Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

STR34-C: Do not consider integer type aliases in templates #576

Open
lcartey opened this issue May 1, 2024 · 0 comments · May be fixed by #635
Open

STR34-C: Do not consider integer type aliases in templates #576

lcartey opened this issue May 1, 2024 · 0 comments · May be fixed by #635
Assignees
Labels
Difficulty-Medium A false positive or false negative report which is expected to take 1-5 days effort to address false positive/false negative An issue related to observed false positives or false negatives. Impact-Medium Standard-CERT-C user-report Issue reported by an end user of CodeQL Coding Standards

Comments

@lcartey
Copy link
Collaborator

lcartey commented May 1, 2024

Affected rules

  • STR34-C

Description

This query identifies conversions from signed chars to larger signed integers. This is a C rule, however it is part of the collection of C rules that can be applied to C++. In the case of C++, we observe potential false positives where such conversions happen in a template.

This is because the query usually only reports cases where char or signed char are directly referenced. This is to avoid flagging code using typedefs of char which are intended to be used integer types, not char types. For example, it's common for int8_t to be typedef'd to char, and the rule wouldn't apply in this case because there's no developer confusion over the conversion. However, in template instantiations we see the fully resolved types, which means we would flag conversions if they occur in the template.

Example

template <typename S, typename T> S get(T t) {
   S s = t;  // FALSE_POSITIVE - for instantiation
  return s;
}

void test(int8_t c) {
  int32_t a = c; // COMPLIANT - conversion occurs, but type is not char
  int32_t b = get<int32_t, int8_t>(c); // triggers a false positive in the template
}
@lcartey lcartey added Difficulty-Medium A false positive or false negative report which is expected to take 1-5 days effort to address false positive/false negative An issue related to observed false positives or false negatives. Impact-Medium user-report Issue reported by an end user of CodeQL Coding Standards labels May 1, 2024
@lcartey lcartey self-assigned this May 1, 2024
@ravikprasad ravikprasad assigned mbaluda and unassigned lcartey Jul 3, 2024
@mbaluda mbaluda moved this from Triaged to Ready for review in Coding Standards Public Development Board Jul 5, 2024
@mbaluda mbaluda linked a pull request Jul 5, 2024 that will close this issue
30 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Difficulty-Medium A false positive or false negative report which is expected to take 1-5 days effort to address false positive/false negative An issue related to observed false positives or false negatives. Impact-Medium Standard-CERT-C user-report Issue reported by an end user of CodeQL Coding Standards
Projects
Status: Ready for review
Development

Successfully merging a pull request may close this issue.

3 participants