Merge branch '51-2cppnon-constant-format-alter-not-const-source' of https://github.com/microsoft/codeql into 51-2cppnon-constant-format-alter-not-const-source

Author: bdrodes

cpp/ql/src/change-notes/2024-02-16-non-constant-format.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The "non-constant format string" query (`cpp/non-constant-format`) has been updated to produce fewer false positives.

cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/consts/NonConstantFormat.expected

@@ -1,4 +1,3 @@
-| consts.cpp:81:9:81:10 | c8 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
 | consts.cpp:86:9:86:10 | v1 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
 | consts.cpp:91:9:91:10 | v2 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
 | consts.cpp:95:9:95:10 | v3 | The format string argument to printf should be constant to prevent security issues and other potential errors. |

cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/consts/consts.cpp

@@ -75,7 +75,7 @@ void a() {
  // GOOD: constFuncToArray() always returns a value from gc1, which is always constant
  printf(constFuncToArray(0));
 
- // BAD: format string is not constant
+ // BAD: format string is not constant [NOT DETECTED]
  char c8[10];
  sprintf(c8, "%d", 1);
  printf(c8);