diff --git a/FlatBuffersFunc.ql b/FlatBuffersFunc.ql new file mode 100644 index 0000000..515e703 --- /dev/null +++ b/FlatBuffersFunc.ql @@ -0,0 +1,13 @@ +/** + * @name pickfun + * @description pick function from FlatBuffers + * @kind problem + * @id cpp-flatbuffer-func + * @problem.severity warning + */ + +import cpp + +from Function f +where f.getName() = "MakeBinaryRegion" +select f, "definition of MakeBinaryRegion" diff --git a/README.org b/README.org new file mode 100644 index 0000000..ead4eff --- /dev/null +++ b/README.org @@ -0,0 +1,36 @@ +* Using MRVA + This repository has several additions to illustrate a full MRVA workflow. +** Set up controller repo + Following [[https://codeql.github.com/docs/codeql-for-visual-studio-code/running-codeql-queries-at-scale-with-mrva/#controller-repository][the instructions]], start with + manually creating the controller repository + #+BEGIN_SRC sh + gh repo create mirva-controller --public -d 'Controller for MRVA' + #+END_SRC + This avoids + #+BEGIN_SRC text + An error occurred while setting up the controller repository: Controller + repository "hohn/mirva-controller" not found. + #+END_SRC + + Populate the controller repository + #+BEGIN_SRC sh + mkdir -p ~/local/mirva-controller && cd ~/local/mirva-controller + echo "* mirva-controller" >> README.org + git init + git add README.org + git commit -m "first commit" + git branch -M master + git remote add origin git@github.com:hohn/mirva-controller.git + git push -u origin master + #+END_SRC + This avoids + #+BEGIN_SRC text + Variant analysis failed because the controller repository hohn/mirva-controller + does not have a branch 'master'. Please create a 'master' branch by clicking here + and re-run the variant analysis query. + #+END_SRC + +*** Use the codeql extension to run MRVA + Following the [[https://codeql.github.com/docs/codeql-for-visual-studio-code/running-codeql-queries-at-scale-with-mrva/#controller-repository][instructions]] and running =./FlatBuffersFunc.ql=, the entry + =google/flatbuffers= has one [[https://github.com/google/flatbuffers/blob/dbce69c63b0f3cee8f6d9521479fd3b087338314/src/binary_annotator.cpp#L25C21-L25C37][result]]. Others have none. + diff --git a/codeql-pack.lock.yml b/codeql-pack.lock.yml new file mode 100644 index 0000000..b965694 --- /dev/null +++ b/codeql-pack.lock.yml @@ -0,0 +1,10 @@ +--- +lockVersion: 1.0.0 +dependencies: + codeql/cpp-all: + version: 0.5.3 + codeql/ssa: + version: 0.0.11 + codeql/tutorial: + version: 0.0.4 +compiled: false diff --git a/gh-mrva.code-workspace b/gh-mrva.code-workspace new file mode 100644 index 0000000..23f4f79 --- /dev/null +++ b/gh-mrva.code-workspace @@ -0,0 +1,10 @@ +{ + "folders": [ + { + "path": "." + } + ], + "settings": { + "sarif-viewer.connectToGithubCodeScanning": "off" + } +} \ No newline at end of file diff --git a/go.mod b/go.mod index 54d592c..0e26aeb 100644 --- a/go.mod +++ b/go.mod @@ -2,12 +2,14 @@ module github.com/GitHubSecurityLab/gh-mrva go 1.19 -require github.com/cli/go-gh v1.2.1 +require ( + github.com/cli/go-gh v1.2.1 + github.com/spf13/cobra v1.7.0 +) require ( github.com/aymanbagabas/go-osc52 v1.2.1 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect - github.com/spf13/cobra v1.7.0 // indirect github.com/spf13/pflag v1.0.5 // indirect ) @@ -28,3 +30,5 @@ require ( golang.org/x/term v0.5.0 // indirect gopkg.in/yaml.v3 v3.0.1 // direct ) + +replace github.com/GitHubSecurityLab/gh-mrva => /Users/hohn/local/gh-mrva diff --git a/qlpack.yml b/qlpack.yml new file mode 100644 index 0000000..55dddd3 --- /dev/null +++ b/qlpack.yml @@ -0,0 +1,6 @@ +library: false +name: codeql-dataflow-ii-cpp +version: 0.0.1 +dependencies: + codeql/cpp-all: 0.5.3 + \ No newline at end of file