You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@@ -54,10 +55,10 @@ The _CodeQL Coding Standards_ product is a set of CodeQL queries for identifying
54
55
55
56
56
57
Not all rules in these standards are amenable to static analysis by CodeQL - some rules require external or domain specific knowledge to validate, or refer to properties which are not present in the our representation of the codebase under analysis. For each rule we therefore identify whether it is supportable or not. Furthermore, a rule can be supported in two ways:
57
-
58
+
58
59
-**Automated** - the queries for the rule find contraventions directly.
59
60
-**Audit only** - the queries for the rule does not find contraventions directly, but instead report a list of _candidates_ that can be used as input into a manual audit. For example, `A10-0-1` (_Public inheritance shall be used to implement 'is-a' relationship_) is not directly amenable to static analysis, but CodeQL can be used to produce a list of all the locations that use public inheritance so they can be manually reviewed.
60
-
61
+
61
62
Each supported rule is implemented as one or more CodeQL queries, with each query covering an aspect of the rule. In many coding standards, the rules cover non-trivial semantic properties of the codebase under analysis.
62
63
63
64
The datasheet _"CodeQL Coding Standards: supported rules"_, provided with each release, lists which rules are supported for that particular release, and the _scope of analysis_ for that rule.
@@ -112,7 +113,7 @@ Use of the queries outside these scenarios is possible, but not validated for fu
112
113
### Analysis report requirements
113
114
114
115
The Coding Standards ships with scripts to generate reports that summarizes:
115
-
116
+
116
117
- The integrity and validity of the CodeQL database created for the project.
117
118
- The findings reported by the default queries for the selected Coding Standards, grouped by categories as specified by MISRA Compliance 2020.
118
119
- The CodeQL dependencies used for the analysis, and whether they comply with the stated requirements.
@@ -133,7 +134,7 @@ This section describes how to operate the "CodeQL Coding Standards".
133
134
You must download a compatible version of the CodeQL CLI and CodeQL Standard Library for C++.
134
135
135
136
**Option 1:** Use the CodeQL CLI bundle, which includes both required components:
136
-
1. Download the CodeQL CLI bundle from the [`github/codeql-action` releases page](https://github.com/github/codeql-action/releases).
137
+
1. Download the CodeQL CLI bundle from the [`github/codeql-action` releases page](https://github.com/github/codeql-action/releases).
137
138
2. Expand the compressed archive to a specified location on your machine.
138
139
3.[Optional] Add the CodeQL CLI to your user or system path.
139
140
@@ -154,7 +155,7 @@ In order to run the Coding Standards queries you must first build a CodeQL datab
154
155
155
156
The database can be created using the CodeQL CLI like so:
@@ -249,6 +250,7 @@ This will produce a directory (`<output_directory>`) containing the following re
249
250
The CodeQL Coding Standards supports the following features from the [MISRA Compliance 2020](https://www.misra.org.uk/app/uploads/2021/06/MISRA-Compliance-2020.pdf) document:
250
251
-_Deviation records_ - an entry that states a particular instance, or set of instances, of a rule should be considered permitted.
251
252
-_Deviation permit_ - an entry that provides authorization to apply a deviation to a project.
253
+
-_Guideline recategorization plan_ - an agreement on how the guidelines are applied. Whether a guideline may be violated, deviated from, or must always be applied.
252
254
253
255
##### Deviation records
254
256
@@ -305,7 +307,7 @@ The activation of the deviation mechanism requires an extra step in the database
305
307
This extra step is the invocation of the Python script `path/to/codeql-coding-standards/scripts/configuration/process_coding_standards_config.py` that is part of the coding standards code scanning pack.
@@ -373,6 +375,55 @@ Unlike _deviation records_ their location in the source directory does not impac
373
375
374
376
This means that _deviation permits_ can be made available at build time by any means available.
375
377
An example of importing _deviation permits_ is through a [Git Submodule](https://git-scm.com/book/en/v2/Git-Tools-Submodules) that contains a repository of allowed _deviation permits_.
378
+
379
+
##### Guideline recategorization plan
380
+
381
+
The current implementation supports a _guideline recategorization plan_ as described in the [MISRA Compliance:2020](https://www.misra.org.uk/app/uploads/2021/06/MISRA-Compliance-2020.pdf) section *5 The guideline re-categorization plan*.
382
+
383
+
A recategorization plan provides a mechanism to adjust the policy associated with a guideline that determines whether it may be violated or not and if it may be violated whether a deviation is required.
384
+
Each guideline recategorization **must** be specified in the `guideline-recategorizations` section of a `coding-standards.yml` file that **must** be anywhere in the source repository.
385
+
386
+
A guideline recategorization specification **must** specify a `rule-id`, an identifier for the coding standards rule the recategorization applies to, and a `category`, a category that can be any of `disapplied`, `advisory`, `required`, or `mandatory`.
387
+
388
+
An example guideline recategorization section is:
389
+
390
+
```yaml
391
+
guideline-recategorizations:
392
+
- rule-id: "A0-1-1"
393
+
category: "mandatory"
394
+
- rule-id: "A0-1-6"
395
+
category: "disapplied"
396
+
- rule-id: "A11-0-1"
397
+
category: "mandatory"
398
+
```
399
+
400
+
Application of the guideline recategorization plan to the analysis results requires an additional post-processing step.
401
+
The post-processing step is implemented by the Python script `path/to/codeql-coding-standards/scripts/guideline_recategorization/recategorize.py`.
402
+
The script will update the `external/<standard>/obligation/<category>` tag for each query implementing a recategorized guideline such that `<category>` is equal to the new category and
403
+
add the tag `external/<standard>/original-obligation/<category` to each query implementing a recategorized guideline such that `<category>` reflects the orignal category.
The `recategorize.py` scripts has a dependencies on the following Python packages that can be installed with the command `pip install -r path/to/codeql-coding-standards/scripts/guideline_recategorization/requirements.txt`:
The schema files **must** be available in the same directory as the `recategorize.py` file or in any ancestor directory.
426
+
376
427
### GitHub Advanced Security and LGTM
377
428
378
429
The only use cases that will be certified under ISO 26262 are those listed above. CodeQL Coding Standards is also compatible with, but not certified for, the following use cases:
0 commit comments