summaryrefslogtreecommitdiffstats
path: root/RedfishPkg/Redfish.dsc.inc
diff options
context:
space:
mode:
authorMichael Kubacki <michael.kubacki@microsoft.com>2022-11-10 01:32:45 +0800
committerLiming Gao <gaoliming@byosoft.com.cn>2022-12-23 13:52:00 +0800
commitd27cf840cae1c9cb23ea2f4c41ffc62470fd08be (patch)
tree521d812714ffcdef9045e49ab0331b0ff744943b /RedfishPkg/Redfish.dsc.inc
parentd8d4abdff9096a69ff59d96ac4a8dd0e19e5cbcc (diff)
downloadedk2-d27cf840cae1c9cb23ea2f4c41ffc62470fd08be.tar.gz
edk2-d27cf840cae1c9cb23ea2f4c41ffc62470fd08be.tar.bz2
edk2-d27cf840cae1c9cb23ea2f4c41ffc62470fd08be.zip
.github/codeql/edk2.qls: Enable CWE 457, 676, and 758 queries
The previous commits fixed issues with these queries across various packages. Now that those are resolved, enable the queries in the edk2 query set so regressions can be found in the future. Enables: 1. cpp/conditionallyuninitializedvariable - CWE: https://cwe.mitre.org/data/definitions/457.html - @name Conditionally uninitialized variable - @description An initialization function is used to initialize a local variable, but the returned status code is not checked. The variable may be left in an uninitialized state, and reading the variable may result in undefined behavior. - @kind problem - @problem.severity warning - @security-severity 7.8 - @id cpp/conditionally-uninitialized-variable - @tags security - external/cwe/cwe-457 2. cpp/pointer-overflow-check - CWE: https://cwe.mitre.org/data/definitions/758.html - @name Pointer overflow check - @description Adding a value to a pointer to check if it overflows relies on undefined behavior and may lead to memory corruption. - @kind problem - @problem.severity error - @security-severity 2.1 - @precision high - @id cpp/pointer-overflow-check - @tags reliability - security - external/cwe/cwe-758 3. cpp/potential-buffer-overflow - CWE: https://cwe.mitre.org/data/definitions/676.html - @name Potential buffer overflow - @description Using a library function that does not check buffer bounds requires the surrounding program to be very carefully written to avoid buffer overflows. - @kind problem - @id cpp/potential-buffer-overflow - @problem.severity warning - @security-severity 10.0 - @tags reliability - security - external/cwe/cwe-676 - @deprecated This query is deprecated, use Potentially overrunning write (`cpp/overrunning-write`) and Potentially overrunning write with float to string conversion (`cpp/overrunning-write-with-float`) instead. Note that cpp/potential-buffer-overflow is deprecated. This query will be updated to the succeeding queries in the next commit. The query is used in this commit to show that we considered and tested the query in history. Cc: Sean Brogan <sean.brogan@microsoft.com> Cc: Michael Kubacki <mikuback@linux.microsoft.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Diffstat (limited to 'RedfishPkg/Redfish.dsc.inc')
0 files changed, 0 insertions, 0 deletions