Reviewed-by: Michael D Kinney <[email protected]> > -----Original Message----- > From: [email protected] <[email protected]> On Behalf Of Michael Kubacki > Sent: Wednesday, November 9, 2022 9:33 AM > To: [email protected] > Cc: Sean Brogan <[email protected]>; Michael Kubacki > <[email protected]>; Kinney, Michael D > <[email protected]> > Subject: [edk2-devel] [PATCH v1 11/12] .github/codeql/edk2.qls: Enable CWE > 457, 676, and 758 queries > > From: Michael Kubacki <[email protected]> > > The previous commits fixed issues with these queries across various > packages. Now that those are resolved, enable the queries in the > edk2 query set so regressions can be found in the future. > > Enables: > > 1. cpp/conditionallyuninitializedvariable > - CWE: https://cwe.mitre.org/data/definitions/457.html > - @name Conditionally uninitialized variable > - @description An initialization function is used to initialize a > local variable, but the returned status code is > not checked. The variable may be left in an > uninitialized state, and reading the variable may > result in undefined behavior. > - @kind problem > - @problem.severity warning > - @security-severity 7.8 > - @id cpp/conditionally-uninitialized-variable > - @tags security > - external/cwe/cwe-457 > 2. cpp/pointer-overflow-check > - CWE: https://cwe.mitre.org/data/definitions/758.html > - @name Pointer overflow check > - @description Adding a value to a pointer to check if it > overflows relies on undefined behavior and > may lead to memory corruption. > - @kind problem > - @problem.severity error > - @security-severity 2.1 > - @precision high > - @id cpp/pointer-overflow-check > - @tags reliability > - security > - external/cwe/cwe-758 > 3. cpp/potential-buffer-overflow > - CWE: https://cwe.mitre.org/data/definitions/676.html > - @name Potential buffer overflow > - @description Using a library function that does not check > buffer bounds requires the surrounding program > to be very carefully written to avoid buffer > overflows. > - @kind problem > - @id cpp/potential-buffer-overflow > - @problem.severity warning > - @security-severity 10.0 > - @tags reliability > - security > - external/cwe/cwe-676 > - @deprecated This query is deprecated, use > Potentially overrunning write > (`cpp/overrunning-write`) and > Potentially overrunning write with float to string > conversion > (`cpp/overrunning-write-with-float`) instead. > > Note that cpp/potential-buffer-overflow is deprecated. This query > will be updated to the succeeding queries in the next commit. The > query is used in this commit to show that we considered and tested > the query in history. > > Cc: Sean Brogan <[email protected]> > Cc: Michael Kubacki <[email protected]> > Cc: Michael D Kinney <[email protected]> > Signed-off-by: Michael Kubacki <[email protected]> > --- > .github/codeql/edk2.qls | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/.github/codeql/edk2.qls b/.github/codeql/edk2.qls > index ef9aae790f5f..dc2d87764e93 100644 > --- a/.github/codeql/edk2.qls > +++ b/.github/codeql/edk2.qls > @@ -8,7 +8,14 @@ > > # Enable individual queries below. > > +- include: > + id: cpp/conditionallyuninitializedvariable > - include: > id: cpp/infinite-loop-with-unsatisfiable-exit-condition > - include: > id: cpp/overflow-buffer > +- include: > + id: cpp/pointer-overflow-check > +- include: > + id: cpp/potential-buffer-overflow > + > -- > 2.28.0.windows.1 > > > > -=-=-=-=-=-= > Groups.io Links: You receive all messages sent to this group. > View/Reply Online (#96157): https://edk2.groups.io/g/devel/message/96157 > Mute This Topic: https://groups.io/mt/94918106/1643496 > Group Owner: [email protected] > Unsubscribe: https://edk2.groups.io/g/devel/unsub [[email protected]] > -=-=-=-=-=-= >
-=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#96603): https://edk2.groups.io/g/devel/message/96603 Mute This Topic: https://groups.io/mt/94918106/21656 Group Owner: [email protected] Unsubscribe: https://edk2.groups.io/g/devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
