github
diff --git a/‎.github/workflows/code-scanning-pack-gen.yml
+6-4 b/‎.github/workflows/code-scanning-pack-gen.yml
+6-4
diff --git a/‎.github/workflows/codeql_unit_tests.yml
+1-1 b/‎.github/workflows/codeql_unit_tests.yml
+1-1
diff --git a/‎.github/workflows/dispatch-matrix-test-on-comment.yml
+1-1 b/‎.github/workflows/dispatch-matrix-test-on-comment.yml
+1-1
diff --git a/‎.github/workflows/dispatch-release-performance-check.yml
+1-1 b/‎.github/workflows/dispatch-release-performance-check.yml
+1-1
diff --git a/‎amendments.csv
+1-1 b/‎amendments.csv
+1-1
diff --git a/‎c/cert/src/codeql-pack.lock.yml
+13-7 b/‎c/cert/src/codeql-pack.lock.yml
+13-7
diff --git a/‎c/cert/src/qlpack.yml
+2-2 b/‎c/cert/src/qlpack.yml
+2-2
diff --git a/‎c/cert/src/rules/ARR37-C/DoNotUsePointerArithmeticOnNonArrayObjectPointers.ql
+1-1 b/‎c/cert/src/rules/ARR37-C/DoNotUsePointerArithmeticOnNonArrayObjectPointers.ql
+1-1
diff --git a/‎c/cert/src/rules/ARR39-C/DoNotAddOrSubtractAScaledIntegerToAPointer.ql
+1-1 b/‎c/cert/src/rules/ARR39-C/DoNotAddOrSubtractAScaledIntegerToAPointer.ql
+1-1
diff --git a/‎c/cert/src/rules/CON30-C/CleanUpThreadSpecificStorage.ql
+2-2 b/‎c/cert/src/rules/CON30-C/CleanUpThreadSpecificStorage.ql
+2-2
diff --git a/‎c/cert/src/rules/CON34-C/AppropriateThreadObjectStorageDurations.ql
+2-2 b/‎c/cert/src/rules/CON34-C/AppropriateThreadObjectStorageDurations.ql
+2-2
diff --git a/‎c/cert/src/rules/CON34-C/ThreadObjectStorageDurationsNotInitialized.ql
+2-2 b/‎c/cert/src/rules/CON34-C/ThreadObjectStorageDurationsNotInitialized.ql
+2-2
diff --git a/‎c/cert/src/rules/DCL30-C/AppropriateStorageDurationsFunctionReturn.ql
+1-1 b/‎c/cert/src/rules/DCL30-C/AppropriateStorageDurationsFunctionReturn.ql
+1-1
diff --git a/‎c/cert/src/rules/ERR30-C/FunctionCallBeforeErrnoCheck.ql
+1-1 b/‎c/cert/src/rules/ERR30-C/FunctionCallBeforeErrnoCheck.ql
+1-1
diff --git a/‎c/cert/src/rules/EXP30-C/DependenceOnOrderOfFunctionArgumentsForSideEffects.ql
+2-2 b/‎c/cert/src/rules/EXP30-C/DependenceOnOrderOfFunctionArgumentsForSideEffects.ql
+2-2
diff --git a/‎c/cert/src/rules/EXP35-C/DoNotModifyObjectsWithTemporaryLifetime.ql
+1-12 b/‎c/cert/src/rules/EXP35-C/DoNotModifyObjectsWithTemporaryLifetime.ql
+1-12
diff --git a/‎c/cert/src/rules/EXP36-C/DoNotCastPointerToMoreStrictlyAlignedPointerType.ql
+1-1 b/‎c/cert/src/rules/EXP36-C/DoNotCastPointerToMoreStrictlyAlignedPointerType.ql
+1-1
diff --git a/‎c/cert/src/rules/EXP37-C/DoNotCallFunctionPointerWithIncompatibleType.ql
+1-1 b/‎c/cert/src/rules/EXP37-C/DoNotCallFunctionPointerWithIncompatibleType.ql
+1-1
diff --git a/‎c/cert/src/rules/EXP39-C/DoNotAccessVariableViaPointerOfIncompatibleType.ql
+1-1 b/‎c/cert/src/rules/EXP39-C/DoNotAccessVariableViaPointerOfIncompatibleType.ql
+1-1
diff --git a/‎c/cert/src/rules/EXP40-C/DoNotModifyConstantObjects.ql
+1-1 b/‎c/cert/src/rules/EXP40-C/DoNotModifyConstantObjects.ql
+1-1
diff --git a/‎c/cert/src/rules/EXP43-C/RestrictPointerReferencesOverlappingObject.ql
+1-1 b/‎c/cert/src/rules/EXP43-C/RestrictPointerReferencesOverlappingObject.ql
+1-1
diff --git a/‎c/cert/src/rules/FIO37-C/SuccessfulFgetsOrFgetwsMayReturnAnEmptyString.ql
+1-1 b/‎c/cert/src/rules/FIO37-C/SuccessfulFgetsOrFgetwsMayReturnAnEmptyString.ql
+1-1
diff --git a/‎c/cert/src/rules/FIO44-C/OnlyUseValuesForFsetposThatAreReturnedFromFgetpos.ql
+1-1 b/‎c/cert/src/rules/FIO44-C/OnlyUseValuesForFsetposThatAreReturnedFromFgetpos.ql
+1-1
diff --git a/‎c/cert/src/rules/FIO45-C/ToctouRaceConditionsWhileAccessingFiles.ql
+1-1 b/‎c/cert/src/rules/FIO45-C/ToctouRaceConditionsWhileAccessingFiles.ql
+1-1
diff --git a/‎c/cert/src/rules/MEM35-C/InsufficientMemoryAllocatedForObject.ql
+1-1 b/‎c/cert/src/rules/MEM35-C/InsufficientMemoryAllocatedForObject.ql
+1-1
diff --git a/‎c/cert/src/rules/MEM36-C/DoNotModifyAlignmentOfMemoryWithRealloc.ql
+1-1 b/‎c/cert/src/rules/MEM36-C/DoNotModifyAlignmentOfMemoryWithRealloc.ql
+1-1
diff --git a/‎c/cert/src/rules/MSC33-C/DoNotPassInvalidDataToTheAsctimeFunction.ql
+1-1 b/‎c/cert/src/rules/MSC33-C/DoNotPassInvalidDataToTheAsctimeFunction.ql
+1-1
diff --git a/‎c/cert/src/rules/MSC39-C/DoNotCallVaArgOnAVaListThatHasAnIndeterminateValue.ql
+1-1 b/‎c/cert/src/rules/MSC39-C/DoNotCallVaArgOnAVaListThatHasAnIndeterminateValue.ql
+1-1
diff --git a/‎c/cert/src/rules/SIG30-C/CallOnlyAsyncSafeFunctionsWithinSignalHandlers.ql
+1-1 b/‎c/cert/src/rules/SIG30-C/CallOnlyAsyncSafeFunctionsWithinSignalHandlers.ql
+1-1
diff --git a/‎c/cert/src/rules/SIG35-C/DoNotReturnFromAComputationalExceptionHandler.ql
+1-1 b/‎c/cert/src/rules/SIG35-C/DoNotReturnFromAComputationalExceptionHandler.ql
+1-1
diff --git a/‎c/cert/src/rules/STR30-C/DoNotAttemptToModifyStringLiterals.ql
+1-1 b/‎c/cert/src/rules/STR30-C/DoNotAttemptToModifyStringLiterals.ql
+1-1
diff --git a/‎c/cert/src/rules/STR31-C/StringsHasSufficientSpaceForTheNullTerminator.ql
+1-1 b/‎c/cert/src/rules/STR31-C/StringsHasSufficientSpaceForTheNullTerminator.ql
+1-1
diff --git a/‎c/cert/src/rules/STR32-C/NonNullTerminatedToFunctionThatExpectsAString.ql
+1-1 b/‎c/cert/src/rules/STR32-C/NonNullTerminatedToFunctionThatExpectsAString.ql
+1-1
diff --git a/‎c/cert/test/codeql-pack.lock.yml
+13-7 b/‎c/cert/test/codeql-pack.lock.yml
+13-7
diff --git a/‎c/cert/test/qlpack.yml
+1-1 b/‎c/cert/test/qlpack.yml
+1-1
diff --git a/‎c/cert/test/rules/ARR32-C/VariableLengthArraySizeNotInValidRange.expected
+2 b/‎c/cert/test/rules/ARR32-C/VariableLengthArraySizeNotInValidRange.expected
+2
@@ -68,15 +68,17 @@ jobs:
       - name: Determine ref for external help files
         id: determine-ref
         run: |
-          if [[ $GITHUB_EVENT_NAME == "pull_request" || $GITHUB_EVENT_NAME == "merge_group" ]]; then
-            echo "EXTERNAL_HELP_REF=$GITHUB_HEAD_REF" >> "$GITHUB_ENV"
+          if [[ $GITHUB_EVENT_NAME == "pull_request" ]]; then
+            EXTERNAL_HELP_REF="${{ github.event.pull_request.base.ref }}"
+          elif [[ $GITHUB_EVENT_NAME == "merge_group" ]]; then
+            EXTERNAL_HELP_REF="${{ github.event.merge_group.base_ref }}"
           else
-            echo "EXTERNAL_HELP_REF=$GITHUB_REF" >> "$GITHUB_ENV"
+            EXTERNAL_HELP_REF="$GITHUB_REF"
           fi
+          echo "EXTERNAL_HELP_REF=$EXTERNAL_HELP_REF" >> "$GITHUB_ENV"
           echo "Using ref $EXTERNAL_HELP_REF for external help files."
 
       - name: Checkout external help files
-        continue-on-error: true
         id: checkout-external-help-files
         uses: actions/checkout@v4
         with:
 
@@ -166,7 +166,7 @@ jobs:
     steps:
       - name: Check if run-test-suites job failed to complete, if so fail
         if: ${{ needs.run-test-suites.result == 'failure' }}
-        uses: actions/github-script@v3
+        uses: actions/github-script@v7
         with:
           script: |
             core.setFailed('Test run job failed')
 
@@ -40,7 +40,7 @@ jobs:
           --json \
             -R github/codeql-coding-standards-release-engineering
 
-      - uses: actions/github-script@v6
+      - uses: actions/github-script@v7
         if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-matrix') && steps.check-write-permission.outputs.has-permission }}
         with:
           script: |
 
@@ -40,7 +40,7 @@ jobs:
           --json \
           -R github/codeql-coding-standards-release-engineering
 
-      - uses: actions/github-script@v6
+      - uses: actions/github-script@v7
         if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-performance') && steps.check-write-permission.outputs.has-permission }}
         with:
           script: |
 
@@ -15,7 +15,7 @@ c,MISRA-C-2012,Amendment4,RULE-11-3,Yes,Expand,No,Easy
 c,MISRA-C-2012,Amendment4,RULE-11-8,Yes,Expand,No,Easy
 c,MISRA-C-2012,Amendment4,RULE-13-2,Yes,Expand,No,Very Hard
 c,MISRA-C-2012,Amendment4,RULE-18-6,Yes,Expand,No,Medium
-c,MISRA-C-2012,Amendment4,RULE-18-8,Yes,Split,No,Easy
+c,MISRA-C-2012,Amendment4,RULE-18-8,Yes,Split,Yes,Easy
 c,MISRA-C-2012,Corrigendum2,RULE-2-2,Yes,Clarification,No,Import
 c,MISRA-C-2012,Corrigendum2,RULE-2-7,Yes,Clarification,No,Import
 c,MISRA-C-2012,Corrigendum2,RULE-3-1,Yes,Refine,No,Easy
 
@@ -2,17 +2,23 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/cpp-all:
-    version: 0.12.9
+    version: 1.4.2
   codeql/dataflow:
-    version: 0.2.3
+    version: 1.1.1
+  codeql/mad:
+    version: 1.0.7
   codeql/rangeanalysis:
-    version: 0.0.11
+    version: 1.0.7
   codeql/ssa:
-    version: 0.2.12
+    version: 1.0.7
   codeql/tutorial:
-    version: 0.2.12
+    version: 1.0.7
+  codeql/typeflow:
+    version: 1.0.7
   codeql/typetracking:
-    version: 0.2.12
+    version: 1.0.7
   codeql/util:
-    version: 0.2.12
+    version: 1.0.7
+  codeql/xml:
+    version: 1.0.7
 compiled: false
@@ -1,8 +1,8 @@
 name: codeql/cert-c-coding-standards
-version: 2.38.0-dev
+version: 2.40.0-dev
 description: CERT C 2016
 suites: codeql-suites
 license: MIT
 dependencies:
   codeql/common-c-coding-standards: '*'
-  codeql/cpp-all: 0.12.9
+  codeql/cpp-all: 1.4.2
@@ -13,7 +13,7 @@
 
 import cpp
 import codingstandards.c.cert
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.DataFlow
 import NonArrayPointerToArrayIndexingExprFlow::PathGraph
 
 /**
 
@@ -14,7 +14,7 @@
 import cpp
 import codingstandards.c.cert
 import codingstandards.cpp.Pointers
-import codingstandards.cpp.dataflow.TaintTracking
+import semmle.code.cpp.dataflow.TaintTracking
 import ScaledIntegerPointerArithmeticFlow::PathGraph
 
 /**
 
@@ -15,8 +15,8 @@
 import cpp
 import codingstandards.c.cert
 import codingstandards.cpp.Concurrency
-import codingstandards.cpp.dataflow.TaintTracking
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.TaintTracking
+import semmle.code.cpp.dataflow.DataFlow
 
 module TssCreateToTssDeleteConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node node) {
 
@@ -15,8 +15,8 @@
 import cpp
 import codingstandards.c.cert
 import codingstandards.cpp.Concurrency
-import codingstandards.cpp.dataflow.TaintTracking
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.TaintTracking
+import semmle.code.cpp.dataflow.DataFlow
 import semmle.code.cpp.commons.Alloc
 
 from C11ThreadCreateCall tcc, StackVariable sv, Expr arg, Expr acc
 
@@ -16,8 +16,8 @@
 import cpp
 import codingstandards.c.cert
 import codingstandards.cpp.Concurrency
-import codingstandards.cpp.dataflow.TaintTracking
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.TaintTracking
+import semmle.code.cpp.dataflow.DataFlow
 
 from TSSGetFunctionCall tsg, ThreadedFunction tf
 where
 
@@ -13,7 +13,7 @@
 
 import cpp
 import codingstandards.c.cert
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.DataFlow
 
 class Source extends StackVariable {
   Source() { not this instanceof Parameter }
 
@@ -14,7 +14,7 @@
 import cpp
 import codingstandards.c.cert
 import codingstandards.c.Errno
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.DataFlow
 
 /**
  * A call to an `OutOfBandErrnoSettingFunction`
 
@@ -14,8 +14,8 @@
 import cpp
 import codingstandards.c.cert
 import codingstandards.cpp.SideEffect
-import codingstandards.cpp.dataflow.DataFlow
-import codingstandards.cpp.dataflow.TaintTracking
+import semmle.code.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.TaintTracking
 import semmle.code.cpp.valuenumbering.GlobalValueNumbering
 
 /** Holds if the function's return value is derived from the `AliasParamter` p. */
 
@@ -13,18 +13,7 @@
 
 import cpp
 import codingstandards.c.cert
-
-/**
- * A struct or union type that contains an array type
- */
-class StructOrUnionTypeWithArrayField extends Struct {
-  StructOrUnionTypeWithArrayField() {
-    this.getAField().getUnspecifiedType() instanceof ArrayType
-    or
-    // nested struct or union containing an array type
-    this.getAField().getUnspecifiedType().(Struct) instanceof StructOrUnionTypeWithArrayField
-  }
-}
+import codingstandards.cpp.lifetimes.CLifetimes
 
 // Note: Undefined behavior is possible regardless of whether the accessed field from the returned
 // struct is an array or a scalar (i.e. arithmetic and pointer types) member, according to the standard.
 
@@ -14,7 +14,7 @@
 import cpp
 import codingstandards.c.cert
 import codingstandards.cpp.Alignment
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.DataFlow
 import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis
 import ExprWithAlignmentToCStyleCastFlow::PathGraph
 
 
@@ -13,7 +13,7 @@
 
 import cpp
 import codingstandards.c.cert
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.DataFlow
 import SuspectFunctionPointerToCallFlow::PathGraph
 
 /**
 
@@ -13,7 +13,7 @@
 
 import cpp
 import codingstandards.c.cert
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.DataFlow
 import semmle.code.cpp.controlflow.Dominance
 import IndirectCastFlow::PathGraph
 
 
@@ -12,7 +12,7 @@
 
 import cpp
 import codingstandards.c.cert
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.DataFlow
 import CastFlow::PathGraph
 import codingstandards.cpp.SideEffect
 
 
@@ -11,7 +11,7 @@
  */
 
 import cpp
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.DataFlow
 import semmle.code.cpp.controlflow.Dominance
 import codingstandards.c.cert
 import codingstandards.cpp.Variable
 
@@ -14,7 +14,7 @@ import cpp
 import codingstandards.c.cert
 import codingstandards.cpp.FgetsErrorManagement
 import codingstandards.cpp.Dereferenced
-import codingstandards.cpp.dataflow.TaintTracking
+import semmle.code.cpp.dataflow.TaintTracking
 
 /*
  * CFG nodes that follows a successful call to `fgets`
 
@@ -12,7 +12,7 @@
 
 import cpp
 import codingstandards.c.cert
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.DataFlow
 
 class FgetposCall extends FunctionCall {
   FgetposCall() { this.getTarget().hasGlobalOrStdName("fgetpos") }
 
@@ -14,7 +14,7 @@
 import cpp
 import codingstandards.c.cert
 import codingstandards.cpp.standardlibrary.FileAccess
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.DataFlow
 import semmle.code.cpp.valuenumbering.GlobalValueNumbering
 
 /**
 
@@ -16,7 +16,7 @@ import cpp
 import codingstandards.c.cert
 import codingstandards.cpp.Overflow
 import semmle.code.cpp.controlflow.Guards
-import codingstandards.cpp.dataflow.TaintTracking
+import semmle.code.cpp.dataflow.TaintTracking
 import semmle.code.cpp.models.Models
 
 /**
 
@@ -15,7 +15,7 @@
 import cpp
 import codingstandards.c.cert
 import codingstandards.cpp.Alignment
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.DataFlow
 import AlignedAllocToReallocFlow::PathGraph
 
 int getStatedValue(Expr e) {
 
@@ -14,7 +14,7 @@
 
 import cpp
 import codingstandards.c.cert
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.DataFlow
 
 /**
  * The argument of a call to `asctime`
 
@@ -13,7 +13,7 @@
 import cpp
 import codingstandards.c.cert
 import codingstandards.cpp.Macro
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.DataFlow
 
 abstract class VaAccess extends Expr { }
 
 
@@ -14,7 +14,7 @@
 import cpp
 import codingstandards.c.cert
 import codingstandards.c.Signal
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.DataFlow
 
 /**
  * Does not access an external variable except
 
@@ -14,7 +14,7 @@
 import cpp
 import codingstandards.c.cert
 import codingstandards.c.Signal
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.DataFlow
 
 /**
  * CFG nodes preceeding a `ReturnStmt`
 
@@ -14,7 +14,7 @@
 import cpp
 import codingstandards.c.cert
 import semmle.code.cpp.security.BufferWrite
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.DataFlow
 
 /**
  * Class that includes into `BufferWrite` functions that will modify their
 
@@ -15,7 +15,7 @@
 
 import cpp
 import codingstandards.c.cert
-import codingstandards.cpp.dataflow.TaintTracking
+import semmle.code.cpp.dataflow.TaintTracking
 import codingstandards.cpp.PossiblyUnsafeStringOperation
 
 /**
 
@@ -15,7 +15,7 @@
 import cpp
 import codingstandards.c.cert
 import codingstandards.cpp.Naming
-import codingstandards.cpp.dataflow.TaintTracking
+import semmle.code.cpp.dataflow.TaintTracking
 import codingstandards.cpp.PossiblyUnsafeStringOperation
 import semmle.code.cpp.valuenumbering.GlobalValueNumbering
 
 
@@ -2,17 +2,23 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/cpp-all:
-    version: 0.12.9
+    version: 1.4.2
   codeql/dataflow:
-    version: 0.2.3
+    version: 1.1.1
+  codeql/mad:
+    version: 1.0.7
   codeql/rangeanalysis:
-    version: 0.0.11
+    version: 1.0.7
   codeql/ssa:
-    version: 0.2.12
+    version: 1.0.7
   codeql/tutorial:
-    version: 0.2.12
+    version: 1.0.7
+  codeql/typeflow:
+    version: 1.0.7
   codeql/typetracking:
-    version: 0.2.12
+    version: 1.0.7
   codeql/util:
-    version: 0.2.12
+    version: 1.0.7
+  codeql/xml:
+    version: 1.0.7
 compiled: false
@@ -1,5 +1,5 @@
 name: codeql/cert-c-coding-standards-tests
-version: 2.38.0-dev
+version: 2.40.0-dev
 extractor: cpp
 license: MIT
 dependencies:
 
@@ -1,3 +1,5 @@
+WARNING: module 'DataFlow' has been deprecated and may be removed in future (VariableLengthArraySizeNotInValidRange.ql:104,11-19)
+WARNING: module 'TaintTracking' has been deprecated and may be removed in future (VariableLengthArraySizeNotInValidRange.ql:87,5-18)
 | test.c:14:8:14:8 | VLA declaration | Variable-length array dimension size may be in an invalid range. |
 | test.c:15:8:15:8 | VLA declaration | Variable-length array dimension size may be in an invalid range. |
 | test.c:16:8:16:8 | VLA declaration | Variable-length array dimension size may be in an invalid range. |
Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,5 @@`
	`1`	`+WARNING: module 'DataFlow' has been deprecated and may be removed in future (VariableLengthArraySizeNotInValidRange.ql:104,11-19)`
	`2`	`+WARNING: module 'TaintTracking' has been deprecated and may be removed in future (VariableLengthArraySizeNotInValidRange.ql:87,5-18)`
`1`	`3`	`\| test.c:14:8:14:8 \| VLA declaration \| Variable-length array dimension size may be in an invalid range. \|`
`2`	`4`	`\| test.c:15:8:15:8 \| VLA declaration \| Variable-length array dimension size may be in an invalid range. \|`
`3`	`5`	`\| test.c:16:8:16:8 \| VLA declaration \| Variable-length array dimension size may be in an invalid range. \|`