[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v2] codeql: add support for analyzing C, Python and Go

  • To: <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Roger Pau Monne <roger.pau@xxxxxxxxxx>
  • Date: Mon, 7 Mar 2022 17:45:52 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=t08aK4lKbx3YUPdgoKlaHSJWBc36sDwBIg64iJAj1/o=; b=GsBwzU68MVNGYxej78E9q2MqogT5/R6xv0saq8XOuD1JXRGGGK38ZTREr13NWvdnJP/Y9CtGM0oo2GDW0Fa45etnxYYI7OdTFyGsm3lrteVkMkg0mYkjFngm93+oIF+VoY8ty/lzxZWDBf1hZL+/PkyDsReA/HQHR+8znbCIESl219FWJ/Il3l2DrLPI/zqS9t/SRNV+ls9xzVPbQZemSBw2C/gPYE9cjvINUFrRLhFKo9WVXI0nYfowRy+71ZROUqxUaVlS9Z4PNsMWj/4mkuOYdQ4gAu+23bql+NaOHNU6SD+v98j4Zf9+5eUUjmFuegRH+OWosPiNEr4gTCpGeA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UM5F9SAbURIfyypv+ukQ5/d3HLYF0NUEjAkMPkFSbu9V5AgdJRobl/5ESvS56kyiCOlu+cd6UctApGQ+vYB3zoD8+QM0th9m2GHaQD3Io+/BghReb80UNSpi1xGZuNvO/vsgQTdH28AYa0XYuTNF98wnhw0PR0CBcvdYRyvZf1fSVYV/sEYajXpM4qkFNXfJmmZDS77H+gQm1Ywhvk1wJaKYfqL1PmcruPxWwgq7aKanL3Ij4WISNhQ8QHKA4ykicD47CF8oIMPAf4wZuRI7WEyK2rMwDHEw/DlAaGNoCl85zfDIwdCa8l9sWmG4V/b5SqwH8mQ/82uzIGmjgjGP9A==
  • Authentication-results: esa5.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: Roger Pau Monne <roger.pau@xxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>
  • Delivery-date: Mon, 07 Mar 2022 16:46:19 +0000
  • Ironport-data: A9a23:4VjIeqk/MHDubf2CV55iw5/o5gywJkRdPkR7XQ2eYbSJt1+Wr1Gzt xIZCDvTb/iNYzT3eNwib461oEgBupTdmoMwQAtr/y5mRCMWpZLJC+rCIxarNUt+DCFioGGLT Sk6QoOdRCzhZiaE/n9BCpC48T8kk/vgqoPUUIYoAAgoLeNfYHpn2EoLd9IR2NYy24DiW1zV4 7senuWEULOb828sWo4rw/rrRCNH5JwebxtB4zTSzdgS1LPvvyF94KA3fMldHFOhKmVgJcaoR v6r8V2M1jixEyHBqD+Suu2TnkUiGtY+NOUV45Zcc/DKbhNq/kTe3kunXRa1hIg+ZzihxrhMJ NtxWZOYZEQFDqzrtOskWjJ7FzBaP/FM/7zbCC3q2SCT5xWun3rExvxvCAc9PJEC+/YxCmZLn RAaAGlTNFbZ3bvwme/lDLk37iggBJCD0Ic3oHZvwCufFf87aZvCX7/L9ZlT2zJYasVmQ6uHP 5VFOGUHgBLobCAMNH4ZMcwEtdixrXvdVDlAqFnMuv9ii4TU5FMoi+W8WDbPQfSRXtlclEuco mPA/kz6DwscOdjZziCKmlqzgsffkCW9X5gdfJW66/prjVu71mEVThoMWjOTsfS/z0KzRd9bA 0gV4TY167g/8lSxSdvwVAH+p2SL1jYeUddNF+wx6CmW17HZpQ2eAwA5oiVpMYJ88pVsHHpzi wHPz4iB6SFTXKO9ZDGxxrazgTyLMAM2KX4mZ3MOSggZyoy2yG0stS7nQtFmGa+zq9T6HzDs3 jyHxBQDa6UvYd0jjPviow2e6964jt2QF1NuuF2LNo6wxl4hPOaYi5qUBU83BBqqBKKQVRG/s XcNgKByB8heXMjWxERhrAjgdYxFBspp0hWB2zaD/LF7rlxBHkJPmqgKvFlDyL9BaJpsRNMQS Ba7VfltzJFSJmC2SqR8fpi8Dc8npYC5S4i7C6GKNoUVMsgtHONiwM2JTRTMt10BbWB2yf1vU XtlWZzE4Ykm5VRPk2PtGrZ1PU4DzSEi32LDLa0XPDz8uYdykEW9EO9fWHPXN7hRxPrd/G39q o8PX+PXm0Q3eLCvOUH/rN9MRW3m2FBmXPgaXeQMLbXdSuencUl8Y8LsLUQJINQ0z/wIzb6Tp hlQmCZwkTLCuJEOEi3TAlhLY7LzR5dv63U9OC0nJ1Gz3HY/J42o6c8im1EfJtHLKMQLISZIc sQ4
  • Ironport-hdrordr: A9a23:N3t03agE9qTFxCFEGGRe07x+4HBQXyx13DAbv31ZSRFFG/FwyP rAoB1L73PJYWgqNU3I+ergBEGBKUmskaKdhrNhR4tKPTOWw1dASbsN0WKM+UyHJ8STzJ8+6U 4CSdkANDSTNykCsS+S2mDReLxBsbq6GciT9JvjJhxWPGZXgs9bnmJE4lHxKDwKeOAKP+tOKL Osou584xawc3Ueacq2QlEDQuj4vtXO0LbrewQPCRIL4BSHyWrA0s+zLzGomjMlFx9fy7Yr9m bI1yT/+6WYqvm+jjvRzXXa4Zh6kMbojvFDGMuPoM4ILSiEsHfgWK1RH5m5+BwlquCm71gn1P HKvhcbJsx2r0jce2mkyCGdrjXI4XIL0TvP2FWYiXzsrYjSXzQhEfdMgopfb1/w91cglMsU6t MH40up875sST/QliX04NbFEztwkFCvnHYkmekPy1RCTIolbqNLp4B3xjIeLH45JlO01GkbKp ghMCmFj8wmMG9yLkqp9VWH+ebcEkjaRXy9Mwg/Us/86UkloJk29Tpa+CUlpAZwyHsMceg72w 36CNUZqFg3dL5vUUtcPpZ0fSLlMB27ffrzWFjiUmgPUpt3eU7wlw==
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
Introduce CodeQL support for Xen and analyze the C, Python and Go
files.

Note than when analyzing Python or Go we avoid building the hypervisor
and only build the tools.

Requested-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
---
Changes since v1:
 - Rename to note it's x86 specific right now.
 - Merge the ignored path patch.
---
It's my understanding that we need to force the checkout action to
fetch 'staging' branch, or else for the scheduled runs we would end up
picking the current default branch (master).

Maybe we want to remove the scheduled action and just rely on pushes
and manually triggered workflows?
---
 .github/codeql/codeql-config.yml |  3 ++
 .github/workflows/codeql-x86.yml | 60 ++++++++++++++++++++++++++++++++
 2 files changed, 63 insertions(+)
 create mode 100644 .github/codeql/codeql-config.yml
 create mode 100644 .github/workflows/codeql-x86.yml

diff --git a/.github/codeql/codeql-config.yml b/.github/codeql/codeql-config.yml
new file mode 100644
index 0000000000..721640c2a5
--- /dev/null
+++ b/.github/codeql/codeql-config.yml
@@ -0,0 +1,3 @@
+paths-ignore:
+  - xen/tools/kconfig
+  - tools/firmware/xen-dir/xen-root/xen/tools/kconfig
diff --git a/.github/workflows/codeql-x86.yml b/.github/workflows/codeql-x86.yml
new file mode 100644
index 0000000000..a3ec6236c4
--- /dev/null
+++ b/.github/workflows/codeql-x86.yml
@@ -0,0 +1,60 @@
+name: CodeQL x86
+
+on:
+  workflow_dispatch:
+  push:
+    branches: [staging]
+  schedule:
+    - cron: '18 10 * * WED,SUN' # Bi-weekly at 10:18 UTC
+
+jobs:
+  analyse:
+
+    strategy:
+      matrix:
+        language: [ 'cpp', 'python', 'go' ]
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Install build dependencies
+      run: |
+        sudo apt-get install -y wget git \
+          libbz2-dev build-essential \
+          zlib1g-dev libncurses5-dev iasl \
+          libbz2-dev e2fslibs-dev uuid-dev libyajl-dev \
+          autoconf libtool liblzma-dev \
+          python3-dev golang python-dev libsystemd-dev
+
+    - uses: actions/checkout@v2
+      with:
+        ref: staging
+
+    - name: Configure Xen
+      run: |
+        ./configure --with-system-qemu=/bin/true \
+                    --with-system-seabios=/bin/true \
+                    --with-system-ovmf=/bin/true
+
+    - name: Pre build stuff
+      run: |
+        make -j`nproc` mini-os-dir
+
+    - uses: github/codeql-action/init@v1
+      with:
+        config-file: ./.github/codeql/codeql-config.yml
+        languages: ${{matrix.language}}
+        queries: security-and-quality
+
+    - if: matrix.language == 'cpp'
+      name: Full Build
+      run: |
+        make -j`nproc` build-xen build-tools
+        make -j`nproc` -C extras/mini-os/
+
+    - if: matrix.language == 'python' || matrix.language == 'go'
+      name: Tools Build
+      run: |
+        make -j`nproc` build-tools
+
+    - uses: github/codeql-action/analyze@v1
-- 
2.34.1

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.