diff --git a/.github/workflows/codeql-buildscript.sh b/.github/workflows/codeql-buildscript.sh new file mode 100644 index 00000000..6e2898a7 --- /dev/null +++ b/.github/workflows/codeql-buildscript.sh @@ -0,0 +1,448 @@ +#!/usr/bin/env bash + +sudo apt install python3-virtualenv +virtualenv -p /usr/bin/python2.7 temp-python +source temp-python/bin/activate + +echo " +# +# Automatically generated file; DO NOT EDIT. +# BitThunder Configuration +# +BT_CONFIG_CONFIGURED=y +BT_CONFIG_OS=y +# BT_CONFIG_LIB is not set + +# +# Build System (dbuild) +# +BT_CONFIG_DBUILD_PYTHON="/usr/bin/python" +BT_CONFIG_HOST_LINUX=y +# BT_CONFIG_HOST_WINDOWS is not set +# BT_CONFIG_HOST_OTHER is not set +BT_CONFIG_TOOLCHAIN="arm-none-eabi-" +BT_CONFIG_OPTIMISE_NONE=y +# BT_CONFIG_OPTIMISE_SIZE is not set +# BT_CONFIG_OPTIMISE_SPEED is not set +# BT_CONFIG_OPTIMISE_ULTRA_SPEED is not set +# BT_CONFIG_READABLE_ASM is not set +BT_CONFIG_WARN_NORMAL=y +# BT_CONFIG_WARN_ALL is not set +# BT_CONFIG_WARN_PEDANTIC is not set +# BT_CONFIG_WARN_ERROR is not set +# BT_CONFIG_WARN_ERROR_PEDANTIC is not set +BT_CONFIG_TOOLCHAIN_WARNING="" +BT_CONFIG_TOOLCHAIN_OPTIMISATION="-O0" +BT_CONFIG_TOOLCHAIN_DEBUG=y +BT_CONFIG_TOOLCHAIN_DEBUG_FLAGS="-g" + +# +# Build Configuration +# +BT_CONFIG_BUILD_NOSTDLIB=y +BT_CONFIG_BUILD_GC_UNUSED=y +BT_CONFIG_BUILD_DISASSEMBLE=y +# BT_CONFIG_BUILD_DISASSEMBLE_SOURCE is not set + +# +# System Architecture +# +BT_CONFIG_ARCH_ARM=y +# BT_CONFIG_ARCH_PPC is not set +BT_CONFIG_ARCH="arm" +BT_CONFIG_LITTLE_ENDIAN=y +BT_CONFIG_HAS_MMU=y + +# +# ARM Options +# +# BT_CONFIG_MACH_BCM2835 is not set +# BT_CONFIG_MACH_LPC11xx is not set +# BT_CONFIG_MACH_LPC17xx is not set +# BT_CONFIG_MACH_STM32 is not set +# BT_CONFIG_MACH_LM3Sxx is not set +BT_CONFIG_MACH_ZYNQ=y +BT_CONFIG_ARCH_ARM_CORTEX_A9=y +# BT_CONFIG_ARCH_ARM_ARMv6 is not set +BT_CONFIG_ARCH_ARM_ARMv7=y +BT_CONFIG_ARCH_ARM_ARMv7_A=y +BT_CONFIG_ARCH_ARM_FAMILY="armv7-a" +BT_CONFIG_TOOLCHAIN_CPU="cortex-a9" +# BT_CONFIG_TOOLCHAIN_FLOAT_HARD is not set +# BT_CONFIG_TOOLCHAIN_FLOAT_SOFTFP is not set +BT_CONFIG_TOOLCHAIN_FLOAT_SOFT=y +BT_CONFIG_TOOLCHAIN_MACH_FLAGS="" +BT_CONFIG_TOOLCHAIN_MFPU="-mfpu=neon" +BT_CONFIG_TOOLCHAIN_FPU_ABI="-mfloat-abi=soft" +BT_CONFIG_ARCH_ARM_HAS_NEON=y +BT_CONFIG_ARCH_ARM_BOOT=y +# BT_CONFIG_ARCH_HAVE_MPU is not set +# BT_CONFIG_KERNEL_FREERTOS_CA9_MODERN_PORT is not set +BT_CONFIG_LINKER_STACK_SIZE=0x100 +BT_CONFIG_BOARD_DEFCONFIG_FILE="zedboard.defconfig" +BT_CONFIG_MACH_RAM_START=0x0 +BT_CONFIG_MACH_RAM_SIZE=0x08000000 +BT_CONFIG_MACH_ZYNQ_PLATFORM=y +BT_CONFIG_ARCH_ARM_CORTEX_A9_MPCORE_BASE=0xF8F00000 +BT_CONFIG_CPU_CORES=2 +# BT_CONFIG_ZYNQ_MICROZED is not set +BT_CONFIG_ZYNQ_ZEDBOARD=y +# BT_CONFIG_ZYNQ_ZC702 is not set +# BT_CONFIG_ZYNQ_ZC706 is not set +# BT_CONFIG_ZYNQ_ZYBO is not set + +# +# Zynq Platform Options +# +BT_CONFIG_MACH_ZYNQ_XC7Z020=y + +# +# Startup Hooks +# +BT_CONFIG_MACH_ZYNQ_USE_STARTUP=y +# BT_CONFIG_MACH_ZYNQ_STARTUP_RAM_TEST is not set +# BT_CONFIG_MACH_ZYNQ_STARTUP_PS7INIT is not set +# BT_CONFIG_MACH_ZYNQ_STARTUP_INIT_GT is not set +# BT_CONFIG_MACH_ZYNQ_STARTUP_DDR_RELOCATE is not set +BT_CONFIG_MACH_ZYNQ_SYSCLOCK_FREQ=33333333 + +# +# Peripheral Selection +# + +# +# CAN devices +# +# BT_CONFIG_MACH_ZYNQ_CAN_0 is not set +# BT_CONFIG_MACH_ZYNQ_CAN_1 is not set + +# +# Device Configuration (FPGA loading) +# +# BT_CONFIG_MACH_ZYNQ_DEVCFG is not set + +# +# Gigabit Ethernet MACs +# +# BT_CONFIG_MACH_ZYNQ_GEM_0 is not set +# BT_CONFIG_MACH_ZYNQ_GEM_1 is not set + +# +# GPIO +# +# BT_CONFIG_MACH_ZYNQ_GPIO is not set + +# +# I2C devices +# +# BT_CONFIG_MACH_ZYNQ_I2C is not set +# BT_CONFIG_MACH_ZYNQ_I2C_0 is not set +# BT_CONFIG_MACH_ZYNQ_I2C_1 is not set + +# +# SDIO (SDCard Interfaces) +# +# BT_CONFIG_MACH_ZYNQ_SDIO is not set +# BT_CONFIG_MACH_ZYNQ_SDIO_0 is not set +# BT_CONFIG_MACH_ZYNQ_SDIO_1 is not set +# BT_CONFIG_MACH_ZYNQ_QSPI is not set + +# +# UART devices +# +# BT_CONFIG_MACH_ZYNQ_UART is not set +# BT_CONFIG_MACH_ZYNQ_UART_0 is not set +# BT_CONFIG_MACH_ZYNQ_UART_1 is not set +# BT_CONFIG_MACH_ZYNQ_BOOTLOG_UART_0 is not set +# BT_CONFIG_MACH_ZYNQ_BOOTLOG_UART_1 is not set +BT_CONFIG_MACH_ZYNQ_BOOTLOG_NULL=y +BT_CONFIG_SUBARCH="zynq" + +# +# Memory +# +BT_CONFIG_LINKER_MEMORY_DEFINED=y +# BT_CONFIG_LINKER_MACH_FLASH is not set +# BT_CONFIG_LINKER_MACH_SRAM is not set +BT_CONFIG_LINKER_MACH_RAM=y +# BT_CONFIG_LINKER_MACH_INIT_SECTION_IN_FLASH is not set +# BT_CONFIG_LINKER_MACH_INIT_SECTION_IN_SRAM is not set +BT_CONFIG_LINKER_MACH_INIT_SECTION_IN_RAM=y +# BT_CONFIG_LINKER_MACH_TEXT_SECTION_IN_FLASH is not set +# BT_CONFIG_LINKER_MACH_TEXT_SECTION_IN_SRAM is not set +BT_CONFIG_LINKER_MACH_TEXT_SECTION_IN_RAM=y +# BT_CONFIG_LINKER_MACH_DATA_SECTION_IN_FLASH is not set +# BT_CONFIG_LINKER_MACH_DATA_SECTION_IN_SRAM is not set +BT_CONFIG_LINKER_MACH_DATA_SECTION_IN_RAM=y +# BT_CONFIG_LINKER_MACH_BSS_SECTION_IN_FLASH is not set +# BT_CONFIG_LINKER_MACH_BSS_SECTION_IN_SRAM is not set +BT_CONFIG_LINKER_MACH_BSS_SECTION_IN_RAM=y +# BT_CONFIG_LINKER_SECTION_FLASH is not set +BT_CONFIG_LINKER_FLASH_RESERVED=0x0 +# BT_CONFIG_LINKER_SECTION_SRAM is not set +BT_CONFIG_LINKER_SRAM_RESERVED=0x0 +BT_CONFIG_LINKER_HEAP_DOWN=0x0 +BT_CONFIG_LINKER_SECTION_RAM=y +BT_CONFIG_LINKER_RAM_START_ADDRESS=0x0 +BT_CONFIG_LINKER_RAM_LENGTH=0x08000000 +BT_CONFIG_LINKER_INIT_SECTION_RAM=y +BT_CONFIG_LINKER_TEXT_SECTION_RAM=y +BT_CONFIG_LINKER_DATA_SECTION_RAM=y +BT_CONFIG_LINKER_BSS_SECTION_RAM=y +BT_CONFIG_ARCH_ARM_IRQ_STACK=y +BT_CONFIG_LINKER_IRQ_STACK_SIZE=0x100 +# BT_CONFIG_ARCH_ARM_FULL_INIT is not set +# BT_CONFIG_ARCH_ARM_THUMB is not set +BT_CONFIG_ARCH_ARM_THUMB_INTERWORK=y +BT_CONFIG_KERNEL_CFLAGS_REMOVE="" + +# +# OS Features +# + +# +# Process Manager +# +BT_CONFIG_MAX_PROCESS_NAME=10 +# BT_CONFIG_PROCESS_CWD is not set +# BT_CONFIG_ALIVE_LED is not set + +# +# GPIOs +# +BT_CONFIG_MAX_GPIO_CONTROLLERS=1 + +# +# Interrupts +# +BT_CONFIG_MAX_INTERRUPT_CONTROLLERS=1 +# BT_CONFIG_INTERRUPTS_SOFTIRQ is not set + +# +# Tasklets +# +# BT_CONFIG_TASKLETS is not set + +# +# Filesystems +# +BT_CONFIG_FS=y +# BT_CONFIG_INODE is not set +# BT_CONFIG_FS_DEV_DYNAMIC_REGISTRATION is not set +# BT_CONFIG_FS_FULLFAT is not set +# BT_CONFIG_FS_EXT2 is not set + +# +# Loader +# +# BT_CONFIG_LOADER is not set + +# +# Networking +# +# BT_CONFIG_NET is not set +# BT_CONFIG_SUPPORTS_UDP is not set +# BT_CONFIG_SUPPORTS_TCP is not set +# BT_CONFIG_SUPPORTS_DHCP is not set +# BT_CONFIG_SUPPORTS_IGMP is not set +# BT_CONFIG_NET_LWIP is not set + +# +# lwIP options +# +BT_CONFIG_USE_TCP=0 +BT_CONFIG_USE_UDP=0 +BT_CONFIG_USE_DHCP=0 +BT_CONFIG_USE_IGMP=0 + +# +# Memory Management +# +# BT_CONFIG_MEM_PAGE_ALLOCATOR is not set +# BT_CONFIG_MEM_PAGE_COHERENT_POOL is not set +BT_CONFIG_MEM_KHEAP=y +# BT_CONFIG_USE_VIRTUAL_ADDRESSING is not set +BT_CONFIG_RAM_PHYS=0x0 +BT_CONFIG_RAM_VIRT=0x0 +# BT_CONFIG_TRACE_MALLOC is not set + +# +# Kernel Shell +# +# BT_CONFIG_SHELL is not set + +# +# Commands +# +# BT_CONFIG_SHELL_JIMTCL is not set +# BT_CONFIG_SHELL_MICROPYTHON is not set + +# +# System Calls +# +# BT_CONFIG_SYSCALL is not set + +# +# Syslog +# +# BT_CONFIG_SYSLOG_REMOVE_PRINTK is not set +# BT_CONFIG_SYSLOG_SYSTICK is not set +# BT_CONFIG_SYSLOG_LINE_ENDINGS_CR is not set +BT_CONFIG_SYSLOG_LINE_ENDINGS_LF=y +# BT_CONFIG_SYSLOG_LINE_ENDINGS_CRLF is not set +# BT_CONFIG_SYSLOG_LINE_ENDINGS_LFCR is not set + +# +# Time +# +BT_CONFIG_TIME_CLOCK_SOURCE="/dev/rtc0" + +# +# Library Support +# +BT_CONFIG_LIB_PRINTF=y + +# +# printf features +# +BT_CONFIG_LIB_PRINTF_SUPPORT_HEX=y +# BT_CONFIG_OF is not set +BT_CONFIG_CACHE_MAINTENANCE=y +BT_CONFIG_MAIN_TASK_STACK_DEPTH=512 +BT_CONFIG_MAIN_TASK_PRIORITY=0 +BT_CONFIG_INHERIT_STDIO_FROM_KERNEL=y +BT_CONFIG_MULTITHREADED_INIT=y +BT_CONFIG_INIT_WELCOME=y +# BT_CONFIG_INIT_SHELL is not set +# BT_CONFIG_INIT_FORK is not set + +# +# Subsystems +# +# BT_CONFIG_BLOCK is not set +# BT_CONFIG_BLOCK_SCHEDULER is not set +# BT_CONFIG_BLOCK_SCHEDULER_THREAD_PER_DEVICE is not set +# BT_CONFIG_VOLUME is not set +BT_CONFIG_FILE=y +# BT_CONFIG_DIR is not set +# BT_CONFIG_I2C is not set +# BT_CONFIG_ADC is not set +# BT_CONFIG_DAC is not set +# BT_CONFIG_QEI is not set +# BT_CONFIG_MCPWM is not set +# BT_CONFIG_PWM is not set +# BT_CONFIG_TIMER is not set +# BT_CONFIG_MTD is not set +# BT_CONFIG_RTC is not set +# BT_CONFIG_SPI is not set +# BT_CONFIG_CAN is not set +BT_CONFIG_UART=y +BT_CONFIG_THREADS=y +BT_CONFIG_PROCESS=y +BT_CONFIG_TIMERS=y + +# +# Drivers +# + +# +# Configure all required driver sub-systems +# + +# +# Block Devices +# +# BT_CONFIG_DRIVERS_BLOCK is not set +# BT_CONFIG_DRIVERS_BLOCK_RAMDISK is not set + +# +# GPIO Devices +# +# BT_CONFIG_DRIVERS_GPIO is not set + +# +# I2C GPIO Expanders +# +# BT_CONFIG_DRIVERS_GPIO_I2C_MAX7312 is not set + +# +# DAC Devices +# +# BT_CONFIG_DRIVERS_DAC is not set + +# +# I2C DAC's +# +# BT_CONFIG_DRIVERS_DAC_I2C_MCP4728 is not set + +# +# ADC Devices +# +# BT_CONFIG_DRIVERS_ADC is not set + +# +# SPI ADC's +# +# BT_CONFIG_DRIVERS_ADC_SPI_MAX1231 is not set + +# +# I2C ADC's +# +# BT_CONFIG_DRIVERS_ADC_I2C_MAX1363 is not set + +# +# MMC / SDCard Subsystem +# +# BT_CONFIG_DRIVERS_MMC is not set + +# +# Host Controllers +# + +# +# MTD Devices +# +# BT_CONFIG_DRIVERS_MTD is not set + +# +# SPI Flash devices +# +# BT_CONFIG_DRIVERS_MTD_M25P80 is not set + +# +# Network Controllers +# +# BT_CONFIG_DRIVERS_NET is not set + +# +# PHYs +# +# BT_CONFIG_DRIVERS_NET_PHY_MARVELL is not set + +# +# RTC Devices +# +# BT_CONFIG_DRIVERS_RTC is not set + +# +# I2C RTC devices +# +# BT_CONFIG_DRIVERS_RTC_I2C_DS1338 is not set + +# +# Kernel Options +# +# BT_CONFIG_KERNEL_NONE is not set +BT_CONFIG_KERNEL_FREERTOS=y +# BT_CONFIG_KERNEL_BT is not set + +# +# FreeRTOS Specific options +# +# BT_CONFIG_KERNEL_FREERTOS_NEWLIB_REENTRANCY_SUPPORT is not set +BT_CONFIG_KERNEL_TICK_RATE=1000 +# BT_CONFIG_KERNEL_SYMBOLS is not set +" > .config + +#make menuconfig +make -j$(nproc) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 00000000..56454f22 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,127 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL" + +on: + # push: + # branches: [ "main", "master" ] + schedule: + - cron: '0 0 * * *' + pull_request: + branches: '*' + +jobs: + analyze: + name: Analyze + # Runner size impacts CodeQL analysis time. To learn more, please see: + # - https://gh.io/recommended-hardware-resources-for-running-codeql + # - https://gh.io/supported-runners-and-hardware-resources + # - https://gh.io/using-larger-runners + # Consider using larger runners for possible analysis time improvements. + runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-20.04' }} + timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }} + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ 'cpp' ] + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'swift' ] + # Use only 'java' to analyze code written in Java, Kotlin or both + # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both + # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + with: + submodules: recursive + + - name: arm-none-eabi-gcc GNU Arm Embedded Toolchain + uses: carlosperate/arm-none-eabi-gcc-action@v1.6.0 + with: + release: '10.3-2021.10' + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + + # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs + # queries: security-extended,security-and-quality + queries: security-and-quality + + + # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift). + # If this step fails, then you should remove it and run the build manually (see below) + #- name: Autobuild + # uses: github/codeql-action/autobuild@v2 + + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun + + # If the Autobuild fails above, remove it and uncomment the following three lines. + # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. + + - run: | + ./.github/workflows/codeql-buildscript.sh + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 + with: + category: "/language:${{matrix.language}}" + upload: false + id: step1 + + # Filter out rules with low severity or high false positve rate + # Also filter out warnings in third-party code + - name: Filter out unwanted errors and warnings + uses: advanced-security/filter-sarif@v1 + with: + patterns: | + -**:cpp/path-injection + -**:cpp/world-writable-file-creation + -**:cpp/poorly-documented-function + -**:cpp/potentially-dangerous-function + -**:cpp/use-of-goto + -**:cpp/integer-multiplication-cast-to-long + -**:cpp/comparison-with-wider-type + -**:cpp/leap-year/* + -**:cpp/ambiguously-signed-bit-field + -**:cpp/suspicious-pointer-scaling + -**:cpp/suspicious-pointer-scaling-void + -**:cpp/unsigned-comparison-zero + -**/third*party/** + -**/3rd*party/** + -**/external/** + input: ${{ steps.step1.outputs.sarif-output }}/cpp.sarif + output: ${{ steps.step1.outputs.sarif-output }}/cpp.sarif + + - name: Upload SARIF + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: ${{ steps.step1.outputs.sarif-output }} + category: "/language:${{matrix.language}}" + + - name: Archive CodeQL results + uses: actions/upload-artifact@v3 + with: + name: codeql-results + path: ${{ steps.step1.outputs.sarif-output }} + retention-days: 5 \ No newline at end of file diff --git a/.github/workflows/fail_on_error.py b/.github/workflows/fail_on_error.py new file mode 100755 index 00000000..29791742 --- /dev/null +++ b/.github/workflows/fail_on_error.py @@ -0,0 +1,34 @@ +#!/usr/bin/env python3 + +import json +import sys + +# Return whether SARIF file contains error-level results +def codeql_sarif_contain_error(filename): + with open(filename, 'r') as f: + s = json.load(f) + + for run in s.get('runs', []): + rules_metadata = run['tool']['driver']['rules'] + if not rules_metadata: + rules_metadata = run['tool']['extensions'][0]['rules'] + + for res in run.get('results', []): + if 'ruleIndex' in res: + rule_index = res['ruleIndex'] + elif 'rule' in res and 'index' in res['rule']: + rule_index = res['rule']['index'] + else: + continue + try: + rule_level = rules_metadata[rule_index]['defaultConfiguration']['level'] + except IndexError as e: + print(e, rule_index, len(rules_metadata)) + else: + if rule_level == 'error': + return True + return False + +if __name__ == "__main__": + if codeql_sarif_contain_error(sys.argv[1]): + sys.exit(1)