On Tue, Feb 27, 2024 at 11:04:47AM -0500, Michael Kubacki wrote: > Hi Gerd, > > A real-world example is here: > https://github.com/microsoft/mu_basecore/blob/release/202311/CodeQlFilters.yml > > That can currently operate at the file and CodeQL rule level granularity. In > this case, the null pointer test rule ("cpp/missing-null-test" as shown in > https://github.com/tianocore/edk2/security/code-scanning/1277) could be > excluded in MpLib.c.
CodeQL apparently has support for assertions[1]. The documentation sounds like this can be extended. So maybe it is possible to add an 'Edk2Assert' class, to have CodeQL recognize ASSERT() + variants in the edk2 source code? That should reduce the number of filter rules needed and simplify maintenance long-term. take care, Gerd [1] https://codeql.github.com/codeql-standard-libraries/cpp/semmle/code/cpp/commons/Assertions.qll/module.Assertions.html -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116112): https://edk2.groups.io/g/devel/message/116112 Mute This Topic: https://groups.io/mt/102444916/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
