CodeQL is a static analysis tool, it primarily checks some coding style guidelines that it considers good practice to be conformed to, unless we explicitly configured it to do something else. We do not care what other people consider to be good style though, we have our own coding style guide lines codified in the
style(9) man page. What comes on top of that is that alot of code that is part of FreeBSD is not required to abide to our style, because FreeBSD contains a lot of code that originates from external sources and is also developed and maintained by third parties, such as the LLVM project. We could modify their code to fit our style, but that would make it difficult to make quality bug reports to the upstream developers, as even if we know very well which branches are taken to cause misbehaviour, renaming their symbols, reindenting their code, adding/removing lines and other whitespace commit games will complicate communications with the upstream developers and make merging upstream commits more difficult, too, while not really providing us with any advantage either, so we try avoiding unneccessary modifications of third party code, even if that means that it does not conform to our coding style.
So, even in the event we have configured CodeQL to check our style, the whole contrib stuff will have to be considered false positive.
