[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2] codeql: add support for analyzing C, Python and Go


  • To: <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Date: Mon, 21 Mar 2022 10:54:43 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=YGxpGz/5jcyAmpgTvIgBZY79YADEvb/wm6QO7uVsn7M=; b=ecQtAYj+aHDpyGbpUvXV9gLFlzdV4qJn5VKoi5A9cVxtuwwftm28TrCKFVb64u0qPgW5PyYuN1bPVMH8wrTOjnCHGoJIt/h6GNHMiAgL45axjkeQsjr2f98cRS3jDVcp9ZaO/qIH0c4LqOgTB6Htw3gKC10fbqgDlEwUFnEjIiUhdkZl0MPk86c8t7BVu44SFSf065L7tPT51x+MZhOtgeaRK9Mu98tmTKy3NIzYopK/2vTq07f8Qu9u3bDCBlEiPkb9hRZ0KoQntw8HQ98/t7xGlxUSb/T/UQl3MXA8TkY5e0kQTageyhdAgNMuDb+dykM4Mxk1La9t0rdZCRJ30w==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TmfN7bjtk9km6m1J8ytupsC7yFC0PIZw753RMPHVRjyDW+ChsvBHh22jMqN6sozhjZyw9DzhjETIMZFMEbLB+YhV4XRWjJaw3uwBtw4puduPGqSeKHNHuoBlGC2jtyBDgFZvMvyHoxjm3V+483CxkDyzNpNdMcSNYR/DkHgMkyxqaBASd3/3wwwk2FBUE1iVC6Ii3hTGW9iq5dz1iJetlc5G6AYnB9POVNhKEZZLwhCoVZP0OfmWXCfkNaZVmb1Liqy947XTA2g2A/+gSMielKhzLjeGTwO8M8pBwiwptnKgyEBX/Rn34WZz1V80+5IMmJ2SA+q9bjKuCJXd0Jl0dA==
  • Authentication-results: esa1.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>
  • Delivery-date: Mon, 21 Mar 2022 09:55:05 +0000
  • Ironport-data: A9a23:4ImSfaCbPYFy/RVW/wLjw5YqxClBgxIJ4kV8jS/XYbTApDJ23zUFy mAWWTiPPfqMZWqkeo8gYdzn9hgPv8KDmoNhQQY4rX1jcSlH+JHPbTi7wuYcHM8wwunrFh8PA xA2M4GYRCwMZiaA4E/raNANlFEkvU2ybuOU5NXsZ2YgHWeIdA970Ug5w7Vj29Yx6TSEK1jlV e3a8pW31GCNg1aYAkpMg05UgEoy1BhakGpwUm0WPZinjneH/5UmJMt3yZWKB2n5WuFp8tuSH I4v+l0bElTxpH/BAvv9+lryn9ZjrrT6ZWBigVIOM0Sub4QrSoXfHc/XOdJFAXq7hQllkPhT+ dNftZOvQj4bAZDtlOMxTEgFLyBHaPguFL/veRBTsOSWxkzCNXDt3+9vHAc9OohwFuRfWD8Us 6ZCcXZUM07F17neLLGTE4GAguw5K8bmJsUHs2xIxjDFF/c2B5vERs0m4PcGg25s2Z0XQ54yY eJBRSVLYkueTiZUFUlJKqkvseC0gmDWJmgwRFW9+vNsvjm7IBZK+KP2LNPfd9iORMNUtkWVv GTL+yL+GB5yHMOb4SqI9DSrnOCntSHmXIMfEpWo+/gsh0ecrkQDBRtTWValrP2Rjk+lR8kZO 0ES4jApr6U56AqsVNaVdx+yrWOAvxUcc8FNCOB84waIopc4+C7AWDJCFGQYLoV76olmHlTGy 2NlgfvLNDp9sLKKQkuvyYq1oTSeJnlIEW47MHpsoRQ+3/Hvp4Q6jxTqR9llEbKogtCdJQwc0 wxmvwBl2exN0JdjO7GTuAme3mny/sShohsdvF2/Y46z0u9uiGdJjaSM4EOT0/tPJZ3xorKp7 CldwJj2AAzj4PiweM2xrAclQerBCxWtamS0bbtT834JrWjFxpJbVdoMiAyS3W8wWir+RRfnY VXIpSRa74JJMX2hYMdfOtztVJRzlfG5RY2+B5g4i+aihbArKWe6ENxGPxbMjwgBbmBy+U3AB XtrWZn1VitLYUiW5DG3W/0cwdcWKtMWngvuqWTA503/i9K2PSfNIZ9caQfmRr1pvcus/VSOm /4CZpTi9vmqeLCnCsUh2dVIdg5iwLlSLc2elvG7gcbYe1s4Qj59U6GNqV7jEqQ895loei7z1 ijVcmdTyUblhG2BLgOPa3t5b6joU4o5pnU+VRHA937xs5T/Se5DNJsiSqY=
  • Ironport-hdrordr: A9a23:Vj/Zk6BEQZnPrz7lHehOsceALOsnbusQ8zAXPh9KJiC9I/b1qy nxppkmPH/P6Qr4WBkb6Le90Y27MAnhHPlOkPQs1NaZLXLbUQ6TQr2KgrGSoQEIdxeOk9K1kJ 0QD5SWa+eAfGSS7/yKmTVQeuxIqLLskNHKuQ6d9QYUcegDUdAf0+4TMHf8LqQZfngjOXJvf6 Dsmfav6gDQMUg/X4CePD0oTuLDr9rEmNbPZgMHPQcu7E2rgSmz4LD3PhCE1lNGOgk/i4sKwC zgqUjU96+ju/a0xlv10HLS1Y1fnJ/ExsFYDMKBp8AJInHHixquZq5mR7qe1QpF692H2RIPqp 3hsh0gN8N85zf4eXy0mwLk303a3DMn+xbZuCilqEqmhfa8aCMxCsJHi44cWADe8VAcsNZ117 8O936FtrJMZCmw0xjV1pztbVVHh0C0qX0tnao4lHpES7YTb7dXsMg24F5VKpEdByj3gbpXXN WGNPuspcq+TGnqL0ww5gJUsZ+RtzUIb1q7q3E5y4KoO2M8pgE686MarPZv6kvouqhNDqWs3N 60QZiApIs+PvP+UpgNdtvpYfHHfFAlEii8eV57HzzcZdQ60jT22trK3Ik=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Ping?

On Mon, Mar 07, 2022 at 05:45:52PM +0100, Roger Pau Monne wrote:
> Introduce CodeQL support for Xen and analyze the C, Python and Go
> files.
> 
> Note than when analyzing Python or Go we avoid building the hypervisor
> and only build the tools.
> 
> Requested-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
> Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
> ---
> Changes since v1:
>  - Rename to note it's x86 specific right now.
>  - Merge the ignored path patch.
> ---
> It's my understanding that we need to force the checkout action to
> fetch 'staging' branch, or else for the scheduled runs we would end up
> picking the current default branch (master).
> 
> Maybe we want to remove the scheduled action and just rely on pushes
> and manually triggered workflows?
> ---
>  .github/codeql/codeql-config.yml |  3 ++
>  .github/workflows/codeql-x86.yml | 60 ++++++++++++++++++++++++++++++++
>  2 files changed, 63 insertions(+)
>  create mode 100644 .github/codeql/codeql-config.yml
>  create mode 100644 .github/workflows/codeql-x86.yml
> 
> diff --git a/.github/codeql/codeql-config.yml 
> b/.github/codeql/codeql-config.yml
> new file mode 100644
> index 0000000000..721640c2a5
> --- /dev/null
> +++ b/.github/codeql/codeql-config.yml
> @@ -0,0 +1,3 @@
> +paths-ignore:
> +  - xen/tools/kconfig
> +  - tools/firmware/xen-dir/xen-root/xen/tools/kconfig
> diff --git a/.github/workflows/codeql-x86.yml 
> b/.github/workflows/codeql-x86.yml
> new file mode 100644
> index 0000000000..a3ec6236c4
> --- /dev/null
> +++ b/.github/workflows/codeql-x86.yml
> @@ -0,0 +1,60 @@
> +name: CodeQL x86
> +
> +on:
> +  workflow_dispatch:
> +  push:
> +    branches: [staging]
> +  schedule:
> +    - cron: '18 10 * * WED,SUN' # Bi-weekly at 10:18 UTC
> +
> +jobs:
> +  analyse:
> +
> +    strategy:
> +      matrix:
> +        language: [ 'cpp', 'python', 'go' ]
> +
> +    runs-on: ubuntu-latest
> +
> +    steps:
> +    - name: Install build dependencies
> +      run: |
> +        sudo apt-get install -y wget git \
> +          libbz2-dev build-essential \
> +          zlib1g-dev libncurses5-dev iasl \
> +          libbz2-dev e2fslibs-dev uuid-dev libyajl-dev \
> +          autoconf libtool liblzma-dev \
> +          python3-dev golang python-dev libsystemd-dev
> +
> +    - uses: actions/checkout@v2
> +      with:
> +        ref: staging
> +
> +    - name: Configure Xen
> +      run: |
> +        ./configure --with-system-qemu=/bin/true \
> +                    --with-system-seabios=/bin/true \
> +                    --with-system-ovmf=/bin/true
> +
> +    - name: Pre build stuff
> +      run: |
> +        make -j`nproc` mini-os-dir
> +
> +    - uses: github/codeql-action/init@v1
> +      with:
> +        config-file: ./.github/codeql/codeql-config.yml
> +        languages: ${{matrix.language}}
> +        queries: security-and-quality
> +
> +    - if: matrix.language == 'cpp'
> +      name: Full Build
> +      run: |
> +        make -j`nproc` build-xen build-tools
> +        make -j`nproc` -C extras/mini-os/
> +
> +    - if: matrix.language == 'python' || matrix.language == 'go'
> +      name: Tools Build
> +      run: |
> +        make -j`nproc` build-tools
> +
> +    - uses: github/codeql-action/analyze@v1
> -- 
> 2.34.1
> 



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.