1. Patchew
  2. EDK2
  3. View series

[edk2-devel] [PATCH v1 0/2] Enable CodeQL Failures and Add New Queries

Michael Kubacki posted 2 patches 1 year, 5 months ago
Failed in applying to current master (apply log)
There is a newer version of this series
BaseTools/Source/C/EfiRom/EfiRom.c          | 2 +-
BaseTools/Source/C/GenFv/GenFvInternalLib.c | 2 +-
BaseTools/Source/C/GenFw/Elf32Convert.c     | 2 +-
BaseTools/Source/C/GenFw/Elf64Convert.c     | 6 +++---
BaseTools/Source/C/GenSec/GenSec.c          | 4 ++--
.github/codeql/codeql-config.yml            | 1 -
.github/codeql/edk2.qls                     | 4 +++-
7 files changed, 11 insertions(+), 10 deletions(-)
[edk2-devel] [PATCH v1 0/2] Enable CodeQL Failures and Add New Queries
Posted by Michael Kubacki 1 year, 5 months ago 
From: Michael Kubacki <michael.kubacki@microsoft.com>

When CodeQL was enabled, the goal was to enable the flow and not
impact build results. cpp/conditionallyuninitializedvariable was
the first and only query enabled with all CodeQL results filtered
out from affecting CI results.

This achieved the goal to enable CodeQL for future changes to build
upon but always get CodeQL successful runs in the meantime.

This patch series:
1. Swaps out that initial "placeholder" query with two queries that
   can be enabled with no code changes.
2. Enables "error" level CodeQL alerts.
3. Makes fixes made for a default query
   cpp/wrong-type-format-argument in BaseTools.

The results for (3) can be seen in the following Code Scanning
results that show the PR with these changes fixed the alerts raised
by CodeQL.

PR: https://github.com/tianocore/edk2/pull/3617

Code Scanning results (access may be required):
https://github.com/tianocore/edk2/security/code-scanning?query=pr%3A3617+tool%3ACodeQL+is%3Aclosed

Cc: Bob Feng <bob.c.feng@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Yuwei Chen <yuwei.chen@intel.com>
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>

Michael Kubacki (2):
  BaseTools: Fix wrong type of arguments to formatting functions
  edk2.qls: Allow error severity results and add new queries

 BaseTools/Source/C/EfiRom/EfiRom.c          | 2 +-
 BaseTools/Source/C/GenFv/GenFvInternalLib.c | 2 +-
 BaseTools/Source/C/GenFw/Elf32Convert.c     | 2 +-
 BaseTools/Source/C/GenFw/Elf64Convert.c     | 6 +++---
 BaseTools/Source/C/GenSec/GenSec.c          | 4 ++--
 .github/codeql/codeql-config.yml            | 1 -
 .github/codeql/edk2.qls                     | 4 +++-
 7 files changed, 11 insertions(+), 10 deletions(-)

-- 
2.28.0.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#96096): https://edk2.groups.io/g/devel/message/96096
Mute This Topic: https://groups.io/mt/94898431/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v1 0/2] Enable CodeQL Failures and Add New Queries
Posted by Sean 1 year, 5 months ago 
For the codeql series

Reviewed-by: Sean Brogan <sean.brogan@microsoft.com>

On 11/8/2022 11:51 AM, Michael Kubacki wrote:
> From: Michael Kubacki <michael.kubacki@microsoft.com>
>
> When CodeQL was enabled, the goal was to enable the flow and not
> impact build results. cpp/conditionallyuninitializedvariable was
> the first and only query enabled with all CodeQL results filtered
> out from affecting CI results.
>
> This achieved the goal to enable CodeQL for future changes to build
> upon but always get CodeQL successful runs in the meantime.
>
> This patch series:
> 1. Swaps out that initial "placeholder" query with two queries that
>     can be enabled with no code changes.
> 2. Enables "error" level CodeQL alerts.
> 3. Makes fixes made for a default query
>     cpp/wrong-type-format-argument in BaseTools.
>
> The results for (3) can be seen in the following Code Scanning
> results that show the PR with these changes fixed the alerts raised
> by CodeQL.
>
> PR: https://github.com/tianocore/edk2/pull/3617
>
> Code Scanning results (access may be required):
> https://github.com/tianocore/edk2/security/code-scanning?query=pr%3A3617+tool%3ACodeQL+is%3Aclosed
>
> Cc: Bob Feng <bob.c.feng@intel.com>
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> Cc: Yuwei Chen <yuwei.chen@intel.com>
> Cc: Sean Brogan <sean.brogan@microsoft.com>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
>
> Michael Kubacki (2):
>    BaseTools: Fix wrong type of arguments to formatting functions
>    edk2.qls: Allow error severity results and add new queries
>
>   BaseTools/Source/C/EfiRom/EfiRom.c          | 2 +-
>   BaseTools/Source/C/GenFv/GenFvInternalLib.c | 2 +-
>   BaseTools/Source/C/GenFw/Elf32Convert.c     | 2 +-
>   BaseTools/Source/C/GenFw/Elf64Convert.c     | 6 +++---
>   BaseTools/Source/C/GenSec/GenSec.c          | 4 ++--
>   .github/codeql/codeql-config.yml            | 1 -
>   .github/codeql/edk2.qls                     | 4 +++-
>   7 files changed, 11 insertions(+), 10 deletions(-)
>


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#96120): https://edk2.groups.io/g/devel/message/96120
Mute This Topic: https://groups.io/mt/94898431/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.