Declarations7: add implementation notes and lib description

knewbury01 · knewbury01 · commit cae74a9e9aac · 2023-01-27T12:12:06.000-05:00
also rm accidental leftover expected file
diff --git a/c/cert/src/rules/DCL39-C/InformationLeakageAcrossTrustBoundariesC.md b/c/cert/src/rules/DCL39-C/InformationLeakageAcrossTrustBoundariesC.md
@@ -285,7 +285,7 @@ Search for [vulnerabilities](https://wiki.sei.cmu.edu/confluence/display/c/BB.+D
 
 ## Implementation notes
 
-None
+The rule does not detect cases where fields may have uninitialized padding but are initialized via an initializer.
 
 ## References
 
diff --git a/cpp/cert/src/rules/DCL55-CPP/InformationLeakageAcrossTrustBoundaries.md b/cpp/cert/src/rules/DCL55-CPP/InformationLeakageAcrossTrustBoundaries.md
@@ -310,7 +310,7 @@ Search for [vulnerabilities](https://wiki.sei.cmu.edu/confluence/display/cpluspl
 
 ## Implementation notes
 
-None
+The rule does not detect cases where fields may have uninitialized padding but are initialized via an initializer.
 
 ## References
 
diff --git a/cpp/common/src/codingstandards/cpp/rules/informationleakageacrossboundaries/InformationLeakageAcrossBoundaries.qll b/cpp/common/src/codingstandards/cpp/rules/informationleakageacrossboundaries/InformationLeakageAcrossBoundaries.qll
@@ -1,5 +1,5 @@
 /**
- * Provides a library which includes a `problems` predicate for reporting....
+ * Provides a library which includes a `problems` predicate for reporting potential information leakage across trust boundaries, relating to uninitialized memory in structs.
  */
 
 import cpp
diff --git a/cpp/common/test/rules/informationleakageacrossboundaries/InformationLeakageAcrossTrustBoundaries.expected b/cpp/common/test/rules/informationleakageacrossboundaries/InformationLeakageAcrossTrustBoundaries.expected
diff --git a/rule_packages/c/Declarations7.json b/rule_packages/c/Declarations7.json
@@ -15,7 +15,10 @@
           "shared_implementation_short_name": "InformationLeakageAcrossBoundaries",
           "tags": [
             "security"
-          ]
+          ],
+          "implementation_scope": {
+            "description": "The rule does not detect cases where fields may have uninitialized padding but are initialized via an initializer."
+          }
         }
       ],
       "title": "Avoid information leakage when passing a structure across a trust boundary"
diff --git a/rule_packages/cpp/Uninitialized.json b/rule_packages/cpp/Uninitialized.json
@@ -42,7 +42,10 @@
           "shared_implementation_short_name": "InformationLeakageAcrossBoundaries",
           "tags": [
             "security"
-          ]
+          ],
+          "implementation_scope": {
+            "description": "The rule does not detect cases where fields may have uninitialized padding but are initialized via an initializer."
+          }
         }
       ],
       "title": "Avoid information leakage when passing a class object across a trust boundary"
