix in the inheritance relation ensures that spurious results on certain generic classes no longer occur. |
 | Query built from user-controlled sources (`java/sql-injection`) | More results | Sql injection sinks from the Spring JDBC, MyBatis, and Hibernate frameworks are now reported. |
 | Query built without neutralizing special characters (`java/concatenated-sql-query`) | More results | Sql injection sinks from the Spring JDBC, MyBatis, and Hibernate frameworks are now reported. |
 | Unreachable catch clause (`java/unreachable-catch-clause`) | Fewer false positive results | This rule now accounts for calls to generic methods that throw generic exceptions. |
--- a/change-notes/1.19/analysis-javascript.md
+++ b/change-notes/1.19/analysis-javascript.md
@@ -4,8 +4,6 @@

 * Modelling of taint flow through array operations has been improved. This may give additional results for the security queries.

-* The taint tracking library now recognizes additional sanitization patterns. This may give fewer false-positive results for the security queries.
-
 * Support for AMD modules has been improved. This may give additional results for the security queries as well as any queries that use type inference on code bases that use such modules.

 * Support for popular libraries has been improved. Consequently, queries may produce more results on code bases that use the following features:
@@ -13,6 +11,8 @@
  - outbound network access, for example through the [fetch API](https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API)
  - the [lodash](https://lodash.com), [underscore](https://underscorejs.org/), [async](https://www.npmjs.com/package/async) and [async-es](https://www.npmjs.com/package/async-es) libraries

+* The taint tracking library now recognizes additional sanitization patterns. This may give fewer false-positive results for the security queries.
+
 * Type inference for function calls has been improved. This may give additional results for queries that rely on type inference.

 * Where applicable, path explanations have been added to the security queries.
@@ -35,29 +35,38 @@

 | **Query**                      | **Expected impact**        | **Change**                                   |
 |--------------------------------|----------------------------|----------------------------------------------|
+| Ambiguous HTML id attribute | Lower severity | The severity of this rule has been revised to "warning". |
+| Clear-text logging of sensitive information | Fewer results | This rule now tracks flow more precisely. |
 | Client side cross-site scripting | More results | This rule now also flags HTML injection in the body of an email. |
+| Client-side URL redirect | Fewer false-positive results | This rule now recognizes safe redirects in more cases. |
+| Conflicting HTML element attributes | Lower severity | The severity of this rule has been revised to "warning". |
+| Duplicate 'if' condition | Lower severity | The severity of this rule has been revised to "warning". |
+| Duplicate switch case | Lower severity | The severity of this rule has been revised to "warning". |
 | Information exposure through a stack trace | More results | This rule now also flags cases where the entire exception object (including the stack trace) may be exposed. |
 | Missing CSRF middleware | Fewer false-positive results | This rule now recognizes additional CSRF protection middlewares. |
+| Missing 'this' qualifier | Fewer false-positive results | This rule now recognizes additional intentional calls to global functions. | 
+| Missing variable declaration | Lower severity | The severity of this rule has been revised to "warning". |
 | Regular expression injection | Fewer false-positive results | This rule now identifies calls to `String.prototype.search` with more precision. |
 | Remote property injection | Fewer results | The precision of this rule has been revised to "medium". Results are no longer shown on LGTM by default. |
 | Self assignment | Fewer false-positive results | This rule now ignores self-assignments preceded by a JSDoc comment with a `@type` tag. |
+| Server-side URL redirect | Fewer false-positive results | This rule now recognizes safe redirects in more cases. |
 | Server-side URL redirect | More results | This rule now recognizes redirection calls in more cases. |
 | Unbound event handler receiver | Fewer false-positive results | This rule now recognizes additional ways class methods can be bound. |
 | Uncontrolled data used in remote request | More results | This rule now recognizes additional kinds of requests. |
+| Unknown directive | Fewer false positives results | This rule now recognizes YUI compressor directives. |
 | Unused import | Fewer false-positive results | This rule no longer flags imports used by the `transform-react-jsx` Babel plugin. |
 | Unused variable, import, function or class | Fewer false-positive results | This rule now flags fewer variables that may be used by `eval` calls. |
 | Unused variable, import, function or class | Fewer results | This rule now flags import statements with multiple unused imports once. |
 | Useless assignment to local variable | Fewer false-positive results | This rule now recognizes additional ways default values can be set. |
 | Whitespace contradicts operator precedence | Fewer false-positive results | This rule no longer flags operators with asymmetric whitespace. |
-| Client-side URL redirect | Fewer false-positive results | This rule now recognizes safe redirects in more cases. |
-| Server-side URL redirect | Fewer false-positive results | This rule now recognizes safe redirects in more cases. |
+| Wrong use of 'this' for static method | More results, fewer false-positive results | This rule now recognizes inherited methods. |

 ## Changes to QL libraries

-* The flow configuration framework now supports distinguishing and tracking different kinds of taint, specified by an extensible class `FlowLabel` (which can also be referred to by its alias `TaintKind`).
-
-* The `DataFlow::ThisNode` class now corresponds to the implicit receiver parameter of a function, as opposed to an indivdual `this` expression. This means `getALocalSource` now maps all `this` expressions within a given function to the same source. The data-flow node associated with a `ThisExpr` can no longer be cast to `DataFlow::SourceNode` or `DataFlow::ThisNode` - it is recomended to use `getALocalSource` before casting or instead of casting.
+* A `DataFlow::ParameterNode` instance now exists for all function parameters. Previously, unused parameters did not have a corresponding dataflow node.

 * `ReactComponent::getAThisAccess` has been renamed to `getAThisNode`. The old name is still usable but is deprecated. It no longer gets individual `this` expressions, but the `ThisNode` mentioned above.

-* A `DataFlow::ParameterNode` instance now exists for all function parameters. Previously, unused parameters did not have a corresponding dataflow node.
+* The `DataFlow::ThisNode` class now corresponds to the implicit receiver parameter of a function, as opposed to an indivdual `this` expression. This means `getALocalSource` now maps all `this` expressions within a given function to the same source. The data-flow node associated with a `ThisExpr` can no longer be cast to `DataFlow::SourceNode` or `DataFlow::ThisNode` - it is recomended to use `getALocalSource` before casting or instead of casting.
+
+* The flow configuration framework now supports distinguishing and tracking different kinds of taint, specified by an extensible class `FlowLabel` (which can also be referred to by its alias `TaintKind`).
--- a/change-notes/1.19/extractor-javascript.md
+++ b/change-notes/1.19/extractor-javascript.md
@@ -16,8 +16,16 @@

 ## General improvements

-> Changes that affect alerts in many files or from many queries
-> For example, changes to file classification
+* On LGTM, files whose name ends in `.min.js` or `-min.js` are no longer extracted by default, since they most likely contain minified code and results in these files would be hidden by default anyway. To extract such files anyway, you can add the following filters to your `lgtm.yml` file (or add them to existing filters):
+
+```yaml
+extraction:
+  javascript:
+    index:
+      filters:
+        - include: "**/*.min.js"
+        - include: "**/*-min.js"
+```

 ## Changes to code extraction

--- a/Information/GeneralStatistics.qhelp
+++ b/Information/GeneralStatistics.qhelp
@@ -15,20 +15,9 @@ functions, and the total number of source code resp. comment lines.</p>
 depends on third-party libraries: low self-containedness means that many dependencies
 are to library classes (as opposed to source classes within the same application).</p>

-</overview>
-<section title="How to Address the Query Results">
-
 <p>The results of this query are purely informative and more useful for getting an overall impression of the application than for
-identifying particular defects.</p>
+identifying particular problems with the code.</p>

+</overview>

-
-
-
-</section>
-<references>
-
-
-
-</references>
 </qhelp>
--- a/Errors/OffsetUseBeforeRangeCheck.ql
+++ b/Errors/OffsetUseBeforeRangeCheck.ql
@@ -5,6 +5,7 @@
 * @kind problem
 * @id cpp/offset-use-before-range-check
 * @problem.severity warning
+ * @precision medium
 * @tags reliability
 *       security
 *       external/cwe/cwe-120
@@ -13,10 +14,29 @@

 import cpp

-from Variable v, LogicalAndExpr andexpr, ArrayExpr access, LTExpr rangecheck
-where access.getArrayOffset() = v.getAnAccess()
-  and andexpr.getLeftOperand().getAChild() = access
-  and andexpr.getRightOperand() = rangecheck
-  and rangecheck.getLeftOperand() = v.getAnAccess()
-  and not access.isInMacroExpansion()
+predicate beforeArrayAccess(Variable v, ArrayExpr access, Expr before) {
+  exists(LogicalAndExpr andexpr |
+    access.getArrayOffset() = v.getAnAccess() and
+    andexpr.getRightOperand().getAChild*() = access and
+    andexpr.getLeftOperand() = before
+  )
+}
+
+predicate afterArrayAccess(Variable v, ArrayExpr access, Expr after) {
+  exists(LogicalAndExpr andexpr |
+    access.getArrayOffset() = v.getAnAccess() and
+    andexpr.getLeftOperand().getAChild*() = access and
+    andexpr.getRightOperand() = after
+  )
+}
+
+from Variable v, ArrayExpr access, LTExpr rangecheck
+where
+  afterArrayAccess(v, access, rangecheck) and
+  rangecheck.getLeftOperand() = v.getAnAccess() and
+  not access.isInMacroExpansion() and
+  not exists(LTExpr altcheck |
+    beforeArrayAccess(v, access, altcheck) and
+    altcheck.getLeftOperand() = v.getAnAccess()
+  )
 select access, "This use of offset '" + v.getName() + "' should follow the $@.", rangecheck, "range check"
--- a/Constants/MagicNumbersUseConstant.ql
+++ b/Constants/MagicNumbersUseConstant.ql
@@ -4,6 +4,8 @@
 * @kind problem
 * @id cpp/use-number-constant
 * @problem.severity recommendation
+ * @precision low
+ * @tags maintainability
 */
 import cpp
 import MagicConstants
--- a/Constants/MagicStringsUseConstant.ql
+++ b/Constants/MagicStringsUseConstant.ql
@@ -4,6 +4,8 @@
 * @kind problem
 * @id cpp/use-string-constant
 * @problem.severity recommendation
+ * @precision low
+ * @tags maintainability
 */
 import cpp
 import MagicConstants
--- a/Practices/NVI.ql
+++ b/Practices/NVI.ql
@@ -4,7 +4,9 @@
 *              to enforce invariants that should hold for the whole hierarchy.
 * @kind problem
 * @id cpp/nvi
- * @problem.severity warning
+ * @problem.severity recommendation
+ * @precision low
+ * @tags maintainability
 */
 import cpp

--- a/Practices/NVIHub.ql
+++ b/Practices/NVIHub.ql
@@ -4,8 +4,11 @@
 *              to enforce invariants that should hold for the whole hierarchy.
 *              This is especially problematic in classes with many
 *              dependencies or dependents.
- * @kind table
+ * @kind problem
 * @id cpp/nvi-hub
+ * @problem.severity recommendation
+ * @precision low
+ * @tags maintainability
 */
 import cpp

@@ -19,4 +22,4 @@ where f.hasSpecifier("public") and
      fclass = f.getDeclaringType() and
      hubIndex = fclass.getMetrics().getAfferentCoupling() * fclass.getMetrics().getEfferentCoupling() and
      hubIndex > 100
-select f.getFile(), f, "Avoid having public virtual methods (NVI idiom)"
+select f, "Avoid having public virtual methods (NVI idiom)"
--- a/Entities/UnusedIncludes.ql
+++ b/Entities/UnusedIncludes.ql
@@ -4,7 +4,10 @@
 *              the included elements are used.
 * @kind problem
 * @id cpp/unused-includes
- * @problem.severity warning
+ * @problem.severity recommendation
+ * @precision low
+ * @tags maintainability
+ *       useless-code
 */

 import cpp
--- a/cpp/ql/src/Critical/OverflowStatic.ql
+++ b/cpp/ql/src/Critical/OverflowStatic.ql
@@ -82,22 +82,31 @@ class CallWithBufferSize extends FunctionCall
  Expr buffer() {
    exists(int i |
      bufferAndSizeFunction(this.getTarget(), i, _) and
-      result = this.getArgument(i))
+      result = this.getArgument(i)
+    )
  }
-  Expr statedSize() {
+  Expr statedSizeExpr() {
    exists(int i |
      bufferAndSizeFunction(this.getTarget(), _, i) and
-      result = this.getArgument(i))
+      result = this.getArgument(i)
+    )
+  }
+  int statedSizeValue() {
+    exists(Expr statedSizeSrc |
+      DataFlow::localFlow(DataFlow::exprNode(statedSizeSrc), DataFlow::exprNode(statedSizeExpr())) and
+      result = statedSizeSrc.getValue().toInt()
+    )
  }
 }

 predicate wrongBufferSize(Expr error, string msg) {
-  exists(CallWithBufferSize call, int bufsize, Variable buf |
+  exists(CallWithBufferSize call, int bufsize, Variable buf, int statedSize |
    staticBuffer(call.buffer(), buf, bufsize) and
-    call.statedSize().getValue().toInt() > bufsize and
-    error = call.statedSize() and
+    statedSize = min(call.statedSizeValue()) and
+    statedSize > bufsize and
+    error = call.statedSizeExpr() and
    msg = "Potential buffer-overflow: '" + buf.getName() +
-    "' has size " + bufsize.toString() + " not " + call.statedSize().getValue() + ".")
+    "' has size " + bufsize.toString() + " not " + statedSize + ".")
 }

 predicate outOfBounds(BufferAccess bufaccess, string msg)
--- a/cpp/ql/src/JPL_C/LOC-3/Rule
+++ b/cpp/ql/src/JPL_C/LOC-3/Rule
@@ -12,5 +12,6 @@ from GlobalVariable v
 where forex(VariableAccess va | va.getTarget() = v | va.getFile() = v.getDefinitionLocation().getFile())
      and not v.hasSpecifier("static")
      and strictcount(v.getAnAccess().getEnclosingFunction()) > 1 // If = 1, variable should be function-scope.
+      and not v.getADeclarationEntry().getFile() instanceof HeaderFile // intended to be accessed elsewhere
 select v, "The global variable " + v.getName() + " is not accessed outside of " + v.getFile().getBaseName()
      + " and could be made static."
--- a/cpp/ql/src/JPL_C/LOC-3/Rule
+++ b/cpp/ql/src/JPL_C/LOC-3/Rule
@@ -10,5 +10,7 @@ import cpp

 from GlobalVariable v, Function f
 where v.getAnAccess().getEnclosingFunction() = f and
-      strictcount(v.getAnAccess().getEnclosingFunction()) = 1
+      strictcount(v.getAnAccess().getEnclosingFunction()) = 1 and
+      forall(VariableAccess a | a = v.getAnAccess() | exists(a.getEnclosingFunction())) and
+      not v.getADeclarationEntry().getFile() instanceof HeaderFile // intended to be accessed elsewhere
 select v, "The variable " + v.getName() + " is only accessed in $@ and should be scoped accordingly.", f, f.getName()
--- a/Bugs/Arithmetic/PointlessSelfComparison.ql
+++ b/Bugs/Arithmetic/PointlessSelfComparison.ql
@@ -18,4 +18,12 @@ from ComparisonOperation cmp
 where pointlessSelfComparison(cmp)
  and not nanTest(cmp)
  and not overflowTest(cmp)
+  and not exists(MacroInvocation mi | 
+    // cmp is in mi 
+    mi.getAnExpandedElement() = cmp and 
+  
+    // and cmp was apparently not passed in as a macro parameter 
+    cmp.getLocation().getStartLine() = mi.getLocation().getStartLine() and 
+    cmp.getLocation().getStartColumn() = mi.getLocation().getStartColumn() 
+  ) 
 select cmp, "Self comparison."
--- a/Management/Padding/More64BitWaste.ql
+++ b/Management/Padding/More64BitWaste.ql
@@ -4,6 +4,8 @@
 * @kind problem
 * @id cpp/more-64-bit-waste
 * @problem.severity warning
+ * @tags maintainability
+ *       portability
 */

 import semmle.code.cpp.padding.Padding
--- a/Management/Padding/NonPortablePrintf.ql
+++ b/Management/Padding/NonPortablePrintf.ql
@@ -5,6 +5,8 @@
 * @kind problem
 * @id cpp/non-portable-printf
 * @problem.severity warning
+ * @tags maintainability
+ *       portability
 */

 import cpp
--- a/Management/Padding/Suboptimal64BitType.ql
+++ b/Management/Padding/Suboptimal64BitType.ql
@@ -4,7 +4,8 @@
 *    that by reordering them one could reduce the amount of internal padding on a 64-bit architecture.
 * @kind problem
 * @id cpp/suboptimal-64-bit-type
- * @problem.severity warning
+ * @problem.severity recommendation
+ * @tags efficiency
 */

 import semmle.code.cpp.padding.Padding
--- a/cpp/ql/src/Metrics/History/HChurn.ql
+++ b/cpp/ql/src/Metrics/History/HChurn.ql
@@ -7,6 +7,7 @@
 * @treemap.warnOn highValues
 * @metricType file
 * @metricAggregate avg sum max
+ * @deprecated
 */
 import cpp
 import external.VCS
--- a/cpp/ql/src/Metrics/History/HLinesAdded.ql
+++ b/cpp/ql/src/Metrics/History/HLinesAdded.ql
@@ -7,6 +7,7 @@
 * @treemap.warnOn highValues
 * @metricType file
 * @metricAggregate avg sum max
+ * @deprecated
 */
 import cpp
 import external.VCS
--- a/cpp/ql/src/Metrics/History/HLinesDeleted.ql
+++ b/cpp/ql/src/Metrics/History/HLinesDeleted.ql
@@ -7,6 +7,7 @@
 * @treemap.warnOn highValues
 * @metricType file
 * @metricAggregate avg sum max
+ * @deprecated
 */
 import cpp
 import external.VCS
--- a/cpp/ql/src/Metrics/History/HNumberOfAuthors.ql
+++ b/cpp/ql/src/Metrics/History/HNumberOfAuthors.ql
@@ -6,6 +6,7 @@
 * @treemap.warnOn highValues
 * @metricType file
 * @metricAggregate avg min max
+ * @deprecated
 */
 import cpp
 import external.VCS
--- a/cpp/ql/src/Metrics/History/HNumberOfChanges.ql
+++ b/cpp/ql/src/Metrics/History/HNumberOfChanges.ql
@@ -7,6 +7,7 @@
 * @treemap.warnOn highValues
 * @metricType file
 * @metricAggregate avg min max sum
+ * @deprecated
 */
 import cpp
 import external.VCS
--- a/cpp/ql/src/Metrics/History/HNumberOfCoCommits.ql
+++ b/cpp/ql/src/Metrics/History/HNumberOfCoCommits.ql
@@ -7,6 +7,7 @@
 * @treemap.warnOn highValues
 * @metricType file
 * @metricAggregate avg min max
+ * @deprecated
 */
 import cpp
 import external.VCS
--- a/cpp/ql/src/Metrics/History/HNumberOfReCommits.ql
+++ b/cpp/ql/src/Metrics/History/HNumberOfReCommits.ql
@@ -7,6 +7,7 @@
 * @treemap.warnOn highValues
 * @metricType file
 * @metricAggregate avg min max
+ * @deprecated
 */
 import cpp
 import external.VCS
--- a/cpp/ql/src/Metrics/History/HNumberOfRecentAuthors.ql
+++ b/cpp/ql/src/Metrics/History/HNumberOfRecentAuthors.ql
@@ -7,6 +7,7 @@
 * @treemap.warnOn highValues
 * @metricType file
 * @metricAggregate avg min max
+ * @deprecated
 */
 import cpp
 import external.VCS
--- a/cpp/ql/src/Metrics/History/HNumberOfRecentChangedFiles.ql
+++ b/cpp/ql/src/Metrics/History/HNumberOfRecentChangedFiles.ql
@@ -6,6 +6,7 @@
 * @treemap.warnOn highValues
 * @metricType file
 * @metricAggregate avg min max sum
+ * @deprecated
 */
 import cpp
 import external.VCS
--- a/cpp/ql/src/Metrics/History/HNumberOfRecentChanges.ql
+++ b/cpp/ql/src/Metrics/History/HNumberOfRecentChanges.ql
@@ -6,6 +6,7 @@
 * @treemap.warnOn highValues
 * @metricType file
 * @metricAggregate avg min max sum
+ * @deprecated
 */
 import cpp
 import external.VCS
--- a/6/GlobalCouldBeStatic.ql
+++ b/6/GlobalCouldBeStatic.ql
@@ -12,5 +12,6 @@ from GlobalVariable v
 where forex(VariableAccess va | va.getTarget() = v | va.getFile() = v.getDefinitionLocation().getFile())
      and not v.hasSpecifier("static")
      and strictcount(v.getAnAccess().getEnclosingFunction()) > 1 // If = 1, variable should be function-scope.
+      and not v.getADeclarationEntry().getFile() instanceof HeaderFile // intended to be accessed elsewhere
 select v, "The global variable " + v.getName() + " is not accessed outside of " + v.getFile().getBaseName() +
      " and could be made static."
--- a/6/VariableScopeTooLarge.ql
+++ b/6/VariableScopeTooLarge.ql
@@ -10,5 +10,7 @@ import cpp

 from GlobalVariable v, Function f
 where v.getAnAccess().getEnclosingFunction() = f and
-      strictcount(v.getAnAccess().getEnclosingFunction()) = 1
+      strictcount(v.getAnAccess().getEnclosingFunction()) = 1 and
+      forall(VariableAccess a | a = v.getAnAccess() | exists(a.getEnclosingFunction())) and
+      not v.getADeclarationEntry().getFile() instanceof HeaderFile // intended to be accessed elsewhere
 select v, "The variable " + v.getName() + " is only accessed in $@ and should be scoped accordingly.", f, f.getName()
--- a/cpp/ql/src/external/tests/DefectFilter.ql
+++ b/cpp/ql/src/external/tests/DefectFilter.ql
@@ -4,7 +4,6 @@
 */
 import cpp
 import external.DefectFilter
-import external.VCS

 from DefectResult res
 where res.getFile().getMetrics().getNumberOfLinesOfCode() > 200
--- a/cpp/ql/src/external/tests/DefectFromSVN.ql
+++ b/cpp/ql/src/external/tests/DefectFromSVN.ql
@@ -3,6 +3,7 @@
 * @description A test case for creating a defect from SVN data.
 * @kind problem
 * @problem.severity warning
+ * @deprecated
 */

 import cpp
--- a/cpp/ql/src/external/tests/MetricFromSVN.ql
+++ b/cpp/ql/src/external/tests/MetricFromSVN.ql
@@ -3,6 +3,7 @@
 * @description Find number of commits for a file
 * @treemap.warnOn lowValues
 * @metricType file
+ * @deprecated
 */

 import cpp
--- a/cpp/ql/src/filters/RecentDefects.ql
+++ b/cpp/ql/src/filters/RecentDefects.ql
@@ -6,6 +6,7 @@
 *              before the date of the snapshot.
 * @kind problem
 * @id cpp/recent-defects-filter
+ * @deprecated
 */
 import cpp
 import external.DefectFilter
--- a/cpp/ql/src/filters/RecentDefectsForMetric.ql
+++ b/cpp/ql/src/filters/RecentDefectsForMetric.ql
@@ -6,6 +6,7 @@
 *              before the snapshot.
 * @kind treemap
 * @id cpp/recent-defects-for-metric-filter
+ * @deprecated
 */
 import cpp
 import external.MetricFilter
--- a/cpp/ql/src/jsf/3.02
+++ b/cpp/ql/src/jsf/3.02
@@ -4,6 +4,8 @@
 * @kind problem
 * @id cpp/jsf/av-rule-1
 * @problem.severity warning
+ * @tags maintainability
+ *       external/jsf
 */
 import cpp

--- a/cpp/ql/src/jsf/3.02
+++ b/cpp/ql/src/jsf/3.02
@@ -4,6 +4,10 @@
 * @kind problem
 * @id cpp/jsf/av-rule-2
 * @problem.severity error
+ * @tags maintainability
+ *       readability
+ *       testability
+ *       external/jsf
 */
 import cpp

--- a/cpp/ql/src/jsf/3.02
+++ b/cpp/ql/src/jsf/3.02
@@ -3,7 +3,9 @@
 * @description All functions shall have a cyclomatic complexity number of 20 or less.
 * @kind problem
 * @id cpp/jsf/av-rule-3
- * @problem.severity error
+ * @problem.severity recommendation
+ * @tags maintainability
+ *       external/jsf
 */
 import cpp

--- a/cpp/ql/src/jsf/4.04
+++ b/cpp/ql/src/jsf/4.04
@@ -4,6 +4,9 @@
 * @kind problem
 * @id cpp/jsf/av-rule-11
 * @problem.severity warning
+ * @tags maintainability
+ *       readability
+ *       external/jsf
 */
 import cpp
 import external.ExternalArtifact
--- a/cpp/ql/src/jsf/4.04
+++ b/cpp/ql/src/jsf/4.04
@@ -4,6 +4,9 @@
 * @kind problem
 * @id cpp/jsf/av-rule-12
 * @problem.severity warning
+ * @tags maintainability
+ *       readability
+ *       external/jsf
 */

 import cpp
--- a/cpp/ql/src/jsf/4.04
+++ b/cpp/ql/src/jsf/4.04
@@ -4,6 +4,9 @@
 * @kind problem
 * @id cpp/jsf/av-rule-13
 * @problem.severity error
+ * @tags maintainability
+ *       portability
+ *       external/jsf
 */
 import cpp

--- a/cpp/ql/src/jsf/4.04
+++ b/cpp/ql/src/jsf/4.04
@@ -4,6 +4,9 @@
 * @kind problem
 * @id cpp/jsf/av-rule-14
 * @problem.severity error
+ * @tags maintainability
+ *       readability
+ *       external/jsf
 */
 import cpp

--- a/cpp/ql/src/jsf/4.04
+++ b/cpp/ql/src/jsf/4.04
@@ -4,6 +4,9 @@
 * @kind problem
 * @id cpp/jsf/av-rule-9
 * @problem.severity warning
+ * @tags maintainability
+ *       portability
+ *       external/jsf
 */

 import cpp
--- a/cpp/ql/src/jsf/4.05
+++ b/cpp/ql/src/jsf/4.05
@@ -4,6 +4,8 @@
 * @kind problem
 * @id cpp/jsf/av-rule-17
 * @problem.severity error
+ * @tags maintainability
+ *       external/jsf
 */
 import cpp

--- a/cpp/ql/src/jsf/4.05
+++ b/cpp/ql/src/jsf/4.05
@@ -4,6 +4,8 @@
 * @kind problem
 * @id cpp/jsf/av-rule-18
 * @problem.severity error
+ * @tags maintainability
+ *       external/jsf
 */
 import cpp

--- a/cpp/ql/src/jsf/4.05
+++ b/cpp/ql/src/jsf/4.05
@@ -4,6 +4,8 @@
 * @kind problem
 * @id cpp/jsf/av-rule-19
 * @problem.severity error
+ * @tags maintainability
+ *       external/jsf
 */
 import cpp

--- a/cpp/ql/src/jsf/4.05
+++ b/cpp/ql/src/jsf/4.05
@@ -4,6 +4,10 @@
 * @kind problem
 * @id cpp/jsf/av-rule-20
 * @problem.severity error
+ * @tags correctness
+ *       portability
+ *       readability
+ *       external/jsf
 */
 import cpp

--- a/cpp/ql/src/jsf/4.05
+++ b/cpp/ql/src/jsf/4.05
@@ -4,6 +4,9 @@
 * @kind problem
 * @id cpp/jsf/av-rule-21
 * @problem.severity error
+ * @tags correctness
+ *       portability
+ *       external/jsf
 */
 import cpp

--- a/cpp/ql/src/jsf/4.05
+++ b/cpp/ql/src/jsf/4.05
@@ -4,6 +4,9 @@
 * @kind problem
 * @id cpp/jsf/av-rule-22
 * @problem.severity error
+ * @tags maintainability
+ *       portability
+ *       external/jsf
 */
 import cpp

--- a/cpp/ql/src/jsf/4.05
+++ b/cpp/ql/src/jsf/4.05
@@ -4,6 +4,9 @@
 * @kind problem
 * @id cpp/jsf/av-rule-23
 * @problem.severity error
+ * @tags correctness
+ *       portability
+ *       external/jsf
 */
 import cpp

--- a/cpp/ql/src/jsf/4.05
+++ b/cpp/ql/src/jsf/4.05
@@ -4,7 +4,9 @@
 * @kind problem
 * @id cpp/jsf/av-rule-24
 * @problem.severity warning
- * @tags portability
+ * @tags correctness
+ *       portability
+ *       external/jsf
 */
 import cpp

--- a/cpp/ql/src/jsf/4.05
+++ b/cpp/ql/src/jsf/4.05
@@ -4,6 +4,9 @@
 * @kind problem
 * @id cpp/jsf/av-rule-25
 * @problem.severity error
+ * @tags correctness
+ *       portability
+ *       external/jsf
 */
 import cpp

--- a/cpp/ql/src/jsf/4.06
+++ b/cpp/ql/src/jsf/4.06
@@ -4,6 +4,8 @@
 * @kind problem
 * @id cpp/jsf/av-rule-26
 * @problem.severity error
+ * @tags maintainability
+ *       external/jsf
 */
 import cpp

--- a/cpp/ql/src/jsf/4.06
+++ b/cpp/ql/src/jsf/4.06
@@ -4,6 +4,9 @@
 * @kind problem
 * @id cpp/jsf/av-rule-27
 * @problem.severity warning
+ * @tags maintainability
+ *       portability
+ *       external/jsf
 */
 import cpp
 import semmle.code.cpp.headers.MultipleInclusion
--- a/cpp/ql/src/jsf/4.06
+++ b/cpp/ql/src/jsf/4.06
@@ -4,6 +4,8 @@
 * @kind problem
 * @id cpp/jsf/av-rule-28
 * @problem.severity warning
+ * @tags maintainability
+ *       external/jsf
 */
 import cpp
 import semmle.code.cpp.headers.MultipleInclusion
--- a/cpp/ql/src/jsf/4.06
+++ b/cpp/ql/src/jsf/4.06
@@ -4,6 +4,8 @@
 * @kind problem
 * @id cpp/jsf/av-rule-29
 * @problem.severity error
+ * @tags maintainability
+ *       external/jsf
 */
 import cpp

--- a/cpp/ql/src/jsf/4.06
+++ b/cpp/ql/src/jsf/4.06
@@ -4,6 +4,8 @@
 * @kind problem
 * @id cpp/jsf/av-rule-30
 * @problem.severity error
+ * @tags maintainability
+ *       external/jsf
 */
 import cpp

--- a/cpp/ql/src/jsf/4.06
+++ b/cpp/ql/src/jsf/4.06
@@ -4,6 +4,8 @@
 * @kind problem
 * @id cpp/jsf/av-rule-31
 * @problem.severity warning
+ * @tags maintainability
+ *       external/jsf
 */
 import cpp
 import semmle.code.cpp.headers.MultipleInclusion
--- a/cpp/ql/src/jsf/4.06
+++ b/cpp/ql/src/jsf/4.06
@@ -7,6 +7,8 @@
 * @id cpp/include-non-header
 * @tags maintainability
 *       modularity
+ *       readability
+ *       external/jsf
 */
 import cpp
 import semmle.code.cpp.AutogeneratedFile
--- a/cpp/ql/src/jsf/4.07
+++ b/cpp/ql/src/jsf/4.07
@@ -4,6 +4,9 @@
 * @kind problem
 * @id cpp/jsf/av-rule-33
 * @problem.severity error
+ * @tags maintainability
+ *       portability
+ *       external/jsf
 */
 import cpp

--- a/cpp/ql/src/jsf/4.07
+++ b/cpp/ql/src/jsf/4.07
@@ -10,6 +10,7 @@
 * @tags efficiency
 *       maintainability
 *       modularity
+ *       external/jsf
 */
 import cpp
 import semmle.code.cpp.headers.MultipleInclusion
--- a/cpp/ql/src/jsf/4.07
+++ b/cpp/ql/src/jsf/4.07
@@ -4,6 +4,8 @@
 * @kind problem
 * @id cpp/jsf/av-rule-39
 * @problem.severity warning
+ * @tags maintainability
+ *       external/jsf
 */
 import cpp

--- a/cpp/ql/src/jsf/4.08
+++ b/cpp/ql/src/jsf/4.08
@@ -4,6 +4,8 @@
 * @kind problem
 * @id cpp/jsf/av-rule-40
 * @problem.severity error
+ * @tags correctness
+ *       external/jsf
 */
 import cpp

--- a/cpp/ql/src/jsf/4.09
+++ b/cpp/ql/src/jsf/4.09
@@ -3,7 +3,10 @@
 * @description Source lines will be kept to a length of 120 characters or less.
 * @kind problem
 * @id cpp/jsf/av-rule-41
- * @problem.severity warning
+ * @problem.severity recommendation
+ * @tags maintainability
+ *       readability
+ *       external/jsf
 */

 import cpp
--- a/cpp/ql/src/jsf/4.09
+++ b/cpp/ql/src/jsf/4.09
@@ -3,7 +3,10 @@
 * @description Each expression-statement will be on a separate line.
 * @kind problem
 * @id cpp/jsf/av-rule-42
- * @problem.severity warning
+ * @problem.severity recommendation
+ * @tags maintainability
+ *       readability
+ *       external/jsf
 */
 import cpp

--- a/cpp/ql/src/jsf/4.09
+++ b/cpp/ql/src/jsf/4.09
@@ -4,6 +4,9 @@
 * @kind problem
 * @id cpp/jsf/av-rule-43
 * @problem.severity recommendation
+ * @tags maintainability
+ *       readability
+ *       external/jsf
 */

 import cpp
--- a/cpp/ql/src/jsf/4.09
+++ b/cpp/ql/src/jsf/4.09
@@ -3,7 +3,10 @@
 * @description All indentations will be at least two spaces and be consistent within the same source file.
 * @kind problem
 * @id cpp/jsf/av-rule-44
- * @problem.severity warning
+ * @problem.severity recommendation
+ * @tags maintainability
+ *       readability
+ *       external/jsf
 */

 import cpp
--- a/cpp/ql/src/jsf/4.09
+++ b/cpp/ql/src/jsf/4.09
@@ -3,7 +3,10 @@
 * @description All words in an identifier will be separated by the underscore character.
 * @kind problem
 * @id cpp/jsf/av-rule-45
- * @problem.severity warning
+ * @problem.severity recommendation
+ * @tags maintainability
+ *       readability
+ *       external/jsf
 */
 import cpp

--- a/cpp/ql/src/jsf/4.09
+++ b/cpp/ql/src/jsf/4.09
@@ -3,7 +3,10 @@
 * @description User-specified identifiers (internal and external) will not rely on significance of more than 64 characters.
 * @kind problem
 * @id cpp/jsf/av-rule-46
- * @problem.severity warning
+ * @problem.severity recommendation
+ * @tags maintainability
+ *       readability
+ *       external/jsf
 */
 import cpp

--- a/cpp/ql/src/jsf/4.09
+++ b/cpp/ql/src/jsf/4.09
@@ -3,7 +3,9 @@
 * @description Identifiers will not begin with the underscore character.
 * @kind problem
 * @id cpp/jsf/av-rule-47
- * @problem.severity warning
+ * @problem.severity recommendation
+ * @tags maintainability
+ *       external/jsf
 */
 import cpp

--- a/cpp/ql/src/jsf/4.09
+++ b/cpp/ql/src/jsf/4.09
@@ -4,6 +4,9 @@
 * @kind problem
 * @id cpp/jsf/av-rule-48
 * @problem.severity warning
+ * @tags maintainability
+ *       readability
+ *       external/jsf
 */
 import cpp

--- a/cpp/ql/src/jsf/4.09
+++ b/cpp/ql/src/jsf/4.09
@@ -3,7 +3,10 @@
 * @description All acronyms in an identifier will be composed of uppercase letters.
 * @kind problem
 * @id cpp/jsf/av-rule-49
- * @problem.severity warning
+ * @problem.severity recommendation
+ * @tags maintainability
+ *       readability
+ *       external/jsf
 */
 import cpp
 import Naming
--- a/cpp/ql/src/jsf/4.09
+++ b/cpp/ql/src/jsf/4.09
@@ -3,7 +3,10 @@
 * @description The first word of the name of a class, structure, namespace, enumeration, or type created with typedef will begin with an uppercase letter. All other letters will be lowercase.
 * @kind problem
 * @id cpp/jsf/av-rule-50
- * @problem.severity warning
+ * @problem.severity recommendation
+ * @tags maintainability
+ *       readability
+ *       external/jsf
 */
 import cpp
 import Naming
--- a/cpp/ql/src/jsf/4.09
+++ b/cpp/ql/src/jsf/4.09
@@ -3,7 +3,10 @@
 * @description All letters contained in function and variable names will be lowercase.
 * @kind problem
 * @id cpp/jsf/av-rule-51
- * @problem.severity warning
+ * @problem.severity recommendation
+ * @tags maintainability
+ *       readability
+ *       external/jsf
 */
 import cpp
 import Naming
--- a/cpp/ql/src/jsf/4.09
+++ b/cpp/ql/src/jsf/4.09
@@ -3,7 +3,10 @@
 * @description Identifiers for constant and enumerator values shall be lowercase.
 * @kind problem
 * @id cpp/jsf/av-rule-52
- * @problem.severity error
+ * @problem.severity recommendation
+ * @tags maintainability
+ *       readability
+ *       external/jsf
 */
 import cpp
 import Naming
--- a/cpp/ql/src/jsf/4.09
+++ b/cpp/ql/src/jsf/4.09
@@ -3,7 +3,10 @@
 * @description The following character sequences shall not appear in header file names: ', \, /*, //, or ".
 * @kind problem
 * @id cpp/jsf/av-rule-53-1
- * @problem.severity error
+ * @problem.severity warning
+ * @tags maintainability
+ *       portability
+ *       external/jsf
 */
 import cpp

--- a/cpp/ql/src/jsf/4.09
+++ b/cpp/ql/src/jsf/4.09
@@ -3,7 +3,10 @@
 * @description Header files will always have a file name extension of .h.
 * @kind problem
 * @id cpp/jsf/av-rule-53
- * @problem.severity warning
+ * @problem.severity recommendation
+ * @tags maintainability
+ *       readability
+ *       external/jsf
 */
 import cpp

--- a/cpp/ql/src/jsf/4.09
+++ b/cpp/ql/src/jsf/4.09
@@ -3,7 +3,10 @@
 * @description Implementation files will always have a file name extension of .cpp.
 * @kind problem
 * @id cpp/jsf/av-rule-54
- * @problem.severity warning
+ * @problem.severity recommendation
+ * @tags maintainability
+ *       readability
+ *       external/jsf
 */
 import cpp

--- a/cpp/ql/src/jsf/4.09
+++ b/cpp/ql/src/jsf/4.09
@@ -3,7 +3,10 @@
 * @description The public, protected, and private sections of a class will be declared in that order.
 * @kind problem
 * @id cpp/jsf/av-rule-57
- * @problem.severity warning
+ * @problem.severity recommendation
+ * @tags maintainability
+ *       readability
+ *       external/jsf
 */
 import cpp

--- a/cpp/ql/src/jsf/4.09
+++ b/cpp/ql/src/jsf/4.09
@@ -3,7 +3,10 @@
 * @description When declaring and defining functions with more than two parameters, the leading parenthesis and the first argument will be written on the same line as the function name. Each additional argument will be written on a separate line (with the closing parenthesis directly after the last argument).
 * @kind problem
 * @id cpp/jsf/av-rule-58
- * @problem.severity warning
+ * @problem.severity recommendation
+ * @tags maintainability
+ *       readability
+ *       external/jsf
 */
 import cpp

--- a/cpp/ql/src/jsf/4.09
+++ b/cpp/ql/src/jsf/4.09
@@ -3,7 +3,10 @@
 * @description The statements forming the body of an if, else if, else, while, do-while or for statement shall always be enclosed in braces, even if the braces form an empty block.
 * @kind problem
 * @id cpp/jsf/av-rule-59
- * @problem.severity error
+ * @problem.severity recommendation
+ * @tags maintainability
+ *       readability
+ *       external/jsf
 */
 import cpp

--- a/cpp/ql/src/jsf/4.09
+++ b/cpp/ql/src/jsf/4.09
@@ -3,7 +3,10 @@
 * @description Braces which enclose a block will be placed in the same column, on separate lines directly before and after the block.
 * @kind problem
 * @id cpp/jsf/av-rule-60
- * @problem.severity warning
+ * @problem.severity recommendation
+ * @tags maintainability
+ *       readability
+ *       external/jsf
 */

 import cpp
--- a/cpp/ql/src/jsf/4.09
+++ b/cpp/ql/src/jsf/4.09
@@ -3,7 +3,10 @@
 * @description Braces which enclose a block will have nothing else on the line except comments (if necessary).
 * @kind problem
 * @id cpp/jsf/av-rule-61
- * @problem.severity warning
+ * @problem.severity recommendation
+ * @tags maintainability
+ *       readability
+ *       external/jsf
 */

 import cpp
--- a/cpp/ql/src/jsf/4.09
+++ b/cpp/ql/src/jsf/4.09
@@ -3,7 +3,10 @@
 * @description Spaces will not be used around '.' or '->', nor between unary operators and operands.
 * @kind problem
 * @id cpp/jsf/av-rule-63
- * @problem.severity error
+ * @problem.severity recommendation
+ * @tags maintainability
+ *       readability
+ *       external/jsf
 */
 import cpp

--- a/cpp/ql/src/jsf/4.10
+++ b/cpp/ql/src/jsf/4.10
@@ -3,7 +3,9 @@
 * @description Unneeded implicitly generated member functions shall be explicitly disallowed.
 * @kind problem
 * @id cpp/jsf/av-rule-68
- * @problem.severity error
+ * @problem.severity warning
+ * @tags correctness
+ *       external/jsf
 */
 import cpp

--- a/cpp/ql/src/jsf/4.10
+++ b/cpp/ql/src/jsf/4.10
@@ -5,6 +5,8 @@
 * @kind problem
 * @id cpp/jsf/av-rule-69
 * @problem.severity warning
+ * @tags maintainability
+ *       external/jsf
 */
 import cpp

--- a/cpp/ql/src/jsf/4.10
+++ b/cpp/ql/src/jsf/4.10
@@ -5,7 +5,9 @@
 *              for logical or efficiency reasons.
 * @kind problem
 * @id cpp/jsf/av-rule-70
- * @problem.severity warning
+ * @problem.severity recommendation
+ * @tags maintainability
+ *       external/jsf
 */
 import cpp

--- a/cpp/ql/src/jsf/4.10
+++ b/cpp/ql/src/jsf/4.10
@@ -8,6 +8,7 @@
 * @tags reliability
 *       readability
 *       language-features
+ *       external/jsf
 */
 import cpp

--- a/cpp/ql/src/jsf/4.10
+++ b/cpp/ql/src/jsf/4.10
@@ -4,6 +4,8 @@
 * @kind problem
 * @id cpp/jsf/av-rule-71
 * @problem.severity error
+ * @tags correctness
+ *       external/jsf
 */
 import cpp

--- a/cpp/ql/src/jsf/4.10
+++ b/cpp/ql/src/jsf/4.10
@@ -3,8 +3,10 @@
 * @description Unnecessary default constructors shall not be defined.
 * @kind problem
 * @id cpp/jsf/av-rule-73
- * @problem.severity error
+ * @problem.severity recommendation
 * @precision low
+ * @tags maintainability
+ *       external/jsf
 */
 import cpp

--- a/cpp/ql/src/jsf/4.10
+++ b/cpp/ql/src/jsf/4.10
@@ -6,6 +6,8 @@
 * @kind problem
 * @id cpp/jsf/av-rule-74
 * @problem.severity warning
+ * @tags correctness
+ *       external/jsf
 */
 import cpp

--- a/cpp/ql/src/jsf/4.10
+++ b/cpp/ql/src/jsf/4.10
@@ -3,7 +3,10 @@
 * @description Members of the initialization list shall be listed in the order in which they are declared in the class.
 * @kind problem
 * @id cpp/jsf/av-rule-75
- * @problem.severity error
+ * @problem.severity recommendation
+ * @tags maintainability
+ *       readability
+ *       external/jsf
 */
 import cpp

--- a/cpp/ql/src/jsf/4.10
+++ b/cpp/ql/src/jsf/4.10
@@ -3,7 +3,9 @@
 * @description A copy constructor and an assignment operator shall be declared for classes that contain pointers to data items or nontrivial destructors. If the copy constructor and assignment operators are not required, they should be explicitly disallowed.
 * @kind problem
 * @id cpp/jsf/av-rule-76
- * @problem.severity error
+ * @problem.severity warning
+ * @tags maintainability
+ *       external/jsf
 */
 import cpp

--- a/cpp/ql/src/jsf/4.10
+++ b/cpp/ql/src/jsf/4.10
@@ -8,6 +8,7 @@
 * @tags reliability
 *       readability
 *       language-features
+ *       external/jsf
 */
 import cpp

--- a/cpp/ql/src/jsf/4.10
+++ b/cpp/ql/src/jsf/4.10
@@ -3,11 +3,11 @@
 * @description All base classes with a virtual function should define a virtual destructor. If an application attempts to delete a derived class object through a base class pointer, the result is undefined if the base class destructor is non-virtual.
 * @kind problem
 * @problem.severity warning
- * @precision high
 * @id cpp/jsf/av-rule-78
 * @tags reliability
 *       readability
 *       language-features
+ *       external/jsf
 */
 import cpp

--- a/cpp/ql/src/jsf/4.10
+++ b/cpp/ql/src/jsf/4.10
@@ -8,6 +8,7 @@
 * @tags efficiency
 *       readability
 *       external/cwe/cwe-404
+ *       external/jsf
 */
 import cpp
 import Critical.NewDelete
--- a/cpp/ql/src/jsf/4.10
+++ b/cpp/ql/src/jsf/4.10
@@ -4,6 +4,8 @@
 * @kind problem
 * @id cpp/jsf/av-rule-81
 * @problem.severity error
+ * @tags correctness
+ *       external/jsf
 */
 import cpp

--- a/cpp/ql/src/jsf/4.10
+++ b/cpp/ql/src/jsf/4.10
@@ -8,6 +8,7 @@
 * @tags reliability
 *       readability
 *       language-features
+ *       external/jsf
 */
 import cpp

--- a/cpp/ql/src/jsf/4.10
+++ b/cpp/ql/src/jsf/4.10
@@ -4,7 +4,9 @@
 * @kind problem
 * @id cpp/jsf/av-rule-85
 * @problem.severity warning
- * @tags reliability
+ * @tags maintainability
+ *       reliability
+ *       external/jsf
 */
 import cpp

--- a/Show More
+++ b/Show More