From patchwork Fri Feb 25 15:19:30 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Roger_Pau_Monn=C3=A9?= X-Patchwork-Id: 12760482 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 22058C433FE for ; Fri, 25 Feb 2022 15:20:13 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.279379.477097 (Exim 4.92) (envelope-from ) id 1nNcO3-0008TY-EA; Fri, 25 Feb 2022 15:20:03 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 279379.477097; Fri, 25 Feb 2022 15:20:03 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNcO3-0008Sw-A2; Fri, 25 Feb 2022 15:20:03 +0000 Received: by outflank-mailman (input) for mailman id 279379; Fri, 25 Feb 2022 15:20:01 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1nNcO1-0007u5-8P for xen-devel@lists.xenproject.org; Fri, 25 Feb 2022 15:20:01 +0000 Received: from esa3.hc3370-68.iphmx.com (esa3.hc3370-68.iphmx.com [216.71.145.155]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 64f864d4-964e-11ec-8eb9-a37418f5ba1a; Fri, 25 Feb 2022 16:20:00 +0100 (CET) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 64f864d4-964e-11ec-8eb9-a37418f5ba1a DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1645802400; h=from:to:cc:subject:date:message-id:in-reply-to: references:content-transfer-encoding:mime-version; bh=7JLwmDLnPplfo5EXV+kV2lfB8peL6ufTDYH7Y6eoats=; b=KmIIQzLpR3+p89Fyw7ip7iixKuycs1fpiiwdhwOa06L4IbgFiTKbBirX C7GVm9sFtnjdIs5ZEMBs3koyiQ0Pf5ZZz1X6jvxclsKlBIBBIKFebVNF3 XcMXExrGR6uW6JWmGD8pEfInEqFWlIuN5fjlxOsymcB5+aWFmLUmzHLPA M=; Authentication-Results: esa3.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com X-SBRS: 5.1 X-MesageID: 64998962 X-Ironport-Server: esa3.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.83 X-Policy: $RELAYED IronPort-Data: A9a23:qYkdqqKvAQIQa2h7FE+R75UlxSXFcZb7ZxGr2PjKsXjdYENS0GNRm GsbCjqFa6qPZmX1eYh1bISy/EoOv8fTz4RiGwRlqX01Q3x08seUXt7xwmUcns+xwm8vaGo9s q3yv/GZdJhcokf0/0vrav67xZVF/fngqoDUUYYoAQgsA148IMsdoUg7wbRh2NQ12YLR7z6l4 rseneWOYDdJ5BYsWo4kw/rrRMRH5amaVJsw5zTSVNgT1LPsvyB94KE3fMldG0DQUIhMdtNWc s6YpF2PEsE1yD92Yj+tuu6TnkTn2dc+NyDW4pZdc/DKbhSvOkXee0v0XRYRQR4/ttmHozx+4 JJwuMGpcgVxBfznle0ACUV/CGY9JIQTrdcrIVDn2SCS50jPcn+qyPRyFkAme4Yf/46bA0kXq 6ZecmpUKEne2aTmm9pXScE17ignBNPsM44F/Glp0BnSDOo8QICFSKLPjTNd9Gls15EeTKiED yYfQWRQQT7sMx5ABhQOEbIAmuLriFzAXQQN/Tp5ooJoujOOnWSdyoPFK8HJc9aHQcFUmEewp W/c+Wn9RBYAO7S31j6t4n+qwOjVkkvTWp8WFbC+3u5nhhuU3GN7IA0bUx63rOe0jma6WslDM AoE9yw2t68w+Ue3CN7nUHWQonSJoxodUNp4CPAh5UeGza+83uqCLjFaFHgbMoVg7ZJoA2xxv rOUoz/3LXtSveCMcnDFzea/oDqvY3QyNihBfAZRGGPp/OLfiI00ixvOSPNqH6i0ksD5FFnM/ tyakMQtr+5N1JBWjs1X6XiC2mvx/caREmbZ8y2KBjrN0+9vWGKyi2VEA3D/5O0IEouWR0LpU JMsy5nHt7Bm4X1geUWwrAQx8FOBu6ft3N702wcH83wdG9KFoS/LkWd4umwWGauRGpxYEQIFm WeK0e+r2LddPWGxcYh8aJ+rBsIhwMDITIq5C6+IN4YTOsApLGdrGR2Cg2bKjggBd2B2zMkC1 WqzK57wXR7294w9pNZJewvt+eBynX1vrY8ibZv60w6mwdKjiI29Et843K+1Rrlhtsus+VyNm /4Gbpfi40gPAYXWP3iMmaZOfA9iEJTOLc2vwyChXrXYeVQO9aBII6K5/I7NjKQ+x/UFzrqTp yrlMqKaoXKm7UD6xcyxQikLQJvkXIplrGJ9OiopPF2y3GMkb5rp56AaH6bbt5F+nAC/5ZaYl 8U4Rvg= IronPort-HdrOrdr: A9a23:O0hgnqoYywXifAftIrZS13UaV5oveYIsimQD101hICG9Ffbo8P xG/c5rsSMc7Qx7ZJhOo7y90cW7Lk80lqQU3WByB9mftWDd0QPDQb2KhrGC/xTQXwH46+5Bxe NBXsFFebjN5IFB/KXHCd+DYrQd/OU= X-IronPort-AV: E=Sophos;i="5.90,136,1643691600"; d="scan'208";a="64998962" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=M4p00J74PvYcXoqXJrFE1wlWVQb5r+BcXoG+V58L6yWxCodQgCHcRcJP6V0Je/mTVFz0HsPPZHb3QqxL/3dAmjSq5WxG3jY7rf1W11jBJXbywH598JpmHN7WSf1Ma4MYUvlTiCRaD6URnkHPrEmkwye6Ux8NHbiIaXrNp5XpqM0pUT9QUO7LuDZfm1FyC59L2uby5Iy0sf0ILfemlN3kDIEQeIbwC7K0VvRfoVjI74PYudxsNVgKotr64Q9hpMYpdcA7xG6eSNmg1eI3LvpOg0nnojbr56hbJsz8TueRykyidTEUOSXtE1dKARkfqRdu35PDEHFGTyjwM3oERkrYww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Lewhc8J3qtovseDH6VSo3lWF3jCtfrt5D8YHKkcpQFU=; b=aZetWlHAY6f98Rodk8tfeSjp8QM59B1n3O2jcyKaj3pIJY2n1VxujCBIPJMMwWrnuvm8zS4OnC3GOkA/utCwtRde/RzGIDgpz5JyjgHmGkiRyIuSbIgtovB0vSXah+E7v1bZoolYzrfE/c/ZKI0B/g9B4Z5sNGwI3F2/UN1rZN7OptKTSEDQ6tvjvf+MzqBzW31ou7toTo8fVfDVfiTV9nVCCDimrmAC4E8FGmrYcEsovG7Xy0UmEvJY7ScIaDJESHw1jWyxFuW43sYtShb35S+zAxgL+rn1GdoYlu2UA/QL7n7gD93ksabUBri5DHQfjyHnC+nd+tyvoh6XG2++Vw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=citrix.onmicrosoft.com; s=selector2-citrix-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Lewhc8J3qtovseDH6VSo3lWF3jCtfrt5D8YHKkcpQFU=; b=intvuDKGAXota+nJWPVRtB/fjjI0QrbjIOKWihWvtpSDzZtHTeUko+me7JIC/5VJ1deyTLoc30SXvGiqTM7CnneaK2OFAv01NotbpzM+tnkFz7uvdHI3NnqDKrRGmAA5dmJQAgvRdGl+dUugn9yqCXdpy//3ccCd6ZDXlbXkmL0= From: Roger Pau Monne To: CC: Roger Pau Monne , Andrew Cooper , George Dunlap , Jan Beulich , Julien Grall , Stefano Stabellini , Wei Liu Subject: [PATCH 1/2] codeql: add support for analyzing C, Python and Go Date: Fri, 25 Feb 2022 16:19:30 +0100 Message-ID: <20220225151931.99848-2-roger.pau@citrix.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220225151931.99848-1-roger.pau@citrix.com> References: <20220225151931.99848-1-roger.pau@citrix.com> X-ClientProxiedBy: LNXP265CA0085.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:76::25) To DS7PR03MB5608.namprd03.prod.outlook.com (2603:10b6:5:2c9::18) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: a901d43a-3096-43eb-0ce7-08d9f8724681 X-MS-TrafficTypeDiagnostic: CY4PR03MB3063:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: +SjXeFW3PKWGD5U8MYgaXvLJn0vxAbSyDTR/ysMEG7xoIG/Scm5pMwpdKSvCC4UUrF4RyzTukCWFLizv15EKfvIedxs8WQOBs8MO1gnq2JG8LKjKIMTrQ2gsu3FkDN4d9jHkyh0FuvN1X2aycwL+hCuLaulv4oIxkycEXfBooPgmZhmKToIamWo4KtsinMT9qRrcS7a+9ljLbJ+uie1TfQRdv1S958G8+hPAntr2Q6YnQNkZMS1sXTkXiC4Y1cgqfWsxx89+C3Os123foum8WmqplvJK2R+aRKn/t7KuBPJAyr8wvMyQ08sLM0DmuQ3c9ewAA24m9HO1UiNjdTn2HGJ+gbFp+eWu/42GZZrzpYcniPB9CoFI4hbrrrPKDO7ECDYMrT2ARCG+e2pzkTzsUzH6IUX6JuXva4rSG+1tKgZ7m7XvGjEVOD33aiI/MublMw6AyS1/xdz/ffVw128S5b4YkUqm8jfErzmrAqyKhIR8s+oBnP122BgucXTcL6RKrwM9xqxxkdvz88ukn3vy9RiHKCUaqHzipaBblFBBs2uCnMup0KRiOToqXXtZkDdRRgHX8GrtPRm5dFdcKF8HqFDm+5KBdUdrG+ezZ1WFk/2JgGCZGgmRPoJ6fc7PdK+lnkUdhysHRerFhTQtPbz/7w== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DS7PR03MB5608.namprd03.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(4636009)(366004)(66556008)(6512007)(6486002)(26005)(8676002)(66476007)(5660300002)(6666004)(4326008)(6506007)(6916009)(316002)(66946007)(86362001)(54906003)(83380400001)(186003)(1076003)(2616005)(82960400001)(36756003)(38100700002)(2906002)(508600001)(8936002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?5SSJuSTNvXKmRC5BTDGmdwg6PYW6?= =?utf-8?q?POCjleBOBZOs/bD/VilWHGuS6X7tN6D4ZkY0kW/qKAWr+E5xcsQw0Q+p7D3Lr7T+F?= =?utf-8?q?jDs0ubv5yQl/he8AOtALf4l4dipeoZVwvi/NmBV+M4uVG4SCqaiWxvblHKI/eJFX/?= =?utf-8?q?Kd0BKuAlkztgmW27rrNRPQg2tJjRK4uTEbfpp9ZlDZcDeWfvklWalyQ9VaYKN68CM?= =?utf-8?q?kSO6zspOz1IGPwgr+d1flTSnSjh97LUmIPPmg3R+AQXCDNvTUhM5Avz1wKkgZLkoi?= =?utf-8?q?MFIROanvtAPQs2Ifh5HAkKBvQp8Z1sixX4zxp1Vpimlun0NlRHoiO1pCTHHKDJswL?= =?utf-8?q?A9gjeWOo6TY5lfHK+dz7ruyCqDKBYdBM+3RZ+xQNRfTyJSRi+u20pT84VlxinV4Qm?= =?utf-8?q?V65skmyIwkmdBIfPdzPx+DqReZtTjyCgzFb0YxApvzGe3lpZYRAXY5dySneGelpl+?= =?utf-8?q?lVhYOH4dvyREwt9XDFPyCyt1eaSoH9cBMW/bEAhjPHJRbpSLIXcoPXX0KZDHSIVIP?= =?utf-8?q?jiJbbnp/qmI7ePlnDdiQ1EDQHr7Cjr8iihCamK3v3OriKauiOsoilxkqnGKIdmAed?= =?utf-8?q?7j+ZuskIcUJBHTeKtkdY+hvg8hkpU/4Igw93xJv7VocsvrJfYzo2M0ydDgX0VJhMD?= =?utf-8?q?+jo8uztvSNo+U3Vs2296hNI1c00EjtSh8rNhMd+ACvi8jrPo+GWrS6uZukz55sFqa?= =?utf-8?q?i7jdEJFCkauwq9O0X4wWEnHtxiJ6Qm9goYQLzNA+Po02fNu91enC6YeJltTklt5Vz?= =?utf-8?q?AEBRFEYdtsdb8nEZgrnE/zVpneT4ZPNZoNge65AdzCvrC7x2OgYGnE2fgTbJhwfyP?= =?utf-8?q?24Dhbr6Ow8rZMYIBdWXdO7v2qe8VRyY5kBg4Lr3s13mNKGYWm0iZThYSrUv9kxqbY?= =?utf-8?q?MI1cZdWAyP3owY7bbJOUb0/t5BpIT6CdVyyarw/d9oD02fWXccHGb9WtMMpEIEDyx?= =?utf-8?q?ogThVwymXUV/10LFSnLuTy8e+erWlBximlfGmzrmOZzWDBXT+V+iAG5zujRd66CnI?= =?utf-8?q?5E/hxm3F+sPJsAaNLEUIf1s0/ElLfN3DbedWK4fah7/FzLFayhvq0MnhU29F0mCag?= =?utf-8?q?w86u1pUsHVhzxZB3tFRVEgBoV3159xaSocRW+0LTWLpJ/4hHOV+XH7t7gXjVBOAkb?= =?utf-8?q?kbRu89y4k3kpc6or3kjcoEC4XfaatjPd/vSYTZX8LkBbaWZ/HWWu2UTMK+6YcBr4e?= =?utf-8?q?ywV+nswl4LD6WqYDsS9sDw9yUCpQwnDkl0xeIrRfb4N9QsWPz/5JDK7SjDvIIN4E3?= =?utf-8?q?ZCRo73FgHgNcrCxkFawPSscg7a4Dt08kiUmrRh0Iy3FXvndxGeTnBHrN/9eNnOFNC?= =?utf-8?q?4Ro9D7LiOkZ/HwHkUFqZAgzJ0Fd7ns8DKUMkitvx2BDkAXMLQy/j923ANKVHSFiIE?= =?utf-8?q?4+kF9Zc6VEM7kM4iSfyrxP5MHHhm2caBQfi1r40YFxX2cHKHFmNA4YXW2B+wFVSBK?= =?utf-8?q?+uZ4dyKZFjVpJEtfcr4qhYijBhpQ+IpC0HhrLI8hnYbrTAv3U2m/+Nj36ZSqpyJwa?= =?utf-8?q?VAp6yAZCx2j+i/EFmBYrBn06N6kDD9L7s4wBOUdrk8hkqz2Rmr7CGwo=3D?= X-MS-Exchange-CrossTenant-Network-Message-Id: a901d43a-3096-43eb-0ce7-08d9f8724681 X-MS-Exchange-CrossTenant-AuthSource: DS7PR03MB5608.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Feb 2022 15:19:54.3708 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 335836de-42ef-43a2-b145-348c2ee9ca5b X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 5eAF5d+XKTKpG3dINyfc7kOC9IfjpqR9uIvFwGjx6vOHGiPu77lkArEKFZ8hN8QwFY1E2f2ikJaKWIS09MBnvw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR03MB3063 X-OriginatorOrg: citrix.com Introduce CodeQL support for Xen and analyze the C, Python and Go files. Note than when analyzing Python or Go we avoid building the hypervisor and only build the tools. Requested-by: Andrew Cooper Signed-off-by: Roger Pau Monné --- TBD: there's no limit in the number of scans here unlike Coverity, but each takes github minutes and we are limited to 2000 per month IIRC. We might want to not perform a scan for each push. TBD: should we also disable the shim build? I'm not sure there's much value in analyzing it. --- .github/workflows/codeql.yml | 59 ++++++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000000..5bfe478983 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,59 @@ +name: CodeQL + +on: + workflow_dispatch: + push: + branches: [staging] + schedule: + - cron: '18 10 * * WED,SUN' # Bi-weekly at 10:18 UTC + +jobs: + analyse: + + strategy: + matrix: + language: [ 'cpp', 'python', 'go' ] + + runs-on: ubuntu-latest + + steps: + - name: Install build dependencies + run: | + sudo apt-get install -y wget git \ + libbz2-dev build-essential \ + zlib1g-dev libncurses5-dev iasl \ + libbz2-dev e2fslibs-dev uuid-dev libyajl-dev \ + autoconf libtool liblzma-dev \ + python3-dev golang python-dev libsystemd-dev + + - uses: actions/checkout@v2 + with: + ref: staging + + - name: Configure Xen + run: | + ./configure --with-system-qemu=/bin/true \ + --with-system-seabios=/bin/true \ + --with-system-ovmf=/bin/true + + - name: Pre build stuff + run: | + make -j`nproc` mini-os-dir + + - uses: github/codeql-action/init@v1 + with: + languages: ${{matrix.language}} + queries: security-and-quality + + - if: matrix.language == 'cpp' + name: Full Build + run: | + make -j`nproc` build-xen build-tools + make -j`nproc` -C extras/mini-os/ + + - if: matrix.language == 'python' || matrix.language == 'go' + name: Tools Build + run: | + make -j`nproc` build-tools + + - uses: github/codeql-action/analyze@v1