From 07273cadd036a335159a958216ff9e26aba6d5f0 Mon Sep 17 00:00:00 2001
From: Oliver Smith-Denny <osde@microsoft.com>
Date: Fri, 17 Feb 2023 11:21:24 -0800
Subject: [PATCH] [CodeQL] CodeQL Fixes in HidPkg (#178)

# Preface

Please ensure you have read the [contribution
docs](https://github.com/microsoft/mu/blob/master/CONTRIBUTING.md) prior
to submitting the pull request. In particular,
[pull request
guidelines](https://github.com/microsoft/mu/blob/master/CONTRIBUTING.md#pull-request-best-practices).

## Description

CodeQL flagged various errors in this pkg, this PR fixes them up and
ignores a legitimate use case in HidMouseAbsolutePointerDxe.c.

For each item, place an "x" in between `[` and `]` if true. Example:
`[x]`.
_(you can also check items in the GitHub UI)_

- [x] Impacts functionality?
- **Functionality** - Does the change ultimately impact how firmware
functions?
- Examples: Add a new library, publish a new PPI, update an algorithm,
...
- [x] Impacts security?
- **Security** - Does the change have a direct security impact on an
application,
    flow, or firmware?
  - Examples: Crypto algorithm change, buffer overflow fix, parameter
    validation improvement, ...
- [ ] Breaking change?
- **Breaking change** - Will anyone consuming this change experience a
break
    in build or boot behavior?
- Examples: Add a new library class, move a module to a different repo,
call
    a function in a new library class in a pre-existing module, ...
- [ ] Includes tests?
  - **Tests** - Does the change include any explicit test code?
  - Examples: Unit tests, integration tests, robot tests, ...
- [ ] Includes documentation?
- **Documentation** - Does the change contain explicit documentation
additions
    outside direct code modifications (and comments)?
- Examples: Update readme file, add feature readme file, link to
documentation
    on an a separate Web page, ...

## How This Was Tested

Tested in a local CI build.

## Integration Instructions

N/A.

---------

Co-authored-by: Michael Kubacki <michael.kubacki@microsoft.com>
---
 .pytool/CISettings.py               |  5 +++++
 CodeQlFilters.yml                   | 15 +++++++++++++++
 HidPkg/HidKeyboardDxe/HidKeyboard.c |  8 ++++----
 3 files changed, 24 insertions(+), 4 deletions(-)
 create mode 100644 CodeQlFilters.yml

diff --git a/.pytool/CISettings.py b/.pytool/CISettings.py
index d9e30b961c..c08f578b2c 100644
--- a/.pytool/CISettings.py
+++ b/.pytool/CISettings.py
@@ -185,6 +185,11 @@ def GetActiveScopes(self):
                         "STUART_CODEQL_AUDIT_ONLY",
                         "TRUE",
                         "Set in CISettings.py")
+                    shell_environment.GetBuildVars().SetValue(
+                        "STUART_CODEQL_FILTER_FILES",
+                        os.path.join(self.GetWorkspaceRoot(),
+                                     "CodeQlFilters.yml"),
+                        "Set in CISettings.py")
             except NameError:
                 pass
 
diff --git a/CodeQlFilters.yml b/CodeQlFilters.yml
new file mode 100644
index 0000000000..ec1128f2c7
--- /dev/null
+++ b/CodeQlFilters.yml
@@ -0,0 +1,15 @@
+## @file
+# CodeQL Result Filters for Packages in Mu Plus
+#
+# Note: Packages that use Mu Basecore can reuse this file to quickly pick up the
+#       same filters applied to results in the Mu Plus repo.
+#
+# Copyright (c) Microsoft Corporation
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+{
+  "Filters": [
+    "-HidPkg/HidMouseAbsolutePointerDxe/HidMouseAbsolutePointerDxe.c:SM02298"
+  ]
+}
diff --git a/HidPkg/HidKeyboardDxe/HidKeyboard.c b/HidPkg/HidKeyboardDxe/HidKeyboard.c
index d701340f32..cae73117ad 100644
--- a/HidPkg/HidKeyboardDxe/HidKeyboard.c
+++ b/HidPkg/HidKeyboardDxe/HidKeyboard.c
@@ -983,7 +983,7 @@ ProcessKeyStroke (
   // Bytes 3 to n are for normal keycodes
   //
   KeyRelease = FALSE;
-  for (LastKeyCode = 0; LastKeyCode < LastReportKeyCount; LastKeyCode++) {
+  for (LastKeyCode = 0; (UINTN)LastKeyCode < LastReportKeyCount; LastKeyCode++) {
     if (!HIDKBD_VALID_KEYCODE (LastReport->KeyCode[LastKeyCode])) {
       continue;
     }
@@ -993,7 +993,7 @@ ProcessKeyStroke (
     // then it is released. Otherwise, it is not released.
     //
     KeyRelease = TRUE;
-    for (KeyCode = 0; KeyCode < CurrentReportKeyCount; KeyCode++) {
+    for (KeyCode = 0; (UINTN)KeyCode < CurrentReportKeyCount; KeyCode++) {
       if (!HIDKBD_VALID_KEYCODE (CurrentReport->KeyCode[KeyCode])) {
         continue;
       }
@@ -1033,7 +1033,7 @@ ProcessKeyStroke (
   // Handle normal key's pressing situation
   //
   KeyPress = FALSE;
-  for (KeyCode = 0; KeyCode < CurrentReportKeyCount; KeyCode++) {
+  for (KeyCode = 0; (UINTN)KeyCode < CurrentReportKeyCount; KeyCode++) {
     if (!HIDKBD_VALID_KEYCODE (CurrentReport->KeyCode[KeyCode])) {
       continue;
     }
@@ -1043,7 +1043,7 @@ ProcessKeyStroke (
     // then it is pressed. Otherwise, it is not pressed.
     //
     KeyPress = TRUE;
-    for (LastKeyCode = 0; LastKeyCode < LastReportKeyCount; LastKeyCode++) {
+    for (LastKeyCode = 0; (UINTN)LastKeyCode < LastReportKeyCount; LastKeyCode++) {
       if (!HIDKBD_VALID_KEYCODE (LastReport->KeyCode[LastKeyCode])) {
         continue;
       }