CodeQlFilters.yml: Add global CodeQL filter file to repo.

The CodeQL Analyze build plugin allows a global configuration file to be specified for a repo that can define file patterns against CodeQL rules to include and exclude results for the given file and rule. The global configuration file is useful in mu_basecore (vs specifying the filters in individual package CI YAML files) because the repo has high reuse. Integration repos can easily see all of the filter activity in one file that is easy to inspect and include in their build if needed.
microsoft · Aug 23, 2024 · 301fb03 · 301fb03
1 parent 22ae568
commit 301fb03
Showing 1 changed file with 36 additions and 0 deletions.
diff --git a/CodeQlFilters.yml b/CodeQlFilters.yml
@@ -15,5 +15,41 @@
 
 {
   "Filters": [
+    "-**/CryptoPkg/Library/**:cpp/missing-header-guard",
+    "-**/CryptoPkg/Library/BaseCryptLib/**/*.c:SM02690",
+    "-**/CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c:SM02311",
+    "-**/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c:SM02311",
+    "-**/CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c:SM02320",
+    "-**/CryptoPkg/Library/OpensslLib/**/*.c:*",
+    "-**/MdeModulePkg/Bus/Pci/PciBusDxe/PciResourceSupport.c:SM02311",
+    "-**/MdeModulePkg/Core/Pei/Ppi/Ppi.c:cpp/overflow-buffer",
+    "-**/MdeModulePkg/Core/PiSmmCore/MemoryAttributesTable.c:cpp/unused-static-function",
+    "-**/MdeModulePkg/Library/UefiBootManagerLib/BmConsole.c:SM02311",
+    "-**/MdeModulePkg/Library/UefiBootManagerLib/BmMisc.c:SM02311",
+    "-**/MdeModulePkg/Universal/Acpi/S3SaveStateDxe/AcpiS3ContextSave.c:SM02311",
+    "-**/MdeModulePkg/Universal/BdsDxe/BdsEntry.c:SM02311",
+    "-**/MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatform.c:SM02311",
+    "-**/MdeModulePkg/Universal/Disk/UdfDxe/FileName.c:cpp/uselesstest",
+    "-**/MdeModulePkg/Universal/Disk/UdfDxe/FileSystemOperations.c:cpp/uselesstest",
+    "-**/MdeModulePkg/Universal/DriverSampleDxe/**:*",
+    "-**/MdeModulePkg/Universal/EbcDxe/EbcDebugger/EdbSupportString.c:cpp/uselesstest",
+    "-**/MdeModulePkg/Universal/RegularExpressionDxe/oniguruma/src/**/*.c:*",
+    "-**/MdePkg/Library/UefiDevicePathLib/DevicePathFromText.c:SM02311",
+    "-**/MdePkg/Library/UefiDevicePathLib/DevicePathUtilities.c:SM02311",
+    "-**/MdePkg/Library/UefiDevicePathLibDevicePathProtocol/UefiDevicePathLib.c:SM02311",
+    # Todo: Exclude for now, needs more review and testing
+    "-**/NetworkPkg/Ip6Dxe/Ip6Output.c:SM02313",
+    # Todo: Exclude for now, needs more review and testing
+    "-**/NetworkPkg/Ip6Dxe/Ip6Output.c:cpp/likely-bugs/memory-management/v2/conditionally-uninitialized-variable",
+    "-**/NetworkPkg/IScsiDxe/IScsiDhcp.c:cpp/offset-use-before-range-check",
+    "-**/NetworkPkg/IScsiDxe/IScsiDhcp6.c:cpp/offset-use-before-range-check",
+    "-**/ShellPkg/Application/Shell/ShellManParser.c:cpp/redundant-null-check-param",
+    "-**/ShellPkg/Application/Shell/ShellProtocol.c:SM02311",
+    "-**/ShellPkg/Library/**:cpp/redundant-null-check-simple",
+    "-**/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Aest/AestParser.c:cpp/overflow-buffer",
+    "-**/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Iort/IortParser.c:cpp/overflow-buffer",
+    "-**/ShellPkg/Library/UefiShellDebug1CommandsLib/DmpStore.c:SM02311",
+    "-**/ShellPkg/Library/UefiShellLevel2CommandsLib/Map.c:SM02311",
+    "-**/ShellPkg/Library/UefiShellLevel3CommandsLib/Alias.c:SM02311",
   ]
 }