[MDBF-272] Test GitHub code scanning actions on the server repository Created: 2021-09-15  Updated: 2022-02-01

Status: Open
Project: MariaDB Foundation Development
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Major
Reporter: Anel Husakovic Assignee: Anel Husakovic
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: PNG File image-2021-09-15-09-05-26-149.png     PNG File image-2021-09-20-11-07-32-894.png     PNG File screenshot-1.png     PNG File screenshot-2.png     PNG File screenshot-3.png     PNG File screenshot-4.png     PNG File screenshot-5.png     PNG File screenshot-6.png    

 Description   

GitHub CodeQL scanning can be enabled from Security tab for each repository.
It can be configured to run on each commit/pull request or specific action.
It should be done some test in order to get the results of this GitHub feature

 Comments   
Comment by Anel Husakovic [ 2021-09-20 ]

Results:

One of examples:

Or this one:

Comment by Marko Mäkelä [ 2021-09-21 ]

The mentioned warning for row0upd.cc:666 is questionable, if it is about this code:

	for (uint16_t i = static_cast<uint16_t>(entry->n_fields);
 
	     i < index->n_fields; i++) {

What are the mentioned "narrow type" and "wide type"? The index->n_fields is a bit field of width 10. How can such warning be silenced in this tool? Note: in MDEV-21907 I went through the trouble to enable -Wconversion for InnoDB code.

Comment by Anel Husakovic [ 2021-09-22 ]

Hi marko there are couple of things, attachment here

Comment by Anel Husakovic [ 2021-09-22 ]

Interesting to see that my appveyor catched this too:

Generated at Thu Feb 08 03:36:41 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.