Skip to content

Commit 77bf4a7

Browse files
committed
Open sourcing CodeQL Coding Standards
1 parent e78f15b commit 77bf4a7

File tree

951 files changed

+25950
-66296
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

951 files changed

+25950
-66296
lines changed

.github/pull_request_template.md

+3-3
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ _please enter the description of your change here_
2020

2121
## Release change checklist
2222

23-
A change note ([development_handbook.md#change-notes](https://github.com/github/codeql-coding-standards/blob/main/development_handbook.md#change-notes)) is required for any pull request which modifies:
23+
A change note ([development_handbook.md#change-notes](https://github.com/github/codeql-coding-standards/blob/main/docs/development_handbook.md#change-notes)) is required for any pull request which modifies:
2424

2525
- The structure or layout of the release artifacts.
2626
- The evaluation performance (memory, execution time) of an existing query.
@@ -44,7 +44,7 @@ For PRs that add new queries or modify existing queries, the following checklist
4444
- [ ] Have all the relevant rule package description files been checked in?
4545
- [ ] Have you verified that the metadata properties of each new query is set appropriately?
4646
- [ ] Do all the unit tests contain both "COMPLIANT" and "NON_COMPLIANT" cases?
47-
- [ ] Are the alert messages properly formatted and consistent with the [style guide](https://github.com/github/codeql-coding-standards/blob/main/development_handbook.md#query-style-guide)?
47+
- [ ] Are the alert messages properly formatted and consistent with the [style guide](https://github.com/github/codeql-coding-standards/blob/main/docs/development_handbook.md#query-style-guide)?
4848
- [ ] Have you run the queries on OpenPilot and verified that the performance and results are acceptable?<br />_As a rule of thumb, predicates specific to the query should take no more than 1 minute, and for simple queries be under 10 seconds. If this is not the case, this should be highlighted and agreed in the code review process._
4949
- [ ] Does the query have an appropriate level of in-query comments/documentation?
5050
- [ ] Have you considered/identified possible edge cases?
@@ -56,7 +56,7 @@ For PRs that add new queries or modify existing queries, the following checklist
5656
- [ ] Have all the relevant rule package description files been checked in?
5757
- [ ] Have you verified that the metadata properties of each new query is set appropriately?
5858
- [ ] Do all the unit tests contain both "COMPLIANT" and "NON_COMPLIANT" cases?
59-
- [ ] Are the alert messages properly formatted and consistent with the [style guide](https://github.com/github/codeql-coding-standards/blob/main/development_handbook.md#query-style-guide)?
59+
- [ ] Are the alert messages properly formatted and consistent with the [style guide](https://github.com/github/codeql-coding-standards/blob/main/docs/development_handbook.md#query-style-guide)?
6060
- [ ] Have you run the queries on OpenPilot and verified that the performance and results are acceptable?<br />_As a rule of thumb, predicates specific to the query should take no more than 1 minute, and for simple queries be under 10 seconds. If this is not the case, this should be highlighted and agreed in the code review process._
6161
- [ ] Does the query have an appropriate level of in-query comments/documentation?
6262
- [ ] Have you considered/identified possible edge cases?

.github/workflows/code-scanning-pack-gen.yml

+26-34
Original file line numberDiff line numberDiff line change
@@ -5,13 +5,13 @@ on:
55
branches:
66
- main
77
- "rc/**"
8-
- "c-coding-standards"
8+
- next
99

1010
push:
1111
branches:
1212
- main
1313
- "rc/**"
14-
- "c-coding-standards"
14+
- next
1515

1616
env:
1717
XARGS_MAX_PROCS: 4
@@ -59,25 +59,23 @@ jobs:
5959
codeql-home: ${{ github.workspace }}/codeql_home
6060
add-to-path: false
6161

62-
- name: Install latest CodeQL for docs generation
63-
id: install-latest-codeql
64-
uses: ./.github/actions/install-codeql
62+
- name: Install Python
63+
uses: actions/setup-python@v4
6564
with:
66-
add-to-path: false
65+
python-version: "3.9"
6766

6867
- name: Anonymising and pre-compiling queries
6968
env:
7069
CODEQL_HOME: ${{ github.workspace }}/codeql_home
71-
CODEQL_LATEST_HOME: ${{ steps.install-latest-codeql.outputs.codeql-home}}
7270
run: |
7371
PATH=$PATH:$CODEQL_HOME/codeql
7472
pip install -r scripts/requirements.txt
75-
find rule_packages/cpp -name '*.json' -exec basename {} .json \; | xargs --max-procs "$XARGS_MAX_PROCS" --max-args 1 python3 scripts/generate_rules/generate_package_files.py -a cpp
76-
find rule_packages/c -name '*.json' -exec basename {} .json \; | xargs --max-procs "$XARGS_MAX_PROCS" --max-args 1 python3 scripts/generate_rules/generate_package_files.py --skip-shared-test-generation -a c
73+
find rule_packages/cpp -name '*.json' -exec basename {} .json \; | xargs --max-procs "$XARGS_MAX_PROCS" --max-args 1 python scripts/generate_rules/generate_package_files.py -a cpp
74+
find rule_packages/c -name '*.json' -exec basename {} .json \; | xargs --max-procs "$XARGS_MAX_PROCS" --max-args 1 python scripts/generate_rules/generate_package_files.py --skip-shared-test-generation -a c
7775
78-
echo "Generating help markdown file for cert"
79-
$CODEQL_LATEST_HOME/codeql/codeql generate query-help -vvv --format=markdown -o cpp/cert/src/ cpp/cert/src/rules
80-
$CODEQL_LATEST_HOME/codeql/codeql generate query-help -vvv --format=markdown -o c/cert/src/ c/cert/src/rules
76+
echo "Remove help files that cannot be freely distributed"
77+
find cpp/autosar/src/rules -name "*.md" -delete
78+
find c/misra/src/rules -name "*.md" -delete
8179
8280
codeql query compile --search-path cpp --threads 0 cpp
8381
codeql query compile --search-path c --search-path cpp --threads 0 c
@@ -103,12 +101,11 @@ jobs:
103101
copy_to_root_name=$(realpath --relative-to "./$2/$1/src/" "$copy_from_root_name")
104102
query_dir=$(dirname "lgtm-cpp-query-pack/$copy_to_root_name")
105103
mkdir -p "$query_dir"
106-
# Copy each selected ql file, plus the related files (qhelp, qhelp implementation)
104+
# Copy each selected ql file
107105
cp "$copy_from_root_name.ql" "lgtm-cpp-query-pack/$copy_to_root_name.ql"
108-
cp "$copy_from_root_name.qhelp" "lgtm-cpp-query-pack/$copy_to_root_name.qhelp"
109106
done
110107
}
111-
108+
112109
echo "Copying autosar-default queries (CPP)"
113110
copy_queries_for_pack "autosar" "cpp"
114111
echo "Copying cert-default queries (CPP)"
@@ -186,30 +183,25 @@ jobs:
186183
codeql-home: ${{ github.workspace }}/codeql_home
187184
add-to-path: false
188185

189-
- name: Install latest CodeQL for docs generation
190-
id: install-latest-codeql
191-
uses: ./.github/actions/install-codeql
186+
- name: Checkout external help files
187+
uses: actions/checkout@v2
192188
with:
193-
add-to-path: false
189+
ssh-key: ${{ secrets.CODEQL_CODING_STANDARDS_HELP_KEY }}
190+
repository: "github/codeql-coding-standards-help"
191+
ref: ${{ github.head_ref }}
192+
path: external-help-files
193+
194+
- name: Include external help files
195+
run: |
196+
pushd external-help-files
197+
find . -name '*.md' -exec rsync -av --relative {} "$GITHUB_WORKSPACE" \;
198+
popd
194199
195200
- name: Pre-compiling queries
196201
env:
197202
CODEQL_HOME: ${{ github.workspace }}/codeql_home
198-
CODEQL_LATEST_HOME: ${{ steps.install-latest-codeql.outputs.codeql-home}}
199203
run: |
200204
PATH=$PATH:$CODEQL_HOME/codeql
201-
for s in "autosar" "cert"
202-
do
203-
echo "Generating help markdown file for $s"
204-
$CODEQL_LATEST_HOME/codeql/codeql generate query-help -vvv --format=markdown -o cpp/$s/src/ cpp/$s/src/rules
205-
done
206-
207-
for s in "misra" "cert"
208-
do
209-
echo "Generating help markdown file for $s"
210-
$CODEQL_LATEST_HOME/codeql/codeql generate query-help -vvv --format=markdown -o c/$s/src/ c/$s/src/rules
211-
done
212-
213205
214206
codeql query compile --search-path cpp --threads 0 cpp
215207
codeql query compile --search-path c --search-path cpp --threads 0 c
@@ -234,8 +226,8 @@ jobs:
234226
do
235227
copy_to_root="lgtm-cpp-query-pack/$(realpath --relative-to "./$2/$1/src/" "$rule_dir")"
236228
mkdir -p "$copy_to_root"
237-
# Copy each selected ql file, plus the related files (qhelp, qhelp implementation)
238-
find "$rule_dir" -name '*.ql' -o -name '*.qhelp' -o -name '*.c' -name '*.cpp' -o -name '*.png' -exec cp -n {} "$copy_to_root" \;
229+
# Copy each selected ql file, plus the related files
230+
find "$rule_dir" -name '*.ql' -o -name '*.c' -name '*.cpp' -o -name '*.png' -exec cp -n {} "$copy_to_root" \;
239231
done
240232
}
241233
echo "Copying autosar-default queries (CPP)"

.github/workflows/codeql_unit_tests.yml

+4-3
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@ on:
55
branches:
66
- main
77
- "rc/**"
8+
- next
89
pull_request:
910
branches:
1011
- "**"
@@ -42,10 +43,10 @@ jobs:
4243
- name: Checkout repository
4344
uses: actions/checkout@v2
4445

45-
- name: Setup Python 3
46-
uses: actions/setup-python@v2
46+
- name: Install Python
47+
uses: actions/setup-python@v4
4748
with:
48-
python-version: "3.x"
49+
python-version: "3.9"
4950

5051
- name: Cache CodeQL
5152
id: cache-codeql

.github/workflows/create-draft-release.yml

+5
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,11 @@ jobs:
4141
with:
4242
fetch-depth: 0
4343

44+
- name: Install Python
45+
uses: actions/setup-python@v4
46+
with:
47+
python-version: "3.9"
48+
4449
- name: Install generate_release_notes.py dependencies
4550
run: pip install -r scripts/requirements.txt
4651

.github/workflows/generate-html-docs.yml

+7
Original file line numberDiff line numberDiff line change
@@ -5,10 +5,12 @@ on:
55
branches:
66
- main
77
- 'rc/**'
8+
- next
89
pull_request:
910
branches:
1011
- main
1112
- 'rc/**'
13+
- next
1214

1315
jobs:
1416
generate-html-doc:
@@ -18,6 +20,11 @@ jobs:
1820
- name: Checkout
1921
uses: actions/checkout@v2
2022

23+
- name: Install Python
24+
uses: actions/setup-python@v4
25+
with:
26+
python-version: "3.9"
27+
2128
- name: Install generate_iso26262_docs.py dependencies
2229
run: pip install -r scripts/requirements.txt
2330

.github/workflows/standard_library_upgrade_tests.yml

+4-3
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@ on:
66
branches:
77
- main
88
- "rc/**"
9+
- next
910
paths:
1011
- "supported_codeql_configs.json"
1112
workflow_dispatch:
@@ -155,10 +156,10 @@ jobs:
155156
needs: [run-test-suites]
156157
runs-on: ubuntu-latest
157158
steps:
158-
- name: Setup Python 3
159-
uses: actions/setup-python@v2
159+
- name: Install Python
160+
uses: actions/setup-python@v4
160161
with:
161-
python-version: "3.x"
162+
python-version: "3.9"
162163

163164
- name: Collect test results
164165
uses: actions/download-artifact@v2

.github/workflows/validate-coding-standards.yml

+36-35
Original file line numberDiff line numberDiff line change
@@ -4,12 +4,13 @@ on:
44
push:
55
branches:
66
- main
7-
- 'rc/**'
7+
- "rc/**"
8+
- next
89
pull_request:
910
branches:
1011
- main
11-
- 'rc/**'
12-
- 'c-coding-standards'
12+
- "rc/**"
13+
- next
1314

1415
env:
1516
XARGS_MAX_PROCS: 4
@@ -22,6 +23,11 @@ jobs:
2223
- name: Checkout
2324
uses: actions/checkout@v2
2425

26+
- name: Install Python
27+
uses: actions/setup-python@v4
28+
with:
29+
python-version: "3.9"
30+
2531
- name: Install generate_package_files.py dependencies
2632
run: pip install -r scripts/requirements.txt
2733

@@ -43,19 +49,18 @@ jobs:
4349
4450
- name: Validate Package Files (CPP)
4551
run: |
46-
find rule_packages/cpp -name \*.json -exec basename {} .json \; | xargs --max-procs "$XARGS_MAX_PROCS" --max-args 1 python3 scripts/generate_rules/generate_package_files.py cpp
52+
find rule_packages/cpp -name \*.json -exec basename {} .json \; | xargs --max-procs "$XARGS_MAX_PROCS" --max-args 1 python scripts/generate_rules/generate_package_files.py cpp
4753
git diff
4854
git diff --compact-summary
4955
git diff --quiet
5056
5157
- name: Validate Package Files (C)
5258
run: |
53-
find rule_packages/c -name \*.json -exec basename {} .json \; | xargs --max-procs "$XARGS_MAX_PROCS" --max-args 1 python3 scripts/generate_rules/generate_package_files.py c
59+
find rule_packages/c -name \*.json -exec basename {} .json \; | xargs --max-procs "$XARGS_MAX_PROCS" --max-args 1 python scripts/generate_rules/generate_package_files.py c
5460
git diff
5561
git diff --compact-summary
5662
git diff --quiet
5763
58-
5964
validate-codeql-format:
6065
name: "Validate CodeQL Format"
6166
runs-on: ubuntu-latest
@@ -90,41 +95,37 @@ jobs:
9095
validate-query-help-files:
9196
name: Validate Query Help Files
9297
runs-on: ubuntu-latest
93-
strategy:
94-
fail-fast: false
95-
matrix:
96-
language: ['cpp', 'c']
9798
steps:
9899
- name: Checkout
99100
uses: actions/checkout@v2
100101

101-
- name: Fetch CodeQL
102+
- name: Validate CPP Query Help Files
102103
run: |
103-
gh release download --repo https://github.com/github/codeql-cli-binaries --pattern codeql-linux64.zip
104-
unzip -q codeql-linux64.zip
105-
env:
106-
GITHUB_TOKEN: ${{ github.token }}
104+
exit_code=0
105+
for help_file in `find cpp -name '*.md'`
106+
do
107+
if grep -F -q 'REPLACE THIS' "$help_file" > /dev/null
108+
then
109+
echo "Help file $help_file contains placeholders that are not replaced or removed!"
110+
exit_code=1
111+
fi
112+
done
113+
114+
exit $exit_code
107115
108-
- name: Validate Query Help Files
116+
- name: Validate C Query Help Files
109117
run: |
110-
qhelp_output=$(( codeql/codeql generate query-help --format=markdown --output=${{ matrix.language }}/qhelp-markdown-dump ${{ matrix.language }} ) 2>&1 )
111-
qhelp_count=$(find ${{ matrix.language }} -name \*.ql -or -name \*.qhelp | wc -l)
112-
113-
if [[ $qhelp_output ]]; then
114-
errors=$( echo "$qhelp_output" | grep -v '/test/' || [[ $? == 1 ]] )
115-
if [[ $errors ]]; then
116-
echo "There are errors with the qhelp files: "
117-
echo "$errors"
118-
exit 1
119-
else
120-
echo "Disregarding tests..."
121-
echo "Query help files look good."
118+
exit_code=0
119+
for help_file in `find c -name '*.md'`
120+
do
121+
if grep -F -q 'REPLACE THIS' "$help_file" > /dev/null
122+
then
123+
echo "Help file $help_file contains placeholders that are not replaced or removed!"
124+
exit_code=1
122125
fi
123-
elif [[ ! $qhelp_output && qhelp_count -gt 0 ]]; then
124-
echo "Query help files look good."
125-
else
126-
echo "There are no query help files to analyze."
127-
fi
126+
done
127+
128+
exit $exit_code
128129
129130
validate-cpp-test-files:
130131
name: Validate C++ Test Files
@@ -143,7 +144,7 @@ jobs:
143144
if ! test -f .clang-format; then
144145
echo "Cannot find .clang-format in '$PWD'. Exiting..."
145146
fi
146-
147+
147148
find cpp/*/test -name \*.cpp -print0 | xargs -0 --max-procs "$XARGS_MAX_PROCS" clang-format --style=file -i --verbose
148149
git diff
149150
git diff --compact-summary
@@ -166,7 +167,7 @@ jobs:
166167
if ! test -f .clang-format; then
167168
echo "Cannot find .clang-format in '$PWD'. Exiting..."
168169
fi
169-
170+
170171
find c/*/test -name \*.c -print0 | xargs -0 --max-procs "$XARGS_MAX_PROCS" clang-format --style=file -i --verbose
171172
git diff
172173
git diff --compact-summary

0 commit comments

Comments
 (0)