github-ci: add padding check to scan-build

diff --git a/.github/workflows/scan-build.yml b/.github/workflows/scan-build.yml
index a56b1634a143bd1f038f9970f9a4a6798cf9f21f..54cf741c6bcdb826526df54ea2bc560a42e1e705 100644 (file)
--- a/.github/workflows/scan-build.yml
+++ b/.github/workflows/scan-build.yml
@@ -66,6 +66,8 @@ jobs:
         env:
           CC: clang-16
       # exclude libhtp from the analysis
+      # disable security.insecureAPI.DeprecatedOrUnsafeBufferHandling explicitly as
+      # this will require significant effort to address.
       - run: |
           scan-build-16 --status-bugs --exclude libhtp/ \
                 -enable-checker valist.Uninitialized \
@@ -83,9 +85,9 @@ jobs:
                 -enable-checker nullability.NullableReturnedFromNonnull \
                 -enable-checker nullability.NullablePassedToNonnull \
                 -enable-checker nullability.NullableDereferenced \
+                -enable-checker optin.performance.Padding \
                 \
                 -disable-checker security.insecureAPI.DeprecatedOrUnsafeBufferHandling \
-                -disable-checker optin.performance.Padding \
                 \
                 make
         env: