From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 1077F94066F for ; Tue, 7 Nov 2023 00:55:34 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=stkYFEefyAcGl1Fs+F+YZHQsOHeZ9AiaLEyn0iMG8kc=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:Message-ID:Date:User-Agent:Subject:To:Cc:References:From:In-Reply-To:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20140610; t=1699318533; v=1; b=uBjTjN5Z9f6f1uA17ae1JzxR3FMI+QR7elXuFMPycYWgz+IrueXd/noqcJCi+CCAeVBXvop/ dda7Gxc6yIIdaMvEBUlwnZu7dTgRer44wc/sNO2YLtUL7ZOgdHEI8orE63GLWmn+pfLef1ZcF2l 8QAfKcSwqt7dlw25MAZ1UMLM= X-Received: by 127.0.0.2 with SMTP id SIBIYY7687511xF6w7te6sDQ; Mon, 06 Nov 2023 16:55:33 -0800 X-Received: from NAM02-BN1-obe.outbound.protection.outlook.com (NAM02-BN1-obe.outbound.protection.outlook.com [40.92.15.81]) by mx.groups.io with SMTP id smtpd.web11.73.1699318532838355758 for ; Mon, 06 Nov 2023 16:55:33 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hPZ55zJE7dVn4nHc5K8AYZ9kgbsxy3+/q1cfbBaAe+jEwgVBHUV1TZUUS1ZXeTbM0ggZ+sw/C5IQfc3k+KmFKtsJHI2iyZNIddILVh6M0AF8Z+aUVeXH5o8U+vAX9J2VzRb0RE8qtdxgMA6sTHIWOYDDUIsL1gZoUq8dk5P6k7utNTmIkw83Y9vXnNcCVUe7oalLo1qs7hQkauVtfoIF1ZoQiU+g0aW10PzdqfrPXdXIyN/LzfQHlforq2+em3wzFuK4LJ8W6jHln/eoGZq3QaGBfNw8t5coxHCm5FS4PVmDmrivUL62BaKV9mpFiv0wJvlWE6CSmIYSPXc6ZbGOQA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=9q/mcsz/+UEC2Roacdsi/nFtySQ0D/NUtO8DspwY5mQ=; b=U/YKqImN5+XjwfibVNInrIVyyLmUIZee3Sul0dt+SZ863GyN6CMYtALCUXnPfzpjGIqIxaIOHoU9NV9zVHlx4nfILfwDMrmqLHBf40hyBJ+LLj7yQ0zi2ECV2cizpmsAcF6T6TlprqH1K1a+gSeOyCaX8HUq+FrqJ3g7lwwrApyWm82BCze8M7LKN+I8WgVAExX0P+FTEhUARoU9ek6e7pz3oRuhCbeCUegj9iHY6Ut92HxQXMf7BnmA3yTi+BpOwLsAZkZNb4vCwILaxk9TGlhJyRUJ+X3cwsUjpLPl12pUO6kv0r1wRfIOb/S9pa0tqGObD4acY9YG5DMsRQUt9w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none X-Received: from SA1PR19MB4911.namprd19.prod.outlook.com (2603:10b6:806:185::10) by MW4PR19MB7031.namprd19.prod.outlook.com (2603:10b6:303:228::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6954.28; Tue, 7 Nov 2023 00:55:30 +0000 X-Received: from SA1PR19MB4911.namprd19.prod.outlook.com ([fe80::d81b:3482:f2d3:813c]) by SA1PR19MB4911.namprd19.prod.outlook.com ([fe80::d81b:3482:f2d3:813c%5]) with mapi id 15.20.6954.029; Tue, 7 Nov 2023 00:55:30 +0000 Message-ID: Date: Mon, 6 Nov 2023 16:55:28 -0800 User-Agent: Mozilla Thunderbird Subject: Re: [edk2-devel] [PATCH v4 7/8] BaseTools/Plugin/CodeQL: Enable 30 queries To: devel@edk2.groups.io, mikuback@linux.microsoft.com Cc: Bob Feng , Liming Gao , Michael D Kinney , Rebecca Cran , Sean Brogan , Yuwei Chen References: <20231102200313.1010-1-mikuback@linux.microsoft.com> <20231102200313.1010-8-mikuback@linux.microsoft.com> From: "Sean" In-Reply-To: <20231102200313.1010-8-mikuback@linux.microsoft.com> X-TMN: [GNWR/rt87Ev25O0+O7HFIDos9ytwasG0uvDw55iS4jVqNt9YYFU5fnc7+D7QG75u] X-ClientProxiedBy: MWH0EPF00056D0B.namprd21.prod.outlook.com (2603:10b6:30f:fff2:0:1:0:b) To SA1PR19MB4911.namprd19.prod.outlook.com (2603:10b6:806:185::10) X-Microsoft-Original-Message-ID: MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SA1PR19MB4911:EE_|MW4PR19MB7031:EE_ X-MS-Office365-Filtering-Correlation-Id: b9731ceb-3129-4ab7-8871-08dbdf2c3cab X-Microsoft-Antispam-Message-Info: TwJEnqCe5x7QlsER8qr+Tz/c0vUeXF9gFO0Ehqr52tAzgJC+b5pYVblpuDwEw/wLBB6VDp2fGBRdZ5MWip21z5k/gTeub+VRmaa9Nb7SPB6JgMURZKlw213kuDqMj0BZbRiGIuaqEKyv6kyi/7nasB+SnlSK6gqCqhMFymxMiLc8+WjaQIRUPjt7WZ3rf2OTq7dLCEcQlfH4o9LUTbNhj86c3Y5NzWT9OTnI1wKIYDQ/NnLVz6aqDhoXcmwr+gDgfE7Vla3TaYtInRappC+LsPTjsNVcIbw8G7oXEPbXjf7lHCSePTylhVokDoRuic0XUstiKXy/+MKYdQSK9p/Dh414//aFCOqOcbFoTREXCvOTlWCbz8W4nKCrQ7lE7+0dXHXALEh/OgQ7eChi1SN18TdMvKnAFnysO7CtabTXAs7lVXbKBGQfYD4h8hvsiAlsr3vftp2j201qTvBUCRoTZscbz4r3twFzaoHy0gGCFiHhhfZKUulaXFnJd7SHyyWpFrXkEsQK6v5z1NadXCvBsOGKOc4VTzn7DMxSqOtrU3wUGDOSlM1VHIznFV8Eh5RZH3TXNNma7Uo7XEVAHm2qeSRjwA/vPEexK+jIkhP4zVk= X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?Zkk4V1hTVy81ZE02SXdlNXBNUXRrMTExTk8ySmVRV2dzSU5ydzQrb0hqWTNR?= =?utf-8?B?b1pyQ0plUGYvZ24yM2loemlaVFpXWjc2UFptcXZEQit4L0dKcnRxNm5obGZs?= =?utf-8?B?K3J6NTg0QjkzcUdxM3ozNUVZMG10Y1VWTkJEUmJlRTl4a0VPSGJ5ZW9CMjl2?= =?utf-8?B?cURlaFpIS1dPTSticFhKMzQ2d1F0MXdWQnBqWWhsVEJxSk1xTzFiQVZneW5Y?= =?utf-8?B?cnY4MzN0ZVd0d1BzbVpYUGczcHllWm9aa0cvSHpIMWJhK0dwaHBJU1E2VGNM?= =?utf-8?B?d1BJb204OVJVZDhsdXpFZW9leGF3YXRTaVUzcUlHZUttUytSeFdsbUplZWs4?= =?utf-8?B?NU9XWGN6ak5vNG1aY1JVa0lkT2hPZk9aM0RyWnJOTSs0RzhWdVlnemZiMmdj?= =?utf-8?B?L3ZmMlNCWXVLclJzVGpQZDg0UlhtOFZ0N2MrSDVSVURBTHdGUHJqSFlHckNo?= =?utf-8?B?MTdjRzd2TFRINHRQWGVlTEl3T3Q4ektmQlgxbVdjYUVDRjVieVZtelU5VG96?= =?utf-8?B?QlZqRXNpTFl3YUFMQWZjWnFjeTdDazBMb056S2hZVEhZM3daOWdsbjJGMlQw?= =?utf-8?B?aHdpMlEreWtjLzI0bzE3ZHpWWFhGbW5mVktEcXp5dEN2eVZQdkxwQk1iS0d2?= =?utf-8?B?dm9yU3gvR0pLaFh0L0wxRXU3SHRadVNWL2hXcUdGelBqWGFKaTNrMkxWNnM4?= =?utf-8?B?eVMreGRnWUw1U0dicGZOR1kweVlkNnFRdjNRcFpnemNMK3F2Rnd4OFVndUdC?= =?utf-8?B?VkNDdHVMMUxBaDAxLzA2Nm4wTi9qdVdNQkJBUlpobDhURDd3eTZQQUt1Rks5?= =?utf-8?B?OWZVVDRxT1dFd0ZuYmVKaWFqekViRWlJN215N3lSVW5rYTFHenRpRC9mQ1Yv?= =?utf-8?B?R2NBZy9YZWp6U002eXJGRng4WVVVY2R6QS9mRUQ1bFZkWEI2aTRwdXMvM3ZI?= =?utf-8?B?T3Q4dG8vRXE4ek4xUmg4ZEdubHVqajJNNjdBTlFsYjhYVlNJVTdUM2hsVW5P?= =?utf-8?B?V2VmbkJ0N0kyakxUUldOVUJrUjRiUEFYM2p5NHI0ZGlxTEZ1NEY2cnF3NHY0?= =?utf-8?B?V1dOeER3VnF1Z0FnWFNyTW1WeGJYeCs4NDlxVjQrMzJtcFlsYkM3M00rMVNB?= =?utf-8?B?dTFhNlpYYXZDZUpCQjhmbnpwSWZVSXNiS0F0d2RFcDd4TjNlM1dENkNuQmxX?= =?utf-8?B?REsyVHB6L2FNNFR3VnpXK2hNbDBRTmpwS3AvS1FZcUtrdG1qdHkyL1NuZExV?= =?utf-8?B?R1N4bDBnNnllNktMZmRDS2paZW5jd0RyalJnQVl1b1F3cE0rRUJzWVM5UzZl?= =?utf-8?B?QzNKNDZzeVlrR2xvU3llMk0xU0pCTGNEdUltWDM5cmlhT0tQUkZoeTJYbVEx?= =?utf-8?B?VUdMMnlzYUtyTXBsK2h2cG5tRWk3U1B3L3ZTaks5M0w3QXh0eXBvVU4wQnA1?= =?utf-8?B?ZTNjalc5SWZDVERNaTNxUTJ5LzRkK21ubXpQblZUT1YxRXdzRzNqelgzRVpS?= =?utf-8?B?N0tOLzUvbTVPYlV4VWNLUFcxM1BuRzFDdGpNVDJ5WDVzM3pCblRVTk9NeTJz?= =?utf-8?B?cm1UL0NGWkxQOEEreXhvaTNNSzZDSHpuRE5yQ3hMaEpLS2g4WFl4YlA3Vmky?= =?utf-8?B?cHpoUmd4WStXSXJCVjh4aVhpUzcyT040YWJqWnVHWFg3RXppb05XNkErUHdI?= =?utf-8?B?enJyODFCYVZyT0JlMWlSTml1bUlrTW1FaG5MdGdWcHZ6ZHF2RjQyRjJnPT0=?= X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: b9731ceb-3129-4ab7-8871-08dbdf2c3cab X-MS-Exchange-CrossTenant-AuthSource: SA1PR19MB4911.namprd19.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Nov 2023 00:55:30.1850 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR19MB7031 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,spbrogan@outlook.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: yKujn1Vl1r2vdpUaJ8zHwFDPx7686176AA= Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=uBjTjN5Z; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=outlook.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io Reviewed-by: Sean Brogan On 11/2/2023 1:03 PM, Michael Kubacki wrote: > From: Michael Kubacki > > Updates the CodeQL queries opted into by edk2 to a set of queries from > the standard CodeQL query package `codeql/cpp-queries`. > > After testing a large number of queries the included set here were > found to be the most useful with the least number of false positives. > Some queries had a number of issues that led to them being placed on > the exclusion list so that they are not considered in the future > without the notes there being taken into account. > > General details about queries available in the pack are available here: > https://codeql.github.com/codeql-query-help/cpp/ > > The issues found by these queries will need to be fixed over time. In > the meantime, the results will show to those that have permission in > the repo's GitHub Code Scanning area. The build will not fail due to > CodeQL issues (since they are not all fixed) but that can be enabled in > the future. > > Cc: Bob Feng > Cc: Liming Gao > Cc: Michael D Kinney > Cc: Rebecca Cran > Cc: Sean Brogan > Cc: Yuwei Chen > Signed-off-by: Michael Kubacki > Acked-by: Michael D Kinney > --- > BaseTools/Plugin/CodeQL/CodeQlQueries.qls | 57 +++++++++++++++++--- > 1 file changed, 50 insertions(+), 7 deletions(-) > > diff --git a/BaseTools/Plugin/CodeQL/CodeQlQueries.qls b/BaseTools/Plugin= /CodeQL/CodeQlQueries.qls > index 3f97bcd583d5..1a5098322193 100644 > --- a/BaseTools/Plugin/CodeQL/CodeQlQueries.qls > +++ b/BaseTools/Plugin/CodeQL/CodeQlQueries.qls > @@ -8,28 +8,71 @@ > # Queries > #######################################################################= ################### > =20 > -## Enable When Time is Available to Fix Issues > -# Hundreds of issues. Most appear valid. Type: Recommendation. > -#- include: > -# id: cpp/missing-null-test > - > ## Errors > - include: > - id: cpp/overrunning-write > + id: cpp/badoverflowguard > - include: > - id: cpp/overrunning-write-with-float > + id: cpp/infiniteloop > +- include: > + id: cpp/likely-bugs/memory-management/v2/conditionally-uninitialized= -variable > +- include: > + id: cpp/missing-null-test > +- include: > + id: cpp/missing-return > +- include: > + id: cpp/no-space-for-terminator > - include: > id: cpp/pointer-overflow-check > +- include: > + id: cpp/redundant-null-check-simple > +- include: > + id: cpp/sizeof/const-int-argument > +- include: > + id: cpp/sizeof/sizeof-or-operation-as-argument > +- include: > + id: cpp/unguardednullreturndereferenc > - include: > id: cpp/very-likely-overrunning-write > =20 > ## Warnings > +- include: > + id: cpp/comparison-with-wider-type > - include: > id: cpp/conditionallyuninitializedvariable > +- include: > + id: cpp/comparison-precedence > +- include: > + id: cpp/implicit-bitfield-downcast > - include: > id: cpp/infinite-loop-with-unsatisfiable-exit-condition > +- include: > + id: cpp/offset-use-before-range-check > - include: > id: cpp/overflow-buffer > +- include: > + id: cpp/overflow-calculated > +- include: > + id: cpp/overflow-destination > +- include: > + id: cpp/paddingbyteinformationdisclosure > +- include: > + id: cpp/return-stack-allocated-memory > +- include: > + id: cpp/static-buffer-overflow > +- include: > + id: cpp/unsigned-comparison-zero > +- include: > + id: cpp/uselesstest > + > +## Recommendations > +- include: > + id: cpp/missing-header-guard > +- include: > + id: cpp/unused-local-variable > +- include: > + id: cpp/unused-static-function > +- include: > + id: cpp/unused-static-variable > =20 > # Note: Some queries above are not active by default with the below fil= ter. > # Update the filter and run the queries again to get all results. -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#110774): https://edk2.groups.io/g/devel/message/110774 Mute This Topic: https://groups.io/mt/102350798/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-