github · mbaluda · Apr 26, 2023 · Apr 3, 2023 · Apr 4, 2023 · Apr 11, 2023
diff --git a/.github/workflows/dispatch-matrix-test-on-comment.yml b/.github/workflows/dispatch-matrix-test-on-comment.yml
@@ -35,7 +35,7 @@ jobs:
           token: ${{ secrets.RELEASE_ENGINEERING_TOKEN }}
           repository: github/codeql-coding-standards-release-engineering
           event-type: matrix-test
-          client-payload: '{"pr": "${{ github.event.number  }}"}'
+          client-payload: '{"pr": "${{ github.event.issue.number }}"}'
 
       - uses: actions/github-script@v6
         if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-matrix') }}

diff --git a/README.md b/README.md
@@ -50,3 +50,5 @@ All header files in [c/common/test/includes/standard-library](./c/common/test/in
 ---
 
 <sup>1</sup>This repository incorporates portions of the SEI CERT® Coding Standards available at https://wiki.sei.cmu.edu/confluence/display/seccode/SEI+CERT+Coding+Standards; however, such use does not necessarily constitute or imply an endorsement, recommendation, or favoring by Carnegie Mellon University or its Software Engineering Institute.
+
+
diff --git a/c/cert/src/rules/ENV32-C/ExitHandlersMustReturnNormally.ql b/c/cert/src/rules/ENV32-C/ExitHandlersMustReturnNormally.ql
@@ -14,14 +14,26 @@
 import cpp
 import codingstandards.c.cert
 
-class ExitFunction extends Function {
-  ExitFunction() { this.hasGlobalName(["_Exit", "exit", "quick_exit", "longjmp"]) }
+/**
+ * Exit function or macro.
+ */
+class Exit extends Locatable {
+  Exit() {
+    ["_Exit", "exit", "quick_exit", "longjmp"] = [this.(Function).getName(), this.(Macro).getName()]
+  }
 }
 
-class ExitFunctionCall extends FunctionCall {
-  ExitFunctionCall() { this.getTarget() instanceof ExitFunction }
+class ExitExpr extends Expr {
+  ExitExpr() {
+    this.(FunctionCall).getTarget() instanceof Exit
+    or
+    any(MacroInvocation m | this = m.getExpr()).getMacro() instanceof Exit
+  }
 }
 
+/**
+ * Functions that are registered as exit handlers.
+ */
 class RegisteredAtexit extends FunctionAccess {
   RegisteredAtexit() {
     exists(FunctionCall ae |
@@ -32,24 +44,26 @@ class RegisteredAtexit extends FunctionAccess {
 }
 
 /**
- * Nodes of type Function, FunctionCall or FunctionAccess that \
- * are reachable from a redistered atexit handler and
+ * Nodes of type Function, FunctionCall, FunctionAccess or ExitExpr
+ * that are reachable from a registered atexit handler and
  * can reach an exit function.
  */
 class InterestingNode extends ControlFlowNode {
   InterestingNode() {
     exists(Function f |
       (
         this = f and
-        // exit functions are not part of edges
-        not this = any(ExitFunction ec)
+        // exit is not part of edges
+        not this instanceof Exit
         or
         this.(FunctionCall).getTarget() = f
         or
         this.(FunctionAccess).getTarget() = f
+        or
+        this.(ExitExpr).getEnclosingFunction() = f
       ) and
-      // reaches an exit function
-      f.calls*(any(ExitFunction e)) and
+      // reaches an `ExitExpr`
+      f.calls*(any(ExitExpr ee).getEnclosingFunction()) and
       // is reachable from a registered atexit function
       exists(RegisteredAtexit re | re.getTarget().calls*(f))
     )
@@ -62,14 +76,12 @@ class InterestingNode extends ControlFlowNode {
  * `Function` and `FunctionCall` in their body.
  */
 query predicate edges(InterestingNode a, InterestingNode b) {
-  a.(FunctionAccess).getTarget() = b
-  or
-  a.(FunctionCall).getTarget() = b
-  or
+  a.(FunctionAccess).getTarget() = b or
+  a.(FunctionCall).getTarget() = b or
   a.(Function).calls(_, b)
 }
 
-from RegisteredAtexit hr, Function f, ExitFunctionCall e
+from RegisteredAtexit hr, Function f, ExitExpr e
 where edges(hr, f) and edges+(f, e)
 select f, hr, e, "The function is $@ and $@. It must instead terminate by returning.", hr,
   "registered as `exit handler`", e, "calls an `exit function`"
diff --git a/c/cert/src/rules/ERR33-C/DetectAndHandleStandardLibraryErrors.ql b/c/cert/src/rules/ERR33-C/DetectAndHandleStandardLibraryErrors.ql
@@ -441,7 +441,7 @@ ControlFlowNode ferrorNotchecked(FileWriteFunctionCall write) {
     not isShortCircuitedEdge(mid, result) and
     result = mid.getASuccessor() and
     //Stop recursion on call to ferror on the correct file
-    not accessSameTarget(result.(FerrorCall).getArgument(0), write.getFileExpr())
+    not sameFileSource(result.(FerrorCall), write)
   )
 }
 

diff --git a/c/cert/src/rules/EXP43-C/DoNotPassAliasedPointerToRestrictQualifiedParam.ql b/c/cert/src/rules/EXP43-C/DoNotPassAliasedPointerToRestrictQualifiedParam.ql
@@ -25,9 +25,26 @@ class FunctionWithRestrictParameters extends Function {
   Parameter restrictPtrParam;
 
   FunctionWithRestrictParameters() {
-    restrictPtrParam = this.getAParameter() and
     restrictPtrParam.getUnspecifiedType() instanceof PointerOrArrayType and
-    restrictPtrParam.getType().hasSpecifier("restrict")
+    (
+      restrictPtrParam.getType().hasSpecifier(["restrict"]) and
+      restrictPtrParam = this.getAParameter()
+      or
+      this.hasGlobalName(["strcpy", "strncpy", "strcat", "strncat", "memcpy"]) and
+      restrictPtrParam = this.getParameter([0, 1])
+      or
+      this.hasGlobalName(["strcpy_s", "strncpy_s", "strcat_s", "strncat_s", "memcpy_s"]) and
+      restrictPtrParam = this.getParameter([0, 2])
+      or
+      this.hasGlobalName(["strtok_s"]) and
+      restrictPtrParam = this.getAParameter()
+      or
+      this.hasGlobalName(["printf", "printf_s", "scanf", "scanf_s"]) and
+      restrictPtrParam = this.getParameter(0)
+      or
+      this.hasGlobalName(["sprintf", "sprintf_s", "snprintf", "snprintf_s"]) and
+      restrictPtrParam = this.getParameter(3)
+    )
   }
 
   Parameter getARestrictPtrParam() { result = restrictPtrParam }

diff --git a/c/cert/src/rules/STR32-C/NonNullTerminatedToFunctionThatExpectsAString.md b/c/cert/src/rules/STR32-C/NonNullTerminatedToFunctionThatExpectsAString.md
@@ -271,7 +271,7 @@ CWE-123 – STR31-C =
 
 ## Implementation notes
 
-None
+Wide character types are not handled correctly on the `aarch64le` architecture. This can lead to false negative alerts.
 
 ## References
 

diff --git a/c/cert/src/rules/STR38-C/DoNotConfuseNarrowAndWideFunctions.md b/c/cert/src/rules/STR38-C/DoNotConfuseNarrowAndWideFunctions.md
@@ -131,7 +131,7 @@ Search for vulnerabilities resulting from the violation of this rule on the [CER
 
 ## Implementation notes
 
-None
+Wide character types are not handled correctly on the `aarch64le` architecture. This can lead to false negative alerts.
 
 ## References
 

diff --git a/c/cert/src/rules/STR38-C/DoNotConfuseNarrowAndWideFunctions.ql b/c/cert/src/rules/STR38-C/DoNotConfuseNarrowAndWideFunctions.ql
@@ -63,6 +63,5 @@ where
     c instanceof WideToNarrowCast and actual = "wide" and expected = "narrow"
   )
 select call,
-  "Call to function $@ with a " + actual + " character string $@ where a " + expected +
-    " character string $@ is expected.", call.getTarget(), call.getTarget().getName(), arg,
-  "argument", p, "parameter"
+  "Call to function `" + call.getTarget().getName() + "` with a " + actual +
+    " character string $@ where a " + expected + " character string is expected.", arg, "argument"
diff --git a/c/cert/test/rules/ARR39-C/DoNotAddOrSubtractAScaledIntegerToAPointer.expected.qcc b/c/cert/test/rules/ARR39-C/DoNotAddOrSubtractAScaledIntegerToAPointer.expected.qcc
@@ -0,0 +1,23 @@
+edges
+| test.c:7:13:7:14 | p1 | test.c:9:9:9:10 | p1 |
+| test.c:16:19:16:41 | __builtin_offsetof | test.c:18:26:18:31 | offset |
+| test.c:16:19:16:41 | __builtin_offsetof | test.c:29:6:29:11 | offset |
+| test.c:17:17:17:26 | sizeof(<expr>) | test.c:23:9:23:12 | size |
+| test.c:29:6:29:11 | offset | test.c:7:13:7:14 | p1 |
+nodes
+| test.c:7:13:7:14 | p1 | semmle.label | p1 |
+| test.c:9:9:9:10 | p1 | semmle.label | p1 |
+| test.c:16:19:16:41 | __builtin_offsetof | semmle.label | __builtin_offsetof |
+| test.c:17:17:17:26 | sizeof(<expr>) | semmle.label | sizeof(<expr>) |
+| test.c:18:26:18:31 | offset | semmle.label | offset |
+| test.c:23:9:23:12 | size | semmle.label | size |
+| test.c:25:9:25:18 | sizeof(<expr>) | semmle.label | sizeof(<expr>) |
+| test.c:27:17:27:26 | sizeof(<expr>) | semmle.label | sizeof(<expr>) |
+| test.c:29:6:29:11 | offset | semmle.label | offset |
+subpaths
+#select
+| test.c:9:9:9:10 | p1 | test.c:16:19:16:41 | __builtin_offsetof | test.c:9:9:9:10 | p1 | Scaled integer used in pointer arithmetic. |
+| test.c:18:26:18:31 | offset | test.c:16:19:16:41 | __builtin_offsetof | test.c:18:26:18:31 | offset | Scaled integer used in pointer arithmetic. |
+| test.c:23:9:23:12 | size | test.c:17:17:17:26 | sizeof(<expr>) | test.c:23:9:23:12 | size | Scaled integer used in pointer arithmetic. |
+| test.c:25:9:25:18 | sizeof(<expr>) | test.c:25:9:25:18 | sizeof(<expr>) | test.c:25:9:25:18 | sizeof(<expr>) | Scaled integer used in pointer arithmetic. |
+| test.c:27:17:27:26 | sizeof(<expr>) | test.c:27:17:27:26 | sizeof(<expr>) | test.c:27:17:27:26 | sizeof(<expr>) | Scaled integer used in pointer arithmetic. |
diff --git a/c/cert/test/rules/CON40-C/AtomicVariableTwiceInExpression.expected.qcc b/c/cert/test/rules/CON40-C/AtomicVariableTwiceInExpression.expected.qcc
@@ -0,0 +1,6 @@
+| test.c:7:18:7:39 | ATOMIC_VAR_INIT(VALUE) | Atomic variable possibly referred to twice in an $@. | test.c:33:3:33:10 | ... += ... | expression |
+| test.c:7:18:7:39 | ATOMIC_VAR_INIT(VALUE) | Atomic variable possibly referred to twice in an $@. | test.c:34:3:34:13 | ... = ... | expression |
+| test.c:11:3:11:23 | atomic_store(PTR,VAL) | Atomic variable possibly referred to twice in an $@. | test.c:11:3:11:23 | atomic_store(PTR,VAL) | expression |
+| test.c:12:3:12:35 | atomic_store_explicit(PTR,VAL,MO) | Atomic variable possibly referred to twice in an $@. | test.c:12:3:12:35 | atomic_store_explicit(PTR,VAL,MO) | expression |
+| test.c:25:3:25:49 | atomic_compare_exchange_weak(PTR,VAL,DES) | Atomic variable possibly referred to twice in an $@. | test.c:25:3:25:49 | atomic_compare_exchange_weak(PTR,VAL,DES) | expression |
+| test.c:26:3:27:42 | atomic_compare_exchange_weak_explicit(PTR,VAL,DES,SUC,FAIL) | Atomic variable possibly referred to twice in an $@. | test.c:26:3:27:42 | atomic_compare_exchange_weak_explicit(PTR,VAL,DES,SUC,FAIL) | expression |
diff --git a/c/cert/test/rules/CON41-C/WrapFunctionsThatCanFailSpuriouslyInLoop.expected.qcc b/c/cert/test/rules/CON41-C/WrapFunctionsThatCanFailSpuriouslyInLoop.expected.qcc
@@ -0,0 +1,4 @@
+| test.c:6:8:6:46 | atomic_compare_exchange_weak(PTR,VAL,DES) | Function that can spuriously fail not wrapped in a loop. |
+| test.c:10:3:10:41 | atomic_compare_exchange_weak(PTR,VAL,DES) | Function that can spuriously fail not wrapped in a loop. |
+| test.c:12:8:13:47 | atomic_compare_exchange_weak_explicit(PTR,VAL,DES,SUC,FAIL) | Function that can spuriously fail not wrapped in a loop. |
+| test.c:17:3:17:56 | atomic_compare_exchange_weak_explicit(PTR,VAL,DES,SUC,FAIL) | Function that can spuriously fail not wrapped in a loop. |
diff --git a/c/cert/test/rules/ENV32-C/ExitHandlersMustReturnNormally.expected.qcc b/c/cert/test/rules/ENV32-C/ExitHandlersMustReturnNormally.expected.qcc
@@ -0,0 +1,13 @@
+edges
+| test.c:8:6:8:13 | exit1bad | test.c:11:5:11:8 | call to exit |
+| test.c:20:14:20:21 | exit1bad | test.c:8:6:8:13 | exit1bad |
+| test.c:41:6:41:10 | exit2 | test.c:42:3:42:17 | call to siglongjmp |
+| test.c:46:21:46:25 | exit2 | test.c:41:6:41:10 | exit2 |
+| test.c:62:6:62:17 | exit3_helper | test.c:62:27:62:41 | call to siglongjmp |
+| test.c:64:6:64:10 | exit3 | test.c:65:3:65:14 | call to exit3_helper |
+| test.c:65:3:65:14 | call to exit3_helper | test.c:62:6:62:17 | exit3_helper |
+| test.c:69:14:69:18 | exit3 | test.c:64:6:64:10 | exit3 |
+#select
+| test.c:8:6:8:13 | exit1bad | test.c:20:14:20:21 | exit1bad | test.c:11:5:11:8 | call to exit | The function is $@ and $@. It must instead terminate by returning. | test.c:20:14:20:21 | exit1bad | registered as `exit handler` | test.c:11:5:11:8 | call to exit | calls an `exit function` |
+| test.c:41:6:41:10 | exit2 | test.c:46:21:46:25 | exit2 | test.c:42:3:42:17 | call to siglongjmp | The function is $@ and $@. It must instead terminate by returning. | test.c:46:21:46:25 | exit2 | registered as `exit handler` | test.c:42:3:42:17 | call to siglongjmp | calls an `exit function` |
+| test.c:64:6:64:10 | exit3 | test.c:69:14:69:18 | exit3 | test.c:62:27:62:41 | call to siglongjmp | The function is $@ and $@. It must instead terminate by returning. | test.c:69:14:69:18 | exit3 | registered as `exit handler` | test.c:62:27:62:41 | call to siglongjmp | calls an `exit function` |
diff --git a/c/cert/test/rules/ERR30-C/ErrnoReadBeforeReturn.expected.qcc b/c/cert/test/rules/ERR30-C/ErrnoReadBeforeReturn.expected.qcc
@@ -0,0 +1,3 @@
+| test.c:69:7:69:11 | * ... | Do not read `errno` before checking the return value of function $@. | test.c:68:3:68:7 | call to ftell | call to ftell |
+| test.c:69:7:69:11 | call to __get_errno_ptr | Do not read `errno` before checking the return value of function $@. | test.c:68:3:68:7 | call to ftell | call to ftell |
+| test.c:70:5:70:10 | call to perror | Do not read `errno` before checking the return value of function $@. | test.c:68:3:68:7 | call to ftell | call to ftell |
diff --git a/c/cert/test/rules/EXP39-C/DoNotAccessVariableViaPointerOfIncompatibleType.expected.qcc b/c/cert/test/rules/EXP39-C/DoNotAccessVariableViaPointerOfIncompatibleType.expected.qcc
@@ -0,0 +1,62 @@
+edges
+| test.c:49:8:49:9 | s3 | test.c:50:8:50:9 | s1 |
+| test.c:60:16:60:18 | E1A | test.c:61:16:61:17 | e1 |
+| test.c:60:16:60:18 | E1A | test.c:65:10:65:12 | & ... |
+| test.c:68:22:68:22 | v | test.c:68:41:68:41 | v |
+| test.c:72:13:72:15 | & ... | test.c:68:22:68:22 | v |
+| test.c:74:13:74:15 | & ... | test.c:68:22:68:22 | v |
+| test.c:97:32:97:37 | call to malloc | test.c:98:40:98:41 | s2 |
+| test.c:97:32:97:37 | call to malloc | test.c:98:40:98:41 | s2 |
+| test.c:98:32:98:38 | call to realloc | test.c:99:3:99:4 | s3 |
+| test.c:98:32:98:38 | call to realloc | test.c:100:10:100:11 | s3 |
+| test.c:98:40:98:41 | s2 | test.c:98:32:98:38 | call to realloc |
+nodes
+| file:///opt/qcc/qnx-sdp/target/qnx7/usr/include/stdlib.h:98:42:98:47 | __func | semmle.label | __func |
+| file:///opt/qcc/qnx-sdp/target/qnx7/usr/include/stdlib.h:98:50:98:53 | 0 | semmle.label | 0 |
+| test.c:6:19:6:20 | & ... | semmle.label | & ... |
+| test.c:11:10:11:11 | & ... | semmle.label | & ... |
+| test.c:13:17:13:19 | & ... | semmle.label | & ... |
+| test.c:15:17:15:19 | & ... | semmle.label | & ... |
+| test.c:19:18:19:20 | & ... | semmle.label | & ... |
+| test.c:20:20:20:22 | & ... | semmle.label | & ... |
+| test.c:22:11:22:13 | & ... | semmle.label | & ... |
+| test.c:27:17:27:19 | & ... | semmle.label | & ... |
+| test.c:28:10:28:12 | & ... | semmle.label | & ... |
+| test.c:29:13:29:15 | & ... | semmle.label | & ... |
+| test.c:30:19:30:21 | & ... | semmle.label | & ... |
+| test.c:31:16:31:18 | & ... | semmle.label | & ... |
+| test.c:47:8:47:9 | s2 | semmle.label | s2 |
+| test.c:49:8:49:9 | s3 | semmle.label | s3 |
+| test.c:49:8:49:9 | s3 | semmle.label | s3 |
+| test.c:50:8:50:9 | s1 | semmle.label | s1 |
+| test.c:60:16:60:18 | E1A | semmle.label | E1A |
+| test.c:60:16:60:18 | E1A | semmle.label | E1A |
+| test.c:61:16:61:17 | e1 | semmle.label | e1 |
+| test.c:65:10:65:12 | & ... | semmle.label | & ... |
+| test.c:68:22:68:22 | v | semmle.label | v |
+| test.c:68:41:68:41 | v | semmle.label | v |
+| test.c:72:13:72:15 | & ... | semmle.label | & ... |
+| test.c:72:13:72:15 | & ... | semmle.label | & ... |
+| test.c:74:13:74:15 | & ... | semmle.label | & ... |
+| test.c:74:13:74:15 | & ... | semmle.label | & ... |
+| test.c:97:32:97:37 | call to malloc | semmle.label | call to malloc |
+| test.c:97:32:97:37 | call to malloc | semmle.label | call to malloc |
+| test.c:98:32:98:38 | call to realloc | semmle.label | call to realloc |
+| test.c:98:32:98:38 | call to realloc | semmle.label | call to realloc |
+| test.c:98:32:98:38 | call to realloc | semmle.label | call to realloc |
+| test.c:98:40:98:41 | s2 | semmle.label | s2 |
+| test.c:98:40:98:41 | s2 | semmle.label | s2 |
+| test.c:99:3:99:4 | s3 | semmle.label | s3 |
+| test.c:100:10:100:11 | s3 | semmle.label | s3 |
+subpaths
+#select
+| test.c:6:19:6:20 | & ... | test.c:6:19:6:20 | & ... | test.c:6:19:6:20 | & ... | Cast from float to int results in an incompatible pointer base type. |
+| test.c:11:10:11:11 | & ... | test.c:11:10:11:11 | & ... | test.c:11:10:11:11 | & ... | Cast from short[2] to int results in an incompatible pointer base type. |
+| test.c:13:17:13:19 | & ... | test.c:13:17:13:19 | & ... | test.c:13:17:13:19 | & ... | Cast from short[2] to short[4] results in an incompatible pointer base type. |
+| test.c:19:18:19:20 | & ... | test.c:19:18:19:20 | & ... | test.c:19:18:19:20 | & ... | Cast from char to signed char results in an incompatible pointer base type. |
+| test.c:30:19:30:21 | & ... | test.c:30:19:30:21 | & ... | test.c:30:19:30:21 | & ... | Cast from int to unsigned int results in an incompatible pointer base type. |
+| test.c:47:8:47:9 | s2 | test.c:47:8:47:9 | s2 | test.c:47:8:47:9 | s2 | Cast from struct <unnamed> to struct <unnamed> results in an incompatible pointer base type. |
+| test.c:49:8:49:9 | s3 | test.c:49:8:49:9 | s3 | test.c:49:8:49:9 | s3 | Cast from S1 to struct <unnamed> results in an incompatible pointer base type. |
+| test.c:50:8:50:9 | s1 | test.c:50:8:50:9 | s1 | test.c:50:8:50:9 | s1 | Cast from struct <unnamed> to S1 results in an incompatible pointer base type. |
+| test.c:68:41:68:41 | v | test.c:72:13:72:15 | & ... | test.c:68:41:68:41 | v | Cast from float to int results in an incompatible pointer base type. |
+| test.c:99:3:99:4 | s3 | test.c:98:40:98:41 | s2 | test.c:99:3:99:4 | s3 | Cast from S2 to S3 results in an incompatible pointer base type. |
diff --git a/c/cert/test/rules/FIO32-C/DoNotPerformFileOperationsOnDevices.expected.qcc b/c/cert/test/rules/FIO32-C/DoNotPerformFileOperationsOnDevices.expected.qcc
@@ -0,0 +1,40 @@
+edges
+| test.c:20:15:20:23 | array to pointer conversion | test.c:21:8:21:16 | (const char *)... |
+| test.c:20:15:20:23 | array to pointer conversion | test.c:21:8:21:16 | file_name |
+| test.c:20:15:20:23 | array to pointer conversion | test.c:21:8:21:16 | file_name indirection |
+| test.c:20:15:20:23 | file_name | test.c:21:8:21:16 | (const char *)... |
+| test.c:20:15:20:23 | file_name | test.c:21:8:21:16 | file_name |
+| test.c:20:15:20:23 | file_name | test.c:21:8:21:16 | file_name indirection |
+| test.c:20:15:20:23 | scanf output argument | test.c:21:8:21:16 | (const char *)... |
+| test.c:20:15:20:23 | scanf output argument | test.c:21:8:21:16 | file_name |
+| test.c:20:15:20:23 | scanf output argument | test.c:21:8:21:16 | file_name indirection |
+| test.c:45:15:45:23 | array to pointer conversion | test.c:46:29:46:37 | (LPCTSTR)... |
+| test.c:45:15:45:23 | array to pointer conversion | test.c:46:29:46:37 | file_name |
+| test.c:45:15:45:23 | array to pointer conversion | test.c:46:29:46:37 | file_name indirection |
+| test.c:45:15:45:23 | file_name | test.c:46:29:46:37 | (LPCTSTR)... |
+| test.c:45:15:45:23 | file_name | test.c:46:29:46:37 | file_name |
+| test.c:45:15:45:23 | file_name | test.c:46:29:46:37 | file_name indirection |
+| test.c:45:15:45:23 | scanf output argument | test.c:46:29:46:37 | (LPCTSTR)... |
+| test.c:45:15:45:23 | scanf output argument | test.c:46:29:46:37 | file_name |
+| test.c:45:15:45:23 | scanf output argument | test.c:46:29:46:37 | file_name indirection |
+subpaths
+nodes
+| test.c:20:15:20:23 | array to pointer conversion | semmle.label | array to pointer conversion |
+| test.c:20:15:20:23 | file_name | semmle.label | file_name |
+| test.c:20:15:20:23 | scanf output argument | semmle.label | scanf output argument |
+| test.c:21:8:21:16 | (const char *)... | semmle.label | (const char *)... |
+| test.c:21:8:21:16 | (const char *)... | semmle.label | (const char *)... |
+| test.c:21:8:21:16 | file_name | semmle.label | file_name |
+| test.c:21:8:21:16 | file_name indirection | semmle.label | file_name indirection |
+| test.c:21:8:21:16 | file_name indirection | semmle.label | file_name indirection |
+| test.c:45:15:45:23 | array to pointer conversion | semmle.label | array to pointer conversion |
+| test.c:45:15:45:23 | file_name | semmle.label | file_name |
+| test.c:45:15:45:23 | scanf output argument | semmle.label | scanf output argument |
+| test.c:46:29:46:37 | (LPCTSTR)... | semmle.label | (LPCTSTR)... |
+| test.c:46:29:46:37 | (LPCTSTR)... | semmle.label | (LPCTSTR)... |
+| test.c:46:29:46:37 | file_name | semmle.label | file_name |
+| test.c:46:29:46:37 | file_name indirection | semmle.label | file_name indirection |
+| test.c:46:29:46:37 | file_name indirection | semmle.label | file_name indirection |
+#select
+| test.c:21:8:21:16 | file_name | test.c:20:15:20:23 | file_name | test.c:21:8:21:16 | file_name | This argument to a file access function is derived from $@ and then passed to func(file_name), which calls fopen(__filename) | test.c:20:15:20:23 | file_name | user input (scanf) |
+| test.c:46:29:46:37 | file_name | test.c:45:15:45:23 | file_name | test.c:46:29:46:37 | file_name | This argument to a file access function is derived from $@ and then passed to CreateFile(lpFileName) | test.c:45:15:45:23 | file_name | user input (scanf) |
Original file line number	Diff line number	Diff line change
Expand Up		@@ -50,3 +50,5 @@ All header files in [c/common/test/includes/standard-library](./c/common/test/in
		---

		<sup>1</sup>This repository incorporates portions of the SEI CERT® Coding Standards available at https://wiki.sei.cmu.edu/confluence/display/seccode/SEI+CERT+Coding+Standards; however, such use does not necessarily constitute or imply an endorsement, recommendation, or favoring by Carnegie Mellon University or its Software Engineering Institute.
-Original file line number
+Diff line change
@@ Expand Up / @@ -271,7 +271,7 @@ CWE-123 – STR31-C = @@
     ## Implementation notes
-    None
+    Wide character types are not handled correctly on the `aarch64le` architecture. This can lead to false negative alerts.
     ## References
@@ Expand Down @@