From: "Michael Kubacki" <mikuback@linux.microsoft.com>
To: devel@edk2.groups.io
Cc: Bob Feng <bob.c.feng@intel.com>, Dandan Bi <dandan.bi@intel.com>,
Eric Dong <eric.dong@intel.com>,
Erich McMillan <emcmillan@microsoft.com>,
Guomin Jiang <guomin.jiang@intel.com>,
Jian J Wang <jian.j.wang@intel.com>,
Jiaxin Wu <jiaxin.wu@intel.com>,
Jiewen Yao <jiewen.yao@intel.com>,
Liming Gao <gaoliming@byosoft.com.cn>,
Maciej Rabeda <maciej.rabeda@linux.intel.com>,
Michael D Kinney <michael.d.kinney@intel.com>,
Michael Kubacki <mikuback@linux.microsoft.com>,
Rahul Kumar <rahul1.kumar@intel.com>, Ray Ni <ray.ni@intel.com>,
Sean Brogan <sean.brogan@microsoft.com>,
Siyuan Fu <siyuan.fu@intel.com>, Star Zeng <star.zeng@intel.com>,
Xiaoyu Lu <xiaoyu1.lu@intel.com>,
Yuwei Chen <yuwei.chen@intel.com>,
Zhichao Gao <zhichao.gao@intel.com>,
Zhiguang Liu <zhiguang.liu@intel.com>
Subject: [PATCH v1 00/12] Enable New CodeQL Queries
Date: Wed, 9 Nov 2022 12:32:34 -0500 [thread overview]
Message-ID: <20221109173246.174-1-mikuback@linux.microsoft.com> (raw)
From: Michael Kubacki <michael.kubacki@microsoft.com>
Adds queries for the following:
1. cpp/conditionallyuninitializedvariable
2. cpp/pointer-overflow-check
3. cpp/overrunning-write
4. cpp/overrunning-write-with-float
5. cpp/very-likely-overrunning-write
These check for vulnerabilities with the following CWEs:
- https://cwe.mitre.org/data/definitions/120.html
- https://cwe.mitre.org/data/definitions/457.html
- https://cwe.mitre.org/data/definitions/676.html
- https://cwe.mitre.org/data/definitions/758.html
- https://cwe.mitre.org/data/definitions/787.html
- https://cwe.mitre.org/data/definitions/805.html
The first part of this patch series contains fixes for CodeQL alerts
across various packages that are produced by the new queries being
enabled.
The second part updates the CodeQL queries.
Cc: Bob Feng <bob.c.feng@intel.com>
Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Erich McMillan <emcmillan@microsoft.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Michael Kubacki <mikuback@linux.microsoft.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
Cc: Yuwei Chen <yuwei.chen@intel.com>
Cc: Zhichao Gao <zhichao.gao@intel.com>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Erich McMillan (1):
MdeModulePkg/SmbiosDxe: Fix pointer and buffer overflow CodeQL alerts
Michael Kubacki (11):
BaseTools/PatchCheck.py: Add PCCTS to tab exemption list
BaseTools/VfrCompile: Fix potential buffer overwrites
CryptoPkg: Fix conditionally uninitialized variable
MdeModulePkg: Fix conditionally uninitialized variables
MdePkg: Fix conditionally uninitialized variables
NetworkPkg: Fix conditionally uninitialized variables
PcAtChipsetPkg: Fix conditionally uninitialized variables
ShellPkg: Fix conditionally uninitialized variables
UefiCpuPkg: Fix conditionally uninitialized variables
.github/codeql/edk2.qls: Enable CWE 457, 676, and 758 queries
.github/codeql/edk2.qls: Enable CWE 120, 787, and 805 queries
BaseTools/Source/C/VfrCompile/Pccts/antlr/gen.c | 10 ++--
BaseTools/Source/C/VfrCompile/Pccts/antlr/main.c | 4 +-
CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 21 ++++----
MdeModulePkg/Bus/Pci/PciBusDxe/PciIo.c | 5 +-
MdeModulePkg/Bus/Pci/UhciDxe/Uhci.c | 24 +++++----
MdeModulePkg/Core/Dxe/Mem/Page.c | 17 +++---
MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootOption.c | 25 +++++----
MdeModulePkg/Library/FileExplorerLib/FileExplorer.c | 5 +-
MdeModulePkg/Universal/BdsDxe/BdsEntry.c | 33 ++++++------
MdeModulePkg/Universal/DisplayEngineDxe/ProcessOptions.c | 11 ++--
MdeModulePkg/Universal/HiiDatabaseDxe/Font.c | 14 +++--
MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c | 4 +-
MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c | 2 +-
MdePkg/Library/BaseLib/String.c | 20 ++++---
NetworkPkg/Library/DxeHttpLib/DxeHttpLib.c | 2 +-
NetworkPkg/TcpDxe/TcpInput.c | 3 ++
PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcRtc.c | 9 ++--
ShellPkg/Application/Shell/Shell.c | 2 +-
ShellPkg/Application/Shell/ShellProtocol.c | 4 +-
ShellPkg/Library/UefiShellCommandLib/UefiShellCommandLib.c | 56 +++++++++++---------
ShellPkg/Library/UefiShellDebug1CommandsLib/Dblk.c | 18 ++++---
ShellPkg/Library/UefiShellDebug1CommandsLib/EfiDecompress.c | 9 ++--
ShellPkg/Library/UefiShellDriver1CommandsLib/Connect.c | 14 ++---
ShellPkg/Library/UefiShellDriver1CommandsLib/Disconnect.c | 17 +++---
ShellPkg/Library/UefiShellDriver1CommandsLib/DrvDiag.c | 21 ++++----
UefiCpuPkg/CpuMpPei/CpuBist.c | 8 ++-
UefiCpuPkg/CpuMpPei/CpuMpPei.c | 8 ++-
UefiCpuPkg/CpuMpPei/CpuPaging.c | 9 +++-
.github/codeql/edk2.qls | 10 ++++
BaseTools/Scripts/PatchCheck.py | 4 +-
MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf | 1 +
31 files changed, 238 insertions(+), 152 deletions(-)
--
2.28.0.windows.1
next reply other threads:[~2022-11-09 17:33 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-09 17:32 Michael Kubacki [this message]
2022-11-09 17:32 ` [PATCH v1 01/12] MdeModulePkg/SmbiosDxe: Fix pointer and buffer overflow CodeQL alerts Michael Kubacki
2022-11-24 1:28 ` [edk2-devel] " Michael D Kinney
2022-11-24 1:46 ` Michael Kubacki
2022-11-09 17:32 ` [PATCH v1 02/12] BaseTools/PatchCheck.py: Add PCCTS to tab exemption list Michael Kubacki
2022-11-24 1:30 ` Michael D Kinney
2022-11-09 17:32 ` [PATCH v1 03/12] BaseTools/VfrCompile: Fix potential buffer overwrites Michael Kubacki
2022-11-24 1:32 ` [edk2-devel] " Michael D Kinney
2022-11-09 17:32 ` [PATCH v1 04/12] CryptoPkg: Fix conditionally uninitialized variable Michael Kubacki
2022-11-24 1:37 ` [edk2-devel] " Michael D Kinney
2022-11-24 1:47 ` Michael Kubacki
2022-11-09 17:32 ` [PATCH v1 05/12] MdeModulePkg: Fix conditionally uninitialized variables Michael Kubacki
2022-11-09 17:32 ` [PATCH v1 06/12] MdePkg: " Michael Kubacki
2022-11-24 1:53 ` Michael D Kinney
2022-11-24 1:59 ` Michael Kubacki
2022-11-09 17:32 ` [PATCH v1 07/12] NetworkPkg: " Michael Kubacki
2022-11-24 1:59 ` Michael D Kinney
2022-11-09 17:32 ` [PATCH v1 08/12] PcAtChipsetPkg: " Michael Kubacki
2022-11-24 2:00 ` Michael D Kinney
2022-11-24 5:01 ` Ni, Ray
2022-11-09 17:32 ` [PATCH v1 09/12] ShellPkg: " Michael Kubacki
2022-11-24 2:19 ` Gao, Zhichao
2022-11-24 2:36 ` [edk2-devel] " Michael Kubacki
2022-11-09 17:32 ` [PATCH v1 10/12] UefiCpuPkg: " Michael Kubacki
2022-11-24 2:04 ` [edk2-devel] " Michael D Kinney
2022-11-24 2:14 ` Michael Kubacki
2022-11-24 2:31 ` Michael D Kinney
2022-11-24 5:12 ` Ni, Ray
2022-11-28 22:50 ` Michael Kubacki
2022-11-09 17:32 ` [PATCH v1 11/12] .github/codeql/edk2.qls: Enable CWE 457, 676, and 758 queries Michael Kubacki
2022-11-24 2:05 ` [edk2-devel] " Michael D Kinney
2022-11-09 17:32 ` [PATCH v1 12/12] .github/codeql/edk2.qls: Enable CWE 120, 787, and 805 queries Michael Kubacki
2022-11-24 2:06 ` Michael D Kinney
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221109173246.174-1-mikuback@linux.microsoft.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox