ByteDecoder
diff --git a/‎config/identical-files.json
Lines changed: 15 additions & 0 deletions b/‎config/identical-files.json
Lines changed: 15 additions & 0 deletions
diff --git a/‎cpp/change-notes/2020-11-02-unused-local-variable.md
Lines changed: 2 additions & 0 deletions b/‎cpp/change-notes/2020-11-02-unused-local-variable.md
Lines changed: 2 additions & 0 deletions
diff --git a/‎cpp/change-notes/2020-11-05-private-models.md
Lines changed: 3 additions & 0 deletions b/‎cpp/change-notes/2020-11-05-private-models.md
Lines changed: 3 additions & 0 deletions
diff --git a/‎cpp/change-notes/2020-11-12-unsafe-use-of-this.md
Lines changed: 2 additions & 0 deletions b/‎cpp/change-notes/2020-11-12-unsafe-use-of-this.md
Lines changed: 2 additions & 0 deletions
diff --git a/‎cpp/change-notes/2020-11-27-downgrade-to-recommendation.md
Lines changed: 2 additions & 0 deletions b/‎cpp/change-notes/2020-11-27-downgrade-to-recommendation.md
Lines changed: 2 additions & 0 deletions
diff --git a/‎cpp/config/suites/cpp/correctness
Lines changed: 1 addition & 0 deletions b/‎cpp/config/suites/cpp/correctness
Lines changed: 1 addition & 0 deletions
diff --git a/‎cpp/ql/src/Best Practices/Hiding/LocalVariableHidesGlobalVariable.ql
Lines changed: 1 addition & 1 deletion b/‎cpp/ql/src/Best Practices/Hiding/LocalVariableHidesGlobalVariable.ql
Lines changed: 1 addition & 1 deletion
diff --git a/‎cpp/ql/src/Best Practices/Unused Entities/UnusedLocals.ql
Lines changed: 8 additions & 1 deletion b/‎cpp/ql/src/Best Practices/Unused Entities/UnusedLocals.ql
Lines changed: 8 additions & 1 deletion
diff --git a/‎cpp/ql/src/Critical/NewDelete.qll
Lines changed: 0 additions & 2 deletions b/‎cpp/ql/src/Critical/NewDelete.qll
Lines changed: 0 additions & 2 deletions
diff --git a/‎cpp/ql/src/IDEContextual.qll
Lines changed: 22 additions & 0 deletions b/‎cpp/ql/src/IDEContextual.qll
Lines changed: 22 additions & 0 deletions
@@ -358,6 +358,14 @@
     "cpp/ql/test/TestUtilities/InlineExpectationsTest.qll",
     "python/ql/test/TestUtilities/InlineExpectationsTest.qll"
   ],
+  "C++ ExternalAPIs": [
+    "cpp/ql/src/Security/CWE/CWE-020/ExternalAPIs.qll",
+    "cpp/ql/src/Security/CWE/CWE-020/ir/ExternalAPIs.qll"
+  ],
+  "C++ SafeExternalAPIFunction": [
+    "cpp/ql/src/Security/CWE/CWE-020/SafeExternalAPIFunction.qll",
+    "cpp/ql/src/Security/CWE/CWE-020/ir/SafeExternalAPIFunction.qll"
+  ],
   "XML": [
     "cpp/ql/src/semmle/code/cpp/XML.qll",
     "csharp/ql/src/semmle/code/csharp/XML.qll",
@@ -409,5 +417,12 @@
     "java/ql/src/Metrics/Files/CommentedOutCodeReferences.qhelp",
     "javascript/ql/src/Comments/CommentedOutCodeReferences.qhelp",
     "python/ql/src/Lexical/CommentedOutCodeReferences.qhelp"
+  ],
+  "IDE Contextual Queries": [
+    "cpp/ql/src/IDEContextual.qll",
+    "csharp/ql/src/IDEContextual.qll",
+    "java/ql/src/IDEContextual.qll",
+    "javascript/ql/src/IDEContextual.qll",
+    "python/ql/src/analysis/IDEContextual.qll"
   ]
 }
@@ -0,0 +1,2 @@
+lgtm,codescanning
+* Two issues causing the 'Unused local variable' query (`cpp/unused-local-variable`) to produce false positive results have been fixed.
@@ -0,0 +1,3 @@
+lgtm,codescanning
+* Various classes in `semmle.code.cpp.models.implementations` have been made private. Users should not depend on library implementation details.
+* The `OperatorNewAllocationFunction`, `OperatorDeleteDeallocationFunction`, `Iterator` and `Snprintf` classes now have interfaces in `semmle.code.cpp.models.interfaces`.
@@ -0,0 +1,2 @@
+lgtm,codescanning
+* A new query (`cpp/unsafe-use-of-this`) has been added. The query finds pure virtual function calls whose qualifier is an object under construction.
@@ -0,0 +1,2 @@
+lgtm,codescanning
+* The queries `cpp/local-variable-hides-global-variable` and `cpp/missing-header-guard` now have severity `recommendation` instead of `warning`.
@@ -9,6 +9,7 @@
 + semmlecode-cpp-queries/Likely Bugs/Conversion/CastArrayPointerArithmetic.ql: /Correctness/Dangerous Conversions
 + semmlecode-cpp-queries/Likely Bugs/Underspecified Functions/MistypedFunctionArguments.ql: /Correctness/Dangerous Conversions
 + semmlecode-cpp-queries/Security/CWE/CWE-253/HResultBooleanConversion.ql: /Correctness/Dangerous Conversions
++ semmlecode-cpp-queries/Likely Bugs/OO/UnsafeUseOfThis.ql: /Correctness/Dangerous Conversions
   # Consistent Use
 + semmlecode-cpp-queries/Critical/ReturnValueIgnored.ql: /Correctness/Consistent Use
 + semmlecode-cpp-queries/Likely Bugs/InconsistentCheckReturnNull.ql: /Correctness/Consistent Use
 
@@ -2,7 +2,7 @@
  * @name Local variable hides global variable
  * @description A local variable or parameter that hides a global variable of the same name. This may be confusing. Consider renaming one of the variables.
  * @kind problem
- * @problem.severity warning
+ * @problem.severity recommendation
  * @precision very-high
  * @id cpp/local-variable-hides-global-variable
  * @tags maintainability
 
@@ -57,5 +57,12 @@ where
   not declarationHasSideEffects(v) and
   not exists(AsmStmt s | f = s.getEnclosingFunction()) and
   not v.getAnAttribute().getName() = "unused" and
-  not any(ErrorExpr e).getEnclosingFunction() = f // unextracted expr likely used `v`
+  not any(ErrorExpr e).getEnclosingFunction() = f and // unextracted expr may use `v`
+  not exists(
+    Literal l // this case can be removed when the `myFunction2( [obj](){} );` test case doesn't depend on this exclusion
+  |
+    l.getEnclosingFunction() = f and
+    not exists(l.getValue())
+  ) and
+  not any(ConditionDeclExpr cde).getEnclosingFunction() = f // this case can be removed when the `if (a = b; a)` test case doesn't depend on this exclusion
 select v, "Variable " + v.getName() + " is not used"
@@ -5,8 +5,6 @@
 import cpp
 import semmle.code.cpp.controlflow.SSA
 import semmle.code.cpp.dataflow.DataFlow
-import semmle.code.cpp.models.implementations.Allocation
-import semmle.code.cpp.models.implementations.Deallocation
 
 /**
  * Holds if `alloc` is a use of `malloc` or `new`.  `kind` is
 
@@ -0,0 +1,22 @@
+/**
+ * Provides shared predicates related to contextual queries in the code viewer.
+ */
+
+import semmle.files.FileSystem
+
+/**
+ * Returns the `File` matching the given source file name as encoded by the VS
+ * Code extension.
+ */
+cached
+File getFileBySourceArchiveName(string name) {
+  // The name provided for a file in the source archive by the VS Code extension
+  // has some differences from the absolute path in the database:
+  // 1. colons are replaced by underscores
+  // 2. there's a leading slash, even for Windows paths: "C:/foo/bar" ->
+  //    "/C_/foo/bar"
+  // 3. double slashes in UNC prefixes are replaced with a single slash
+  // We can handle 2 and 3 together by unconditionally adding a leading slash
+  // before replacing double slashes.
+  name = ("/" + result.getAbsolutePath().replaceAll(":", "_")).replaceAll("//", "/")
+}
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+lgtm,codescanning`
	`2`	+* Two issues causing the 'Unused local variable' query (`cpp/unused-local-variable`) to produce false positive results have been fixed.
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+lgtm,codescanning`
	`2`	+* Various classes in `semmle.code.cpp.models.implementations` have been made private. Users should not depend on library implementation details.
	`3`	+* The `OperatorNewAllocationFunction`, `OperatorDeleteDeallocationFunction`, `Iterator` and `Snprintf` classes now have interfaces in `semmle.code.cpp.models.interfaces`.
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+lgtm,codescanning`
	`2`	+* A new query (`cpp/unsafe-use-of-this`) has been added. The query finds pure virtual function calls whose qualifier is an object under construction.
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+lgtm,codescanning`
	`2`	+* The queries `cpp/local-variable-hides-global-variable` and `cpp/missing-header-guard` now have severity `recommendation` instead of `warning`.