Merge branch 'main' into missing-check-scanf-squashed

2025-12-24 04:36:35 +01:00 · 2022-08-30 11:34:00 +02:00
parent e10042be7d 00755ecede
commit ce1e4ad422
428 changed files with 10448 additions and 2667 deletions
--- a/cpp/ql/lib/semmle/code/cpp/Class.qll
+++ b/cpp/ql/lib/semmle/code/cpp/Class.qll
@@ -404,7 +404,10 @@ class Class extends UserType {
   * compiled for. For this reason, the `is_pod_class` predicate is
   * generated by the extractor.
   */
-  predicate isPOD() { is_pod_class(underlyingElement(this)) }
+  predicate isPod() { is_pod_class(underlyingElement(this)) }
+
+  /** DEPRECATED: Alias for isPod */
+  deprecated predicate isPOD() { this.isPod() }

  /**
   * Holds if this class, struct or union is a standard-layout class
--- a/cpp/ql/lib/semmle/code/cpp/PODType03.qll
+++ b/cpp/ql/lib/semmle/code/cpp/PODType03.qll
@@ -79,17 +79,17 @@ predicate isAggregateType03(Type t) {
 *   user-defined copy assignment operator and no user-defined destructor.
 *   A POD class is a class that is either a POD-struct or a POD-union.
 */
-predicate isPODClass03(Class c) {
+predicate isPodClass03(Class c) {
  isAggregateClass03(c) and
  not exists(Variable v |
    v.getDeclaringType() = c and
    not v.isStatic()
  |
-    not isPODType03(v.getType())
+    not isPodType03(v.getType())
    or
    exists(ArrayType at |
      at = v.getType() and
-      not isPODType03(at.getBaseType())
+      not isPodType03(at.getBaseType())
    )
    or
    v.getType() instanceof ReferenceType
@@ -104,6 +104,9 @@ predicate isPODClass03(Class c) {
  )
 }

+/** DEPRECATED: Alias for isPodClass03 */
+deprecated predicate isPODClass03 = isPodClass03/1;
+
 /**
 * Holds if `t` is a POD type, according to the rules specified in
 * C++03 3.9(10):
@@ -112,14 +115,17 @@ predicate isPODClass03(Class c) {
 *   such types and cv-qualified versions of these types (3.9.3) are
 *   collectively called POD types.
 */
-predicate isPODType03(Type t) {
+predicate isPodType03(Type t) {
  exists(Type ut | ut = t.getUnderlyingType() |
    isScalarType03(ut)
    or
-    isPODClass03(ut)
+    isPodClass03(ut)
    or
-    exists(ArrayType at | at = ut and isPODType03(at.getBaseType()))
+    exists(ArrayType at | at = ut and isPodType03(at.getBaseType()))
    or
-    isPODType03(ut.(SpecifiedType).getUnspecifiedType())
+    isPodType03(ut.(SpecifiedType).getUnspecifiedType())
  )
 }
+
+/** DEPRECATED: Alias for isPodType03 */
+deprecated predicate isPODType03 = isPodType03/1;
--- a/cpp/ql/lib/semmle/code/cpp/XML.qll
+++ b/cpp/ql/lib/semmle/code/cpp/XML.qll
--- a/cpp/ql/lib/semmle/code/cpp/commons/Dependency.qll
+++ b/cpp/ql/lib/semmle/code/cpp/commons/Dependency.qll
@@ -238,7 +238,7 @@ predicate dependsOnTransitive(DependsSource src, Element dest) {
 /**
 * A dependency that targets a TypeDeclarationEntry.
 */
-private predicate dependsOnTDE(Element src, Type t, TypeDeclarationEntry dest) {
+private predicate dependsOnTde(Element src, Type t, TypeDeclarationEntry dest) {
  dependsOnTransitive(src, t) and
  getDeclarationEntries(t, dest)
 }
@@ -247,8 +247,8 @@ private predicate dependsOnTDE(Element src, Type t, TypeDeclarationEntry dest) {
 * A dependency that targets a visible TypeDeclarationEntry.
 */
 pragma[noopt]
-private predicate dependsOnVisibleTDE(Element src, Type t, TypeDeclarationEntry dest) {
-  dependsOnTDE(src, t, dest) and
+private predicate dependsOnVisibleTde(Element src, Type t, TypeDeclarationEntry dest) {
+  dependsOnTde(src, t, dest) and
  exists(File g | g = dest.getFile() |
    exists(File f | f = src.getFile() | f.getAnIncludedFile*() = g)
  )
@@ -260,8 +260,8 @@ private predicate dependsOnVisibleTDE(Element src, Type t, TypeDeclarationEntry
 private predicate dependsOnDeclarationEntry(Element src, DeclarationEntry dest) {
  exists(Type t |
    // dependency from a Type use -> unique visible TDE
-    dependsOnVisibleTDE(src, t, dest) and
-    strictcount(TypeDeclarationEntry alt | dependsOnVisibleTDE(src, t, alt)) = 1
+    dependsOnVisibleTde(src, t, dest) and
+    strictcount(TypeDeclarationEntry alt | dependsOnVisibleTde(src, t, alt)) = 1
  )
  or
  exists(TypedefType mid |
--- a/cpp/ql/lib/semmle/code/cpp/commons/NULL.qll
+++ b/cpp/ql/lib/semmle/code/cpp/commons/NULL.qll
@@ -1,11 +1,14 @@
 import semmle.code.cpp.Macro

 /** A macro defining NULL. */
-class NULLMacro extends Macro {
-  NULLMacro() { this.getHead() = "NULL" }
+class NullMacro extends Macro {
+  NullMacro() { this.getHead() = "NULL" }
 }

+/** DEPRECATED: Alias for NullMacro */
+deprecated class NULLMacro = NullMacro;
+
 /** A use of the NULL macro. */
 class NULL extends Literal {
-  NULL() { exists(NULLMacro nm | this = nm.getAnInvocation().getAnExpandedElement()) }
+  NULL() { exists(NullMacro nm | this = nm.getAnInvocation().getAnExpandedElement()) }
 }
--- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/FlowVar.qll
+++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/FlowVar.qll
@@ -474,7 +474,7 @@ module FlowVar_internal {
  }

  /** Type-specialized version of `getEnclosingElement`. */
-  private ControlFlowNode getCFNParent(ControlFlowNode node) { result = node.getEnclosingElement() }
+  private ControlFlowNode getCfnParent(ControlFlowNode node) { result = node.getEnclosingElement() }

  /**
   * A for-loop or while-loop whose condition is always true upon entry but not
@@ -526,7 +526,7 @@ module FlowVar_internal {
    }

    private predicate bbInLoopCondition(BasicBlock bb) {
-      getCFNParent*(bb.getANode()) = this.(Loop).getCondition()
+      getCfnParent*(bb.getANode()) = this.(Loop).getCondition()
    }

    private predicate bbInLoop(BasicBlock bb) {
--- a/cpp/ql/lib/semmle/code/cpp/valuenumbering/GlobalValueNumberingImpl.qll
+++ b/cpp/ql/lib/semmle/code/cpp/valuenumbering/GlobalValueNumberingImpl.qll
@@ -165,7 +165,7 @@ private ControlFlowNode mostRecentSideEffect(ControlFlowNode node) {

 /** Used to represent the "global value number" of an expression. */
 cached
-private newtype GVNBase =
+private newtype GvnBase =
  GVN_IntConst(int val, Type t) { mk_IntConst(val, t, _) } or
  GVN_FloatConst(float val, Type t) { mk_FloatConst(val, t, _) } or
  // If the local variable does not have a defining value, then
@@ -221,8 +221,8 @@ private newtype GVNBase =
 * expression with this `GVN` and using its `toString` and `getLocation`
 * methods.
 */
-class GVN extends GVNBase {
-  GVN() { this instanceof GVNBase }
+class GVN extends GvnBase {
+  GVN() { this instanceof GvnBase }

  /** Gets an expression that has this GVN. */
  Expr getAnExpr() { this = globalValueNumber(result) }
--- a/Opportunities/ClassesWithManyFields.ql
+++ b/Opportunities/ClassesWithManyFields.ql
@@ -63,17 +63,17 @@ class VariableDeclarationLine extends TVariableDeclarationInfo {
  /**
   * Gets a `VariableDeclarationEntry` on this line.
   */
-  VariableDeclarationEntry getAVDE() { vdeInfo(result, c, f, line) }
+  VariableDeclarationEntry getAVde() { vdeInfo(result, c, f, line) }

  /**
   * Gets the start column of the first `VariableDeclarationEntry` on this line.
   */
-  int getStartColumn() { result = min(this.getAVDE().getLocation().getStartColumn()) }
+  int getStartColumn() { result = min(this.getAVde().getLocation().getStartColumn()) }

  /**
   * Gets the end column of the last `VariableDeclarationEntry` on this line.
   */
-  int getEndColumn() { result = max(this.getAVDE().getLocation().getEndColumn()) }
+  int getEndColumn() { result = max(this.getAVde().getLocation().getEndColumn()) }

  /**
   * Gets the rank of this `VariableDeclarationLine` in its file and class
@@ -134,13 +134,13 @@ class VariableDeclarationGroup extends VariableDeclarationLine {
      count(VariableDeclarationLine l |
        l = this.getProximateNext*()
      |
-        l.getAVDE().getVariable().getName()
+        l.getAVde().getVariable().getName()
      )
  }

  override string toString() {
    this.getCount() = 1 and
-    result = "declaration of " + this.getAVDE().getVariable().getName()
+    result = "declaration of " + this.getAVde().getVariable().getName()
    or
    this.getCount() > 1 and
    result = "group of " + this.getCount() + " fields here"
--- a/Practices/BlockWithTooManyStatements.ql
+++ b/Practices/BlockWithTooManyStatements.ql
@@ -29,7 +29,4 @@ where
  n = strictcount(ComplexStmt s | s = b.getAStmt()) and
  n > 3 and
  complexStmt = b.getAStmt()
-select b,
-  "Block with too many statements (" + n.toString() +
-    " complex statements in the block). Complex statements at: $@", complexStmt,
-  complexStmt.toString()
+select b, "Block with too many statements (" + n.toString() + " complex statements in the block)."
--- a/Errors/EmptyBlock.ql
+++ b/Errors/EmptyBlock.ql
@@ -110,4 +110,4 @@ where
  emptyBlock(s, eb) and
  not emptyBlockContainsNonchild(eb) and
  not lineComment(eb)
-select eb, "Empty block without comment"
+select eb, "Empty block without comment."
--- a/Practices/UseOfGoto.ql
+++ b/Practices/UseOfGoto.ql
@@ -16,7 +16,7 @@ import cpp
 class JumpTarget extends Stmt {
  JumpTarget() { exists(GotoStmt g | g.getTarget() = this) }

-  FunctionDeclarationEntry getFDE() { result.getBlock() = this.getParentStmt+() }
+  FunctionDeclarationEntry getFde() { result.getBlock() = this.getParentStmt+() }

  predicate isForward() {
    exists(GotoStmt g | g.getTarget() = this |
@@ -33,8 +33,8 @@ class JumpTarget extends Stmt {

 from FunctionDeclarationEntry fde, int nforward, int nbackward
 where
-  nforward = strictcount(JumpTarget t | t.getFDE() = fde and t.isForward()) and
-  nbackward = strictcount(JumpTarget t | t.getFDE() = fde and t.isBackward()) and
+  nforward = strictcount(JumpTarget t | t.getFde() = fde and t.isForward()) and
+  nbackward = strictcount(JumpTarget t | t.getFde() = fde and t.isBackward()) and
  nforward != 1 and
  nbackward != 1
 select fde,
--- a/cpp/ql/src/Documentation/CommentedOutCode.ql
+++ b/cpp/ql/src/Documentation/CommentedOutCode.ql
@@ -12,4 +12,4 @@
 import CommentedOutCode

 from CommentedOutCode comment
-select comment, "This comment appears to contain commented-out code"
+select comment, "This comment appears to contain commented-out code."
--- a/Bugs/Arithmetic/BitwiseSignCheck.ql
+++ b/Bugs/Arithmetic/BitwiseSignCheck.ql
@@ -1,7 +1,6 @@
 /**
 * @name Sign check of bitwise operation
- * @description Checking the sign of a bitwise operation often has surprising
- *              edge cases.
+ * @description Checking the sign of the result of a bitwise operation may yield unexpected results.
 * @kind problem
 * @problem.severity warning
 * @precision high
@@ -26,4 +25,4 @@ where
  forall(int op | op = lhs.(BitwiseAndExpr).getAnOperand().getValue().toInt() | op < 0) and
  // exception for cases involving macros
  not e.isAffectedByMacro()
-select e, "Potential unsafe sign check of a bitwise operation."
+select e, "Potentially unsafe sign check of a bitwise operation."
--- a/Bugs/Arithmetic/FloatComparison.ql
+++ b/Bugs/Arithmetic/FloatComparison.ql
@@ -21,4 +21,4 @@ where
    FloatingPointType and
  not ro.getAnOperand().isConstant() and // comparisons to constants generate too many false positives
  not left.(VariableAccess).getTarget() = right.(VariableAccess).getTarget() // skip self comparison
-select ro, "Equality test on floating point values may not behave as expected."
+select ro, "Equality checks on floating point values can yield unexpected results."
--- a/Typos/MissingEnumCaseInSwitch.ql
+++ b/Typos/MissingEnumCaseInSwitch.ql
@@ -13,10 +13,11 @@

 import cpp

-from EnumSwitch es, float missing, float total
+from EnumSwitch es, float missing, float total, EnumConstant case
 where
  not es.hasDefaultCase() and
  missing = count(es.getAMissingCase()) and
  total = missing + count(es.getASwitchCase()) and
-  missing / total < 0.3
-select es, "Switch statement is missing case for " + es.getAMissingCase().getName()
+  missing / total < 0.3 and
+  case = es.getAMissingCase()
+select es, "Switch statement does not have a case for $@.", case, case.getName()
--- a/cpp/ql/src/Microsoft/CallWithNullSAL.ql
+++ b/cpp/ql/src/Microsoft/CallWithNullSAL.ql
@@ -13,7 +13,7 @@ import SAL

 from Parameter p, Call c, Expr arg
 where
-  any(SALNotNull a).getDeclaration() = p and
+  any(SalNotNull a).getDeclaration() = p and
  c.getTarget() = p.getFunction() and
  arg = c.getArgument(p.getIndex()) and
  nullValue(arg)
--- a/cpp/ql/src/Microsoft/IgnoreReturnValueSAL.ql
+++ b/cpp/ql/src/Microsoft/IgnoreReturnValueSAL.ql
@@ -18,7 +18,7 @@ from Function f, FunctionCall call
 where
  call.getTarget() = f and
  call instanceof ExprInVoidContext and
-  any(SALCheckReturn a).getDeclaration() = f and
+  any(SalCheckReturn a).getDeclaration() = f and
  not getOptions().okToIgnoreReturnValue(call)
 select call, "Return value of $@ discarded although a SAL annotation " + "requires inspecting it.",
  f, f.getName()
--- a/cpp/ql/src/Microsoft/InconsistentSAL.ql
+++ b/cpp/ql/src/Microsoft/InconsistentSAL.ql
@@ -11,7 +11,7 @@ import SAL

 /** Holds if `e` has SAL annotation `name`. */
 predicate hasAnnotation(DeclarationEntry e, string name) {
-  exists(SALAnnotation a |
+  exists(SalAnnotation a |
    a.getMacro().getName() = name and
    a.getDeclarationEntry() = e
  )
@@ -21,7 +21,7 @@ predicate hasAnnotation(DeclarationEntry e, string name) {
 predicate inheritsDeclAnnotations(DeclarationEntry e) {
  // Is directly annotated
  e.isDefinition() and
-  exists(SALAnnotation a | a.getMacro().getName() = "_Use_decl_annotations_" |
+  exists(SalAnnotation a | a.getMacro().getName() = "_Use_decl_annotations_" |
    a.getDeclarationEntry() = e
  )
  or
--- a/cpp/ql/src/Microsoft/SAL.qll
+++ b/cpp/ql/src/Microsoft/SAL.qll
@@ -8,8 +8,8 @@ import cpp
 /**
 * A SAL macro defined in `sal.h` or a similar header file.
 */
-class SALMacro extends Macro {
-  SALMacro() {
+class SalMacro extends Macro {
+  SalMacro() {
    this.getFile().getBaseName() =
      ["sal.h", "specstrings_strict.h", "specstrings.h", "w32p.h", "minwindef.h"] and
    (
@@ -22,15 +22,18 @@ class SALMacro extends Macro {
  }
 }

+/** DEPRECATED: Alias for SalMacro */
+deprecated class SALMacro = SalMacro;
+
 pragma[noinline]
 private predicate isTopLevelMacroAccess(MacroAccess ma) { not exists(ma.getParentInvocation()) }

 /**
 * An invocation of a SAL macro (excluding invocations inside other macros).
 */
-class SALAnnotation extends MacroInvocation {
-  SALAnnotation() {
-    this.getMacro() instanceof SALMacro and
+class SalAnnotation extends MacroInvocation {
+  SalAnnotation() {
+    this.getMacro() instanceof SalMacro and
    isTopLevelMacroAccess(this)
  }

@@ -47,23 +50,29 @@ class SALAnnotation extends MacroInvocation {
  }
 }

+/** DEPRECATED: Alias for SalAnnotation */
+deprecated class SALAnnotation = SalAnnotation;
+
 /**
 * A SAL macro indicating that the return value of a function should always be
 * checked.
 */
-class SALCheckReturn extends SALAnnotation {
-  SALCheckReturn() {
-    this.getMacro().(SALMacro).getName() = ["_Check_return_", "_Must_inspect_result_"]
+class SalCheckReturn extends SalAnnotation {
+  SalCheckReturn() {
+    this.getMacro().(SalMacro).getName() = ["_Check_return_", "_Must_inspect_result_"]
  }
 }

+/** DEPRECATED: Alias for SalCheckReturn */
+deprecated class SALCheckReturn = SalCheckReturn;
+
 /**
 * A SAL macro indicating that a pointer variable or return value should not be
 * `NULL`.
 */
-class SALNotNull extends SALAnnotation {
-  SALNotNull() {
-    exists(SALMacro m | m = this.getMacro() |
+class SalNotNull extends SalAnnotation {
+  SalNotNull() {
+    exists(SalMacro m | m = this.getMacro() |
      not m.getName().matches("%\\_opt\\_%") and
      (
        m.getName().matches("_In%") or
@@ -80,12 +89,15 @@ class SALNotNull extends SALAnnotation {
  }
 }

+/** DEPRECATED: Alias for SalNotNull */
+deprecated class SALNotNull = SalNotNull;
+
 /**
 * A SAL macro indicating that a value may be `NULL`.
 */
-class SALMaybeNull extends SALAnnotation {
-  SALMaybeNull() {
-    exists(SALMacro m | m = this.getMacro() |
+class SalMaybeNull extends SalAnnotation {
+  SalMaybeNull() {
+    exists(SalMacro m | m = this.getMacro() |
      m.getName().matches("%\\_opt\\_%") or
      m.getName().matches("\\_Ret_maybenull\\_%") or
      m.getName() = "_Result_nullonfailure_"
@@ -93,14 +105,17 @@ class SALMaybeNull extends SALAnnotation {
  }
 }

+/** DEPRECATED: Alias for SalMaybeNull */
+deprecated class SALMaybeNull = SalMaybeNull;
+
 /**
 * A parameter annotated by one or more SAL annotations.
 */
-class SALParameter extends Parameter {
+class SalParameter extends Parameter {
  /** One of this parameter's annotations. */
-  SALAnnotation a;
+  SalAnnotation a;

-  SALParameter() { annotatesAt(a, this.getADeclarationEntry(), _, _) }
+  SalParameter() { annotatesAt(a, this.getADeclarationEntry(), _, _) }

  predicate isIn() { a.getMacroName().toLowerCase().matches("%\\_in%") }

@@ -109,14 +124,17 @@ class SALParameter extends Parameter {
  predicate isInOut() { a.getMacroName().toLowerCase().matches("%\\_inout%") }
 }

+/** DEPRECATED: Alias for SalParameter */
+deprecated class SALParameter = SalParameter;
+
 ///////////////////////////////////////////////////////////////////////////////
 // Implementation details
 /**
 * Holds if `a` annotates the declaration entry `d` and
 * its start position is the `idx`th position in `file` that holds a SAL element.
 */
-private predicate annotatesAt(SALAnnotation a, DeclarationEntry d, File file, int idx) {
-  annotatesAtPosition(a.(SALElement).getStartPosition(), d, file, idx)
+private predicate annotatesAt(SalAnnotation a, DeclarationEntry d, File file, int idx) {
+  annotatesAtPosition(a.(SalElement).getStartPosition(), d, file, idx)
 }

 /**
@@ -127,12 +145,12 @@ private predicate annotatesAt(SALAnnotation a, DeclarationEntry d, File file, in
 // For performance reasons, do not mention the annotation itself here,
 // but compute with positions instead. This performs better on databases
 // with many annotations at the same position.
-private predicate annotatesAtPosition(SALPosition pos, DeclarationEntry d, File file, int idx) {
+private predicate annotatesAtPosition(SalPosition pos, DeclarationEntry d, File file, int idx) {
  pos = salRelevantPositionAt(file, idx) and
  salAnnotationPos(pos) and
  (
    // Base case: `pos` right before `d`
-    d.(SALElement).getStartPosition() = salRelevantPositionAt(file, idx + 1)
+    d.(SalElement).getStartPosition() = salRelevantPositionAt(file, idx + 1)
    or
    // Recursive case: `pos` right before some annotation on `d`
    annotatesAtPosition(_, d, file, idx + 1)
@@ -143,10 +161,10 @@ private predicate annotatesAtPosition(SALPosition pos, DeclarationEntry d, File
 * A SAL element, that is, a SAL annotation or a declaration entry
 * that may have SAL annotations.
 */
-library class SALElement extends Element {
-  SALElement() {
-    containsSALAnnotation(this.(DeclarationEntry).getFile()) or
-    this instanceof SALAnnotation
+library class SalElement extends Element {
+  SalElement() {
+    containsSalAnnotation(this.(DeclarationEntry).getFile()) or
+    this instanceof SalAnnotation
  }

  predicate hasStartPosition(File file, int line, int col) {
@@ -173,25 +191,28 @@ library class SALElement extends Element {
    )
  }

-  SALPosition getStartPosition() {
+  SalPosition getStartPosition() {
    exists(File file, int line, int col |
      this.hasStartPosition(file, line, col) and
-      result = MkSALPosition(file, line, col)
+      result = MkSalPosition(file, line, col)
    )
  }
 }

+/** DEPRECATED: Alias for SalElement */
+deprecated class SALElement = SalElement;
+
 /** Holds if `file` contains a SAL annotation. */
 pragma[noinline]
-private predicate containsSALAnnotation(File file) { any(SALAnnotation a).getFile() = file }
+private predicate containsSalAnnotation(File file) { any(SalAnnotation a).getFile() = file }

 /**
 * A source-file position of a `SALElement`. Unlike location, this denotes a
 * point in the file rather than a range.
 */
-private newtype SALPosition =
-  MkSALPosition(File file, int line, int col) {
-    exists(SALElement e |
+private newtype SalPosition =
+  MkSalPosition(File file, int line, int col) {
+    exists(SalElement e |
      e.hasStartPosition(file, line, col)
      or
      e.hasEndPosition(file, line, col)
@@ -200,18 +221,18 @@ private newtype SALPosition =

 /** Holds if `pos` is the start position of a SAL annotation. */
 pragma[noinline]
-private predicate salAnnotationPos(SALPosition pos) {
-  any(SALAnnotation a).(SALElement).getStartPosition() = pos
+private predicate salAnnotationPos(SalPosition pos) {
+  any(SalAnnotation a).(SalElement).getStartPosition() = pos
 }

 /**
 * Gets the `idx`th position in `file` that holds a SAL element,
 * ordering positions lexicographically by their start line and start column.
 */
-private SALPosition salRelevantPositionAt(File file, int idx) {
+private SalPosition salRelevantPositionAt(File file, int idx) {
  result =
-    rank[idx](SALPosition pos, int line, int col |
-      pos = MkSALPosition(file, line, col)
+    rank[idx](SalPosition pos, int line, int col |
+      pos = MkSalPosition(file, line, col)
    |
      pos order by line, col
    )
--- a/cpp/ql/src/Security/CWE/CWE-457/ConditionallyUninitializedVariable.ql
+++ b/cpp/ql/src/Security/CWE/CWE-457/ConditionallyUninitializedVariable.ql
@@ -24,7 +24,7 @@ where
    if e = DefinitionInSnapshot()
    then defined = ""
    else
-      if e = SuggestiveSALAnnotation()
+      if e = SuggestiveSalAnnotation()
      then defined = "externally defined (SAL) "
      else defined = "externally defined (CSV) "
  )
--- a/cpp/ql/src/Security/CWE/CWE-457/InitializationFunctions.qll
+++ b/cpp/ql/src/Security/CWE/CWE-457/InitializationFunctions.qll
@@ -149,7 +149,7 @@ newtype Evidence =
   * The function is externally defined, but the parameter has an `_out` SAL annotation which
   * suggests that it is initialized in the function.
   */
-  SuggestiveSALAnnotation() or
+  SuggestiveSalAnnotation() or
  /**
   * We have been given a CSV file which indicates this parameter is conditionally initialized.
   */
@@ -198,8 +198,8 @@ class InitializationFunction extends Function {
    or
    // If we have no definition, we look at SAL annotations
    not this.hasDefinition() and
-    this.getParameter(i).(SALParameter).isOut() and
-    evidence = SuggestiveSALAnnotation()
+    this.getParameter(i).(SalParameter).isOut() and
+    evidence = SuggestiveSalAnnotation()
    or
    // We have some external information that this function conditionally initializes
    not this.hasDefinition() and
--- a/cpp/ql/src/Security/CWE/CWE-611/XXE.ql
+++ b/cpp/ql/src/Security/CWE/CWE-611/XXE.ql
@@ -19,8 +19,8 @@ import DataFlow::PathGraph
 /**
 * A configuration for tracking XML objects and their states.
 */
-class XXEConfiguration extends DataFlow::Configuration {
-  XXEConfiguration() { this = "XXEConfiguration" }
+class XxeConfiguration extends DataFlow::Configuration {
+  XxeConfiguration() { this = "XXEConfiguration" }

  override predicate isSource(DataFlow::Node node, string flowstate) {
    any(XmlLibrary l).configurationSource(node, flowstate)
@@ -45,7 +45,7 @@ class XXEConfiguration extends DataFlow::Configuration {
  }
 }

-from XXEConfiguration conf, DataFlow::PathNode source, DataFlow::PathNode sink
+from XxeConfiguration conf, DataFlow::PathNode source, DataFlow::PathNode sink
 where conf.hasFlowPath(source, sink)
 select sink, source, sink,
  "This $@ is not configured to prevent an XML external entity (XXE) attack.", source, "XML parser"
--- a/cpp/ql/src/change-notes/2022-08-23-alert-messages.md
+++ b/cpp/ql/src/change-notes/2022-08-23-alert-messages.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The alert message of many queries have been changed to make the message consistent with other languages.
--- a/cpp/ql/src/jsf/3.02
+++ b/cpp/ql/src/jsf/3.02
@@ -16,17 +16,17 @@ import cpp
 // pointers. This will obviously not catch code that uses inline assembly to achieve
 // self-modification, nor will it spot the use of OS mechanisms to write into process
 // memory (such as WriteProcessMemory under Windows).
-predicate maybeSMCConversion(Type t1, Type t2) {
+predicate maybeSmcConversion(Type t1, Type t2) {
  t1 instanceof FunctionPointerType and
  t2 instanceof PointerType and
  not t2 instanceof FunctionPointerType and
  not t2 instanceof VoidPointerType
  or
-  maybeSMCConversion(t2, t1)
+  maybeSmcConversion(t2, t1)
 }

 from Expr e
 where
  e.fromSource() and
-  maybeSMCConversion(e.getUnderlyingType(), e.getActualType())
+  maybeSmcConversion(e.getUnderlyingType(), e.getActualType())
 select e, "AV Rule 2: There shall not be any self-modifying code."
--- a/cpp/ql/test/library-tests/pod/isPOD.ql
+++ b/cpp/ql/test/library-tests/pod/isPOD.ql
@@ -1,5 +1,5 @@
 import cpp

 from Class c, boolean ispod
-where if c.isPOD() then ispod = true else ispod = false
+where if c.isPod() then ispod = true else ispod = false
 select c, ispod
--- a/cpp/ql/test/library-tests/pod/isPOD03.ql
+++ b/cpp/ql/test/library-tests/pod/isPOD03.ql
@@ -1,5 +1,5 @@
 import semmle.code.cpp.PODType03

 from Class c, boolean ispod
-where if isPODClass03(c) then ispod = true else ispod = false
+where if isPodClass03(c) then ispod = true else ispod = false
 select c, ispod
--- a/cpp/ql/test/library-tests/sal/sal.ql
+++ b/cpp/ql/test/library-tests/sal/sal.ql
@@ -1,4 +1,4 @@
 import Microsoft.SAL

-from SALAnnotation a
+from SalAnnotation a
 select a, a.getDeclaration()
--- a/Errors/EmptyBlock/EmptyBlock.expected
+++ b/Errors/EmptyBlock/EmptyBlock.expected
@@ -1,3 +1,3 @@
-| empty_block.cpp:9:10:9:11 | { ... } | Empty block without comment |
-| empty_block.cpp:12:10:13:3 | { ... } | Empty block without comment |
-| empty_block.cpp:20:10:21:3 | { ... } | Empty block without comment |
+| empty_block.cpp:9:10:9:11 | { ... } | Empty block without comment. |
+| empty_block.cpp:12:10:13:3 | { ... } | Empty block without comment. |
+| empty_block.cpp:20:10:21:3 | { ... } | Empty block without comment. |
--- a/cpp/ql/test/query-tests/Documentation/CommentedOutCode/CommentedOutCode.expected
+++ b/cpp/ql/test/query-tests/Documentation/CommentedOutCode/CommentedOutCode.expected
@@ -1,20 +1,20 @@
-| test2.cpp:37:1:37:39 | // int myFunction() { return myValue; } | This comment appears to contain commented-out code |
-| test2.cpp:39:1:39:45 | // int myFunction() const { return myValue; } | This comment appears to contain commented-out code |
-| test2.cpp:41:1:41:54 | // int myFunction() const noexcept { return myValue; } | This comment appears to contain commented-out code |
-| test2.cpp:43:1:43:18 | // #define MYMACRO | This comment appears to contain commented-out code |
-| test2.cpp:45:1:45:23 | // #include "include.h" | This comment appears to contain commented-out code |
-| test2.cpp:47:1:51:2 | /*\n#ifdef\nvoid myFunction();\n#endif\n*/ | This comment appears to contain commented-out code |
-| test2.cpp:59:1:59:24 | // #if(defined(MYMACRO)) | This comment appears to contain commented-out code |
-| test2.cpp:63:1:63:15 | // #pragma once | This comment appears to contain commented-out code |
-| test2.cpp:65:1:65:17 | //  # pragma once | This comment appears to contain commented-out code |
-| test2.cpp:67:1:67:19 | /*#error"myerror"*/ | This comment appears to contain commented-out code |
-| test2.cpp:91:1:95:2 | /*\n#ifdef MYMACRO\n\t// ...\n#endif // #ifdef MYMACRO\n*/ | This comment appears to contain commented-out code |
-| test2.cpp:107:21:107:43 | // #include "config2.h" | This comment appears to contain commented-out code |
-| test2.cpp:115:16:115:35 | /* #ifdef MYMACRO */ | This comment appears to contain commented-out code |
-| test2.cpp:117:1:117:24 | // commented_out_code(); | This comment appears to contain commented-out code |
-| test2.cpp:120:2:120:25 | // commented_out_code(); | This comment appears to contain commented-out code |
-| test.c:2:1:2:22 | // commented out code; | This comment appears to contain commented-out code |
-| test.c:4:1:7:8 | // some; | This comment appears to contain commented-out code |
-| test.c:9:1:13:8 | // also; | This comment appears to contain commented-out code |
-| test.c:21:1:26:2 | /*\n    some;\n    commented;\n    out;\n    code;\n*/ | This comment appears to contain commented-out code |
-| test.c:28:1:34:2 | /*\n    also;\n    this\n    is;\n    commented-out\n    code;\n*/ | This comment appears to contain commented-out code |
+| test2.cpp:37:1:37:39 | // int myFunction() { return myValue; } | This comment appears to contain commented-out code. |
+| test2.cpp:39:1:39:45 | // int myFunction() const { return myValue; } | This comment appears to contain commented-out code. |
+| test2.cpp:41:1:41:54 | // int myFunction() const noexcept { return myValue; } | This comment appears to contain commented-out code. |
+| test2.cpp:43:1:43:18 | // #define MYMACRO | This comment appears to contain commented-out code. |
+| test2.cpp:45:1:45:23 | // #include "include.h" | This comment appears to contain commented-out code. |
+| test2.cpp:47:1:51:2 | /*\n#ifdef\nvoid myFunction();\n#endif\n*/ | This comment appears to contain commented-out code. |
+| test2.cpp:59:1:59:24 | // #if(defined(MYMACRO)) | This comment appears to contain commented-out code. |
+| test2.cpp:63:1:63:15 | // #pragma once | This comment appears to contain commented-out code. |
+| test2.cpp:65:1:65:17 | //  # pragma once | This comment appears to contain commented-out code. |
+| test2.cpp:67:1:67:19 | /*#error"myerror"*/ | This comment appears to contain commented-out code. |
+| test2.cpp:91:1:95:2 | /*\n#ifdef MYMACRO\n\t// ...\n#endif // #ifdef MYMACRO\n*/ | This comment appears to contain commented-out code. |
+| test2.cpp:107:21:107:43 | // #include "config2.h" | This comment appears to contain commented-out code. |
+| test2.cpp:115:16:115:35 | /* #ifdef MYMACRO */ | This comment appears to contain commented-out code. |
+| test2.cpp:117:1:117:24 | // commented_out_code(); | This comment appears to contain commented-out code. |
+| test2.cpp:120:2:120:25 | // commented_out_code(); | This comment appears to contain commented-out code. |
+| test.c:2:1:2:22 | // commented out code; | This comment appears to contain commented-out code. |
+| test.c:4:1:7:8 | // some; | This comment appears to contain commented-out code. |
+| test.c:9:1:13:8 | // also; | This comment appears to contain commented-out code. |
+| test.c:21:1:26:2 | /*\n    some;\n    commented;\n    out;\n    code;\n*/ | This comment appears to contain commented-out code. |
+| test.c:28:1:34:2 | /*\n    also;\n    this\n    is;\n    commented-out\n    code;\n*/ | This comment appears to contain commented-out code. |
--- a/Bugs/Arithmetic/BitwiseSignCheck/BitwiseSignCheck.expected
+++ b/Bugs/Arithmetic/BitwiseSignCheck/BitwiseSignCheck.expected
@@ -1,4 +1,4 @@
-| bsc.cpp:2:10:2:32 | ... > ... | Potential unsafe sign check of a bitwise operation. |
-| bsc.cpp:6:10:6:32 | ... > ... | Potential unsafe sign check of a bitwise operation. |
-| bsc.cpp:18:10:18:28 | ... > ... | Potential unsafe sign check of a bitwise operation. |
-| bsc.cpp:22:10:22:28 | ... < ... | Potential unsafe sign check of a bitwise operation. |
+| bsc.cpp:2:10:2:32 | ... > ... | Potentially unsafe sign check of a bitwise operation. |
+| bsc.cpp:6:10:6:32 | ... > ... | Potentially unsafe sign check of a bitwise operation. |
+| bsc.cpp:18:10:18:28 | ... > ... | Potentially unsafe sign check of a bitwise operation. |
+| bsc.cpp:22:10:22:28 | ... < ... | Potentially unsafe sign check of a bitwise operation. |
--- a/Bugs/Arithmetic/FloatComparison/FloatComparison.expected
+++ b/Bugs/Arithmetic/FloatComparison/FloatComparison.expected
@@ -1,4 +1,4 @@
-| c.c:10:5:10:10 | ... == ... | Equality test on floating point values may not behave as expected. |
-| c.c:14:5:14:14 | ... == ... | Equality test on floating point values may not behave as expected. |
-| c.c:16:5:16:12 | ... == ... | Equality test on floating point values may not behave as expected. |
-| c.c:17:5:17:12 | ... == ... | Equality test on floating point values may not behave as expected. |
+| c.c:10:5:10:10 | ... == ... | Equality checks on floating point values can yield unexpected results. |
+| c.c:14:5:14:14 | ... == ... | Equality checks on floating point values can yield unexpected results. |
+| c.c:16:5:16:12 | ... == ... | Equality checks on floating point values can yield unexpected results. |
+| c.c:17:5:17:12 | ... == ... | Equality checks on floating point values can yield unexpected results. |