From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mout.perfora.net (mout.perfora.net [74.208.4.194]) by mx.groups.io with SMTP id smtpd.web10.5003.1680029523670746465 for ; Tue, 28 Mar 2023 11:52:03 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=none, err=permanent DNS error (domain: smith-denny.com, ip: 74.208.4.194, mailfrom: osd@smith-denny.com) Received: from [10.137.194.171] ([131.107.8.107]) by mrelay.perfora.net (mreueus003 [74.208.5.2]) with ESMTPSA (Nemesis) id 0MSthj-1pqsvB1Onl-00Ru1r; Tue, 28 Mar 2023 20:51:48 +0200 Message-ID: <575d7034-291c-c43d-ca2b-3d6a0364b60b@smith-denny.com> Date: Tue, 28 Mar 2023 11:51:42 -0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.8.0 Subject: Re: [edk2-devel] [PATCH v7 00/12] Enable New CodeQL Queries To: devel@edk2.groups.io, mikuback@linux.microsoft.com Cc: Bob Feng , Dandan Bi , Eric Dong , Erich McMillan , Guomin Jiang , Jian J Wang , Jiaxin Wu , Jiewen Yao , Liming Gao , Maciej Rabeda , Michael Brown , Michael D Kinney , Rahul Kumar , Ray Ni , Sean Brogan , Siyuan Fu , Star Zeng , Xiaoyu Lu , Yuwei Chen , Zhichao Gao , Zhiguang Liu References: <20230324223034.1560-1-mikuback@linux.microsoft.com> From: "Oliver Smith-Denny" In-Reply-To: <20230324223034.1560-1-mikuback@linux.microsoft.com> X-Provags-ID: V03:K1:vsrsaLozeD9NitGQHeVWJPt22JO/vDolY9E8tJVJt5PSPVxGMk8 FIBjy5j/UxgsOnuLrzahnSA8AdvkSH7aLECJ1BusNDXX8J2SgHlACii5efdTgt19yIOcxy0 SyTTn5WayPuICooJpJCjZPo7sS7yrJzprHY0xhxB7ODjqo7qAztfZi9nrke4aOIONJsMQGR U+ADbbpVJ7JjHu8r2BscA== X-Spam-Flag: NO UI-OutboundReport: notjunk:1;M01:P0:xmN9b5dy9lY=;ssi7JE4Qhfqfp48xb5qPueOCgQG LuxHW26JF4GRI1u4RBICZHUajeEC+r8Ko6iSyzxciDpEcbhisEs3hvyk31F7B5H8GeyoRJ7A7 UouszltjFYambiMuQSP0eSMmG0E3EHg1sPAszylFG2Z2xDz4uH3TvyXmTqQ7dhWH/Wr/9H7hg lJ/HBjDRH3YpIeMAq6gEa0DzSlw2LstHkqAqxjpnt2ciyWVAIHIE3aLRSunN1EZYaatTZJy25 eLTxx9/ZEAlxDDKzISuCw9KoxyTUYWJuIMQZ3H2sxS69dQ0rxfDecBE+vIywXRkJEDQ6nD9Fk Oa56PWs/bWmY0S9ULoGyFTf0SP6V1Kyf3MOCwnrfI0S5Z6DhoJ8RPmJ3sDI/QvaFSpi9JjaiW B2gPI9PPohRufFEg1gOOVVfqGITTLuYQDAFW9mk9ObqTmC6gLXgGume7Cm3Wkc5xHs5K2gKaE DAR2CqeTxlAED+5BKpz/vn5jA0u1sdCcnGsG8pae8eiiUcMWg4nHtQy7S5owmzisXS/aMBeIY XeUUInkf+Ybvv+TOCxyqr5kI+UPm5ijXIz+9inQTwoW+Y5lO++iUc03M/SzSPNXF/kpC9T73M 93LHY730jPGpLUsWmyuY5PEW7Yfn0lLn7XSvHJlCW0cpbxw7YcbSMWxGjiYhCZPlJMH7PCASC AdYuSf8ZlMioKm2F5jMwch0lAuKc3bUPA/CrcyxVgw== Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit With comments and for the patchset: Reviewed-by: Oliver Smith-Denny Thanks! On 3/24/2023 3:30 PM, Michael Kubacki wrote: > From: Michael Kubacki > > Adds queries for the following: > > 1. cpp/conditionallyuninitializedvariable > 2. cpp/pointer-overflow-check > 3. cpp/overrunning-write > 4. cpp/overrunning-write-with-float > 5. cpp/very-likely-overrunning-write > > These check for vulnerabilities with the following CWEs: > > - https://cwe.mitre.org/data/definitions/120.html > - https://cwe.mitre.org/data/definitions/457.html > - https://cwe.mitre.org/data/definitions/676.html > - https://cwe.mitre.org/data/definitions/758.html > - https://cwe.mitre.org/data/definitions/787.html > - https://cwe.mitre.org/data/definitions/805.html > > The first part of this patch series contains fixes for CodeQL alerts > across various packages that are produced by the new queries being > enabled. > > The second part updates the CodeQL queries. > > Note: The changes are currently in the following pull request > https://github.com/tianocore/edk2/pull/4133 > > v7 series changes: > > 1. Added R-b tag to UefiCpuPkg patch > 2. Merged Rebecca's patch https://edk2.groups.io/g/devel/message/101819 > into [PATCH v7 02/12] > > v6 series changes: > > 1. Also change "1u" to "1" in: > - UefiCpuPkg/CpuMpPei/CpuPaging.c > - UefiCpuPkg/CpuMpPei/CpuMpPei.c > > v5 series changes: > > 1. Changed "1u" to "1" in UefiCpuPkg/CpuMpPei/CpuBist.c > 2. Added Rb tags from v4 series > > v4 series changes: > > 1. Simplify conditional logic in Patch 1 per Michael Brown's > suggestion. > > v3 series changes: > > 1. Rebased series onto 93a21b4 (current edk2/master) > > 2. Added v2 Rb tags > > V2 series changes: > > 1. MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c > - Applied SafeUintnAdd() to both variables in the comparison > in ParseAndAddExistingSmbiosTable() > > Addresses feedback from: Mike Kinney > > 2. CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c > - Changes: > > if (!(Inf & 0x80) && (Asn1Tag != V_ASN1_SEQUENCE)) { > > To: > > if (((Inf & 0x80) == 0x00) && (Asn1Tag != V_ASN1_SEQUENCE)) { > > Addresses feedback from: Mike Kinney > > 3. MdePkg/Library/BaseLib/String.c > - Removes: #include > - Changes conditional style in changes to if statement from > ternary for changes made throughout the file > - Updates commit message to describe change in return value > > Addresses feedback from: Mike Kinney > > 4. NetworkPkg/Library/DxeHttpLib/DxeHttpLib.c > - Changes: > > if (!EFI_ERROR (Status) && (Data > HTTP_URI_PORT_MAX_NUM)) { > Status = EFI_INVALID_PARAMETER; > goto ON_EXIT; > } > > To: > > if (EFI_ERROR (Status) || (Data > HTTP_URI_PORT_MAX_NUM)) { > Status = EFI_INVALID_PARAMETER; > goto ON_EXIT; > } > > Addresses feedback from: Mike Kinney > > 5. ShellPkg/Application/Shell/Shell.c > - Initializes CalleeStatus to EFI_SUCCESS in DoStartupScript() > - Restores original if statement logic in DoStartupScript() > > Addresses feedback from: Zhichao Gao > > 6. ShellPkg/Application/Shell/ShellProtocol.c > - Adds additional check for return value from > PARSE_HANDLE_DATABASE_UEFI_DRIVERS() in EfiShellGetDeviceName() > > Addresses feedback from: Zhichao Gao > > 7. Includes up-to-date R-b tags > > --- > > Cc: Bob Feng > Cc: Dandan Bi > Cc: Eric Dong > Cc: Erich McMillan > Cc: Guomin Jiang > Cc: Jian J Wang > Cc: Jiaxin Wu > Cc: Jiewen Yao > Cc: Liming Gao > Cc: Maciej Rabeda > Cc: Michael Brown > Cc: Michael D Kinney > Cc: Michael Kubacki > Cc: Rahul Kumar > Cc: Ray Ni > Cc: Sean Brogan > Cc: Siyuan Fu > Cc: Star Zeng > Cc: Xiaoyu Lu > Cc: Yuwei Chen > Cc: Zhichao Gao > Cc: Zhiguang Liu > Signed-off-by: Michael Kubacki > > Erich McMillan (1): > MdeModulePkg/SmbiosDxe: Fix pointer and buffer overflow CodeQL alerts > > Michael Kubacki (11): > BaseTools/PatchCheck.py: Add PCCTS to tab exemption list > BaseTools/VfrCompile: Fix potential buffer overwrites > CryptoPkg: Fix conditionally uninitialized variable > MdeModulePkg: Fix conditionally uninitialized variables > MdePkg: Fix conditionally uninitialized variables > NetworkPkg: Fix conditionally uninitialized variables > PcAtChipsetPkg: Fix conditionally uninitialized variables > ShellPkg: Fix conditionally uninitialized variables > UefiCpuPkg: Fix conditionally uninitialized variables > .github/codeql/edk2.qls: Enable CWE 457, 676, and 758 queries > .github/codeql/edk2.qls: Enable CWE 120, 787, and 805 queries > > BaseTools/Source/C/VfrCompile/Pccts/antlr/gen.c | 10 ++-- > BaseTools/Source/C/VfrCompile/Pccts/antlr/main.c | 4 +- > CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c | 21 ++++--- > MdeModulePkg/Bus/Pci/PciBusDxe/PciIo.c | 5 +- > MdeModulePkg/Bus/Pci/UhciDxe/Uhci.c | 24 +++++--- > MdeModulePkg/Core/Dxe/Mem/Page.c | 17 +++--- > MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootOption.c | 25 ++++---- > MdeModulePkg/Library/FileExplorerLib/FileExplorer.c | 5 +- > MdeModulePkg/Universal/BdsDxe/BdsEntry.c | 33 ++++++----- > MdeModulePkg/Universal/DisplayEngineDxe/ProcessOptions.c | 11 ++-- > MdeModulePkg/Universal/HiiDatabaseDxe/Font.c | 14 +++-- > MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c | 8 +-- > MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c | 2 +- > MdePkg/Library/BaseLib/String.c | 40 ++++++++++--- > NetworkPkg/Library/DxeHttpLib/DxeHttpLib.c | 2 +- > NetworkPkg/TcpDxe/TcpInput.c | 3 + > PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcRtc.c | 9 ++- > ShellPkg/Application/Shell/Shell.c | 1 + > ShellPkg/Application/Shell/ShellProtocol.c | 60 ++++++++++---------- > ShellPkg/Library/UefiShellCommandLib/UefiShellCommandLib.c | 56 +++++++++--------- > ShellPkg/Library/UefiShellDebug1CommandsLib/Dblk.c | 18 +++--- > ShellPkg/Library/UefiShellDebug1CommandsLib/EfiDecompress.c | 9 ++- > ShellPkg/Library/UefiShellDriver1CommandsLib/Connect.c | 14 +++-- > ShellPkg/Library/UefiShellDriver1CommandsLib/Disconnect.c | 17 ++++-- > ShellPkg/Library/UefiShellDriver1CommandsLib/DrvDiag.c | 21 +++---- > UefiCpuPkg/CpuMpPei/CpuBist.c | 8 ++- > UefiCpuPkg/CpuMpPei/CpuMpPei.c | 8 ++- > UefiCpuPkg/CpuMpPei/CpuPaging.c | 9 ++- > .github/codeql/edk2.qls | 10 ++++ > BaseTools/Scripts/PatchCheck.py | 5 +- > 30 files changed, 286 insertions(+), 183 deletions(-) >