Skip to content

Add codeql config to mass suppress certain not-applicable rules #14240

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
GrabYourPitchforks wants to merge 1 commit into
base: main
Choose a base branch
from
+19 −0
Draft

Add codeql config to mass suppress certain not-applicable rules #14240

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 19 additions & 0 deletions .CodeQL.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
# This file configures CodeQL runs and TSA bug autofiling. For more information, see:
# https://eng.ms/docs/coreai/devdiv/one-engineering-system-1es/1es-docs/codeql/troubleshooting/bugs/generated-library-code
# (Access restricted to Microsoft employees only.)

queries:
#
# REPO-WIDE RULE EXCLUSIONS
#
- exclude:
queryId:
# [Serializable] doesn't imply that a type is *safe* to [de]serialize; only that it is
# *possible* to do so. The rules below incorrectly assume we're trying to make a safety
# guarantee.
- "cs/dangerous-deserialization-routine"
- "cs/deserialization-of-pointer-type"
# We already have CodeQL + Roslyn rules running to detect usage of dangerous deserialization
# APIs. Those call sites are well-reviewed and don't benefit from extra alerts regarding
# the possibility of loading malicious code.
- "cs/deserialization-unexpected-subtypes"