mirror of
https://github.com/systemd/systemd
synced 2024-09-06 16:56:43 +00:00
Merge pull request #24671 from mrc0mmand/even-more-codeql
ci: enable a couple more possibly useful CodeQL queries
This commit is contained in:
commit
f539452505
8
.github/codeql-custom.qls
vendored
8
.github/codeql-custom.qls
vendored
|
@ -10,12 +10,20 @@
|
|||
# - https://github.com/github/codeql-action/issues/430#issuecomment-806092120
|
||||
# - https://codeql.github.com/docs/codeql-cli/creating-codeql-query-suites/
|
||||
|
||||
# Note: the codeql/<lang>-queries pack name can be found in the CodeQL repo[0]
|
||||
# in <lang>/ql/src/qlpack.yml. The respective codeql-suites are then
|
||||
# under <lang>/ql/src/codeql-suites/.
|
||||
#
|
||||
# [0] https://github.com/github/codeql
|
||||
- import: codeql-suites/cpp-lgtm.qls
|
||||
from: codeql/cpp-queries
|
||||
- import: codeql-suites/python-lgtm.qls
|
||||
from: codeql/python-queries
|
||||
- include:
|
||||
id:
|
||||
- cpp/bad-strncpy-size
|
||||
- cpp/declaration-hides-variable
|
||||
- cpp/include-non-header
|
||||
- cpp/inconsistent-null-check
|
||||
- cpp/mistyped-function-arguments
|
||||
- cpp/nested-loops-with-same-variable
|
||||
|
|
|
@ -50,16 +50,16 @@ class UninitialisedLocalReachability extends StackVariableReachability {
|
|||
* fun(&x);
|
||||
* puts(x);
|
||||
*
|
||||
* `useOfVarActual()` won't treat this an an uninitialized read even if the callee
|
||||
* `useOfVarActual()` won't treat this as an uninitialized read even if the callee
|
||||
* doesn't modify the argument, however, `useOfVar()` will
|
||||
*/
|
||||
override predicate isSink(ControlFlowNode node, StackVariable v) { useOfVar(v, node) }
|
||||
|
||||
override predicate isBarrier(ControlFlowNode node, StackVariable v) {
|
||||
// only report the _first_ possibly uninitialized use
|
||||
/* only report the _first_ possibly uninitialized use */
|
||||
useOfVar(v, node) or
|
||||
(
|
||||
/* If there's an return statement somewhere between the variable declaration
|
||||
/* If there's a return statement somewhere between the variable declaration
|
||||
* and a possible definition, don't accept is as a valid initialization.
|
||||
*
|
||||
* E.g.:
|
||||
|
@ -71,7 +71,7 @@ class UninitialisedLocalReachability extends StackVariableReachability {
|
|||
* x = malloc(...);
|
||||
*
|
||||
* is not a valid initialization, since we might return from the function
|
||||
* _before_ the actual iniitialization (emphasis on _might_, since we
|
||||
* _before_ the actual initialization (emphasis on _might_, since we
|
||||
* don't know if the return statement might ever evaluate to true).
|
||||
*/
|
||||
definitionBarrier(v, node) and
|
||||
|
@ -92,14 +92,14 @@ predicate containsInlineAssembly(Function f) { exists(AsmStmt s | s.getEnclosing
|
|||
* for this check to exclude them.
|
||||
*/
|
||||
VariableAccess commonException() {
|
||||
// If the uninitialized use we've found is in a macro expansion, it's
|
||||
// typically something like va_start(), and we don't want to complain.
|
||||
/* If the uninitialized use we've found is in a macro expansion, it's
|
||||
* typically something like va_start(), and we don't want to complain. */
|
||||
result.getParent().isInMacroExpansion()
|
||||
or
|
||||
result.getParent() instanceof BuiltInOperation
|
||||
or
|
||||
// Finally, exclude functions that contain assembly blocks. It's
|
||||
// anyone's guess what happens in those.
|
||||
/* Finally, exclude functions that contain assembly blocks. It's
|
||||
* anyone's guess what happens in those. */
|
||||
containsInlineAssembly(result.getEnclosingFunction())
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue