b0fd309719
The query cpp/conditionallyuninitializedvariable was initially enabled with the CodeQL code because work was in progress on those changes. The results were filtered out so CodeQL passed so we could verify the CodeQL workflow without impacting CI results. This change allows error severity messages and substitutes that query with two queries that do not return failures. This allows these queries to find future problems and prepares the CodeQL workflow to catch future failures as queries are enabled. Cc: Sean Brogan <sean.brogan@microsoft.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com> Reviewed-by: Sean Brogan <sean.brogan@microsoft.com> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
30 lines
1.1 KiB
YAML
30 lines
1.1 KiB
YAML
## @file
|
|
# CodeQL configuration file for edk2.
|
|
#
|
|
# Copyright (c) Microsoft Corporation.
|
|
# SPDX-License-Identifier: BSD-2-Clause-Patent
|
|
##
|
|
|
|
name: "CodeQL config"
|
|
|
|
# The following line disables the default queries. This is used because we want to enable on query at a time by
|
|
# explicitly specifying each query in a "queries" array as they are enabled.
|
|
#
|
|
# See the following for more information about adding custom queries:
|
|
# https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-a-custom-configuration-file
|
|
|
|
#disable-default-queries: true
|
|
|
|
queries:
|
|
- name: EDK2 CodeQL Query List
|
|
uses: ./.github/codeql/edk2.qls
|
|
|
|
# We must specify a query for CodeQL to run. Until the first query is enabled, enable the security query suite but
|
|
# exclude all problem levels from impacting the results. After the first query is enabled, this filter can be relaxed
|
|
# to find the level of problems desired from the query.
|
|
query-filters:
|
|
- exclude:
|
|
problem.severity:
|
|
- warning
|
|
- recommendation
|