mrva/gh-mrva
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Run MRVA using trivial query and default top 10 list

Browse Source
This commit is contained in:
Michael Hohn
2024-01-23 19:42:53 -08:00
committed by =Michael Hohn
parent 88ce3e2039
commit bab68337e0
6 changed files with 81 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
FlatBuffersFunc.ql Normal file
View File

@@ -0,0 +1,13 @@
/**
* @name pickfun
* @description pick function from FlatBuffers
* @kind problem
* @id cpp-flatbuffer-func
* @problem.severity warning
*/
import cpp
from Function f
where f.getName() = "MakeBinaryRegion"
select f, "definition of MakeBinaryRegion"

36
README.org Normal file
View File

@@ -0,0 +1,36 @@
* Using MRVA
This repository has several additions to illustrate a full MRVA workflow.
** Set up controller repo
Following [[https://codeql.github.com/docs/codeql-for-visual-studio-code/running-codeql-queries-at-scale-with-mrva/#controller-repository][the instructions]], start with
manually creating the controller repository
#+BEGIN_SRC sh
gh repo create mirva-controller --public -d 'Controller for MRVA'
#+END_SRC
This avoids
#+BEGIN_SRC text
An error occurred while setting up the controller repository: Controller
repository "hohn/mirva-controller" not found.
#+END_SRC
Populate the controller repository
#+BEGIN_SRC sh
mkdir -p ~/local/mirva-controller && cd ~/local/mirva-controller
echo "* mirva-controller" >> README.org
git init
git add README.org
git commit -m "first commit"
git branch -M master
git remote add origin git@github.com:hohn/mirva-controller.git
git push -u origin master
#+END_SRC
This avoids
#+BEGIN_SRC text
Variant analysis failed because the controller repository hohn/mirva-controller
does not have a branch 'master'. Please create a 'master' branch by clicking here
and re-run the variant analysis query.
#+END_SRC
*** Use the codeql extension to run MRVA
Following the [[https://codeql.github.com/docs/codeql-for-visual-studio-code/running-codeql-queries-at-scale-with-mrva/#controller-repository][instructions]] and running =./FlatBuffersFunc.ql=, the entry
=google/flatbuffers= has one [[https://github.com/google/flatbuffers/blob/dbce69c63b0f3cee8f6d9521479fd3b087338314/src/binary_annotator.cpp#L25C21-L25C37][result]]. Others have none.

10
codeql-pack.lock.yml Normal file
View File

@@ -0,0 +1,10 @@
---
lockVersion: 1.0.0
dependencies:
codeql/cpp-all:
version: 0.5.3
codeql/ssa:
version: 0.0.11
codeql/tutorial:
version: 0.0.4
compiled: false

10
gh-mrva.code-workspace Normal file
View File

@@ -0,0 +1,10 @@
{
"folders": [
{
"path": "."
}
],
"settings": {
"sarif-viewer.connectToGithubCodeScanning": "off"
}
}

8
go.mod
View File

@@ -2,12 +2,14 @@ module github.com/GitHubSecurityLab/gh-mrva
go 1.19 go 1.19
require github.com/cli/go-gh v1.2.1 require (
github.com/cli/go-gh v1.2.1
github.com/spf13/cobra v1.7.0
)
require ( require (
github.com/aymanbagabas/go-osc52 v1.2.1 // indirect github.com/aymanbagabas/go-osc52 v1.2.1 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/spf13/cobra v1.7.0 // indirect
github.com/spf13/pflag v1.0.5 // indirect github.com/spf13/pflag v1.0.5 // indirect
) )
@@ -28,3 +30,5 @@ require (
golang.org/x/term v0.5.0 // indirect golang.org/x/term v0.5.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // direct gopkg.in/yaml.v3 v3.0.1 // direct
) )
replace github.com/GitHubSecurityLab/gh-mrva => /Users/hohn/local/gh-mrva

6
qlpack.yml Normal file
View File

@@ -0,0 +1,6 @@
library: false
name: codeql-dataflow-ii-cpp
version: 0.0.1
dependencies:
codeql/cpp-all: 0.5.3