Add the old LGTM config

randombit · Aug 9, 2023 · 110afef · 110afef
1 parent c25e506
commit 110afef
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 8 deletions.
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -32,14 +32,11 @@ jobs:
           target: codeql
           cache-key: linux-gcc-x86_64-codeql
 
-      # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
         uses: github/codeql-action/init@v2
         with:
           languages: cpp
-          # If you wish to specify custom queries, you can do so here or in a config file.
-          # By default, queries listed here will override any specified in a config file.
-          # Prefix the list here with "+" to use these queries and those in the config file.
+          config-file: ./src/configs/codeql.yml
 
       - name: Build Library
         run: ./src/scripts/ci_build.py codeql
@@ -61,14 +58,11 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v3
 
-      # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
         uses: github/codeql-action/init@v2
         with:
           languages: python
-          # If you wish to specify custom queries, you can do so here or in a config file.
-          # By default, queries listed here will override any specified in a config file.
-          # Prefix the list here with "+" to use these queries and those in the config file.
+          config-file: ./src/configs/codeql.yml
 
       - name: Perform CodeQL Analysis
         uses: github/codeql-action/analyze@v2

diff --git a/src/configs/codeql.yml b/src/configs/codeql.yml
@@ -0,0 +1,27 @@
+
+queries:
+ - include: cpp/inconsistent-null-check
+ - include: cpp/overrunning-write
+ - include: cpp/unbounded-write
+ - include: cpp/offset-use-before-range-check
+ - include: cpp/incomplete-parity-check
+ - include: cpp/mistyped-function-arguments
+ - include: cpp/comparison-with-wider-type
+ - include: cpp/inconsistent-call-on-result
+ - include: cpp/incorrect-not-operator-usage
+ - include: cpp/stack-address-escape
+ - include: cpp/nested-loops-with-same-variable
+ - include: cpp/suspicious-allocation-size
+ - include: cpp/allocation-too-small
+ - include: cpp/uninitialized-local
+ - include: cpp/static-buffer-overflow
+ - include: cpp/suspicious-sizeof
+ - include: cpp/suspicious-pointer-scaling-void
+ - include: cpp/declaration-hides-variable
+ - include: cpp/empty-if
+ - include: cpp/unused-local-variable
+ - include: cpp/unused-static-function
+ - include: cpp/unused-static-variable
+ - exclude: cpp/fixme-comment
+ - exclude: cpp/weak-cryptographic-algorithm
+ - exclude: py/clear-text-logging-sensitive-data