Implement expressions2 package

[MichaelRFairhurst]

Description

Implement EXP16-C

Change request type

• Release or process automation (GitHub workflows, internal scripts)
• Internal documentation
• External documentation
• Query files (.ql, .qll, .qls or unit tests)
• External scripts (analysis report or other code shipped as part of a release)

Rules with added or modified queries

• No rules added
• Queries have been added for the following rules:
  • EXP16-C
• Queries have been modified for the following rules:
  • rule number here

Release change checklist

A change note (development_handbook.md#change-notes) is required for any pull request which modifies:

• The structure or layout of the release artifacts.
• The evaluation performance (memory, execution time) of an existing query.
• The results of an existing query in any circumstance.

If you are only adding new rule queries, a change note is not required.

Author: Is a change note required?

• Yes
• No

🚨🚨🚨
Reviewer: Confirm that format of shared queries (not the .qll file, the
.ql file that imports it) is valid by running them within VS Code.

• Confirmed

Reviewer: Confirm that either a change note is not required or the change note is required and has been added.

• Confirmed

Query development review checklist

For PRs that add new queries or modify existing queries, the following checklist should be completed by both the author and reviewer:

Author

• Have all the relevant rule package description files been checked in?
• Have you verified that the metadata properties of each new query is set appropriately?
• Do all the unit tests contain both "COMPLIANT" and "NON_COMPLIANT" cases?
• Are the alert messages properly formatted and consistent with the style guide?
• Have you run the queries on OpenPilot and verified that the performance and results are acceptable?
  As a rule of thumb, predicates specific to the query should take no more than 1 minute, and for simple queries be under 10 seconds. If this is not the case, this should be highlighted and agreed in the code review process.
• Does the query have an appropriate level of in-query comments/documentation?
• Have you considered/identified possible edge cases?
• Does the query not reinvent features in the standard library?
• Can the query be simplified further (not golfed!)

Reviewer

• Have all the relevant rule package description files been checked in?
• Have you verified that the metadata properties of each new query is set appropriately?
• Do all the unit tests contain both "COMPLIANT" and "NON_COMPLIANT" cases?
• Are the alert messages properly formatted and consistent with the style guide?
• Have you run the queries on OpenPilot and verified that the performance and results are acceptable?
  As a rule of thumb, predicates specific to the query should take no more than 1 minute, and for simple queries be under 10 seconds. If this is not the case, this should be highlighted and agreed in the code review process.
• Does the query have an appropriate level of in-query comments/documentation?
• Have you considered/identified possible edge cases?
• Does the query not reinvent features in the standard library?
• Can the query be simplified further (not golfed!)

[Copilot]

Pull Request Overview

This PR implements the CERT-C rule EXP16-C by adding a new CodeQL query and updating supporting extraction scripts. Key changes include:

• Adding the query file for EXP16-C with compliant and noncompliant examples.
• Updating the cert-help-extraction.py script to extract both rules and recommendations, and fixing broken URLs.
• Enhancing link correction logic within the extraction helper.

Reviewed Changes

Copilot reviewed 2 out of 12 changed files in this pull request and generated no comments.

File	Description
scripts/help/cert-help-extraction.py	Improved extraction logic with added support for recommendations and URL fixes.
c/cert/src/rules/EXP16-C/DoNotCompareFunctionPointersToConstantValues.md	Added a new query file containing examples for EXP16-C.

Files not reviewed (10)

• c/cert/src/rules/EXP16-C/DoNotCompareFunctionPointersToConstantValues.ql: Language not supported
• c/cert/test/rules/EXP16-C/DoNotCompareFunctionPointersToConstantValues.expected: Language not supported
• c/cert/test/rules/EXP16-C/DoNotCompareFunctionPointersToConstantValues.qlref: Language not supported
• c/cert/test/rules/EXP16-C/test.c: Language not supported
• cpp/common/src/codingstandards/cpp/exclusions/c/Expressions2.qll: Language not supported
• cpp/common/src/codingstandards/cpp/exclusions/c/RuleMetadata.qll: Language not supported
• cpp/common/src/codingstandards/cpp/types/Compatible.qll: Language not supported
• cpp/common/src/codingstandards/cpp/types/FunctionType.qll: Language not supported
• rule_packages/c/Expressions2.json: Language not supported
• rules.csv: Language not supported

Comments suppressed due to low confidence (2)

scripts/help/cert-help-extraction.py:67

• The loop iterates over results from get_rule_listings without checking if rule_listing_start is None. This may lead to an attribute error if soup.find returns None; consider adding a check before using its attributes.

for rule_listing_start in get_rule_listings():

c/cert/src/rules/EXP16-C/DoNotCompareFunctionPointersToConstantValues.md:52

• [nitpick] There are two sections labeled 'Compliant Solution', which could be confusing. Consider differentiating the sections or merging them to clearly explain the distinct approaches.

```cpp
/* First the options that are allowed only for root */
if (getuid == (uid_t(*)(void))0 || geteuid != (uid_t(*)(void))0) { 

Tip: Copilot code review supports C#, Go, Java, JavaScript, Markdown, Python, Ruby and TypeScript, with more languages coming soon. Learn more

[lcartey]

Looks reasonable. I have one optional comment - whether we should consider excluding results which are guarding a call to the same function.