Merge pull request #19368 from igfoo/igfoo/add-check-for-buildmode-none

igfoo · web-flow · commit f9172ff493ea · 2025-04-24T20:30:09.000+01:00
C++: Add exception for build-mode-none in various queries
diff --git a/cpp/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql b/cpp/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql
@@ -179,6 +179,7 @@ predicate overflows(MulExpr me, Type t) {
 
 from MulExpr me, Type t1, Type t2
 where
+  not any(Compilation c).buildModeNone() and
   t1 = me.getType().getUnderlyingType() and
   t2 = me.getConversion().getType().getUnderlyingType() and
   t1.getSize() < t2.getSize() and
diff --git a/cpp/ql/src/Likely Bugs/Format/WrongTypeFormatArguments.ql b/cpp/ql/src/Likely Bugs/Format/WrongTypeFormatArguments.ql
@@ -154,6 +154,7 @@ int sizeof_IntType() { exists(IntType it | result = it.getSize()) }
 
 from FormattingFunctionCall ffc, int n, Expr arg, Type expected, Type actual
 where
+  not any(Compilation c).buildModeNone() and
   (
     formattingFunctionCallExpectedType(ffc, n, expected) and
     formattingFunctionCallActualType(ffc, n, arg, actual) and
diff --git a/cpp/ql/src/Likely Bugs/Underspecified Functions/ImplicitFunctionDeclaration.ql b/cpp/ql/src/Likely Bugs/Underspecified Functions/ImplicitFunctionDeclaration.ql
@@ -38,6 +38,7 @@ predicate isCompiledAsC(File f) {
 
 from FunctionDeclarationEntry fdeIm, FunctionCall fc
 where
+  not any(Compilation c).buildModeNone() and
   isCompiledAsC(fdeIm.getFile()) and
   not isFromMacroDefinition(fc) and
   fdeIm.isImplicit() and
diff --git a/cpp/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql b/cpp/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql
@@ -51,6 +51,7 @@ int getComparisonSizeAdjustment(Expr e) {
 
 from Loop l, RelationalOperation rel, VariableAccess small, Expr large
 where
+  not any(Compilation c).buildModeNone() and
   small = rel.getLesserOperand() and
   large = rel.getGreaterOperand() and
   rel = l.getCondition().getAChild*() and
diff --git a/cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql b/cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql
@@ -24,10 +24,12 @@ private predicate isCharSzPtrExpr(Expr e) {
 
 from Expr sizeofExpr, Expr e
 where
+  not any(Compilation c).buildModeNone() and
   // If we see an addWithSizeof then we expect the type of
   // the pointer expression to be `char*` or `void*`. Otherwise it
   // is probably a mistake.
-  addWithSizeof(e, sizeofExpr, _) and not isCharSzPtrExpr(e)
+  addWithSizeof(e, sizeofExpr, _) and
+  not isCharSzPtrExpr(e)
 select sizeofExpr,
   "Suspicious sizeof offset in a pointer arithmetic expression. The type of the pointer is $@.",
   e.getFullyConverted().getType() as t, t.toString()

Original file line number	Diff line number	Diff line change
`@@ -154,6 +154,7 @@ int sizeof_IntType() { exists(IntType it \| result = it.getSize()) }`
`154`	`154`
`155`	`155`	`from FormattingFunctionCall ffc, int n, Expr arg, Type expected, Type actual`
`156`	`156`	`where`
	`157`	`+ not any(Compilation c).buildModeNone() and`
`157`	`158`	`(`
`158`	`159`	`formattingFunctionCallExpectedType(ffc, n, expected) and`
`159`	`160`	`formattingFunctionCallActualType(ffc, n, arg, actual) and`