From: Michael R Sweet Date: Tue, 17 Jan 2023 20:56:04 +0000 (-0500) Subject: Transition to current CodeQL tools vs. LGTM. X-Git-Tag: v2.4.3~86 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a1b79c9ffcb6fdc2fe80cd9cb1500b9c7333c423;p=thirdparty%2Fcups.git Transition to current CodeQL tools vs. LGTM. --- diff --git a/.github/codeql.yml b/.github/codeql.yml new file mode 100644 index 0000000000..16549b33ef --- /dev/null +++ b/.github/codeql.yml @@ -0,0 +1,54 @@ +paths-ignore: + - locale + +query-filters: + - exclude: + id: cpp/cleartext-transmission + - exclude: + id: cpp/system-data-exposure + - exclude: + id: cpp/command-line-injection + - exclude: + id: cpp/commented-out-code + - exclude: + id: cpp/include-non-header + - exclude: + id: cpp/integer-multiplication-cast-to-long + - exclude: + id: cpp/missing-header-guard + - exclude: + id: cpp/short-global-name + - exclude: + id: cpp/tainted-format-string + - exclude: + id: cpp/toctou-race-condition + - exclude: + id: cpp/world-writable-file-creation + - exclude: + id: cpp/path-injection + - exclude: + id: cpp/stack-address-escape + - exclude: + id: cpp/loop-variable-changed + - exclude: + id: cpp/long-switch + - exclude: + id: cpp/complex-condition + - exclude: + id: cpp/complex-block + - exclude: + id: cpp/poorly-documented-function + - exclude: + id: cpp/loop-variable-changed + - exclude: + id: cpp/irregular-enum-init + - exclude: + id: cpp/user-controlled-bypass + - exclude: + id: cpp/non-constant-format + - exclude: + id: cpp/missing-check-scanf + - exclude: + id: cpp/nested-loops-with-same-variable + - exclude: + id: cpp/stack-address-escape diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 7d458e49cf..bcdcdec67c 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -3,60 +3,58 @@ # # You may wish to alter this file to override the set of languages analyzed, # or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# name: "CodeQL" on: push: - branches: [master] + branches: [ master ] pull_request: # The branches below must be a subset of the branches above - branches: [master] + branches: [ master ] schedule: - - cron: '0 7 * * 6' + - cron: '39 11 * * 3' jobs: analyze: name: Analyze runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write strategy: fail-fast: false matrix: - # Override automatic language detection by changing the below list - # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python'] - language: ['cpp'] - # Learn more... - # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection + language: [ 'cpp' ] steps: - - name: Checkout repository - uses: actions/checkout@v3 - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v2 - with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - # queries: ./path/to/local/query, your-org/your-repo/queries@main - - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@v2 - - # ℹ️ Command-line programs to run using the OS shell. - # 📚 https://git.io/JvXDl - - # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines - # and modify them (or add more) to build your code if your project - # uses a compiled language - - #- run: | - # make bootstrap - # make release - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + - name: Checkout repository + uses: actions/checkout@v3 + + - name: update build environment + run: sudo apt-get update --fix-missing -y + + - name: install prerequisites + run: sudo apt-get install -y avahi-daemon cppcheck libavahi-client-dev libcups2-dev libcupsimage2-dev libgnutls28-dev libjpeg-dev libpam-dev libpng-dev libusb-1.0-0-dev zlib1g-dev + + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + config-file: ./.github/codeql.yml + queries: +security-and-quality + + - name: Autobuild + uses: github/codeql-action/autobuild@v2 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 + with: + category: "/language:${{ matrix.language }}" diff --git a/.lgtm.yml b/.lgtm.yml deleted file mode 100644 index 3c8330193f..0000000000 --- a/.lgtm.yml +++ /dev/null @@ -1,13 +0,0 @@ -path_classifiers: - test: - - exclude: 'locale/*.c' - -queries: - - exclude: cpp/integer-multiplication-cast-to-long - - exclude: cpp/missing-header-guard - - exclude: cpp/short-global-name - - exclude: cpp/tainted-format-string - - exclude: cpp/toctou-race-condition - - exclude: cpp/cleartext-transmission - - exclude: cpp/system-data-exposure - - exclude: cpp/command-line-injection