[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2] codeql: add support for analyzing C, Python and Go


  • To: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
  • From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Date: Mon, 21 Mar 2022 14:49:32 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=lr2mzsHIC2QfZ1LDBPA4YxmJvMuHMcmE/zp3ADhDDY0=; b=dIrG4JvGpFa8hjRt7NKB/PAlb68BRNYDCnHdMcBc4gzAI40xsBHOWVlBceu/Pevbry0C8wPWuVZUtWueYuh6tm6/5nCOrC9vOoEkJG7QDQhabJy5TLEBL5WABxhIlw04cr10nxTVzJmOXAxwh+4RHFGbeme/Mdgvp8ZgF3j6AEPkgrTrg2uLdG1jrsZuOS6skUDLdfyj3Pzh4ilULlVItLxr1M+0klcmyCX6c5ifvA5HGGKJIZICmszBQhpCG1tV2WiIAtdAvVzh8fE/d9rRiKZlH6mecdQ+BdYDhYttimgx8UlonY3ED9hWB+f1VPZuiOdbsAD2JfmV6ZGLyUWHmw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LMpT6+Z+0gGcuXaaX+8+F6qD7Ci8K89+LMhFuADWNsNwZqd3Kf1v2vPi8EgvZtrm6C2FiUvmecl0CVeaij9NznxwO5AaBDeTL4CcxPAl/Pt8jlSnZJu3TJlY7Wkw+G0Ncr9Br0kHw5CPUsjdm8/AlAujRNyfWW7FLjqOQwrHwyyfxLFayLZImdZ9Fuo/3jW94yAZWeWqhSRrH1aummnUliPnPWCC/6iPYcsDG4IPxIT8N4HQOFO4H6hc74lAPKkWm4aZ4lCFX7RjGloQt89CB4oLgbpEHfSJGQnCGIvmWJqolMiABF0xsIzMhjnwY2S0/qmFh3DnOaJFT9jJPW7tfA==
  • Authentication-results: esa6.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "George Dunlap" <George.Dunlap@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, "Julien Grall" <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>
  • Delivery-date: Mon, 21 Mar 2022 13:50:07 +0000
  • Ironport-data: A9a23:qOKiGq8p4CZ+XAFse+SbDrUDq36TJUtcMsCJ2f8bNWPcYEJGY0x3n WMbUD2BPfqJZTb2fo1ybYyzp0JTvJbSnN9qGgJkpCw8E34SpcT7XtnIdU2Y0wF+jyHgoOCLy +1EN7Es+ehtFie0Si+Fa+Sn9T8mvU2xbuKU5NTsY0idfic5DnZ54f5fs7Rh2NQw2oLgW1rlV e7a+KUzBnf0g1aYDUpMg06zgEsHUCPa4W5wUvQWPJinjXeG/5UnJMt3yZKZdhMUdrJ8DO+iL 9sv+Znilo/vE7XBPfv++lrzWhVirrc/pmFigFIOM0SpqkAqSiDfTs/XnRfTAKtao2zhojx/9 DlCnZb3QCokb6GTpKMyDxl8SgNvGrZUv6CSdBBTseTLp6HHW37lwvEoB0AqJ4wIvO1wBAmi9 9RBdmpLNErawbvrnvTrEYGAhex6RCXvFJkYtXx6iynQEN4tQIzZQrWM7thdtNs1rp4QQ6aFO JZFAdZpRBvLYTMfY3UXM58vw7n5hCLyUWN39mvA8MLb5ECMlVcsgdABKuH9YceWTM9YmkKZo GPu/GnjBBwectuFxlKt7XaEluLJ2yThV+o6FqC89/NsqE2ewCoUEhJ+fUu2p7y1h1CzX/pbK lcI4Ww+oK4q7kupQ9LhGRqirxasvBQRRt5RGO0S8xyWx+zf5APxO4QfZmcfMpp87pZwHGF0k A/S9z/0OdBxmLfSQF+Qp7vLkXSdZSgxdE0TQjQWChRQtrEPv7oPph7IS99iFou8gdv0BSz8z li2kcQuu1kApZVVjvvmpDgrlxrp/8GUFVBtum07S0r/tmtEiJiZi5tEALQxxdJJN86nQ1aIp xDocODOvblVXflheMFgKdjh/Y1FBd7Ya1UwYnY1RvHNEghBHFb5IehtDMlWfhsBDyr9UWaBj LXvkQ1Q/oRPG3ChcLV6ZYm8Y+xzk/S/RY29D6mEN4EfCnSUSONg1HszDXN8Iki3yBR8+U3BE cnznTmQ4YYyVv08kWveqxY12r433CEurV4/trigpylLJYG2PSbPIZ9caQPmRrlgsMus/VWEm /4CZpDi40gOD4XDjtz/rNd7waYidiNgW/gbaqV/K4a+H+aRMDp4WqGLnu95JdANcmY8vr6gw 0xRk3RwkTLXrXbGNR+LejZkbrbuVox4tnU1IWonOlPA5pTpSdzHAHs3H3fvQYQayQ==
  • Ironport-hdrordr: A9a23:uNKxz6Eb9je8vb4tpLqEEseALOsnbusQ8zAXPiBKJCC9vPb5qy nOpoV+6faQslwssR4b9uxoVJPvfZq+z+8R3WByB8bAYOCOggLBQL2KhbGI/9SKIVydygcy78 Zdm6gVMqyMMbB55/yKnDVRxbwbsaa6GKPDv5ah8590JzsaDJ2Jd21Ce32m+ksdfnghObMJUK Cyy+BgvDSadXEefq2AdwM4t7iqnayzqHr+CyR2fyIa1A==
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Mon, Mar 21, 2022 at 01:02:30PM +0000, Andrew Cooper wrote:
> On 21/03/2022 09:54, Roger Pau Monné wrote:
> 
> Ping?
> 
> On Mon, Mar 07, 2022 at 05:45:52PM +0100, Roger Pau Monne wrote:
> 
> 
> Introduce CodeQL support for Xen and analyze the C, Python and Go
> files.
> 
> Note than when analyzing Python or Go we avoid building the hypervisor
> and only build the tools.
> 
> Requested-by: Andrew Cooper 
> <andrew.cooper3@xxxxxxxxxx><mailto:andrew.cooper3@xxxxxxxxxx>
> Signed-off-by: Roger Pau Monné 
> <roger.pau@xxxxxxxxxx><mailto:roger.pau@xxxxxxxxxx>
> ---
> Changes since v1:
>  - Rename to note it's x86 specific right now.
>  - Merge the ignored path patch.
> ---
> It's my understanding that we need to force the checkout action to
> fetch 'staging' branch, or else for the scheduled runs we would end up
> picking the current default branch (master).
> 
> Forcing to staging necessary due to a limitation in Coverity.
> 
> CodeQL explicitly can cope with multiple branches, so when a user asks for a 
> specific branch, they'd better get a run on the branch they asked for, not 
> have it forced to staging.
> 
> It also breaks any fork which has a different default branch.
> 
> 
> 
> 
> Maybe we want to remove the scheduled action and just rely on pushes
> and manually triggered workflows?
> ---
>  .github/codeql/codeql-config.yml |  3 ++
>  .github/workflows/codeql-x86.yml | 60 ++++++++++++++++++++++++++++++++
>  2 files changed, 63 insertions(+)
>  create mode 100644 .github/codeql/codeql-config.yml
>  create mode 100644 .github/workflows/codeql-x86.yml
> 
> diff --git a/.github/codeql/codeql-config.yml 
> b/.github/codeql/codeql-config.yml
> new file mode 100644
> index 0000000000..721640c2a5
> --- /dev/null
> +++ b/.github/codeql/codeql-config.yml
> @@ -0,0 +1,3 @@
> +paths-ignore:
> +  - xen/tools/kconfig
> +  - tools/firmware/xen-dir/xen-root/xen/tools/kconfig
> 
> From actually running this:
> 
> Annotations
> 2 warnings
> analyse (go)
> The "paths"/"paths-ignore" fields of the config only have effect for 
> JavaScript, Python, and Ruby
> analyse (cpp)
> The "paths"/"paths-ignore" fields of the config only have effect for 
> JavaScript, Python, and Ruby
> 
> So this obviously can't be used like this.  You'll have to add them to the 
> prebuild step.

Right, paths-ignore can only be used for interpreted languages, so
not really useful in order to ignore the content in Kconfig.

Pre-building the Kconfig in tools/firmware/ will be complicated. I
will leave ignoring those paths to a further patch, we can always
filter from the queries.

Thanks, Roger.



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.