diff --git a/.github/workflows/cpp-ci-serial-programs-base.yml b/.github/workflows/cpp-ci-serial-programs-base.yml index 09d52a5ba1..d32cc41f88 100644 --- a/.github/workflows/cpp-ci-serial-programs-base.yml +++ b/.github/workflows/cpp-ci-serial-programs-base.yml @@ -140,10 +140,35 @@ jobs: ) EOF - files=$(jq -r '.[].file' SerialPrograms/bin/compile_commands.json) - echo "$files" | xargs --max-args=150 clang-query -p SerialPrograms/bin/ -f query.txt >> output.txt - cat output.txt - if grep --silent "Match #" output.txt; then - echo "::error Forbidden std::filesystem::path construction detected!" + files=$(jq --raw-output '.[].file' SerialPrograms/bin/compile_commands.json) + for file in $files; do + echo "Processing: $file" + clang-query -p SerialPrograms/bin/ -f query.txt "$file" >> clang-query-stdout.txt + done + + FOUND_FORBIDDEN=0 + if grep --quiet "Binding for 'path_error'" clang-query-stdout.txt; then + echo "std::filesystem::path created from std::string. More information https://discord.com/channels/695809740428673034/1462210406616531259/1462567541825339635" + FOUND_FORBIDDEN=1 + fi + if grep --quiet "Binding for 'view_error'" clang-query-stdout.txt; then + echo "ImageViewRGB32 created from VideoSnapshot&& that is stored. It is a dangling pointer as nothing hold the data anymore" + FOUND_FORBIDDEN=1 + fi + + if [ "$FOUND_FORBIDDEN" -eq 1 ]; then + echo "Clang query encountered a banned pattern." + echo "Check clang-query-stdout.txt below." exit 1 fi + + echo "Scan completed successfully with no violations." + + - name: Upload Clang query output + uses: actions/upload-artifact@v7 + if: inputs.run-clang-query && always() + with: + name: Clang query output (compiler=${{inputs.compiler}}) + path: | + Arduino-Source/SerialPrograms/bin/compile_commands.json + Arduino-Source/clang-query-stdout.txt \ No newline at end of file