Fix #372, CodeQL Query Suites

arielswalker · arielswalker · commit 4d4b08d4b78e · 2021-10-12T11:17:24.000-05:00
diff --git a/.github/codeql/codeql-coding-standard.yml b/.github/codeql/codeql-coding-standard.yml
@@ -3,17 +3,5 @@ name: "CodeQL Coding Standard Configuration File"
 disable-default-queries: true
 
 queries:
-  - name: JPL Rules
-    uses: github/codeql/cpp/ql/src/JPL_C@main
-  - name: MISRA Rule 9-5-1
-    uses: github/codeql/cpp/ql/src/jsf/4.20 Unions and Bit Fields/AV Rule 153.ql@main
-  - name: MISRA Rule 5-18-1
-    uses: github/codeql/cpp/ql/src/jsf/4.21 Operators/AV Rule 168.ql@main
-  - name: MISRA 6-2-2
-    uses: github/codeql/cpp/ql/src/jsf/4.25 Expressions/AV Rule 202.ql@main
-  - name: MISRA Rule 5-14-1
-    uses: github/codeql/cpp/ql/src/jsf/4.21 Operators/AV Rule 165.ql@main
-  - name: MISRA Rule 5-3-2
-    uses: github/codeql/cpp/ql/src/jsf/4.21 Operators/AV Rule 165.ql@main
-  - name: MISRA Rule 7-5-2
-    uses: github/codeql/cpp/ql/src/jsf/4.22 Pointers and References/AV Rule 173.ql@main
+  - name: JPL and MISRA
+    uses: ./.github/codeql/jpl-misra.qls
diff --git a/.github/codeql/jpl-misra.qls b/.github/codeql/jpl-misra.qls
@@ -0,0 +1,21 @@
+# Start with all the queries in the codeql/cpp-queries pack.
+- queries: .
+  from: codeql/cpp-queries
+# Restrict to only the queries with the following ID patterns.
+- include:
+    id:
+      # Regular expression matching all query IDs that start with `cpp/jpl-c/`
+      # This covers all queries in the `JPL_C` directory,
+      # but matching on query ID is more stable.
+      - /cpp/jpl-c/*/
+      # Specific JSF queries, identified by query ID.
+      # MISRA Rule 9-5-1
+      - cpp/jsf/av-rule-153
+      # MISRA Rule 5-18-1
+      - cpp/jsf/av-rule-168
+      # MISRA 6-2-2
+      - cpp/jsf/av-rule-202
+      # MISRA Rule 5-14-1
+      - cpp/jsf/av-rule-165
+      # MISRA Rule 5-3-2
+      - cpp/jsf/av-rule-173
diff --git a/.github/workflows/codeql-build.yml b/.github/workflows/codeql-build.yml
@@ -96,14 +96,6 @@ jobs:
            git log -1 --pretty=oneline
            git submodule
 
-      - name: Checkout codeql code      
-        if: ${{ !steps.skip-workflow.outputs.skip }}
-        uses: actions/checkout@v2
-        with:
-          repository: github/codeql 
-          submodules: true 
-          path: codeql
-
       - name: Initialize CodeQL
         if: ${{ !steps.skip-workflow.outputs.skip }}
         uses: github/codeql-action/init@v1
