mirror/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-05-11 18:41:10 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
1b214aaed66e575daaed479594b4ce630609b221
keycloak/.github/scripts/codeql/codeql-analyze.sh
T
Bruno Oliveira da Silva f06ba05405 The CodeQL analysis is broken due to the large content of the SARIF file (#10606) 
The issue was originally caused by high number of flows paths per alert
generated by the LDAP federation module. That was identified taking the
SARIF file generated and running:

```
jq '.runs[0].results | map({query_id: .rule.id, numPaths: .codeFlows |
length})' java.sarif

```

Together we reduced the number of flows paths, adding optimizations to
skip some paths and avoid false alerts.

Co-authored-by: Bruno Oliveira da Silva <bruno@abstractj.com>

Closes #10203

Co-authored-by: Joshua Mulliken <joshua@mulliken.net>
2022-03-11 13:55:17 +01:00

41 lines
1.4 KiB
Bash
Executable File
Raw Blame History

#!/bin/sh
CODEQL_BINARY="./codeql/codeql"
# Check if the binary exists
if [ ! -f "$CODEQL_BINARY" ];
then
printf "CodeQL binary not found!"
exit 1
fi
upload_results () {
echo "Uploading $1"
$CODEQL_BINARY github upload-results --sarif="$1" --repository="$GITHUB_REPOSITORY" --ref="$GITHUB_REF"
}
# Create the database based on the specifics per language
if [ "$1" = "java" ];
then
printf "Analyzing CodeQL Java database"
$CODEQL_BINARY database analyze "$1-database" codeql/java-queries --format=sarifv2.1.0 --output="$1".sarif --download --max-paths=1 --sarif-add-query-help
< java.sarif jq 'del(.runs[].results[].codeFlows)' > processed-java.sarif
upload_results processed-java.sarif
elif [ "$1" = "javascript" ];
then
printf "Analyzing themes database"
$CODEQL_BINARY database analyze themes-database codeql/javascript-queries --format=sarifv2.1.0 --output=themes.sarif --download --max-paths=1 --sarif-add-query-help
< themes.sarif jq 'del(.runs[].results[].codeFlows)' > processed-themes.sarif
upload_results processed-themes.sarif
printf "Analyzing js-adapter database"
$CODEQL_BINARY database analyze js-adapter-database codeql/javascript-queries --format=sarifv2.1.0 --output=js-adapter.sarif --download --max-paths=1 --sarif-add-query-help
< js-adapter.sarif jq 'del(.runs[].results[].codeFlows)' > processed-js-adapter.sarif
upload_results processed-js-adapter.sarif
fi
Reference in New Issue View Git Blame Copy Permalink