[edk2-devel] [PATCH v4 7/8] BaseTools/Plugin/CodeQL: Enable 30 queries

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: "Michael Kubacki" <mikuback@linux.microsoft.com>
To: devel@edk2.groups.io
Cc: Bob Feng <bob.c.feng@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Michael D Kinney <michael.d.kinney@intel.com>,
	Rebecca Cran <rebecca@bsdio.com>,
	Sean Brogan <sean.brogan@microsoft.com>,
	Yuwei Chen <yuwei.chen@intel.com>
Subject: [edk2-devel] [PATCH v4 7/8] BaseTools/Plugin/CodeQL: Enable 30 queries
Date: Thu,  2 Nov 2023 16:03:11 -0400	[thread overview]
Message-ID: <20231102200313.1010-8-mikuback@linux.microsoft.com> (raw)
In-Reply-To: <20231102200313.1010-1-mikuback@linux.microsoft.com>

From: Michael Kubacki <michael.kubacki@microsoft.com>

Updates the CodeQL queries opted into by edk2 to a set of queries from
the standard CodeQL query package `codeql/cpp-queries`.

After testing a large number of queries the included set here were
found to be the most useful with the least number of false positives.
Some queries had a number of issues that led to them being placed on
the exclusion list so that they are not considered in the future
without the notes there being taken into account.

General details about queries available in the pack are available here:
https://codeql.github.com/codeql-query-help/cpp/

The issues found by these queries will need to be fixed over time. In
the meantime, the results will show to those that have permission in
the repo's GitHub Code Scanning area. The build will not fail due to
CodeQL issues (since they are not all fixed) but that can be enabled in
the future.

Cc: Bob Feng <bob.c.feng@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Rebecca Cran <rebecca@bsdio.com>
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Yuwei Chen <yuwei.chen@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Acked-by: Michael D Kinney <michael.d.kinney@intel.com>
---
 BaseTools/Plugin/CodeQL/CodeQlQueries.qls | 57 +++++++++++++++++---
 1 file changed, 50 insertions(+), 7 deletions(-)

diff --git a/BaseTools/Plugin/CodeQL/CodeQlQueries.qls b/BaseTools/Plugin/CodeQL/CodeQlQueries.qls
index 3f97bcd583d5..1a5098322193 100644
--- a/BaseTools/Plugin/CodeQL/CodeQlQueries.qls
+++ b/BaseTools/Plugin/CodeQL/CodeQlQueries.qls
@@ -8,28 +8,71 @@
 # Queries
 ##########################################################################################
 
-## Enable When Time is Available to Fix Issues
-# Hundreds of issues. Most appear valid. Type: Recommendation.
-#- include:
-#    id: cpp/missing-null-test
-
 ## Errors
 - include:
-    id: cpp/overrunning-write
+    id: cpp/badoverflowguard
 - include:
-    id: cpp/overrunning-write-with-float
+    id: cpp/infiniteloop
+- include:
+    id: cpp/likely-bugs/memory-management/v2/conditionally-uninitialized-variable
+- include:
+    id: cpp/missing-null-test
+- include:
+    id: cpp/missing-return
+- include:
+    id: cpp/no-space-for-terminator
 - include:
     id: cpp/pointer-overflow-check
+- include:
+    id: cpp/redundant-null-check-simple
+- include:
+    id: cpp/sizeof/const-int-argument
+- include:
+    id: cpp/sizeof/sizeof-or-operation-as-argument
+- include:
+    id: cpp/unguardednullreturndereferenc
 - include:
     id: cpp/very-likely-overrunning-write
 
 ## Warnings
+- include:
+    id: cpp/comparison-with-wider-type
 - include:
     id: cpp/conditionallyuninitializedvariable
+- include:
+    id: cpp/comparison-precedence
+- include:
+    id: cpp/implicit-bitfield-downcast
 - include:
     id: cpp/infinite-loop-with-unsatisfiable-exit-condition
+- include:
+    id: cpp/offset-use-before-range-check
 - include:
     id: cpp/overflow-buffer
+- include:
+    id: cpp/overflow-calculated
+- include:
+    id: cpp/overflow-destination
+- include:
+    id: cpp/paddingbyteinformationdisclosure
+- include:
+    id: cpp/return-stack-allocated-memory
+- include:
+    id: cpp/static-buffer-overflow
+- include:
+    id: cpp/unsigned-comparison-zero
+- include:
+    id: cpp/uselesstest
+
+## Recommendations
+- include:
+    id: cpp/missing-header-guard
+- include:
+    id: cpp/unused-local-variable
+- include:
+    id: cpp/unused-static-function
+- include:
+    id: cpp/unused-static-variable
 
 # Note: Some queries above are not active by default with the below filter.
 #       Update the filter and run the queries again to get all results.
-- 
2.42.0.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#110572): https://edk2.groups.io/g/devel/message/110572
Mute This Topic: https://groups.io/mt/102350798/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

next prev parent reply	other threads:[~2023-11-02 20:03 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-11-02 20:03 [edk2-devel] [PATCH v4 0/8] Use CodeQL CLI Michael Kubacki
2023-11-02 20:03 ` [edk2-devel] [PATCH v4 1/8] Remove existing CodeQL infrastructure Michael Kubacki
2023-11-02 20:03 ` [edk2-devel] [PATCH v4 2/8] BaseTools/Plugin/CodeQL: Add CodeQL build plugin Michael Kubacki
2023-11-02 20:03 ` [edk2-devel] [PATCH v4 3/8] BaseTools/Plugin/CodeQL: Add integration helpers Michael Kubacki
2023-11-02 20:03 ` [edk2-devel] [PATCH v4 4/8] .pytool/CISettings.py: Integrate CodeQL Michael Kubacki
2023-11-02 20:03 ` [edk2-devel] [PATCH v4 5/8] .github/workflows/codeql.yml: Add CodeQL workflow Michael Kubacki
2023-11-02 20:03 ` [edk2-devel] [PATCH v4 6/8] .pytool/CISettings: Enable CodeQL audit mode Michael Kubacki
2023-11-07  0:57   ` Sean
2023-11-02 20:03 ` Michael Kubacki [this message]
2023-11-07  0:55   ` [edk2-devel] [PATCH v4 7/8] BaseTools/Plugin/CodeQL: Enable 30 queries Sean
2023-11-02 20:03 ` [edk2-devel] [PATCH v4 8/8] ReadMe.rst: Add CodeQL/analyze directory under other licenses Michael Kubacki
2023-11-03 13:06   ` Laszlo Ersek
2023-11-03 14:16     ` Michael Kubacki
2023-11-03 14:46       ` Laszlo Ersek
2023-11-03 14:48         ` Laszlo Ersek
2023-11-03 15:19         ` Michael Kubacki
2023-11-07  1:00 ` [edk2-devel] [PATCH v4 0/8] Use CodeQL CLI Sean

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:3f97bcd583d dfblob:1a509832219 )
 OR (
bs:"[edk2-devel] [PATCH v4 7/8] BaseTools/Plugin/CodeQL: Enable 30 queries" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20231102200313.1010-8-mikuback@linux.microsoft.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox