git.proxmox.com Git - mirror

author	Richard Yao <richard.yao@alumni.stonybrook.edu>
	Fri, 26 Jan 2024 22:11:33 +0000 (17:11 -0500)
committer	Brian Behlendorf <behlendorf1@llnl.gov>
	Mon, 29 Jan 2024 22:53:29 +0000 (14:53 -0800)
commit	9da745f5de73487e14e6dfd65130b1677f84518a
tree	e3b94e398de5cb55be18928eb4edca4cc105bb40	tree
parent	cfa29b994594dd4261117aa9c685adc6274485a8	commit \| diff

Switch to CodeQL to detect prohibited function use

The LLVM/Clang developers pointed out that using the CPP to detect use
of functions that our QA policies prohibit risks invoking undefined
behavior. To resolve this, we configure CodeQL to detect forbidden
function usage.

Note that cpp in the context of CodeQL refers to C/C++, rather than the
C PreProcessor, which C++ also uses. It really should have been written
cxx, but that ship sailed a long time ago. This misuse of the term cpp
is retained in the CodeQL configuration for consistency with upstream
CodeQL.

As a side benefit, verbose make no longer is a wall of text showing a
bunch of CPP macros, which can make debugging slightly easier.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Richard Yao <richard.yao@alumni.stonybrook.edu>
Closes #15819
Closes #14134

.github/codeql-cpp.yml	[new file with mode: 0644]	blob
.github/codeql-python.yml	[new file with mode: 0644]	blob
.github/codeql/custom-queries/cpp/deprecatedFunctionUsage.ql	[new file with mode: 0644]	blob
.github/codeql/custom-queries/cpp/qlpack.yml	[new file with mode: 0644]	blob
.github/workflows/codeql.yml		diff \| blob \| blame \| history
config/Rules.am		diff \| blob \| blame \| history