Merge pull request nasa#254 from ArielSAdamsNASA/fix-251-jpl-rules-co…

…deql Fix nasa#251, Implement Coding Standard Rules in CodeQL
nmullane · May 20, 2021 · 1c2fa91 · 1c2fa91
2 parents cbd1fe2 + 280e725
commit 1c2fa91
Show file tree

Hide file tree

Showing 4 changed files with 83 additions and 7 deletions.
diff --git a/.github/codeql/codeql-coding-standard.yml b/.github/codeql/codeql-coding-standard.yml
@@ -0,0 +1,20 @@
+name: "CodeQL Coding Standard Configuration File"
+
+disable-default-queries: true
+
+queries:
+ - name: JPL Rules
+ uses: ./codeql/cpp/ql/src/JPL_C
+ - name: MISRA Rule 9-5-1
+ uses: ./codeql/cpp/ql/src/jsf/4.20 Unions and Bit Fields/AV Rule 153.ql
+ - name: MISRA Rule 5-18-1
+ uses: ./codeql/cpp/ql/src/jsf/4.21 Operators/AV Rule 168.ql 
+ - name: MISRA 6-2-2
+ uses: ./codeql/cpp/ql/src/jsf/4.25 Expressions/AV Rule 202.ql
+ - name: MISRA Rule 5-14-1
+ uses: ./codeql/cpp/ql/src/jsf/4.21 Operators/AV Rule 165.ql
+ - name: MISRA Rule 5-3-2
+ uses: ./codeql/cpp/ql/src/jsf/4.21 Operators/AV Rule 165.ql
+ - name: MISRA Rule 7-5-2
+ uses: ./codeql/cpp/ql/src/jsf/4.22 Pointers and References/AV Rule 173.ql
+
diff --git a/.github/codeql/codeql-config.yml b/.github/codeql/codeql-config.yml
diff --git a/.github/codeql/codeql-security.yml b/.github/codeql/codeql-security.yml
@@ -0,0 +1,7 @@
+name: "CodeQL Security Configuration File"
+
+queries:
+ - name: Security and Quality
+ uses: security-and-quality
+ - name: Security Extended
+ uses: security-extended 
diff --git a/.github/workflows/codeql-build.yml b/.github/workflows/codeql-build.yml
@@ -28,7 +28,7 @@ jobs:
  do_not_skip: '["pull_request", "workflow_dispatch", "schedule"]'
 
 
- CodeQL-Build:
+ CodeQL-Security-Build:
  #Continue if check-for-duplicates found no duplicates. Always runs for pull-requests.
  needs: check-for-duplicates
  if: ${{ needs.check-for-duplicates.outputs.should_skip != 'true' }}
@@ -55,7 +55,61 @@ jobs:
  uses: github/codeql-action/init@v1
  with:
  languages: c
- config-file: ./.github/codeql/codeql-config.yml
+ config-file: ./.github/codeql/codeql-security.yml
+
+ # Setup the build system
+ - name: Copy sample_defs
+ if: ${{ !steps.skip-workflow.outputs.skip }}
+ run: |
+ cp ./cfe/cmake/Makefile.sample Makefile
+ cp -r ./cfe/cmake/sample_defs sample_defs
+
+ # Setup the build system
+ - name: Make Install
+ if: ${{ !steps.skip-workflow.outputs.skip }}
+ run: make
+
+ # Run CodeQL
+ - name: Perform CodeQL Analysis
+ if: ${{ !steps.skip-workflow.outputs.skip }}
+ uses: github/codeql-action/analyze@v1
+
+ CodeQL-Coding-Standard-Build:
+ #Continue if check-for-duplicates found no duplicates. Always runs for pull-requests.
+ needs: check-for-duplicates
+ if: ${{ needs.check-for-duplicates.outputs.should_skip != 'true' }}
+ runs-on: ubuntu-18.04
+ timeout-minutes: 15
+
+ steps:
+ # Checks out a copy of your repository
+ - name: Checkout code
+ if: ${{ !steps.skip-workflow.outputs.skip }}
+ uses: actions/checkout@v2
+ with:
+ repository: nasa/cFS
+ submodules: true
+
+ - name: Check versions
+ if: ${{ !steps.skip-workflow.outputs.skip }}
+ run: |
+ git log -1 --pretty=oneline
+ git submodule
+
+ - name: Checkout codeql code 
+ if: ${{ !steps.skip-workflow.outputs.skip }}
+ uses: actions/checkout@v2
+ with:
+ repository: github/codeql 
+ submodules: true 
+ path: codeql
+
+ - name: Initialize CodeQL
+ if: ${{ !steps.skip-workflow.outputs.skip }}
+ uses: github/codeql-action/init@v1
+ with:
+ languages: c
+ config-file: ./.github/codeql/codeql-coding-standard.yml
 
  # Setup the build system
  - name: Copy sample_defs