|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PATCH-XENCONS] Add CodeQL build stage
CodeQL logs will be required for future WHQL submissions. Add a stage
that generates the required SARIF files. CodeQL is a semantic code
analysis engine, which will highlight vunerabilities that will need
fixing.
In order to use CodeQL, the CodeQL binaries must be on the path and the
Windows-Driver-Developer-Supplemental-Tools must be on the path defined
by the CODEQL_QUERY_SUITE environment variable (if defined), or under
the parent folder (if CODEQL_QUERY_SUITE variable is not defined)
Note: Due to the way the codeql command line is built, using quotes in a
MSBuild command line is not possible, so generate a batch file to wrap
the command line.
Signed-off-by: Owen Smith <owen.smith@xxxxxxxxxx>
---
build.ps1 | 20 +++++++++++
msbuild.ps1 | 95 ++++++++++++++++++++++++++++++++++++++++++++++++++---
2 files changed, 111 insertions(+), 4 deletions(-)
diff --git a/build.ps1 b/build.ps1
index 2ea6428..346d187 100644
--- a/build.ps1
+++ b/build.ps1
@@ -6,6 +6,7 @@ param(
[Parameter(Mandatory = $true)]
[string]$Type,
[string]$Arch,
+ [switch]$CodeQL,
[switch]$Sdv
)
@@ -51,6 +52,21 @@ Function SdvBuild {
& ".\msbuild.ps1" @params
}
+function CodeQLBuild {
+ $visualstudioversion = $Env:VisualStudioVersion
+ $solutiondir = @{ "14.0" = "vs2015"; "15.0" = "vs2017"; "16.0" =
"vs2019"; }
+ $configurationbase = @{ "14.0" = "Windows 10"; "15.0" = "Windows 10";
"16.0" = "Windows 10"; }
+ $arch = "x64"
+
+ $params = @{
+ SolutionDir = $solutiondir[$visualstudioversion];
+ ConfigurationBase = $configurationbase[$visualstudioversion];
+ Arch = $arch;
+ Type = "codeql"
+ }
+ & ".\msbuild.ps1" @params
+}
+
if ($Type -ne "free" -and $Type -ne "checked") {
Write-Host "Invalid Type"
Exit -1
@@ -99,6 +115,10 @@ if ([string]::IsNullOrEmpty($Arch) -or $Arch -eq "x64") {
Build "x64" $Type
}
+if ($CodeQL) {
+ CodeQLBuild
+}
+
if ($Sdv) {
SdvBuild
}
diff --git a/msbuild.ps1 b/msbuild.ps1
index 97e1292..ecf3d10 100644
--- a/msbuild.ps1
+++ b/msbuild.ps1
@@ -67,14 +67,81 @@ Function Run-MSBuildSDV {
Set-Location $basepath
}
+Function Run-CodeQL {
+ param(
+ [string]$SolutionPath,
+ [string]$Name,
+ [string]$Configuration,
+ [string]$Platform,
+ [string]$SearchPath,
+ [string]$OutputPath
+ )
+
+ $projpath = Resolve-Path (Join-Path $SolutionPath $Name)
+ $project = [string]::Format("{0}.vcxproj", $Name)
+ $output = [string]::Format("{0}.sarif", $Name)
+ $database = Join-Path "database" $Name
+
+ # write a bat file to wrap msbuild parameters
+ $bat = [string]::Format("{0}.bat", $Name)
+ if (Test-Path $bat) {
+ Remove-Item $bat
+ }
+ $a = "msbuild.exe"
+ $a += " /m:4"
+ $a += " /t:Build"
+ $a += [string]::Format(" /p:Configuration=""{0}""", $Configuration)
+ $a += [string]::Format(" /p:Platform=""{0}""", $Platform)
+ $a += " "
+ $a += Join-Path $projpath $project
+ $a | Set-Content $bat
+
+ # generate the database
+ $b = "codeql"
+ $b += " database"
+ $b += " create"
+ $b += " -l=cpp"
+ $b += " -s=src"
+ $b += " -c"
+ $b += ' "' + (Resolve-Path $bat) + '" '
+ $b += $database
+ Invoke-Expression $b
+ if ($LASTEXITCODE -ne 0) {
+ Write-Host -ForegroundColor Red "ERROR: CodeQL failed, code:"
$LASTEXITCODE
+ Exit $LASTEXITCODE
+ }
+ Remove-Item $bat
+
+ # perform the analysis on the database
+ $c = "codeql"
+ $c += " database"
+ $c += " analyze "
+ $c += $database
+ $c += " windows_driver_recommended.qls"
+ $c += " --format=sarifv2.1.0"
+ $c += " --output="
+ $c += (Join-Path $OutputPath $output)
+ $c += " --search-path="
+ $c += $SearchPath
+
+ Invoke-Expression $c
+ if ($LASTEXITCODE -ne 0) {
+ Write-Host -ForegroundColor Red "ERROR: CodeQL failed, code:"
$LASTEXITCODE
+ Exit $LASTEXITCODE
+ }
+}
+
#
# Script Body
#
-$configuration = @{ "free" = "$ConfigurationBase Release"; "checked" =
"$ConfigurationBase Debug"; "sdv" = "$ConfigurationBase Release"; }
+$configuration = @{ "free" = "$ConfigurationBase Release"; "checked" =
"$ConfigurationBase Debug"; "sdv" = "$ConfigurationBase Release"; "codeql" =
"$ConfigurationBase Release"; }
$platform = @{ "x86" = "Win32"; "x64" = "x64" }
$solutionpath = Resolve-Path $SolutionDir
+$archivepath = "xencons"
+$projectlist = @( "xencons" )
+
Set-ExecutionPolicy -Scope CurrentUser -Force Bypass
if ($Type -eq "free") {
@@ -83,14 +150,34 @@ if ($Type -eq "free") {
elseif ($Type -eq "checked") {
Run-MSBuild $solutionpath "xencons.sln" $configuration["checked"]
$platform[$Arch]
}
-elseif ($Type -eq "sdv") {
- $archivepath = "xencons"
+elseif ($Type -eq "codeql") {
+ if (-Not (Test-Path -Path $archivepath)) {
+ New-Item -Name $archivepath -ItemType Directory | Out-Null
+ }
+ if ([string]::IsNullOrEmpty($Env:CODEQL_QUERY_SUITE)) {
+ $searchpath = Resolve-Path ".."
+ } else {
+ $searchpath = $Env:CODEQL_QUERY_SUITE
+ }
+
+ if (Test-Path "database") {
+ Remove-Item -Recurse -Force "database"
+ }
+ New-Item -ItemType Directory "database" | Out-Null
+
+ $projectlist | ForEach {
+ Run-CodeQL $solutionpath $_ $configuration["codeql"]
$platform[$Arch] $searchpath $archivepath
+ }
+}
+elseif ($Type -eq "sdv") {
if (-Not (Test-Path -Path $archivepath)) {
New-Item -Name $archivepath -ItemType Directory | Out-Null
}
- Run-MSBuildSDV $solutionpath "xencons" $configuration["sdv"]
$platform[$Arch]
+ $projectlist | ForEach {
+ Run-MSBuildSDV $solutionpath $_ $configuration["sdv"]
$platform[$Arch]
+ }
Copy-Item -Path (Join-Path -Path $SolutionPath -ChildPath "*DVL*")
-Destination $archivepath
}
--
2.30.1.windows.1
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |