git.proxmox.com Git - mirror

author	Richard Yao <richard.yao@alumni.stonybrook.edu>
	Fri, 26 Jan 2024 22:11:33 +0000 (17:11 -0500)
committer	GitHub <noreply@github.com>
	Fri, 26 Jan 2024 22:11:33 +0000 (14:11 -0800)
commit	e7af89d972ffea5c205a072b9e3ad4654b36f352
tree	15252b30367d4103ec63f0436d789c5aad9d78fc	tree
parent	dac0bae561d4d044208881ef4664a3bf9e657e7b	commit \| diff

Switch to CodeQL to detect prohibited function use

The LLVM/Clang developers pointed out that using the CPP to detect use
of functions that our QA policies prohibit risks invoking undefined
behavior. To resolve this, we configure CodeQL to detect forbidden
function usage.

Note that cpp in the context of CodeQL refers to C/C++, rather than the
C PreProcessor, which C++ also uses. It really should have been written
cxx, but that ship sailed a long time ago. This misuse of the term cpp
is retained in the CodeQL configuration for consistency with upstream
CodeQL.

As a side benefit, verbose make no longer is a wall of text showing a
bunch of CPP macros, which can make debugging slightly easier.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Richard Yao <richard.yao@alumni.stonybrook.edu>
Closes #15819
Closes #14134

.github/codeql-cpp.yml	[new file with mode: 0644]	blob
.github/codeql-python.yml	[new file with mode: 0644]	blob
.github/codeql/custom-queries/cpp/deprecatedFunctionUsage.ql	[new file with mode: 0644]	blob
.github/codeql/custom-queries/cpp/qlpack.yml	[new file with mode: 0644]	blob
.github/workflows/codeql.yml		diff \| blob \| blame \| history
config/Rules.am		diff \| blob \| blame \| history