1--- 2# vi: ts=2 sw=2 et: 3# SPDX-License-Identifier: LGPL-2.1-or-later 4 5# Explicitly enable certain checks which are hidden by default 6queries: 7 - include: cpp/bad-strncpy-size 8 - include: cpp/declaration-hides-variable 9 - include: cpp/inconsistent-null-check 10 - include: cpp/mistyped-function-arguments 11 - include: cpp/nested-loops-with-same-variable 12 - include: cpp/sizeof-side-effect 13 - include: cpp/suspicious-pointer-scaling 14 - include: cpp/suspicious-pointer-scaling-void 15 - include: cpp/suspicious-sizeof 16 - include: cpp/unsafe-strcat 17 - include: cpp/unsafe-strncat 18 - include: cpp/unsigned-difference-expression-compared-zero 19 - include: cpp/unused-local-variable 20 - include: 21 tags: 22 - "security" 23 - "correctness" 24 severity: "error" 25 26extraction: 27 cpp: 28 prepare: 29 packages: 30 - libpwquality-dev 31 - libfdisk-dev 32 - libp11-kit-dev 33 - libssl-dev 34 - python3-jinja2 35 after_prepare: 36 - pip3 install -r .github/workflows/requirements.txt --require-hashes 37 - export PATH="/opt/work/.local/bin:$PATH" 38 python: 39 python_setup: 40 version: 3 41