Re: [edk2-devel] [PATCH v1 00/12] Enable New CodeQL Queries

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: "Michael Kubacki" <mikuback@linux.microsoft.com>
To: devel@edk2.groups.io
Cc: Bob Feng <bob.c.feng@intel.com>, Dandan Bi <dandan.bi@intel.com>,
	Eric Dong <eric.dong@intel.com>,
	Erich McMillan <emcmillan@microsoft.com>,
	Guomin Jiang <guomin.jiang@intel.com>,
	Jian J Wang <jian.j.wang@intel.com>,
	Jiaxin Wu <jiaxin.wu@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Maciej Rabeda <maciej.rabeda@linux.intel.com>,
	Michael D Kinney <michael.d.kinney@intel.com>,
	Rahul Kumar <rahul1.kumar@intel.com>, Ray Ni <ray.ni@intel.com>,
	Sean Brogan <sean.brogan@microsoft.com>,
	Siyuan Fu <siyuan.fu@intel.com>, Star Zeng <star.zeng@intel.com>,
	Xiaoyu Lu <xiaoyu1.lu@intel.com>,
	Yuwei Chen <yuwei.chen@intel.com>,
	Zhichao Gao <zhichao.gao@intel.com>,
	Zhiguang Liu <zhiguang.liu@intel.com>
Subject: Re: [edk2-devel] [PATCH v1 00/12] Enable New CodeQL Queries
Date: Tue, 15 Nov 2022 10:00:00 -0500	[thread overview]
Message-ID: <a1b17e67-d2f3-6cb1-78ae-69a2359eb07e@linux.microsoft.com> (raw)
In-Reply-To: <1725FAF86F85AB12.8194@groups.io>

Maintainers/reviewers,

This is an important series for us to make progress on enabling CodeQL 
and needs cooperation from maintainers across several packages.

I have not received any feedback yet.

Most of these patches should not take long to review. Please help review 
your patches so we can continue forward momentum on enabling code 
scanning in the repo.

Thanks,
Michael

On 11/9/2022 12:32 PM, Michael Kubacki wrote:
> From: Michael Kubacki <michael.kubacki@microsoft.com>
> 
> Adds queries for the following:
> 
> 1. cpp/conditionallyuninitializedvariable
> 2. cpp/pointer-overflow-check
> 3. cpp/overrunning-write
> 4. cpp/overrunning-write-with-float
> 5. cpp/very-likely-overrunning-write
> 
> These check for vulnerabilities with the following CWEs:
> 
>    - https://cwe.mitre.org/data/definitions/120.html
>    - https://cwe.mitre.org/data/definitions/457.html
>    - https://cwe.mitre.org/data/definitions/676.html
>    - https://cwe.mitre.org/data/definitions/758.html
>    - https://cwe.mitre.org/data/definitions/787.html
>    - https://cwe.mitre.org/data/definitions/805.html
> 
> The first part of this patch series contains fixes for CodeQL alerts
> across various packages that are produced by the new queries being
> enabled.
> 
> The second part updates the CodeQL queries.
> 
> Cc: Bob Feng <bob.c.feng@intel.com>
> Cc: Dandan Bi <dandan.bi@intel.com>
> Cc: Eric Dong <eric.dong@intel.com>
> Cc: Erich McMillan <emcmillan@microsoft.com>
> Cc: Guomin Jiang <guomin.jiang@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Jiaxin Wu <jiaxin.wu@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Michael Kubacki <mikuback@linux.microsoft.com>
> Cc: Rahul Kumar <rahul1.kumar@intel.com>
> Cc: Ray Ni <ray.ni@intel.com>
> Cc: Sean Brogan <sean.brogan@microsoft.com>
> Cc: Siyuan Fu <siyuan.fu@intel.com>
> Cc: Star Zeng <star.zeng@intel.com>
> Cc: Xiaoyu Lu <xiaoyu1.lu@intel.com>
> Cc: Yuwei Chen <yuwei.chen@intel.com>
> Cc: Zhichao Gao <zhichao.gao@intel.com>
> Cc: Zhiguang Liu <zhiguang.liu@intel.com>
> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
> 
> Erich McMillan (1):
>    MdeModulePkg/SmbiosDxe: Fix pointer and buffer overflow CodeQL alerts
> 
> Michael Kubacki (11):
>    BaseTools/PatchCheck.py: Add PCCTS to tab exemption list
>    BaseTools/VfrCompile: Fix potential buffer overwrites
>    CryptoPkg: Fix conditionally uninitialized variable
>    MdeModulePkg: Fix conditionally uninitialized variables
>    MdePkg: Fix conditionally uninitialized variables
>    NetworkPkg: Fix conditionally uninitialized variables
>    PcAtChipsetPkg: Fix conditionally uninitialized variables
>    ShellPkg: Fix conditionally uninitialized variables
>    UefiCpuPkg: Fix conditionally uninitialized variables
>    .github/codeql/edk2.qls: Enable CWE 457, 676, and 758 queries
>    .github/codeql/edk2.qls: Enable CWE 120, 787, and 805 queries
> 
>   BaseTools/Source/C/VfrCompile/Pccts/antlr/gen.c               | 10 ++--
>   BaseTools/Source/C/VfrCompile/Pccts/antlr/main.c              |  4 +-
>   CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c                 | 21 ++++----
>   MdeModulePkg/Bus/Pci/PciBusDxe/PciIo.c                        |  5 +-
>   MdeModulePkg/Bus/Pci/UhciDxe/Uhci.c                           | 24 +++++----
>   MdeModulePkg/Core/Dxe/Mem/Page.c                              | 17 +++---
>   MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootOption.c | 25 +++++----
>   MdeModulePkg/Library/FileExplorerLib/FileExplorer.c           |  5 +-
>   MdeModulePkg/Universal/BdsDxe/BdsEntry.c                      | 33 ++++++------
>   MdeModulePkg/Universal/DisplayEngineDxe/ProcessOptions.c      | 11 ++--
>   MdeModulePkg/Universal/HiiDatabaseDxe/Font.c                  | 14 +++--
>   MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c                  |  4 +-
>   MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c         |  2 +-
>   MdePkg/Library/BaseLib/String.c                               | 20 ++++---
>   NetworkPkg/Library/DxeHttpLib/DxeHttpLib.c                    |  2 +-
>   NetworkPkg/TcpDxe/TcpInput.c                                  |  3 ++
>   PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcRtc.c            |  9 ++--
>   ShellPkg/Application/Shell/Shell.c                            |  2 +-
>   ShellPkg/Application/Shell/ShellProtocol.c                    |  4 +-
>   ShellPkg/Library/UefiShellCommandLib/UefiShellCommandLib.c    | 56 +++++++++++---------
>   ShellPkg/Library/UefiShellDebug1CommandsLib/Dblk.c            | 18 ++++---
>   ShellPkg/Library/UefiShellDebug1CommandsLib/EfiDecompress.c   |  9 ++--
>   ShellPkg/Library/UefiShellDriver1CommandsLib/Connect.c        | 14 ++---
>   ShellPkg/Library/UefiShellDriver1CommandsLib/Disconnect.c     | 17 +++---
>   ShellPkg/Library/UefiShellDriver1CommandsLib/DrvDiag.c        | 21 ++++----
>   UefiCpuPkg/CpuMpPei/CpuBist.c                                 |  8 ++-
>   UefiCpuPkg/CpuMpPei/CpuMpPei.c                                |  8 ++-
>   UefiCpuPkg/CpuMpPei/CpuPaging.c                               |  9 +++-
>   .github/codeql/edk2.qls                                       | 10 ++++
>   BaseTools/Scripts/PatchCheck.py                               |  4 +-
>   MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf                |  1 +
>   31 files changed, 238 insertions(+), 152 deletions(-)
>

next      parent reply	other threads:[~2022-11-15 15:00 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <1725FAF86F85AB12.8194@groups.io>
2022-11-15 15:00 ` Michael Kubacki [this message]
2022-11-16  1:22   ` 回复: [edk2-devel] [PATCH v1 00/12] Enable New CodeQL Queries gaoliming
2022-11-24  1:10   ` Michael Kubacki

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=a1b17e67-d2f3-6cb1-78ae-69a2359eb07e@linux.microsoft.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox