Merge pull request #57 from jbj/suites-in-ql-repo

C++: Move C/C++ suites to ql repo
2025-12-16 16:53:25 +01:00 · 2018-08-15 10:19:08 +01:00
parent 8e5059f43a 3e1247257f
commit f904aed016
52 changed files with 633 additions and 0 deletions
--- a/cpp/config/suites/c/code-review
+++ b/cpp/config/suites/c/code-review
@@ -0,0 +1,31 @@
+ semmlecode-cpp-queries/Likely Bugs/Conversion/LossyPointerCast.ql: /Critical/Critical_Correctness/Dangerous Conversions
+ semmlecode-cpp-queries/Best Practices/Likely Errors/Slicing.ql: /Critical/Critical_Correctness/Dangerous Conversions
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/BadCheckOdd.ql: /Critical/Critical_Correctness/Dangerous Conversions
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/IntMultToLong.ql: /Critical/Critical_Correctness/Dangerous Conversions
+ semmlecode-cpp-queries/Likely Bugs/Conversion/NonzeroValueCastToPointer.ql: /Critical/Critical_Correctness/Dangerous Conversions
+ semmlecode-cpp-queries/Likely Bugs/Conversion/ImplicitDowncastFromBitfield.ql: /Critical/Critical_Correctness/Dangerous Conversions
+ semmlecode-cpp-queries/Likely Bugs/Likely Typos/AssignWhereCompareMeant.ql: /Critical/Critical_Correctness/Common Errors
+ semmlecode-cpp-queries/Likely Bugs/Likely Typos/CompareWhereAssignMeant.ql: /Critical/Critical_Correctness/Common Errors
+ semmlecode-cpp-queries/Likely Bugs/Likely Typos/ExprHasNoEffect.ql: /Critical/Critical_Correctness/Common Errors
+ semmlecode-cpp-queries/Likely Bugs/Likely Typos/ShortCircuitBitMask.ql: /Critical/Critical_Correctness/Common Errors
+ semmlecode-cpp-queries/Likely Bugs/Likely Typos/MissingEnumCaseInSwitch.ql: /Critical/Critical_Correctness/Common Errors
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/BitwiseSignCheck.ql: /Critical/Critical_Correctness/Common Errors
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/SuspiciousCallToMemset.ql: /Critical/Critical_Correctness/Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/SuspiciousSizeof.ql: /Critical/Critical_Correctness/Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/UnsafeUseOfStrcat.ql: /Critical/Critical_Correctness/Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql: /Critical/Critical_Correctness/Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/StrncpyFlippedArgs.ql: /Critical/Critical_Correctness/Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Format/WrongNumberOfFormatArguments.ql: /Critical/Critical_Correctness/Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Format/TooManyFormatArguments.ql: /Critical/Critical_Correctness/Use of Libraries
+ semmlecode-cpp-queries/jsf/4.21 Operators/AV Rule 166.ql: /Critical/Critical_Correctness/Use of Libraries # Sizeof with side effects
+ semmlecode-cpp-queries/jsf/4.07 Header Files/AV Rule 35.ql: /Critical/Critical_Maintainability/Coupling # Missing header guard
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/ComparisonPrecedence.ql: /Critical/Critical_Readability/Expressions
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/UnsignedGEZero.ql: /Critical/Critical_Readability/Expressions
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/PointlessComparison.ql: /Critical/Critical_Readability/Expressions
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql: /Critical/Critical_Readability/Expressions
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/PointlessSelfComparison.ql: /Critical/Critical_Readability/Expressions
+ semmlecode-cpp-queries/Likely Bugs/Likely Typos/DubiousNullCheck.ql: /Critical/Critical_Readability/Control Flow
+ semmlecode-cpp-queries/jsf/4.24 Control Flow Structures/AV Rule 197.ql: /Critical/Critical_Readability/Control Flow
+
+## FLinesOfCode.ql is used internally.
+ odasa-cpp-metrics/Files/FLinesOfCode.ql
--- a/cpp/config/suites/c/correctness
+++ b/cpp/config/suites/c/correctness
@@ -0,0 +1,38 @@
+# CORRECTNESS
+  # Dangerous Conversions
+ semmlecode-cpp-queries/Likely Bugs/Conversion/LossyPointerCast.ql: /Correctness/Dangerous Conversions
+ semmlecode-cpp-queries/Best Practices/Likely Errors/Slicing.ql: /Correctness/Dangerous Conversions
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/BadCheckOdd.ql: /Correctness/Dangerous Conversions
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/IntMultToLong.ql: /Correctness/Dangerous Conversions
+ semmlecode-cpp-queries/Likely Bugs/Conversion/NonzeroValueCastToPointer.ql: /Correctness/Dangerous Conversions
+ semmlecode-cpp-queries/Likely Bugs/Conversion/ImplicitDowncastFromBitfield.ql: /Correctness/Dangerous Conversions
+  # Consistent Use 
+ semmlecode-cpp-queries/Critical/ReturnValueIgnored.ql: /Correctness/Consistent Use
+ semmlecode-cpp-queries/Likely Bugs/InconsistentCheckReturnNull.ql: /Correctness/Consistent Use
+ semmlecode-cpp-queries/Likely Bugs/InconsistentCallOnResult.ql: /Correctness/Consistent Use
+  # Common Errors
+ semmlecode-cpp-queries/Likely Bugs/Likely Typos/AssignWhereCompareMeant.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Likely Bugs/Likely Typos/CompareWhereAssignMeant.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Likely Bugs/Likely Typos/ExprHasNoEffect.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Likely Bugs/Likely Typos/ShortCircuitBitMask.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Likely Bugs/Likely Typos/MissingEnumCaseInSwitch.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/FloatComparison.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/BitwiseSignCheck.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Likely Bugs/NestedLoopSameVar.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Likely Bugs/UseInOwnInitializer.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Critical/NewArrayDeleteMismatch.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Critical/NewDeleteArrayMismatch.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Critical/NewFreeMismatch.ql: /Correctness/Common Errors
+  # Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/SuspiciousCallToMemset.ql: /Correctness/Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/SuspiciousSizeof.ql: /Correctness/Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/UnsafeUseOfStrcat.ql: /Correctness/Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql: /Correctness/Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/StrncpyFlippedArgs.ql: /Correctness/Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Format/WrongNumberOfFormatArguments.ql: /Correctness/Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Format/TooManyFormatArguments.ql: /Correctness/Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Format/WrongTypeFormatArguments.ql: /Correctness/Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Format/NonConstantFormat.ql: /Correctness/Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Format/SnprintfOverflow.ql: /Correctness/Use of Libraries
+ semmlecode-cpp-queries/jsf/4.21 Operators/AV Rule 166.ql: /Correctness/Use of Libraries # Sizeof with side effects
--- a/cpp/config/suites/c/internal
+++ b/cpp/config/suites/c/internal
@@ -0,0 +1,5 @@
+ odasa-cpp-metrics/Internal/CallableDisplayStrings.ql
+ odasa-cpp-metrics/Internal/CallableExtents.ql
+ odasa-cpp-metrics/Internal/CallableSourceLinks.ql
+ odasa-cpp-metrics/Internal/ReftypeDisplayStrings.ql
+ odasa-cpp-metrics/Internal/ReftypeSourceLinks.ql
--- a/cpp/config/suites/c/maintainability
+++ b/cpp/config/suites/c/maintainability
@@ -0,0 +1,22 @@
+# MAINTAINABILITY
+  # Coupling
+ semmlecode-cpp-queries/jsf/4.06 Pre-Processing Directives/AV Rule 32.ql: /Maintainability/Coupling # Include header files only
+ semmlecode-cpp-queries/jsf/4.07 Header Files/AV Rule 35.ql: /Maintainability/Coupling # Missing header guard
+ semmlecode-cpp-queries/Header Cleanup/Cleanup-DuplicateIncludeGuard.ql: /Maintainability/Coupling # Duplicate header guards
+ semmlecode-cpp-queries/Architecture/FeatureEnvy.ql: /Maintainability/Coupling
+ semmlecode-cpp-queries/Architecture/InappropriateIntimacy.ql: /Maintainability/Coupling
+  # Size
+ semmlecode-cpp-queries/Architecture/Refactoring Opportunities/ClassesWithManyFields.ql: /Maintainability/Size
+   @name Structs with too many members
+  # Documentation
+ semmlecode-cpp-queries/Documentation/CommentedOutCode.ql: /Maintainability/Documentation
+ semmlecode-cpp-queries/Documentation/TodoComments.ql: /Maintainability/Documentation
+ semmlecode-cpp-queries/Documentation/FixmeComments.ql: /Maintainability/Documentation
+ semmlecode-cpp-queries/Documentation/UncommentedFunction.ql: /Maintainability/Documentation
+ semmlecode-cpp-queries/Documentation/DocumentApi.ql: /Maintainability/Documentation
+  # Declarations
+ semmlecode-cpp-queries/Best Practices/Magic Constants/MagicConstantsString.ql: /Maintainability/Declarations
+ semmlecode-cpp-queries/Best Practices/Magic Constants/MagicConstantsNumbers.ql: /Maintainability/Declarations
+ semmlecode-cpp-queries/Best Practices/SloppyGlobal.ql: /Maintainability/Declarations
+  # Memory management
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/StackAddressEscapes.ql: /Maintainability/Memory Management
--- a/cpp/config/suites/c/metric-defects
+++ b/cpp/config/suites/c/metric-defects
@@ -0,0 +1,17 @@
+ odasa-cpp-metrics/Files/NumberOfPublicGlobals.ql: /Maintainability/Coupling 
+   @warning-from 11
+ odasa-cpp-metrics/Files/FEfferentCoupling.ql: /Maintainability/Coupling
+   @warning-from 120
+ odasa-cpp-metrics/Functions/FunNumberOfParameters.ql: /Maintainability/Size
+   @warning-from 9
+ odasa-cpp-metrics/Functions/FunLinesOfCode.ql: /Maintainability/Size
+   @warning-from 250
+ odasa-cpp-metrics/Files/FLinesOfCode.ql: /Maintainability/Size
+   @warning-from 1500
+  # Complexity
+ odasa-cpp-metrics/Functions/FunNumberOfCalls.ql: /Maintainability/Complexity
+  @warning-from 100
+ odasa-cpp-metrics/Functions/StatementNestingDepth.ql: /Maintainability/Complexity
+   @recommendation-from 7
+ odasa-cpp-metrics/Functions/FunCyclomaticComplexity.ql: /Maintainability/Complexity
+   @recommendation-from 100
--- a/cpp/config/suites/c/metrics
+++ b/cpp/config/suites/c/metrics
@@ -0,0 +1,48 @@
+# DASHBOARD METRICS
+
+@import metrics-external
+
+  # Build
+ odasa-cpp-metrics/Files/FTimeInFrontend.ql: /Metrics/Build
+
+  # Complexity
+ odasa-cpp-metrics/Files/FCyclomaticComplexity.ql: /Metrics/Complexity
+   @treemap.warnOn highValues
+ odasa-cpp-metrics/Files/NumberOfParameters.ql: /Metrics/Complexity
+   @treemap.warnOn highValues
+ odasa-cpp-metrics/Functions/StatementNestingDepth.ql: /Metrics/Complexity
+   @treemap.warnOn highValues
+
+  # Coupling
+ odasa-cpp-metrics/Files/FAfferentCoupling.ql: /Metrics/Coupling
+ odasa-cpp-metrics/Files/FEfferentCoupling.ql: /Metrics/Coupling
+ semmlecode-cpp-queries/Metrics/Files/FLinesOfDuplicatedCode.ql: /Metrics/Coupling
+
+  # Documentation
+ odasa-cpp-metrics/Files/FCommentRatio.ql: /Metrics/Documentation
+ odasa-cpp-metrics/Files/FLinesOfComments.ql: /Metrics/Documentation
+ odasa-cpp-metrics/Files/FTodoComments.ql: /Metrics/Documentation
+ odasa-cpp-metrics/Functions/FunLinesOfComments.ql: /Metrics/Documentation
+ odasa-cpp-metrics/Functions/FunPercentageOfComments.ql: /Metrics/Documentation
+   @treemap.warnOn lowValues
+ odasa-cpp-metrics/Files/FLinesOfCommentedOutCode.ql: /Metrics/Documentation
+
+  # Globals
+ odasa-cpp-metrics/Files/NumberOfFunctions.ql: /Metrics/Globals
+ odasa-cpp-metrics/Files/NumberOfGlobals.ql: /Metrics/Globals
+ odasa-cpp-metrics/Files/NumberOfPublicFunctions.ql: /Metrics/Globals
+ odasa-cpp-metrics/Files/NumberOfPublicGlobals.ql: /Metrics/Globals
+
+  # Preprocessor
+ odasa-cpp-metrics/Files/FDirectIncludes.ql: /Metrics/Preprocessor
+   @treemap.warnOn highValues
+ odasa-cpp-metrics/Files/FMacroRatio.ql: /Metrics/Preprocessor
+ odasa-cpp-metrics/Files/FTransitiveIncludes.ql: /Metrics/Preprocessor
+   @treemap.warnOn highValues
+
+  # Size
+ odasa-cpp-metrics/Files/FLinesOfCode.ql: /Metrics/Size
+ odasa-cpp-metrics/Files/FNumberOfTests.ql: /Metrics/Size
+ odasa-cpp-metrics/Functions/FunLinesOfCode.ql: /Metrics/Size
+ odasa-cpp-metrics/Functions/FunNumberOfStatements.ql: /Metrics/Size
+   @treemap.warnOn highValues
--- a/cpp/config/suites/c/metrics-external
+++ b/cpp/config/suites/c/metrics-external
@@ -0,0 +1,3 @@
+ odasa-cpp-metrics/External/FileCompilationSourceLinks.ql
+ odasa-cpp-metrics/External/FileCompilationDisplayStrings.ql
+
--- a/cpp/config/suites/c/readability
+++ b/cpp/config/suites/c/readability
@@ -0,0 +1,35 @@
+# READABILITY
+  # Expressions
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/ComparisonPrecedence.ql: /Readability/Expressions
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/UnsignedGEZero.ql: /Readability/Expressions
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/PointlessComparison.ql: /Readability/Expressions
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/PointlessSelfComparison.ql: /Readability/Expressions
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/ComparisonWithCancelingSubExpr.ql: /Readability/Expressions
+  # Control Flow
+ semmlecode-cpp-queries/Best Practices/Likely Errors/EmptyBlock.ql: /Readability/Control Flow 
+ semmlecode-cpp-queries/Likely Bugs/Likely Typos/FutileConditional.ql: /Readability/Control Flow
+ semmlecode-cpp-queries/Likely Bugs/Likely Typos/DubiousNullCheck.ql: /Readability/Control Flow
+ semmlecode-cpp-queries/jsf/4.24 Control Flow Structures/AV Rule 197.ql: /Readability/Control Flow # Avoid floats in for loops
+ semmlecode-cpp-queries/jsf/4.24 Control Flow Structures/AV Rule 201.ql: /Readability/Control Flow # For loop variable changed in body
+ semmlecode-cpp-queries/jsf/4.24 Control Flow Structures/AV Rule 196.ql: /Readability/Control Flow # No trivial switch statements
+ semmlecode-cpp-queries/Likely Bugs/ShortLoopVarName.ql: /Readability/Control Flow
+  # Declarations
+ semmlecode-cpp-queries/Best Practices/Hiding/LocalVariableHidesGlobalVariable.ql: /Readability/Declarations
+ semmlecode-cpp-queries/Best Practices/Hiding/DeclarationHidesParameter.ql: /Readability/Declarations
+ semmlecode-cpp-queries/Best Practices/Hiding/DeclarationHidesVariable.ql: /Readability/Declarations
+ semmlecode-cpp-queries/jsf/4.13 Functions/AV Rule 107.ql: /Readability/Declarations # Function declared in block
+ semmlecode-cpp-queries/Critical/LargeParameter.ql: /Readability/Declarations
+  # Size
+ semmlecode-cpp-queries/Best Practices/SwitchLongCase.ql: /Readability/Size
+ semmlecode-cpp-queries/Best Practices/BlockWithTooManyStatements.ql: /Readability/Size
+ semmlecode-cpp-queries/Best Practices/ComplexCondition.ql: /Readability/Size
+  # Safe Language
+ semmlecode-cpp-queries/Likely Bugs/AmbiguouslySignedBitField.ql: /Readability/Safe Language # Ambiguously signed bit-field member
+ semmlecode-cpp-queries/jsf/4.17 Types/AV Rule 148.ql: /Readability/Safe Language # Use of integer where enum is preferred
+ semmlecode-cpp-queries/jsf/4.16 Initialization/AV Rule 145.ql: /Readability/Safe Language # Enum initialisation
+ semmlecode-cpp-queries/jsf/4.10 Classes/AV Rule 97.ql: /Readability/Safe Language # No arrays in interfaces
+ semmlecode-cpp-queries/Likely Bugs/ReturnConstType.ql: /Readability/Safe Language
+ semmlecode-cpp-queries/jsf/4.13 Functions/AV Rule 114.ql: /Readability/Safe Language
+     @name Missing return statement
+ semmlecode-cpp-queries/Best Practices/UseOfGoto.ql: /Readability/Safe Language
+
--- a/cpp/config/suites/c/useless-code
+++ b/cpp/config/suites/c/useless-code
@@ -0,0 +1,8 @@
+# USELESS CODE
+ semmlecode-cpp-queries/Best Practices/Unused Entities/UnusedStaticFunctions.ql: /Useless Code
+ semmlecode-cpp-queries/Best Practices/Unused Entities/UnusedStaticVariables.ql: /Useless Code
+ semmlecode-cpp-queries/Best Practices/Unused Entities/UnusedLocals.ql: /Useless Code
+ semmlecode-cpp-queries/external/DuplicateFunction.ql: /Useless Code/Duplicate Code
+ semmlecode-cpp-queries/external/MostlyDuplicateFile.ql: /Useless Code/Duplicate Code
+ semmlecode-cpp-queries/external/MostlyDuplicateFunction.ql: /Useless Code/Duplicate Code
+ semmlecode-cpp-queries/external/MostlySimilarFile.ql: /Useless Code/Duplicate Code
--- a/cpp/config/suites/cpp/code-review
+++ b/cpp/config/suites/cpp/code-review
@@ -0,0 +1,9 @@
+ semmlecode-cpp-queries/Best Practices/Exceptions/AccidentalRethrow.ql: /Critical/Critical_Correctness/Exceptions
+ semmlecode-cpp-queries/Best Practices/Exceptions/CatchingByValue.ql: /Critical/Critical_Correctness/Exceptions
+ semmlecode-cpp-queries/Best Practices/Exceptions/LeakyCatch.ql: /Critical/Critical_Correctness/Exceptions
+ semmlecode-cpp-queries/Best Practices/Exceptions/ThrowingPointers.ql: /Critical/Critical_Correctness/Exceptions
+ semmlecode-cpp-queries/Likely Bugs/OO/ThrowInDestructor.ql: /Critical/Critical_Readability/Safe Language/C++
+ semmlecode-cpp-queries/jsf/4.10 Classes/AV Rule 95.ql: /Critical/Critical_Readability/JSF # Redefined default parameter
+
+@import ../c/code-review
+
--- a/cpp/config/suites/cpp/correctness
+++ b/cpp/config/suites/cpp/correctness
@@ -0,0 +1,45 @@
+# CORRECTNESS
+  # Dangerous Conversions
+ semmlecode-cpp-queries/Likely Bugs/Conversion/LossyPointerCast.ql: /Correctness/Dangerous Conversions
+ semmlecode-cpp-queries/Best Practices/Likely Errors/Slicing.ql: /Correctness/Dangerous Conversions
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/BadCheckOdd.ql: /Correctness/Dangerous Conversions
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/IntMultToLong.ql: /Correctness/Dangerous Conversions
+ semmlecode-cpp-queries/Likely Bugs/Conversion/NonzeroValueCastToPointer.ql: /Correctness/Dangerous Conversions
+ semmlecode-cpp-queries/Likely Bugs/Conversion/ImplicitDowncastFromBitfield.ql: /Correctness/Dangerous Conversions
+ semmlecode-cpp-queries/Likely Bugs/Conversion/CastArrayPointerArithmetic.ql: /Correctness/Dangerous Conversions
+  # Consistent Use 
+ semmlecode-cpp-queries/Critical/ReturnValueIgnored.ql: /Correctness/Consistent Use
+ semmlecode-cpp-queries/Likely Bugs/InconsistentCheckReturnNull.ql: /Correctness/Consistent Use
+ semmlecode-cpp-queries/Likely Bugs/InconsistentCallOnResult.ql: /Correctness/Consistent Use
+  # Common Errors
+ semmlecode-cpp-queries/Likely Bugs/Likely Typos/AssignWhereCompareMeant.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Likely Bugs/Likely Typos/CompareWhereAssignMeant.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Likely Bugs/Likely Typos/ExprHasNoEffect.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Likely Bugs/Likely Typos/ShortCircuitBitMask.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Likely Bugs/Likely Typos/MissingEnumCaseInSwitch.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/FloatComparison.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/BitwiseSignCheck.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Likely Bugs/NestedLoopSameVar.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Likely Bugs/UseInOwnInitializer.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Critical/NewArrayDeleteMismatch.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Critical/NewDeleteArrayMismatch.ql: /Correctness/Common Errors
+ semmlecode-cpp-queries/Critical/NewFreeMismatch.ql: /Correctness/Common Errors
+  # Exceptions
+ semmlecode-cpp-queries/Best Practices/Exceptions/AccidentalRethrow.ql: /Correctness/Exceptions
+ semmlecode-cpp-queries/Best Practices/Exceptions/CatchingByValue.ql: /Correctness/Exceptions
+ semmlecode-cpp-queries/Best Practices/Exceptions/LeakyCatch.ql: /Correctness/Exceptions
+ semmlecode-cpp-queries/Best Practices/Exceptions/ThrowingPointers.ql: /Correctness/Exceptions
+  # Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/SuspiciousCallToMemset.ql: /Correctness/Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/SuspiciousSizeof.ql: /Correctness/Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/UnsafeUseOfStrcat.ql: /Correctness/Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql: /Correctness/Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/StrncpyFlippedArgs.ql: /Correctness/Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/ReturnCstrOfLocalStdString.ql: /Correctness/Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Format/WrongNumberOfFormatArguments.ql: /Correctness/Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Format/TooManyFormatArguments.ql: /Correctness/Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Format/WrongTypeFormatArguments.ql: /Correctness/Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Format/NonConstantFormat.ql: /Correctness/Use of Libraries
+ semmlecode-cpp-queries/Likely Bugs/Format/SnprintfOverflow.ql: /Correctness/Use of Libraries
+ semmlecode-cpp-queries/jsf/4.21 Operators/AV Rule 166.ql: /Correctness/Use of Libraries # Sizeof with side effects
--- a/cpp/config/suites/cpp/internal
+++ b/cpp/config/suites/cpp/internal
@@ -0,0 +1,5 @@
+ odasa-cpp-metrics/Internal/CallableDisplayStrings.ql
+ odasa-cpp-metrics/Internal/CallableExtents.ql
+ odasa-cpp-metrics/Internal/CallableSourceLinks.ql
+ odasa-cpp-metrics/Internal/ReftypeDisplayStrings.ql
+ odasa-cpp-metrics/Internal/ReftypeSourceLinks.ql
--- a/cpp/config/suites/cpp/maintainability
+++ b/cpp/config/suites/cpp/maintainability
@@ -0,0 +1,20 @@
+# MAINTAINABILITY
+  # Coupling
+ semmlecode-cpp-queries/jsf/4.06 Pre-Processing Directives/AV Rule 32.ql: /Maintainability/Coupling # Include header files only
+ semmlecode-cpp-queries/jsf/4.07 Header Files/AV Rule 35.ql: /Maintainability/Coupling # Missing header guard
+ semmlecode-cpp-queries/Header Cleanup/Cleanup-DuplicateIncludeGuard.ql: /Maintainability/Coupling # Duplicate header guards
+ semmlecode-cpp-queries/Architecture/FeatureEnvy.ql: /Maintainability/Coupling
+ semmlecode-cpp-queries/Architecture/InappropriateIntimacy.ql: /Maintainability/Coupling
+ semmlecode-cpp-queries/Architecture/Refactoring Opportunities/ClassesWithManyFields.ql: /Maintainability/Size
+  # Documentation
+ semmlecode-cpp-queries/Documentation/CommentedOutCode.ql: /Maintainability/Documentation
+ semmlecode-cpp-queries/Documentation/TodoComments.ql: /Maintainability/Documentation
+ semmlecode-cpp-queries/Documentation/FixmeComments.ql: /Maintainability/Documentation
+ semmlecode-cpp-queries/Documentation/UncommentedFunction.ql: /Maintainability/Documentation
+ semmlecode-cpp-queries/Documentation/DocumentApi.ql: /Maintainability/Documentation
+  # Declarations
+ semmlecode-cpp-queries/Best Practices/Magic Constants/MagicConstantsString.ql: /Maintainability/Declarations
+ semmlecode-cpp-queries/Best Practices/Magic Constants/MagicConstantsNumbers.ql: /Maintainability/Declarations
+ semmlecode-cpp-queries/Best Practices/SloppyGlobal.ql: /Maintainability/Declarations
+  # Memory management
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/StackAddressEscapes.ql: /Maintainability/Memory Management
--- a/cpp/config/suites/cpp/metric-defects
+++ b/cpp/config/suites/cpp/metric-defects
@@ -0,0 +1,18 @@
+ odasa-cpp-metrics/Files/NumberOfPublicGlobals.ql: /Maintainability/Coupling 
+   @warning-from 7
+ odasa-cpp-metrics/Files/FEfferentCoupling.ql: /Maintainability/Coupling
+   @warning-from 120
+  # Size
+ odasa-cpp-metrics/Functions/FunNumberOfParameters.ql: /Maintainability/Size
+   @warning-from 11
+ odasa-cpp-metrics/Functions/FunLinesOfCode.ql: /Maintainability/Size
+   @warning-from 200
+ odasa-cpp-metrics/Files/FLinesOfCode.ql: /Maintainability/Size
+   @warning-from 1000
+  # Complexity
+ odasa-cpp-metrics/Functions/FunNumberOfCalls.ql: /Maintainability/Complexity
+  @warning-from 100
+ odasa-cpp-metrics/Functions/StatementNestingDepth.ql: /Maintainability/Complexity
+   @recommendation-from 6
+ odasa-cpp-metrics/Functions/FunCyclomaticComplexity.ql: /Maintainability/Complexity
+   @recommendation-from 75
--- a/cpp/config/suites/cpp/metrics
+++ b/cpp/config/suites/cpp/metrics
@@ -0,0 +1,61 @@
+# DASHBOARD METRICS
+
+@import metrics-external
+
+  # Build
+ odasa-cpp-metrics/Files/FTimeInFrontend.ql: /Metrics/Build
+
+  # Complexity
+ odasa-cpp-metrics/Classes/CPercentageOfComplexCode.ql: /Metrics/Complexity
+ odasa-cpp-metrics/Classes/CResponse.ql : /Metrics/Complexity
+ odasa-cpp-metrics/Files/FCyclomaticComplexity.ql: /Metrics/Complexity
+   @treemap.warnOn highValues
+ odasa-cpp-metrics/Files/NumberOfParameters.ql: /Metrics/Complexity
+   @treemap.warnOn highValues
+ odasa-cpp-metrics/Functions/StatementNestingDepth.ql: /Metrics/Complexity
+   @treemap.warnOn highValues
+
+  # Coupling
+ odasa-cpp-metrics/Classes/CAfferentCoupling.ql: /Metrics/Coupling
+ odasa-cpp-metrics/Classes/CEfferentCoupling.ql: /Metrics/Coupling
+ odasa-cpp-metrics/Files/FAfferentCoupling.ql: /Metrics/Coupling
+ odasa-cpp-metrics/Files/FEfferentCoupling.ql: /Metrics/Coupling
+ semmlecode-cpp-queries/Metrics/Files/FLinesOfDuplicatedCode.ql: /Metrics/Coupling
+
+  # Documentation
+ odasa-cpp-metrics/Files/FCommentRatio.ql: /Metrics/Documentation
+ odasa-cpp-metrics/Files/FLinesOfComments.ql: /Metrics/Documentation
+ odasa-cpp-metrics/Files/FTodoComments.ql: /Metrics/Documentation
+ odasa-cpp-metrics/Functions/FunLinesOfComments.ql: /Metrics/Documentation
+ odasa-cpp-metrics/Functions/FunPercentageOfComments.ql: /Metrics/Documentation
+   @treemap.warnOn lowValues
+ odasa-cpp-metrics/Files/FLinesOfCommentedOutCode.ql: /Metrics/Documentation
+
+  # Encapsulation
+ odasa-cpp-metrics/Classes/CInheritanceDepth.ql: /Metrics/Encapsulation
+ odasa-cpp-metrics/Classes/CLackOfCohesionCK.ql: /Metrics/Encapsulation
+ odasa-cpp-metrics/Classes/CSizeOfAPI.ql: /Metrics/Encapsulation
+ odasa-cpp-metrics/Classes/CSpecialisation.ql: /Metrics/Encapsulation
+
+  # Globals
+ odasa-cpp-metrics/Files/NumberOfFunctions.ql: /Metrics/Globals
+ odasa-cpp-metrics/Files/NumberOfGlobals.ql: /Metrics/Globals
+ odasa-cpp-metrics/Files/NumberOfPublicFunctions.ql: /Metrics/Globals
+ odasa-cpp-metrics/Files/NumberOfPublicGlobals.ql: /Metrics/Globals
+
+  # Preprocessor
+ odasa-cpp-metrics/Files/FDirectIncludes.ql: /Metrics/Preprocessor
+   @treemap.warnOn highValues
+ odasa-cpp-metrics/Files/FMacroRatio.ql: /Metrics/Preprocessor
+ odasa-cpp-metrics/Files/FTransitiveIncludes.ql: /Metrics/Preprocessor
+   @treemap.warnOn highValues
+
+  # Size
+ odasa-cpp-metrics/Files/FLinesOfCode.ql: /Metrics/Size
+ odasa-cpp-metrics/Files/FNumberOfTests.ql: /Metrics/Size
+ odasa-cpp-metrics/Functions/FunLinesOfCode.ql: /Metrics/Size
+ odasa-cpp-metrics/Functions/FunNumberOfStatements.ql: /Metrics/Size
+   @treemap.warnOn highValues
+ odasa-cpp-metrics/Classes/CLinesOfCode.ql: /Metrics/Size
+ odasa-cpp-metrics/Classes/CNumberOfFields.ql: /Metrics/Size
+ odasa-cpp-metrics/Classes/CNumberOfFunctions.ql: /Metrics/Size
--- a/cpp/config/suites/cpp/metrics-external
+++ b/cpp/config/suites/cpp/metrics-external
@@ -0,0 +1,3 @@
+ odasa-cpp-metrics/External/FileCompilationSourceLinks.ql
+ odasa-cpp-metrics/External/FileCompilationDisplayStrings.ql
+
--- a/cpp/config/suites/cpp/readability
+++ b/cpp/config/suites/cpp/readability
@@ -0,0 +1,49 @@
+# READABILITY
+  # Expressions
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/ComparisonPrecedence.ql: /Readability/Expressions
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/UnsignedGEZero.ql: /Readability/Expressions
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/PointlessComparison.ql: /Readability/Expressions
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/PointlessSelfComparison.ql: /Readability/Expressions
+ semmlecode-cpp-queries/Likely Bugs/Arithmetic/ComparisonWithCancelingSubExpr.ql: /Readability/Expressions
+  # Control Flow
+ semmlecode-cpp-queries/Best Practices/Likely Errors/EmptyBlock.ql: /Readability/Control Flow 
+ semmlecode-cpp-queries/Likely Bugs/Likely Typos/FutileConditional.ql: /Readability/Control Flow
+ semmlecode-cpp-queries/Likely Bugs/Likely Typos/DubiousNullCheck.ql: /Readability/Control Flow
+ semmlecode-cpp-queries/jsf/4.24 Control Flow Structures/AV Rule 197.ql: /Readability/Control Flow # Avoid floats in for loops
+ semmlecode-cpp-queries/jsf/4.24 Control Flow Structures/AV Rule 201.ql: /Readability/Control Flow # For loop variable changed in body
+ semmlecode-cpp-queries/jsf/4.24 Control Flow Structures/AV Rule 196.ql: /Readability/Control Flow # No trivial switch statements
+ semmlecode-cpp-queries/Likely Bugs/ShortLoopVarName.ql: /Readability/Control Flow
+  # Declarations
+ semmlecode-cpp-queries/Best Practices/Hiding/LocalVariableHidesGlobalVariable.ql: /Readability/Declarations
+ semmlecode-cpp-queries/Best Practices/Hiding/DeclarationHidesParameter.ql: /Readability/Declarations
+ semmlecode-cpp-queries/Best Practices/Hiding/DeclarationHidesVariable.ql: /Readability/Declarations
+ semmlecode-cpp-queries/jsf/4.13 Functions/AV Rule 107.ql: /Readability/Declarations # Function declared in block
+ semmlecode-cpp-queries/Critical/LargeParameter.ql: /Readability/Declarations
+  # Size
+ semmlecode-cpp-queries/Best Practices/SwitchLongCase.ql: /Readability/Size
+ semmlecode-cpp-queries/Best Practices/BlockWithTooManyStatements.ql: /Readability/Size
+ semmlecode-cpp-queries/Best Practices/ComplexCondition.ql: /Readability/Size
+  # Safe Language
+ semmlecode-cpp-queries/Likely Bugs/AmbiguouslySignedBitField.ql: /Readability/Safe Language # Ambiguously signed bit-field member
+ semmlecode-cpp-queries/jsf/4.17 Types/AV Rule 148.ql: /Readability/Safe Language # Use of integer where enum is preferred
+ semmlecode-cpp-queries/jsf/4.16 Initialization/AV Rule 145.ql: /Readability/Safe Language # Enum initialisation
+ semmlecode-cpp-queries/jsf/4.10 Classes/AV Rule 97.ql: /Readability/Safe Language # No arrays in interfaces
+ semmlecode-cpp-queries/Likely Bugs/ReturnConstType.ql: /Readability/Safe Language
+ semmlecode-cpp-queries/Best Practices/RuleOfTwo.ql: /Readability/Safe Language/C++
+ semmlecode-cpp-queries/Likely Bugs/OO/IncorrectConstructorDelegation.ql: /Readability/Safe Language/C++
+ semmlecode-cpp-queries/Likely Bugs/OO/ThrowInDestructor.ql: /Readability/Safe Language/C++
+ semmlecode-cpp-queries/jsf/4.13 Functions/AV Rule 114.ql: /Readability/Safe Language
+     @name Missing return statement
+ semmlecode-cpp-queries/Best Practices/UseOfGoto.ql: /Readability/Safe Language
+  # Safe Language > C++
+ semmlecode-cpp-queries/jsf/4.10 Classes/AV Rule 78.ql: /Readability/Safe Language/C++ # No virtual destructor
+ semmlecode-cpp-queries/jsf/4.10 Classes/AV Rule 71.1.ql: /Readability/Safe Language/C++ # Virtual call from constructor or destructor
+ semmlecode-cpp-queries/jsf/4.10 Classes/AV Rule 77.1.ql: /Readability/Safe Language/C++ # Confusion with implicit copy constructor
+ semmlecode-cpp-queries/jsf/4.10 Classes/AV Rule 82.ql: /Readability/Safe Language/C++ # Overloaded assignment does not return 'this'
+ semmlecode-cpp-queries/Likely Bugs/ReturnConstTypeMember.ql: /Readability/Safe Language/C++
+  # JSF
+ semmlecode-cpp-queries/jsf/4.10 Classes/AV Rule 79.ql: /Readability/JSF # Resource not released in destructor
+ semmlecode-cpp-queries/jsf/4.10 Classes/AV Rule 88.ql: /Readability/JSF # Undisciplined multiple inheritance
+ semmlecode-cpp-queries/jsf/4.10 Classes/AV Rule 89.ql: /Readability/JSF # Inconsistent virtual inheritance
+ semmlecode-cpp-queries/jsf/4.10 Classes/AV Rule 95.ql: /Readability/JSF # Redefined default parameter
+
--- a/cpp/config/suites/cpp/useless-code
+++ b/cpp/config/suites/cpp/useless-code
@@ -0,0 +1,10 @@
+# USELESS CODE
+ semmlecode-cpp-queries/Best Practices/Unused Entities/UnusedStaticFunctions.ql: /Useless Code
+ semmlecode-cpp-queries/Best Practices/Unused Entities/UnusedStaticVariables.ql: /Useless Code
+ semmlecode-cpp-queries/Best Practices/Unused Entities/UnusedLocals.ql: /Useless Code
+ semmlecode-cpp-queries/external/DuplicateFunction.ql: /Useless Code/Duplicate Code
+ semmlecode-cpp-queries/external/MostlyDuplicateClass.ql: /Useless Code/Duplicate Code
+ semmlecode-cpp-queries/external/MostlyDuplicateFile.ql: /Useless Code/Duplicate Code
+ semmlecode-cpp-queries/external/MostlyDuplicateFunction.ql: /Useless Code/Duplicate Code
+ semmlecode-cpp-queries/external/MostlySimilarFile.ql: /Useless Code/Duplicate Code
+
--- a/cpp/config/suites/default/c
+++ b/cpp/config/suites/default/c
@@ -0,0 +1,7 @@
+@import "../../suites/c/correctness"
+@import "../../suites/c/maintainability"
+@import "../../suites/c/readability"
+@import "../../suites/c/useless-code"
+
+@import "../../suites/c/metrics"
+@import "../../suites/c/metric-defects"
--- a/cpp/config/suites/default/cpp
+++ b/cpp/config/suites/default/cpp
@@ -0,0 +1,7 @@
+@import "../../suites/cpp/correctness"
+@import "../../suites/cpp/maintainability"
+@import "../../suites/cpp/readability"
+@import "../../suites/cpp/useless-code"
+
+@import "../../suites/cpp/metrics"
+@import "../../suites/cpp/metric-defects"
--- a/cpp/config/suites/security/all
+++ b/cpp/config/suites/security/all
@@ -0,0 +1,2 @@
+@import "default"
+@import "secondary"
--- a/cpp/config/suites/security/cwe-022
+++ b/cpp/config/suites/security/cwe-022
@@ -0,0 +1,3 @@
+# CWE-078: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
+ semmlecode-cpp-queries/Security/CWE/CWE-022/TaintedPath.ql: /CWE/CWE-022
+    @name Uncontrolled data used in path expression (CWE-022)
--- a/cpp/config/suites/security/cwe-078
+++ b/cpp/config/suites/security/cwe-078
@@ -0,0 +1,3 @@
+# CWE-078: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
+ semmlecode-cpp-queries/Security/CWE/CWE-078/ExecTainted.ql: /CWE/CWE-078
+    @name Uncontrolled data used in OS command (CWE-078)
--- a/cpp/config/suites/security/cwe-079
+++ b/cpp/config/suites/security/cwe-079
@@ -0,0 +1,3 @@
+# CWE-079: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
+ semmlecode-cpp-queries/Security/CWE/CWE-079/CgiXss.ql: /CWE/CWE-079
+    @name CGI script vulnerable to cross-site scripting (CWE-079)
--- a/cpp/config/suites/security/cwe-089
+++ b/cpp/config/suites/security/cwe-089
@@ -0,0 +1,3 @@
+# CWE-089: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
+ semmlecode-cpp-queries/Security/CWE/CWE-089/SqlTainted.ql: /CWE/CWE-089
+    @name Uncontrolled data in SQL query (CWE-089)
--- a/cpp/config/suites/security/cwe-114
+++ b/cpp/config/suites/security/cwe-114
@@ -0,0 +1,3 @@
+# CWE-114: Process Control
+ semmlecode-cpp-queries/Security/CWE/CWE-114/UncontrolledProcessOperation.ql: /CWE/CWE-114
+    @name Uncontrolled process operation (CWE-114)
--- a/cpp/config/suites/security/cwe-119
+++ b/cpp/config/suites/security/cwe-119
@@ -0,0 +1,13 @@
+# CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
+ semmlecode-cpp-queries/Security/CWE/CWE-119/OverflowBuffer.ql: /CWE/CWE-119
+    @name Call to memory access function may overflow buffer (CWE-119)
+ semmlecode-cpp-queries/Critical/OverflowStatic.ql: /CWE/CWE-119
+    @name Static array access may cause overflow (CWE-119)
+# + semmlecode-cpp-queries/Critical/OverflowDestination.ql: /CWE/CWE-119
+#    ^ disabled due to timeout issue
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql: /CWE/CWE-119
+    @name Potentially unsafe call to strncat (CWE-119)
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/StrncpyFlippedArgs.ql: /CWE/CWE-119
+    @name Possibly wrong buffer size in string copy (CWE-119)
+ semmlecode-cpp-queries/Likely Bugs/Conversion/CastArrayPointerArithmetic.ql: /CWE/CWE-119
+    @name Upcast array used in pointer arithmetic (CWE-119)
--- a/cpp/config/suites/security/cwe-120
+++ b/cpp/config/suites/security/cwe-120
@@ -0,0 +1,13 @@
+# CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
+ semmlecode-cpp-queries/Security/CWE/CWE-120/UnboundedWrite.ql: /CWE/CWE-120
+  @name Unbounded write (CWE-120)
+ semmlecode-cpp-queries/Security/CWE/CWE-120/BadlyBoundedWrite.ql: /CWE/CWE-120
+  @name Badly bounded write (CWE-120)
+ semmlecode-cpp-queries/Security/CWE/CWE-120/OverrunWrite.ql: /CWE/CWE-120
+  @name Potentially overrunning write (CWE-120)
+ semmlecode-cpp-queries/Security/CWE/CWE-120/OverrunWriteFloat.ql: /CWE/CWE-120
+  @name Potentially overrunning write with float to string conversion (CWE-120)
+ semmlecode-cpp-queries/Best Practices/Likely Errors/OffsetUseBeforeRangeCheck.ql: /CWE/CWE-120
+  @name Array offset used before range check (CWE-120)
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/UnsafeUseOfStrcat.ql: /CWE/CWE-120
+    @name Potentially unsafe use of strcat (CWE-120)
--- a/cpp/config/suites/security/cwe-121
+++ b/cpp/config/suites/security/cwe-121
@@ -0,0 +1,3 @@
+# CWE-121: Stack-based Buffer Overflow
+ semmlecode-cpp-queries/Security/CWE/CWE-121/UnterminatedVarargsCall.ql: /CWE/CWE-121
+    @name Unterminated variadic call (CWE-121)
--- a/cpp/config/suites/security/cwe-129
+++ b/cpp/config/suites/security/cwe-129
@@ -0,0 +1,3 @@
+# CWE-129: Stack-based Buffer Overflow
+ semmlecode-cpp-queries/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql: /CWE/CWE-129
+    @name Unclear validation of array index (CWE-129)
--- a/cpp/config/suites/security/cwe-131
+++ b/cpp/config/suites/security/cwe-131
@@ -0,0 +1,7 @@
+# CWE-131: Incorrect Calculation of Buffer Size
+ semmlecode-cpp-queries/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql: /CWE/CWE-131
+    @name No space for zero terminator (CWE-131)
+ semmlecode-cpp-queries/Critical/SizeCheck.ql: /CWE/CWE-131
+    @name Not enough memory allocated for pointer type (CWE-131)
+ semmlecode-cpp-queries/Critical/SizeCheck2.ql: /CWE/CWE-131
+    @name Not enough memory allocated for array of pointer type (CWE-131)
--- a/cpp/config/suites/security/cwe-134
+++ b/cpp/config/suites/security/cwe-134
@@ -0,0 +1,13 @@
+# CWE-134: Uncontrolled Format String
+ semmlecode-cpp-queries/Likely Bugs/Format/NonConstantFormat.ql: /CWE/CWE-134
+    @name Non-constant format string (CWE-134)
+# This one runs out of memory. See ODASA-608.
+#+ semmlecode-cpp-queries/PointsTo/TaintedFormatStrings.ql: /CWE/CWE-134
+ semmlecode-cpp-queries/Likely Bugs/Format/WrongNumberOfFormatArguments.ql: /CWE/CWE-134
+    @name Wrong number of arguments to formatting function (CWE-134)
+ semmlecode-cpp-queries/Likely Bugs/Format/WrongTypeFormatArguments.ql: /CWE/CWE-134
+    @name Wrong type of arguments to formatting function (CWE-134)
+ semmlecode-cpp-queries/Security/CWE/CWE-134/UncontrolledFormatString.ql: /CWE/CWE-134
+    @name Uncontrolled format string (CWE-134)
+ semmlecode-cpp-queries/Security/CWE/CWE-134/UncontrolledFormatStringThroughGlobalVar.ql: /CWE/CWE-134
+    @name Uncontrolled format string (through global variable) (CWE-134)
--- a/cpp/config/suites/security/cwe-170
+++ b/cpp/config/suites/security/cwe-170
@@ -0,0 +1,5 @@
+# CWE-170: Improper Null Termination
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/ImproperNullTermination.ql: /CWE/CWE-170
+    @name Potential improper null termination (CWE-170)
+ semmlecode-cpp-queries/Security/CWE/CWE-170/ImproperNullTerminationTainted.ql: /CWE/CWE-170
+    @name User-controlled data may not be null terminated (CWE-170)
--- a/cpp/config/suites/security/cwe-190
+++ b/cpp/config/suites/security/cwe-190
@@ -0,0 +1,13 @@
+# CWE-190: Integer Overflow or Wraparound
+ semmlecode-cpp-queries/Security/CWE/CWE-190/ArithmeticTainted.ql: /CWE/CWE-190
+    @name User-controlled data in arithmetic expression (CWE-190)
+ semmlecode-cpp-queries/Security/CWE/CWE-190/ArithmeticUncontrolled.ql: /CWE/CWE-190
+    @name Uncontrolled data in arithmetic expression (CWE-190)
+ semmlecode-cpp-queries/Security/CWE/CWE-190/ArithmeticWithExtremeValues.ql: /CWE/CWE-190
+    @name Use of extreme values in arithmetic expression (CWE-190)
+ semmlecode-cpp-queries/Security/CWE/CWE-190/TaintedAllocationSize.ql: /CWE/CWE-190
+    @name Overflow in uncontrolled allocation size (CWE-190)
+ semmlecode-cpp-queries/Security/CWE/CWE-190/IntegerOverflowTainted.ql: /CWE/CWE-190
+    @name Potential integer arithmetic overflow (CWE-190)
+ semmlecode-cpp-queries/Security/CWE/CWE-190/ComparisonWithWiderType.ql: /CWE/CWE-190
+    @name Comparison of wide type with narrow type in loop condition (CWE-190)
--- a/cpp/config/suites/security/cwe-242
+++ b/cpp/config/suites/security/cwe-242
@@ -0,0 +1,3 @@
+# CWE-242: Use of Inherently Dangerous Function
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/PotentialBufferOverflow.ql: /CWE/CWE-242
+    @name Use of inherently dangerous function (CWE-242)
--- a/cpp/config/suites/security/cwe-290
+++ b/cpp/config/suites/security/cwe-290
@@ -0,0 +1,3 @@
+# CWE-290: Authentication Bypass by Spoofing
+ semmlecode-cpp-queries/Security/CWE/CWE-290/AuthenticationBypass.ql: /CWE/CWE-290
+    @name Authentication bypass by spoofing (CWE-290)
--- a/cpp/config/suites/security/cwe-311
+++ b/cpp/config/suites/security/cwe-311
@@ -0,0 +1,9 @@
+# CWE-311 Missing Encryption of Sensitive Data
+ semmlecode-cpp-queries/Security/CWE/CWE-311/CleartextBufferWrite.ql: /CWE/CWE-311
+    @name Cleartext storage of sensitive information in buffer (CWE-311)
+    
+ semmlecode-cpp-queries/Security/CWE/CWE-311/CleartextFileWrite.ql: /CWE/CWE-311
+    @name Cleartext storage of sensitive information in file (CWE-311)
+
+ semmlecode-cpp-queries/Security/CWE/CWE-313/CleartextSqliteDatabase.ql: /CWE/CWE-311
+    @name Cleartext storage of sensitive information in an SQLite database (CWE-311)
--- a/cpp/config/suites/security/cwe-327
+++ b/cpp/config/suites/security/cwe-327
@@ -0,0 +1,5 @@
+# CWE-327: Use of a Broken or Risky Cryptographic Algorithm
+ semmlecode-cpp-queries/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql: /CWE/CWE-327
+    @name Use of a broken or risky cryptographic algorithm (CWE-327)
+ semmlecode-cpp-queries/Security/CWE/CWE-327/OpenSslHeartbleed.ql: /CWE/CWE-327
+    @name Use of a version of OpenSSL with Heartbleed (CWE-327)
--- a/cpp/config/suites/security/cwe-367
+++ b/cpp/config/suites/security/cwe-367
@@ -0,0 +1,3 @@
+# CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition
+ semmlecode-cpp-queries/Security/CWE/CWE-367/TOCTOUFilesystemRace.ql: /CWE/CWE-367
+    @name Time-of-check time-of-use filesystem race condition (CWE-367)
--- a/cpp/config/suites/security/cwe-416
+++ b/cpp/config/suites/security/cwe-416
@@ -0,0 +1,3 @@
+# CWE-416: Use After Free
+ semmlecode-cpp-queries/Critical/UseAfterFree.ql: /CWE/CWE-416
+    @name Potential use after free (CWE-416)
--- a/cpp/config/suites/security/cwe-457
+++ b/cpp/config/suites/security/cwe-457
@@ -0,0 +1,3 @@
+# CWE-457: Use of Uninitialized Variable
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/UninitializedLocal.ql: /CWE/CWE-457
+    @name Potentially uninitialized local variable (CWE-457)
--- a/cpp/config/suites/security/cwe-468
+++ b/cpp/config/suites/security/cwe-468
@@ -0,0 +1,9 @@
+# CWE-468: Incorrect pointer scaling
+ semmlecode-cpp-queries/Security/CWE/CWE-468/IncorrectPointerScaling.ql: /CWE/CWE-468
+    @name Suspicious pointer scaling (CWE-468)
+ semmlecode-cpp-queries/Security/CWE/CWE-468/IncorrectPointerScalingChar.ql: /CWE/CWE-468
+    @name Suspicious pointer scaling to char (CWE-468)
+ semmlecode-cpp-queries/Security/CWE/CWE-468/IncorrectPointerScalingVoid.ql: /CWE/CWE-468
+    @name Suspicious pointer scaling to void (CWE-468)
+ semmlecode-cpp-queries/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql: /CWE/CWE-468
+    @name Suspicious add with sizeof (CWE-468)
--- a/cpp/config/suites/security/cwe-497-expensive
+++ b/cpp/config/suites/security/cwe-497-expensive
@@ -0,0 +1,3 @@
+# CWE-497 Exposure of System Data to an Unauthorized Control Sphere
+ semmlecode-cpp-queries/Security/CWE/CWE-497/ExposedSystemData.ql: /CWE/CWE-497
+    @name Exposure of system data to an unauthorized control sphere (CWE-497)
--- a/cpp/config/suites/security/cwe-676
+++ b/cpp/config/suites/security/cwe-676
@@ -0,0 +1,5 @@
+# CWE-676: Use of Potentially Dangerous Function
+ semmlecode-cpp-queries/Security/CWE/CWE-676/DangerousUseOfCin.ql: /CWE/CWE-676
+    @name Dangerous use of 'cin' (CWE-676)
+ semmlecode-cpp-queries/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql: /CWE/CWE-676
+    @name Use of potentially dangerous function (CWE-676)
--- a/cpp/config/suites/security/cwe-732
+++ b/cpp/config/suites/security/cwe-732
@@ -0,0 +1,3 @@
+# CWE-732: Incorrect Permission Assignment for Critical Resource
+ semmlecode-cpp-queries/Security/CWE/CWE-732/DoNotCreateWorldWritable.ql: /CWE/CWE-732
+    @name File created without restricting permissions (CWE-732)
--- a/cpp/config/suites/security/cwe-764
+++ b/cpp/config/suites/security/cwe-764
@@ -0,0 +1,7 @@
+# CWE-764: Multiple Locks of a CriticalResource
+ semmlecode-cpp-queries/Security/CWE/CWE-764/UnreleasedLock.ql: /CWE/CWE-764
+    @name Lock may not be released (CWE-764)
+ semmlecode-cpp-queries/Security/CWE/CWE-764/TwiceLocked.ql: /CWE/CWE-764
+    @name Mutex locked twice (CWE-764)
+ semmlecode-cpp-queries/Security/CWE/CWE-764/LockOrderCycle.ql: /CWE/CWE-764
+    @name Cyclic lock order dependency (CWE-764)
--- a/cpp/config/suites/security/cwe-772
+++ b/cpp/config/suites/security/cwe-772
@@ -0,0 +1,3 @@
+# CWE-772: Missing Release of Resource after Effective Lifetime
+ semmlecode-cpp-queries/Critical/NewFreeMismatch.ql: /CWE/CWE-772
+    @name Mismatching new/free or malloc/delete (CWE-772)
--- a/cpp/config/suites/security/cwe-772-expensive
+++ b/cpp/config/suites/security/cwe-772-expensive
@@ -0,0 +1,9 @@
+# CWE-772: Missing Release of Resource after Effective Lifetime
+ semmlecode-cpp-queries/Critical/FileMayNotBeClosed.ql: /CWE/CWE-772
+    @name Open file may not be closed (CWE-772)
+ semmlecode-cpp-queries/Critical/FileNeverClosed.ql: /CWE/CWE-772
+    @name Open file is not closed (CWE-772)
+ semmlecode-cpp-queries/Critical/MemoryMayNotBeFreed.ql: /CWE/CWE-772
+    @name Memory may not be freed (CWE-772)
+ semmlecode-cpp-queries/Critical/MemoryNeverFreed.ql: /CWE/CWE-772
+    @name Memory is never freed (CWE-772)
--- a/cpp/config/suites/security/cwe-807
+++ b/cpp/config/suites/security/cwe-807
@@ -0,0 +1,3 @@
+# CWE-807: Reliance on Untrusted Inputs in a Security Decision
+ semmlecode-cpp-queries/Security/CWE/CWE-807/TaintedCondition.ql: /CWE/CWE-807
+    @name Untrusted input for a condition (CWE-807)
--- a/cpp/config/suites/security/cwe-835
+++ b/cpp/config/suites/security/cwe-835
@@ -0,0 +1,3 @@
+# CWE-835: Infinite loop with unsatisfiable exit condition
+ semmlecode-cpp-queries/Security/CWE/CWE-835/InfiniteLoopWithUnsatisfiableExitCondition.ql: /CWE/CWE-835
+    @name Infinite loop with unsatisfiable exit condition (CWE-835)
--- a/cpp/config/suites/security/default
+++ b/cpp/config/suites/security/default
@@ -0,0 +1,28 @@
+# All C++ security queries
+@import "cwe-022"
+@import "cwe-078"
+@import "cwe-079"
+@import "cwe-089"
+@import "cwe-114"
+@import "cwe-119"
+@import "cwe-120"
+@import "cwe-121"
+@import "cwe-129"
+@import "cwe-131"
+@import "cwe-134"
+@import "cwe-170"
+@import "cwe-190"
+@import "cwe-242"
+@import "cwe-290"
+@import "cwe-311"
+@import "cwe-327"
+@import "cwe-367"
+@import "cwe-416"
+@import "cwe-457"
+@import "cwe-468"
+@import "cwe-676"
+@import "cwe-732"
+@import "cwe-764"
+@import "cwe-772"
+@import "cwe-807"
+@import "cwe-835"
--- a/cpp/config/suites/security/secondary
+++ b/cpp/config/suites/security/secondary
@@ -0,0 +1,3 @@
+# Not in the default suite due to using expensive points-to analysis
+@import "cwe-497-expensive"
+@import "cwe-772-expensive"