diff --git a/.github/workflows/README.md b/.github/workflows/README.md index 2a7a43266..6c256c0ef 100644 --- a/.github/workflows/README.md +++ b/.github/workflows/README.md @@ -23,7 +23,7 @@ This action builds and tests the cFS bundle omitting deprecated code in both RTE Build and Test in RTEMS 4.11 and 5 runs for every push and every pull request on all branches of cFS in Github Actions. ## CodeQL Analysis -[![CodeQL Analaysis](https://github.com/nasa/cfs/actions/workflows/codeql-build.yml/badge.svg)](https://github.com/nasa/cfs/actions/workflows/codeql-build.yml) +[![CodeQL Analysis](https://github.com/nasa/cfs/actions/workflows/codeql-build.yml/badge.svg)](https://github.com/nasa/cfs/actions/workflows/codeql-build.yml) This action runs GitHub's static analysis engine, CodeQL, against our repository's source code to find security vulnerabilities. It then automatically uploads the results to GitHub so they can be displayed in the repository's code scanning alerts found under the security tab. CodeQL runs an extensible set of [queries](https://github.com/github/codeql), which have been developed by the community and the [GitHub Security Lab](https://securitylab.github.com/) to find common vulnerabilities in your code. @@ -33,8 +33,8 @@ For the CodeQL GitHub Actions setup, visit https://github.com/github/codeql-acti Our CodeQL action uses a configuration file to use specific queries, which can be found at [.github/codeql](https://github.com/nasa/cFS/tree/main/.github/codeql). -## Static Analaysis -[![Static Analaysis](https://github.com/nasa/cfs/actions/workflows/static-analysis.yml/badge.svg)](https://github.com/nasa/cfs/actions/workflows/static-analysis.yml) +## Static Analysis +[![Static Analysis](https://github.com/nasa/cfs/actions/workflows/static-analysis.yml/badge.svg)](https://github.com/nasa/cfs/actions/workflows/static-analysis.yml) This action runs a static analysis tool for C/C++ code known as cppcheck. Cppcheck is designed to be able to analyze C/C++ code even if it has non-standard syntax, which is common in embedded projects. diff --git a/.github/workflows/static-analysis-misra.yml b/.github/workflows/static-analysis-misra.yml new file mode 100644 index 000000000..0c513f228 --- /dev/null +++ b/.github/workflows/static-analysis-misra.yml @@ -0,0 +1,88 @@ +name: Static Analysis with MISRA + +# Run this workflow manually from the Actions tab +on: + workflow_dispatch: + +jobs: + #Checks for duplicate actions. Skips push actions if there is a matching or duplicate pull-request action. + check-for-duplicates: + runs-on: ubuntu-latest + # Map a step output to a job output + outputs: + should_skip: ${{ steps.skip_check.outputs.should_skip }} + steps: + - id: skip_check + uses: fkirc/skip-duplicate-actions@master + with: + concurrent_skipping: 'same_content' + skip_after_successful_duplicate: 'true' + do_not_skip: '["pull_request", "workflow_dispatch", "schedule"]' + + misra-analysis: + #Continue if check-for-duplicates found no duplicates. Always runs for pull-requests. + needs: check-for-duplicates + if: ${{ needs.check-for-duplicates.outputs.should_skip != 'true' }} + name: Run cppcheck with misra + runs-on: ubuntu-latest + + strategy: + fail-fast: false + matrix: + cppcheck: [bundle, cfe, osal, psp] + + steps: + - name: Install cppcheck + run: sudo apt-get install cppcheck -y + + # Checks out a copy of the cfs bundle + - name: Checkout code + uses: actions/checkout@v2 + with: + submodules: true + + - name: get MISRA addon + run: | + sudo apt-get install git -y + git clone https://github.com/danmar/cppcheck.git + cp cppcheck/addons/misra.py misra.py + cp cppcheck/addons/cppcheckdata.py cppcheckdata.py + cp cppcheck/addons/misra_9.py misra_9.py + + - name: Run bundle cppcheck + if: ${{matrix.cppcheck =='bundle'}} + run: | + cppcheck --addon=misra --force --inline-suppr --quiet . 2> ${{matrix.cppcheck}}_cppcheck_err.txt + + # Run strict static analysis for embedded portions of cfe, osal, and psp + - name: cfe strict cppcheck + if: ${{matrix.cppcheck =='cfe'}} + run: | + cd ${{matrix.cppcheck}} + cppcheck --addon=misra --force --inline-suppr --std=c99 --language=c --enable=warning,performance,portability,style --suppress=variableScope --inconclusive ./modules/core_api/fsw ./modules/core_private/fsw ./modules/es/fsw ./modules/evs/fsw ./modules/fs/fsw ./modules/msg/fsw ./modules/resourceid/fsw ./modules/sb/fsw ./modules/sbr/fsw ./modules/tbl/fsw ./modules/time/fsw -UCFE_PLATFORM_TIME_CFG_CLIENT -DCFE_PLATFORM_TIME_CFG_SERVER 2> ../${{matrix.cppcheck}}_cppcheck_err.txt + + - name: osal strict cppcheck + if: ${{matrix.cppcheck =='osal'}} + run: | + cd ${{matrix.cppcheck}} + cppcheck --addon=misra --force --inline-suppr --std=c99 --language=c --enable=warning,performance,portability,style --suppress=variableScope --inconclusive ./src/bsp ./src/os 2> ../${{matrix.cppcheck}}_cppcheck_err.txt + + - name: psp strict cppcheck + if: ${{matrix.cppcheck =='psp'}} + run: | + cd ${{matrix.cppcheck}} + cppcheck --addon=misra --force --inline-suppr --std=c99 --language=c --enable=warning,performance,portability,style --suppress=variableScope --inconclusive ./fsw 2> ../${{matrix.cppcheck}}_cppcheck_err.txt + + - name: Archive Static Analysis Artifacts + uses: actions/upload-artifact@v2 + with: + name: ${{matrix.cppcheck}}-cppcheck-err + path: ./*cppcheck_err.txt + + - name: Check for errors + run: | + if [[ -s ${{matrix.cppcheck}}_cppcheck_err.txt ]]; + then + cat ${{matrix.cppcheck}}_cppcheck_err.txt + exit -1 + fi diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 40644263b..6d9e63734 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -228,7 +228,7 @@ git push --force ## Writing High-Quality Code 1. Follow cFS code conventions (formatting, symbol naming, file naming, etc). Do *not* change/reformat existing code, except to address your changes. - - The cFS submodules uses the Format Check workflow to ensure users follow the [clang-format-10](https://github.com/nasa/cFS/blob/main/.clang-format) style. For more information on how to use the Format Check workflow, view [Using GitHub Actions Workflows](#using-github-actions-workflows). + - The cFS submodules use the Format Check workflow to ensure users follow the [clang-format-10](https://github.com/nasa/cFS/blob/main/.clang-format) style. For more information on how to use the Format Check workflow, view [Using GitHub Actions Workflows](#using-github-actions-workflows). - The [cFS_IdentifierNamingConvention document](https://github.com/nasa/cFE/blob/main/docs/cFS_IdentifierNamingConvention.md) provides a simple naming convention guide for cFE/cFS for commands and telemetry that simplifies the EDS to ground telemetry and commands database conversion. - The [cFE Application Developers Guide](https://github.com/nasa/cFE/blob/main/docs/cFE%20Application%20Developers%20Guide.md) contains code conventions such as naming conventions for header files. @@ -240,7 +240,7 @@ git push --force 5. Review the static code analyses results from the Static Analysis and CodeQL Analysis workflows. For more information on how to use these workflows, view [Using GitHub Actions Workflows](#using-github-actions-workflows). - Push code changes to the appropriate forked repository. - - Go to the Actions tab and enable GitHub Actions Workflow. The CodeQL Analyis and Static Analysis will be triggered for all pushed code. + - Go to the Actions tab and enable GitHub Actions Workflow. The CodeQL Analysis and Static Analysis will be triggered for all pushed code. - Review these workflows for any warnings or errors. - Once successful, create a pull request. @@ -264,7 +264,7 @@ All of our workflows will be available for forked repositories once enabled. To 1. Navigate to Actions in the selected repository. For newly forked repositories, enable workflows after clicking on Actions. 2. In the left sidebar, click the workflow you want to view. 3. From the list of workflow runs, click the name of the run you want to see. -4. Scroll to the bottom of the page and download the artifacts. For CodeQL results, navigate to the Security Tab and click Code scanning alerts. CodeQL results will only be avaiable on your forked repository. +4. Scroll to the bottom of the page and download the artifacts. For CodeQL results, navigate to the Security Tab and click Code scanning alerts. CodeQL results will only be available on your forked repository. or @@ -300,6 +300,6 @@ Before you [report bugs](#report-bugs) or submit [feature requests](#feature-req * [elf2cfetbl Issues](https://github.com/nasa/elf2cfetbl/tree/6762b1c3b455665dae57e35f14a50fe327830391) * [tblCRCTool Issues](https://github.com/nasa/tblCRCTool/tree/b02864ba56b12e00ab152225e3e8f9d6c039d48c) -If your bug or feature hasn't been reported or requested before, create a new issue in the appropriate repository. If it you find a similar issue, please add a comment on it with your experience or input. +If your bug or feature hasn't been reported or requested before, create a new issue in the appropriate repository. If you find a similar issue, please add a comment on it with your experience or input. Please ensure that your name is associated with your github profile before contributing. diff --git a/SECURITY.md b/SECURITY.md index 97b27b98b..59dc33bed 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -4,7 +4,7 @@ For general cFS vulnerabilities, please [open a cFS framework issue](https://github.com/nasa/cfs/issues/new/choose). Please use the "Bug Report" template and provide as much information as possible. Apply appropriate labels for each report. -For security related vulnerabilities, follow the general cFS vulnerabilites instructions and tag the issue with the "security" label. +For security related vulnerabilities, follow the general cFS vulnerabilities instructions and tag the issue with the "security" label. ## Security Reports diff --git a/cfe b/cfe index a0c2de629..5e4133097 160000 --- a/cfe +++ b/cfe @@ -1 +1 @@ -Subproject commit a0c2de62934e61a93bb4282c0fc784cf4be50da9 +Subproject commit 5e41330979586bcdb113f491ea6c38ff9975fc72 diff --git a/osal b/osal index ce11e7a20..2cd118e76 160000 --- a/osal +++ b/osal @@ -1 +1 @@ -Subproject commit ce11e7a20d4fd9176469659acb1ee3b371ba4291 +Subproject commit 2cd118e76d4609033654df2f20483d7f5a592ce5