Reuse A2-13-4 as an audit query for undefined behavior.

[MichaelRFairhurst]

Description

please enter the description of your change here

Change request type

• Release or process automation (GitHub workflows, internal scripts)
• Internal documentation
• External documentation
• Query files (.ql, .qll, .qls or unit tests)
• External scripts (analysis report or other code shipped as part of a release)

Rules with added or modified queries

• No rules added
• Queries have been added for the following rules:
  • RULE-4-1-3
• Queries have been modified for the following rules:
  • A2-13-4

Release change checklist

A change note (development_handbook.md#change-notes) is required for any pull request which modifies:

• The structure or layout of the release artifacts.
• The evaluation performance (memory, execution time) of an existing query.
• The results of an existing query in any circumstance.

If you are only adding new rule queries, a change note is not required.

Author: Is a change note required?

• Yes
• No

🚨🚨🚨
Reviewer: Confirm that format of shared queries (not the .qll file, the
.ql file that imports it) is valid by running them within VS Code.

• Confirmed

Reviewer: Confirm that either a change note is not required or the change note is required and has been added.

• Confirmed

Query development review checklist

For PRs that add new queries or modify existing queries, the following checklist should be completed by both the author and reviewer:

Author

• Have all the relevant rule package description files been checked in?
• Have you verified that the metadata properties of each new query is set appropriately?
• Do all the unit tests contain both "COMPLIANT" and "NON_COMPLIANT" cases?
• Are the alert messages properly formatted and consistent with the style guide?
• Have you run the queries on OpenPilot and verified that the performance and results are acceptable?
  As a rule of thumb, predicates specific to the query should take no more than 1 minute, and for simple queries be under 10 seconds. If this is not the case, this should be highlighted and agreed in the code review process.
• Does the query have an appropriate level of in-query comments/documentation?
• Have you considered/identified possible edge cases?
• Does the query not reinvent features in the standard library?
• Can the query be simplified further (not golfed!)

Reviewer

• Have all the relevant rule package description files been checked in?
• Have you verified that the metadata properties of each new query is set appropriately?
• Do all the unit tests contain both "COMPLIANT" and "NON_COMPLIANT" cases?
• Are the alert messages properly formatted and consistent with the style guide?
• Have you run the queries on OpenPilot and verified that the performance and results are acceptable?
  As a rule of thumb, predicates specific to the query should take no more than 1 minute, and for simple queries be under 10 seconds. If this is not the case, this should be highlighted and agreed in the code review process.
• Does the query have an appropriate level of in-query comments/documentation?
• Have you considered/identified possible edge cases?
• Does the query not reinvent features in the standard library?
• Can the query be simplified further (not golfed!)

[Copilot]

Pull request overview

This PR refactors the AUTOSAR A2-13-4 query for “string literals assigned to non-const pointers” into a shared implementation, and reuses that shared logic to add a MISRA C++ RULE-4-1-3 audit query under the “Undefined behavior” rule package.

Changes:

• Extracted the A2-13-4 query logic into a new shared module (StringLiteralsAssignedToNonConstantPointersShared) and updated the AUTOSAR query to import it.
• Added a new MISRA RULE-4-1-3 audit query that reuses the shared implementation, plus corresponding rule-package and exclusions metadata wiring.
• Added shared tests for the new shared module and referenced them from both AUTOSAR and MISRA test trees; added a change note.

Reviewed changes

Copilot reviewed 11 out of 13 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
rule_packages/cpp/Undefined.json	Adds a new audit query entry (RULE-4-1-3) reusing the shared implementation.
rule_packages/cpp/Strings.json	Links A2-13-4 to the shared implementation via shared_implementation_short_name.
cpp/misra/test/rules/RULE-4-1-3/StringLiteralPossiblyModifiedAudit.testref	Points MISRA test coverage to the shared-module test query.
cpp/misra/src/rules/RULE-4-1-3/StringLiteralPossiblyModifiedAudit.ql	New MISRA audit query that instantiates the shared module with UndefinedPackage exclusions.
cpp/common/test/rules/stringliteralsassignedtononconstantpointersshared/test.cpp	Adds the shared-module C++ test cases for string-literal-to-non-const-pointer conversions.
cpp/common/test/rules/stringliteralsassignedtononconstantpointersshared/StringLiteralsAssignedToNonConstantPointersShared.ql	Adds the shared-module test query driver (generated) for the shared tests.
cpp/common/test/rules/stringliteralsassignedtononconstantpointersshared/StringLiteralsAssignedToNonConstantPointersShared.expected	Expected results for the shared-module tests.
cpp/common/src/codingstandards/cpp/rules/stringliteralsassignedtononconstantpointersshared/StringLiteralsAssignedToNonConstantPointersShared.qll	New shared implementation of the query logic.
cpp/common/src/codingstandards/cpp/exclusions/cpp/Undefined.qll	Wires the new MISRA audit query into Undefined package query metadata/exclusions.
cpp/autosar/test/rules/A2-13-4/StringLiteralsAssignedToNonConstantPointers.testref	Points AUTOSAR test coverage to the shared-module test query.
cpp/autosar/test/rules/A2-13-4/StringLiteralsAssignedToNonConstantPointers.qlref	Removes the old direct production-query reference in favor of .testref.
cpp/autosar/src/rules/A2-13-4/StringLiteralsAssignedToNonConstantPointers.ql	Refactors AUTOSAR query to instantiate the shared module.
change_notes/2026-03-13-make-string-literal-query-shared.md	Change note documenting the refactor and intended no-behavior-change.