diff options
| author | Frantisek Sumsal <frantisek@sumsal.cz> | 2021-12-07 12:06:29 +0100 |
|---|---|---|
| committer | Frantisek Sumsal <frantisek@sumsal.cz> | 2021-12-07 14:45:04 +0100 |
| commit | 64f625a212f1e51f06506d62bdd40ef3d46b05cf (patch) | |
| tree | 5ce82e8fece8d1b6d160f8c51e161a5233a9d1f0 /.github/codeql-custom.qls | |
| parent | ci: add a missing SPDX header (diff) | |
| download | systemd-64f625a212f1e51f06506d62bdd40ef3d46b05cf.tar.xz systemd-64f625a212f1e51f06506d62bdd40ef3d46b05cf.zip | |
ci: sync the list of CodeQL queries with LGTM
Diffstat (limited to '.github/codeql-custom.qls')
| -rw-r--r-- | .github/codeql-custom.qls | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/.github/codeql-custom.qls b/.github/codeql-custom.qls new file mode 100644 index 0000000000..c5b842cc1c --- /dev/null +++ b/.github/codeql-custom.qls @@ -0,0 +1,33 @@ +--- +# vi: ts=2 sw=2 et syntax=yaml: +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# Note: it is not recommended to directly reference the respective queries from +# the github/codeql repository, so we have to "dance" around it using +# a custom QL suite +# See: +# - https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#running-additional-queries +# - https://github.com/github/codeql-action/issues/430#issuecomment-806092120 +# - https://codeql.github.com/docs/codeql-cli/creating-codeql-query-suites/ + +- import: codeql-suites/cpp-lgtm.qls + from: codeql/cpp-queries +- include: + id: + - cpp/bad-strncpy-size + - cpp/declaration-hides-variable + - cpp/inconsistent-null-check + - cpp/mistyped-function-arguments + - cpp/nested-loops-with-same-variable + - cpp/sizeof-side-effect + - cpp/suspicious-pointer-scaling + - cpp/suspicious-pointer-scaling-void + - cpp/suspicious-sizeof + - cpp/unsafe-strcat + - cpp/unsafe-strncat + - cpp/unsigned-difference-expression-compared-zero + - cpp/unused-local-variable + tags: + - "security" + - "correctness" + severity: "error" |