mrva/gh-mrva
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: mrva:main
Branches Tags
mrva:master mrva:main
mrva:v0.4.5
..
compare: mrva:master
Branches Tags
mrva:master mrva:main
mrva:v0.4.5

10 Commits
main ... master

Author SHA1 Message Date
Michael Hohn
56e68f5eed fix test configuration
Some checks failed
release / release (push) Has been cancelled
Details
2025-08-19 11:23:48 -07:00
Michael Hohn
28f94e4690 Get MRVA_SERVER_URL from environment 2025-07-28 19:58:39 -07:00
Michael Hohn
ff10400706 debugged sudden failure to download sarif results. Cause: gh.HTTPClient(nil) 
Switch
client, err := gh.HTTPClient(nil)
to
client := &http.Client{}
and everything works again
 2025-05-19 13:50:41 -07:00
Michael Hohn
68dba0ce37 Add go version info for vs code 2025-05-19 13:45:54 -07:00
Michael Hohn
12a0e3ef4f minor 2025-02-05 10:00:57 -08:00
Michael Hohn
5e9187312a local list update 2025-01-30 14:52:56 -08:00
Michael Hohn
e5016b2c9b Use the slog package and provide command-line argument to control log level 2024-08-19 16:02:17 -07:00
Michael Hohn
c9dbba5014 Additions for end-to-end walkthrough 2024-08-13 12:51:22 -07:00
Michael Hohn
3aea9f8625 minor change 2024-08-13 12:20:27 -07:00
Michael Hohn
ab30b03752 path changes 2024-06-04 10:40:48 -07:00
12 changed files with 217 additions and 301 deletions
Expand all files Collapse all files

1
.tool-versions Normal file
View File

@@ -0,0 +1 @@
golang 1.22.3

2
samples/FlatBuffersFunc.ql → FlatBuffersFunc.ql
View File

@@ -1,6 +1,6 @@
/** /**
* @name pickfun * @name pickfun
* @description pick function from FlatBuffers * @description Pick function from FlatBuffers
* @kind problem * @kind problem
* @id cpp-flatbuffer-func * @id cpp-flatbuffer-func
* @problem.severity warning * @problem.severity warning

14
Fprintf.ql Normal file
View File

@@ -0,0 +1,14 @@
/**
* @name findPrintf
* @description Find calls to plain fprintf
* @kind problem
* @id cpp-fprintf-call
* @problem.severity warning
*/
import cpp
from FunctionCall fc
where
fc.getTarget().getName() = "fprintf"
select fc, "call of fprintf"

62
README.org
View File

@@ -104,6 +104,7 @@
cd ~/local/gh-mrva cd ~/local/gh-mrva
# Build it # Build it
go mod edit -replace="github.com/GitHubSecurityLab/gh-mrva=/Users/hohn/local/gh-mrva" go mod edit -replace="github.com/GitHubSecurityLab/gh-mrva=/Users/hohn/local/gh-mrva"
go build . go build .
# Install # Install
@@ -127,17 +128,17 @@
# git checkout codeql-cli/v2.15.5 # git checkout codeql-cli/v2.15.5
codeql_path: /Users/hohn/local/codeql-lib codeql_path: /Users/hohn/local/codeql-lib
controller: hohn/mirva-controller controller: hohn/mirva-controller
list_file: /Users/hohn/local/gh-mrva/mirva-list-databases.json list_file: /Users/hohn/work-gh/mrva/gh-mrva/mirva-list-databases.json
eof eof
#+END_SRC #+END_SRC
3. Submit the mrva job 3. Submit the mrva job
#+BEGIN_SRC sh #+BEGIN_SRC sh
cd ~/local/gh-mrva cd ~/work-gh/mrva/gh-mrva/
./gh-mrva submit --language cpp --session mirva-session-73 \ ./gh-mrva submit --language cpp --session mirva-session-200 \
--list mirva-list \ --list mirva-list \
--query /Users/hohn/local/gh-mrva/FlatBuffersFunc.ql --query ~/work-gh/mrva/gh-mrva/FlatBuffersFunc.ql
#+END_SRC #+END_SRC
4. Check the status and download the sarif files 4. Check the status and download the sarif files
@@ -157,6 +158,7 @@
--output-dir mirva-session-73 --output-dir mirva-session-73
#+END_SRC #+END_SRC
** curl checks for mrva server
* Miscellaneous Notes * Miscellaneous Notes
** Action logs on Controller Repository ** Action logs on Controller Repository
The action logs are on the controller repository at The action logs are on the controller repository at
@@ -189,62 +191,68 @@
https://github.com/github/codeql-variant-analysis-action/blob/main/variant-analysis-workflow.yml https://github.com/github/codeql-variant-analysis-action/blob/main/variant-analysis-workflow.yml
** Compacted Edit-Run-Debug Cycle ** Compacted Edit-Run-Debug Cycle
With a full [[*Using MRVA][Using MRVA]] cycle done, only these steps are needed in a With a full [[*Using MRVA][Using MRVA]] cycle done, only these steps are needed in a
edit-run-debug cycle. edit-run-debug cycle. Note that paths must be updated for your system.
#+BEGIN_SRC sh #+BEGIN_SRC sh
cd ~/local/gh-mrva # Build the client
cd ~/work-gh/mrva/gh-mrva
# Build it
go clean go clean
go build . # go build -gcflags="all=-N -l" . go build . # go build -gcflags="all=-N -l" .
./gh-mrva -h ./gh-mrva -h
# In log-submit-the-mrva-job.log after edit # Set up the configuration -- check your paths
SN=106 cat > ~/.config/gh-mrva/config.yml <<eof
./gh-mrva submit --language cpp --session mirva-session-$SN \ # The following options are supported
--list mirva-list \ # codeql_path: Path to CodeQL distribution (checkout of codeql repo)
--query /Users/hohn/local/gh-mrva/FlatBuffersFunc.ql >& log-submit-$SN.log & # controller: NWO of the MRVA controller to use
sleep 1 && em log-submit-$SN.log # list_file: Path to the JSON file containing the target repos
# git checkout codeql-cli/v2.15.5
codeql_path: /Users/hohn/local/codeql-lib
controller: hohn/mirva-controller
list_file: /Users/hohn/work-gh/mrva/gh-mrva/mirva-list-databases.json
eof
# Define utility functions
submit (){ submit (){
SN=$1 SN=$1
cd ~/local/gh-mrva cd ~/work-gh/mrva/gh-mrva
./gh-mrva submit --language cpp --session mirva-session-$SN \ ./gh-mrva submit --language cpp --session mirva-session-$SN \
--list mirva-list \ --list mirva-list \
--query /Users/hohn/local/gh-mrva/FlatBuffersFunc.ql >& log-submit-$SN.log & --query /Users/hohn/work-gh/mrva/gh-mrva/FlatBuffersFunc.ql >& log-submit-$SN.log &
# sleep 1 && em log-submit-$SN.log sleep 1 && em log-submit-$SN.log
} }
# submit 173
# Check the status
sessstatus (){ sessstatus (){
SN=$1 SN=$1
cd ~/local/gh-mrva cd ~/work-gh/mrva/gh-mrva
./gh-mrva status --session mirva-session-$SN >& log-$SN-status.log & ./gh-mrva status --session mirva-session-$SN >& log-$SN-status.log &
sleep 1 && em log-$SN-status.log sleep 1 && em log-$SN-status.log
} }
# sessstatus 191
# Download the sarif files and CodeQL dbs when finished # Download the sarif files and CodeQL dbs when finished
dl (){ dl (){
SN=$1 SN=$1
cd ~/local/gh-mrva cd ~/work-gh/mrva/gh-mrva
./gh-mrva download --session mirva-session-$SN \ ./gh-mrva download --session mirva-session-$SN \
--download-dbs \ --download-dbs \
--output-dir mirva-session-$SN-sarif \ --output-dir mirva-session-$SN-sarif \
>& log-download-$SN.log & >& log-download-$SN.log &
sleep 1 && em log-download-$SN.log sleep 1 && em log-download-$SN.log
} }
# Just download sarif / bqrs zip file # Just download sarif / bqrs zip file
dl (){ dl (){
SN=$1 SN=$1
cd ~/local/gh-mrva cd ~/work-gh/mrva/gh-mrva
./gh-mrva download --session mirva-session-$SN \ ./gh-mrva download --session mirva-session-$SN \
--output-dir mirva-session-$SN-sarif \ --output-dir mirva-session-$SN-sarif \
>& log-download-$SN.log & >& log-download-$SN.log &
sleep 1 && em log-download-$SN.log sleep 1 && em log-download-$SN.log
} }
# dl 191
submit 211 submit 211
sessstatus 211 sessstatus 211
@@ -264,10 +272,16 @@
# Type 'help' for list of commands. # Type 'help' for list of commands.
# (dlv) c # (dlv) c
# dlv debug builds, so the above build may be redundant
dlv debug -- download --session mirva-session-$SN \ dlv debug -- download --session mirva-session-$SN \
--download-dbs \ --download-dbs \
--output-dir mirva-session-$SN-sarif \ --output-dir mirva-session-$SN-sarif
# dlv may say 'no sources', but this works anyay
b main.main
l
# This inline use of dlv may fail; attaching to a process is more reliable
#+END_SRC #+END_SRC
** VS Code Debugger Configuration ** VS Code Debugger Configuration
*** launch.json for download *** launch.json for download

232
USING.md
View File

@@ -1,232 +0,0 @@
- [Using MRVA](#org1f1a57e)
- [Set up controller repo](#org72c4bcf)
- [Use the codeql extension to run MRVA](#org5edd48e)
- [Use custom list with target repos in VS Code](#org93ceb2d)
- [Run MRVA from command line](#org18c5e86)
- [Miscellaneous Notes](#org1d0d4b5)
- [Action logs on Controller Repository](#orge8b438e)
<a id="org1f1a57e"></a>
# Using MRVA
Following are notes to illustrate a full MRVA workflow.
<a id="org72c4bcf"></a>
## Set up controller repo
Following [the instructions](https://codeql.github.com/docs/codeql-for-visual-studio-code/running-codeql-queries-at-scale-with-mrva/#controller-repository), start with manually creating the controller repository
```sh
gh repo create mirva-controller --public -d 'Controller for MRVA'
```
This avoids
```text
An error occurred while setting up the controller repository: Controller
repository "hohn/mirva-controller" not found.
```
Populate the controller repository
```sh
mkdir -p ~/local/mirva-controller && cd ~/local/mirva-controller
echo "* mirva-controller" >> README.org
git init
git add README.org
git commit -m "first commit"
git branch -M master
git remote add origin git@github.com:hohn/mirva-controller.git
git push -u origin master
```
This avoids
```text
Variant analysis failed because the controller repository hohn/mirva-controller
does not have a branch 'master'. Please create a 'master' branch by clicking here
and re-run the variant analysis query.
```
<a id="org5edd48e"></a>
## Use the codeql extension to run MRVA
Following the [instructions](https://codeql.github.com/docs/codeql-for-visual-studio-code/running-codeql-queries-at-scale-with-mrva/#controller-repository) and running `./FlatBuffersFunc.ql`, the entry `google/flatbuffers` has one [result](https://github.com/google/flatbuffers/blob/dbce69c63b0f3cee8f6d9521479fd3b087338314/src/binary_annotator.cpp#L25C21-L25C37). Others have none.
<a id="org93ceb2d"></a>
## Use custom list with target repos in VS Code
The json file is in your VS Code workspace. In my case, here:
/Users/hohn/Library/Application Support/Code/User/workspaceStorage/bced2e4aa1a5f78ca07cf9e09151b1af/GitHub.vscode-codeql/databases.json
It can be edited in VS Code using the `{}` button.
It's saved in the workspace, but not in the current git repository.
Here are two snapshots for reference:
```javascript
{
"version": 1,
"databases": {
"variantAnalysis": {
"repositoryLists": [
{
"name": "mirva-list",
"repositories": [
"google/flatbuffers"
]
}
],
"owners": [],
"repositories": []
}
},
"selected": {
"kind": "variantAnalysisSystemDefinedList",
"listName": "top_10"
}
}
```
or
```javascript
{
"version": 1,
"databases": {
"variantAnalysis": {
"repositoryLists": [
{
"name": "mirva-list",
"repositories": [
"google/flatbuffers"
]
}
],
"owners": [],
"repositories": []
}
},
"selected": {
"kind": "variantAnalysisUserDefinedList",
"listName": "mirva-list"
}
}
```
<a id="org18c5e86"></a>
## Run MRVA from command line
1. Install mrva cli
```sh
cd ~/local/gh-mrva
# Build it
go mod edit -replace="github.com/GitHubSecurityLab/gh-mrva=/Users/hohn/local/gh-mrva"
go build
# Install
gh extension install .
# Sanity check
gh mrva -h
```
2. Set up the configuration
```sh
cd ~/local/gh-mrva
cat > ~/.config/gh-mrva/config.yml <<eof
# The following options are supported
# codeql_path: Path to CodeQL distribution (checkout of codeql repo)
# controller: NWO of the MRVA controller to use
# list_file: Path to the JSON file containing the target repos
# git checkout codeql-cli/v2.15.5
codeql_path: /Users/hohn/local/codeql-lib
controller: hohn/mirva-controller
list_file: /Users/hohn/local/gh-mrva/databases.json
eof
```
3. Submit the mrva job
```sh
gh mrva submit --help
gh mrva submit --language cpp --session mirva-session-1 \
--list mirva-list \
--query /Users/hohn/local/gh-mrva/FlatBuffersFunc.ql
```
4. Check the status and download the sarif files
```sh
cd ~/local/gh-mrva
# Check the status
gh mrva status --session mirva-session-1
# Download the sarif files when finished
gh mrva download --session mirva-session-1 \
--output-dir mirva-session-1-sarif
# Or download the sarif files and CodeQL dbs when finished
gh mrva download --session mirva-session-1 \
--download-dbs \
--output-dir mirva-session-1-sarif
```
<a id="org1d0d4b5"></a>
# Miscellaneous Notes
<a id="orge8b438e"></a>
## Action logs on Controller Repository
The action logs are on the controller repository at <https://github.com/hohn/mirva-controller/actions>.
The `action>google flatbuffers` log references
github/codeql-variant-analysis-action
```yaml
Run actions/checkout@v4
with:
repository: github/codeql-variant-analysis-action
ref: main
token: ***
ssh-strict: true
persist-credentials: true
clean: true
sparse-checkout-cone-mode: true
fetch-depth: 1
fetch-tags: false
show-progress: true
lfs: false
submodules: false
set-safe-directory: true
env:
CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT: true
```
This is <https://github.com/github/codeql-variant-analysis-action>
The workflow producing the logs: <https://github.com/github/codeql-variant-analysis-action/blob/main/variant-analysis-workflow.yml>

0
samples/codeql-pack.lock.yml → codeql-pack.lock.yml
View File

0
samples/databases.json → databases.json
View File

9
gh-mrva-selection.json Normal file
View File

@@ -0,0 +1,9 @@
{
"mirva-list": [
"Serial-Studio/Serial-Studio",
"UEFITool/UEFITool",
"aircrack-ng/aircrack-ng",
"bulk-builder/bulk-builder",
"tesseract/tesseract"
]
}

3
go.mod
View File

@@ -5,13 +5,13 @@ go 1.19
require ( require (
github.com/cli/go-gh v1.2.1 github.com/cli/go-gh v1.2.1
github.com/motemen/go-loghttp v0.0.0-20231107055348-29ae44b293f4 github.com/motemen/go-loghttp v0.0.0-20231107055348-29ae44b293f4
github.com/motemen/go-nuts v0.0.0-20220604134737-2658d0104f31
github.com/spf13/cobra v1.7.0 github.com/spf13/cobra v1.7.0
) )
require ( require (
github.com/aymanbagabas/go-osc52 v1.2.1 // indirect github.com/aymanbagabas/go-osc52 v1.2.1 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/motemen/go-nuts v0.0.0-20220604134737-2658d0104f31 // indirect
github.com/spf13/pflag v1.0.5 // indirect github.com/spf13/pflag v1.0.5 // indirect
) )
@@ -33,3 +33,4 @@ require (
gopkg.in/yaml.v3 v3.0.1 // direct gopkg.in/yaml.v3 v3.0.1 // direct
) )
replace github.com/GitHubSecurityLab/gh-mrva => /Users/hohn/work-gh/mrva/gh-mrva

92
main.go
View File

@@ -28,9 +28,12 @@ import (
"compress/gzip" "compress/gzip"
"encoding/base64" "encoding/base64"
"encoding/json" "encoding/json"
"flag"
"io" "io"
"log" "log"
"log/slog"
"net/http" "net/http"
"os"
"time" "time"
"github.com/GitHubSecurityLab/gh-mrva/cmd" "github.com/GitHubSecurityLab/gh-mrva/cmd"
@@ -40,6 +43,44 @@ import (
) )
func main() { func main() {
helpFlag := flag.Bool("help", false, "Display help message")
logLevel := flag.String("loglevel", "info", "Set log level: debug, info, warn, error")
// Custom usage function for the help flag
flag.Usage = func() {
log.Printf("Usage of %s:\n", os.Args[0])
flag.PrintDefaults()
log.Println("\nExamples:")
log.Println("go run main.go -loglevel=debug ")
}
// Parse the flags
flag.Parse()
// Handle the help flag
if *helpFlag {
flag.Usage()
return
}
// Apply 'loglevel' flag
switch *logLevel {
case "debug":
slog.SetLogLoggerLevel(slog.LevelDebug)
case "info":
slog.SetLogLoggerLevel(slog.LevelInfo)
case "warn":
slog.SetLogLoggerLevel(slog.LevelWarn)
case "error":
slog.SetLogLoggerLevel(slog.LevelError)
default:
log.Printf("Invalid logging verbosity level: %s", *logLevel)
os.Exit(1)
}
log.Printf("logging verbosity level: %s", *logLevel)
var transport = &loghttp.Transport{ var transport = &loghttp.Transport{
Transport: http.DefaultTransport, Transport: http.DefaultTransport,
LogRequest: LogRequestDump, LogRequest: LogRequestDump,
@@ -78,7 +119,7 @@ func IsBase64Gzip(val []byte) bool {
} }
func LogRequestDump(req *http.Request) { func LogRequestDump(req *http.Request) {
log.Printf(">> %s %s", req.Method, req.URL) slog.Debug(">> %s %s", req.Method, req.URL)
req.Body = LogBody(req.Body, "request") req.Body = LogBody(req.Body, "request")
} }
@@ -129,7 +170,7 @@ func LogBody(body io.ReadCloser, from string) io.ReadCloser {
buf, err := io.ReadAll(body) buf, err := io.ReadAll(body)
if err != nil { if err != nil {
var w http.ResponseWriter var w http.ResponseWriter
log.Fatalf("Error reading %s body: %v", from, err.Error()) slog.Error("Error reading %s body: %v", from, err.Error())
http.Error(w, err.Error(), http.StatusInternalServerError) http.Error(w, err.Error(), http.StatusInternalServerError)
return nil return nil
} }
@@ -144,36 +185,36 @@ func LogBody(body io.ReadCloser, from string) io.ReadCloser {
// Unknown message, try pretty-printing json // Unknown message, try pretty-printing json
pjson, err := PPJson(string(buf)) pjson, err := PPJson(string(buf))
if err != nil { if err != nil {
log.Printf(">> %s body: %v", from, string(buf)) slog.Debug(">> %s body: %v", from, string(buf))
} else { } else {
log.Printf(">> %s body: {\n%v\n}", from, pjson) slog.Debug(">> %s body: {\n%v\n}", from, pjson)
} }
goto BodyDone goto BodyDone
} }
// Print index for encoded query packs in the json <value>: // Print index for encoded query packs in the json <value>:
// {..."query_pack": <value>,...} // {..."query_pack": <value>,...}
log.Printf(">> %s body: {\n", from) slog.Debug(">> body: {\n", "from", from)
log.Printf(" \"%s\": \"%s\"\n", "action_repo_ref", m.ActionRepoRef) slog.Debug(" \n", "action_repo_ref", m.ActionRepoRef)
log.Printf(" \"%s\": \"%s\"\n", "language", m.Language) slog.Debug(" \n", "language", m.Language)
pjson, err := json.MarshalIndent(m.Repositories, "", " ") pjson, err := json.MarshalIndent(m.Repositories, "", " ")
if err != nil { if err != nil {
log.Printf(" \"%s\": \"%s\"\n", "repositories", m.Repositories[:]) slog.Debug(" \n", "repositories", m.Repositories[:])
} else { } else {
log.Printf(" \"%s\": %s\n", "repositories", pjson) slog.Debug(" \n", "repositories", pjson)
} }
// Provide custom logging for encoded, compressed tar file // Provide custom logging for encoded, compressed tar file
if IsBase64Gzip([]byte(m.QueryPack)) { if IsBase64Gzip([]byte(m.QueryPack)) {
LogBase64GzippedTar(m) LogBase64GzippedTar(m)
} else { } else {
log.Printf(" \"%s\": \"%s\"\n", "query_pack", m.QueryPack) slog.Debug(" \"%s\": \"%s\"\n", "query_pack", m.QueryPack)
} }
log.Printf("\n}") slog.Debug("\n}")
} else { } else {
log.Printf(">> %s body: %v", from, string(buf)) slog.Debug(">> %s body: %v", from, string(buf))
} }
BodyDone: BodyDone:
@@ -201,17 +242,17 @@ func LogBase64GzippedTar(m SubmitMsg) {
// base64 decode the body // base64 decode the body
data, err := base64.StdEncoding.DecodeString(m.QueryPack) data, err := base64.StdEncoding.DecodeString(m.QueryPack)
if err != nil { if err != nil {
log.Fatalln("body decoding error:", err) slog.Error("body decoding error", "err", err)
} }
// gunzip the decoded body // gunzip the decoded body
gzb := bytes.NewBuffer(data) gzb := bytes.NewBuffer(data)
gzr, err := gzip.NewReader(gzb) gzr, err := gzip.NewReader(gzb)
if err != nil { if err != nil {
log.Fatal(err) slog.Error("unzip error", "err", err)
} }
// tar t the gunzipped body // tar t the gunzipped body
log.Printf(" \"%s\": \n", "query_pack") slog.Debug(" \"query_pack\": \n")
log.Printf(" base64 encoded gzipped tar file, contents:\n") slog.Debug(" base64 encoded gzipped tar file, contents:\n")
tr := tar.NewReader(gzr) tr := tar.NewReader(gzr)
for { for {
hdr, err := tr.Next() hdr, err := tr.Next()
@@ -219,10 +260,10 @@ func LogBase64GzippedTar(m SubmitMsg) {
break // End of archive break // End of archive
} }
if err != nil { if err != nil {
log.Fatalln("Tar listing failure:", err) slog.Error("Tar listing failure", "err", err)
} }
// TODO: head / tail the listing // TODO: cli option to head / tail the listing
log.Printf(" %s\n", hdr.Name) slog.Debug(" ", "", hdr.Name)
} }
} }
@@ -236,11 +277,11 @@ func ShowZipIndex(buf []byte, from string) {
} }
// Print the archive index // Print the archive index
log.Printf(">> %s body:\n", from) slog.Debug(">> body:\n", "from", from)
log.Printf("zip file, contents:\n") slog.Debug("zip file, contents:\n")
for _, f := range r.File { for _, f := range r.File {
log.Printf("\t%s\n", f.Name) slog.Debug("\t", f.Name)
} }
} }
@@ -253,10 +294,11 @@ var ContextKeyRequestStart = &contextKey{"RequestStart"}
func LogResponseDump(resp *http.Response) { func LogResponseDump(resp *http.Response) {
ctx := resp.Request.Context() ctx := resp.Request.Context()
if start, ok := ctx.Value(ContextKeyRequestStart).(time.Time); ok { if start, ok := ctx.Value(ContextKeyRequestStart).(time.Time); ok {
log.Printf("<< %d %s (%s)", resp.StatusCode, resp.Request.URL, slog.Debug("<< ", "status", resp.StatusCode,
roundtime.Duration(time.Since(start), 2)) "url", resp.Request.URL,
"duration", roundtime.Duration(time.Since(start), 2))
} else { } else {
log.Printf("<< %d %s", resp.StatusCode, resp.Request.URL) slog.Debug("<< ", "status", resp.StatusCode, "url", resp.Request.URL)
} }
resp.Body = LogBody(resp.Body, "response") resp.Body = LogBody(resp.Body, "response")

1
samples/qlpack.yml → qlpack.yml
View File

@@ -3,4 +3,3 @@ name: codeql-dataflow-ii-cpp
version: 0.0.1 version: 0.0.1
dependencies: dependencies:
codeql/cpp-all: 0.5.3 codeql/cpp-all: 0.5.3

102
utils/utils.go
View File

@@ -9,6 +9,8 @@ import (
"fmt" "fmt"
"io" "io"
"log" "log"
"log/slog"
"net/http"
"os" "os"
"os/exec" "os/exec"
"path/filepath" "path/filepath"
@@ -114,7 +116,12 @@ func GetRunDetails(controller string, runId int) (map[string]interface{}, error)
response := make(map[string]interface{}) response := make(map[string]interface{})
// err = client.Get(fmt.Sprintf("repos/%s/code-scanning/codeql/variant-analyses/%d", controller, runId), &response) // err = client.Get(fmt.Sprintf("repos/%s/code-scanning/codeql/variant-analyses/%d", controller, runId), &response)
err = client.Get(fmt.Sprintf("http://localhost:8080/repos/%s/code-scanning/codeql/variant-analyses/%d", controller, runId), &response) url := os.Getenv("MRVA_SERVER_URL")
if url == "" {
return nil, fmt.Errorf("missing MRVA_SERVER_URL in environment")
}
err = client.Get(fmt.Sprintf("%s/repos/%s/code-scanning/codeql/variant-analyses/%d", url, controller, runId), &response)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -129,7 +136,12 @@ func GetRunRepositoryDetails(controller string, runId int, nwo string) (map[stri
} }
response := make(map[string]interface{}) response := make(map[string]interface{})
// err = client.Get(fmt.Sprintf("repos/%s/code-scanning/codeql/variant-analyses/%d/repos/%s", controller, runId, nwo), &response) // err = client.Get(fmt.Sprintf("repos/%s/code-scanning/codeql/variant-analyses/%d/repos/%s", controller, runId, nwo), &response)
err = client.Get(fmt.Sprintf("http://localhost:8080/repos/%s/code-scanning/codeql/variant-analyses/%d/repos/%s", controller, runId, nwo), &response) url := os.Getenv("MRVA_SERVER_URL")
if url == "" {
return nil, fmt.Errorf("missing MRVA_SERVER_URL in environment")
}
err = client.Get(fmt.Sprintf("%s/repos/%s/code-scanning/codeql/variant-analyses/%d/repos/%s", url, controller, runId, nwo), &response)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -196,7 +208,12 @@ func SubmitRun(controller string, language string, repoChunk []string, bundle st
} }
response := make(map[string]interface{}) response := make(map[string]interface{})
// err = client.Post(fmt.Sprintf("repos/%s/code-scanning/codeql/variant-analyses", controller), &buf, &response) // err = client.Post(fmt.Sprintf("repos/%s/code-scanning/codeql/variant-analyses", controller), &buf, &response)
err = client.Post(fmt.Sprintf("http://localhost:8080/repos/%s/code-scanning/codeql/variant-analyses", controller), &buf, &response) url := os.Getenv("MRVA_SERVER_URL")
if url == "" {
return 0, fmt.Errorf("missing MRVA_SERVER_URL in environment")
}
err = client.Post(fmt.Sprintf("%s/repos/%s/code-scanning/codeql/variant-analyses", url, controller), &buf, &response)
if err != nil { if err != nil {
return -1, err return -1, err
} }
@@ -533,72 +550,116 @@ func DownloadWorker(wg *sync.WaitGroup, taskChannel <-chan models.DownloadTask,
} }
func downloadArtifact(url string, task models.DownloadTask) error { func downloadArtifact(url string, task models.DownloadTask) error {
client, err := gh.HTTPClient(nil) slog.Info("downloadArtifact/start", "url", url, "task", task)
if err != nil {
return err // client, err := gh.HTTPClient(nil)
client := &http.Client{}
// if err != nil {
// slog.Error("downloadArtifact/httpClient failed", "err", err)
// return err
// }
// Inspect the type
slog.Info("downloadArtifact/httpClient/type", "type", fmt.Sprintf("%T", client))
// Check if it has a custom Transport (e.g., for auth hooks)
if client.Transport != nil {
slog.Info("downloadArtifact/httpClient/transport", "transport_type", fmt.Sprintf("%T", client.Transport))
// If it's a round-tripper wrapper, you can often unwrap or type assert it
switch tr := client.Transport.(type) {
case *http.Transport:
slog.Info("downloadArtifact/httpClient/transport/http.Transport", "details", fmt.Sprintf("%+v", tr))
default:
slog.Info("downloadArtifact/httpClient/transport/unknown", "details", fmt.Sprintf("%#v", tr))
}
} else {
slog.Info("downloadArtifact/httpClient/transport", "transport", "nil")
} }
// Log timeout, just in case
slog.Info("downloadArtifact/httpClient/timeout", "timeout", client.Timeout)
resp, err := client.Get(url) resp, err := client.Get(url)
if err != nil { if err != nil {
slog.Error("downloadArtifact/get", "url", url, "err", err)
return err return err
} }
defer resp.Body.Close() defer resp.Body.Close()
body, err := io.ReadAll(resp.Body) body, err := io.ReadAll(resp.Body)
if err != nil { if err != nil {
log.Fatal(err) slog.Error("downloadArtifact/readBody", "err", err)
return err
} }
zipReader, err := zip.NewReader(bytes.NewReader(body), int64(len(body))) zipReader, err := zip.NewReader(bytes.NewReader(body), int64(len(body)))
if err != nil { if err != nil {
log.Fatal(err) slog.Error("downloadArtifact/newZipReader", "err", err)
return err
} }
downloadedFiles := []string{} downloadedFiles := []string{}
for _, zf := range zipReader.File { for _, zf := range zipReader.File {
slog.Info("downloadArtifact/zipEntry", "name", zf.Name)
if zf.Name != "results.sarif" && zf.Name != "results.bqrs" { if zf.Name != "results.sarif" && zf.Name != "results.bqrs" {
continue continue
} }
f, err := zf.Open() f, err := zf.Open()
if err != nil { if err != nil {
log.Fatal(err) slog.Error("downloadArtifact/openZipFile", "name", zf.Name, "err", err)
return err
} }
defer f.Close() defer f.Close()
content, err := io.ReadAll(f) content, err := io.ReadAll(f)
if err != nil { if err != nil {
log.Fatal(err) slog.Error("downloadArtifact/readZipContent", "name", zf.Name, "err", err)
return err
} }
outputDir := task.OutputDir outputDir := task.OutputDir
outputFilename := task.OutputFilename outputFilename := task.OutputFilename
if zf.Name == "results.bqrs" { if zf.Name == "results.bqrs" {
outputFilename = outputFilename + ".bqrs" outputFilename += ".bqrs"
} else if zf.Name == "results.sarif" { } else if zf.Name == "results.sarif" {
outputFilename = outputFilename + ".sarif" outputFilename += ".sarif"
} }
// replace remote-query with real query id // replace remote-query with real query id
content = bytes.Replace(content, []byte("remote-query"), []byte(task.QueryId), -1) content = bytes.Replace(content, []byte("remote-query"), []byte(task.QueryId), -1)
resultPath := filepath.Join(outputDir, outputFilename) resultPath := filepath.Join(outputDir, outputFilename)
slog.Info("downloadArtifact/writeFile",
"outputFilename", outputFilename,
"resultPath", resultPath)
err = os.WriteFile(resultPath, content, os.ModePerm) err = os.WriteFile(resultPath, content, os.ModePerm)
if err != nil { if err != nil {
slog.Error("downloadArtifact/writeFileError", "path", resultPath, "err", err)
return err return err
} }
downloadedFiles = append(downloadedFiles, resultPath) downloadedFiles = append(downloadedFiles, resultPath)
} }
if len(downloadedFiles) == 0 { if len(downloadedFiles) == 0 {
return errors.New("No results files found in artifact") err := errors.New("no results files found in artifact")
} else { slog.Error("downloadArtifact/empty", "err", err)
fmt.Println("Downloaded", downloadedFiles) return err
return nil
} }
slog.Info("downloadArtifact/success", "files", downloadedFiles)
return nil
} }
func DownloadResults(task models.DownloadTask) error { func DownloadResults(task models.DownloadTask) error {
// download artifact (BQRS or SARIF) // download artifact (BQRS or SARIF)
runRepositoryDetails, err := GetRunRepositoryDetails(task.Controller, task.RunId, task.Nwo) runRepositoryDetails, err := GetRunRepositoryDetails(task.Controller, task.RunId, task.Nwo)
slog.Info("DownloadResults", "runRepositoryDetails", runRepositoryDetails)
if err != nil { if err != nil {
return errors.New("Failed to get run repository details") return errors.New("Failed to get run repository details")
} }
@@ -623,7 +684,14 @@ func DownloadDatabase(task models.DownloadTask) error {
return err return err
} }
// resp, err := client.Get(fmt.Sprintf("https://api.github.com/repos/%s/code-scanning/codeql/databases/%s", task.Nwo, task.Language)) // resp, err := client.Get(fmt.Sprintf("https://api.github.com/repos/%s/code-scanning/codeql/databases/%s", task.Nwo, task.Language))
resp, err := client.Get(fmt.Sprintf("http://localhost:8080/repos/%s/code-scanning/codeql/databases/%s", task.Nwo, task.Language)) // resp, err := client.Get(fmt.Sprintf("http://localhost:8080/repos/%s/code-scanning/codeql/databases/%s", task.Nwo, task.Language))
url := os.Getenv("MRVA_SERVER_URL")
if url == "" {
return fmt.Errorf("missing MRVA_SERVER_URL in environment")
}
resp, err := client.Get(fmt.Sprintf("%s/repos/%s/code-scanning/codeql/databases/%s", url, task.Nwo, task.Language))
if err != nil { if err != nil {
return err return err
} }