devel@edk2.groups.io | [PATCH v1 00/12] Enable New CodeQL Queries

Home Messages Hashtags Subgroups Calendar

Date Date 1 - 3 of 3

[PATCH v1 00/12] Enable New CodeQL Queries

Michael Kubacki #96146 From: Michael Kubacki <michael.kubacki@...> Adds queries for the following: 1. cpp/conditionallyuninitializedvariable 2. cpp/pointer-overflow-check 3. cpp/overrunning-write 4. cpp/overrunning-write-with-float 5. cpp/very-likely-overrunning-write These check for vulnerabilities with the following CWEs: - https://cwe.mitre.org/data/definitions/120.html - https://cwe.mitre.org/data/definitions/457.html - https://cwe.mitre.org/data/definitions/676.html - https://cwe.mitre.org/data/definitions/758.html - https://cwe.mitre.org/data/definitions/787.html - https://cwe.mitre.org/data/definitions/805.html The first part of this patch series contains fixes for CodeQL alerts across various packages that are produced by the new queries being enabled. The second part updates the CodeQL queries. Cc: Bob Feng <bob.c.feng@...> Cc: Dandan Bi <dandan.bi@...> Cc: Eric Dong <eric.dong@...> Cc: Erich McMillan <emcmillan@...> Cc: Guomin Jiang <guomin.jiang@...> Cc: Jian J Wang <jian.j.wang@...> Cc: Jiaxin Wu <jiaxin.wu@...> Cc: Jiewen Yao <jiewen.yao@...> Cc: Liming Gao <gaoliming@...> Cc: Maciej Rabeda <maciej.rabeda@...> Cc: Michael D Kinney <michael.d.kinney@...> Cc: Michael Kubacki <mikuback@...> Cc: Rahul Kumar <rahul1.kumar@...> Cc: Ray Ni <ray.ni@...> Cc: Sean Brogan <sean.brogan@...> Cc: Siyuan Fu <siyuan.fu@...> Cc: Star Zeng <star.zeng@...> Cc: Xiaoyu Lu <xiaoyu1.lu@...> Cc: Yuwei Chen <yuwei.chen@...> Cc: Zhichao Gao <zhichao.gao@...> Cc: Zhiguang Liu <zhiguang.liu@...> Signed-off-by: Michael Kubacki <michael.kubacki@...> Erich McMillan (1): MdeModulePkg/SmbiosDxe: Fix pointer and buffer overflow CodeQL alerts Michael Kubacki (11): BaseTools/PatchCheck.py: Add PCCTS to tab exemption list BaseTools/VfrCompile: Fix potential buffer overwrites CryptoPkg: Fix conditionally uninitialized variable MdeModulePkg: Fix conditionally uninitialized variables MdePkg: Fix conditionally uninitialized variables NetworkPkg: Fix conditionally uninitialized variables PcAtChipsetPkg: Fix conditionally uninitialized variables ShellPkg: Fix conditionally uninitialized variables UefiCpuPkg: Fix conditionally uninitialized variables .github/codeql/edk2.qls: Enable CWE 457, 676, and 758 queries .github/codeql/edk2.qls: Enable CWE 120, 787, and 805 queries BaseTools/Source/C/VfrCompile/Pccts/antlr/gen.c \| 10 ++-- BaseTools/Source/C/VfrCompile/Pccts/antlr/main.c \| 4 +- CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c \| 21 ++++-= --- MdeModulePkg/Bus/Pci/PciBusDxe/PciIo.c \| 5 +- MdeModulePkg/Bus/Pci/UhciDxe/Uhci.c \| 24 +++++= ---- MdeModulePkg/Core/Dxe/Mem/Page.c \| 17 +++--= - MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootOption.c \| 25 +++++= ---- MdeModulePkg/Library/FileExplorerLib/FileExplorer.c \| 5 +- MdeModulePkg/Universal/BdsDxe/BdsEntry.c \| 33 +++++= +------ MdeModulePkg/Universal/DisplayEngineDxe/ProcessOptions.c \| 11 ++-- MdeModulePkg/Universal/HiiDatabaseDxe/Font.c \| 14 +++-- MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c \| 4 +- MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c \| 2 +- MdePkg/Library/BaseLib/String.c \| 20 ++++-= -- NetworkPkg/Library/DxeHttpLib/DxeHttpLib.c \| 2 +- NetworkPkg/TcpDxe/TcpInput.c \| 3 ++ PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcRtc.c \| 9 ++-- ShellPkg/Application/Shell/Shell.c \| 2 +- ShellPkg/Application/Shell/ShellProtocol.c \| 4 +- ShellPkg/Library/UefiShellCommandLib/UefiShellCommandLib.c \| 56 +++++= ++++++--------- ShellPkg/Library/UefiShellDebug1CommandsLib/Dblk.c \| 18 ++++-= -- ShellPkg/Library/UefiShellDebug1CommandsLib/EfiDecompress.c \| 9 ++-- ShellPkg/Library/UefiShellDriver1CommandsLib/Connect.c \| 14 ++--- ShellPkg/Library/UefiShellDriver1CommandsLib/Disconnect.c \| 17 +++--= - ShellPkg/Library/UefiShellDriver1CommandsLib/DrvDiag.c \| 21 ++++-= --- UefiCpuPkg/CpuMpPei/CpuBist.c \| 8 ++- UefiCpuPkg/CpuMpPei/CpuMpPei.c \| 8 ++- UefiCpuPkg/CpuMpPei/CpuPaging.c \| 9 +++- .github/codeql/edk2.qls \| 10 ++++ BaseTools/Scripts/PatchCheck.py \| 4 +- MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf \| 1 + 31 files changed, 238 insertions(+), 152 deletions(-) --=20 2.28.0.windows.1
More All Messages By This Member
Michael Kubacki #96402 Maintainers/reviewers, This is an important series for us to make progress on enabling CodeQL and needs cooperation from maintainers across several packages. I have not received any feedback yet. Most of these patches should not take long to review. Please help review your patches so we can continue forward momentum on enabling code scanning in the repo. Thanks, Michael toggle quoted message Show quoted text On 11/9/2022 12:32 PM, Michael Kubacki wrote: From: Michael Kubacki <michael.kubacki@...> Adds queries for the following: 1. cpp/conditionallyuninitializedvariable 2. cpp/pointer-overflow-check 3. cpp/overrunning-write 4. cpp/overrunning-write-with-float 5. cpp/very-likely-overrunning-write These check for vulnerabilities with the following CWEs: - https://cwe.mitre.org/data/definitions/120.html - https://cwe.mitre.org/data/definitions/457.html - https://cwe.mitre.org/data/definitions/676.html - https://cwe.mitre.org/data/definitions/758.html - https://cwe.mitre.org/data/definitions/787.html - https://cwe.mitre.org/data/definitions/805.html The first part of this patch series contains fixes for CodeQL alerts across various packages that are produced by the new queries being enabled. The second part updates the CodeQL queries. Cc: Bob Feng <bob.c.feng@...> Cc: Dandan Bi <dandan.bi@...> Cc: Eric Dong <eric.dong@...> Cc: Erich McMillan <emcmillan@...> Cc: Guomin Jiang <guomin.jiang@...> Cc: Jian J Wang <jian.j.wang@...> Cc: Jiaxin Wu <jiaxin.wu@...> Cc: Jiewen Yao <jiewen.yao@...> Cc: Liming Gao <gaoliming@...> Cc: Maciej Rabeda <maciej.rabeda@...> Cc: Michael D Kinney <michael.d.kinney@...> Cc: Michael Kubacki <mikuback@...> Cc: Rahul Kumar <rahul1.kumar@...> Cc: Ray Ni <ray.ni@...> Cc: Sean Brogan <sean.brogan@...> Cc: Siyuan Fu <siyuan.fu@...> Cc: Star Zeng <star.zeng@...> Cc: Xiaoyu Lu <xiaoyu1.lu@...> Cc: Yuwei Chen <yuwei.chen@...> Cc: Zhichao Gao <zhichao.gao@...> Cc: Zhiguang Liu <zhiguang.liu@...> Signed-off-by: Michael Kubacki <michael.kubacki@...> Erich McMillan (1): MdeModulePkg/SmbiosDxe: Fix pointer and buffer overflow CodeQL alerts Michael Kubacki (11): BaseTools/PatchCheck.py: Add PCCTS to tab exemption list BaseTools/VfrCompile: Fix potential buffer overwrites CryptoPkg: Fix conditionally uninitialized variable MdeModulePkg: Fix conditionally uninitialized variables MdePkg: Fix conditionally uninitialized variables NetworkPkg: Fix conditionally uninitialized variables PcAtChipsetPkg: Fix conditionally uninitialized variables ShellPkg: Fix conditionally uninitialized variables UefiCpuPkg: Fix conditionally uninitialized variables .github/codeql/edk2.qls: Enable CWE 457, 676, and 758 queries .github/codeql/edk2.qls: Enable CWE 120, 787, and 805 queries BaseTools/Source/C/VfrCompile/Pccts/antlr/gen.c \| 10 ++-- BaseTools/Source/C/VfrCompile/Pccts/antlr/main.c \| 4 +- CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c \| 21 ++++---- MdeModulePkg/Bus/Pci/PciBusDxe/PciIo.c \| 5 +- MdeModulePkg/Bus/Pci/UhciDxe/Uhci.c \| 24 +++++---- MdeModulePkg/Core/Dxe/Mem/Page.c \| 17 +++--- MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootOption.c \| 25 +++++---- MdeModulePkg/Library/FileExplorerLib/FileExplorer.c \| 5 +- MdeModulePkg/Universal/BdsDxe/BdsEntry.c \| 33 ++++++------ MdeModulePkg/Universal/DisplayEngineDxe/ProcessOptions.c \| 11 ++-- MdeModulePkg/Universal/HiiDatabaseDxe/Font.c \| 14 +++-- MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c \| 4 +- MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c \| 2 +- MdePkg/Library/BaseLib/String.c \| 20 ++++--- NetworkPkg/Library/DxeHttpLib/DxeHttpLib.c \| 2 +- NetworkPkg/TcpDxe/TcpInput.c \| 3 ++ PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcRtc.c \| 9 ++-- ShellPkg/Application/Shell/Shell.c \| 2 +- ShellPkg/Application/Shell/ShellProtocol.c \| 4 +- ShellPkg/Library/UefiShellCommandLib/UefiShellCommandLib.c \| 56 +++++++++++--------- ShellPkg/Library/UefiShellDebug1CommandsLib/Dblk.c \| 18 ++++--- ShellPkg/Library/UefiShellDebug1CommandsLib/EfiDecompress.c \| 9 ++-- ShellPkg/Library/UefiShellDriver1CommandsLib/Connect.c \| 14 ++--- ShellPkg/Library/UefiShellDriver1CommandsLib/Disconnect.c \| 17 +++--- ShellPkg/Library/UefiShellDriver1CommandsLib/DrvDiag.c \| 21 ++++---- UefiCpuPkg/CpuMpPei/CpuBist.c \| 8 ++- UefiCpuPkg/CpuMpPei/CpuMpPei.c \| 8 ++- UefiCpuPkg/CpuMpPei/CpuPaging.c \| 9 +++- .github/codeql/edk2.qls \| 10 ++++ BaseTools/Scripts/PatchCheck.py \| 4 +- MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf \| 1 + 31 files changed, 238 insertions(+), 152 deletions(-)
More All Messages By This Member
Michael Kubacki #96590 Still need reviews (thanks Liming). Please help review your package. Thanks, Michael toggle quoted message Show quoted text On 11/15/2022 10:00 AM, Michael Kubacki wrote: Maintainers/reviewers, This is an important series for us to make progress on enabling CodeQL and needs cooperation from maintainers across several packages. I have not received any feedback yet. Most of these patches should not take long to review. Please help review your patches so we can continue forward momentum on enabling code scanning in the repo. Thanks, Michael On 11/9/2022 12:32 PM, Michael Kubacki wrote: From: Michael Kubacki <michael.kubacki@...> Adds queries for the following: 1. cpp/conditionallyuninitializedvariable 2. cpp/pointer-overflow-check 3. cpp/overrunning-write 4. cpp/overrunning-write-with-float 5. cpp/very-likely-overrunning-write These check for vulnerabilities with the following CWEs: - https://cwe.mitre.org/data/definitions/120.html - https://cwe.mitre.org/data/definitions/457.html - https://cwe.mitre.org/data/definitions/676.html - https://cwe.mitre.org/data/definitions/758.html - https://cwe.mitre.org/data/definitions/787.html - https://cwe.mitre.org/data/definitions/805.html The first part of this patch series contains fixes for CodeQL alerts across various packages that are produced by the new queries being enabled. The second part updates the CodeQL queries. Cc: Bob Feng <bob.c.feng@...> Cc: Dandan Bi <dandan.bi@...> Cc: Eric Dong <eric.dong@...> Cc: Erich McMillan <emcmillan@...> Cc: Guomin Jiang <guomin.jiang@...> Cc: Jian J Wang <jian.j.wang@...> Cc: Jiaxin Wu <jiaxin.wu@...> Cc: Jiewen Yao <jiewen.yao@...> Cc: Liming Gao <gaoliming@...> Cc: Maciej Rabeda <maciej.rabeda@...> Cc: Michael D Kinney <michael.d.kinney@...> Cc: Michael Kubacki <mikuback@...> Cc: Rahul Kumar <rahul1.kumar@...> Cc: Ray Ni <ray.ni@...> Cc: Sean Brogan <sean.brogan@...> Cc: Siyuan Fu <siyuan.fu@...> Cc: Star Zeng <star.zeng@...> Cc: Xiaoyu Lu <xiaoyu1.lu@...> Cc: Yuwei Chen <yuwei.chen@...> Cc: Zhichao Gao <zhichao.gao@...> Cc: Zhiguang Liu <zhiguang.liu@...> Signed-off-by: Michael Kubacki <michael.kubacki@...> Erich McMillan (1): MdeModulePkg/SmbiosDxe: Fix pointer and buffer overflow CodeQL alerts Michael Kubacki (11): BaseTools/PatchCheck.py: Add PCCTS to tab exemption list BaseTools/VfrCompile: Fix potential buffer overwrites CryptoPkg: Fix conditionally uninitialized variable MdeModulePkg: Fix conditionally uninitialized variables MdePkg: Fix conditionally uninitialized variables NetworkPkg: Fix conditionally uninitialized variables PcAtChipsetPkg: Fix conditionally uninitialized variables ShellPkg: Fix conditionally uninitialized variables UefiCpuPkg: Fix conditionally uninitialized variables .github/codeql/edk2.qls: Enable CWE 457, 676, and 758 queries .github/codeql/edk2.qls: Enable CWE 120, 787, and 805 queries BaseTools/Source/C/VfrCompile/Pccts/antlr/gen.c \| 10 ++-- BaseTools/Source/C/VfrCompile/Pccts/antlr/main.c \| 4 +- CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c \| 21 ++++---- MdeModulePkg/Bus/Pci/PciBusDxe/PciIo.c \| 5 +- MdeModulePkg/Bus/Pci/UhciDxe/Uhci.c \| 24 +++++---- MdeModulePkg/Core/Dxe/Mem/Page.c \| 17 +++--- MdeModulePkg/Library/BootMaintenanceManagerUiLib/BootOption.c \| 25 +++++---- MdeModulePkg/Library/FileExplorerLib/FileExplorer.c \| 5 +- MdeModulePkg/Universal/BdsDxe/BdsEntry.c \| 33 ++++++------ MdeModulePkg/Universal/DisplayEngineDxe/ProcessOptions.c \| 11 ++-- MdeModulePkg/Universal/HiiDatabaseDxe/Font.c \| 14 +++-- MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c \| 4 +- MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c \| 2 +- MdePkg/Library/BaseLib/String.c \| 20 ++++--- NetworkPkg/Library/DxeHttpLib/DxeHttpLib.c \| 2 +- NetworkPkg/TcpDxe/TcpInput.c \| 3 ++ PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcRtc.c \| 9 ++-- ShellPkg/Application/Shell/Shell.c \| 2 +- ShellPkg/Application/Shell/ShellProtocol.c \| 4 +- ShellPkg/Library/UefiShellCommandLib/UefiShellCommandLib.c \| 56 +++++++++++--------- ShellPkg/Library/UefiShellDebug1CommandsLib/Dblk.c \| 18 ++++--- ShellPkg/Library/UefiShellDebug1CommandsLib/EfiDecompress.c \| 9 ++-- ShellPkg/Library/UefiShellDriver1CommandsLib/Connect.c \| 14 ++--- ShellPkg/Library/UefiShellDriver1CommandsLib/Disconnect.c \| 17 +++--- ShellPkg/Library/UefiShellDriver1CommandsLib/DrvDiag.c \| 21 ++++---- UefiCpuPkg/CpuMpPei/CpuBist.c \| 8 ++- UefiCpuPkg/CpuMpPei/CpuMpPei.c \| 8 ++- UefiCpuPkg/CpuMpPei/CpuPaging.c \| 9 +++- .github/codeql/edk2.qls \| 10 ++++ BaseTools/Scripts/PatchCheck.py \| 4 +- MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf \| 1 + 31 files changed, 238 insertions(+), 152 deletions(-)
More All Messages By This Member

1 - 3 of 3

1

Previous Topic Next Topic

Home Hashtags Subgroups Calendar About Features Pricing Updates Terms Help Twitter