Xen project Mailing List

Re: [PATCH v2] codeql: add support for analyzing C, Python and Go

From: Roger Pau Monné <roger.pau@xxxxxxxxxx>

Date: Mon, 21 Mar 2022 10:54:43 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=YGxpGz/5jcyAmpgTvIgBZY79YADEvb/wm6QO7uVsn7M=; b=ecQtAYj+aHDpyGbpUvXV9gLFlzdV4qJn5VKoi5A9cVxtuwwftm28TrCKFVb64u0qPgW5PyYuN1bPVMH8wrTOjnCHGoJIt/h6GNHMiAgL45axjkeQsjr2f98cRS3jDVcp9ZaO/qIH0c4LqOgTB6Htw3gKC10fbqgDlEwUFnEjIiUhdkZl0MPk86c8t7BVu44SFSf065L7tPT51x+MZhOtgeaRK9Mu98tmTKy3NIzYopK/2vTq07f8Qu9u3bDCBlEiPkb9hRZ0KoQntw8HQ98/t7xGlxUSb/T/UQl3MXA8TkY5e0kQTageyhdAgNMuDb+dykM4Mxk1La9t0rdZCRJ30w==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TmfN7bjtk9km6m1J8ytupsC7yFC0PIZw753RMPHVRjyDW+ChsvBHh22jMqN6sozhjZyw9DzhjETIMZFMEbLB+YhV4XRWjJaw3uwBtw4puduPGqSeKHNHuoBlGC2jtyBDgFZvMvyHoxjm3V+483CxkDyzNpNdMcSNYR/DkHgMkyxqaBASd3/3wwwk2FBUE1iVC6Ii3hTGW9iq5dz1iJetlc5G6AYnB9POVNhKEZZLwhCoVZP0OfmWXCfkNaZVmb1Liqy947XTA2g2A/+gSMielKhzLjeGTwO8M8pBwiwptnKgyEBX/Rn34WZz1V80+5IMmJ2SA+q9bjKuCJXd0Jl0dA==

Authentication-results: esa1.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>

Delivery-date: Mon, 21 Mar 2022 09:55:05 +0000

Ironport-data: A9a23:4ImSfaCbPYFy/RVW/wLjw5YqxClBgxIJ4kV8jS/XYbTApDJ23zUFy mAWWTiPPfqMZWqkeo8gYdzn9hgPv8KDmoNhQQY4rX1jcSlH+JHPbTi7wuYcHM8wwunrFh8PA xA2M4GYRCwMZiaA4E/raNANlFEkvU2ybuOU5NXsZ2YgHWeIdA970Ug5w7Vj29Yx6TSEK1jlV e3a8pW31GCNg1aYAkpMg05UgEoy1BhakGpwUm0WPZinjneH/5UmJMt3yZWKB2n5WuFp8tuSH I4v+l0bElTxpH/BAvv9+lryn9ZjrrT6ZWBigVIOM0Sub4QrSoXfHc/XOdJFAXq7hQllkPhT+ dNftZOvQj4bAZDtlOMxTEgFLyBHaPguFL/veRBTsOSWxkzCNXDt3+9vHAc9OohwFuRfWD8Us 6ZCcXZUM07F17neLLGTE4GAguw5K8bmJsUHs2xIxjDFF/c2B5vERs0m4PcGg25s2Z0XQ54yY eJBRSVLYkueTiZUFUlJKqkvseC0gmDWJmgwRFW9+vNsvjm7IBZK+KP2LNPfd9iORMNUtkWVv GTL+yL+GB5yHMOb4SqI9DSrnOCntSHmXIMfEpWo+/gsh0ecrkQDBRtTWValrP2Rjk+lR8kZO 0ES4jApr6U56AqsVNaVdx+yrWOAvxUcc8FNCOB84waIopc4+C7AWDJCFGQYLoV76olmHlTGy 2NlgfvLNDp9sLKKQkuvyYq1oTSeJnlIEW47MHpsoRQ+3/Hvp4Q6jxTqR9llEbKogtCdJQwc0 wxmvwBl2exN0JdjO7GTuAme3mny/sShohsdvF2/Y46z0u9uiGdJjaSM4EOT0/tPJZ3xorKp7 CldwJj2AAzj4PiweM2xrAclQerBCxWtamS0bbtT834JrWjFxpJbVdoMiAyS3W8wWir+RRfnY VXIpSRa74JJMX2hYMdfOtztVJRzlfG5RY2+B5g4i+aihbArKWe6ENxGPxbMjwgBbmBy+U3AB XtrWZn1VitLYUiW5DG3W/0cwdcWKtMWngvuqWTA503/i9K2PSfNIZ9caQfmRr1pvcus/VSOm /4CZpTi9vmqeLCnCsUh2dVIdg5iwLlSLc2elvG7gcbYe1s4Qj59U6GNqV7jEqQ895loei7z1 ijVcmdTyUblhG2BLgOPa3t5b6joU4o5pnU+VRHA937xs5T/Se5DNJsiSqY=

Ironport-hdrordr: A9a23:Vj/Zk6BEQZnPrz7lHehOsceALOsnbusQ8zAXPh9KJiC9I/b1qy nxppkmPH/P6Qr4WBkb6Le90Y27MAnhHPlOkPQs1NaZLXLbUQ6TQr2KgrGSoQEIdxeOk9K1kJ 0QD5SWa+eAfGSS7/yKmTVQeuxIqLLskNHKuQ6d9QYUcegDUdAf0+4TMHf8LqQZfngjOXJvf6 Dsmfav6gDQMUg/X4CePD0oTuLDr9rEmNbPZgMHPQcu7E2rgSmz4LD3PhCE1lNGOgk/i4sKwC zgqUjU96+ju/a0xlv10HLS1Y1fnJ/ExsFYDMKBp8AJInHHixquZq5mR7qe1QpF692H2RIPqp 3hsh0gN8N85zf4eXy0mwLk303a3DMn+xbZuCilqEqmhfa8aCMxCsJHi44cWADe8VAcsNZ117 8O936FtrJMZCmw0xjV1pztbVVHh0C0qX0tnao4lHpES7YTb7dXsMg24F5VKpEdByj3gbpXXN WGNPuspcq+TGnqL0ww5gJUsZ+RtzUIb1q7q3E5y4KoO2M8pgE686MarPZv6kvouqhNDqWs3N 60QZiApIs+PvP+UpgNdtvpYfHHfFAlEii8eV57HzzcZdQ60jT22trK3Ik=

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Ping? On Mon, Mar 07, 2022 at 05:45:52PM +0100, Roger Pau Monne wrote: > Introduce CodeQL support for Xen and analyze the C, Python and Go > files. > > Note than when analyzing Python or Go we avoid building the hypervisor > and only build the tools. > > Requested-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> > Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx> > --- > Changes since v1: > - Rename to note it's x86 specific right now. > - Merge the ignored path patch. > --- > It's my understanding that we need to force the checkout action to > fetch 'staging' branch, or else for the scheduled runs we would end up > picking the current default branch (master). > > Maybe we want to remove the scheduled action and just rely on pushes > and manually triggered workflows? > --- > .github/codeql/codeql-config.yml | 3 ++ > .github/workflows/codeql-x86.yml | 60 ++++++++++++++++++++++++++++++++ > 2 files changed, 63 insertions(+) > create mode 100644 .github/codeql/codeql-config.yml > create mode 100644 .github/workflows/codeql-x86.yml > > diff --git a/.github/codeql/codeql-config.yml > b/.github/codeql/codeql-config.yml > new file mode 100644 > index 0000000000..721640c2a5 > --- /dev/null > +++ b/.github/codeql/codeql-config.yml > @@ -0,0 +1,3 @@ > +paths-ignore: > + - xen/tools/kconfig > + - tools/firmware/xen-dir/xen-root/xen/tools/kconfig > diff --git a/.github/workflows/codeql-x86.yml > b/.github/workflows/codeql-x86.yml > new file mode 100644 > index 0000000000..a3ec6236c4 > --- /dev/null > +++ b/.github/workflows/codeql-x86.yml > @@ -0,0 +1,60 @@ > +name: CodeQL x86 > + > +on: > + workflow_dispatch: > + push: > + branches: [staging] > + schedule: > + - cron: '18 10 * * WED,SUN' # Bi-weekly at 10:18 UTC > + > +jobs: > + analyse: > + > + strategy: > + matrix: > + language: [ 'cpp', 'python', 'go' ] > + > + runs-on: ubuntu-latest > + > + steps: > + - name: Install build dependencies > + run: | > + sudo apt-get install -y wget git \ > + libbz2-dev build-essential \ > + zlib1g-dev libncurses5-dev iasl \ > + libbz2-dev e2fslibs-dev uuid-dev libyajl-dev \ > + autoconf libtool liblzma-dev \ > + python3-dev golang python-dev libsystemd-dev > + > + - uses: actions/checkout@v2 > + with: > + ref: staging > + > + - name: Configure Xen > + run: | > + ./configure --with-system-qemu=/bin/true \ > + --with-system-seabios=/bin/true \ > + --with-system-ovmf=/bin/true > + > + - name: Pre build stuff > + run: | > + make -j`nproc` mini-os-dir > + > + - uses: github/codeql-action/init@v1 > + with: > + config-file: ./.github/codeql/codeql-config.yml > + languages: ${{matrix.language}} > + queries: security-and-quality > + > + - if: matrix.language == 'cpp' > + name: Full Build > + run: | > + make -j`nproc` build-xen build-tools > + make -j`nproc` -C extras/mini-os/ > + > + - if: matrix.language == 'python' || matrix.language == 'go' > + name: Tools Build > + run: | > + make -j`nproc` build-tools > + > + - uses: github/codeql-action/analyze@v1 > -- > 2.34.1 >

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.