From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (NAM11-DM6-obe.outbound.protection.outlook.com [40.92.19.97]) by mx.groups.io with SMTP id smtpd.web09.103.1667949692841369385 for ; Tue, 08 Nov 2022 15:21:33 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@outlook.com header.s=selector1 header.b=RH/kEwCE; spf=pass (domain: outlook.com, ip: 40.92.19.97, mailfrom: spbrogan@outlook.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MepvjtfApF4lYPzd52Kb44lHtqYTbE6zoaOepPoQ3LbAawBBFOHBMbXbvVKquanLJReDSm3eNbvjmcmqOqcCvEoUyStRcfiaJbg1/jkeap++8WVRvSPebuVOP2dWYj/jXeZrwuBEDyAccEchMBChVtc6smtzcu7kdTAg7iMMJWequ0KFnEPz7+nh8jlvz8rmhCl1b3chIP0vOgZ+oSAhFBOGgGnRps6oROQzHQaHBBwKahoGquIEQmVdk2P8uYgvZBY0FbvBk0eoKRLudBaKYjSHPYPlk31KofB9wG2o5XhNRqUByQdMa6VKFKUJ4rwi6AqMRB0BMk228bu0xpkkDw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=h9U2FcVUZViw3DKeCIWrWX9wSxloCwejpg/PX9ncw2A=; b=PDL7svpRDvpyZxvstVIbEh42VuHWoWPnVhKKDsFqCcK/XUTfOlD15XfydC/i1cHZOoaOK9XliKbufGVfFLYADnWE/AGqb/jfb1a3YiGmBuL65qj1SfO4IUYnWGWe3TnA/E+Plbm2msoZ7Kz5CnuKC9ktSpPwgfmC4d2iheP7904dVOGIrMcl3l/gkApx1eS7NirZu9tjLMkojyAD59YD7PBoHrWm8foN6MJLwP0xJgCMGqrkDhhEc3rSXTFHFgdBnSIYP57PlwGbgzAMHK4gzZQ0MeCSNK2zEAPhli4y6gtonE6JcffNRT3t+Dqcalo6vh4odW7hKHFA14UUv25lZQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=h9U2FcVUZViw3DKeCIWrWX9wSxloCwejpg/PX9ncw2A=; b=RH/kEwCEO9Ug8a9x4AQAJSa0Zy8RcW7YBWnoAtVG5rZV9bglRTQiNV/KtsGQceWKjlB9my09i62UhzvDvv8tBdCfInJjgl8lnlUKZBGC9/YrP8rrpp+MNInH30DE6tibM7B6vZ5VWPDOw9hvZu8Snni/uwH66Qrl6pYPL3N/sweRvaLNlifXCVf5kScdNM9k4lWkU76ujpk5Zc7gvgege5bJepcaglbY31htb9P2tZqigNjvFmn19MM7PHraLJEMWmGZ1Ti/F2Z4/NTMHQTeXzZP0ONdylpORWcpBL9L2no1fDbPVbMnGHBguNb9KQT8T0tb8xAsBAuGek1VRqLV0g== Received: from BY3PR19MB4900.namprd19.prod.outlook.com (2603:10b6:a03:354::11) by PH7PR19MB7311.namprd19.prod.outlook.com (2603:10b6:510:277::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5791.22; Tue, 8 Nov 2022 23:21:30 +0000 Received: from BY3PR19MB4900.namprd19.prod.outlook.com ([fe80::bd24:dbff:ccbc:aba]) by BY3PR19MB4900.namprd19.prod.outlook.com ([fe80::bd24:dbff:ccbc:aba%9]) with mapi id 15.20.5791.027; Tue, 8 Nov 2022 23:21:29 +0000 Message-ID: Date: Tue, 8 Nov 2022 15:21:27 -0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.4.1 Subject: Re: [edk2-devel] [PATCH v1 0/2] Enable CodeQL Failures and Add New Queries To: devel@edk2.groups.io, mikuback@linux.microsoft.com Cc: Bob Feng , Liming Gao , Yuwei Chen , Sean Brogan , Michael D Kinney References: <20221108195132.1463-1-mikuback@linux.microsoft.com> From: "Sean" In-Reply-To: <20221108195132.1463-1-mikuback@linux.microsoft.com> X-TMN: [nrm5ifaZPe80Ch/Q4s6W/v9P3E//lBm6] X-ClientProxiedBy: MW4PR03CA0154.namprd03.prod.outlook.com (2603:10b6:303:8d::9) To BY3PR19MB4900.namprd19.prod.outlook.com (2603:10b6:a03:354::11) Return-Path: spbrogan@outlook.com X-Microsoft-Original-Message-ID: MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BY3PR19MB4900:EE_|PH7PR19MB7311:EE_ X-MS-Office365-Filtering-Correlation-Id: a98c6f68-ec3d-4a71-b56e-08dac1dff6f0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: gLW0lHHdLAETbvb743hspeTLZdBNS5gLQiDsdNlx799ui2I/rJIMxvqu/5vIaO+8VwmCZBg4aVMJA8q8iFA517RCZA+YDbqWMeBxIoTgpUa968gpmUiFbRm1Qp3+jud1UgalRScvuhoqITM3B8UkH7R05GlZk3KUOalRSoU4e3MCokBX/kJG1e6ZlEy5jsXfCc82BR2FuSdDWnzTHs3jJHh/ckdhROmbu06x2Tzv2VPRMORXIieonUFD9aot5KtFEnstLYsAEPzKKF7Ja+h9OpLeuzlQeFi7x6aXqfvxckDYI4RVyrCtEBG7S9PR0d61rc7YoFC/xUKJJCmTH2cDFSn6W5aKCyxb9dTc0qsvSPJTzpePYB+ut/Ypr0bjcFYXNoN1NcuJjhPyU9mjRb6+QdRv+eKdkHqLErG2YfGwxqcEdHze4HL1GuBGonXCSMho6J2F2yR7vEyon9GuX7qb5XZrOEHzvDcm9x1UdmiPIuE6/0/mcrfgNhvNCxZyZLTkFDD6HrO/MDd6w78fA+zA66dTLo8hzM9kCYYvujkN347YIEHqqbEhvQYv1cexMrEbm45fUmXZjxUSMt6rrtPjFyHVhFkbtkerJpDOAYlmzKuJkwnvl9oQ03xoNxhbrCBcLz9Glfi0dfKbPK3z8Bq+yc1+6OPryRviOyXMdtBC3jM0Wo1YYyKu/fVjA410OAZ8DtL4OPMKCP/qwBNb14qhUg== X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?U2pmTVR6aGlzZjk5TDVxSnIyS3c0NWJueVZrS3dWWkVPQlQzc2ljb3Q1N3Vo?= =?utf-8?B?Q1BvaUc1eXQyQ1VubzFyMWlJYnBJZm54bUZFOVVLUDVLdUU5RDJpNnNuY2Nj?= =?utf-8?B?ZjV3YkRVdjRzUEx6WW90UXA0MlNqcW03QnpLQnpUZ3BDOStqalNKMlBWY0wr?= =?utf-8?B?c1BZREIzbUpXOVNKZmU0bmRoUm42anQ1RDdLN21xMFhRTllaTitxZksrQTgx?= =?utf-8?B?MWFVaERtbkZIMjc3Nkg2a3RRVnBOSUt4VG1EaUFZbUErV1JGOEtDN3ZUYmlt?= =?utf-8?B?OUQrWkh6WElwNmpORlZ4STNYRW5pY3hSUEhva0tZbFZkVUZsRWIvcmFSYXNY?= =?utf-8?B?ZFNWcFNYWFhSbWp4TVAzbW92cGZLRW5KQXgyZXBsZ3lIUHo1cDl2VlEycHRq?= =?utf-8?B?dkNGNytGWFR1ZmFzdk1xdGFDc0g0ZUVrSVlJQWc4YitOZCtiUlVHeEVHT29V?= =?utf-8?B?V0VwN2FOSHRDT2N1RHo2TFdyRkQyZUN2WWVIUTg1eHhiQ1ZnRzZRNEw4ZWYx?= =?utf-8?B?Ni85bkdtcy9MV3pvVVFZL1VsTC8xU0NZcWtQZ0FZUVNEYTZjLyt6VlRndGRt?= =?utf-8?B?YmZUS0NXakZHMy85OTg5ckd3aUhpV1JHWmpaNDZVQnBNZXU4QzVXVU9TUFhZ?= =?utf-8?B?aFNmNS9tZDgzUDhNNklOSTc0MUN0cVJhdE96OGFYcjVrVjBGdmxMOUNvOHN3?= =?utf-8?B?bU9iK1RiNmQ3YllkalBBNGExMUVEMGNkR3hVa2QvaTVXYjE0SFRSSyttRWIr?= =?utf-8?B?R3p4Z0hmcG5TREU5U1B6Q3ZrMGRKd09ITDAxZTRML01iL20zRWhtdUN2VVIr?= =?utf-8?B?aVpLNXVZRisyT0JpUnhoQ01vMEhMeEtxMGFyMzF6Z25lZkdCNjl1aDhDWFJD?= =?utf-8?B?NXJaQWU1WmFpOXFsMUd5eUhuR0h5NWdPMmpyb3VBT0NTZHUzSXVPVVdJTFFz?= =?utf-8?B?dEF1YmVNT3M4Q1J1NUJoajZoc2FCckROcVl2NldCNlNNV001cGpBVFBtUXV2?= =?utf-8?B?VmNZRTBwNWI0Uk5qbXErT2l5V0gvd0ZuSWg0K2lONS9Gd0JuUlR0NjloZzRw?= =?utf-8?B?NGVHb1U4eis3anY5eS9MTkluY25xUU1aSnNiZjc3THNPYjkwMEZpTFVZNExT?= =?utf-8?B?bi9vQ2FEUVBKRDdPNkJsTVovS0VnTWhZQnB2RnhVWjY0SUczZEZqc3BTRlY2?= =?utf-8?B?R1BhN0xPZ1hUa0lETThFbEFGay9HZEtsUVh5aXYrWGlrUlJvaHhYNmxuVEJx?= =?utf-8?B?VzI3dW9jRzdZY1I5by9lY0pDNmYrQUVLL2djei9ZSXh4bFRuMkdOT3o3NWVi?= =?utf-8?B?eWxSSmNlNi9adnBzcDJiUGU3am9nSDc3YTJtcDdpOW1FZXg4VzVLWlliS2pW?= =?utf-8?B?ekpMZCtDa01JWU41K2ZkQlNtQVcvZ29EY3h2R240Q2FvamFpbTB4NWg1Z2Vs?= =?utf-8?B?VzZSMHowbFFIZTZhTHRNV0taZDJpNnNiTm9Na2lOMThFcjA5Vnlsc2FIOHVi?= =?utf-8?B?RWl5RUZZMVg4bllxU1JXZ2xVdEN3d0ZZS0Y4TStmYUt0VG1DTS9hTklUK1Rs?= =?utf-8?B?bVZmN0JHaTM1TC9sM2dFTU85SFRyajB1aklnM0hoR1IwNndMeVFkZGNjRGZ4?= =?utf-8?B?dFZvbVJRT1d1N1NjczRTV3JXTDJ3SFZMRGZRcHBWcDdDNVgzK0lHRys4Sitl?= =?utf-8?B?aDl2cXYwdkc0UWVpQTlHR0xUY29qRkUyTER6M2VIbkFHdmYyKytUVTFnPT0=?= X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: a98c6f68-ec3d-4a71-b56e-08dac1dff6f0 X-MS-Exchange-CrossTenant-AuthSource: BY3PR19MB4900.namprd19.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Nov 2022 23:21:29.4610 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR19MB7311 Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit For the codeql series Reviewed-by: Sean Brogan On 11/8/2022 11:51 AM, Michael Kubacki wrote: > From: Michael Kubacki > > When CodeQL was enabled, the goal was to enable the flow and not > impact build results. cpp/conditionallyuninitializedvariable was > the first and only query enabled with all CodeQL results filtered > out from affecting CI results. > > This achieved the goal to enable CodeQL for future changes to build > upon but always get CodeQL successful runs in the meantime. > > This patch series: > 1. Swaps out that initial "placeholder" query with two queries that > can be enabled with no code changes. > 2. Enables "error" level CodeQL alerts. > 3. Makes fixes made for a default query > cpp/wrong-type-format-argument in BaseTools. > > The results for (3) can be seen in the following Code Scanning > results that show the PR with these changes fixed the alerts raised > by CodeQL. > > PR: https://github.com/tianocore/edk2/pull/3617 > > Code Scanning results (access may be required): > https://github.com/tianocore/edk2/security/code-scanning?query=pr%3A3617+tool%3ACodeQL+is%3Aclosed > > Cc: Bob Feng > Cc: Liming Gao > Cc: Yuwei Chen > Cc: Sean Brogan > Cc: Michael D Kinney > Signed-off-by: Michael Kubacki > > Michael Kubacki (2): > BaseTools: Fix wrong type of arguments to formatting functions > edk2.qls: Allow error severity results and add new queries > > BaseTools/Source/C/EfiRom/EfiRom.c | 2 +- > BaseTools/Source/C/GenFv/GenFvInternalLib.c | 2 +- > BaseTools/Source/C/GenFw/Elf32Convert.c | 2 +- > BaseTools/Source/C/GenFw/Elf64Convert.c | 6 +++--- > BaseTools/Source/C/GenSec/GenSec.c | 4 ++-- > .github/codeql/codeql-config.yml | 1 - > .github/codeql/edk2.qls | 4 +++- > 7 files changed, 11 insertions(+), 10 deletions(-) >