- Use codeql bundle from github/codeql-action, instead of codeql cli binaries.

vovikhangcdv · vovikhangcdv · commit bf87ac1dca46 · 2022-04-08T07:39:23.000Z
- Fix a mismatch between github-linguist and codeql: typescript
diff --git a/.gitignore b/.gitignore
@@ -1,2 +1,3 @@
 nohup.out
-codeql-agent-results
+codeql-agent-results
+.vscode
diff --git a/Dockerfile b/Dockerfile
@@ -32,6 +32,7 @@ RUN apt-get update && \
     	file \
         dos2unix \
         default-jdk \
+		maven \
     	gettext && \
         apt-get clean && \
         ln -sf /usr/bin/python3.8 /usr/bin/python && \
@@ -51,28 +52,37 @@ ENV CODEQL_HOME /root/codeql-home
 # Get CodeQL verion
 RUN curl --silent "https://api.github.com/repos/github/codeql-cli-binaries/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/' > /tmp/codeql_version
 
+# Get CodeQL Bundle version
+RUN curl --silent "https://api.github.com/repos/github/codeql-action/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/' > /tmp/codeql_bundle_version
+
 # record the latest version of the codeql-cli
 RUN mkdir -p ${CODEQL_HOME} \
-    ${CODEQL_HOME}/codeql-repo \
-    ${CODEQL_HOME}/codeql-go-repo \
+    # ${CODEQL_HOME}/codeql-repo \
+    # ${CODEQL_HOME}/codeql-go-repo \
     /opt/codeql
 
 # get the latest codeql queries and record the HEAD
-RUN git clone --depth=1 https://github.com/github/codeql ${CODEQL_HOME}/codeql-repo && \
-    git --git-dir ${CODEQL_HOME}/codeql-repo/.git log --pretty=reference -1 > /opt/codeql/codeql-repo-last-commit
-RUN git clone --depth=1 https://github.com/github/codeql-go ${CODEQL_HOME}/codeql-go-repo && \
-    git --git-dir ${CODEQL_HOME}/codeql-go-repo/.git log --pretty=reference -1 > /opt/codeql/codeql-go-repo-last-commit
+# RUN git clone --depth=1 https://github.com/github/codeql ${CODEQL_HOME}/codeql-repo && \
+#     git --git-dir ${CODEQL_HOME}/codeql-repo/.git log --pretty=reference -1 > /opt/codeql/codeql-repo-last-commit
+# RUN git clone --depth=1 https://github.com/github/codeql-go ${CODEQL_HOME}/codeql-go-repo && \
+#     git --git-dir ${CODEQL_HOME}/codeql-go-repo/.git log --pretty=reference -1 > /opt/codeql/codeql-go-repo-last-commit
+
+# RUN CODEQL_VERSION=$(cat /tmp/codeql_version) && \
+#     wget -q https://github.com/github/codeql-cli-binaries/releases/download/${CODEQL_VERSION}/codeql-linux64.zip -O /tmp/codeql_linux.zip && \
+#     unzip /tmp/codeql_linux.zip -d ${CODEQL_HOME} && \
+#     rm /tmp/codeql_linux.zip
 
-RUN CODEQL_VERSION=$(cat /tmp/codeql_version) && \
-    wget -q https://github.com/github/codeql-cli-binaries/releases/download/${CODEQL_VERSION}/codeql-linux64.zip -O /tmp/codeql_linux.zip && \
-    unzip /tmp/codeql_linux.zip -d ${CODEQL_HOME} && \
-    rm /tmp/codeql_linux.zip
+# Downdload and extract CodeQL Bundle
+RUN CODEQL_BUNDLE_VERSION=$(cat /tmp/codeql_bundle_version) && \
+    wget -q https://github.com/github/codeql-action/releases/download/${CODEQL_BUNDLE_VERSION}/codeql-bundle-linux64.tar.gz -O /tmp/codeql_linux.tar.gz && \
+    tar -xf /tmp/codeql_linux.tar.gz -C ${CODEQL_HOME} && \
+    rm /tmp/codeql_linux.tar.gz
 
 ENV PATH="$PATH:${CODEQL_HOME}/codeql:/root/go/bin:/root/.go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 COPY scripts /root/scripts
 
 # Pre-compile our queries to save time later
-RUN /root/scripts/compile-qs.sh
+# RUN /root/scripts/compile-qs.sh
 
 WORKDIR /root/
 ENTRYPOINT ["/root/scripts/analyze.sh"]
diff --git a/README.md b/README.md
@@ -6,7 +6,8 @@ Source build docker image `codeql-agent`
 ### Build and run local
 ```
 cd codeql-agent
-docker build -t codeql-agent .
+sudo docker build -t doublevkay/codeql-agent-dev:1.1.0 .
+nohup sudo docker build -t doublevkay/codeql-agent-dev:1.1.0 .; telegram-send "Build image codeql v1.1.0 done"
 docker run --rm --name codeql-docker -v "$PWD/vulnerable-source-code:/opt/src" -e "LANGUAGE=python" -e "FORMAT=sarif-latest" codeql-agent
 ```
 
diff --git a/scripts/analyze.sh b/scripts/analyze.sh
@@ -29,9 +29,13 @@ then
 fi
 
 LANGUAGE=${LANGUAGE,,}
-if [[ "$LANGUAGE" == "python" || "$LANGUAGE" == "javascript" || "$LANGUAGE" == "cpp" || "$LANGUAGE" == "csharp" || "$LANGUAGE" == "java" || "$LANGUAGE" == "go" ]]
+if [[ "$LANGUAGE" == "python" || "$LANGUAGE" == "javascript" || "$LANGUAGE" == "cpp" || "$LANGUAGE" == "csharp" || "$LANGUAGE" == "java" || "$LANGUAGE" == "go" || "$LANGUAGE" == "typescript" ]]
 then
-        echo "$LANGUAGE"
+    if [[ "$LANGUAGE" == "typescript" ]]
+    then
+        LANGUAGE="javascript"
+    fi
+    echo "$LANGUAGE"
 else
         echo "[!] Invalid language: $LANGUAGE"
         exit 3
