You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Not all rules in these standards are amenable to static analysis by CodeQL - some rules require external or domain specific knowledge to validate, or refer to properties which are not present in the our representation of the codebase under analysis. For each rule we therefore identify whether it is supportable or not. Furthermore, a rule can be supported in two ways:
53
-
54
+
54
55
-**Automated** - the queries for the rule find contraventions directly.
55
56
-**Audit only** - the queries for the rule does not find contraventions directly, but instead report a list of _candidates_ that can be used as input into a manual audit. For example, `A10-0-1` (_Public inheritance shall be used to implement 'is-a' relationship_) is not directly amenable to static analysis, but CodeQL can be used to produce a list of all the locations that use public inheritance so they can be manually reviewed.
56
-
57
+
57
58
Each supported rule is implemented as one or more CodeQL queries, with each query covering an aspect of the rule. In many coding standards, the rules cover non-trivial semantic properties of the codebase under analysis.
58
59
59
60
The datasheet _"CodeQL Coding Standards: supported rules"_, provided with each release, lists which rules are supported for that particular release, and the _scope of analysis_ for that rule.
@@ -93,7 +94,7 @@ In addition, the machine which performs the analysis must be able to complete a
93
94
### Analysis report requirements
94
95
95
96
The Coding Standards ships with scripts to generate reports that summarizes:
96
-
97
+
97
98
- The integrity and validity of the CodeQL database created for the project.
98
99
- The findings reported by the default queries for the selected Coding Standards, grouped by categories as specified by MISRA Compliance 2020.
99
100
- The CodeQL dependencies used for the analysis, and whether they comply with the stated requirements.
@@ -114,7 +115,7 @@ This section describes how to operate the "CodeQL Coding Standards".
114
115
You must download a compatible version of the CodeQL CLI and CodeQL Standard Library for C++.
115
116
116
117
**Option 1:** Use the CodeQL CLI bundle, which includes both required components:
117
-
1. Download the CodeQL CLI bundle from the [`github/codeql-action` releases page](https://github.com/github/codeql-action/releases).
118
+
1. Download the CodeQL CLI bundle from the [`github/codeql-action` releases page](https://github.com/github/codeql-action/releases).
118
119
2. Expand the compressed archive to a specified location on your machine.
119
120
3.[Optional] Add the CodeQL CLI to your user or system path.
120
121
@@ -135,7 +136,7 @@ In order to run the Coding Standards queries you must first build a CodeQL datab
135
136
136
137
The database can be created using the CodeQL CLI like so:
@@ -230,6 +231,7 @@ This will produce a directory (`<output_directory>`) containing the following re
230
231
The CodeQL Coding Standards supports the following features from the [MISRA Compliance 2020](https://www.misra.org.uk/app/uploads/2021/06/MISRA-Compliance-2020.pdf) document:
231
232
-_Deviation records_ - an entry that states a particular instance, or set of instances, of a rule should be considered permitted.
232
233
-_Deviation permit_ - an entry that provides authorization to apply a deviation to a project.
234
+
-_Guideline recategorization plan_ - an agreement on how the guidelines are applied. Whether a guideline may be violated, deviated from, or must always be applied.
233
235
234
236
##### Deviation records
235
237
@@ -286,7 +288,7 @@ The activation of the deviation mechanism requires an extra step in the database
286
288
This extra step is the invocation of the Python script `path/to/codeql-coding-standards/scripts/configuration/process_coding_standards_config.py` that is part of the coding standards code scanning pack.
@@ -354,6 +356,55 @@ Unlike _deviation records_ their location in the source directory does not impac
354
356
355
357
This means that _deviation permits_ can be made available at build time by any means available.
356
358
An example of importing _deviation permits_ is through a [Git Submodule](https://git-scm.com/book/en/v2/Git-Tools-Submodules) that contains a repository of allowed _deviation permits_.
359
+
360
+
##### Guideline recategorization plan
361
+
362
+
The current implementation supports a _guideline recategorization plan_ as described in the [MISRA Compliance:2020](https://www.misra.org.uk/app/uploads/2021/06/MISRA-Compliance-2020.pdf) section *5 The guideline re-categorization plan*.
363
+
364
+
A recategorization plan provides a mechanism to adjust the policy associated with a guideline that determines whether it may be violated or not and if it may be violated whether a deviation is required.
365
+
Each guideline recategorization **must** be specified in the `guideline-recategorizations` section of a `coding-standards.yml` file that **must** be anywhere in the source repository.
366
+
367
+
A guideline recategorization specification **must** specify a `rule-id`, an identifier for the coding standards rule the recategorization applies to, and a `category`, a category that can be any of `disapplied`, `advisory`, `required`, or `mandatory`.
368
+
369
+
An example guideline recategorization section is:
370
+
371
+
```yaml
372
+
guideline-recategorizations:
373
+
- rule-id: "A0-1-1"
374
+
category: "mandatory"
375
+
- rule-id: "A0-1-6"
376
+
category: "disapplied"
377
+
- rule-id: "A11-0-1"
378
+
category: "mandatory"
379
+
```
380
+
381
+
Application of the guideline recategorization plan to the analysis results requires an additional post-processing step.
382
+
The post-processing step is implemented by the Python script `path/to/codeql-coding-standards/scripts/guideline_recategorization/recategorize.py`.
383
+
The script will update the `external/<standard>/obligation/<category>` tag for each query implementing a recategorized guideline such that `<category>` is equal to the new category and
384
+
add the tag `external/<standard>/original-obligation/<category` to each query implementing a recategorized guideline such that `<category>` reflects the orignal category.
The `recategorize.py` scripts has a dependencies on the following Python packages that can be installed with the command `pip install -r path/to/codeql-coding-standards/scripts/guideline_recategorization/requirements.txt`:
The schema files **must** be available in the same directory as the `recategorize.py` file or in any ancestor directory.
407
+
357
408
### GitHub Advanced Security and LGTM
358
409
359
410
The only use cases that will be certified under ISO 26262 are those listed above. CodeQL Coding Standards is also compatible with, but not certified for, the following use cases:
0 commit comments