Hi,
> I am hoping we can work together to improve the overall quality of the
> code and minimize the number of CodeQL alerts.
Seems CodeQL now runs as part of CI and flags issues it has found.
It complains about a possible NULL pointer dereference:
https://github.com/tianocore/edk2/runs/220210
Hi Gerd,
There is a way to suppress results explained here:
https://github.com/tianocore/edk2/tree/master/BaseTools/Plugin/CodeQL#filter-patterns
A real-world example is here:
https://github.com/microsoft/mu_basecore/blob/release/202311/CodeQlFilters.yml
That can currently operate at the fi
On 2/27/24 17:04, Michael Kubacki wrote:
> Hi Gerd,
>
> There is a way to suppress results explained here:
> https://github.com/tianocore/edk2/tree/master/BaseTools/Plugin/CodeQL#filter-patterns
>
> A real-world example is here:
> https://github.com/microsoft/mu_basecore/blob/release/202311/CodeQ
On 2/27/2024 10:43 PM, Laszlo Ersek wrote:
On 2/27/24 17:04, Michael Kubacki wrote:
Hi Gerd,
There is a way to suppress results explained here:
https://github.com/tianocore/edk2/tree/master/BaseTools/Plugin/CodeQL#filter-patterns
A real-world example is here:
https://github.com/microsoft/mu_ba
On Tue, Feb 27, 2024 at 11:04:47AM -0500, Michael Kubacki wrote:
> Hi Gerd,
>
> A real-world example is here:
> https://github.com/microsoft/mu_basecore/blob/release/202311/CodeQlFilters.yml
>
> That can currently operate at the file and CodeQL rule level granularity. In
> this case, the null po
On 11/7/23 16:43, Michael Kubacki wrote:
> The series that makes it easy to run CodeQL locally and have access to
> results from any PR or push to master.
>
> Those that have access can see the results directly in "Code Scanning"
> in the "Security" tab of the edk2 repo. That may be affected in ti
sorry, unfinished thought:
On 11/13/23 14:39, Laszlo Ersek wrote:
> - the "sarif emacs" output seems a bit broken, actually, so it's not usable.
> Consider the following entry from the original JSON file:
>
> }, {
> "ruleId" : "cpp/missing-null-test",
> "ruleIndex" : 0,
>
On 11/13/2023 8:42 AM, Laszlo Ersek wrote:
sorry, unfinished thought:
On 11/13/23 14:39, Laszlo Ersek wrote:
- the "sarif emacs" output seems a bit broken, actually, so it's not usable.
Consider the following entry from the original JSON file:
}, {
"ruleId" : "cpp/missing-null-te
On 11/15/23 01:35, Michael Kubacki wrote:
> On 11/13/2023 8:42 AM, Laszlo Ersek wrote:
>> sorry, unfinished thought:
>>
>> On 11/13/23 14:39, Laszlo Ersek wrote:
>>
>>> - the "sarif emacs" output seems a bit broken, actually, so it's not
>>> usable. Consider the following entry from the original JS
