edk2.git - Cross-platform firmware development environment

diff options

author	Michael Kubacki <michael.kubacki@microsoft.com>	2022-11-10 01:32:45 +0800
committer	Liming Gao <gaoliming@byosoft.com.cn>	2022-12-23 13:52:00 +0800
commit	d27cf840cae1c9cb23ea2f4c41ffc62470fd08be (patch)
tree	521d812714ffcdef9045e49ab0331b0ff744943b /ArmPlatformPkg/Include/Library/PL011UartClockLib.h
parent	d8d4abdff9096a69ff59d96ac4a8dd0e19e5cbcc (diff)
download	edk2-d27cf840cae1c9cb23ea2f4c41ffc62470fd08be.tar.gz edk2-d27cf840cae1c9cb23ea2f4c41ffc62470fd08be.tar.bz2 edk2-d27cf840cae1c9cb23ea2f4c41ffc62470fd08be.zip

.github/codeql/edk2.qls: Enable CWE 457, 676, and 758 queries

The previous commits fixed issues with these queries across various packages. Now that those are resolved, enable the queries in the edk2 query set so regressions can be found in the future. Enables: 1. cpp/conditionallyuninitializedvariable - CWE: https://cwe.mitre.org/data/definitions/457.html - @name Conditionally uninitialized variable - @description An initialization function is used to initialize a local variable, but the returned status code is not checked. The variable may be left in an uninitialized state, and reading the variable may result in undefined behavior. - @kind problem - @problem.severity warning - @security-severity 7.8 - @id cpp/conditionally-uninitialized-variable - @tags security - external/cwe/cwe-457 2. cpp/pointer-overflow-check - CWE: https://cwe.mitre.org/data/definitions/758.html - @name Pointer overflow check - @description Adding a value to a pointer to check if it overflows relies on undefined behavior and may lead to memory corruption. - @kind problem - @problem.severity error - @security-severity 2.1 - @precision high - @id cpp/pointer-overflow-check - @tags reliability - security - external/cwe/cwe-758 3. cpp/potential-buffer-overflow - CWE: https://cwe.mitre.org/data/definitions/676.html - @name Potential buffer overflow - @description Using a library function that does not check buffer bounds requires the surrounding program to be very carefully written to avoid buffer overflows. - @kind problem - @id cpp/potential-buffer-overflow - @problem.severity warning - @security-severity 10.0 - @tags reliability - security - external/cwe/cwe-676 - @deprecated This query is deprecated, use Potentially overrunning write (`cpp/overrunning-write`) and Potentially overrunning write with float to string conversion (`cpp/overrunning-write-with-float`) instead. Note that cpp/potential-buffer-overflow is deprecated. This query will be updated to the succeeding queries in the next commit. The query is used in this commit to show that we considered and tested the query in history. Cc: Sean Brogan <sean.brogan@microsoft.com> Cc: Michael Kubacki <mikuback@linux.microsoft.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>

Diffstat (limited to 'ArmPlatformPkg/Include/Library/PL011UartClockLib.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: