From 4d4b08d4b78e077189cad901f19a513c856c2c8c Mon Sep 17 00:00:00 2001 From: ArielSAdamsNASA Date: Fri, 8 Oct 2021 08:22:36 -0500 Subject: [PATCH] Fix #372, CodeQL Query Suites --- .github/codeql/codeql-coding-standard.yml | 16 ++-------------- .github/codeql/jpl-misra.qls | 21 +++++++++++++++++++++ .github/workflows/codeql-build.yml | 8 -------- 3 files changed, 23 insertions(+), 22 deletions(-) create mode 100644 .github/codeql/jpl-misra.qls diff --git a/.github/codeql/codeql-coding-standard.yml b/.github/codeql/codeql-coding-standard.yml index f68d01b42..718b750e9 100644 --- a/.github/codeql/codeql-coding-standard.yml +++ b/.github/codeql/codeql-coding-standard.yml @@ -3,17 +3,5 @@ name: "CodeQL Coding Standard Configuration File" disable-default-queries: true queries: - - name: JPL Rules - uses: github/codeql/cpp/ql/src/JPL_C@main - - name: MISRA Rule 9-5-1 - uses: github/codeql/cpp/ql/src/jsf/4.20 Unions and Bit Fields/AV Rule 153.ql@main - - name: MISRA Rule 5-18-1 - uses: github/codeql/cpp/ql/src/jsf/4.21 Operators/AV Rule 168.ql@main - - name: MISRA 6-2-2 - uses: github/codeql/cpp/ql/src/jsf/4.25 Expressions/AV Rule 202.ql@main - - name: MISRA Rule 5-14-1 - uses: github/codeql/cpp/ql/src/jsf/4.21 Operators/AV Rule 165.ql@main - - name: MISRA Rule 5-3-2 - uses: github/codeql/cpp/ql/src/jsf/4.21 Operators/AV Rule 165.ql@main - - name: MISRA Rule 7-5-2 - uses: github/codeql/cpp/ql/src/jsf/4.22 Pointers and References/AV Rule 173.ql@main \ No newline at end of file + - name: JPL and MISRA + uses: ./.github/codeql/jpl-misra.qls \ No newline at end of file diff --git a/.github/codeql/jpl-misra.qls b/.github/codeql/jpl-misra.qls new file mode 100644 index 000000000..cfb114031 --- /dev/null +++ b/.github/codeql/jpl-misra.qls @@ -0,0 +1,21 @@ +# Start with all the queries in the codeql/cpp-queries pack. +- queries: . + from: codeql/cpp-queries +# Restrict to only the queries with the following ID patterns. +- include: + id: + # Regular expression matching all query IDs that start with `cpp/jpl-c/` + # This covers all queries in the `JPL_C` directory, + # but matching on query ID is more stable. + - /cpp/jpl-c/*/ + # Specific JSF queries, identified by query ID. + # MISRA Rule 9-5-1 + - cpp/jsf/av-rule-153 + # MISRA Rule 5-18-1 + - cpp/jsf/av-rule-168 + # MISRA 6-2-2 + - cpp/jsf/av-rule-202 + # MISRA Rule 5-14-1 + - cpp/jsf/av-rule-165 + # MISRA Rule 5-3-2 + - cpp/jsf/av-rule-173 \ No newline at end of file diff --git a/.github/workflows/codeql-build.yml b/.github/workflows/codeql-build.yml index e52049a07..0fc0edda9 100644 --- a/.github/workflows/codeql-build.yml +++ b/.github/workflows/codeql-build.yml @@ -96,14 +96,6 @@ jobs: git log -1 --pretty=oneline git submodule - - name: Checkout codeql code - if: ${{ !steps.skip-workflow.outputs.skip }} - uses: actions/checkout@v2 - with: - repository: github/codeql - submodules: true - path: codeql - - name: Initialize CodeQL if: ${{ !steps.skip-workflow.outputs.skip }} uses: github/codeql-action/init@v1