From 3fe5050e4070606643cfffadfed5bc91c4dfd975 Mon Sep 17 00:00:00 2001 From: Michael Kubacki Date: Thu, 2 Mar 2023 15:13:30 -0500 Subject: [PATCH] CodeQlFilters.yml: Filter updates (#295) ## Description 1. Fixes an issue where: `"-MdeModulePkg/Universal/RegularExpressionDxe/oniguruma/src/**.c:*"` should be `"-MdeModulePkg/Universal/RegularExpressionDxe/oniguruma/src/**/*.c:*"` 2. Updates `cpp/unguardednullreturndereference` in some places to be `SM02311` which is the query ID used for matching filters. 3. Sorts queries so related filters are closer together and files are easier to find. - [ ] Impacts functionality? - **Functionality** - Does the change ultimately impact how firmware functions? - Examples: Add a new library, publish a new PPI, update an algorithm, ... - [ ] Impacts security? - **Security** - Does the change have a direct security impact on an application, flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter validation improvement, ... - [ ] Breaking change? - **Breaking change** - Will anyone consuming this change experience a break in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call a function in a new library class in a pre-existing module, ... - [ ] Includes tests? - **Tests** - Does the change include any explicit test code? - Examples: Unit tests, integration tests, robot tests, ... - [ ] Includes documentation? - **Documentation** - Does the change contain explicit documentation additions outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation on an a separate Web page, ... ## How This Was Tested CodeQL CLI plugin. ## Integration Instructions N/A - Repos should pick up this file when possible that run CodeQL to have the latest filter changes (most pick it up through mu_basecore submodules). Signed-off-by: Michael Kubacki --- CodeQlFilters.yml | 41 ++++++++++++++++++++++------------------- 1 file changed, 22 insertions(+), 19 deletions(-) diff --git a/CodeQlFilters.yml b/CodeQlFilters.yml index 694a462a4d..53786c8612 100644 --- a/CodeQlFilters.yml +++ b/CodeQlFilters.yml @@ -10,18 +10,29 @@ { "Filters": [ - "-MdePkg/Library/UefiDevicePathLib/DevicePathFromText.c:SM02311", - "-MdePkg/Library/UefiDevicePathLib/DevicePathUtilities.c:SM02311", - "-MdePkg/Library/UefiDevicePathLibDevicePathProtocol/UefiDevicePathLib.c:SM02311", + "-CryptoPkg/Library/BaseCryptLib/**/*.c:SM02690", + "-CryptoPkg/Library/BaseCryptLib/Pk/CryptDh.c:SM02311", + "-CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c:SM02311", + "-CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c:SM02320", + "-CryptoPkg/Library/OpensslLib/**/*.c:*", + "-MdeModulePkg/Bus/Pci/PciBusDxe/PciResourceSupport.c:SM02311", + "-MdeModulePkg/Core/Pei/Ppi/Ppi.c:cpp/overflow-buffer", "-MdeModulePkg/Library/UefiBootManagerLib/BmConsole.c:SM02311", "-MdeModulePkg/Library/UefiBootManagerLib/BmMisc.c:SM02311", - "-ShellPkg/Library/UefiShellLevel3CommandsLib/Alias.c:SM02311", - "-ShellPkg/Library/UefiShellDebug1CommandsLib/DmpStore.c:SM02311", - "-ShellPkg/Library/UefiShellLevel2CommandsLib/Map.c:SM02311", + "-MdeModulePkg/Universal/Acpi/S3SaveStateDxe/AcpiS3ContextSave.c:SM02311", + "-MdeModulePkg/Universal/BdsDxe/BdsEntry.c:SM02311", + "-MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatform.c:SM02311", + "-MdeModulePkg/Universal/Disk/UdfDxe/FileName.c:cpp/uselesstest", + "-MdeModulePkg/Universal/Disk/UdfDxe/FileName.c:cpp/uselesstest", "-MdeModulePkg/Universal/Disk/UdfDxe/FileName.c:cpp/uselesstest", - "-MdeModulePkg/Universal/EbcDxe/EbcDebugger/EdbSupportString.c:cpp/uselesstest", "-MdeModulePkg/Universal/Disk/UdfDxe/FileSystemOperations.c:cpp/uselesstest", - "-MdeModulePkg/Core/Pei/Ppi/Ppi.c:cpp/overflow-buffer", + "-MdeModulePkg/Universal/DriverSampleDxe/**:*", + "-MdeModulePkg/Universal/EbcDxe/EbcDebugger/EdbSupportString.c:cpp/uselesstest", + "-MdeModulePkg/Universal/EbcDxe/EbcDebugger/EdbSupportString.c:cpp/uselesstest", + "-MdeModulePkg/Universal/RegularExpressionDxe/oniguruma/src/**/*.c:*", + "-MdePkg/Library/UefiDevicePathLib/DevicePathFromText.c:SM02311", + "-MdePkg/Library/UefiDevicePathLib/DevicePathUtilities.c:SM02311", + "-MdePkg/Library/UefiDevicePathLibDevicePathProtocol/UefiDevicePathLib.c:SM02311", # Todo: Exclude for now, needs more review and testing "-NetworkPkg/Ip6Dxe/Ip6Output.c:SM02313", # Todo: Exclude for now, needs more review and testing @@ -29,16 +40,8 @@ "-ShellPkg/Application/Shell/ShellManParser.c:cpp/redundant-null-check-param", "-ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Aest/AestParser.c:cpp/overflow-buffer", "-ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Iort/IortParser.c:cpp/overflow-buffer", - - "-MdeModulePkg/Universal/Disk/UdfDxe/FileName.c:cpp/uselesstest", - "-MdeModulePkg/Bus/Pci/PciBusDxe/PciResourceSupport.c:SM02311", - "-MdeModulePkg/Universal/DriverSampleDxe/**:*", - "-MdeModulePkg/Universal/EbcDxe/EbcDebugger/EdbSupportString.c:cpp/uselesstest", - "-MdeModulePkg/Universal/RegularExpressionDxe/oniguruma/src/**.c:*", - "-MdeModulePkg/Library/UefiBootManagerLib/BmMisc.c:cpp/unguardednullreturndereference", - "-MdeModulePkg/Universal/Acpi/S3SaveStateDxe/AcpiS3ContextSave.c:cpp/unguardednulllreturndereference", - "-MdeModulePkg/Universal/Disk/UdfDxe/FileName.c:cpp/uselesstest", - "-MdeModulePkg/Universal/BdsDxe/BdsEntry.c:cpp/unguardednullreturndereference", - "-MdeModulePkg/Core/Pei/Ppi/Ppi.c:cpp/overflow-buffer", + "-ShellPkg/Library/UefiShellDebug1CommandsLib/DmpStore.c:SM02311", + "-ShellPkg/Library/UefiShellLevel2CommandsLib/Map.c:SM02311", + "-ShellPkg/Library/UefiShellLevel3CommandsLib/Alias.c:SM02311", ] }