Reviewed-by: Michael D Kinney <[email protected]>
> -----Original Message----- > From: [email protected] <[email protected]> > Sent: Wednesday, November 9, 2022 9:33 AM > To: [email protected] > Cc: Sean Brogan <[email protected]>; Michael Kubacki > <[email protected]>; Kinney, Michael D > <[email protected]> > Subject: [PATCH v1 12/12] .github/codeql/edk2.qls: Enable CWE 120, 787, and > 805 queries > > From: Michael Kubacki <[email protected]> > > As recommended by CodeQL this change replaces > cpp/potential-buffer-overflow with cpp/overrunning-write-with-float > and cpp/overrunning-write. > > Enables: > > 1. cpp/overrunning-write > - @name Likely overrunning write > - @description Buffer write operations that do not control the length > data written may overflow > - @kind problem > - @problem.severity error > - @security-severity 9.3 > - @precision high > - @id cpp/very-likely-overrunning-write > - @tags reliability > - security > - external/cwe/cwe-120 > - external/cwe/cwe-787 > - external/cwe/cwe-805 > 2. cpp/overrunning-write-with-float > - @name Potentially overrunning write with float to string conversion > - @description Buffer write operations that do not control the length > of data written may overflow when floating point inputs > take extreme values. > - @kind problem > - @problem.severity error > - @security-severity 9.3 > - @precision medium > - @id cpp/overrunning-write-with-float > - @tags reliability > - security > - external/cwe/cwe-120 > - external/cwe/cwe-787 > - external/cwe/cwe-805 > 3. cpp/very-likely-overrunning-write > - @name Likely overrunning write > - @description Buffer write operations that do not control the length > of data written may overflow > - @kind problem > - @problem.severity error > - @security-severity 9.3 > - @precision high > - @id cpp/very-likely-overrunning-write > - @tags reliability > - security > - external/cwe/cwe-120 > - external/cwe/cwe-787 > - external/cwe/cwe-805 > > - CWEs: > - https://cwe.mitre.org/data/definitions/120.html > - https://cwe.mitre.org/data/definitions/787.html > - https://cwe.mitre.org/data/definitions/805.html > > Cc: Sean Brogan <[email protected]> > Cc: Michael Kubacki <[email protected]> > Cc: Michael D Kinney <[email protected]> > Signed-off-by: Michael Kubacki <[email protected]> > --- > .github/codeql/edk2.qls | 7 +++++-- > 1 file changed, 5 insertions(+), 2 deletions(-) > > diff --git a/.github/codeql/edk2.qls b/.github/codeql/edk2.qls > index dc2d87764e93..9bea9ba01f24 100644 > --- a/.github/codeql/edk2.qls > +++ b/.github/codeql/edk2.qls > @@ -14,8 +14,11 @@ > id: cpp/infinite-loop-with-unsatisfiable-exit-condition > - include: > id: cpp/overflow-buffer > +- include: > + id: cpp/overrunning-write > +- include: > + id: cpp/overrunning-write-with-float > - include: > id: cpp/pointer-overflow-check > - include: > - id: cpp/potential-buffer-overflow > - > + id: cpp/very-likely-overrunning-write > -- > 2.28.0.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#96604): https://edk2.groups.io/g/devel/message/96604 Mute This Topic: https://groups.io/mt/94918107/21656 Group Owner: [email protected] Unsubscribe: https://edk2.groups.io/g/devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
