From c8c5488dd2656d9562ecb11944e20b87d72a4d8a Mon Sep 17 00:00:00 2001 From: Michael Kubacki Date: Wed, 27 Sep 2023 14:59:20 -0400 Subject: [PATCH] Find all issues but do not fail build --- .pytool/CISettings.py | 6 +++ BaseTools/Plugin/CodeQL/CodeQlQueries.qls | 57 ++++++++++++++++++++--- 2 files changed, 56 insertions(+), 7 deletions(-) diff --git a/.pytool/CISettings.py b/.pytool/CISettings.py index f6595dd3cccf..66c168a1c865 100644 --- a/.pytool/CISettings.py +++ b/.pytool/CISettings.py @@ -196,6 +196,12 @@ def GetActiveScopes(self): try: scopes += codeql_helpers.get_scopes(self.codeql) + + if self.codeql: + shell_environment.GetBuildVars().SetValue( + "STUART_CODEQL_AUDIT_ONLY", + "TRUE", + "Set in CISettings.py") except NameError: pass diff --git a/BaseTools/Plugin/CodeQL/CodeQlQueries.qls b/BaseTools/Plugin/CodeQL/CodeQlQueries.qls index 3f97bcd583d5..1a5098322193 100644 --- a/BaseTools/Plugin/CodeQL/CodeQlQueries.qls +++ b/BaseTools/Plugin/CodeQL/CodeQlQueries.qls @@ -8,28 +8,71 @@ # Queries ########################################################################################## -## Enable When Time is Available to Fix Issues -# Hundreds of issues. Most appear valid. Type: Recommendation. -#- include: -# id: cpp/missing-null-test - ## Errors - include: - id: cpp/overrunning-write + id: cpp/badoverflowguard +- include: + id: cpp/infiniteloop +- include: + id: cpp/likely-bugs/memory-management/v2/conditionally-uninitialized-variable +- include: + id: cpp/missing-null-test - include: - id: cpp/overrunning-write-with-float + id: cpp/missing-return +- include: + id: cpp/no-space-for-terminator - include: id: cpp/pointer-overflow-check +- include: + id: cpp/redundant-null-check-simple +- include: + id: cpp/sizeof/const-int-argument +- include: + id: cpp/sizeof/sizeof-or-operation-as-argument +- include: + id: cpp/unguardednullreturndereferenc - include: id: cpp/very-likely-overrunning-write ## Warnings +- include: + id: cpp/comparison-with-wider-type - include: id: cpp/conditionallyuninitializedvariable +- include: + id: cpp/comparison-precedence +- include: + id: cpp/implicit-bitfield-downcast - include: id: cpp/infinite-loop-with-unsatisfiable-exit-condition +- include: + id: cpp/offset-use-before-range-check - include: id: cpp/overflow-buffer +- include: + id: cpp/overflow-calculated +- include: + id: cpp/overflow-destination +- include: + id: cpp/paddingbyteinformationdisclosure +- include: + id: cpp/return-stack-allocated-memory +- include: + id: cpp/static-buffer-overflow +- include: + id: cpp/unsigned-comparison-zero +- include: + id: cpp/uselesstest + +## Recommendations +- include: + id: cpp/missing-header-guard +- include: + id: cpp/unused-local-variable +- include: + id: cpp/unused-static-function +- include: + id: cpp/unused-static-variable # Note: Some queries above are not active by default with the below filter. # Update the filter and run the queries again to get all results.