summaryrefslogtreecommitdiffstats
path: root/BaseTools/Plugin/CodeQL/CodeQlQueries.qls
blob: 0da9baf95d4051b0b6a49ec9eae19a8e57897a3e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
---
- description: C++ queries

- queries: '.'
  from: codeql/cpp-queries@1.1.0

##########################################################################################
# Queries
##########################################################################################

## Errors
- include:
    id: cpp/badoverflowguard
- include:
    id: cpp/infiniteloop
- include:
    id: cpp/likely-bugs/memory-management/v2/conditionally-uninitialized-variable
- include:
    id: cpp/missing-null-test
- include:
    id: cpp/missing-return
- include:
    id: cpp/no-space-for-terminator
- include:
    id: cpp/pointer-overflow-check
- include:
    id: cpp/redundant-null-check-simple
- include:
    id: cpp/sizeof/const-int-argument
- include:
    id: cpp/sizeof/sizeof-or-operation-as-argument
- include:
    id: cpp/unguardednullreturndereferenc
- include:
    id: cpp/very-likely-overrunning-write

## Warnings
- include:
    id: cpp/comparison-with-wider-type
- include:
    id: cpp/conditionallyuninitializedvariable
- include:
    id: cpp/comparison-precedence
- include:
    id: cpp/implicit-bitfield-downcast
- include:
    id: cpp/infinite-loop-with-unsatisfiable-exit-condition
- include:
    id: cpp/offset-use-before-range-check
- include:
    id: cpp/overflow-buffer
- include:
    id: cpp/overflow-calculated
- include:
    id: cpp/overflow-destination
- include:
    id: cpp/paddingbyteinformationdisclosure
- include:
    id: cpp/return-stack-allocated-memory
- include:
    id: cpp/static-buffer-overflow
- include:
    id: cpp/unsigned-comparison-zero
- include:
    id: cpp/uselesstest

## Recommendations
- include:
    id: cpp/missing-header-guard
- include:
    id: cpp/unused-local-variable
- include:
    id: cpp/unused-static-variable

# Note: Some queries above are not active by default with the below filter.
#       Update the filter and run the queries again to get all results.
- include:
    tags:
      - "security"
      - "correctness"
    severity:
      - "error"
      - "warning"
      - "recommendation"

# Specifically hide the results of these.
#
# The following rules have been evaluated and explicitly not included for the following reasons:
#   - `cpp/allocation-too-small` - Appears to be hardcoded for C standard library functions `malloc`, `calloc`,
#     `realloc`, so it consumes time without much value with custom allocation functions in the codebase.
#   - `cpp/commented-out-code` - Triggers often. Needs further review.
#   - `cpp/duplicate-include-guard` - The <Phase>EntryPoint.h files includes a common include guard value
#     `__MODULE_ENTRY_POINT_H__`. This was the only occurrence found. So not very useful.
#   - `cpp/invalid-pointer-deref` - Very limited results with what appear to be false positives.
#   - `cpp/use-of-goto` - Goto is valid and allowed in the codebase.
#   - `cpp/useless-expression` - Triggers too often on cases where a NULL lib implementation is provided for a function.
#     Because the implementation simply returns, the check considers it useless.
#   - `cpp/weak-crypto/*` - Crypto algorithms are tracked outside CodeQL.
- exclude:
    id: cpp/allocation-too-small
- exclude:
    id: cpp/commented-out-code
- exclude:
    id: cpp/duplicate-include-guard
- exclude:
    id: cpp/invalid-pointer-deref
- exclude:
    id: cpp/use-of-goto
- exclude:
    id: cpp/useless-expression
- exclude:
    id: cpp/weak-crypto/banned-hash-algorithms
- exclude:
    id: cpp/weak-crypto/capi/banned-modes
- exclude:
    id: cpp/weak-crypto/openssl/banned-hash-algorithms