mrva/mrvacommander
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add RabbitMQ agent and containers

Browse Source
This commit is contained in:
Nicolas Will
2024-06-15 00:23:14 +02:00
parent ec4d2b3eac
commit 3b06e2061f
12 changed files with 1050 additions and 89 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
pkg/agent/agent.go
View File

@@ -54,17 +54,14 @@ func (r *RunnerSingle) worker(wid int) {
slog.Debug("Analysis: running", "job", job)
storage.SetStatus(job.QueryPackId, job.NWO, common.StatusQueued)
resultFile, err := r.RunAnalysis(job)
_, err := RunAnalysis(job)
if err != nil {
continue
}
slog.Debug("Analysis run finished", "job", job)
res := common.AnalyzeResult{
RunAnalysisSARIF: resultFile,
RunAnalysisBQRS: "", // FIXME ?
}
res := common.AnalyzeResult{}
r.queue.Results() <- res
storage.SetStatus(job.QueryPackId, job.NWO, common.StatusSuccess)
storage.SetResult(job.QueryPackId, job.NWO, res)
@@ -72,7 +69,7 @@ func (r *RunnerSingle) worker(wid int) {
}
}
func (r *RunnerSingle) RunAnalysis(job common.AnalyzeJob) (string, error) {
func RunAnalysis(job common.AnalyzeJob) (string, error) {
// TODO Add multi-language tests including queryLanguage
// queryPackID, queryLanguage, dbOwner, dbRepo :=
// job.QueryPackId, job.QueryLanguage, job.NWO.Owner, job.NWO.Repo

421
pkg/codeql/codeql.go Normal file
View File

@@ -0,0 +1,421 @@
package codeql
import (
"archive/zip"
"bytes"
"encoding/json"
"fmt"
"io"
"log"
"log/slog"
"mrvacommander/utils"
"os"
"os/exec"
"path/filepath"
"gopkg.in/yaml.v3"
)
// Helper Functions
func contains(slice []string, item string) bool {
for _, s := range slice {
if s == item {
return true
}
}
return false
}
// Main Functions
func getCodeQLCLIPath() (string, error) {
// get the CODEQL_CLI_PATH environment variable
codeqlCliPath := os.Getenv("CODEQL_CLI_PATH")
if codeqlCliPath == "" {
return "", fmt.Errorf("CODEQL_CLI_PATH environment variable not set")
}
return codeqlCliPath, nil
}
func GenerateResultsZipArchive(runQueryResult *RunQueryResult) ([]byte, error) {
buffer := new(bytes.Buffer)
zipWriter := zip.NewWriter(buffer)
if runQueryResult.SarifFilePath != "" {
err := addFileToZip(zipWriter, runQueryResult.SarifFilePath, "results.sarif")
if err != nil {
return nil, fmt.Errorf("failed to add SARIF file to zip: %v", err)
}
}
for _, relativePath := range runQueryResult.BqrsFilePaths.RelativeFilePaths {
fullPath := filepath.Join(runQueryResult.BqrsFilePaths.BasePath, relativePath)
err := addFileToZip(zipWriter, fullPath, relativePath)
if err != nil {
return nil, fmt.Errorf("failed to add BQRS file to zip: %v", err)
}
}
err := zipWriter.Close()
if err != nil {
return nil, fmt.Errorf("failed to close zip writer: %v", err)
}
return buffer.Bytes(), nil
}
func addFileToZip(zipWriter *zip.Writer, filePath, zipPath string) error {
file, err := os.Open(filePath)
if err != nil {
return fmt.Errorf("failed to open file %s: %v", filePath, err)
}
defer file.Close()
w, err := zipWriter.Create(zipPath)
if err != nil {
return fmt.Errorf("failed to create zip entry for %s: %v", zipPath, err)
}
_, err = io.Copy(w, file)
if err != nil {
return fmt.Errorf("failed to copy file content to zip entry for %s: %v", zipPath, err)
}
return nil
}
func RunQuery(database string, nwo string, queryPackPath string, tempDir string) (*RunQueryResult, error) {
path, err := getCodeQLCLIPath()
if err != nil {
return nil, fmt.Errorf("failed to get codeql cli path: %v", err)
}
codeql := CodeqlCli{path}
resultsDir := filepath.Join(tempDir, "results")
if err = os.Mkdir(resultsDir, 0755); err != nil {
return nil, fmt.Errorf("failed to create results directory: %v", err)
}
databasePath := filepath.Join(tempDir, "db")
if utils.UnzipFile(database, databasePath) != nil {
return nil, fmt.Errorf("failed to unzip database: %v", err)
}
dbMetadata, err := getDatabaseMetadata(databasePath)
if err != nil {
return nil, fmt.Errorf("failed to get database metadata: %v", err)
}
// Check if the database has CreationMetadata / a SHA
var databaseSHA string
if dbMetadata.CreationMetadata == nil || dbMetadata.CreationMetadata.SHA == nil {
// If the database does not have a SHA, we can proceed regardless
slog.Warn("Database does not have a SHA")
databaseSHA = ""
} else {
databaseSHA = *dbMetadata.CreationMetadata.SHA
}
cmd := exec.Command(codeql.Path, "database", "run-queries", "--ram=1024", "--additional-packs", queryPackPath, "--", databasePath, queryPackPath)
if output, err := cmd.CombinedOutput(); err != nil {
return nil, fmt.Errorf("failed to run queries: %v\nOutput: %s", err, output)
}
queryPackRunResults, err := getQueryPackRunResults(codeql, databasePath, queryPackPath)
if err != nil {
return nil, fmt.Errorf("failed to get query pack run results: %v", err)
}
sourceLocationPrefix, err := getSourceLocationPrefix(codeql, databasePath)
if err != nil {
return nil, fmt.Errorf("failed to get source location prefix: %v", err)
}
shouldGenerateSarif := queryPackSupportsSarif(queryPackRunResults)
if shouldGenerateSarif {
slog.Info("Query pack supports SARIF")
} else {
slog.Info("Query pack does not support SARIF")
}
var resultCount int
var sarifFilePath string
if shouldGenerateSarif {
sarif, err := generateSarif(codeql, nwo, databasePath, queryPackPath, databaseSHA, resultsDir)
if err != nil {
return nil, fmt.Errorf("failed to generate SARIF: %v", err)
}
resultCount = getSarifResultCount(sarif)
slog.Info("Generated SARIF", "resultCount", resultCount)
sarifFilePath = filepath.Join(resultsDir, "results.sarif")
if err := os.WriteFile(sarifFilePath, sarif, 0644); err != nil {
return nil, fmt.Errorf("failed to write SARIF file: %v", err)
}
} else {
resultCount = queryPackRunResults.TotalResultsCount
slog.Info("Did not generate SARIF", "resultCount", resultCount)
}
slog.Info("Adjusting BQRS files")
bqrsFilePaths, err := adjustBqrsFiles(queryPackRunResults, resultsDir)
if err != nil {
return nil, fmt.Errorf("failed to adjust BQRS files: %v", err)
}
return &RunQueryResult{
ResultCount: resultCount,
DatabaseSHA: databaseSHA,
SourceLocationPrefix: sourceLocationPrefix,
BqrsFilePaths: bqrsFilePaths,
SarifFilePath: sarifFilePath,
}, nil
}
func getDatabaseMetadata(databasePath string) (*DatabaseMetadata, error) {
data, err := os.ReadFile(filepath.Join(databasePath, "codeql-database.yml"))
if err != nil {
return nil, fmt.Errorf("failed to read database metadata: %v", err)
}
var metadata DatabaseMetadata
if err := yaml.Unmarshal(data, &metadata); err != nil {
return nil, fmt.Errorf("failed to unmarshal database metadata: %v", err)
}
return &metadata, nil
}
func runCommand(command []string) (CodeQLCommandOutput, error) {
slog.Info("Running command", "command", command)
cmd := exec.Command(command[0], command[1:]...)
stdout, err := cmd.Output()
if err != nil {
return CodeQLCommandOutput{ExitCode: 1}, err
}
return CodeQLCommandOutput{ExitCode: 0, Stdout: string(stdout)}, nil
}
func validateQueryMetadataObject(data []byte) (QueryMetadata, error) {
var queryMetadata QueryMetadata
if err := json.Unmarshal(data, &queryMetadata); err != nil {
return QueryMetadata{}, err
}
return queryMetadata, nil
}
func validateBQRSInfoObject(data []byte) (BQRSInfo, error) {
var bqrsInfo BQRSInfo
if err := json.Unmarshal(data, &bqrsInfo); err != nil {
return BQRSInfo{}, err
}
return bqrsInfo, nil
}
func getBqrsInfo(codeql CodeqlCli, bqrs string) (BQRSInfo, error) {
bqrsInfoOutput, err := runCommand([]string{codeql.Path, "bqrs", "info", "--format=json", bqrs})
if err != nil {
return BQRSInfo{}, fmt.Errorf("unable to run codeql bqrs info. Error: %v", err)
}
if bqrsInfoOutput.ExitCode != 0 {
return BQRSInfo{}, fmt.Errorf("unable to run codeql bqrs info. Exit code: %d", bqrsInfoOutput.ExitCode)
}
return validateBQRSInfoObject([]byte(bqrsInfoOutput.Stdout))
}
func getQueryMetadata(codeql CodeqlCli, query string) (QueryMetadata, error) {
queryMetadataOutput, err := runCommand([]string{codeql.Path, "resolve", "metadata", "--format=json", query})
if err != nil {
return QueryMetadata{}, fmt.Errorf("unable to run codeql resolve metadata. Error: %v", err)
}
if queryMetadataOutput.ExitCode != 0 {
return QueryMetadata{}, fmt.Errorf("unable to run codeql resolve metadata. Exit code: %d", queryMetadataOutput.ExitCode)
}
return validateQueryMetadataObject([]byte(queryMetadataOutput.Stdout))
}
func getQueryPackRunResults(codeql CodeqlCli, databasePath, queryPackPath string) (*QueryPackRunResults, error) {
resultsBasePath := filepath.Join(databasePath, "results")
queryPaths := []string{} // Replace with actual query paths resolution logic
var queries []Query
for _, queryPath := range queryPaths {
relativeBqrsFilePath := filepath.Join(queryPackPath, queryPath)
bqrsFilePath := filepath.Join(resultsBasePath, relativeBqrsFilePath)
if _, err := os.Stat(bqrsFilePath); os.IsNotExist(err) {
return nil, fmt.Errorf("could not find BQRS file for query %s at %s", queryPath, bqrsFilePath)
}
bqrsInfo, err := getBqrsInfo(codeql, bqrsFilePath)
if err != nil {
return nil, fmt.Errorf("failed to get BQRS info: %v", err)
}
queryMetadata, err := getQueryMetadata(codeql, queryPath)
if err != nil {
return nil, fmt.Errorf("failed to get query metadata: %v", err)
}
queries = append(queries, Query{
QueryPath: queryPath,
QueryMetadata: queryMetadata,
RelativeBqrsFilePath: relativeBqrsFilePath,
BqrsInfo: bqrsInfo,
})
}
totalResultsCount := 0
for _, query := range queries {
count, err := getBqrsResultCount(query.BqrsInfo)
if err != nil {
return nil, fmt.Errorf("failed to get BQRS result count: %v", err)
}
totalResultsCount += count
}
return &QueryPackRunResults{
Queries: queries,
TotalResultsCount: totalResultsCount,
ResultsBasePath: resultsBasePath,
}, nil
}
func adjustBqrsFiles(queryPackRunResults *QueryPackRunResults, resultsDir string) (BqrsFilePaths, error) {
if len(queryPackRunResults.Queries) == 1 {
currentBqrsFilePath := filepath.Join(queryPackRunResults.ResultsBasePath, queryPackRunResults.Queries[0].RelativeBqrsFilePath)
newBqrsFilePath := filepath.Join(resultsDir, "results.bqrs")
if err := os.MkdirAll(resultsDir, os.ModePerm); err != nil {
return BqrsFilePaths{}, err
}
if err := os.Rename(currentBqrsFilePath, newBqrsFilePath); err != nil {
return BqrsFilePaths{}, err
}
return BqrsFilePaths{BasePath: resultsDir, RelativeFilePaths: []string{"results.bqrs"}}, nil
}
relativeFilePaths := make([]string, len(queryPackRunResults.Queries))
for i, query := range queryPackRunResults.Queries {
relativeFilePaths[i] = query.RelativeBqrsFilePath
}
return BqrsFilePaths{
BasePath: queryPackRunResults.ResultsBasePath,
RelativeFilePaths: relativeFilePaths,
}, nil
}
func getSourceLocationPrefix(codeql CodeqlCli, databasePath string) (string, error) {
cmd := exec.Command(codeql.Path, "resolve", "database", databasePath)
output, err := cmd.CombinedOutput()
if err != nil {
return "", fmt.Errorf("failed to resolve database: %v\nOutput: %s", err, output)
}
var resolvedDatabase ResolvedDatabase
if err := json.Unmarshal(output, &resolvedDatabase); err != nil {
return "", fmt.Errorf("failed to unmarshal resolved database: %v", err)
}
return resolvedDatabase.SourceLocationPrefix, nil
}
func queryPackSupportsSarif(queryPackRunResults *QueryPackRunResults) bool {
for _, query := range queryPackRunResults.Queries {
if !querySupportsSarif(query.QueryMetadata, query.BqrsInfo) {
return false
}
}
return true
}
func querySupportsSarif(queryMetadata QueryMetadata, bqrsInfo BQRSInfo) bool {
return getSarifOutputType(queryMetadata, bqrsInfo.CompatibleQueryKinds) != ""
}
func getSarifOutputType(queryMetadata QueryMetadata, compatibleQueryKinds []string) string {
if (*queryMetadata.Kind == "path-problem" || *queryMetadata.Kind == "path-alert") && contains(compatibleQueryKinds, "PathProblem") {
return "path-problem"
}
if (*queryMetadata.Kind == "problem" || *queryMetadata.Kind == "alert") && contains(compatibleQueryKinds, "Problem") {
return "problem"
}
return ""
}
func generateSarif(codeql CodeqlCli, nwo, databasePath, queryPackPath, databaseSHA string, resultsDir string) ([]byte, error) {
sarifFile := filepath.Join(resultsDir, "results.sarif")
cmd := exec.Command(codeql.Path, "database", "interpret-results", "--format=sarif-latest", "--output="+sarifFile, "--sarif-add-snippets", "--no-group-results", databasePath, queryPackPath)
if output, err := cmd.CombinedOutput(); err != nil {
return nil, fmt.Errorf("failed to generate SARIF: %v\nOutput: %s", err, output)
}
sarifData, err := os.ReadFile(sarifFile)
if err != nil {
return nil, fmt.Errorf("failed to read SARIF file: %v", err)
}
var sarif Sarif
if err := json.Unmarshal(sarifData, &sarif); err != nil {
return nil, fmt.Errorf("failed to unmarshal SARIF: %v", err)
}
injectVersionControlInfo(&sarif, nwo, databaseSHA)
sarifBytes, err := json.Marshal(sarif)
if err != nil {
return nil, fmt.Errorf("failed to marshal SARIF: %v", err)
}
return sarifBytes, nil
}
func injectVersionControlInfo(sarif *Sarif, nwo, databaseSHA string) {
for _, run := range sarif.Runs {
run.VersionControlProvenance = append(run.VersionControlProvenance, map[string]interface{}{
"repositoryUri": fmt.Sprintf("%s/%s", os.Getenv("GITHUB_SERVER_URL"), nwo),
"revisionId": databaseSHA,
})
}
}
// getSarifResultCount returns the number of results in the SARIF file.
func getSarifResultCount(sarif []byte) int {
var sarifData Sarif
if err := json.Unmarshal(sarif, &sarifData); err != nil {
log.Printf("failed to unmarshal SARIF for result count: %v", err)
return 0
}
count := 0
for _, run := range sarifData.Runs {
count += len(run.Results)
}
return count
}
// Known result set names
var KnownResultSetNames = []string{"#select", "problems"}
// getBqrssResultCount returns the number of results in the BQRS file.
func getBqrsResultCount(bqrsInfo BQRSInfo) (int, error) {
for _, name := range KnownResultSetNames {
for _, resultSet := range bqrsInfo.ResultSets {
if resultSet.Name == name {
return resultSet.Rows, nil
}
}
}
var resultSetNames []string
for _, resultSet := range bqrsInfo.ResultSets {
resultSetNames = append(resultSetNames, resultSet.Name)
}
return 0, fmt.Errorf(
"BQRS does not contain any result sets matching known names. Expected one of %s but found %s",
KnownResultSetNames, resultSetNames,
)
}

81
pkg/codeql/types.go Normal file
View File

@@ -0,0 +1,81 @@
package codeql
// Types
type CodeqlCli struct {
Path string
}
type RunQueryResult struct {
ResultCount int
DatabaseSHA string
SourceLocationPrefix string
BqrsFilePaths BqrsFilePaths
SarifFilePath string
}
type BqrsFilePaths struct {
BasePath string `json:"basePath"`
RelativeFilePaths []string `json:"relativeFilePaths"`
}
type SarifOutputType string
const (
Problem SarifOutputType = "problem"
PathProblem SarifOutputType = "path-problem"
)
type SarifRun struct {
VersionControlProvenance []interface{} `json:"versionControlProvenance,omitempty"`
Results []interface{} `json:"results"`
}
type Sarif struct {
Runs []SarifRun `json:"runs"`
}
type CreationMetadata struct {
SHA *string `yaml:"sha,omitempty"`
CLIVersion *string `yaml:"cliVersion,omitempty"`
}
type DatabaseMetadata struct {
CreationMetadata *CreationMetadata `yaml:"creationMetadata,omitempty"`
}
type QueryMetadata struct {
ID *string `json:"id,omitempty"`
Kind *string `json:"kind,omitempty"`
}
type ResultSet struct {
Name string `json:"name"`
Rows int `json:"rows"`
}
type BQRSInfo struct {
ResultSets []ResultSet `json:"resultSets"`
CompatibleQueryKinds []string `json:"compatibleQueryKinds"`
}
type Query struct {
QueryPath string `json:"queryPath"`
QueryMetadata QueryMetadata `json:"queryMetadata"`
RelativeBqrsFilePath string `json:"relativeBqrsFilePath"`
BqrsInfo BQRSInfo `json:"bqrsInfo"`
}
type QueryPackRunResults struct {
Queries []Query `json:"queries"`
TotalResultsCount int `json:"totalResultsCount"`
ResultsBasePath string `json:"resultsBasePath"`
}
type ResolvedDatabase struct {
SourceLocationPrefix string `json:"sourceLocationPrefix"`
}
type CodeQLCommandOutput struct {
ExitCode int `json:"exitCode"`
Stdout string `json:"stdout"`
}

17
pkg/common/types.go
View File

@@ -9,18 +9,21 @@ type NameWithOwner struct {
// AnalyzeJob represents a job specifying a repository and a query pack to analyze it with.
// This is the message format that the agent receives from the queue.
type AnalyzeJob struct {
MRVARequestID int
QueryPackId int
QueryPackURL string
QueryLanguage string
NWO NameWithOwner
RequestId int // json:"request_id"
QueryPackId int // json:"query_pack_id"
QueryPackURL string // json:"query_pack_url"
QueryLanguage string // json:"query_language"
NWO NameWithOwner // json:"nwo"
}
// AnalyzeResult represents the result of an analysis job.
// This is the message format that the agent sends to the queue.
// Status will only ever be StatusSuccess or StatusError when sent in a result.
type AnalyzeResult struct {
RunAnalysisSARIF string
RunAnalysisBQRS string
Status Status // json:"status"
RequestId int // json:"request_id"
ResultCount int // json:"result_count"
ResultArchiveURL string // json:"result_archive_url"
}
// Status represents the status of a job.

53
pkg/storage/storage.go
View File

@@ -4,7 +4,6 @@ import (
"archive/zip"
"errors"
"fmt"
"io"
"io/fs"
"log/slog"
"os"
@@ -129,10 +128,10 @@ func GetResult(js common.JobSpec) common.AnalyzeResult {
return ar
}
func SetResult(sessionid int, orl common.NameWithOwner, ar common.AnalyzeResult) {
func SetResult(sessionid int, nwo common.NameWithOwner, ar common.AnalyzeResult) {
mutex.Lock()
defer mutex.Unlock()
result[common.JobSpec{JobID: sessionid, NameWithOwner: orl}] = ar
result[common.JobSpec{JobID: sessionid, NameWithOwner: nwo}] = ar
}
func PackageResults(ar common.AnalyzeResult, owre common.NameWithOwner, vaid int) (zipPath string, e error) {
@@ -166,29 +165,31 @@ func PackageResults(ar common.AnalyzeResult, owre common.NameWithOwner, vaid int
defer zwriter.Close()
// Add each result file to the zip archive
names := []([]string){{ar.RunAnalysisSARIF, "results.sarif"}}
for _, fpath := range names {
file, err := os.Open(fpath[0])
if err != nil {
return "", err
}
defer file.Close()
/*
names := []([]string){{ar.RunAnalysisSARIF, "results.sarif"}}
for _, fpath := range names {
file, err := os.Open(fpath[0])
if err != nil {
return "", err
}
defer file.Close()
// Create a new file in the zip archive with custom name
// The client is very specific:
// if zf.Name != "results.sarif" && zf.Name != "results.bqrs" { continue }
// Create a new file in the zip archive with custom name
// The client is very specific:
// if zf.Name != "results.sarif" && zf.Name != "results.bqrs" { continue }
zipEntry, err := zwriter.Create(fpath[1])
if err != nil {
return "", err
}
zipEntry, err := zwriter.Create(fpath[1])
if err != nil {
return "", err
}
// Copy the contents of the file to the zip entry
_, err = io.Copy(zipEntry, file)
if err != nil {
return "", err
// Copy the contents of the file to the zip entry
_, err = io.Copy(zipEntry, file)
if err != nil {
return "", err
}
}
}
*/
return zpath, nil
}
@@ -210,10 +211,10 @@ func SetJobInfo(js common.JobSpec, ji common.JobInfo) {
info[js] = ji
}
func GetStatus(sessionid int, orl common.NameWithOwner) common.Status {
func GetStatus(sessionid int, nwo common.NameWithOwner) common.Status {
mutex.Lock()
defer mutex.Unlock()
return status[common.JobSpec{JobID: sessionid, NameWithOwner: orl}]
return status[common.JobSpec{JobID: sessionid, NameWithOwner: nwo}]
}
func ResultAsFile(path string) (string, []byte, error) {
@@ -231,10 +232,10 @@ func ResultAsFile(path string) (string, []byte, error) {
return fpath, file, nil
}
func SetStatus(sessionid int, orl common.NameWithOwner, s common.Status) {
func SetStatus(sessionid int, nwo common.NameWithOwner, s common.Status) {
mutex.Lock()
defer mutex.Unlock()
status[common.JobSpec{JobID: sessionid, NameWithOwner: orl}] = s
status[common.JobSpec{JobID: sessionid, NameWithOwner: nwo}] = s
}
func AddJob(sessionid int, job common.AnalyzeJob) {