From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182])
 by mx.groups.io with SMTP id smtpd.web11.668.1667953324673150143
 for <devel@edk2.groups.io>;
 Tue, 08 Nov 2022 16:22:04 -0800
Authentication-Results: mx.groups.io;
 dkim=fail reason="body hash did not verify" header.i=@linux.microsoft.com header.s=default header.b=PNJjEbHn;
 spf=pass (domain: linux.microsoft.com, ip: 13.77.154.182, mailfrom: mikuback@linux.microsoft.com)
Received: from localhost.localdomain (unknown [47.201.8.94])
	by linux.microsoft.com (Postfix) with ESMTPSA id 4F97520B929F;
	Tue,  8 Nov 2022 16:22:03 -0800 (PST)
DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 4F97520B929F
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com;
	s=default; t=1667953324;
	bh=LYiWhe7pk87jn8QtSgK2WGyCkYe+obeTZtsHSFDJLfg=;
	h=From:To:Cc:Subject:Date:From;
	b=PNJjEbHn6yuNqBiAwRaYwFtWR0m04iMKRq4iry78CsURQAlen2FeGWWe+wp6aRjv5
	 UcqWtpN/t9lh0iLyHSnu8xcke2mVUbSf/6PLUOPECLi0GBa3jMTgNSX4TcEfZhAOFP
	 OxAbOforY6iIvZzDe8/wwQKMSJtxqF47X5i31teQ=
From: "Michael Kubacki" <mikuback@linux.microsoft.com>
To: devel@edk2.groups.io
Cc: Bob Feng <bob.c.feng@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Yuwei Chen <yuwei.chen@intel.com>,
	Sean Brogan <sean.brogan@microsoft.com>,
	Michael D Kinney <michael.d.kinney@intel.com>
Subject: [PATCH v2 0/2] Enable CodeQL Failures and Add New Queries
Date: Tue,  8 Nov 2022 19:21:39 -0500
Message-Id: <20221109002141.1804-1-mikuback@linux.microsoft.com>
X-Mailer: git-send-email 2.28.0.windows.1
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

From: Michael Kubacki <michael.kubacki@microsoft.com>

When CodeQL was enabled, the goal was to enable the flow and not
impact build results. cpp/conditionallyuninitializedvariable was
the first and only query enabled with all CodeQL results filtered
out from affecting CI results.

This achieved the goal to enable CodeQL for future changes to build
upon but always get CodeQL successful runs in the meantime.

This patch series:
1. Swaps out that initial "placeholder" query with two queries that
   can be enabled with no code changes.
2. Enables "error" level CodeQL alerts.
3. Makes fixes made for a default query
   cpp/wrong-type-format-argument in BaseTools.

The results for (3) can be seen in the following Code Scanning
results that show the PR with these changes fixed the alerts raised
by CodeQL.

PR: https://github.com/tianocore/edk2/pull/3617

Code Scanning results (access may be required):
https://github.com/tianocore/edk2/security/code-scanning?query=3Dpr%3A361=
7+tool%3ACodeQL+is%3Aclosed

V2 Changes:

1. Use *InputFileName instead of InputFileName[0] in GenSec.c
2. Add R-b tags from v1 series

Cc: Bob Feng <bob.c.feng@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Yuwei Chen <yuwei.chen@intel.com>
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>

Michael Kubacki (2):
  BaseTools: Fix wrong type of arguments to formatting functions
  edk2.qls: Allow error severity results and add new queries

 BaseTools/Source/C/EfiRom/EfiRom.c          | 2 +-
 BaseTools/Source/C/GenFv/GenFvInternalLib.c | 2 +-
 BaseTools/Source/C/GenFw/Elf32Convert.c     | 2 +-
 BaseTools/Source/C/GenFw/Elf64Convert.c     | 6 +++---
 BaseTools/Source/C/GenSec/GenSec.c          | 4 ++--
 .github/codeql/codeql-config.yml            | 1 -
 .github/codeql/edk2.qls                     | 4 +++-
 7 files changed, 11 insertions(+), 10 deletions(-)

--=20
2.28.0.windows.1