codeql: detect swapped decl/def function parameters

two-heart · two-heart · commit 9ea2941d2292 · 2025-05-16T09:55:13.000+02:00
Written to detect variants of #4900 in ci. Found #5129 locally. Drive-by: fix id of recent vtable query.
diff --git a/contrib/codeql/nightly/AccountVTableMismatch.ql b/contrib/codeql/nightly/AccountVTableMismatch.ql
@@ -5,7 +5,7 @@
  * @kind problem
  * @problem.severity warning
  * @precision high
- * @id asymmetric-research/account-meta-deref-before-modify
+ * @id asymmetric-research/account-vtable-mismatch
  */
 
 import cpp
diff --git a/contrib/codeql/nightly/SwappedParameters.ql b/contrib/codeql/nightly/SwappedParameters.ql
@@ -0,0 +1,23 @@
+/**
+ * @name Swapped Parameters
+ * @description Detects cases where the parameters of a function are
+ * swapped between the function definition and the function
+ * implementation. If the both parameters are the same type and have the
+ * the compiler will not warn about it, but this confusion can easily
+ * lead to bugs.
+ * @kind problem
+ * @problem.severity warning
+ * @precision high
+ * @id asymmetric-research/swapped-parameters
+ */
+
+import cpp
+import filter
+
+from Function f, ParameterDeclarationEntry defP, Parameter implP
+where included(f.getLocation()) and
+implP = f.getAParameter() and
+defP = f.getADeclarationEntry().getAParameterDeclarationEntry() and
+defP.getName() = implP.getName() and
+defP.getIndex() != implP.getIndex()
+select defP, implP
