| --- |
| # vi: ts=2 sw=2 et: |
| # SPDX-License-Identifier: LGPL-2.1-or-later |
| |
| # Explicitly enable certain checks which are hidden by default |
| queries: |
| # See: https://github.com/github/codeql/issues/8409 |
| - exclude: cpp/missing-return |
| - include: cpp/bad-strncpy-size |
| - include: cpp/declaration-hides-variable |
| - include: cpp/inconsistent-null-check |
| - include: cpp/mistyped-function-arguments |
| - include: cpp/nested-loops-with-same-variable |
| - include: cpp/sizeof-side-effect |
| - include: cpp/suspicious-pointer-scaling |
| - include: cpp/suspicious-pointer-scaling-void |
| - include: cpp/suspicious-sizeof |
| - include: cpp/unsafe-strcat |
| - include: cpp/unsafe-strncat |
| - include: cpp/unsigned-difference-expression-compared-zero |
| - include: cpp/unused-local-variable |
| - include: |
| tags: |
| - "security" |
| - "correctness" |
| severity: "error" |
| |
| extraction: |
| cpp: |
| prepare: |
| packages: |
| - libpwquality-dev |
| - libfdisk-dev |
| - libp11-kit-dev |
| - libssl-dev |
| - python3-jinja2 |
| after_prepare: |
| - pip3 install -r .github/workflows/requirements.txt --require-hashes |
| - export PATH="/opt/work/.local/bin:$PATH" |
| python: |
| python_setup: |
| version: 3 |