Run MRVA using trivial query and default top 10 list

2024-01-23 19:42:53 -08:00
parent 88ce3e2039
commit bab68337e0
6 changed files with 81 additions and 2 deletions
--- a/FlatBuffersFunc.ql
+++ b/FlatBuffersFunc.ql
@@ -0,0 +1,13 @@
+/**
+ * @name pickfun
+ * @description pick function from FlatBuffers
+ * @kind problem
+ * @id cpp-flatbuffer-func
+ * @problem.severity warning
+ */
+
+import cpp
+
+from Function f
+where f.getName() = "MakeBinaryRegion"
+select f, "definition of MakeBinaryRegion"
--- a/README.org
+++ b/README.org
@@ -0,0 +1,36 @@
+* Using MRVA
+  This repository has several additions to illustrate a full MRVA workflow.
+** Set up controller repo
+   Following [[https://codeql.github.com/docs/codeql-for-visual-studio-code/running-codeql-queries-at-scale-with-mrva/#controller-repository][the instructions]], start with 
+   manually creating the controller repository
+   #+BEGIN_SRC sh 
+     gh repo create mirva-controller --public -d 'Controller for MRVA'
+   #+END_SRC
+   This avoids 
+   #+BEGIN_SRC text
+     An error occurred while setting up the controller repository: Controller
+     repository "hohn/mirva-controller" not found.
+   #+END_SRC
+
+   Populate the controller repository
+   #+BEGIN_SRC sh 
+     mkdir -p ~/local/mirva-controller && cd ~/local/mirva-controller 
+     echo "* mirva-controller" >> README.org
+     git init
+     git add README.org
+     git commit -m "first commit"
+     git branch -M master
+     git remote add origin git@github.com:hohn/mirva-controller.git
+     git push -u origin master
+   #+END_SRC
+   This avoids
+   #+BEGIN_SRC text
+     Variant analysis failed because the controller repository hohn/mirva-controller
+     does not have a branch 'master'. Please create a 'master' branch by clicking here
+     and re-run the variant analysis query. 
+   #+END_SRC
+
+*** Use the codeql extension to run MRVA
+    Following the [[https://codeql.github.com/docs/codeql-for-visual-studio-code/running-codeql-queries-at-scale-with-mrva/#controller-repository][instructions]] and running =./FlatBuffersFunc.ql=, the entry
+    =google/flatbuffers= has one [[https://github.com/google/flatbuffers/blob/dbce69c63b0f3cee8f6d9521479fd3b087338314/src/binary_annotator.cpp#L25C21-L25C37][result]].  Others have none.
+  
--- a/codeql-pack.lock.yml
+++ b/codeql-pack.lock.yml
@@ -0,0 +1,10 @@
+---
+lockVersion: 1.0.0
+dependencies:
+  codeql/cpp-all:
+    version: 0.5.3
+  codeql/ssa:
+    version: 0.0.11
+  codeql/tutorial:
+    version: 0.0.4
+compiled: false
--- a/gh-mrva.code-workspace
+++ b/gh-mrva.code-workspace
@@ -0,0 +1,10 @@
+{
+	"folders": [
+		{
+			"path": "."
+		}
+	],
+	"settings": {
+		"sarif-viewer.connectToGithubCodeScanning": "off"
+	}
+}
--- a/go.mod
+++ b/go.mod
@@ -2,12 +2,14 @@ module github.com/GitHubSecurityLab/gh-mrva

 go 1.19

-require github.com/cli/go-gh v1.2.1
+require (
+	github.com/cli/go-gh v1.2.1
+	github.com/spf13/cobra v1.7.0
+)

 require (
 	github.com/aymanbagabas/go-osc52 v1.2.1 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
-	github.com/spf13/cobra v1.7.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 )

@@ -28,3 +30,5 @@ require (
 	golang.org/x/term v0.5.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // direct
 )
+
+replace github.com/GitHubSecurityLab/gh-mrva => /Users/hohn/local/gh-mrva
--- a/qlpack.yml
+++ b/qlpack.yml
@@ -0,0 +1,6 @@
+library: false
+name: codeql-dataflow-ii-cpp
+version: 0.0.1
+dependencies:
+  codeql/cpp-all: 0.5.3
+