From d461137e22ed46fdae725741decb44b91e59c110 Mon Sep 17 00:00:00 2001 From: Michael Kubacki Date: Wed, 27 Sep 2023 14:59:20 -0400 Subject: BaseTools/Plugin/CodeQL: Enable 30 queries Updates the CodeQL queries opted into by edk2 to a set of queries from the standard CodeQL query package `codeql/cpp-queries`. After testing a large number of queries the included set here were found to be the most useful with the least number of false positives. Some queries had a number of issues that led to them being placed on the exclusion list so that they are not considered in the future without the notes there being taken into account. General details about queries available in the pack are available here: https://codeql.github.com/codeql-query-help/cpp/ The issues found by these queries will need to be fixed over time. In the meantime, the results will show to those that have permission in the repo's GitHub Code Scanning area. The build will not fail due to CodeQL issues (since they are not all fixed) but that can be enabled in the future. Cc: Bob Feng Cc: Liming Gao Cc: Michael D Kinney Cc: Rebecca Cran Cc: Sean Brogan Cc: Yuwei Chen Signed-off-by: Michael Kubacki Reviewed-by: Sean Brogan Acked-by: Laszlo Ersek Acked-by: Michael D Kinney --- BaseTools/Plugin/CodeQL/CodeQlQueries.qls | 57 +++++++++++++++++++++++++++---- 1 file changed, 50 insertions(+), 7 deletions(-) (limited to 'BaseTools') diff --git a/BaseTools/Plugin/CodeQL/CodeQlQueries.qls b/BaseTools/Plugin/CodeQL/CodeQlQueries.qls index 3f97bcd..1a50983 100644 --- a/BaseTools/Plugin/CodeQL/CodeQlQueries.qls +++ b/BaseTools/Plugin/CodeQL/CodeQlQueries.qls @@ -8,28 +8,71 @@ # Queries ########################################################################################## -## Enable When Time is Available to Fix Issues -# Hundreds of issues. Most appear valid. Type: Recommendation. -#- include: -# id: cpp/missing-null-test - ## Errors - include: - id: cpp/overrunning-write + id: cpp/badoverflowguard +- include: + id: cpp/infiniteloop +- include: + id: cpp/likely-bugs/memory-management/v2/conditionally-uninitialized-variable +- include: + id: cpp/missing-null-test - include: - id: cpp/overrunning-write-with-float + id: cpp/missing-return +- include: + id: cpp/no-space-for-terminator - include: id: cpp/pointer-overflow-check - include: + id: cpp/redundant-null-check-simple +- include: + id: cpp/sizeof/const-int-argument +- include: + id: cpp/sizeof/sizeof-or-operation-as-argument +- include: + id: cpp/unguardednullreturndereferenc +- include: id: cpp/very-likely-overrunning-write ## Warnings - include: + id: cpp/comparison-with-wider-type +- include: id: cpp/conditionallyuninitializedvariable - include: + id: cpp/comparison-precedence +- include: + id: cpp/implicit-bitfield-downcast +- include: id: cpp/infinite-loop-with-unsatisfiable-exit-condition - include: + id: cpp/offset-use-before-range-check +- include: id: cpp/overflow-buffer +- include: + id: cpp/overflow-calculated +- include: + id: cpp/overflow-destination +- include: + id: cpp/paddingbyteinformationdisclosure +- include: + id: cpp/return-stack-allocated-memory +- include: + id: cpp/static-buffer-overflow +- include: + id: cpp/unsigned-comparison-zero +- include: + id: cpp/uselesstest + +## Recommendations +- include: + id: cpp/missing-header-guard +- include: + id: cpp/unused-local-variable +- include: + id: cpp/unused-static-function +- include: + id: cpp/unused-static-variable # Note: Some queries above are not active by default with the below filter. # Update the filter and run the queries again to get all results. -- cgit v1.1