[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RFC-PATCH] Add CodeQL support

  • To: win-pv-devel@xxxxxxxxxxxxxxxxxxxx
  • From: Paul Durrant <xadimgnik@xxxxxxxxx>
  • Date: Mon, 22 Feb 2021 15:55:39 +0000
  • Delivery-date: Mon, 22 Feb 2021 15:55:44 +0000
  • List-id: Developer list for the Windows PV Drivers subproject <win-pv-devel.lists.xenproject.org>
On 19/02/2021 14:22, Owen Smith wrote:

CodeQL results will be required for future WHQL certifications.
https://docs.microsoft.com/en-us/windows-hardware/drivers/devtest/static-tools-and-codeql

Add option to use CodeQL to generate the appropriate log. CodeQL uses
MSBuild to generate sarif files which are expected to be uploaded when
submitting WHQL results. sarif files will also highlight any violations
of the static analysis rules that will need fixing.

Note: The CodeQL doesnt seem to support passing quoted strings as MSBuild
parameters, so add default values for Configuration and Platform.
Would it be possible to spit out the msbuild command line to a temp batch file and then pass that to codeql on the cmdline? 

  Paul


Assumptions:
- CodeQL binaries are installed and accessible on the path
- Windows Driver Development Supplemental Tools are installed and are
   ehtier in the parent directory of the project, or accessible with the
   environment variable CODEQL_QUERY_SUITE

Signed-off-by: Owen Smith <owen.smith@xxxxxxxxxx>
---
  build.ps1            | 62 ++++++++++++++++++++++++++++++++++++++++++++
  vs2015/configs.props |  4 +++
  vs2017/configs.props |  4 +++
  vs2019/configs.props |  4 +++
  4 files changed, 74 insertions(+)

diff --git a/build.ps1 b/build.ps1
index 2ea6428..b6b5515 100644
--- a/build.ps1
+++ b/build.ps1
@@ -6,6 +6,7 @@ param(
        [Parameter(Mandatory = $true)]
        [string]$Type,
        [string]$Arch,
+       [switch]$CodeQL,
        [switch]$Sdv
  )
@@ -51,6 +52,63 @@ Function SdvBuild { 
        & ".\msbuild.ps1" @params
  }
+Function CodeQLBuild { 
+       $DriverList = @("xen", "xenbus", "xenfilt")
+
+       $visualstudioversion = $Env:VisualStudioVersion
+       $solutiondir = @{ "14.0" = "vs2015"; "15.0" = "vs2017"; "16.0" = 
"vs2019"; }
+
+       if ([string]::IsNullOrEmpty($Env:CODEQL_QUERY_SUITE)) {
+               $searchpath = Resolve-Path ".."
+       } else {
+               $searchpath = $Env:CODEQL_QUERY_SUITE
+       }
+
+       if (Test-Path "database") {
+               Remove-Item -Recurse -Force "database"
+       }
+       New-Item -ItemType Directory "database"
+
+       $DriverList | ForEach {
+               $projpath = Resolve-Path (Join-Path 
$solutiondir[$visualstudioversion] $_)
+               $proj = Join-Path $projpath ($_ + ".vcxproj")
+               $output = Join-Path "xenbus" ($_ + ".sarif")
+               $database = "database\" + $_
+
+               $c = "codeql"
+               $c += " database"
+               $c += " create"
+               $c += " -l=cpp"
+               $c += " -s=src"
+               $c += " -c"
+               $c += ' "msbuild.exe /t:Build /p:Platform=x64 ' + $proj + '" '
+               $c += $database
+
+               Invoke-Expression $c
+               if ($LASTEXITCODE -ne 0) {
+                       Write-Host -ForegroundColor Red "ERROR: CodeQL failed, 
code:" $LASTEXITCODE
+                       Exit $LASTEXITCODE
+               }
+
+               $c = "codeql"
+               $c += " database"
+               $c += " analyze "
+               $c += $database
+               $c += " windows_driver_recommended.qls"
+               $c += " --format=sarifv2.1.0"
+               $c += " --output="
+               $c += $output
+               $c += " --search-path="
+               $c += $searchpath
+
+               Invoke-Expression $c
+               if ($LASTEXITCODE -ne 0) {
+                       Write-Host -ForegroundColor Red "ERROR: CodeQL failed, 
code:" $LASTEXITCODE
+                       Exit $LASTEXITCODE
+               }
+       }
+}
+
  if ($Type -ne "free" -and $Type -ne "checked") {
        Write-Host "Invalid Type"
        Exit -1
@@ -99,6 +157,10 @@ if ([string]::IsNullOrEmpty($Arch) -or $Arch -eq "x64") {
        Build "x64" $Type
  }
+if ($CodeQL) { 
+       CodeQLBuild
+}
+
  if ($Sdv) {
        SdvBuild
  }
diff --git a/vs2015/configs.props b/vs2015/configs.props
index cdbb3c8..4be9288 100644
--- a/vs2015/configs.props
+++ b/vs2015/configs.props
@@ -1,5 +1,9 @@
  <?xml version="1.0" encoding="utf-8"?>
  <Project DefaultTargets="Build" ToolsVersion="12.0" 
xmlns="http://schemas.microsoft.com/developer/msbuild/2003";>
+       <PropertyGroup>
+               <Configuration Condition=" '$(Configuration)' == '' ">Windows 10 
Release</Configuration>
+               <Platform Condition=" '$(Platform)' == '' ">x64</Platform>
+       </PropertyGroup>
        <ItemGroup Label="ProjectConfigurations">
                <ProjectConfiguration Include="Windows 10 Debug|Win32">
                        <Configuration>Windows 10 Debug</Configuration>
diff --git a/vs2017/configs.props b/vs2017/configs.props
index cdbb3c8..4be9288 100644
--- a/vs2017/configs.props
+++ b/vs2017/configs.props
@@ -1,5 +1,9 @@
  <?xml version="1.0" encoding="utf-8"?>
  <Project DefaultTargets="Build" ToolsVersion="12.0" 
xmlns="http://schemas.microsoft.com/developer/msbuild/2003";>
+       <PropertyGroup>
+               <Configuration Condition=" '$(Configuration)' == '' ">Windows 10 
Release</Configuration>
+               <Platform Condition=" '$(Platform)' == '' ">x64</Platform>
+       </PropertyGroup>
        <ItemGroup Label="ProjectConfigurations">
                <ProjectConfiguration Include="Windows 10 Debug|Win32">
                        <Configuration>Windows 10 Debug</Configuration>
diff --git a/vs2019/configs.props b/vs2019/configs.props
index cdbb3c8..4be9288 100644
--- a/vs2019/configs.props
+++ b/vs2019/configs.props
@@ -1,5 +1,9 @@
  <?xml version="1.0" encoding="utf-8"?>
  <Project DefaultTargets="Build" ToolsVersion="12.0" 
xmlns="http://schemas.microsoft.com/developer/msbuild/2003";>
+       <PropertyGroup>
+               <Configuration Condition=" '$(Configuration)' == '' ">Windows 10 
Release</Configuration>
+               <Platform Condition=" '$(Platform)' == '' ">x64</Platform>
+       </PropertyGroup>
        <ItemGroup Label="ProjectConfigurations">
                <ProjectConfiguration Include="Windows 10 Debug|Win32">
                        <Configuration>Windows 10 Debug</Configuration>

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.