From 850a1d52013c3f0099072899ca51a6587dac6b76 Mon Sep 17 00:00:00 2001 From: Mauro Baluda Date: Tue, 19 May 2026 23:49:29 +0200 Subject: [PATCH 01/17] Fix regex for octal literal matching --- cpp/common/src/codingstandards/cpp/Cpp14Literal.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/common/src/codingstandards/cpp/Cpp14Literal.qll b/cpp/common/src/codingstandards/cpp/Cpp14Literal.qll index 8e0c089f4d..12f10eaf3d 100644 --- a/cpp/common/src/codingstandards/cpp/Cpp14Literal.qll +++ b/cpp/common/src/codingstandards/cpp/Cpp14Literal.qll @@ -49,7 +49,7 @@ module Cpp14Literal { * Octal literals must always start with the digit `0`. */ class OctalLiteral extends IntegerLiteral, RecognizedNumericLiteral { - OctalLiteral() { getValueText().regexpMatch("\\s*0[0-7']*[uUlL]*\\s*") } + OctalLiteral() { getValueText().regexpMatch("\\s*0[0-7']+[uUlL]*\\s*") } override string getAPrimaryQlClass() { result = "OctalLiteral" } } From f484080053e2bbf377476076f5a4b9ef20f0a8b4 Mon Sep 17 00:00:00 2001 From: Mauro Baluda Date: Thu, 21 May 2026 14:38:26 +0200 Subject: [PATCH 02/17] Exclude user-defined literals and templates --- cpp/common/src/codingstandards/cpp/Cpp14Literal.qll | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/cpp/common/src/codingstandards/cpp/Cpp14Literal.qll b/cpp/common/src/codingstandards/cpp/Cpp14Literal.qll index 12f10eaf3d..588d16ba6c 100644 --- a/cpp/common/src/codingstandards/cpp/Cpp14Literal.qll +++ b/cpp/common/src/codingstandards/cpp/Cpp14Literal.qll @@ -7,7 +7,16 @@ module Cpp14Literal { private import cpp as StandardLibrary /** An numeric literal. */ - abstract class NumericLiteral extends StandardLibrary::Literal { } + abstract class NumericLiteral extends StandardLibrary::Literal { + NumericLiteral() { + // exclude user-defined literals as they define custom suffixes + not exists(StandardLibrary::FunctionCall fc | + this = fc.getArgument(0) and fc.getTarget().getName().matches("operator \"\"%") + ) and + // exclude literals derived from template instantiations + not this.isFromTemplateInstantiation(_) + } + } /** Convenience for implementing class `UnrecognizedNumericLiteral` */ abstract private class RecognizedNumericLiteral extends StandardLibrary::Literal { } @@ -49,7 +58,7 @@ module Cpp14Literal { * Octal literals must always start with the digit `0`. */ class OctalLiteral extends IntegerLiteral, RecognizedNumericLiteral { - OctalLiteral() { getValueText().regexpMatch("\\s*0[0-7']+[uUlL]*\\s*") } + OctalLiteral() { getValueText().regexpMatch("\\s*0[0-7']*[uUlL]*\\s*") } override string getAPrimaryQlClass() { result = "OctalLiteral" } } From 2b15b72b826555ceb30fb553126cd146b50d3765 Mon Sep 17 00:00:00 2001 From: Mauro Baluda Date: Thu, 21 May 2026 14:49:04 +0200 Subject: [PATCH 03/17] add release notes --- change_notes/2026-05-21-fix-fp-rule-5-13-4.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 change_notes/2026-05-21-fix-fp-rule-5-13-4.md diff --git a/change_notes/2026-05-21-fix-fp-rule-5-13-4.md b/change_notes/2026-05-21-fix-fp-rule-5-13-4.md new file mode 100644 index 0000000000..71faf5337b --- /dev/null +++ b/change_notes/2026-05-21-fix-fp-rule-5-13-4.md @@ -0,0 +1,5 @@ +- `RULE-5-13-4` - `cpp/misra/unsigned-integer-literals-not-appropriately-suffixed`: + - Remove FPs in user-defined literals and tamplate instantiations. +- `M2-13-3` - `cpp/autosar/missing-u-suffix`: + - Remove FPs in user-defined literals and tamplate instantiations. + \ No newline at end of file From e02b35532a648e6ab6f3c35e89f535e04c4dd4e2 Mon Sep 17 00:00:00 2001 From: Mauro Baluda Date: Thu, 21 May 2026 15:17:12 +0200 Subject: [PATCH 04/17] Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- change_notes/2026-05-21-fix-fp-rule-5-13-4.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/change_notes/2026-05-21-fix-fp-rule-5-13-4.md b/change_notes/2026-05-21-fix-fp-rule-5-13-4.md index 71faf5337b..854135aae2 100644 --- a/change_notes/2026-05-21-fix-fp-rule-5-13-4.md +++ b/change_notes/2026-05-21-fix-fp-rule-5-13-4.md @@ -1,5 +1,5 @@ - `RULE-5-13-4` - `cpp/misra/unsigned-integer-literals-not-appropriately-suffixed`: - - Remove FPs in user-defined literals and tamplate instantiations. + - Remove FPs in user-defined literals and template instantiations. - `M2-13-3` - `cpp/autosar/missing-u-suffix`: - - Remove FPs in user-defined literals and tamplate instantiations. + - Remove FPs in user-defined literals and template instantiations. \ No newline at end of file From acc2856e9009fc50ee809a5312365f93a4ced54c Mon Sep 17 00:00:00 2001 From: Mauro Baluda Date: Thu, 21 May 2026 15:18:34 +0200 Subject: [PATCH 05/17] Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- cpp/common/src/codingstandards/cpp/Cpp14Literal.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/common/src/codingstandards/cpp/Cpp14Literal.qll b/cpp/common/src/codingstandards/cpp/Cpp14Literal.qll index 588d16ba6c..f95337fdf2 100644 --- a/cpp/common/src/codingstandards/cpp/Cpp14Literal.qll +++ b/cpp/common/src/codingstandards/cpp/Cpp14Literal.qll @@ -6,7 +6,7 @@ module Cpp14Literal { private import cpp as StandardLibrary - /** An numeric literal. */ + /** A numeric literal. */ abstract class NumericLiteral extends StandardLibrary::Literal { NumericLiteral() { // exclude user-defined literals as they define custom suffixes From aae700337a6adc7c030120d995021b83ba954882 Mon Sep 17 00:00:00 2001 From: Mauro Baluda Date: Thu, 21 May 2026 17:11:18 +0200 Subject: [PATCH 06/17] Use codingstandards.cpp.UserDefinedLiteral --- cpp/common/src/codingstandards/cpp/Cpp14Literal.qll | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/cpp/common/src/codingstandards/cpp/Cpp14Literal.qll b/cpp/common/src/codingstandards/cpp/Cpp14Literal.qll index f95337fdf2..1bd815eba5 100644 --- a/cpp/common/src/codingstandards/cpp/Cpp14Literal.qll +++ b/cpp/common/src/codingstandards/cpp/Cpp14Literal.qll @@ -5,13 +5,15 @@ */ module Cpp14Literal { private import cpp as StandardLibrary + private import codingstandards.cpp.UserDefinedLiteral - /** A numeric literal. */ + /** An numeric literal. */ abstract class NumericLiteral extends StandardLibrary::Literal { NumericLiteral() { // exclude user-defined literals as they define custom suffixes not exists(StandardLibrary::FunctionCall fc | - this = fc.getArgument(0) and fc.getTarget().getName().matches("operator \"\"%") + this = fc.getArgument(0) and + fc.getTarget() instanceof UserDefinedLiteral ) and // exclude literals derived from template instantiations not this.isFromTemplateInstantiation(_) From afe84b4a77afead5492c6cb381fb5ea4bcdbc219 Mon Sep 17 00:00:00 2001 From: Mauro Baluda Date: Tue, 2 Jun 2026 19:30:21 +0200 Subject: [PATCH 07/17] Update change_notes/2026-05-21-fix-fp-rule-5-13-4.md Co-authored-by: Michael R Fairhurst --- change_notes/2026-05-21-fix-fp-rule-5-13-4.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/change_notes/2026-05-21-fix-fp-rule-5-13-4.md b/change_notes/2026-05-21-fix-fp-rule-5-13-4.md index 854135aae2..5d1ae57c22 100644 --- a/change_notes/2026-05-21-fix-fp-rule-5-13-4.md +++ b/change_notes/2026-05-21-fix-fp-rule-5-13-4.md @@ -1,4 +1,4 @@ -- `RULE-5-13-4` - `cpp/misra/unsigned-integer-literals-not-appropriately-suffixed`: +- `RULE-5-13-4`, `M2-13-3` - `UnsignedIntegerLiteralsNotAppropriatelSuffixed.ql`, `MissingUSuffix.ql`: - Remove FPs in user-defined literals and template instantiations. - `M2-13-3` - `cpp/autosar/missing-u-suffix`: - Remove FPs in user-defined literals and template instantiations. From 4d89b4350f24c4ec1252b14b9b36236b4d93beb9 Mon Sep 17 00:00:00 2001 From: Mauro Baluda Date: Tue, 2 Jun 2026 20:51:17 +0200 Subject: [PATCH 08/17] Update test.cpp --- .../test.cpp | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/cpp/common/test/rules/unsignedintegerliteralsnotappropriatelysuffixed/test.cpp b/cpp/common/test/rules/unsignedintegerliteralsnotappropriatelysuffixed/test.cpp index fcbd51b3de..b168bafcca 100644 --- a/cpp/common/test/rules/unsignedintegerliteralsnotappropriatelysuffixed/test.cpp +++ b/cpp/common/test/rules/unsignedintegerliteralsnotappropriatelysuffixed/test.cpp @@ -543,4 +543,20 @@ void test_macro() { COMPLIANT_VAL; // COMPLIANT NON_COMPLIANT_VAL; // NON_COMPLIANT[FALSE_NEGATIVE] - cannot determine suffix // in macro expansions -} \ No newline at end of file +} + +constexpr unsigned long long operator""_km(unsigned long long value) { + return value; +} + +void test_user_defined_literal_exclusion() { + 0x80000000_km; // COMPLIANT - user-defined literal argument should be excluded +} + +template unsigned long long instantiated_literal_exclusion() { + return T{}; // COMPLIANT - template instantiation should be excluded +} + +void test_instantiated_literal_exclusion() { + instantiated_literal_exclusion(); +} From 767faec781d043da71f07574878283a40a2d3a5c Mon Sep 17 00:00:00 2001 From: Mauro Baluda Date: Tue, 26 May 2026 13:13:07 +0200 Subject: [PATCH 09/17] Introduce support for agentic autofix --- docs/copilot-instructions.md | 157 +++++++++++++++++++++++++++++++++++ docs/user_manual.md | 1 + 2 files changed, 158 insertions(+) create mode 100644 docs/copilot-instructions.md diff --git a/docs/copilot-instructions.md b/docs/copilot-instructions.md new file mode 100644 index 0000000000..e94bcbe6ad --- /dev/null +++ b/docs/copilot-instructions.md @@ -0,0 +1,157 @@ +[//]: # "Include this file in the repository to provide instructions to GitHub Copilot AUtofix. For more information, see https://docs.github.com/copilot/copilot-for-business/copilot-instructions." +# GitHub Copilot instructions + +This file contains repository-wide guidance for GitHub Copilot. Each top-level +section below configures Copilot for a specific use case in this repository. +Add further top-level sections as needed (general coding conventions, review +guidance, etc.). + +## Agentic autofix for CodeQL Coding Standards + +This section configures GitHub Copilot (in particular, Copilot **agentic +autofix**) when it generates pull requests to remediate alerts produced by the +[CodeQL Coding Standards](https://github.com/github/codeql-coding-standards/) +project. It applies to alerts for any of the supported standards (MISRA C, +MISRA C++, AUTOSAR C++, CERT C, CERT C++). + +### 1. Reference material — where to learn each rule + +Before proposing a fix, consult the rule’s authoritative implementation as well as the corresponding compliant and non-compliant code patterns available as test cases in the CodeQL Coding Standards [`github/codeql-coding-standards`](https://github.com/github/codeql-coding-standards/) +repository. That repository is the single source of truth for what the query +detects and what compliant code looks like. + +Project layout (per language / standard): + +``` +//src/rules// # query source (.ql) and rule help (.md, .qhelp) +//test/rules// # test cases, with COMPLIANT / NON_COMPLIANT markers +``` + +When generating a fix: + +1. Locate the rule directory matching the alert’s rule id / query id. +2. Read the `.md` / `.qhelp` help file in `src/rules//` to understand + the intent and the recommended remediation. +3. Read the files in `test/rules//`. Lines (or blocks) annotated with + `// COMPLIANT` show patterns that pass the query; lines annotated with + `// NON_COMPLIANT` show patterns that trigger the query. Use these as the + ground truth for what the fixed code must look like. + +The full list of supported rules per standard is published as +`supported_rules_list_.csv` / `.md` in each +[release](https://github.com/github/codeql-coding-standards/releases). + +### 2. Fix discipline — keep changes minimal and standards-compliant + +- **Minimum diff.** Modify the smallest possible amount of code that + eliminates the alert. Do not refactor surrounding code, rename symbols, + reformat unrelated lines, or change public APIs unless strictly required to + satisfy the rule. +- **No drive-by changes.** Do not add features, fix unrelated warnings, change + build flags, update dependencies, or “improve” code that the alert does not + point at. +- **New code must comply with the same standard.** Any code introduced by the + fix must itself satisfy the coding standard being verified (e.g. MISRA C++ + 2023). Cross-check the inserted code against the COMPLIANT examples in the + corresponding `test/rules//` directory and against neighbouring + rules that are obviously relevant (e.g. don’t fix an integer-conversion rule + by introducing a cast that violates a different MISRA rule). +- **Match the project’s existing style.** Follow the conventions visible in + the surrounding source files (naming, headers, namespaces, C++ standard + level, use of `enum class`, etc.). +- **Preserve behaviour.** A coding-standards fix is a refactor at the source + level, not a functional change. The fix must not alter observable runtime + behaviour unless the rule explicitly targets undefined or implementation- + defined behaviour that has to change. + +### 3. Do not touch build outputs, generated files, or `.gitignore` + +Autofix pull requests must only change source files that are part of the +checked-in project. They must **not** include: + +- Build directories or files generated during compilation. +- Editor / IDE state (`.vscode/`, `.idea/`, `.DS_Store`, etc.). +- **`.gitignore` itself.** Do not add, remove, or reorder entries in + `.gitignore` as part of an autofix. +- The CodeQL workflow files under `.github/workflows/` (e.g. `codeql.yml`). + Suppression or scope changes must use the deviation mechanism (see §4), + not workflow edits. + +### 4. Deviations — respect project policy and reference it in fixes + +A project under analysis may declare that a rule, file, region, or specific +construct is intentionally exempt from a coding standard. Such deviations are +not always expressed through the same mechanism: a project may use the +**standard CodeQL Coding Standards deviation mechanism**, a **custom +annotation or attribute** convention, **in-source line / block comments**, +or a **separate documentation file** (for example a `DEVIATIONS.md`, +`MISRA-deviations.md`, compliance matrix, or similar). + +The fix proposal must take what is found into account and treat it as an existing deviation if it clearly covers the alert location and rule. + +If the alert location is covered by an existing deviation: + +- **Still propose a code fix** that would make the location compliant by + default. Authors may have left the deviation in place pragmatically and + may prefer a real fix. +- **In the pull request description, explicitly state** that a matching + deviation already exists in the project, citing the file path and the + relevant `rule-id` / `query-id` / `permit-id` / `code-identifier` / scope + (paths or markers) so reviewers can decide whether to accept the fix or + keep the deviation. +- Do not silently delete or weaken an existing deviation, permit, or + re-categorization entry as part of the fix. + +### 5. False positives — propose a deviation, do not stay silent + +Copilot autofix normally refrains from opening a pull request when it +considers an alert to be a false positive. For CodeQL Coding Standards alerts +this behaviour is **overridden**: a false-positive determination must still +result in a pull request, and that pull request must record the decision +using the project’s deviation mechanism. + +The CodeQL Coding Standards project supports an explicit deviation mechanism, +fully documented in +[`docs/user_manual.md`](https://github.com/github/codeql-coding-standards/blob/main/docs/user_manual.md) +(sections “Applying deviations”, “Deviation records”, “Deviation permits”, +“Guideline re-categorization plan”). +When an alert is judged to be a false positive, the autofix PR must: + +1. **Not modify the flagged code** to “work around” the alert. +2. **Add or update a deviation record** that scopes precisely to the alert. + Prefer the narrowest scope that is appropriate: + - a `code-identifier` deviation referenced from the exact line, statement, + function, or block, via an attribute + (`[[codeql::_deviation("...")]]`) or a comment marker + (`// codeql::_deviation(...)`, + `// codeql::_deviation_next_line(...)`, or a + `..._deviation_begin` / `..._deviation_end` pair); or + - a `paths:`-scoped deviation in `coding-standards.yml` when a whole file + or directory is affected; + - a project-wide deviation only when the rule is genuinely inapplicable to + the project. + Use `` ∈ {`misra`, `autosar`, `cert`} as appropriate for the + alert. +3. **Populate the deviation record** with at least: + - `rule-id` matching the alert’s rule identifier; + - `query-id` matching the alert’s `@id` (when the deviation is meant to + cover a single sub-query of the rule); + - a clear `justification` explaining why the alert is a false positive + (what the query missed, why the code is in fact compliant or safe); + - `scope`, `background`, and `requirements` when they help a reviewer + audit the decision; + - a `raised-by` entry (and leave `approved-by` for a human reviewer). +4. **Place the deviation entry** in an existing `coding-standards.yml` if one + exists in an appropriate directory; otherwise create one at the most + specific directory whose subtree is affected. When using a `permit-id`, + reference an existing permit if one matches; do not invent new permit IDs + unless necessary. +5. **In the PR description**, explicitly state that the alert is being + handled as a false positive via a deviation (not by code change), link to + the + [deviation mechanism documentation](https://github.com/github/codeql-coding-standards/blob/main/docs/user_manual.md#applying-deviations), + and summarise the justification so a reviewer can approve or reject it. + +A false-positive PR should therefore contain **only** the deviation entry +and/or the in-source deviation marker — no changes to logic, no edits to +build outputs, and no edits to `.gitignore`. diff --git a/docs/user_manual.md b/docs/user_manual.md index c58b8c25f4..cee8ee9652 100644 --- a/docs/user_manual.md +++ b/docs/user_manual.md @@ -646,6 +646,7 @@ The only use cases that will be certified under ISO 26262 are those listed above - Creating databases and running the CodeQL Coding Standards queries with the [CodeQL Action](https://github.com/github/codeql-action) (for GitHub Actions CI/CD system). - Uploading the SARIF results files for a CodeQL Coding Standards analysis to the GitHub [Code Scanning](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning) feature. +- Using [Agentic Autofix in Code Scanning](https://docs.github.com/en/code-security/concepts/code-scanning/copilot-autofix-for-code-scanning) (use the reference [copilot-instructions.md](copilot-instructions.md) file provided). ### Hazard and risk analysis From eac0acd6776492770ecf583025f1a95490e6c456 Mon Sep 17 00:00:00 2001 From: Mauro Baluda Date: Tue, 2 Jun 2026 21:25:23 +0200 Subject: [PATCH 10/17] Refactor NumericLiteral and UserDefinedLiteral classes for improved clarity and functionality --- cpp/common/src/codingstandards/cpp/Cpp14Literal.qll | 7 +------ .../src/codingstandards/cpp/UserDefinedLiteral.qll | 13 +++++++++++-- ...ignedIntegerLiteralsNotAppropriatelySuffixed.qll | 2 ++ 3 files changed, 14 insertions(+), 8 deletions(-) diff --git a/cpp/common/src/codingstandards/cpp/Cpp14Literal.qll b/cpp/common/src/codingstandards/cpp/Cpp14Literal.qll index 1bd815eba5..cd4063d901 100644 --- a/cpp/common/src/codingstandards/cpp/Cpp14Literal.qll +++ b/cpp/common/src/codingstandards/cpp/Cpp14Literal.qll @@ -11,12 +11,7 @@ module Cpp14Literal { abstract class NumericLiteral extends StandardLibrary::Literal { NumericLiteral() { // exclude user-defined literals as they define custom suffixes - not exists(StandardLibrary::FunctionCall fc | - this = fc.getArgument(0) and - fc.getTarget() instanceof UserDefinedLiteral - ) and - // exclude literals derived from template instantiations - not this.isFromTemplateInstantiation(_) + not this instanceof UserDefinedLiteral } } diff --git a/cpp/common/src/codingstandards/cpp/UserDefinedLiteral.qll b/cpp/common/src/codingstandards/cpp/UserDefinedLiteral.qll index f9bf5d2dc8..91d4d40d0c 100644 --- a/cpp/common/src/codingstandards/cpp/UserDefinedLiteral.qll +++ b/cpp/common/src/codingstandards/cpp/UserDefinedLiteral.qll @@ -4,8 +4,8 @@ import cpp -class UserDefinedLiteral extends Function { - UserDefinedLiteral() { +class UserDefinedLiteralDeclaration extends Function { + UserDefinedLiteralDeclaration() { // We use the '?' in this regexp because CodeQL CLI 2.4.6 and earlier reported these operators // using a single ", i.e `operator "`. This has been fixed in 2.5.9 (at the latest), but I // don't know if upgraded older databases will still have the broken version in. I've therefore @@ -16,3 +16,12 @@ class UserDefinedLiteral extends Function { /** Holds if `this` has a compliant suffix. */ predicate hasCompliantSuffix() { this.getName().regexpMatch("operator \"\"?_\\p{Alpha}+") } } + +class UserDefinedLiteral extends Literal { + UserDefinedLiteral() { + exists(FunctionCall fc | + this = fc.getArgument(0) and + fc.getTarget() instanceof UserDefinedLiteralDeclaration + ) + } +} diff --git a/cpp/common/src/codingstandards/cpp/rules/unsignedintegerliteralsnotappropriatelysuffixed/UnsignedIntegerLiteralsNotAppropriatelySuffixed.qll b/cpp/common/src/codingstandards/cpp/rules/unsignedintegerliteralsnotappropriatelysuffixed/UnsignedIntegerLiteralsNotAppropriatelySuffixed.qll index a9535d9bfc..8f07ebb58b 100644 --- a/cpp/common/src/codingstandards/cpp/rules/unsignedintegerliteralsnotappropriatelysuffixed/UnsignedIntegerLiteralsNotAppropriatelySuffixed.qll +++ b/cpp/common/src/codingstandards/cpp/rules/unsignedintegerliteralsnotappropriatelysuffixed/UnsignedIntegerLiteralsNotAppropriatelySuffixed.qll @@ -26,6 +26,8 @@ query predicate problems(Cpp14Literal::NumericLiteral nl, string message) { nl.getType().getUnspecifiedType().(IntegralType).isUnsigned() and // The literal already has a `u` or `U` suffix. not nl.getValueText().regexpMatch(".*[lL]*[uU][lL]*") and + // exclude literals derived from template instantiations + not nl.isFromTemplateInstantiation(_) and message = literalKind + " literal is an unsigned integer but does not include a 'U' suffix." ) } From 44bd9f1a0ab0f257d6b0b53a5e3259a385e050d2 Mon Sep 17 00:00:00 2001 From: Mauro Baluda Date: Tue, 2 Jun 2026 21:28:14 +0200 Subject: [PATCH 11/17] Exclude user-defined literals from NumericLiteral constructor --- cpp/common/src/codingstandards/cpp/Cpp14Literal.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/common/src/codingstandards/cpp/Cpp14Literal.qll b/cpp/common/src/codingstandards/cpp/Cpp14Literal.qll index cd4063d901..67d4f06e35 100644 --- a/cpp/common/src/codingstandards/cpp/Cpp14Literal.qll +++ b/cpp/common/src/codingstandards/cpp/Cpp14Literal.qll @@ -11,7 +11,7 @@ module Cpp14Literal { abstract class NumericLiteral extends StandardLibrary::Literal { NumericLiteral() { // exclude user-defined literals as they define custom suffixes - not this instanceof UserDefinedLiteral + not this instanceof UserDefinedLiteral } } From ffa19808a7d89f3852c17089f740d778ceb760c1 Mon Sep 17 00:00:00 2001 From: Mauro Baluda Date: Tue, 2 Jun 2026 21:40:21 +0200 Subject: [PATCH 12/17] Update UserDefinedLiteral imports to use UserDefinedLiteralDeclaration for consistency --- .../rules/A13-1-2/UserDefinedLiteralOperatorSuffixViolation.ql | 2 +- .../UserDefinedLiteralsOperatorsShallNotHaveSideEffects.ql | 2 +- ...ralsOperatorsShallOnlyPerformConversionOfPassedParameters.ql | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/cpp/autosar/src/rules/A13-1-2/UserDefinedLiteralOperatorSuffixViolation.ql b/cpp/autosar/src/rules/A13-1-2/UserDefinedLiteralOperatorSuffixViolation.ql index c739035596..5d8782b3cc 100644 --- a/cpp/autosar/src/rules/A13-1-2/UserDefinedLiteralOperatorSuffixViolation.ql +++ b/cpp/autosar/src/rules/A13-1-2/UserDefinedLiteralOperatorSuffixViolation.ql @@ -17,7 +17,7 @@ import cpp import codingstandards.cpp.autosar import codingstandards.cpp.UserDefinedLiteral as udl -from udl::UserDefinedLiteral udl +from udl::UserDefinedLiteralDeclaration udl where not isExcluded(udl, NamingPackage::userDefinedLiteralOperatorSuffixViolationQuery()) and not udl.hasCompliantSuffix() diff --git a/cpp/autosar/src/rules/A13-1-3/UserDefinedLiteralsOperatorsShallNotHaveSideEffects.ql b/cpp/autosar/src/rules/A13-1-3/UserDefinedLiteralsOperatorsShallNotHaveSideEffects.ql index b41a57f900..d41cd28b4b 100644 --- a/cpp/autosar/src/rules/A13-1-3/UserDefinedLiteralsOperatorsShallNotHaveSideEffects.ql +++ b/cpp/autosar/src/rules/A13-1-3/UserDefinedLiteralsOperatorsShallNotHaveSideEffects.ql @@ -18,7 +18,7 @@ import codingstandards.cpp.UserDefinedLiteral as udl import codingstandards.cpp.SideEffect import codingstandards.cpp.sideeffect.DefaultEffects -from udl::UserDefinedLiteral udl, SideEffect e +from udl::UserDefinedLiteralDeclaration udl, SideEffect e where not isExcluded(udl, SideEffects2Package::userDefinedLiteralsOperatorsShallNotHaveSideEffectsQuery()) and diff --git a/cpp/autosar/src/rules/A13-1-3/UserDefinedLiteralsOperatorsShallOnlyPerformConversionOfPassedParameters.ql b/cpp/autosar/src/rules/A13-1-3/UserDefinedLiteralsOperatorsShallOnlyPerformConversionOfPassedParameters.ql index 4593065e01..a4e652269e 100644 --- a/cpp/autosar/src/rules/A13-1-3/UserDefinedLiteralsOperatorsShallOnlyPerformConversionOfPassedParameters.ql +++ b/cpp/autosar/src/rules/A13-1-3/UserDefinedLiteralsOperatorsShallOnlyPerformConversionOfPassedParameters.ql @@ -19,7 +19,7 @@ import codingstandards.cpp.autosar import codingstandards.cpp.UserDefinedLiteral as udl import codingstandards.cpp.SideEffect -from udl::UserDefinedLiteral udl, Expr retExpr +from udl::UserDefinedLiteralDeclaration udl, Expr retExpr where not isExcluded(udl, SideEffects2Package::userDefinedLiteralsOperatorsShallOnlyPerformConversionOfPassedParametersQuery()) and From b40dd32922c9913ee37a03509be5781f59f9e21b Mon Sep 17 00:00:00 2001 From: Mauro Baluda Date: Tue, 2 Jun 2026 21:45:01 +0200 Subject: [PATCH 13/17] Remove Agentic Autofix reference from user manual Removed mention of Agentic Autofix in Code Scanning from the user manual. --- docs/user_manual.md | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/user_manual.md b/docs/user_manual.md index cee8ee9652..c58b8c25f4 100644 --- a/docs/user_manual.md +++ b/docs/user_manual.md @@ -646,7 +646,6 @@ The only use cases that will be certified under ISO 26262 are those listed above - Creating databases and running the CodeQL Coding Standards queries with the [CodeQL Action](https://github.com/github/codeql-action) (for GitHub Actions CI/CD system). - Uploading the SARIF results files for a CodeQL Coding Standards analysis to the GitHub [Code Scanning](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning) feature. -- Using [Agentic Autofix in Code Scanning](https://docs.github.com/en/code-security/concepts/code-scanning/copilot-autofix-for-code-scanning) (use the reference [copilot-instructions.md](copilot-instructions.md) file provided). ### Hazard and risk analysis From f6da14820282b972fc9162e27ab6bcabcb3f4c39 Mon Sep 17 00:00:00 2001 From: Mauro Baluda Date: Tue, 2 Jun 2026 21:46:06 +0200 Subject: [PATCH 14/17] Delete docs/copilot-instructions.md --- docs/copilot-instructions.md | 157 ----------------------------------- 1 file changed, 157 deletions(-) delete mode 100644 docs/copilot-instructions.md diff --git a/docs/copilot-instructions.md b/docs/copilot-instructions.md deleted file mode 100644 index e94bcbe6ad..0000000000 --- a/docs/copilot-instructions.md +++ /dev/null @@ -1,157 +0,0 @@ -[//]: # "Include this file in the repository to provide instructions to GitHub Copilot AUtofix. For more information, see https://docs.github.com/copilot/copilot-for-business/copilot-instructions." -# GitHub Copilot instructions - -This file contains repository-wide guidance for GitHub Copilot. Each top-level -section below configures Copilot for a specific use case in this repository. -Add further top-level sections as needed (general coding conventions, review -guidance, etc.). - -## Agentic autofix for CodeQL Coding Standards - -This section configures GitHub Copilot (in particular, Copilot **agentic -autofix**) when it generates pull requests to remediate alerts produced by the -[CodeQL Coding Standards](https://github.com/github/codeql-coding-standards/) -project. It applies to alerts for any of the supported standards (MISRA C, -MISRA C++, AUTOSAR C++, CERT C, CERT C++). - -### 1. Reference material — where to learn each rule - -Before proposing a fix, consult the rule’s authoritative implementation as well as the corresponding compliant and non-compliant code patterns available as test cases in the CodeQL Coding Standards [`github/codeql-coding-standards`](https://github.com/github/codeql-coding-standards/) -repository. That repository is the single source of truth for what the query -detects and what compliant code looks like. - -Project layout (per language / standard): - -``` -//src/rules// # query source (.ql) and rule help (.md, .qhelp) -//test/rules// # test cases, with COMPLIANT / NON_COMPLIANT markers -``` - -When generating a fix: - -1. Locate the rule directory matching the alert’s rule id / query id. -2. Read the `.md` / `.qhelp` help file in `src/rules//` to understand - the intent and the recommended remediation. -3. Read the files in `test/rules//`. Lines (or blocks) annotated with - `// COMPLIANT` show patterns that pass the query; lines annotated with - `// NON_COMPLIANT` show patterns that trigger the query. Use these as the - ground truth for what the fixed code must look like. - -The full list of supported rules per standard is published as -`supported_rules_list_.csv` / `.md` in each -[release](https://github.com/github/codeql-coding-standards/releases). - -### 2. Fix discipline — keep changes minimal and standards-compliant - -- **Minimum diff.** Modify the smallest possible amount of code that - eliminates the alert. Do not refactor surrounding code, rename symbols, - reformat unrelated lines, or change public APIs unless strictly required to - satisfy the rule. -- **No drive-by changes.** Do not add features, fix unrelated warnings, change - build flags, update dependencies, or “improve” code that the alert does not - point at. -- **New code must comply with the same standard.** Any code introduced by the - fix must itself satisfy the coding standard being verified (e.g. MISRA C++ - 2023). Cross-check the inserted code against the COMPLIANT examples in the - corresponding `test/rules//` directory and against neighbouring - rules that are obviously relevant (e.g. don’t fix an integer-conversion rule - by introducing a cast that violates a different MISRA rule). -- **Match the project’s existing style.** Follow the conventions visible in - the surrounding source files (naming, headers, namespaces, C++ standard - level, use of `enum class`, etc.). -- **Preserve behaviour.** A coding-standards fix is a refactor at the source - level, not a functional change. The fix must not alter observable runtime - behaviour unless the rule explicitly targets undefined or implementation- - defined behaviour that has to change. - -### 3. Do not touch build outputs, generated files, or `.gitignore` - -Autofix pull requests must only change source files that are part of the -checked-in project. They must **not** include: - -- Build directories or files generated during compilation. -- Editor / IDE state (`.vscode/`, `.idea/`, `.DS_Store`, etc.). -- **`.gitignore` itself.** Do not add, remove, or reorder entries in - `.gitignore` as part of an autofix. -- The CodeQL workflow files under `.github/workflows/` (e.g. `codeql.yml`). - Suppression or scope changes must use the deviation mechanism (see §4), - not workflow edits. - -### 4. Deviations — respect project policy and reference it in fixes - -A project under analysis may declare that a rule, file, region, or specific -construct is intentionally exempt from a coding standard. Such deviations are -not always expressed through the same mechanism: a project may use the -**standard CodeQL Coding Standards deviation mechanism**, a **custom -annotation or attribute** convention, **in-source line / block comments**, -or a **separate documentation file** (for example a `DEVIATIONS.md`, -`MISRA-deviations.md`, compliance matrix, or similar). - -The fix proposal must take what is found into account and treat it as an existing deviation if it clearly covers the alert location and rule. - -If the alert location is covered by an existing deviation: - -- **Still propose a code fix** that would make the location compliant by - default. Authors may have left the deviation in place pragmatically and - may prefer a real fix. -- **In the pull request description, explicitly state** that a matching - deviation already exists in the project, citing the file path and the - relevant `rule-id` / `query-id` / `permit-id` / `code-identifier` / scope - (paths or markers) so reviewers can decide whether to accept the fix or - keep the deviation. -- Do not silently delete or weaken an existing deviation, permit, or - re-categorization entry as part of the fix. - -### 5. False positives — propose a deviation, do not stay silent - -Copilot autofix normally refrains from opening a pull request when it -considers an alert to be a false positive. For CodeQL Coding Standards alerts -this behaviour is **overridden**: a false-positive determination must still -result in a pull request, and that pull request must record the decision -using the project’s deviation mechanism. - -The CodeQL Coding Standards project supports an explicit deviation mechanism, -fully documented in -[`docs/user_manual.md`](https://github.com/github/codeql-coding-standards/blob/main/docs/user_manual.md) -(sections “Applying deviations”, “Deviation records”, “Deviation permits”, -“Guideline re-categorization plan”). -When an alert is judged to be a false positive, the autofix PR must: - -1. **Not modify the flagged code** to “work around” the alert. -2. **Add or update a deviation record** that scopes precisely to the alert. - Prefer the narrowest scope that is appropriate: - - a `code-identifier` deviation referenced from the exact line, statement, - function, or block, via an attribute - (`[[codeql::_deviation("...")]]`) or a comment marker - (`// codeql::_deviation(...)`, - `// codeql::_deviation_next_line(...)`, or a - `..._deviation_begin` / `..._deviation_end` pair); or - - a `paths:`-scoped deviation in `coding-standards.yml` when a whole file - or directory is affected; - - a project-wide deviation only when the rule is genuinely inapplicable to - the project. - Use `` ∈ {`misra`, `autosar`, `cert`} as appropriate for the - alert. -3. **Populate the deviation record** with at least: - - `rule-id` matching the alert’s rule identifier; - - `query-id` matching the alert’s `@id` (when the deviation is meant to - cover a single sub-query of the rule); - - a clear `justification` explaining why the alert is a false positive - (what the query missed, why the code is in fact compliant or safe); - - `scope`, `background`, and `requirements` when they help a reviewer - audit the decision; - - a `raised-by` entry (and leave `approved-by` for a human reviewer). -4. **Place the deviation entry** in an existing `coding-standards.yml` if one - exists in an appropriate directory; otherwise create one at the most - specific directory whose subtree is affected. When using a `permit-id`, - reference an existing permit if one matches; do not invent new permit IDs - unless necessary. -5. **In the PR description**, explicitly state that the alert is being - handled as a false positive via a deviation (not by code change), link to - the - [deviation mechanism documentation](https://github.com/github/codeql-coding-standards/blob/main/docs/user_manual.md#applying-deviations), - and summarise the justification so a reviewer can approve or reject it. - -A false-positive PR should therefore contain **only** the deviation entry -and/or the in-source deviation marker — no changes to logic, no edits to -build outputs, and no edits to `.gitignore`. From 7c45bff7c84de83f8932972cd9c7abc3a4a4934a Mon Sep 17 00:00:00 2001 From: Mauro Baluda Date: Tue, 2 Jun 2026 21:48:34 +0200 Subject: [PATCH 15/17] Update 2026-05-21-fix-fp-rule-5-13-4.md --- change_notes/2026-05-21-fix-fp-rule-5-13-4.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/change_notes/2026-05-21-fix-fp-rule-5-13-4.md b/change_notes/2026-05-21-fix-fp-rule-5-13-4.md index 5d1ae57c22..e85b073d47 100644 --- a/change_notes/2026-05-21-fix-fp-rule-5-13-4.md +++ b/change_notes/2026-05-21-fix-fp-rule-5-13-4.md @@ -1,5 +1,5 @@ -- `RULE-5-13-4`, `M2-13-3` - `UnsignedIntegerLiteralsNotAppropriatelSuffixed.ql`, `MissingUSuffix.ql`: +- `RULE-5-13-4`, `M2-13-3` - `UnsignedIntegerLiteralsNotAppropriatelySuffixed.ql`, `MissingUSuffix.ql`: - Remove FPs in user-defined literals and template instantiations. - `M2-13-3` - `cpp/autosar/missing-u-suffix`: - Remove FPs in user-defined literals and template instantiations. - \ No newline at end of file + From d6f19cd7ff50ae3f11bfa8d4893550b78c409cb2 Mon Sep 17 00:00:00 2001 From: Mauro Baluda Date: Wed, 3 Jun 2026 00:10:30 +0200 Subject: [PATCH 16/17] Update import statement for UserDefinedLiteral to use UserDefinedLiteralDeclaration --- .../src/rules/DCL51-CPP/UseOfReservedLiteralSuffixIdentifier.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/cert/src/rules/DCL51-CPP/UseOfReservedLiteralSuffixIdentifier.ql b/cpp/cert/src/rules/DCL51-CPP/UseOfReservedLiteralSuffixIdentifier.ql index 81036f6f57..f8e2d0827b 100644 --- a/cpp/cert/src/rules/DCL51-CPP/UseOfReservedLiteralSuffixIdentifier.ql +++ b/cpp/cert/src/rules/DCL51-CPP/UseOfReservedLiteralSuffixIdentifier.ql @@ -22,7 +22,7 @@ import cpp import codingstandards.cpp.cert import codingstandards.cpp.UserDefinedLiteral as udl -from udl::UserDefinedLiteral udl +from udl::UserDefinedLiteralDeclaration udl where not isExcluded(udl, NamingPackage::useOfReservedLiteralSuffixIdentifierQuery()) and not udl.hasCompliantSuffix() From 66b653b75f0da99331a2c8c26af17836c6f6939a Mon Sep 17 00:00:00 2001 From: Mauro Baluda Date: Wed, 3 Jun 2026 10:40:20 +0200 Subject: [PATCH 17/17] Add documentation for user defined literal operator and usage --- .../codingstandards/cpp/UserDefinedLiteral.qll | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/cpp/common/src/codingstandards/cpp/UserDefinedLiteral.qll b/cpp/common/src/codingstandards/cpp/UserDefinedLiteral.qll index 91d4d40d0c..c9bba77bba 100644 --- a/cpp/common/src/codingstandards/cpp/UserDefinedLiteral.qll +++ b/cpp/common/src/codingstandards/cpp/UserDefinedLiteral.qll @@ -4,6 +4,15 @@ import cpp +/** + * A user defined literal operator is a function that defines the behavior of a user defined literal. + * It is declared using the `operator ""` syntax. + * ``` + * constexpr long operator""_km(unsigned long value) { + * ... + * } + * ``` + */ class UserDefinedLiteralDeclaration extends Function { UserDefinedLiteralDeclaration() { // We use the '?' in this regexp because CodeQL CLI 2.4.6 and earlier reported these operators @@ -17,6 +26,12 @@ class UserDefinedLiteralDeclaration extends Function { predicate hasCompliantSuffix() { this.getName().regexpMatch("operator \"\"?_\\p{Alpha}+") } } +/** + * A user defined literal is a literal that is passed as an argument to a call to a user defined literal operator. + * ``` + * 1000_km; + * ``` + */ class UserDefinedLiteral extends Literal { UserDefinedLiteral() { exists(FunctionCall fc |