From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182])
 by mx.groups.io with SMTP id smtpd.web11.1845.1667937113722547869
 for <devel@edk2.groups.io>;
 Tue, 08 Nov 2022 11:51:53 -0800
Authentication-Results: mx.groups.io;
 dkim=fail reason="body hash did not verify" header.i=@linux.microsoft.com header.s=default header.b=WID2yO2F;
 spf=pass (domain: linux.microsoft.com, ip: 13.77.154.182, mailfrom: mikuback@linux.microsoft.com)
Received: from localhost.localdomain (unknown [47.201.8.94])
	by linux.microsoft.com (Postfix) with ESMTPSA id 0215520B9F80;
	Tue,  8 Nov 2022 11:51:51 -0800 (PST)
DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 0215520B9F80
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com;
	s=default; t=1667937113;
	bh=6w/a82KtP07JKEC1Ql6lu0mgCR68zWQoF5D1aXYZXAY=;
	h=From:To:Cc:Subject:Date:From;
	b=WID2yO2FZM0cEL2R+UK5oiBiQDvtIEpw1NelEmpceUCCU03I7wCtlZpsl2DOpnz7+
	 b56GHJlcDABoqtMz20Rq4CEzvvQK3P+wcGoKUYjjB/y9qqM4ZLWK5ANOD2YD/7fusE
	 XHzKMpdx7xMgxqYlMfCafvC8O+vmWz1wzFtP/F4k=
From: "Michael Kubacki" <mikuback@linux.microsoft.com>
To: devel@edk2.groups.io
Cc: Bob Feng <bob.c.feng@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Yuwei Chen <yuwei.chen@intel.com>,
	Sean Brogan <sean.brogan@microsoft.com>,
	Michael D Kinney <michael.d.kinney@intel.com>
Subject: [PATCH v1 0/2] Enable CodeQL Failures and Add New Queries
Date: Tue,  8 Nov 2022 14:51:30 -0500
Message-Id: <20221108195132.1463-1-mikuback@linux.microsoft.com>
X-Mailer: git-send-email 2.28.0.windows.1
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

From: Michael Kubacki <michael.kubacki@microsoft.com>

When CodeQL was enabled, the goal was to enable the flow and not
impact build results. cpp/conditionallyuninitializedvariable was
the first and only query enabled with all CodeQL results filtered
out from affecting CI results.

This achieved the goal to enable CodeQL for future changes to build
upon but always get CodeQL successful runs in the meantime.

This patch series:
1. Swaps out that initial "placeholder" query with two queries that
   can be enabled with no code changes.
2. Enables "error" level CodeQL alerts.
3. Makes fixes made for a default query
   cpp/wrong-type-format-argument in BaseTools.

The results for (3) can be seen in the following Code Scanning
results that show the PR with these changes fixed the alerts raised
by CodeQL.

PR: https://github.com/tianocore/edk2/pull/3617

Code Scanning results (access may be required):
https://github.com/tianocore/edk2/security/code-scanning?query=3Dpr%3A361=
7+tool%3ACodeQL+is%3Aclosed

Cc: Bob Feng <bob.c.feng@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Yuwei Chen <yuwei.chen@intel.com>
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>

Michael Kubacki (2):
  BaseTools: Fix wrong type of arguments to formatting functions
  edk2.qls: Allow error severity results and add new queries

 BaseTools/Source/C/EfiRom/EfiRom.c          | 2 +-
 BaseTools/Source/C/GenFv/GenFvInternalLib.c | 2 +-
 BaseTools/Source/C/GenFw/Elf32Convert.c     | 2 +-
 BaseTools/Source/C/GenFw/Elf64Convert.c     | 6 +++---
 BaseTools/Source/C/GenSec/GenSec.c          | 4 ++--
 .github/codeql/codeql-config.yml            | 1 -
 .github/codeql/edk2.qls                     | 4 +++-
 7 files changed, 11 insertions(+), 10 deletions(-)

--=20
2.28.0.windows.1