Fixing BasicIntTypes to allow C Standard Integers and 'bool' #18980
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The purpose of this check is to ensure that all integral types used by the code point to some fixed size type (e.g. an unsigned 8-bit integer). However; the previous implementation only allowed JPL style typedefs (i.e. U8) and ignored C standard integer types (i.e. uint8_t). This causes the query to false-positive when a typedef resolves to a C standard int type. 'bool' has also be allowed as part of the exclusions list as it represents distinct values 'true' and 'false' in C++ code.
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
jketema
reviewed
Mar 12, 2025
jketema
reviewed
Mar 12, 2025
Reduced the category to minorAnalysis. Handled bools via a instanceof with BoolType. Formatted the query correctly.
|
@jketema thanks for the expedient review. I believe I have addressed the issues. |
|
Thanks for the updates. Looks like --- expected
+++ actual
@@ -1,3 +1,1 @@
| test.c:6:26:6:26 | x | x uses the basic integral type unsigned char rather than a typedef with size and signedness. |
-| test.c:7:20:7:20 | x | x uses the basic integral type unsigned char rather than a typedef with size and signedness. |
-| test.c:10:16:10:20 | test7 | test7 uses the basic integral type unsigned char rather than a typedef with size and signedness. |So just remove the last two lines from the file. |
|
Should be fixed now! |
jketema
approved these changes
Mar 14, 2025
|
@jketema thanks for helping me through the process! This was a very positive open source experience. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The purpose of this check is to ensure that all integral types used by the code point to some fixed size type (e.g. an unsigned 8-bit integer). However, the previous implementation only allowed JPL style typedefs (i.e. U8) and ignored C standard integer types (i.e. uint8_t). This causes the query to false-positive when a typedef resolves to a C standard int type instead of the JPL type even though the spirit of the check has been met.
'bool' has also be allowed as part of the exclusions list as it represents distinct values 'true' and 'false' in C++ code.
Since this significantly reduces the false-positives on my project, I've labeled it "majorAnalysis" per: https://github.com/github/codeql/blob/main/docs/change-notes.md#query-pack-change-categories