mrva/gh-mrva
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update to run query successfully on two repositories

Browse Source
This commit is contained in:
Michael Hohn
2024-02-21 11:06:47 -08:00
committed by =Michael Hohn
parent bed2c62d1b
commit 16010d1a35
3 changed files with 31 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
FlatBuffersFunc.ql
View File

@@ -9,5 +9,7 @@
import cpp import cpp
from Function f from Function f
where f.getName() = "MakeBinaryRegion" where
f.getName() = "MakeBinaryRegion" or
f.getName() = "microprotocols_add"
select f, "definition of MakeBinaryRegion" select f, "definition of MakeBinaryRegion"

38
README.org
View File

@@ -31,8 +31,10 @@
#+END_SRC #+END_SRC
** Use the codeql extension to run MRVA ** Use the codeql extension to run MRVA
Following the [[https://codeql.github.com/docs/codeql-for-visual-studio-code/running-codeql-queries-at-scale-with-mrva/#controller-repository][instructions]] and running =./FlatBuffersFunc.ql=, the entry Following the [[https://codeql.github.com/docs/codeql-for-visual-studio-code/running-codeql-queries-at-scale-with-mrva/#controller-repository][instructions]] and running =./FlatBuffersFunc.ql=, the entries
=google/flatbuffers= has one [[https://github.com/google/flatbuffers/blob/dbce69c63b0f3cee8f6d9521479fd3b087338314/src/binary_annotator.cpp#L25C21-L25C37][result]]. Others have none. 1. google/flatbuffers
2. psycopg/psycopg2
each have one. Others have none.
** Use custom list with target repos in VS Code ** Use custom list with target repos in VS Code
The json file is here: The json file is here:
@@ -42,7 +44,7 @@
It's saved in the workspace, but not in the current git repository. It's saved in the workspace, but not in the current git repository.
Here are two snapshots for reference: Here are two snapshots for reference and copy/paste:
#+begin_src javascript #+begin_src javascript
{ {
"version": 1, "version": 1,
@@ -52,7 +54,8 @@
{ {
"name": "mirva-list", "name": "mirva-list",
"repositories": [ "repositories": [
"google/flatbuffers" "google/flatbuffers",
"psycopg/psycopg2"
] ]
} }
], ],
@@ -61,8 +64,8 @@
} }
}, },
"selected": { "selected": {
"kind": "variantAnalysisSystemDefinedList", "kind": "variantAnalysisUserDefinedList",
"listName": "top_10" "listName": "mirva-list"
} }
} }
#+end_src #+end_src
@@ -91,6 +94,10 @@
} }
#+end_src #+end_src
Select the custom list in the
=variant analysis repositories= tab, then in FlatBuffersFunc.ql, right click >
run variant analysis
** Run MRVA from command line ** Run MRVA from command line
1. Install mrva cli 1. Install mrva cli
#+BEGIN_SRC sh #+BEGIN_SRC sh
@@ -120,17 +127,17 @@
# git checkout codeql-cli/v2.15.5 # git checkout codeql-cli/v2.15.5
codeql_path: /Users/hohn/local/codeql-lib codeql_path: /Users/hohn/local/codeql-lib
controller: hohn/mirva-controller controller: hohn/mirva-controller
list_file: /Users/hohn/local/gh-mrva/databases.json list_file: /Users/hohn/local/gh-mrva/mirva-list-databases.json
eof eof
#+END_SRC #+END_SRC
3. Submit the mrva job 3. Submit the mrva job
#+BEGIN_SRC sh #+BEGIN_SRC sh
gh mrva submit --help ./gh-mrva submit --help
gh mrva submit --language cpp --session mirva-session-4 \ ./gh-mrva submit --language cpp --session mirva-session-70 \
--list mirva-list \ --list mirva-list \
--query /Users/hohn/local/gh-mrva/FlatBuffersFunc.ql --query /Users/hohn/local/gh-mrva/FlatBuffersFunc.ql
#+END_SRC #+END_SRC
@@ -139,19 +146,18 @@
cd ~/local/gh-mrva cd ~/local/gh-mrva
# Check the status # Check the status
gh mrva status --session mirva-session-1 ./gh-mrva status --session mirva-session-70
# Download the sarif files when finished # Download the sarif files when finished
gh mrva download --session mirva-session-1 \ ./gh-mrva download --session mirva-session-70 \
--output-dir mirva-session-1-sarif --output-dir mirva-session-70
# Or download the sarif files and CodeQL dbs when finished # Or download the sarif files and CodeQL dbs when finished
gh mrva download --session mirva-session-1 \ ./gh-mrva download --session mirva-session-70 \
--download-dbs \ --download-dbs \
--output-dir mirva-session-1-sarif --output-dir mirva-session-70
#+END_SRC #+END_SRC
* Miscellaneous Notes * Miscellaneous Notes
** Action logs on Controller Repository ** Action logs on Controller Repository
The action logs are on the controller repository at The action logs are on the controller repository at

6
mirva-list-databases.json Normal file
View File

@@ -0,0 +1,6 @@
{
"mirva-list": [
"google/flatbuffers",
"psycopg/psycopg2"
]
}