edk2.qls: Allow error severity results and add new queries

The query cpp/conditionallyuninitializedvariable was initially
enabled with the CodeQL code because work was in progress on those
changes. The results were filtered out so CodeQL passed so we could
verify the CodeQL workflow without impacting CI results.

This change allows error severity messages and substitutes that query
with two queries that do not return failures. This allows these
queries to find future problems and prepares the CodeQL workflow to
catch future failures as queries are enabled.

Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Sean Brogan <sean.brogan@microsoft.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>

2 files changed, 3 insertions, 2 deletions

diff --git a/.github/codeql/codeql-config.yml b/.github/codeql/codeql-config.yml
index 3e27c2fb0d..a51db141eb 100644
--- a/.github/codeql/codeql-config.yml
+++ b/.github/codeql/codeql-config.yml
@@ -25,6 +25,5 @@ queries:
 query-filters:

 - exclude:

     problem.severity:

-      - error

       - warning

       - recommendation

diff --git a/.github/codeql/edk2.qls b/.github/codeql/edk2.qls
index 0efc7dca52..ef9aae790f 100644
--- a/.github/codeql/edk2.qls
+++ b/.github/codeql/edk2.qls
@@ -9,4 +9,6 @@
 # Enable individual queries below.

 

 - include:

-    id: cpp/conditionallyuninitializedvariable

+    id: cpp/infinite-loop-with-unsatisfiable-exit-condition

+- include:

+    id: cpp/overflow-buffer