From 9c083d37894ef880117573bc36aaa8676342b6d6 Mon Sep 17 00:00:00 2001
From: Brian <89487381+b4yuan@users.noreply.github.com>
Date: Tue, 6 Feb 2024 14:14:34 -0500
Subject: [PATCH] Update CodeQL WF

Include rule filtering to filter out rules with high false positive rates, uploading CodeQL results to 'Code scanning' under the Security tab on Github, uploading CodeQL results as an artifact

Signed-off-by: Brian <89487381+b4yuan@users.noreply.github.com>
---
 .github/workflows/codeql.yml | 42 +++++++++++++++++++++++++++++++-----
 1 file changed, 37 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index b66c5dc38..1adf92037 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -2,11 +2,7 @@ name: "CodeQL"
 
 on:
   push:
-    branches: [ "master", "codeql" ]
-  pull_request:
-    branches: [ "master", "codeql" ]
-  schedule:
-    - cron: "23 8 * * 5"
+    branches: [ "tseting2" ]
 
 jobs:
   analyze:
@@ -41,3 +37,39 @@ jobs:
         uses: github/codeql-action/analyze@v2
         with:
           category: "/language:cpp"
+          upload: false
+        id: step1
+
+      - name: Filter out unwanted errors and warnings
+        uses: advanced-security/filter-sarif@v1
+        with:
+          patterns: |
+            -**:cpp/path-injection
+            -**:cpp/world-writable-file-creation
+            -**:cpp/poorly-documented-function
+            -**:cpp/potentially-dangerous-function
+            -**:cpp/use-of-goto
+            -**:cpp/integer-multiplication-cast-to-long
+            -**:cpp/comparison-with-wider-type
+            -**:cpp/leap-year/*
+            -**:cpp/ambiguously-signed-bit-field
+            -**:cpp/suspicious-pointer-scaling
+            -**:cpp/suspicious-pointer-scaling-void
+            -**:cpp/unsigned-comparison-zero
+            -**/cmake*/Modules/**
+          input: ${{ steps.step1.outputs.sarif-output }}/cpp.sarif
+          output: ${{ steps.step1.outputs.sarif-output }}/cpp.sarif
+
+      - name: Upload CodeQL results to code scanning
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: ${{ steps.step1.outputs.sarif-output }}
+          category: "/language:cpp"
+
+      - name: Upload CodeQL results as an artifact
+        if: success() || failure()
+        uses: actions/upload-artifact@v3
+        with:
+          name: codeql-results
+          path: ${{ steps.step1.outputs.sarif-output }}
+          retention-days: 5