Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrading github/codeql dependency to 2.14.6 #411

Merged
merged 17 commits into from
Oct 31, 2023
Merged

Upgrading github/codeql dependency to 2.14.6 #411

merged 17 commits into from
Oct 31, 2023

Conversation

github-actions[bot]
Copy link

@github-actions github-actions bot commented Oct 22, 2023
edited by rvermeulen
Loading

Description

This PR upgrades the CodeQL CLI version to 2.14.6.

One notable change in this release is that the C++ AST dataflow library has been marked as deprecated. For the upgrade, I haven't attempted to switch to the new dataflow library, which would require a much closer evaluation of real world results.

Unfortunately, it is not possible to "accept" the new test results with the deprecation warning included, because the deprecation warning contains an absolute path, which causes results comparison failures in qltest. This is addressed in CodeQL CLI 2.15.0, but in the short term I have included a copy of the relevant dataflow libraries in this repository in order to remove the deprecation warning.

Change request type

  • Release or process automation (GitHub workflows, internal scripts)
  • Internal documentation
  • External documentation
  • Query files (.ql, .qll, .qls or unit tests)
  • External scripts (analysis report or other code shipped as part of a release)

Rules with added or modified queries

  • No rules added
  • Queries have been added for the following rules:
    • rule number here
  • Queries have been modified for the following rules:
    • rule number here

Release change checklist

A change note (development_handbook.md#change-notes) is required for any pull request which modifies:

  • The structure or layout of the release artifacts.
  • The evaluation performance (memory, execution time) of an existing query.
  • The results of an existing query in any circumstance.

If you are only adding new rule queries, a change note is not required.

Author: Is a change note required?

  • Yes
  • No

🚨🚨🚨
Reviewer: Confirm that format of shared queries (not the .qll file, the
.ql file that imports it) is valid by running them within VS Code.

  • Confirmed

Reviewer: Confirm that either a change note is not required or the change note is required and has been added.

  • Confirmed

Query development review checklist

For PRs that add new queries or modify existing queries, the following checklist should be completed by both the author and reviewer:

Author

  • Have all the relevant rule package description files been checked in?
  • Have you verified that the metadata properties of each new query is set appropriately?
  • Do all the unit tests contain both "COMPLIANT" and "NON_COMPLIANT" cases?
  • Are the alert messages properly formatted and consistent with the style guide?
  • Have you run the queries on OpenPilot and verified that the performance and results are acceptable?
    As a rule of thumb, predicates specific to the query should take no more than 1 minute, and for simple queries be under 10 seconds. If this is not the case, this should be highlighted and agreed in the code review process.
  • Does the query have an appropriate level of in-query comments/documentation?
  • Have you considered/identified possible edge cases?
  • Does the query not reinvent features in the standard library?
  • Can the query be simplified further (not golfed!)

Reviewer

  • Have all the relevant rule package description files been checked in?
  • Have you verified that the metadata properties of each new query is set appropriately?
  • Do all the unit tests contain both "COMPLIANT" and "NON_COMPLIANT" cases?
  • Are the alert messages properly formatted and consistent with the style guide?
  • Have you run the queries on OpenPilot and verified that the performance and results are acceptable?
    As a rule of thumb, predicates specific to the query should take no more than 1 minute, and for simple queries be under 10 seconds. If this is not the case, this should be highlighted and agreed in the code review process.
  • Does the query have an appropriate level of in-query comments/documentation?
  • Have you considered/identified possible edge cases?
  • Does the query not reinvent features in the standard library?
  • Can the query be simplified further (not golfed!)

MathiasVP and others added 17 commits July 17, 2023 15:40
@MathiasVP
C++: Accept test changes.
c736ac3
@jketema
Merge pull request #325 from MathiasVP/accept-deprecated-warnings-for…
86e209b 
…-ast-dataflow

C++: Accept test changes.
@jketema
Fix hard-coded paths in test expectations
6cae07d
@jketema
Fix more deprecation warnings
958802a
@lcartey @jketema
Update to CodeQL CLI 2.11.6.
02c54d1
@lcartey @jketema
Update all codeql/cpp-all dependencies to 0.4.6
40ab697 
This matches the v2.11.6 CodeQL CLI bundle.
@jketema
Merge branch 'main' into next
98fdcb4
@jketema
Sync places where next had unnecessarily diverged from main
10c0c3e
@jketema
Update STR31-C and STR32-C test result
e428a8c 
The C/C++ extractor now correctly outputs the correct string with which an
array is being initialized.
@jketema
Merge pull request #345 from jketema/string-init
25cc757 
Update STR31-C and STR32-C test results
@lcartey
Upgrading github/codeql dependency to 2.14.6
25dff7c
@lcartey
Merge remote-tracking branch 'origin/next' into codeql/upgrade-to-2.14.6
b95d55a
@lcartey
Upgrade CodeQL pack dependencies for 2.14.6
c5dc05b
@lcartey
Suppress dataflow deprecation warning
6aee03e 
In CodeQL CLI 2.14 it is not possible to include deprecation warnings in
test files because the paths are absolute, and so are not portable
between different systems. We avoid the deprecation warning for now by
copying the relevant parts of the dataflow library and removing the
deprecation warning.

This workaround can be removed when we upgrade to 2.15, as the
deprecation warning has been fixed to not use absolute paths.
@lcartey
Merge branch 'main' into codeql/upgrade-to-2.14.6
421c94f
@lcartey
Update private imports for TaintTracking
91fd477 
Also fix another deprecation warning issue.
@lcartey
Merge branch 'main' into codeql/upgrade-to-2.14.6
18eae16
rvermeulen
rvermeulen approved these changes Oct 30, 2023
View reviewed changes
Copy link
Collaborator

@rvermeulen rvermeulen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. Will follow-up on the off by one in the string literal representation, because I couldn't find it in the change notes of our cpp library.

@lcartey lcartey added this pull request to the merge queue Oct 31, 2023
Merged via the queue into main with commit 3105163 Oct 31, 2023
22 checks passed
@lcartey lcartey deleted the codeql/upgrade-to-2.14.6 branch October 31, 2023 01:42
@nicolaswill nicolaswill mentioned this pull request Jan 25, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rvermeulen rvermeulen rvermeulen approved these changes

Assignees
No one assigned
Labels
None yet
Projects
Coding Standards Public Development Board
Status: No status
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@rvermeulen @lcartey @MathiasVP @jketema