diff options
| author | Michael Kubacki <michael.kubacki@microsoft.com> | 2022-11-09 10:34:07 -0500 |
|---|---|---|
| committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2023-04-03 15:29:08 +0000 |
| commit | 26997800c991f934b57ebd91de2edcd93312f756 (patch) | |
| tree | 4675150dcffd4d6baf37bcbdb3056a9838404f33 | |
| parent | 07349758240997ef84217bfb175caa9e33d11653 (diff) | |
| download | edk2-26997800c991f934b57ebd91de2edcd93312f756.tar.gz | |
.github/codeql/edk2.qls: Enable CWE 120, 787, and 805 queries
As recommended by CodeQL this change replaces
cpp/potential-buffer-overflow with cpp/overrunning-write-with-float
and cpp/overrunning-write.
Enables:
1. cpp/overrunning-write
- @name Likely overrunning write
- @description Buffer write operations that do not control the length
data written may overflow
- @kind problem
- @problem.severity error
- @security-severity 9.3
- @precision high
- @id cpp/very-likely-overrunning-write
- @tags reliability
- security
- external/cwe/cwe-120
- external/cwe/cwe-787
- external/cwe/cwe-805
2. cpp/overrunning-write-with-float
- @name Potentially overrunning write with float to string conversion
- @description Buffer write operations that do not control the length
of data written may overflow when floating point inputs
take extreme values.
- @kind problem
- @problem.severity error
- @security-severity 9.3
- @precision medium
- @id cpp/overrunning-write-with-float
- @tags reliability
- security
- external/cwe/cwe-120
- external/cwe/cwe-787
- external/cwe/cwe-805
3. cpp/very-likely-overrunning-write
- @name Likely overrunning write
- @description Buffer write operations that do not control the length
of data written may overflow
- @kind problem
- @problem.severity error
- @security-severity 9.3
- @precision high
- @id cpp/very-likely-overrunning-write
- @tags reliability
- security
- external/cwe/cwe-120
- external/cwe/cwe-787
- external/cwe/cwe-805
- CWEs:
- https://cwe.mitre.org/data/definitions/120.html
- https://cwe.mitre.org/data/definitions/787.html
- https://cwe.mitre.org/data/definitions/805.html
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Michael Kubacki <mikuback@linux.microsoft.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Oliver Smith-Denny <osd@smith-denny.com>
| -rw-r--r-- | .github/codeql/edk2.qls | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/.github/codeql/edk2.qls b/.github/codeql/edk2.qls index dc2d87764e..9bea9ba01f 100644 --- a/.github/codeql/edk2.qls +++ b/.github/codeql/edk2.qls @@ -15,7 +15,10 @@ - include:
id: cpp/overflow-buffer
- include:
+ id: cpp/overrunning-write
+- include:
+ id: cpp/overrunning-write-with-float
+- include:
id: cpp/pointer-overflow-check
- include:
- id: cpp/potential-buffer-overflow
-
+ id: cpp/very-likely-overrunning-write
|