From 301fb031dfd5ed56a788931c3b25a5159168bde7 Mon Sep 17 00:00:00 2001 From: Michael Kubacki Date: Fri, 2 Aug 2024 09:58:23 -0700 Subject: [PATCH] CodeQlFilters.yml: Add global CodeQL filter file to repo. The CodeQL Analyze build plugin allows a global configuration file to be specified for a repo that can define file patterns against CodeQL rules to include and exclude results for the given file and rule. The global configuration file is useful in mu_basecore (vs specifying the filters in individual package CI YAML files) because the repo has high reuse. Integration repos can easily see all of the filter activity in one file that is easy to inspect and include in their build if needed. --- CodeQlFilters.yml | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/CodeQlFilters.yml b/CodeQlFilters.yml index 6a43586a91..3f980815dd 100644 --- a/CodeQlFilters.yml +++ b/CodeQlFilters.yml @@ -15,5 +15,41 @@ { "Filters": [ + "-**/CryptoPkg/Library/**:cpp/missing-header-guard", + "-**/CryptoPkg/Library/BaseCryptLib/**/*.c:SM02690", + "-**/CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c:SM02311", + "-**/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c:SM02311", + "-**/CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c:SM02320", + "-**/CryptoPkg/Library/OpensslLib/**/*.c:*", + "-**/MdeModulePkg/Bus/Pci/PciBusDxe/PciResourceSupport.c:SM02311", + "-**/MdeModulePkg/Core/Pei/Ppi/Ppi.c:cpp/overflow-buffer", + "-**/MdeModulePkg/Core/PiSmmCore/MemoryAttributesTable.c:cpp/unused-static-function", + "-**/MdeModulePkg/Library/UefiBootManagerLib/BmConsole.c:SM02311", + "-**/MdeModulePkg/Library/UefiBootManagerLib/BmMisc.c:SM02311", + "-**/MdeModulePkg/Universal/Acpi/S3SaveStateDxe/AcpiS3ContextSave.c:SM02311", + "-**/MdeModulePkg/Universal/BdsDxe/BdsEntry.c:SM02311", + "-**/MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatform.c:SM02311", + "-**/MdeModulePkg/Universal/Disk/UdfDxe/FileName.c:cpp/uselesstest", + "-**/MdeModulePkg/Universal/Disk/UdfDxe/FileSystemOperations.c:cpp/uselesstest", + "-**/MdeModulePkg/Universal/DriverSampleDxe/**:*", + "-**/MdeModulePkg/Universal/EbcDxe/EbcDebugger/EdbSupportString.c:cpp/uselesstest", + "-**/MdeModulePkg/Universal/RegularExpressionDxe/oniguruma/src/**/*.c:*", + "-**/MdePkg/Library/UefiDevicePathLib/DevicePathFromText.c:SM02311", + "-**/MdePkg/Library/UefiDevicePathLib/DevicePathUtilities.c:SM02311", + "-**/MdePkg/Library/UefiDevicePathLibDevicePathProtocol/UefiDevicePathLib.c:SM02311", + # Todo: Exclude for now, needs more review and testing + "-**/NetworkPkg/Ip6Dxe/Ip6Output.c:SM02313", + # Todo: Exclude for now, needs more review and testing + "-**/NetworkPkg/Ip6Dxe/Ip6Output.c:cpp/likely-bugs/memory-management/v2/conditionally-uninitialized-variable", + "-**/NetworkPkg/IScsiDxe/IScsiDhcp.c:cpp/offset-use-before-range-check", + "-**/NetworkPkg/IScsiDxe/IScsiDhcp6.c:cpp/offset-use-before-range-check", + "-**/ShellPkg/Application/Shell/ShellManParser.c:cpp/redundant-null-check-param", + "-**/ShellPkg/Application/Shell/ShellProtocol.c:SM02311", + "-**/ShellPkg/Library/**:cpp/redundant-null-check-simple", + "-**/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Aest/AestParser.c:cpp/overflow-buffer", + "-**/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Iort/IortParser.c:cpp/overflow-buffer", + "-**/ShellPkg/Library/UefiShellDebug1CommandsLib/DmpStore.c:SM02311", + "-**/ShellPkg/Library/UefiShellLevel2CommandsLib/Map.c:SM02311", + "-**/ShellPkg/Library/UefiShellLevel3CommandsLib/Alias.c:SM02311", ] }