Windows-driver-samples/.github/workflows/Code-Scanning.yml

# This workflow runs the latest CodeQL CLI and checks against CodeQL's Cpp library.
# This is the source for the GitHub Security Code Scanning job.

name: "CodeQL Analysis"

on:
  push:
    branches:
      - main
      - develop
    paths-ignore:
      - '**.md'
      - 'LICENSE'
  pull_request:
    # The branches below must be a subset of the branches above
    branches:
      - main
      - develop
    paths-ignore:
      - '**.md'
      - 'LICENSE'
    
  # Allow manual scheduling
  workflow_dispatch:

jobs:
  analyze:
    name: Analysis
    runs-on: windows-latest
    permissions:
      actions: read
      contents: read
      security-events: write

    strategy:
      fail-fast: false
      matrix:
        language: [ 'cpp' ]

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          submodules: 'recursive'
      - name: Install Nuget Packages
        run: nuget restore .\packages.config -PackagesDirectory .\packages\

      - name: Initialize CodeQL
        uses: github/codeql-action/init@v3
        with:
          languages: ${{ matrix.language }}
          config-file: microsoft/Windows-Driver-Developer-Supplemental-Tools/config/codeql-config.yml@development
          packs: +microsoft/windows-drivers@1.2.0-beta
      - name: Retrieve and build all available solutions
        run: .\Build-AllSamples.ps1 -Verbose -ThrottleLimit 1
        env:
          WDS_Configuration: Debug
          WDS_Platform: x64
          WDS_WipeOutputs: ${{ true }}

      - name: Perform CodeQL analysis
        uses: github/codeql-action/analyze@v3
        with:
          category: "/language:${{matrix.language}}"
Create Code-Scanning.yml This file is identical to the existing workflow except that it has been created via the GitHub Security Code Scanning menu, which registers the workflow with the Code Scanning triggers unlike the existing workflow. If this successfully meets the Security requirements, the next commit will remove the duplicate workflow. 2022-12-28 05:32:36 +03:00			`# This workflow runs the latest CodeQL CLI and checks against CodeQL's Cpp library.`
Re Configure Code-Scanning.yml In accordance with this issue https://github.com/github/codeql-cli-binaries/issues/149 I have reconfigured to run code scanning on all PR's (to include text only changes) and adjusted the build command to build all solutions, not just the changed ones. 2023-01-10 04:59:25 +03:00			`# This is the source for the GitHub Security Code Scanning job.`
Create Code-Scanning.yml This file is identical to the existing workflow except that it has been created via the GitHub Security Code Scanning menu, which registers the workflow with the Code Scanning triggers unlike the existing workflow. If this successfully meets the Security requirements, the next commit will remove the duplicate workflow. 2022-12-28 05:32:36 +03:00
			`name: "CodeQL Analysis"`

			`on:`
			`push:`
			`branches:`
			`- main`
			`- develop`
Deprecate WDK VSIX Install (#1219) * Deprecate WDK vsix install * Fix WDK extension version print * Remove unecessary splitting on version * Minor build info refactor * Fix indentation of output info * Enough messing with volume size output * Cleanup comment for vsix version * More cleanup and doc update * Remove deprecation statement and install vsix script. * Fixes and updates to building locally documentation. * Dont code scan on license or .md files. * Code scanning ignore changes to .md when pull request is made 2024-09-24 05:43:48 +03:00			`paths-ignore:`
			`- '**.md'`
			`- 'LICENSE'`
Create Code-Scanning.yml This file is identical to the existing workflow except that it has been created via the GitHub Security Code Scanning menu, which registers the workflow with the Code Scanning triggers unlike the existing workflow. If this successfully meets the Security requirements, the next commit will remove the duplicate workflow. 2022-12-28 05:32:36 +03:00			`pull_request:`
			`# The branches below must be a subset of the branches above`
			`branches:`
			`- main`
			`- develop`
Deprecate WDK VSIX Install (#1219) * Deprecate WDK vsix install * Fix WDK extension version print * Remove unecessary splitting on version * Minor build info refactor * Fix indentation of output info * Enough messing with volume size output * Cleanup comment for vsix version * More cleanup and doc update * Remove deprecation statement and install vsix script. * Fixes and updates to building locally documentation. * Dont code scan on license or .md files. * Code scanning ignore changes to .md when pull request is made 2024-09-24 05:43:48 +03:00			`paths-ignore:`
			`- '**.md'`
			`- 'LICENSE'`
Create Code-Scanning.yml This file is identical to the existing workflow except that it has been created via the GitHub Security Code Scanning menu, which registers the workflow with the Code Scanning triggers unlike the existing workflow. If this successfully meets the Security requirements, the next commit will remove the duplicate workflow. 2022-12-28 05:32:36 +03:00
			`# Allow manual scheduling`
			`workflow_dispatch:`

			`jobs:`
			`analyze:`
			`name: Analysis`
			`runs-on: windows-latest`
			`permissions:`
			`actions: read`
			`contents: read`
			`security-events: write`

			`strategy:`
			`fail-fast: false`
			`matrix:`
			`language: [ 'cpp' ]`

			`steps:`
RI develop to main (#1189) * Memory leakage in message "sizeof(SCANNER_MESSAGE) * threadCount * requestCount" bytes long memory is allocated but only "sizeof(SCANNER_MESSAGE) * threadCount" bytes long of it is freed. * Handles malloc function fail case * Refactors comment line * Solves the miscalculation of the message index * simbatt: Fix broken registry read-back The GetSimBattStateFromRegistry function is currently using default settings if GetSimBattStateFromRegistry succeeds, whereas settings from registry are only applied if GetSimBattStateFromRegistry fails. This does not make sense to me. Therefore proposing to remove the `!` negation from `if (!NT_SUCCESS(Status)) {` on the line after `Status = GetSimBattStateFromRegistry(Device, RegState);` so that default settings are loaded when registry read-back fails. * Issue of freeing memory without waiting completion of threads accessing it is fixed * Fixes information leakage warning Fixes the issue of possible information leakage from uninitialized padding bytes * Avoids possible multiplication overflow warning * Avoids possible multiplication overflow warning * CI Pipelines build with WDK Nuget Packages (#1179) Integrate nuget into the workflow pipelines * FI from main to develop (#1188) Fix text and minor issues in Winget configuration files Co-authored-by: Adonais Romero Gonzalez <adonais.neoadonis@gmail.com> * Improve version info, vsix installation, and update building locally readme * Fix printing vsix version * Refactored vsix install and cleaned up build sampleset --------- Co-authored-by: İsa Yurdagül <38290414+isayrdgl@users.noreply.github.com> Co-authored-by: Fredrik Orderud <fredrik.orderud@ge.com> Co-authored-by: Christian Allred <13487734+cgallred@users.noreply.github.com> Co-authored-by: tristanb-ntdev <60945150+tristanb-ntdev@users.noreply.github.com> Co-authored-by: Matt <138825652+middlemose@users.noreply.github.com> Co-authored-by: Adonais Romero Gonzalez <adonais.neoadonis@gmail.com> 2024-06-28 19:56:29 +03:00			`- name: Checkout repository`
			`uses: actions/checkout@v4`
			`with:`
			`submodules: 'recursive'`
			`- name: Install Nuget Packages`
			`run: nuget restore .\packages.config -PackagesDirectory .\packages\`

			`- name: Initialize CodeQL`
			`uses: github/codeql-action/init@v3`
			`with:`
			`languages: ${{ matrix.language }}`
Code scanning updates (#1) (#1221) * Update Code-Scanning.yml 2024-09-26 00:35:52 +03:00			`config-file: microsoft/Windows-Driver-Developer-Supplemental-Tools/config/codeql-config.yml@development`
			`packs: +microsoft/windows-drivers@1.2.0-beta`
RI develop to main (#1189) * Memory leakage in message "sizeof(SCANNER_MESSAGE) * threadCount * requestCount" bytes long memory is allocated but only "sizeof(SCANNER_MESSAGE) * threadCount" bytes long of it is freed. * Handles malloc function fail case * Refactors comment line * Solves the miscalculation of the message index * simbatt: Fix broken registry read-back The GetSimBattStateFromRegistry function is currently using default settings if GetSimBattStateFromRegistry succeeds, whereas settings from registry are only applied if GetSimBattStateFromRegistry fails. This does not make sense to me. Therefore proposing to remove the `!` negation from `if (!NT_SUCCESS(Status)) {` on the line after `Status = GetSimBattStateFromRegistry(Device, RegState);` so that default settings are loaded when registry read-back fails. * Issue of freeing memory without waiting completion of threads accessing it is fixed * Fixes information leakage warning Fixes the issue of possible information leakage from uninitialized padding bytes * Avoids possible multiplication overflow warning * Avoids possible multiplication overflow warning * CI Pipelines build with WDK Nuget Packages (#1179) Integrate nuget into the workflow pipelines * FI from main to develop (#1188) Fix text and minor issues in Winget configuration files Co-authored-by: Adonais Romero Gonzalez <adonais.neoadonis@gmail.com> * Improve version info, vsix installation, and update building locally readme * Fix printing vsix version * Refactored vsix install and cleaned up build sampleset --------- Co-authored-by: İsa Yurdagül <38290414+isayrdgl@users.noreply.github.com> Co-authored-by: Fredrik Orderud <fredrik.orderud@ge.com> Co-authored-by: Christian Allred <13487734+cgallred@users.noreply.github.com> Co-authored-by: tristanb-ntdev <60945150+tristanb-ntdev@users.noreply.github.com> Co-authored-by: Matt <138825652+middlemose@users.noreply.github.com> Co-authored-by: Adonais Romero Gonzalez <adonais.neoadonis@gmail.com> 2024-06-28 19:56:29 +03:00			`- name: Retrieve and build all available solutions`
			`run: .\Build-AllSamples.ps1 -Verbose -ThrottleLimit 1`
			`env:`
			`WDS_Configuration: Debug`
			`WDS_Platform: x64`
			`WDS_WipeOutputs: ${{ true }}`

			`- name: Perform CodeQL analysis`
			`uses: github/codeql-action/analyze@v3`
			`with:`
			`category: "/language:${{matrix.language}}"`