microsoft
/
onnxruntime-extensions
зеркало из https://github.com/microsoft/onnxruntime-extensions.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Leqiao/add static analysis (#272) 

* add static analysis

* add static analysis for official branch

* remove hard code and add Guardian Break

* add SdtReport

* add publish task

* add sdl ruleset
This commit is contained in:
leqiao-1 2022-08-02 12:00:19 +08:00 коммит произвёл GitHub
Родитель a37f23e46b
Коммит 584099394c
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
3 изменённых файлов: 354 добавлений и 2 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

24
.pipelines/OneBranch.Official.yml
Просмотреть файл

@ -70,22 +70,44 @@ extends:
if exist "%%i\Common7\Tools\vsdevcmd.bat" (
set vsdevcmd="%%i\Common7\Tools\vsdevcmd.bat"
)
if exist "%%i\Common7\IDE\CommonExtensions\Microsoft\CMake\CMake\bin\cmake.exe" (
set vscmake="%%i\Common7\IDE\CommonExtensions\Microsoft\CMake\CMake\bin\cmake.exe"
)
if exist "%%i\MSBuild\Current\Bin\amd64\msbuild.exe" (
set vsmsbuild="%%i\MSBuild\Current\Bin\amd64\msbuild.exe"
)
)
@echo vslatest %vslatest%
@echo vsdevcmd %vsdevcmd%
@echo vscmake %vscmake%
@echo vsmsbuild %vsmsbuild%
@echo ##vso[task.setvariable variable=vslatest]%vslatest%
@echo ##vso[task.setvariable variable=vsdevcmd]%vsdevcmd%
@echo ##vso[task.setvariable variable=vscmake]%vscmake%
@echo ##vso[task.setvariable variable=vsmsbuild]%vsmsbuild%
displayName: 'locate vsdevcmd via vswhere'
- script: |
call $(vsdevcmd)
set PYTHONPATH=
set PYTHONHOME=
python -m pip install --upgrade pip
python -m pip install cibuildwheel
python -m pip install cibuildwheel numpy
python -m cibuildwheel --platform windows --output-dir $(REPOROOT)\out
displayName: Build wheels
- task: SDLNativeRules@3
inputs:
msBuildArchitecture: amd64
setupCommandlines: '"$(vscmake)" $(REPOROOT) -A x64 -B $(REPOROOT)\windows_out -DOCOS_ENABLE_PYTHON=ON -DOCOS_ENABLE_CTEST=OFF -DCMAKE_BUILD_TYPE=Release'
msBuildCommandline: '"$(vsmsbuild)" "$(REPOROOT)\windows_out\onnxruntime_extensions.sln" /p:RunCodeAnalysis=true /p:platform=x64 /p:configuration=Release /p:VisualStudioVersion="16.0" /m /p:PreferredToolArchitecture=x64'
excludedPaths: '$(REPOROOT)\windows_out#$(Build.SourcesDirectory)\cmake#C:\program files (x86)'
displayName: 'Run the PREfast SDL Native Rules for MSBuild'
- task: PostAnalysis@2
inputs:
GdnBreakGdnToolSDLNativeRulesSeverity: Warning
GdnBreakGdnToolSDLNativeRules: true
displayName: 'Guardian Break'
- script: |
7z x $(REPOROOT)\out\*.whl -o$(REPOROOT)\out\*
displayName: unzip the package

24
.pipelines/OneBranch.PullRequest.yml
Просмотреть файл

@ -70,22 +70,44 @@ extends:
if exist "%%i\Common7\Tools\vsdevcmd.bat" (
set vsdevcmd="%%i\Common7\Tools\vsdevcmd.bat"
)
if exist "%%i\Common7\IDE\CommonExtensions\Microsoft\CMake\CMake\bin\cmake.exe" (
set vscmake="%%i\Common7\IDE\CommonExtensions\Microsoft\CMake\CMake\bin\cmake.exe"
)
if exist "%%i\MSBuild\Current\Bin\amd64\msbuild.exe" (
set vsmsbuild="%%i\MSBuild\Current\Bin\amd64\msbuild.exe"
)
)
@echo vslatest %vslatest%
@echo vsdevcmd %vsdevcmd%
@echo vscmake %vscmake%
@echo vsmsbuild %vsmsbuild%
@echo ##vso[task.setvariable variable=vslatest]%vslatest%
@echo ##vso[task.setvariable variable=vsdevcmd]%vsdevcmd%
@echo ##vso[task.setvariable variable=vscmake]%vscmake%
@echo ##vso[task.setvariable variable=vsmsbuild]%vsmsbuild%
displayName: 'locate vsdevcmd via vswhere'
- script: |
call $(vsdevcmd)
set PYTHONPATH=
set PYTHONHOME=
python -m pip install --upgrade pip
python -m pip install cibuildwheel
python -m pip install cibuildwheel numpy
python -m cibuildwheel --platform windows --output-dir $(REPOROOT)\out
displayName: Build wheels
- task: SDLNativeRules@3
inputs:
msBuildArchitecture: amd64
setupCommandlines: '"$(vscmake)" $(REPOROOT) -A x64 -B $(REPOROOT)\windows_out -DOCOS_ENABLE_PYTHON=ON -DOCOS_ENABLE_CTEST=OFF -DCMAKE_BUILD_TYPE=Release'
msBuildCommandline: '"$(vsmsbuild)" "$(REPOROOT)\windows_out\onnxruntime_extensions.sln" /p:RunCodeAnalysis=true /p:platform=x64 /p:configuration=Release /p:VisualStudioVersion="16.0" /m /p:PreferredToolArchitecture=x64'
excludedPaths: '$(REPOROOT)\windows_out#$(Build.SourcesDirectory)\cmake#C:\program files (x86)'
displayName: 'Run the PREfast SDL Native Rules for MSBuild'
- task: PostAnalysis@2
inputs:
GdnBreakGdnToolSDLNativeRulesSeverity: Warning
GdnBreakGdnToolSDLNativeRules: true
displayName: 'Guardian Break'
- script: |
7z x $(REPOROOT)\out\*.whl -o$(REPOROOT)\out\*
displayName: unzip the package

308
cmake/Sdl.ruleset Normal file
Просмотреть файл

@ -0,0 +1,308 @@
<?xml version="1.0" encoding="utf-8"?>
<RuleSet Name="ONNX Runtime SDL Rules" Description="These rules focus on the most critical and common problems in your native code, including potential security holes and application crashes. You should include this rule set in any custom rule set you create for your native projects. This ruleset is designed to work with Visual Studio Professional edition and higher." ToolsVersion="16.0">
<Rules AnalyzerId="Microsoft.Analyzers.NativeCodeAnalysis" RuleNamespace="Microsoft.Rules.Native">
<Rule Id="C26100" Action="Error" />
<Rule Id="C26101" Action="Error" />
<Rule Id="C26110" Action="Error" />
<Rule Id="C26111" Action="Error" />
<Rule Id="C26112" Action="Error" />
<Rule Id="C26115" Action="Error" />
<Rule Id="C26116" Action="Error" />
<Rule Id="C26117" Action="Error" />
<Rule Id="C26140" Action="Error" />
<Rule Id="C26400" Action="Error" />
<Rule Id="C26404" Action="Error" />
<Rule Id="C26406" Action="Error" />
<Rule Id="C26408" Action="Error" />
<Rule Id="C26409" Action="Error" />
<Rule Id="C26426" Action="Error" />
<Rule Id="C26427" Action="Error" />
<Rule Id="C26436" Action="Error" />
<Rule Id="C26437" Action="Error" />
<Rule Id="C26439" Action="Error" />
<Rule Id="C26441" Action="Error" />
<Rule Id="C26444" Action="Error" />
<Rule Id="C26449" Action="Error" />
<Rule Id="C26450" Action="Error" />
<Rule Id="C26451" Action="Error" />
<Rule Id="C26452" Action="Error" />
<Rule Id="C26453" Action="Error" />
<Rule Id="C26454" Action="Error" />
<Rule Id="C26464" Action="Error" />
<Rule Id="C26478" Action="Error" />
<Rule Id="C26479" Action="Error" />
<Rule Id="C26488" Action="Error" />
<Rule Id="C26497" Action="Error" />
<Rule Id="C26498" Action="Error" />
<Rule Id="C26810" Action="Error" />
<Rule Id="C26811" Action="Error" />
<Rule Id="C26812" Action="Error" />
<Rule Id="C26814" Action="Error" />
<Rule Id="C26815" Action="Error" />
<Rule Id="C26816" Action="Error" />
<Rule Id="C26817" Action="Error" />
<Rule Id="C26819" Action="Error" />
<Rule Id="C26820" Action="Error" />
<Rule Id="C28020" Action="Error" />
<Rule Id="C28021" Action="Error" />
<Rule Id="C28022" Action="Error" />
<Rule Id="C28023" Action="Error" />
<Rule Id="C28024" Action="Error" />
<Rule Id="C28039" Action="Error" />
<Rule Id="C28112" Action="Error" />
<Rule Id="C28113" Action="Error" />
<Rule Id="C28125" Action="Error" />
<Rule Id="C28137" Action="Error" />
<Rule Id="C28138" Action="Error" />
<Rule Id="C28159" Action="Error" />
<Rule Id="C28160" Action="Error" />
<Rule Id="C28163" Action="Error" />
<Rule Id="C28164" Action="Error" />
<Rule Id="C28182" Action="Error" />
<Rule Id="C28183" Action="Error" />
<Rule Id="C28193" Action="Error" />
<Rule Id="C28196" Action="Error" />
<Rule Id="C28199" Action="Error" />
<Rule Id="C28202" Action="Error" />
<Rule Id="C28203" Action="Error" />
<Rule Id="C28204" Action="Error" />
<Rule Id="C28205" Action="Error" />
<Rule Id="C28206" Action="Error" />
<Rule Id="C28207" Action="Error" />
<Rule Id="C28208" Action="Error" />
<Rule Id="C28209" Action="Error" />
<Rule Id="C28210" Action="Error" />
<Rule Id="C28211" Action="Error" />
<Rule Id="C28212" Action="Error" />
<Rule Id="C28213" Action="Error" />
<Rule Id="C28214" Action="Error" />
<Rule Id="C28215" Action="Error" />
<Rule Id="C28216" Action="Error" />
<Rule Id="C28217" Action="Error" />
<Rule Id="C28218" Action="Error" />
<Rule Id="C28219" Action="Error" />
<Rule Id="C28220" Action="Error" />
<Rule Id="C28221" Action="Error" />
<Rule Id="C28222" Action="Error" />
<Rule Id="C28223" Action="Error" />
<Rule Id="C28224" Action="Error" />
<Rule Id="C28225" Action="Error" />
<Rule Id="C28226" Action="Error" />
<Rule Id="C28227" Action="Error" />
<Rule Id="C28228" Action="Error" />
<Rule Id="C28229" Action="Error" />
<Rule Id="C28230" Action="Error" />
<Rule Id="C28231" Action="Error" />
<Rule Id="C28232" Action="Error" />
<Rule Id="C28233" Action="Error" />
<Rule Id="C28234" Action="Error" />
<Rule Id="C28235" Action="Error" />
<Rule Id="C28236" Action="Error" />
<Rule Id="C28237" Action="Error" />
<Rule Id="C28238" Action="Error" />
<Rule Id="C28239" Action="Error" />
<Rule Id="C28240" Action="Error" />
<Rule Id="C28241" Action="Error" />
<Rule Id="C28243" Action="Error" />
<Rule Id="C28244" Action="Error" />
<Rule Id="C28245" Action="Error" />
<Rule Id="C28246" Action="Error" />
<Rule Id="C28250" Action="Error" />
<Rule Id="C28251" Action="Error" />
<Rule Id="C28252" Action="Error" />
<Rule Id="C28253" Action="Error" />
<Rule Id="C28254" Action="Error" />
<Rule Id="C28260" Action="Error" />
<Rule Id="C28262" Action="Error" />
<Rule Id="C28263" Action="Error" />
<Rule Id="C28266" Action="Error" />
<Rule Id="C28267" Action="Error" />
<Rule Id="C28272" Action="Error" />
<Rule Id="C28273" Action="Error" />
<Rule Id="C28275" Action="Error" />
<Rule Id="C28278" Action="Error" />
<Rule Id="C28279" Action="Error" />
<Rule Id="C28280" Action="Error" />
<Rule Id="C28282" Action="Error" />
<Rule Id="C28283" Action="Error" />
<Rule Id="C28284" Action="Error" />
<Rule Id="C28285" Action="Error" />
<Rule Id="C28286" Action="Error" />
<Rule Id="C28287" Action="Error" />
<Rule Id="C28288" Action="Error" />
<Rule Id="C28289" Action="Error" />
<Rule Id="C28290" Action="Error" />
<Rule Id="C28291" Action="Error" />
<Rule Id="C28300" Action="Error" />
<Rule Id="C28301" Action="Error" />
<Rule Id="C28302" Action="Error" />
<Rule Id="C28303" Action="Error" />
<Rule Id="C28304" Action="Error" />
<Rule Id="C28305" Action="Error" />
<Rule Id="C28306" Action="Error" />
<Rule Id="C28307" Action="Error" />
<Rule Id="C28308" Action="Error" />
<Rule Id="C28309" Action="Error" />
<Rule Id="C28350" Action="Error" />
<Rule Id="C28351" Action="Error" />
<Rule Id="C28601" Action="Error" />
<Rule Id="C28602" Action="Error" />
<Rule Id="C28604" Action="Error" />
<Rule Id="C28615" Action="Error" />
<Rule Id="C28616" Action="Error" />
<Rule Id="C28617" Action="Error" />
<Rule Id="C28623" Action="Error" />
<Rule Id="C28624" Action="Error" />
<Rule Id="C28625" Action="Error" />
<Rule Id="C28636" Action="Error" />
<Rule Id="C28637" Action="Error" />
<Rule Id="C28638" Action="Error" />
<Rule Id="C28639" Action="Error" />
<Rule Id="C28640" Action="Error" />
<Rule Id="C28645" Action="Error" />
<Rule Id="C28648" Action="Error" />
<Rule Id="C28649" Action="Error" />
<Rule Id="C28650" Action="Error" />
<Rule Id="C28714" Action="Error" />
<Rule Id="C28715" Action="Error" />
<Rule Id="C28716" Action="Error" />
<Rule Id="C28717" Action="Error" />
<Rule Id="C28719" Action="Error" />
<Rule Id="C28720" Action="Error" />
<Rule Id="C28721" Action="Error" />
<Rule Id="C28726" Action="Error" />
<Rule Id="C28727" Action="Error" />
<Rule Id="C28730" Action="Error" />
<Rule Id="C28735" Action="Error" />
<Rule Id="C28736" Action="Error" />
<Rule Id="C28750" Action="Error" />
<Rule Id="C28751" Action="Error" />
<Rule Id="C33001" Action="Error" />
<Rule Id="C33004" Action="Error" />
<Rule Id="C33005" Action="Error" />
<Rule Id="C33010" Action="Error" />
<Rule Id="C33011" Action="Error" />
<Rule Id="C33020" Action="Error" />
<Rule Id="C33022" Action="Error" />
<Rule Id="C6001" Action="Error" />
<Rule Id="C6011" Action="Error" />
<Rule Id="C6029" Action="Error" />
<Rule Id="C6031" Action="Error" />
<Rule Id="C6053" Action="Error" />
<Rule Id="C6054" Action="Error" />
<Rule Id="C6059" Action="Error" />
<Rule Id="C6063" Action="Error" />
<Rule Id="C6064" Action="Error" />
<Rule Id="C6066" Action="Error" />
<Rule Id="C6067" Action="Error" />
<Rule Id="C6101" Action="Error" />
<Rule Id="C6200" Action="Error" />
<Rule Id="C6201" Action="Error" />
<Rule Id="C6214" Action="Error" />
<Rule Id="C6215" Action="Error" />
<Rule Id="C6216" Action="Error" />
<Rule Id="C6217" Action="Error" />
<Rule Id="C6220" Action="Error" />
<Rule Id="C6226" Action="Error" />
<Rule Id="C6230" Action="Error" />
<Rule Id="C6235" Action="Error" />
<Rule Id="C6236" Action="Error" />
<Rule Id="C6237" Action="Error" />
<Rule Id="C6242" Action="Error" />
<Rule Id="C6248" Action="Error" />
<Rule Id="C6250" Action="Error" />
<Rule Id="C6255" Action="Error" />
<Rule Id="C6258" Action="Error" />
<Rule Id="C6259" Action="Error" />
<Rule Id="C6260" Action="Error" />
<Rule Id="C6262" Action="Error" />
<Rule Id="C6263" Action="Error" />
<Rule Id="C6268" Action="Error" />
<Rule Id="C6269" Action="Error" />
<Rule Id="C6270" Action="Error" />
<Rule Id="C6271" Action="Error" />
<Rule Id="C6272" Action="Error" />
<Rule Id="C6273" Action="Error" />
<Rule Id="C6274" Action="Error" />
<Rule Id="C6276" Action="Error" />
<Rule Id="C6277" Action="Error" />
<Rule Id="C6278" Action="Error" />
<Rule Id="C6279" Action="Error" />
<Rule Id="C6280" Action="Error" />
<Rule Id="C6281" Action="Error" />
<Rule Id="C6282" Action="Error" />
<Rule Id="C6283" Action="Error" />
<Rule Id="C6284" Action="Error" />
<Rule Id="C6285" Action="Error" />
<Rule Id="C6286" Action="Error" />
<Rule Id="C6287" Action="Error" />
<Rule Id="C6288" Action="Error" />
<Rule Id="C6289" Action="Error" />
<Rule Id="C6290" Action="Error" />
<Rule Id="C6291" Action="Error" />
<Rule Id="C6292" Action="Error" />
<Rule Id="C6293" Action="Error" />
<Rule Id="C6294" Action="Error" />
<Rule Id="C6295" Action="Error" />
<Rule Id="C6296" Action="Error" />
<Rule Id="C6297" Action="Error" />
<Rule Id="C6299" Action="Error" />
<Rule Id="C6302" Action="Error" />
<Rule Id="C6303" Action="Error" />
<Rule Id="C6305" Action="Error" />
<Rule Id="C6306" Action="Error" />
<Rule Id="C6308" Action="Error" />
<Rule Id="C6310" Action="Error" />
<Rule Id="C6312" Action="Error" />
<Rule Id="C6314" Action="Error" />
<Rule Id="C6317" Action="Error" />
<Rule Id="C6318" Action="Error" />
<Rule Id="C6319" Action="Error" />
<Rule Id="C6324" Action="Error" />
<Rule Id="C6326" Action="Error" />
<Rule Id="C6328" Action="Error" />
<Rule Id="C6331" Action="Error" />
<Rule Id="C6332" Action="Error" />
<Rule Id="C6333" Action="Error" />
<Rule Id="C6335" Action="Error" />
<Rule Id="C6381" Action="Error" />
<Rule Id="C6383" Action="Error" />
<Rule Id="C6384" Action="Error" />
<Rule Id="C6385" Action="Error" />
<Rule Id="C6386" Action="Error" />
<Rule Id="C6387" Action="Error" />
<Rule Id="C6388" Action="Error" />
<Rule Id="C6500" Action="Error" />
<Rule Id="C6501" Action="Error" />
<Rule Id="C6503" Action="Error" />
<Rule Id="C6504" Action="Error" />
<Rule Id="C6505" Action="Error" />
<Rule Id="C6506" Action="Error" />
<Rule Id="C6508" Action="Error" />
<Rule Id="C6509" Action="Error" />
<Rule Id="C6510" Action="Error" />
<Rule Id="C6511" Action="Error" />
<Rule Id="C6513" Action="Error" />
<Rule Id="C6514" Action="Error" />
<Rule Id="C6515" Action="Error" />
<Rule Id="C6516" Action="Error" />
<Rule Id="C6517" Action="Error" />
<Rule Id="C6518" Action="Error" />
<Rule Id="C6522" Action="Error" />
<Rule Id="C6525" Action="Error" />
<Rule Id="C6527" Action="Error" />
<Rule Id="C6530" Action="Error" />
<Rule Id="C6540" Action="Error" />
<Rule Id="C6551" Action="Error" />
<Rule Id="C6552" Action="Error" />
<Rule Id="C6701" Action="Error" />
<Rule Id="C6702" Action="Error" />
<Rule Id="C6703" Action="Error" />
<Rule Id="C6704" Action="Error" />
<Rule Id="C6705" Action="Error" />
<Rule Id="C6706" Action="Error" />
<Rule Id="C6993" Action="Error" />
<Rule Id="C6995" Action="Error" />
<Rule Id="C6997" Action="Error" />
</Rules>
</RuleSet>