From c9dbba5014689c0378d38118badcc0750d3202d5 Mon Sep 17 00:00:00 2001 From: Michael Hohn Date: Tue, 13 Aug 2024 12:51:22 -0700 Subject: [PATCH] Additions for end-to-end walkthrough --- Fprintf.ql | 14 +++++++++++++ README.org | 46 ++++++++++++++++++++++++------------------ gh-mrva-selection.json | 15 ++++++++++++++ 3 files changed, 55 insertions(+), 20 deletions(-) create mode 100644 Fprintf.ql create mode 100644 gh-mrva-selection.json diff --git a/Fprintf.ql b/Fprintf.ql new file mode 100644 index 0000000..57e3094 --- /dev/null +++ b/Fprintf.ql @@ -0,0 +1,14 @@ +/** + * @name findPrintf + * @description find calls to plain fprintf + * @kind problem + * @id cpp-fprintf-call + * @problem.severity warning + */ + +import cpp + +from FunctionCall fc +where + fc.getTarget().getName() = "fprintf" +select fc, "call of fprintf" diff --git a/README.org b/README.org index a577399..4d8d66e 100644 --- a/README.org +++ b/README.org @@ -127,7 +127,7 @@ # git checkout codeql-cli/v2.15.5 codeql_path: /Users/hohn/local/codeql-lib controller: hohn/mirva-controller - list_file: /Users/hohn/local/gh-mrva/mirva-list-databases.json + list_file: /Users/hohn/work-gh/mrva/gh-mrva/mirva-list-databases.json eof #+END_SRC @@ -189,62 +189,68 @@ https://github.com/github/codeql-variant-analysis-action/blob/main/variant-analysis-workflow.yml ** Compacted Edit-Run-Debug Cycle With a full [[*Using MRVA][Using MRVA]] cycle done, only these steps are needed in a - edit-run-debug cycle. + edit-run-debug cycle. Note that paths must be updated for your system. #+BEGIN_SRC sh - cd ~/local/gh-mrva + # Build the client + cd ~/work-gh/mrva/gh-mrva - # Build it go clean go build . # go build -gcflags="all=-N -l" . ./gh-mrva -h - # In log-submit-the-mrva-job.log after edit - SN=106 - ./gh-mrva submit --language cpp --session mirva-session-$SN \ - --list mirva-list \ - --query /Users/hohn/local/gh-mrva/FlatBuffersFunc.ql >& log-submit-$SN.log & - sleep 1 && em log-submit-$SN.log + # Set up the configuration -- check your paths + cat > ~/.config/gh-mrva/config.yml <& log-submit-$SN.log & - # sleep 1 && em log-submit-$SN.log + --query /Users/hohn/work-gh/mrva/gh-mrva/FlatBuffersFunc.ql >& log-submit-$SN.log & + sleep 1 && em log-submit-$SN.log } - # submit 173 - # Check the status sessstatus (){ SN=$1 - cd ~/local/gh-mrva + cd ~/work-gh/mrva/gh-mrva ./gh-mrva status --session mirva-session-$SN >& log-$SN-status.log & sleep 1 && em log-$SN-status.log } - # sessstatus 191 # Download the sarif files and CodeQL dbs when finished dl (){ SN=$1 - cd ~/local/gh-mrva + cd ~/work-gh/mrva/gh-mrva ./gh-mrva download --session mirva-session-$SN \ --download-dbs \ --output-dir mirva-session-$SN-sarif \ >& log-download-$SN.log & sleep 1 && em log-download-$SN.log } + # Just download sarif / bqrs zip file dl (){ SN=$1 - cd ~/local/gh-mrva + cd ~/work-gh/mrva/gh-mrva ./gh-mrva download --session mirva-session-$SN \ --output-dir mirva-session-$SN-sarif \ >& log-download-$SN.log & sleep 1 && em log-download-$SN.log } - # dl 191 + submit 211 sessstatus 211 diff --git a/gh-mrva-selection.json b/gh-mrva-selection.json new file mode 100644 index 0000000..cfe68c6 --- /dev/null +++ b/gh-mrva-selection.json @@ -0,0 +1,15 @@ +{ + "mirva-list": [ + "xoreaxeaxeax/movfuscatorctsj8f7e5b", + "microsoft/node-native-keymapctsj4cc9a2", + "BoomingTech/Piccoloctsj6d7177", + "USCiLab/cerealctsj264953", + "KhronosGroup/OpenXR-SDKctsj984ee6", + "tdlib/telegram-bot-apictsj8529d9", + "WinMerge/winmergectsj101305", + "timescale/timescaledbctsjf617cf", + "pocoproject/pococtsj26b932", + "quickfix/quickfixctsjebfd13", + "libfuse/libfusectsj7a66a4" + ] +} \ No newline at end of file