Re: [edk2-devel] [PATCH v4 7/8] BaseTools/Plugin/CodeQL: Enable 30 queries

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: "Sean" <spbrogan@outlook.com>
To: devel@edk2.groups.io, mikuback@linux.microsoft.com
Cc: Bob Feng <bob.c.feng@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Michael D Kinney <michael.d.kinney@intel.com>,
	Rebecca Cran <rebecca@bsdio.com>,
	Sean Brogan <sean.brogan@microsoft.com>,
	Yuwei Chen <yuwei.chen@intel.com>
Subject: Re: [edk2-devel] [PATCH v4 7/8] BaseTools/Plugin/CodeQL: Enable 30 queries
Date: Mon, 6 Nov 2023 16:55:28 -0800	[thread overview]
Message-ID: <SA1PR19MB49112E1208E0FC0A69815AAAC8A9A@SA1PR19MB4911.namprd19.prod.outlook.com> (raw)
In-Reply-To: <20231102200313.1010-8-mikuback@linux.microsoft.com>

Reviewed-by: Sean Brogan <sean.brogan@microsoft.com>

On 11/2/2023 1:03 PM, Michael Kubacki wrote:
> From: Michael Kubacki <michael.kubacki@microsoft.com>
>
> Updates the CodeQL queries opted into by edk2 to a set of queries from
> the standard CodeQL query package `codeql/cpp-queries`.
>
> After testing a large number of queries the included set here were
> found to be the most useful with the least number of false positives.
> Some queries had a number of issues that led to them being placed on
> the exclusion list so that they are not considered in the future
> without the notes there being taken into account.
>
> General details about queries available in the pack are available here:
> https://codeql.github.com/codeql-query-help/cpp/
>
> The issues found by these queries will need to be fixed over time. In
> the meantime, the results will show to those that have permission in
> the repo's GitHub Code Scanning area. The build will not fail due to
> CodeQL issues (since they are not all fixed) but that can be enabled in
> the future.
>
> Cc: Bob Feng <bob.c.feng@intel.com>
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Rebecca Cran <rebecca@bsdio.com>
> Cc: Sean Brogan <sean.brogan@microsoft.com>
> Cc: Yuwei Chen <yuwei.chen@intel.com>
> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
> Acked-by: Michael D Kinney <michael.d.kinney@intel.com>
> ---
>   BaseTools/Plugin/CodeQL/CodeQlQueries.qls | 57 +++++++++++++++++---
>   1 file changed, 50 insertions(+), 7 deletions(-)
>
> diff --git a/BaseTools/Plugin/CodeQL/CodeQlQueries.qls b/BaseTools/Plugin/CodeQL/CodeQlQueries.qls
> index 3f97bcd583d5..1a5098322193 100644
> --- a/BaseTools/Plugin/CodeQL/CodeQlQueries.qls
> +++ b/BaseTools/Plugin/CodeQL/CodeQlQueries.qls
> @@ -8,28 +8,71 @@
>   # Queries
>   ##########################################################################################
>   
> -## Enable When Time is Available to Fix Issues
> -# Hundreds of issues. Most appear valid. Type: Recommendation.
> -#- include:
> -#    id: cpp/missing-null-test
> -
>   ## Errors
>   - include:
> -    id: cpp/overrunning-write
> +    id: cpp/badoverflowguard
>   - include:
> -    id: cpp/overrunning-write-with-float
> +    id: cpp/infiniteloop
> +- include:
> +    id: cpp/likely-bugs/memory-management/v2/conditionally-uninitialized-variable
> +- include:
> +    id: cpp/missing-null-test
> +- include:
> +    id: cpp/missing-return
> +- include:
> +    id: cpp/no-space-for-terminator
>   - include:
>       id: cpp/pointer-overflow-check
> +- include:
> +    id: cpp/redundant-null-check-simple
> +- include:
> +    id: cpp/sizeof/const-int-argument
> +- include:
> +    id: cpp/sizeof/sizeof-or-operation-as-argument
> +- include:
> +    id: cpp/unguardednullreturndereferenc
>   - include:
>       id: cpp/very-likely-overrunning-write
>   
>   ## Warnings
> +- include:
> +    id: cpp/comparison-with-wider-type
>   - include:
>       id: cpp/conditionallyuninitializedvariable
> +- include:
> +    id: cpp/comparison-precedence
> +- include:
> +    id: cpp/implicit-bitfield-downcast
>   - include:
>       id: cpp/infinite-loop-with-unsatisfiable-exit-condition
> +- include:
> +    id: cpp/offset-use-before-range-check
>   - include:
>       id: cpp/overflow-buffer
> +- include:
> +    id: cpp/overflow-calculated
> +- include:
> +    id: cpp/overflow-destination
> +- include:
> +    id: cpp/paddingbyteinformationdisclosure
> +- include:
> +    id: cpp/return-stack-allocated-memory
> +- include:
> +    id: cpp/static-buffer-overflow
> +- include:
> +    id: cpp/unsigned-comparison-zero
> +- include:
> +    id: cpp/uselesstest
> +
> +## Recommendations
> +- include:
> +    id: cpp/missing-header-guard
> +- include:
> +    id: cpp/unused-local-variable
> +- include:
> +    id: cpp/unused-static-function
> +- include:
> +    id: cpp/unused-static-variable
>   
>   # Note: Some queries above are not active by default with the below filter.
>   #       Update the filter and run the queries again to get all results.


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#110774): https://edk2.groups.io/g/devel/message/110774
Mute This Topic: https://groups.io/mt/102350798/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

next prev parent reply	other threads:[~2023-11-07  0:55 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-11-02 20:03 [edk2-devel] [PATCH v4 0/8] Use CodeQL CLI Michael Kubacki
2023-11-02 20:03 ` [edk2-devel] [PATCH v4 1/8] Remove existing CodeQL infrastructure Michael Kubacki
2023-11-02 20:03 ` [edk2-devel] [PATCH v4 2/8] BaseTools/Plugin/CodeQL: Add CodeQL build plugin Michael Kubacki
2023-11-02 20:03 ` [edk2-devel] [PATCH v4 3/8] BaseTools/Plugin/CodeQL: Add integration helpers Michael Kubacki
2023-11-02 20:03 ` [edk2-devel] [PATCH v4 4/8] .pytool/CISettings.py: Integrate CodeQL Michael Kubacki
2023-11-02 20:03 ` [edk2-devel] [PATCH v4 5/8] .github/workflows/codeql.yml: Add CodeQL workflow Michael Kubacki
2023-11-02 20:03 ` [edk2-devel] [PATCH v4 6/8] .pytool/CISettings: Enable CodeQL audit mode Michael Kubacki
2023-11-07  0:57   ` Sean
2023-11-02 20:03 ` [edk2-devel] [PATCH v4 7/8] BaseTools/Plugin/CodeQL: Enable 30 queries Michael Kubacki
2023-11-07  0:55   ` Sean [this message]
2023-11-02 20:03 ` [edk2-devel] [PATCH v4 8/8] ReadMe.rst: Add CodeQL/analyze directory under other licenses Michael Kubacki
2023-11-03 13:06   ` Laszlo Ersek
2023-11-03 14:16     ` Michael Kubacki
2023-11-03 14:46       ` Laszlo Ersek
2023-11-03 14:48         ` Laszlo Ersek
2023-11-03 15:19         ` Michael Kubacki
2023-11-07  1:00 ` [edk2-devel] [PATCH v4 0/8] Use CodeQL CLI Sean

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=SA1PR19MB49112E1208E0FC0A69815AAAC8A9A@SA1PR19MB4911.namprd19.prod.outlook.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox