ci: drop LGTM stuff and move remaining bits into a new location

3 files changed, 0 insertions, 180 deletions

diff --git a/.lgtm/cpp-queries/PotentiallyDangerousFunction.ql b/.lgtm/cpp-queries/PotentiallyDangerousFunction.ql
deleted file mode 100644
index 63fd14e75f..0000000000
--- a/.lgtm/cpp-queries/PotentiallyDangerousFunction.ql
+++ /dev/null
@@ -1,59 +0,0 @@
-/**
- * vi: sw=2 ts=2 et syntax=ql:
- *
- * Borrowed from
- * https://github.com/Semmle/ql/blob/master/cpp/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql
- *
- * @name Use of potentially dangerous function
- * @description Certain standard library functions are dangerous to call.
- * @id cpp/potentially-dangerous-function
- * @kind problem
- * @problem.severity error
- * @precision high
- * @tags reliability
- *       security
- */
-import cpp
-
-predicate potentiallyDangerousFunction(Function f, string message) {
-  (
-    f.getQualifiedName() = "fgets" and
-    message = "Call to fgets() is potentially dangerous. Use read_line() instead."
-  ) or (
-    f.getQualifiedName() = "strtok" and
-    message = "Call to strtok() is potentially dangerous. Use extract_first_word() instead."
-  ) or (
-    f.getQualifiedName() = "strsep" and
-    message = "Call to strsep() is potentially dangerous. Use extract_first_word() instead."
-  ) or (
-    f.getQualifiedName() = "dup" and
-    message = "Call to dup() is potentially dangerous. Use fcntl(fd, FD_DUPFD_CLOEXEC, 3) instead."
-  ) or (
-    f.getQualifiedName() = "htonl" and
-    message = "Call to htonl() is confusing. Use htobe32() instead."
-  ) or (
-    f.getQualifiedName() = "htons" and
-    message = "Call to htons() is confusing. Use htobe16() instead."
-  ) or (
-    f.getQualifiedName() = "ntohl" and
-    message = "Call to ntohl() is confusing. Use be32toh() instead."
-  ) or (
-    f.getQualifiedName() = "ntohs" and
-    message = "Call to ntohs() is confusing. Use be16toh() instead."
-  ) or (
-    f.getQualifiedName() = "strerror" and
-    message = "Call to strerror() is not thread-safe. Use strerror_r() or printf()'s %m format string instead."
-  ) or (
-    f.getQualifiedName() = "accept" and
-    message = "Call to accept() is not O_CLOEXEC-safe. Use accept4() instead."
-  ) or (
-    f.getQualifiedName() = "dirname" and
-    message = "Call dirname() is icky. Use path_extract_directory() instead."
-  )
-}
-
-from FunctionCall call, Function target, string message
-where
-  call.getTarget() = target and
-  potentiallyDangerousFunction(target, message)
-select call, message
diff --git a/.lgtm/cpp-queries/UninitializedVariableWithCleanup.ql b/.lgtm/cpp-queries/UninitializedVariableWithCleanup.ql
deleted file mode 100644
index 6b3b62f8bc..0000000000
--- a/.lgtm/cpp-queries/UninitializedVariableWithCleanup.ql
+++ /dev/null
@@ -1,110 +0,0 @@
-/**
- * vi: sw=2 ts=2 et syntax=ql:
- *
- * Based on cpp/uninitialized-local.
- *
- * @name Potentially uninitialized local variable using the cleanup attribute
- * @description Running the cleanup handler on a possibly uninitialized variable
- *              is generally a bad idea.
- * @id cpp/uninitialized-local-with-cleanup
- * @kind problem
- * @problem.severity error
- * @precision high
- * @tags security
- */
-
-import cpp
-import semmle.code.cpp.controlflow.StackVariableReachability
-
-/** Auxiliary predicate: List cleanup functions we want to explicitly ignore
-  * since they don't do anything illegal even when the variable is uninitialized
-  */
-predicate cleanupFunctionDenyList(string fun) {
-  fun = "erase_char"
-}
-
-/**
- * A declaration of a local variable using __attribute__((__cleanup__(x)))
- * that leaves the variable uninitialized.
- */
-DeclStmt declWithNoInit(LocalVariable v) {
-  result.getADeclaration() = v and
-  not v.hasInitializer() and
-  /* The variable has __attribute__((__cleanup__(...))) set */
-  v.getAnAttribute().hasName("cleanup") and
-  /* Check if the cleanup function is not on a deny list */
-  not cleanupFunctionDenyList(v.getAnAttribute().getAnArgument().getValueText())
-}
-
-class UninitialisedLocalReachability extends StackVariableReachability {
-  UninitialisedLocalReachability() { this = "UninitialisedLocal" }
-
-  override predicate isSource(ControlFlowNode node, StackVariable v) { node = declWithNoInit(v) }
-
-  /* Note: _don't_ use the `useOfVarActual()` predicate here (and a couple of lines
-   * below), as it assumes that the callee always modifies the variable if
-   * it's passed to the function.
-   *
-   * i.e.:
-   * _cleanup_free char *x;
-   * fun(&x);
-   * puts(x);
-   *
-   * `useOfVarActual()` won't treat this an an uninitialized read even if the callee
-   * doesn't modify the argument, however, `useOfVar()` will
-   */
-  override predicate isSink(ControlFlowNode node, StackVariable v) { useOfVar(v, node) }
-
-  override predicate isBarrier(ControlFlowNode node, StackVariable v) {
-    // only report the _first_ possibly uninitialized use
-    useOfVar(v, node) or
-    (
-      /* If there's an return statement somewhere between the variable declaration
-       * and a possible definition, don't accept is as a valid initialization.
-       *
-       * E.g.:
-       * _cleanup_free_ char *x;
-       * ...
-       * if (...)
-       *    return;
-       * ...
-       * x = malloc(...);
-       *
-       * is not a valid initialization, since we might return from the function
-       * _before_ the actual iniitialization (emphasis on _might_, since we
-       * don't know if the return statement might ever evaluate to true).
-       */
-      definitionBarrier(v, node) and
-      not exists(ReturnStmt rs |
-                 /* The attribute check is "just" a complexity optimization */
-                 v.getFunction() = rs.getEnclosingFunction() and v.getAnAttribute().hasName("cleanup") |
-                 rs.getLocation().isBefore(node.getLocation())
-      )
-    )
-  }
-}
-
-pragma[noinline]
-predicate containsInlineAssembly(Function f) { exists(AsmStmt s | s.getEnclosingFunction() = f) }
-
-/**
- * Auxiliary predicate: List common exceptions or false positives
- * for this check to exclude them.
- */
-VariableAccess commonException() {
-  // If the uninitialized use we've found is in a macro expansion, it's
-  // typically something like va_start(), and we don't want to complain.
-  result.getParent().isInMacroExpansion()
-  or
-  result.getParent() instanceof BuiltInOperation
-  or
-  // Finally, exclude functions that contain assembly blocks. It's
-  // anyone's guess what happens in those.
-  containsInlineAssembly(result.getEnclosingFunction())
-}
-
-from UninitialisedLocalReachability r, LocalVariable v, VariableAccess va
-where
-  r.reaches(_, v, va) and
-  not va = commonException()
-select va, "The variable $@ may not be initialized here, but has a cleanup handler.", v, v.getName()
diff --git a/.lgtm/cpp-queries/qlpack.yml b/.lgtm/cpp-queries/qlpack.yml
deleted file mode 100644
index a1a2dec6d6..0000000000
--- a/.lgtm/cpp-queries/qlpack.yml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-# vi: ts=2 sw=2 et syntax=yaml:
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-library: false
-name: systemd/cpp-queries
-version: 0.0.1
-dependencies:
-  codeql/cpp-all: "*"
-  codeql/suite-helpers: "*"
-extractor: cpp