Skip to content

Add "Baseline" query suites for C/C++. #966

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
MichaelRFairhurst wants to merge 12 commits into
base: main
Choose a base branch
from
Open

Add "Baseline" query suites for C/C++. #966

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
a23743d
Add "Baseline" query suites for C/C++.
MichaelRFairhurst Oct 29, 2025
9aea0c6
Move baseline packs to advanced-security org, update versions.
MichaelRFairhurst Nov 5, 2025
9f60ba3
Add baseline tags to rule package json files.
MichaelRFairhurst Dec 4, 2025
efd6775
Add baseline suites tags to rule package json schema
MichaelRFairhurst Dec 4, 2025
95e6086
Merge remote-tracking branch 'origin/main' into michaelrfairhurst/add…
MichaelRFairhurst Dec 5, 2025
0478f19
Fix json syntax error, type in baseline query tags
MichaelRFairhurst Dec 5, 2025
0c752e8
Re-add errantly removed cert level tag in pointers.json
MichaelRFairhurst Dec 5, 2025
e66e86a
Fix tags; reorder & rule_package consistency.
MichaelRFairhurst Dec 5, 2025
b35ad17
Fix test breakages from deprecation warnings changing lines
MichaelRFairhurst Dec 7, 2025
0aa483c
Add documentation for baseline suites.
MichaelRFairhurst Dec 8, 2025
f10156f
Add readme changes
MichaelRFairhurst Dec 8, 2025
5b837f2
Merge remote-tracking branch 'origin/main' into michaelrfairhurst/add…
MichaelRFairhurst Dec 8, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
2 changes: 2 additions & 0 deletions .codeqlmanifest.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
{
"provide": [
"cpp/baseline_suites/qlpack.yml",
"cpp/*/src/qlpack.yml",
"cpp/*/test/qlpack.yml",
"c/baseline_suites/qlpack.yml",
"c/*/src/qlpack.yml",
"c/*/test/qlpack.yml",
"scripts/generate_modules/queries/qlpack.yml"
Expand Down
4 changes: 4 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,10 @@ The following standards are under active development for [C++17](https://www.iso

- [MISRA C++ 2023](https://misra.org.uk/product/misra-cpp2023/) - under development - _scheduled for release 2026 Q1/Q2_

## Baseline suites

In addition to supporting the above coding standards, we also export "baseline" query suites for C and C++ which contain a selection of well-supported, less opinionated, low false positive rate rules. These baseline suites are intended to be suitable for a wide variety of C/C++ projects that are interested in additional code quality and safety checks without the full strictness of a specific coding standard.

## How do I use the CodeQL Coding Standards Queries?

The use of the CodeQL Coding Standards is extensively documented in the [user manual](docs/user_manual.md).
Expand Down
24 changes: 24 additions & 0 deletions c/baseline_suites/codeql-pack.lock.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
---
lockVersion: 1.0.0
dependencies:
codeql/cpp-all:
version: 4.0.3
codeql/dataflow:
version: 2.0.3
codeql/mad:
version: 1.0.19
codeql/rangeanalysis:
version: 1.0.19
codeql/ssa:
version: 1.0.19
codeql/tutorial:
version: 1.0.19
codeql/typeflow:
version: 1.0.19
codeql/typetracking:
version: 2.0.3
codeql/util:
version: 2.0.6
codeql/xml:
version: 1.0.19
compiled: false
10 changes: 10 additions & 0 deletions c/baseline_suites/codeql-suites/c-baseline-default.qls
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
- description: C Baseline Coding Standards Queries
- qlpack: codeql/cert-c-coding-standards
- qlpack: codeql/misra-c-coding-standards
- include:
kind:
- problem
- path-problem
tags contain:
- coding-standards/baseline/safety
- coding-standards/baseline/style
8 changes: 8 additions & 0 deletions c/baseline_suites/codeql-suites/c-baseline-safety.qls
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
- description: C Baseline Safety Coding Standards Queries
- qlpack: codeql/misra-c-coding-standards
- include:
kind:
- problem
- path-problem
tags contain:
- coding-standards/baseline/safety
8 changes: 8 additions & 0 deletions c/baseline_suites/codeql-suites/c-baseline-style.qls
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
- description: C Baseline Style Coding Standards Queries
- qlpack: codeql/coding-standards-c-baseline
- include:
kind:
- problem
- path-problem
tags contain:
- coding-standards/baseline/style
9 changes: 9 additions & 0 deletions c/baseline_suites/qlpack.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
name: advanced-security/coding-standards-c-baseline
version: 0.0.2
description: A set of baseline coding standards for C projects, combining hand picked rules from MISRA C and CERT C.
suites: codeql-suites
license: MIT
default-suite-file: codeql-suites/c-baseline-default.qls
dependencies:
codeql/misra-c-coding-standards: 2.51.0
codeql/cert-c-coding-standards: 2.51.0
1 change: 1 addition & 0 deletions c/cert/src/rules/ARR32-C/VariableLengthArraySizeNotInValidRange.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
* external/cert/remediation-cost/high
* external/cert/priority/p6
* external/cert/level/l2
* coding-standards/baseline/safety
* external/cert/obligation/rule
*/

Expand Down
1 change: 1 addition & 0 deletions c/cert/src/rules/ARR36-C/DoNotRelatePointersThatDoNotReferToTheSameArray.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
* external/cert/remediation-cost/medium
* external/cert/priority/p8
* external/cert/level/l2
* coding-standards/baseline/safety
* external/cert/obligation/rule
*/

Expand Down
1 change: 1 addition & 0 deletions c/cert/src/rules/CON30-C/CleanUpThreadSpecificStorage.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
* external/cert/remediation-cost/medium
* external/cert/priority/p4
* external/cert/level/l3
* coding-standards/baseline/safety
* external/cert/obligation/rule
*/

Expand Down
1 change: 1 addition & 0 deletions c/cert/src/rules/CON31-C/DoNotAllowAMutexToGoOutOfScopeWhileLocked.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
* external/cert/remediation-cost/high
* external/cert/priority/p4
* external/cert/level/l3
* coding-standards/baseline/safety
* external/cert/obligation/rule
*/

Expand Down
1 change: 1 addition & 0 deletions c/cert/src/rules/CON31-C/DoNotDestroyAMutexWhileItIsLocked.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
* external/cert/remediation-cost/high
* external/cert/priority/p4
* external/cert/level/l3
* coding-standards/baseline/safety
* external/cert/obligation/rule
*/

Expand Down
1 change: 1 addition & 0 deletions c/cert/src/rules/CON32-C/PreventDataRacesWithMultipleThreads.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
* external/cert/remediation-cost/medium
* external/cert/priority/p8
* external/cert/level/l2
* coding-standards/baseline/safety
* external/cert/obligation/rule
*/

Expand Down
1 change: 1 addition & 0 deletions c/cert/src/rules/CON33-C/RaceConditionsWhenUsingLibraryFunctions.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
* external/cert/remediation-cost/high
* external/cert/priority/p4
* external/cert/level/l3
* coding-standards/baseline/safety
* external/cert/obligation/rule
*/

Expand Down
1 change: 1 addition & 0 deletions c/cert/src/rules/CON36-C/WrapFunctionsThatCanSpuriouslyWakeUpInLoop.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
* external/cert/remediation-cost/medium
* external/cert/priority/p2
* external/cert/level/l3
* coding-standards/baseline/safety
* external/cert/obligation/rule
*/

Expand Down
1 change: 1 addition & 0 deletions c/cert/src/rules/CON38-C/PreserveSafetyWhenUsingConditionVariables.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
* external/cert/remediation-cost/medium
* external/cert/priority/p2
* external/cert/level/l3
* coding-standards/baseline/safety
* external/cert/obligation/rule
*/

Expand Down
1 change: 1 addition & 0 deletions c/cert/src/rules/CON39-C/ThreadWasPreviouslyJoinedOrDetached.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
* external/cert/remediation-cost/medium
* external/cert/priority/p6
* external/cert/level/l2
* coding-standards/baseline/safety
* external/cert/obligation/rule
*/

Expand Down
1 change: 1 addition & 0 deletions c/cert/src/rules/CON40-C/AtomicVariableTwiceInExpression.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
* external/cert/remediation-cost/medium
* external/cert/priority/p8
* external/cert/level/l2
* coding-standards/baseline/safety
* external/cert/obligation/rule
*/

Expand Down
1 change: 1 addition & 0 deletions c/cert/src/rules/CON41-C/WrapFunctionsThatCanFailSpuriouslyInLoop.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
* external/cert/remediation-cost/medium
* external/cert/priority/p2
* external/cert/level/l3
* coding-standards/baseline/safety
* external/cert/obligation/rule
*/

Expand Down
1 change: 1 addition & 0 deletions c/cert/src/rules/DCL30-C/AppropriateStorageDurationsFunctionReturn.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
* external/cert/remediation-cost/high
* external/cert/priority/p6
* external/cert/level/l2
* coding-standards/baseline/safety
* external/cert/obligation/rule
*/

Expand Down
1 change: 1 addition & 0 deletions c/cert/src/rules/DCL38-C/DeclaringAFlexibleArrayMember.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
* external/cert/remediation-cost/low
* external/cert/priority/p3
* external/cert/level/l3
* coding-standards/baseline/style
* external/cert/obligation/rule
*/

Expand Down
1 change: 1 addition & 0 deletions c/cert/src/rules/DCL41-C/VariablesInsideSwitchStatement.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
* external/cert/remediation-cost/medium
* external/cert/priority/p4
* external/cert/level/l3
* coding-standards/baseline/style
* external/cert/obligation/rule
*/

Expand Down
1 change: 1 addition & 0 deletions c/cert/src/rules/ENV30-C/DoNotModifyTheReturnValueOfCertainFunctions.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
* external/cert/remediation-cost/medium
* external/cert/priority/p4
* external/cert/level/l3
* coding-standards/baseline/safety
* external/cert/obligation/rule
*/

Expand Down
1 change: 1 addition & 0 deletions c/cert/src/rules/ENV31-C/EnvPointerIsInvalidAfterCertainOperations.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
* external/cert/remediation-cost/medium
* external/cert/priority/p4
* external/cert/level/l3
* coding-standards/baseline/safety
* external/cert/obligation/rule
*/

Expand Down
1 change: 1 addition & 0 deletions c/cert/src/rules/ENV32-C/ExitHandlersMustReturnNormally.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
* external/cert/remediation-cost/medium
* external/cert/priority/p12
* external/cert/level/l1
* coding-standards/baseline/safety
* external/cert/obligation/rule
*/

Expand Down
1 change: 1 addition & 0 deletions c/cert/src/rules/ENV34-C/DoNotStorePointersReturnedByEnvFunctions.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
* external/cert/remediation-cost/medium
* external/cert/priority/p4
* external/cert/level/l3
* coding-standards/baseline/safety
* external/cert/obligation/rule
*/

Expand Down
1 change: 1 addition & 0 deletions c/cert/src/rules/ENV34-C/DoNotStorePointersReturnedByEnvironmentFunWarn.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
* external/cert/remediation-cost/medium
* external/cert/priority/p4
* external/cert/level/l3
* coding-standards/baseline/safety
* external/cert/obligation/rule
*/

Expand Down
1 change: 1 addition & 0 deletions c/cert/src/rules/ERR30-C/ErrnoReadBeforeReturn.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
* external/cert/remediation-cost/medium
* external/cert/priority/p8
* external/cert/level/l2
* coding-standards/baseline/safety
* external/cert/obligation/rule
*/

Expand Down
1 change: 1 addition & 0 deletions c/cert/src/rules/ERR30-C/SetlocaleMightSetErrno.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
* external/cert/remediation-cost/medium
* external/cert/priority/p8
* external/cert/level/l2
* coding-standards/baseline/safety
* external/cert/obligation/rule
*/

Expand Down
1 change: 1 addition & 0 deletions c/cert/src/rules/ERR32-C/DoNotRelyOnIndeterminateValuesOfErrno.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
* external/cert/remediation-cost/low
* external/cert/priority/p3
* external/cert/level/l3
* coding-standards/baseline/safety
* external/cert/obligation/rule
*/

Expand Down
1 change: 1 addition & 0 deletions c/cert/src/rules/EXP32-C/DoNotAccessVolatileObjectWithNonVolatileReference.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
* external/cert/remediation-cost/medium
* external/cert/priority/p6
* external/cert/level/l2
* coding-standards/baseline/safety
* external/cert/obligation/rule
*/

Expand Down
1 change: 1 addition & 0 deletions c/cert/src/rules/EXP35-C/DoNotModifyObjectsWithTemporaryLifetime.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
* external/cert/remediation-cost/medium
* external/cert/priority/p4
* external/cert/level/l3
* coding-standards/baseline/safety
* external/cert/obligation/rule
*/

Expand Down
1 change: 1 addition & 0 deletions c/cert/src/rules/EXP37-C/DoNotCallFunctionPointerWithIncompatibleType.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
* external/cert/remediation-cost/high
* external/cert/priority/p4
* external/cert/level/l3
* coding-standards/baseline/safety
* external/cert/obligation/rule
*/

Expand Down
1 change: 1 addition & 0 deletions c/cert/src/rules/EXP37-C/DoNotCallFunctionsWithIncompatibleArguments.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
* external/cert/remediation-cost/high
* external/cert/priority/p4
* external/cert/level/l3
* coding-standards/baseline/safety
* external/cert/obligation/rule
*/

Expand Down
1 change: 1 addition & 0 deletions c/cert/src/rules/EXP40-C/DoNotModifyConstantObjects.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
* external/cert/remediation-cost/medium
* external/cert/priority/p2
* external/cert/level/l3
* coding-standards/baseline/safety
* external/cert/obligation/rule
*/

Expand Down
1 change: 1 addition & 0 deletions c/cert/src/rules/EXP43-C/DoNotPassAliasedPointerToRestrictQualifiedParam.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
* external/cert/remediation-cost/high
* external/cert/priority/p4
* external/cert/level/l3
* coding-standards/baseline/safety
* external/cert/obligation/rule
*/

Expand Down
1 change: 1 addition & 0 deletions c/cert/src/rules/EXP43-C/RestrictPointerReferencesOverlappingObject.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
* external/cert/remediation-cost/high
* external/cert/priority/p4
* external/cert/level/l3
* coding-standards/baseline/safety
* external/cert/obligation/rule
*/

Expand Down
1 change: 1 addition & 0 deletions c/cert/src/rules/EXP46-C/DoNotUseABitwiseOperatorWithABooleanLikeOperand.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
* external/cert/remediation-cost/low
* external/cert/priority/p9
* external/cert/level/l2
* coding-standards/baseline/style
* external/cert/obligation/rule
*/

Expand Down
1 change: 1 addition & 0 deletions c/cert/src/rules/FIO30-C/ExcludeUserInputFromFormatStrings.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
* external/cert/remediation-cost/medium
* external/cert/priority/p18
* external/cert/level/l1
* coding-standards/baseline/safety
* external/cert/obligation/rule
*/

Expand Down
1 change: 1 addition & 0 deletions c/cert/src/rules/FIO37-C/SuccessfulFgetsOrFgetwsMayReturnAnEmptyString.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
* external/cert/remediation-cost/medium
* external/cert/priority/p12
* external/cert/level/l1
* coding-standards/baseline/safety
* external/cert/obligation/rule
*/

Expand Down
1 change: 1 addition & 0 deletions c/cert/src/rules/FIO38-C/DoNotCopyAFileObject.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
* external/cert/remediation-cost/medium
* external/cert/priority/p4
* external/cert/level/l3
* coding-standards/baseline/safety
* external/cert/obligation/rule
*/

Expand Down
1 change: 1 addition & 0 deletions c/cert/src/rules/FIO39-C/DoNotAlternatelyIOFromAStreamWithoutPositioning.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
* external/cert/remediation-cost/medium
* external/cert/priority/p6
* external/cert/level/l2
* coding-standards/baseline/safety
* external/cert/obligation/rule
*/

Expand Down
1 change: 1 addition & 0 deletions c/cert/src/rules/FIO40-C/ResetStringsOnFgetsOrFgetwsFailure.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
* external/cert/remediation-cost/medium
* external/cert/priority/p4
* external/cert/level/l3
* coding-standards/baseline/safety
* external/cert/obligation/rule
*/

Expand Down
1 change: 1 addition & 0 deletions c/cert/src/rules/FIO41-C/DoNotCallGetcAndPutcWithSideEffects.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
* external/cert/remediation-cost/medium
* external/cert/priority/p2
* external/cert/level/l3
* coding-standards/baseline/safety
* external/cert/obligation/rule
*/

Expand Down
1 change: 1 addition & 0 deletions c/cert/src/rules/FIO45-C/ToctouRaceConditionsWhileAccessingFiles.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
* external/cert/remediation-cost/high
* external/cert/priority/p6
* external/cert/level/l2
* coding-standards/baseline/safety
* external/cert/obligation/rule
*/

Expand Down
1 change: 1 addition & 0 deletions c/cert/src/rules/FIO46-C/UndefinedBehaviorAccessingAClosedFile.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
* external/cert/remediation-cost/medium
* external/cert/priority/p4
* external/cert/level/l3
* coding-standards/baseline/safety
* external/cert/obligation/rule
*/

Expand Down
Loading
Loading