edk2.qls: Allow error severity results and add new queries

The query cpp/conditionallyuninitializedvariable was initially
enabled with the CodeQL code because work was in progress on those
changes. The results were filtered out so CodeQL passed so we could
verify the CodeQL workflow without impacting CI results.

This change allows error severity messages and substitutes that query
with two queries that do not return failures. This allows these
queries to find future problems and prepares the CodeQL workflow to
catch future failures as queries are enabled.

Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Sean Brogan <sean.brogan@microsoft.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>

diff --git a/.github/codeql/codeql-config.yml b/.github/codeql/codeql-config.yml
index 3e27c2fb0d2875920459c0c020c5db81ef6bc309..a51db141ebe35928ae302802398237649e331120 100644 (file)
--- a/.github/codeql/codeql-config.yml
+++ b/.github/codeql/codeql-config.yml
@@ -25,6 +25,5 @@ queries:
 query-filters:\r
 - exclude:\r
     problem.severity:\r
-      - error\r
       - warning\r
       - recommendation\r

diff --git a/.github/codeql/edk2.qls b/.github/codeql/edk2.qls
index 0efc7dca52dbca0826de70658fcc68cb0af1f7f1..ef9aae790f5f75346264fbb2f32b47b8b728bb6b 100644 (file)
--- a/.github/codeql/edk2.qls
+++ b/.github/codeql/edk2.qls
@@ -9,4 +9,6 @@
 # Enable individual queries below.\r
 \r
 - include:\r
-    id: cpp/conditionallyuninitializedvariable\r
+    id: cpp/infinite-loop-with-unsatisfiable-exit-condition\r
+- include:\r
+    id: cpp/overflow-buffer\r