Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[config] Adding sei-cert rule mappings for clang diagnostics #4243

Merged
merged 3 commits into from
May 22, 2024

Conversation

dkrupp
Copy link
Member

@dkrupp dkrupp commented May 16, 2024

No description provided.

@dkrupp dkrupp requested review from bruntib and vodorok as code owners May 16, 2024 10:33
@dkrupp dkrupp force-pushed the sei_cert_clang_diag branch 2 times, most recently from 82dc3b6 to 8d49eaf Compare May 16, 2024 13:11
@dkrupp dkrupp requested a review from whisperity May 16, 2024 13:45
@whisperity whisperity added enhancement 🌟 clang-tidy 🐉 clang-tidy is a clang-based C++ “linter” tool. config ⚙️ labels May 16, 2024
@whisperity whisperity added this to the release 6.24.0 milestone May 16, 2024
analyzer/tests/functional/cmdline/test_cmdline.py Outdated Show resolved Hide resolved
config/labels/analyzers/clang-tidy.json Show resolved Hide resolved
config/labels/analyzers/clang-tidy.json Outdated Show resolved Hide resolved
config/labels/analyzers/clang-tidy.json Outdated Show resolved Hide resolved
config/labels/analyzers/clang-tidy.json Outdated Show resolved Hide resolved
@dkrupp dkrupp force-pushed the sei_cert_clang_diag branch from 8d49eaf to f3597ba Compare May 16, 2024 15:49
Copy link
Member Author

@dkrupp dkrupp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added all checkers to the security profile which were added to a sei-cert guideline mapping.

@dkrupp dkrupp requested a review from whisperity May 16, 2024 15:50
@dkrupp dkrupp force-pushed the sei_cert_clang_diag branch from f3597ba to 56ccfbb Compare May 16, 2024 15:56
config/labels/analyzers/clang-tidy.json Outdated Show resolved Hide resolved
config/labels/analyzers/clang-tidy.json Outdated Show resolved Hide resolved
config/labels/analyzers/clang-tidy.json Show resolved Hide resolved
config/labels/analyzers/clang-tidy.json Show resolved Hide resolved
config/labels/analyzers/clang-tidy.json Show resolved Hide resolved
config/labels/analyzers/clang-tidy.json Outdated Show resolved Hide resolved
config/labels/analyzers/clang-tidy.json Outdated Show resolved Hide resolved
config/labels/analyzers/clang-tidy.json Show resolved Hide resolved
config/labels/analyzers/clang-tidy.json Outdated Show resolved Hide resolved
@whisperity whisperity changed the title Adding sei-cert rule mappings for clang diagnostics [config] Adding sei-cert rule mappings for clang diagnostics May 17, 2024
Copy link
Member Author

@dkrupp dkrupp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we review our policy to set all clang warnings to MEDIUM? Why a warning cannot be low or high severity

config/labels/analyzers/clang-tidy.json Show resolved Hide resolved
config/labels/analyzers/clang-tidy.json Show resolved Hide resolved
@dkrupp dkrupp force-pushed the sei_cert_clang_diag branch from 1b49cdc to 56ccfbb Compare May 21, 2024 11:36
@whisperity
Copy link
Contributor

@dkrupp Okay, following up the consensus we reached in private: please, for all clang-diagnostic- "checkers" where we made a meaningful value judgement to deviate from the auto-generated (usually MEDIUM) severity, add the following label. Please also do this (and potential severity changes!) to what warnings I categorised in #4235.

"label-tool-skip:severity"

I will update the ongoing label-tool in either #4225 or an explicit follow-up patch to support ignoring labels based on these new meta-labels.

Adding sei cert checkers to the security profile.

Co-authored-by: whisperity <whisperity@gmail.com>
config/labels/analyzers/clang-tidy.json Outdated Show resolved Hide resolved
config/labels/analyzers/clang-tidy.json Outdated Show resolved Hide resolved
config/labels/analyzers/clang-tidy.json Outdated Show resolved Hide resolved
config/labels/analyzers/clang-tidy.json Outdated Show resolved Hide resolved
config/labels/analyzers/clang-tidy.json Outdated Show resolved Hide resolved
config/labels/analyzers/clang-tidy.json Outdated Show resolved Hide resolved
config/labels/analyzers/clang-tidy.json Outdated Show resolved Hide resolved
config/labels/analyzers/clang-tidy.json Outdated Show resolved Hide resolved
config/labels/analyzers/clang-tidy.json Outdated Show resolved Hide resolved
config/labels/analyzers/clang-tidy.json Outdated Show resolved Hide resolved
Adding label-tool-skip:severity to all checkers with verified severities

Co-authored-by: whisperity <whisperity@gmail.com>
@dkrupp dkrupp force-pushed the sei_cert_clang_diag branch from f2f39fa to a3cbae9 Compare May 22, 2024 11:48
@dkrupp dkrupp requested a review from whisperity May 22, 2024 12:03
@whisperity whisperity merged commit 04d27ab into Ericsson:master May 22, 2024
8 of 9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
clang-tidy 🐉 clang-tidy is a clang-based C++ “linter” tool. config ⚙️ enhancement 🌟
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants