From: Victor Julien Date: Tue, 25 Apr 2023 16:10:01 +0000 (+0200) Subject: github-ci: add more scan-build checks X-Git-Tag: suricata-7.0.0-rc2~333 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F8763%2Fhead;p=thirdparty%2Fsuricata.git github-ci: add more scan-build checks Explicitly disable: security.insecureAPI.DeprecatedOrUnsafeBufferHandling optin.performance.Padding --- diff --git a/.github/workflows/scan-build.yml b/.github/workflows/scan-build.yml index d7bb1f6c26..a56b1634a1 100644 --- a/.github/workflows/scan-build.yml +++ b/.github/workflows/scan-build.yml @@ -66,6 +66,27 @@ jobs: env: CC: clang-16 # exclude libhtp from the analysis - - run: scan-build-16 --status-bugs --exclude libhtp/ make + - run: | + scan-build-16 --status-bugs --exclude libhtp/ \ + -enable-checker valist.Uninitialized \ + -enable-checker valist.CopyToSelf \ + -enable-checker valist.Unterminated \ + -enable-checker security.insecureAPI.bcmp \ + -enable-checker security.insecureAPI.bcopy \ + -enable-checker security.insecureAPI.bzero \ + -enable-checker security.insecureAPI.rand \ + -enable-checker security.insecureAPI.strcpy \ + -enable-checker security.insecureAPI.decodeValueOfObjCType \ + -enable-checker security.FloatLoopCounter \ + -enable-checker optin.portability.UnixAPI \ + -enable-checker optin.performance.GCDAntipattern \ + -enable-checker nullability.NullableReturnedFromNonnull \ + -enable-checker nullability.NullablePassedToNonnull \ + -enable-checker nullability.NullableDereferenced \ + \ + -disable-checker security.insecureAPI.DeprecatedOrUnsafeBufferHandling \ + -disable-checker optin.performance.Padding \ + \ + make env: CC: clang-16