mrva/gh-mrva
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Additions for end-to-end walkthrough

Browse Source
This commit is contained in:
Michael Hohn
2024-08-13 12:51:22 -07:00
committed by =Michael Hohn
parent 3aea9f8625
commit c9dbba5014
3 changed files with 55 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
Fprintf.ql Normal file
View File

@@ -0,0 +1,14 @@
/**
* @name findPrintf
* @description find calls to plain fprintf
* @kind problem
* @id cpp-fprintf-call
* @problem.severity warning
*/
import cpp
from FunctionCall fc
where
fc.getTarget().getName() = "fprintf"
select fc, "call of fprintf"

46
README.org
View File

@@ -127,7 +127,7 @@
# git checkout codeql-cli/v2.15.5
codeql_path: /Users/hohn/local/codeql-lib
controller: hohn/mirva-controller
list_file: /Users/hohn/local/gh-mrva/mirva-list-databases.json
list_file: /Users/hohn/work-gh/mrva/gh-mrva/mirva-list-databases.json
eof
#+END_SRC
@@ -189,62 +189,68 @@
https://github.com/github/codeql-variant-analysis-action/blob/main/variant-analysis-workflow.yml
** Compacted Edit-Run-Debug Cycle
With a full [[*Using MRVA][Using MRVA]] cycle done, only these steps are needed in a
edit-run-debug cycle.
edit-run-debug cycle. Note that paths must be updated for your system.
#+BEGIN_SRC sh
cd ~/local/gh-mrva
# Build the client
cd ~/work-gh/mrva/gh-mrva
# Build it
go clean
go build . # go build -gcflags="all=-N -l" .
./gh-mrva -h
# In log-submit-the-mrva-job.log after edit
SN=106
./gh-mrva submit --language cpp --session mirva-session-$SN \
--list mirva-list \
--query /Users/hohn/local/gh-mrva/FlatBuffersFunc.ql >& log-submit-$SN.log &
sleep 1 && em log-submit-$SN.log
# Set up the configuration -- check your paths
cat > ~/.config/gh-mrva/config.yml <<eof
# The following options are supported
# codeql_path: Path to CodeQL distribution (checkout of codeql repo)
# controller: NWO of the MRVA controller to use
# list_file: Path to the JSON file containing the target repos
# git checkout codeql-cli/v2.15.5
codeql_path: /Users/hohn/local/codeql-lib
controller: hohn/mirva-controller
list_file: /Users/hohn/work-gh/mrva/gh-mrva/mirva-list-databases.json
eof
# Define utility functions
submit (){
SN=$1
cd ~/local/gh-mrva
cd ~/work-gh/mrva/gh-mrva
./gh-mrva submit --language cpp --session mirva-session-$SN \
--list mirva-list \
--query /Users/hohn/local/gh-mrva/FlatBuffersFunc.ql >& log-submit-$SN.log &
# sleep 1 && em log-submit-$SN.log
--query /Users/hohn/work-gh/mrva/gh-mrva/FlatBuffersFunc.ql >& log-submit-$SN.log &
sleep 1 && em log-submit-$SN.log
}
# submit 173
# Check the status
sessstatus (){
SN=$1
cd ~/local/gh-mrva
cd ~/work-gh/mrva/gh-mrva
./gh-mrva status --session mirva-session-$SN >& log-$SN-status.log &
sleep 1 && em log-$SN-status.log
}
# sessstatus 191
# Download the sarif files and CodeQL dbs when finished
dl (){
SN=$1
cd ~/local/gh-mrva
cd ~/work-gh/mrva/gh-mrva
./gh-mrva download --session mirva-session-$SN \
--download-dbs \
--output-dir mirva-session-$SN-sarif \
>& log-download-$SN.log &
sleep 1 && em log-download-$SN.log
}
# Just download sarif / bqrs zip file
dl (){
SN=$1
cd ~/local/gh-mrva
cd ~/work-gh/mrva/gh-mrva
./gh-mrva download --session mirva-session-$SN \
--output-dir mirva-session-$SN-sarif \
>& log-download-$SN.log &
sleep 1 && em log-download-$SN.log
}
# dl 191
submit 211
sessstatus 211

15
gh-mrva-selection.json Normal file
View File

@@ -0,0 +1,15 @@
{
"mirva-list": [
"xoreaxeaxeax/movfuscatorctsj8f7e5b",
"microsoft/node-native-keymapctsj4cc9a2",
"BoomingTech/Piccoloctsj6d7177",
"USCiLab/cerealctsj264953",
"KhronosGroup/OpenXR-SDKctsj984ee6",
"tdlib/telegram-bot-apictsj8529d9",
"WinMerge/winmergectsj101305",
"timescale/timescaledbctsjf617cf",
"pocoproject/pococtsj26b932",
"quickfix/quickfixctsjebfd13",
"libfuse/libfusectsj7a66a4"
]
}