From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by mx.groups.io with SMTP id smtpd.web10.156514.1669743230722665705 for ; Tue, 29 Nov 2022 09:33:50 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@linux.microsoft.com header.s=default header.b=IO7muB/F; spf=pass (domain: linux.microsoft.com, ip: 13.77.154.182, mailfrom: mikuback@linux.microsoft.com) Received: from localhost.localdomain (unknown [47.201.8.94]) by linux.microsoft.com (Postfix) with ESMTPSA id C393220B717A; Tue, 29 Nov 2022 09:33:49 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com C393220B717A DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1669743230; bh=tUvFJkNd3uMwCvSoI6hae5k6PXQy38XkhvTJZ7d4Zzk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=IO7muB/FlPbdUQijkBGIfR26/L2RPunmFEUjdaPg+ie689sPAO2EbJlL41QNUtc7r Vi2pbnlRFn6wvw5wia1xgfxe4bDPmrqja+iVGvwBpat8M6eNS3HCLLRpxzMFMtEzHi 9HPR34/Kfwf9QrBrehe2thWLnGf+yMxHKJY0txT8= From: "Michael Kubacki" To: devel@edk2.groups.io Cc: Sean Brogan , Michael Kubacki , Michael D Kinney Subject: [PATCH v2 11/12] .github/codeql/edk2.qls: Enable CWE 457, 676, and 758 queries Date: Tue, 29 Nov 2022 12:32:45 -0500 Message-Id: <20221129173246.2182-12-mikuback@linux.microsoft.com> X-Mailer: git-send-email 2.28.0.windows.1 In-Reply-To: <20221129173246.2182-1-mikuback@linux.microsoft.com> References: <20221129173246.2182-1-mikuback@linux.microsoft.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable From: Michael Kubacki The previous commits fixed issues with these queries across various packages. Now that those are resolved, enable the queries in the edk2 query set so regressions can be found in the future. Enables: 1. cpp/conditionallyuninitializedvariable - CWE: https://cwe.mitre.org/data/definitions/457.html - @name Conditionally uninitialized variable - @description An initialization function is used to initialize a local variable, but the returned status code is not checked. The variable may be left in an uninitialized state, and reading the variable may result in undefined behavior. - @kind problem - @problem.severity warning - @security-severity 7.8 - @id cpp/conditionally-uninitialized-variable - @tags security - external/cwe/cwe-457 2. cpp/pointer-overflow-check - CWE: https://cwe.mitre.org/data/definitions/758.html - @name Pointer overflow check - @description Adding a value to a pointer to check if it overflows relies on undefined behavior and may lead to memory corruption. - @kind problem - @problem.severity error - @security-severity 2.1 - @precision high - @id cpp/pointer-overflow-check - @tags reliability - security - external/cwe/cwe-758 3. cpp/potential-buffer-overflow - CWE: https://cwe.mitre.org/data/definitions/676.html - @name Potential buffer overflow - @description Using a library function that does not check buffer bounds requires the surrounding program to be very carefully written to avoid buffer overflows. - @kind problem - @id cpp/potential-buffer-overflow - @problem.severity warning - @security-severity 10.0 - @tags reliability - security - external/cwe/cwe-676 - @deprecated This query is deprecated, use Potentially overrunning write (`cpp/overrunning-write`) and Potentially overrunning write with float to string conversion (`cpp/overrunning-write-with-float`) instead. Note that cpp/potential-buffer-overflow is deprecated. This query will be updated to the succeeding queries in the next commit. The query is used in this commit to show that we considered and tested the query in history. Cc: Sean Brogan Cc: Michael Kubacki Cc: Michael D Kinney Signed-off-by: Michael Kubacki Reviewed-by: Michael D Kinney --- .github/codeql/edk2.qls | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/codeql/edk2.qls b/.github/codeql/edk2.qls index ef9aae790f5f..dc2d87764e93 100644 --- a/.github/codeql/edk2.qls +++ b/.github/codeql/edk2.qls @@ -8,7 +8,14 @@ =20 # Enable individual queries below. =20 +- include: + id: cpp/conditionallyuninitializedvariable - include: id: cpp/infinite-loop-with-unsatisfiable-exit-condition - include: id: cpp/overflow-buffer +- include: + id: cpp/pointer-overflow-check +- include: + id: cpp/potential-buffer-overflow + --=20 2.28.0.windows.1