diff --git a/.github/codeql-cpp.yml b/.github/codeql-cpp.yml new file mode 100644 index 000000000000..f70fcc6de2fa --- /dev/null +++ b/.github/codeql-cpp.yml @@ -0,0 +1,5 @@ +name: "Custom CodeQL Analysis" + +queries: + - uses: ./.github/codeql/custom-queries/cpp/deprecatedFunctionUsage.ql +# - uses: ./.github/codeql/openzfs-code-scanning.qls diff --git a/.github/codeql-python.yml b/.github/codeql-python.yml new file mode 100644 index 000000000000..93cb4a435ed9 --- /dev/null +++ b/.github/codeql-python.yml @@ -0,0 +1,4 @@ +name: "Custom CodeQL Analysis" + +paths-ignore: + - tests diff --git a/.github/codeql/custom-queries/cpp/deprecatedFunctionUsage.ql b/.github/codeql/custom-queries/cpp/deprecatedFunctionUsage.ql new file mode 100644 index 000000000000..942bd5b7cbdc --- /dev/null +++ b/.github/codeql/custom-queries/cpp/deprecatedFunctionUsage.ql @@ -0,0 +1,50 @@ +/** + * @name Deprecated function usage detection + * @description Detects functions whose usage is banned from the OpenZFS + * codebase due to QA concerns. + * @kind problem + * @severity error + * @id cpp/deprecated-function-usage +*/ + +import cpp + +predicate isDeprecatedFunction(Function f) { + f.getName() = "strtok" or + f.getName() = "__xpg_basename" or + f.getName() = "basename" or + f.getName() = "dirname" or + f.getName() = "bcopy" or + f.getName() = "bcmp" or + f.getName() = "bzero" or + f.getName() = "asctime" or + f.getName() = "asctime_r" +} + +string getReplacementMessage(Function f) { + if f.getName() = "strtok" then + result = "strtok_r(3)" + else if f.getName() = "__xpg_basename" then + result = "zfs_basename()" + else if f.getName() = "basename" then + result = "zfs_basename()" + else if f.getName() = "dirname" then + result = "zfs_dirnamelen()" + else if f.getName() = "bcopy" then + result = "memcpy(3)/memmove(3)" + else if f.getName() = "bcmp" then + result = "memcmp(3)" + else if f.getName() = "bzero" then + result = "memset(3)" + else if f.getName() = "asctime" then + result = "strftime(3)" + else + result = "strftime(3)" +} + +from FunctionCall fc, Function f +where + fc.getTarget() = f and + isDeprecatedFunction(f) +select fc, "Usage of '" + f.getName() + "' is deprecated, consider using '" + + getReplacementMessage(f) + "' instead." diff --git a/.github/codeql/custom-queries/cpp/qlpack.yml b/.github/codeql/custom-queries/cpp/qlpack.yml new file mode 100644 index 000000000000..cbe0f1cbe3c4 --- /dev/null +++ b/.github/codeql/custom-queries/cpp/qlpack.yml @@ -0,0 +1,4 @@ +name: openzfs-cpp-queries +version: 0.0.0 +libraryPathDependencies: codeql-cpp +suites: openzfs-cpp-suite diff --git a/.github/codeql/openzfs-code-scanning.qls b/.github/codeql/openzfs-code-scanning.qls new file mode 100644 index 000000000000..c371ed848cf8 --- /dev/null +++ b/.github/codeql/openzfs-code-scanning.qls @@ -0,0 +1,3 @@ +# Reusing existing QL Pack +- import: codeql-suites/cpp-code-scanning.qls + from: codeql-cpp diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 037f8aca0eaa..7ccfc1492564 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -29,6 +29,7 @@ jobs: - name: Initialize CodeQL uses: github/codeql-action/init@v2 with: + config-file: .github/codeql-${{ matrix.language }}.yml languages: ${{ matrix.language }} - name: Autobuild