[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PATCH-XENVBD] Add CodeQL build stage
CodeQL logs will be required for future WHQL submissions. Add a stage that generates the required SARIF files. CodeQL is a semantic code analysis engine, which will highlight vunerabilities that will need fixing. In order to use CodeQL, the CodeQL binaries must be on the path and the Windows-Driver-Developer-Supplemental-Tools must be on the path defined by the CODEQL_QUERY_SUITE environment variable (if defined), or under the parent folder (if CODEQL_QUERY_SUITE variable is not defined) Note: Due to the way the codeql command line is built, using quotes in a MSBuild command line is not possible, so generate a batch file to wrap the command line. Signed-off-by: Owen Smith <owen.smith@xxxxxxxxxx> --- build.ps1 | 20 +++++++++++ msbuild.ps1 | 97 +++++++++++++++++++++++++++++++++++++++++++++++++---- 2 files changed, 111 insertions(+), 6 deletions(-) diff --git a/build.ps1 b/build.ps1 index 2ea6428..346d187 100644 --- a/build.ps1 +++ b/build.ps1 @@ -6,6 +6,7 @@ param( [Parameter(Mandatory = $true)] [string]$Type, [string]$Arch, + [switch]$CodeQL, [switch]$Sdv ) @@ -51,6 +52,21 @@ Function SdvBuild { & ".\msbuild.ps1" @params } +function CodeQLBuild { + $visualstudioversion = $Env:VisualStudioVersion + $solutiondir = @{ "14.0" = "vs2015"; "15.0" = "vs2017"; "16.0" = "vs2019"; } + $configurationbase = @{ "14.0" = "Windows 10"; "15.0" = "Windows 10"; "16.0" = "Windows 10"; } + $arch = "x64" + + $params = @{ + SolutionDir = $solutiondir[$visualstudioversion]; + ConfigurationBase = $configurationbase[$visualstudioversion]; + Arch = $arch; + Type = "codeql" + } + & ".\msbuild.ps1" @params +} + if ($Type -ne "free" -and $Type -ne "checked") { Write-Host "Invalid Type" Exit -1 @@ -99,6 +115,10 @@ if ([string]::IsNullOrEmpty($Arch) -or $Arch -eq "x64") { Build "x64" $Type } +if ($CodeQL) { + CodeQLBuild +} + if ($Sdv) { SdvBuild } diff --git a/msbuild.ps1 b/msbuild.ps1 index b918cfa..4cb408a 100644 --- a/msbuild.ps1 +++ b/msbuild.ps1 @@ -67,14 +67,81 @@ Function Run-MSBuildSDV { Set-Location $basepath } +Function Run-CodeQL { + param( + [string]$SolutionPath, + [string]$Name, + [string]$Configuration, + [string]$Platform, + [string]$SearchPath, + [string]$OutputPath + ) + + $projpath = Resolve-Path (Join-Path $SolutionPath $Name) + $project = [string]::Format("{0}.vcxproj", $Name) + $output = [string]::Format("{0}.sarif", $Name) + $database = Join-Path "database" $Name + + # write a bat file to wrap msbuild parameters + $bat = [string]::Format("{0}.bat", $Name) + if (Test-Path $bat) { + Remove-Item $bat + } + $a = "msbuild.exe" + $a += " /m:4" + $a += " /t:Build" + $a += [string]::Format(" /p:Configuration=""{0}""", $Configuration) + $a += [string]::Format(" /p:Platform=""{0}""", $Platform) + $a += " " + $a += Join-Path $projpath $project + $a | Set-Content $bat + + # generate the database + $b = "codeql" + $b += " database" + $b += " create" + $b += " -l=cpp" + $b += " -s=src" + $b += " -c" + $b += ' "' + (Resolve-Path $bat) + '" ' + $b += $database + Invoke-Expression $b + if ($LASTEXITCODE -ne 0) { + Write-Host -ForegroundColor Red "ERROR: CodeQL failed, code:" $LASTEXITCODE + Exit $LASTEXITCODE + } + Remove-Item $bat + + # perform the analysis on the database + $c = "codeql" + $c += " database" + $c += " analyze " + $c += $database + $c += " windows_driver_recommended.qls" + $c += " --format=sarifv2.1.0" + $c += " --output=" + $c += (Join-Path $OutputPath $output) + $c += " --search-path=" + $c += $SearchPath + + Invoke-Expression $c + if ($LASTEXITCODE -ne 0) { + Write-Host -ForegroundColor Red "ERROR: CodeQL failed, code:" $LASTEXITCODE + Exit $LASTEXITCODE + } +} + # # Script Body # -$configuration = @{ "free" = "$ConfigurationBase Release"; "checked" = "$ConfigurationBase Debug"; "sdv" = "$ConfigurationBase Release"; } +$configuration = @{ "free" = "$ConfigurationBase Release"; "checked" = "$ConfigurationBase Debug"; "sdv" = "$ConfigurationBase Release"; "codeql" = "$ConfigurationBase Release"; } $platform = @{ "x86" = "Win32"; "x64" = "x64" } $solutionpath = Resolve-Path $SolutionDir +$archivepath = "xenvbd" +$projectlist = @( "xencrsh", "xendisk", "xenvbd" ) + Set-ExecutionPolicy -Scope CurrentUser -Force Bypass if ($Type -eq "free") { @@ -83,16 +150,34 @@ if ($Type -eq "free") { elseif ($Type -eq "checked") { Run-MSBuild $solutionpath "xenvbd.sln" $configuration["checked"] $platform[$Arch] } -elseif ($Type -eq "sdv") { - $archivepath = "xenvbd" +elseif ($Type -eq "codeql") { + if (-Not (Test-Path -Path $archivepath)) { + New-Item -Name $archivepath -ItemType Directory | Out-Null + } + if ([string]::IsNullOrEmpty($Env:CODEQL_QUERY_SUITE)) { + $searchpath = Resolve-Path ".." + } else { + $searchpath = $Env:CODEQL_QUERY_SUITE + } + + if (Test-Path "database") { + Remove-Item -Recurse -Force "database" + } + New-Item -ItemType Directory "database" | Out-Null + + $projectlist | ForEach { + Run-CodeQL $solutionpath $_ $configuration["codeql"] $platform[$Arch] $searchpath $archivepath + } +} +elseif ($Type -eq "sdv") { if (-Not (Test-Path -Path $archivepath)) { New-Item -Name $archivepath -ItemType Directory | Out-Null } - Run-MSBuildSDV $solutionpath "xencrsh" $configuration["sdv"] $platform[$Arch] - Run-MSBuildSDV $solutionpath "xendisk" $configuration["sdv"] $platform[$Arch] - Run-MSBuildSDV $solutionpath "xenvbd" $configuration["sdv"] $platform[$Arch] + $projectlist | ForEach { + Run-MSBuildSDV $solutionpath $_ $configuration["sdv"] $platform[$Arch] + } Copy-Item -Path (Join-Path -Path $SolutionPath -ChildPath "*DVL*") -Destination $archivepath } -- 2.30.1.windows.1
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |