Switch to CodeQL to detect prohibited function use

The LLVM/Clang developers pointed out that using the CPP to detect use of functions that our QA policies prohibit risks invoking undefined behavior. To resolve this, we configure CodeQL to detect forbidden function usage. Note that cpp in the context of CodeQL refers to C/C++, rather than the C PreProcessor, which C++ also uses. It really should have been written cxx, but that ship sailed a long time ago. This misuse of the term cpp is retained in the CodeQL configuration for consistency with upstream CodeQL. As a side benefit, verbose make no longer is a wall of text showing a bunch of CPP macros, which can make debugging slightly easier. Reviewed-by: Brian Behlendorf <[email protected]> Signed-off-by: Richard Yao <[email protected]> Closes #15819 Closes #14134
author: Richard Yao <[email protected]> 2024-01-26 17:11:33 -0500
committer: GitHub <[email protected]> 2024-01-26 14:11:33 -0800
commit: e7af89d972ffea5c205a072b9e3ad4654b36f352 (patch)
tree: 15252b30367d4103ec63f0436d789c5aad9d78fc /.github/codeql-python.yml
parent: dac0bae561d4d044208881ef4664a3bf9e657e7b (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/.github/codeql-python.yml b/.github/codeql-python.yml
new file mode 100644
index 000000000..93cb4a435
--- /dev/null
+++ b/.github/codeql-python.yml
@@ -0,0 +1,4 @@
+name: "Custom CodeQL Analysis"
+
+paths-ignore:
+  - tests
author	Richard Yao <[email protected]>	2024-01-26 17:11:33 -0500
committer	GitHub <[email protected]>	2024-01-26 14:11:33 -0800
commit	e7af89d972ffea5c205a072b9e3ad4654b36f352 (patch)
tree	15252b30367d4103ec63f0436d789c5aad9d78fc /.github/codeql-python.yml
parent	dac0bae561d4d044208881ef4664a3bf9e657e7b (diff)