mirror of
https://github.com/systemd/systemd.git
synced 2024-10-30 06:25:37 +03:00
Merge pull request #24663 from mrc0mmand/codeql-follow-up
A couple of CodeQL tweaks and follow ups
This commit is contained in:
commit
c9bc7a449c
2
.github/codeql-config.yml
vendored
2
.github/codeql-config.yml
vendored
@ -9,4 +9,4 @@ queries:
|
||||
- name: Enable possibly useful queries which are disabled by default
|
||||
uses: ./.github/codeql-custom.qls
|
||||
- name: systemd-specific CodeQL queries
|
||||
uses: ./.lgtm/cpp-queries/
|
||||
uses: ./.github/codeql-queries/
|
||||
|
10
.github/workflows/codeql-analysis.yml
vendored
10
.github/workflows/codeql-analysis.yml
vendored
@ -9,6 +9,16 @@ on:
|
||||
branches:
|
||||
- main
|
||||
- v[0-9]+-stable
|
||||
paths:
|
||||
- '**/meson.build'
|
||||
- '.github/**/codeql*'
|
||||
- 'src/**'
|
||||
- 'test/**'
|
||||
- 'tools/**'
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
- v[0-9]+-stable
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
40
.lgtm.yml
40
.lgtm.yml
@ -1,40 +0,0 @@
|
||||
---
|
||||
# vi: ts=2 sw=2 et:
|
||||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
|
||||
# Explicitly enable certain checks which are hidden by default
|
||||
queries:
|
||||
- include: cpp/bad-strncpy-size
|
||||
- include: cpp/declaration-hides-variable
|
||||
- include: cpp/inconsistent-null-check
|
||||
- include: cpp/mistyped-function-arguments
|
||||
- include: cpp/nested-loops-with-same-variable
|
||||
- include: cpp/sizeof-side-effect
|
||||
- include: cpp/suspicious-pointer-scaling
|
||||
- include: cpp/suspicious-pointer-scaling-void
|
||||
- include: cpp/suspicious-sizeof
|
||||
- include: cpp/unsafe-strcat
|
||||
- include: cpp/unsafe-strncat
|
||||
- include: cpp/unsigned-difference-expression-compared-zero
|
||||
- include: cpp/unused-local-variable
|
||||
- include:
|
||||
tags:
|
||||
- "security"
|
||||
- "correctness"
|
||||
severity: "error"
|
||||
|
||||
extraction:
|
||||
cpp:
|
||||
prepare:
|
||||
packages:
|
||||
- libpwquality-dev
|
||||
- libfdisk-dev
|
||||
- libp11-kit-dev
|
||||
- libssl-dev
|
||||
- python3-jinja2
|
||||
after_prepare:
|
||||
- pip3 install -r .github/workflows/requirements.txt --require-hashes
|
||||
- export PATH="/opt/work/.local/bin:$PATH"
|
||||
python:
|
||||
python_setup:
|
||||
version: 3
|
Loading…
Reference in New Issue
Block a user