[edk2-devel] [PATCH v3 7/7] BaseTools/Plugin/CodeQL: Enable 30 queries
Michael Kubacki
mikuback at linux.microsoft.com
Wed Oct 18 01:04:45 UTC 2023
From: Michael Kubacki <michael.kubacki at microsoft.com>
Updates the CodeQL queries opted into by edk2 to a set of queries from
the standard CodeQL query package `codeql/cpp-queries`.
After testing a large number of queries the included set here were
found to be the most useful with the least number of false positives.
Some queries had a number of issues that led to them being placed on
the exclusion list so that they are not considered in the future
without the notes there being taken into account.
General details about queries available in the pack are available here:
https://codeql.github.com/codeql-query-help/cpp/
The issues found by these queries will need to be fixed over time. In
the meantime, the results will show to those that have permission in
the repo's GitHub Code Scanning area. The build will not fail due to
CodeQL issues (since they are not all fixed) but that can be enabled in
the future.
Cc: Bob Feng <bob.c.feng at intel.com>
Cc: Liming Gao <gaoliming at byosoft.com.cn>
Cc: Michael D Kinney <michael.d.kinney at intel.com>
Cc: Rebecca Cran <rebecca at bsdio.com>
Cc: Sean Brogan <sean.brogan at microsoft.com>
Cc: Yuwei Chen <yuwei.chen at intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki at microsoft.com>
---
BaseTools/Plugin/CodeQL/CodeQlQueries.qls | 57 +++++++++++++++++---
1 file changed, 50 insertions(+), 7 deletions(-)
diff --git a/BaseTools/Plugin/CodeQL/CodeQlQueries.qls b/BaseTools/Plugin/CodeQL/CodeQlQueries.qls
index 3f97bcd583d5..1a5098322193 100644
--- a/BaseTools/Plugin/CodeQL/CodeQlQueries.qls
+++ b/BaseTools/Plugin/CodeQL/CodeQlQueries.qls
@@ -8,28 +8,71 @@
# Queries
##########################################################################################
-## Enable When Time is Available to Fix Issues
-# Hundreds of issues. Most appear valid. Type: Recommendation.
-#- include:
-# id: cpp/missing-null-test
-
## Errors
- include:
- id: cpp/overrunning-write
+ id: cpp/badoverflowguard
- include:
- id: cpp/overrunning-write-with-float
+ id: cpp/infiniteloop
+- include:
+ id: cpp/likely-bugs/memory-management/v2/conditionally-uninitialized-variable
+- include:
+ id: cpp/missing-null-test
+- include:
+ id: cpp/missing-return
+- include:
+ id: cpp/no-space-for-terminator
- include:
id: cpp/pointer-overflow-check
+- include:
+ id: cpp/redundant-null-check-simple
+- include:
+ id: cpp/sizeof/const-int-argument
+- include:
+ id: cpp/sizeof/sizeof-or-operation-as-argument
+- include:
+ id: cpp/unguardednullreturndereferenc
- include:
id: cpp/very-likely-overrunning-write
## Warnings
+- include:
+ id: cpp/comparison-with-wider-type
- include:
id: cpp/conditionallyuninitializedvariable
+- include:
+ id: cpp/comparison-precedence
+- include:
+ id: cpp/implicit-bitfield-downcast
- include:
id: cpp/infinite-loop-with-unsatisfiable-exit-condition
+- include:
+ id: cpp/offset-use-before-range-check
- include:
id: cpp/overflow-buffer
+- include:
+ id: cpp/overflow-calculated
+- include:
+ id: cpp/overflow-destination
+- include:
+ id: cpp/paddingbyteinformationdisclosure
+- include:
+ id: cpp/return-stack-allocated-memory
+- include:
+ id: cpp/static-buffer-overflow
+- include:
+ id: cpp/unsigned-comparison-zero
+- include:
+ id: cpp/uselesstest
+
+## Recommendations
+- include:
+ id: cpp/missing-header-guard
+- include:
+ id: cpp/unused-local-variable
+- include:
+ id: cpp/unused-static-function
+- include:
+ id: cpp/unused-static-variable
# Note: Some queries above are not active by default with the below filter.
# Update the filter and run the queries again to get all results.
--
2.42.0.windows.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#109701): https://edk2.groups.io/g/devel/message/109701
Mute This Topic: https://groups.io/mt/102031065/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list