Merge pull request #15463 from microsoft/42-false-positive-cpp-uninitializedlocal

False positive fix for cpp/uninitialized-local

Author: MathiasVP

cpp/ql/src/Likely Bugs/Memory Management/UninitializedLocal.ql

@@ -56,6 +56,8 @@ VariableAccess commonException() {
   // Finally, exclude functions that contain assembly blocks. It's
   // anyone's guess what happens in those.
   containsInlineAssembly(result.getEnclosingFunction())
+  or
+  exists(Call c | c.getQualifier() = result | c.getTarget().isStatic())
 }
 
 predicate isSinkImpl(Instruction sink, VariableAccess va) {

cpp/ql/src/change-notes/2024-01-29-uninitialized-local-false-positive.md

@@ -0,0 +1,5 @@
+---
+category: minorAnalysis
+---
+* The "Potentially uninitialized local variable" query (`cpp/uninitialized-local`) no longer reports an alert when the local variable is used as a qualifier to a static member function call.
+* ```

cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/test.cpp

@@ -532,4 +532,16 @@ int non_exhaustive_switch_2(State s) {
 		return y; // GOOD (y is not initialized when s = StateC, but if s = StateC we won't reach this point)
 	}
 	return 0;
+}
+
+class StaticMethodClass{
+    public:
+    static int get(){
+        return 1;
+    }
+};
+
+int static_method_false_positive(){
+    StaticMethodClass *t;
+	int i = t->get(); // GOOD: the `get` method is static and this is equivalent to StaticMethodClass::get()
 }