Address 1ES CodeQL issues (#10198)

* Address 1ES CodeQL issues

* Switch to nightly build

* Remove unnecessary template

Author: jviau

eng/ci/official-build.yml

@@ -7,6 +7,16 @@ trigger:
     - release/4.*
     - release/in-proc
 
+schedules:
+# Ensure we build nightly to catch any new CVEs and report SDL often.
+- cron: "0 0 * * *"
+  displayName: Nightly Build
+  branches:
+    include:
+    - dev
+    - in-proc
+  always: true
+
 # CI only, does not trigger on PRs.
 pr: none
 
@@ -34,6 +44,10 @@ extends:
       name: 1es-pool-azfunc
       image: 1es-windows-2022
       os: windows
+    sdl:
+      codeql:
+        # Move codeql for source languages to source analysis stage
+        runSourceLanguagesInSourceAnalysis: true
 
     stages:
     - stage: Initialize

eng/ci/public-build.yml

@@ -9,6 +9,15 @@ trigger:
     - release/4.*
     - release/in-proc
 
+schedules:
+  # Ensure we build nightly to catch any new CVEs and report SDL often.
+  - cron: "0 0 * * *"
+    displayName: Nightly Build
+    branches:
+      include:
+      - dev
+      - in-proc
+    always: true
 pr:
   branches:
     include:
@@ -35,6 +44,12 @@ extends:
       image: 1es-windows-2022
       os: windows
 
+    sdl:
+      codeql:
+        compiled:
+          enabled: true
+        runSourceLanguagesInSourceAnalysis: true
+
     stages:
     - stage: Test
       jobs:

eng/ci/templates/jobs/initialize-pipeline.yml

@@ -2,6 +2,12 @@ jobs:
   - job: InitializePipeline
     displayName: Initialize Pipeline
 
+    templateContext:
+      sdl:
+        codeql:
+          compiled:
+            enabled: false
+
     steps:
     - task: UseDotNet@2 # The pinned SDK we use to build
       displayName: 'Install .NET SDK from global.json'

sample/Java/HttpTrigger/Function.java renamed to sample/Java/HttpTrigger/Function.java.txt

@@ -1,3 +1,6 @@
+// This is a .txt extension intentionally so CodeQL does not expect and wait for a java compilation step.
+// Real java function apps would have this as .java extension.
+
 package Microsoft.Azure.WebJobs.Script.Tests.EndToEnd;
 
 import java.util.*;
@@ -13,7 +16,7 @@
  * Accept defaults for rest of the identifiers
  * Run mvn clean package
  */
-public class Function {   
+public class Function {
     @FunctionName("HttpTrigger")
     public HttpResponseMessage run(
             @HttpTrigger(name = "req", methods = {HttpMethod.GET, HttpMethod.POST}, authLevel = AuthorizationLevel.FUNCTION) HttpRequestMessage<Optional<String>> request,
@@ -23,12 +26,12 @@ public HttpResponseMessage run(
         // Parse query parameter
         String query = request.getQueryParameters().get("name");
         String name = request.getBody().orElse(query);
-		String readEnv = System.getenv("AzureWebJobsStorage");
+        String readEnv = System.getenv("AzureWebJobsStorage");
 
         if (name == null) {
             return request.createResponseBuilder(HttpStatus.BAD_REQUEST).body("Please pass a name on the query string or in the request body").build();
         }
-		if (readEnv == null ) {
+        if (readEnv == null ) {
             return request.createResponseBuilder(HttpStatus.INTERNAL_SERVER_ERROR).body("AzureWebJobsStorage is empty").build();
         }
         return request.createResponseBuilder(HttpStatus.OK).body("Hello, " + name).build();