Skip to content

Commit 5ec4757

Browse files
GeekMasherGeekMasher
authored
Merge pull request #20 from advanced-security/fix-depgraph
Update Dependencies to fix issue
2 parents a710484 + 79c3e54 commit 5ec4757

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

60 files changed

+4871
-4869
lines changed

Pipfile

+2-1
Original file line numberDiff line numberDiff line change
@@ -5,12 +5,13 @@ verify_ssl = true
55

66
[packages]
77
pyyaml = "*"
8-
ghastoolkit = "==0.2.1"
8+
ghastoolkit = "*"
99

1010
[dev-packages]
1111
sphinx = "*"
1212
myst-parser = "*"
1313
black = "*"
14+
typing_extensions = "*"
1415

1516
[scripts]
1617
main = "python -m ghascompliance"

Pipfile.lock

+37-29
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

ghascompliance/__version__.py

+1-1
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
#!/usr/bin/env python
2-
__version__ = "2.3.0"
2+
__version__ = "2.3.1"
33

44
__title__ = "GitHub Advanced Security Policy as Code"
55
__name__ = "ghascompliance"

vendor/certifi/__init__.py

+1-1
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
11
from .core import contents, where
22

33
__all__ = ["contents", "where"]
4-
__version__ = "2022.12.07"
4+
__version__ = "2023.05.07"

vendor/certifi/cacert.pem

+62
Original file line numberDiff line numberDiff line change
@@ -4525,3 +4525,65 @@ BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjAVXUI9/Lbu
45254525
9zuxNuie9sRGKEkz0FhDKmMpzE2xtHqiuQ04pV1IKv3LsnNdo4gIxwwCMQDAqy0O
45264526
be0YottT6SXbVQjgUMzfRGEWgqtJsLKB7HOHeLRMsmIbEvoWTSVLY70eN9k=
45274527
-----END CERTIFICATE-----
4528+
4529+
# Issuer: CN=BJCA Global Root CA1 O=BEIJING CERTIFICATE AUTHORITY
4530+
# Subject: CN=BJCA Global Root CA1 O=BEIJING CERTIFICATE AUTHORITY
4531+
# Label: "BJCA Global Root CA1"
4532+
# Serial: 113562791157148395269083148143378328608
4533+
# MD5 Fingerprint: 42:32:99:76:43:33:36:24:35:07:82:9b:28:f9:d0:90
4534+
# SHA1 Fingerprint: d5:ec:8d:7b:4c:ba:79:f4:e7:e8:cb:9d:6b:ae:77:83:10:03:21:6a
4535+
# SHA256 Fingerprint: f3:89:6f:88:fe:7c:0a:88:27:66:a7:fa:6a:d2:74:9f:b5:7a:7f:3e:98:fb:76:9c:1f:a7:b0:9c:2c:44:d5:ae
4536+
-----BEGIN CERTIFICATE-----
4537+
MIIFdDCCA1ygAwIBAgIQVW9l47TZkGobCdFsPsBsIDANBgkqhkiG9w0BAQsFADBU
4538+
MQswCQYDVQQGEwJDTjEmMCQGA1UECgwdQkVJSklORyBDRVJUSUZJQ0FURSBBVVRI
4539+
T1JJVFkxHTAbBgNVBAMMFEJKQ0EgR2xvYmFsIFJvb3QgQ0ExMB4XDTE5MTIxOTAz
4540+
MTYxN1oXDTQ0MTIxMjAzMTYxN1owVDELMAkGA1UEBhMCQ04xJjAkBgNVBAoMHUJF
4541+
SUpJTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZMR0wGwYDVQQDDBRCSkNBIEdsb2Jh
4542+
bCBSb290IENBMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAPFmCL3Z
4543+
xRVhy4QEQaVpN3cdwbB7+sN3SJATcmTRuHyQNZ0YeYjjlwE8R4HyDqKYDZ4/N+AZ
4544+
spDyRhySsTphzvq3Rp4Dhtczbu33RYx2N95ulpH3134rhxfVizXuhJFyV9xgw8O5
4545+
58dnJCNPYwpj9mZ9S1WnP3hkSWkSl+BMDdMJoDIwOvqfwPKcxRIqLhy1BDPapDgR
4546+
at7GGPZHOiJBhyL8xIkoVNiMpTAK+BcWyqw3/XmnkRd4OJmtWO2y3syJfQOcs4ll
4547+
5+M7sSKGjwZteAf9kRJ/sGsciQ35uMt0WwfCyPQ10WRjeulumijWML3mG90Vr4Tq
4548+
nMfK9Q7q8l0ph49pczm+LiRvRSGsxdRpJQaDrXpIhRMsDQa4bHlW/KNnMoH1V6XK
4549+
V0Jp6VwkYe/iMBhORJhVb3rCk9gZtt58R4oRTklH2yiUAguUSiz5EtBP6DF+bHq/
4550+
pj+bOT0CFqMYs2esWz8sgytnOYFcuX6U1WTdno9uruh8W7TXakdI136z1C2OVnZO
4551+
z2nxbkRs1CTqjSShGL+9V/6pmTW12xB3uD1IutbB5/EjPtffhZ0nPNRAvQoMvfXn
4552+
jSXWgXSHRtQpdaJCbPdzied9v3pKH9MiyRVVz99vfFXQpIsHETdfg6YmV6YBW37+
4553+
WGgHqel62bno/1Afq8K0wM7o6v0PvY1NuLxxAgMBAAGjQjBAMB0GA1UdDgQWBBTF
4554+
7+3M2I0hxkjk49cULqcWk+WYATAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
4555+
AwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAUoKsITQfI/Ki2Pm4rzc2IInRNwPWaZ+4
4556+
YRC6ojGYWUfo0Q0lHhVBDOAqVdVXUsv45Mdpox1NcQJeXyFFYEhcCY5JEMEE3Kli
4557+
awLwQ8hOnThJdMkycFRtwUf8jrQ2ntScvd0g1lPJGKm1Vrl2i5VnZu69mP6u775u
4558+
+2D2/VnGKhs/I0qUJDAnyIm860Qkmss9vk/Ves6OF8tiwdneHg56/0OGNFK8YT88
4559+
X7vZdrRTvJez/opMEi4r89fO4aL/3Xtw+zuhTaRjAv04l5U/BXCga99igUOLtFkN
4560+
SoxUnMW7gZ/NfaXvCyUeOiDbHPwfmGcCCtRzRBPbUYQaVQNW4AB+dAb/OMRyHdOo
4561+
P2gxXdMJxy6MW2Pg6Nwe0uxhHvLe5e/2mXZgLR6UcnHGCyoyx5JO1UbXHfmpGQrI
4562+
+pXObSOYqgs4rZpWDW+N8TEAiMEXnM0ZNjX+VVOg4DwzX5Ze4jLp3zO7Bkqp2IRz
4563+
znfSxqxx4VyjHQy7Ct9f4qNx2No3WqB4K/TUfet27fJhcKVlmtOJNBir+3I+17Q9
4564+
eVzYH6Eze9mCUAyTF6ps3MKCuwJXNq+YJyo5UOGwifUll35HaBC07HPKs5fRJNz2
4565+
YqAo07WjuGS3iGJCz51TzZm+ZGiPTx4SSPfSKcOYKMryMguTjClPPGAyzQWWYezy
4566+
r/6zcCwupvI=
4567+
-----END CERTIFICATE-----
4568+
4569+
# Issuer: CN=BJCA Global Root CA2 O=BEIJING CERTIFICATE AUTHORITY
4570+
# Subject: CN=BJCA Global Root CA2 O=BEIJING CERTIFICATE AUTHORITY
4571+
# Label: "BJCA Global Root CA2"
4572+
# Serial: 58605626836079930195615843123109055211
4573+
# MD5 Fingerprint: 5e:0a:f6:47:5f:a6:14:e8:11:01:95:3f:4d:01:eb:3c
4574+
# SHA1 Fingerprint: f4:27:86:eb:6e:b8:6d:88:31:67:02:fb:ba:66:a4:53:00:aa:7a:a6
4575+
# SHA256 Fingerprint: 57:4d:f6:93:1e:27:80:39:66:7b:72:0a:fd:c1:60:0f:c2:7e:b6:6d:d3:09:29:79:fb:73:85:64:87:21:28:82
4576+
-----BEGIN CERTIFICATE-----
4577+
MIICJTCCAaugAwIBAgIQLBcIfWQqwP6FGFkGz7RK6zAKBggqhkjOPQQDAzBUMQsw
4578+
CQYDVQQGEwJDTjEmMCQGA1UECgwdQkVJSklORyBDRVJUSUZJQ0FURSBBVVRIT1JJ
4579+
VFkxHTAbBgNVBAMMFEJKQ0EgR2xvYmFsIFJvb3QgQ0EyMB4XDTE5MTIxOTAzMTgy
4580+
MVoXDTQ0MTIxMjAzMTgyMVowVDELMAkGA1UEBhMCQ04xJjAkBgNVBAoMHUJFSUpJ
4581+
TkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZMR0wGwYDVQQDDBRCSkNBIEdsb2JhbCBS
4582+
b290IENBMjB2MBAGByqGSM49AgEGBSuBBAAiA2IABJ3LgJGNU2e1uVCxA/jlSR9B
4583+
IgmwUVJY1is0j8USRhTFiy8shP8sbqjV8QnjAyEUxEM9fMEsxEtqSs3ph+B99iK+
4584+
+kpRuDCK/eHeGBIK9ke35xe/J4rUQUyWPGCWwf0VHKNCMEAwHQYDVR0OBBYEFNJK
4585+
sVF/BvDRgh9Obl+rg/xI1LCRMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD
4586+
AgEGMAoGCCqGSM49BAMDA2gAMGUCMBq8W9f+qdJUDkpd0m2xQNz0Q9XSSpkZElaA
4587+
94M04TVOSG0ED1cxMDAtsaqdAzjbBgIxAMvMh1PLet8gUXOQwKhbYdDFUDn9hf7B
4588+
43j4ptZLvZuHjw/l1lOWqzzIQNph91Oj9w==
4589+
-----END CERTIFICATE-----

vendor/ghastoolkit/__init__.py

+3-1
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
__name__ = "ghastoolkit"
22
__title__ = "GHAS Toolkit"
33

4-
__version__ = "0.2.1"
4+
__version__ = "0.3.1"
55

66
__description__ = "GitHub Advanced Security Python Toolkit"
77
__summary__ = """\
@@ -40,3 +40,5 @@
4040

4141
# CodeQL
4242
from ghastoolkit.codeql.databases import CodeQLDatabases, CodeQLDatabase
43+
from ghastoolkit.codeql.cli import CodeQL
44+
from ghastoolkit.codeql.results import CodeQLResults

vendor/ghastoolkit/codeql/cli.py

+104
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,104 @@
1+
import json
2+
import logging
3+
import os
4+
import subprocess
5+
from sys import stdout
6+
import tempfile
7+
from typing import Optional
8+
9+
from ghastoolkit.codeql.databases import CodeQLDatabase
10+
from ghastoolkit.codeql.results import CodeQLResults
11+
from ghastoolkit.codeql.utils import findCodeBinary
12+
13+
14+
logger = logging.getLogger("ghastoolkit.codeql.cli")
15+
16+
17+
class CodeQL:
18+
def __init__(self, binary: Optional[str] = None) -> None:
19+
if binary:
20+
self.path_binary = [binary]
21+
else:
22+
self.path_binary: Optional[list[str]] = findCodeBinary()
23+
24+
def exists(self) -> bool:
25+
return self.path_binary != None
26+
27+
def runCommand(self, *argvs, display: bool = False) -> Optional[str]:
28+
if not self.path_binary:
29+
raise Exception("CodeQL binary / path was not found")
30+
cmd = []
31+
cmd.extend(self.path_binary)
32+
cmd.extend(argvs)
33+
if not display:
34+
with open(os.devnull, "w") as null:
35+
result = subprocess.run(cmd, stdout=null, stderr=null)
36+
else:
37+
result = subprocess.check_output(cmd)
38+
return result.decode().strip()
39+
40+
@property
41+
def version(self) -> str:
42+
return self.runCommand("version", "--format", "terse", display=True)
43+
44+
def runQuery(
45+
self, database: CodeQLDatabase, path: Optional[str] = None
46+
) -> CodeQLResults:
47+
if not database.path:
48+
raise Exception("CodeQL Database path is not set")
49+
50+
path = path or database.default_pack
51+
52+
self.runCommand("database", "run-queries", database.path, path)
53+
return self.getResults(database, path)
54+
55+
def runRawQuery(self, path: str, database: CodeQLDatabase) -> list:
56+
if not database.path:
57+
raise Exception("CodeQL Database path is not set")
58+
if not path.endswith(".ql"):
59+
raise Exception("runRawQuery requires a QL file")
60+
61+
self.runCommand("database", "run-queries", database.path, path)
62+
bqrs = os.path.join(
63+
database.path, "results", path.replace(":", "/").replace(".ql", ".bqrs")
64+
)
65+
return self.readBqrs(bqrs).get("#select", {}).get("tuples", [])
66+
67+
def getResults(
68+
self, database: CodeQLDatabase, path: Optional[str] = None
69+
) -> CodeQLResults:
70+
sarif = os.path.join(tempfile.gettempdir(), "codeql-result.sarif")
71+
cmd = [
72+
"database",
73+
"interpret-results",
74+
"--format",
75+
"sarif-latest",
76+
"--output",
77+
sarif,
78+
database.path,
79+
]
80+
if path:
81+
cmd.append(path)
82+
83+
self.runCommand(*cmd)
84+
85+
with open(sarif, "r") as handle:
86+
data = json.load(handle)
87+
88+
results = data.get("runs", [])[0].get("results", [])
89+
return CodeQLResults.loadSarifResults(results)
90+
91+
def readBqrs(self, bqrsfile: str) -> dict:
92+
output = os.path.join(tempfile.gettempdir(), "codeql-result.bqrs")
93+
94+
self.runCommand(
95+
"bqrs", "decode", "--format", "json", "--output", output, bqrsfile
96+
)
97+
98+
with open(output, "r") as handle:
99+
return json.load(handle)
100+
101+
def __str__(self) -> str:
102+
if self.path_binary:
103+
return f"CodeQL('{self.version}')"
104+
return "CodeQL()"

0 commit comments

Comments
 (0)