From 110afef1cd505fc88906791866a5d35d59ef6e5e Mon Sep 17 00:00:00 2001
From: Jack Lloyd <jack@randombit.net>
Date: Wed, 9 Aug 2023 14:50:02 -0400
Subject: [PATCH] Add the old LGTM config

---
 .github/workflows/codeql.yml | 10 ++--------
 src/configs/codeql.yml       | 27 +++++++++++++++++++++++++++
 2 files changed, 29 insertions(+), 8 deletions(-)
 create mode 100644 src/configs/codeql.yml

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index c463c64cc0b..f2ea6ffe542 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -32,14 +32,11 @@ jobs:
           target: codeql
           cache-key: linux-gcc-x86_64-codeql
 
-      # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
         uses: github/codeql-action/init@v2
         with:
           languages: cpp
-          # If you wish to specify custom queries, you can do so here or in a config file.
-          # By default, queries listed here will override any specified in a config file.
-          # Prefix the list here with "+" to use these queries and those in the config file.
+          config-file: ./src/configs/codeql.yml
 
       - name: Build Library
         run: ./src/scripts/ci_build.py codeql
@@ -61,14 +58,11 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v3
 
-      # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
         uses: github/codeql-action/init@v2
         with:
           languages: python
-          # If you wish to specify custom queries, you can do so here or in a config file.
-          # By default, queries listed here will override any specified in a config file.
-          # Prefix the list here with "+" to use these queries and those in the config file.
+          config-file: ./src/configs/codeql.yml
 
       - name: Perform CodeQL Analysis
         uses: github/codeql-action/analyze@v2
diff --git a/src/configs/codeql.yml b/src/configs/codeql.yml
new file mode 100644
index 00000000000..8bdc3ed2348
--- /dev/null
+++ b/src/configs/codeql.yml
@@ -0,0 +1,27 @@
+
+queries:
+ - include: cpp/inconsistent-null-check
+ - include: cpp/overrunning-write
+ - include: cpp/unbounded-write
+ - include: cpp/offset-use-before-range-check
+ - include: cpp/incomplete-parity-check
+ - include: cpp/mistyped-function-arguments
+ - include: cpp/comparison-with-wider-type
+ - include: cpp/inconsistent-call-on-result
+ - include: cpp/incorrect-not-operator-usage
+ - include: cpp/stack-address-escape
+ - include: cpp/nested-loops-with-same-variable
+ - include: cpp/suspicious-allocation-size
+ - include: cpp/allocation-too-small
+ - include: cpp/uninitialized-local
+ - include: cpp/static-buffer-overflow
+ - include: cpp/suspicious-sizeof
+ - include: cpp/suspicious-pointer-scaling-void
+ - include: cpp/declaration-hides-variable
+ - include: cpp/empty-if
+ - include: cpp/unused-local-variable
+ - include: cpp/unused-static-function
+ - include: cpp/unused-static-variable
+ - exclude: cpp/fixme-comment
+ - exclude: cpp/weak-cryptographic-algorithm
+ - exclude: py/clear-text-logging-sensitive-data