diff --git a/.github/codeql/codeql-config.yaml b/.github/codeql/codeql-config.yaml index 9c6b990c7..005c8944d 100644 --- a/.github/codeql/codeql-config.yaml +++ b/.github/codeql/codeql-config.yaml @@ -6,8 +6,5 @@ queries: - uses: ./javascript/frameworks/ui5/src/codeql-suites/javascript-security-extended.qls - uses: ./javascript/frameworks/cap/src/codeql-suites/javascript-security-extended.qls -paths: - - "**/*.xml" - - "**/*.json" paths-ignore: - "**/frameworks/*/test/models" diff --git a/.github/workflows/code_scanning.yml b/.github/workflows/code_scanning.yml index 168b1339e..0f3bff50e 100644 --- a/.github/workflows/code_scanning.yml +++ b/.github/workflows/code_scanning.yml @@ -12,7 +12,7 @@ on: env: LGTM_INDEX_XML_MODE: all - LGTM_INDEX_FILTERS: "include:**/*.json" + LGTM_INDEX_FILTERS: "include:**/*.json\ninclude:**/*.js" jobs: analyze: @@ -37,6 +37,7 @@ jobs: mv $dir .github/codeql/extensions/$dir done + - name: Ensure presence of cds shell command run: | if ! command -v cds &> /dev/null @@ -55,19 +56,16 @@ jobs: -o "$cds_file.json" done - # Initializes the CodeQL tools for scanning. - - name: Extract version from qlt.conf.json - uses: sergeysova/jq-action@v2 - id: version - with: - cmd: 'jq .CodeQLCLIBundle qlt.conf.json -r' - + - name: Extract CodeQL bundle version + run: | + echo "BUNDLE_VERSION=$(jq .CodeQLCLIBundle qlt.conf.json -r)" >> $GITHUB_ENV + - name: Initialize CodeQL uses: github/codeql-action/init@v3 with: languages: javascript config-file: ./.github/codeql/codeql-config.yaml - tools: https://github.com/github/codeql-action/releases/download/${{steps.version.outputs.value}}/codeql-bundle-linux64.tar.gz + tools: https://github.com/github/codeql-action/releases/download/${{env.BUNDLE_VERSION}}/codeql-bundle-linux64.tar.gz debug: true - name: Perform CodeQL Analysis diff --git a/.github/workflows/run-codeql-unit-tests-javascript.yml b/.github/workflows/run-codeql-unit-tests-javascript.yml index 4b5b41bc9..c3dafd53f 100644 --- a/.github/workflows/run-codeql-unit-tests-javascript.yml +++ b/.github/workflows/run-codeql-unit-tests-javascript.yml @@ -18,7 +18,7 @@ jobs: matrix: ${{ steps.export-unit-test-matrix.outputs.matrix }} steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Install QLT id: install-qlt @@ -43,7 +43,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Install QLT id: install-qlt @@ -116,7 +116,7 @@ jobs: --work-dir $RUNNER_TMP - name: Upload test results - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v4 with: name: test-results-${{ runner.os }}-${{ matrix.codeql_cli }}-${{ matrix.codeql_standard_library_ident }} path: | @@ -130,7 +130,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Install QLT id: install-qlt @@ -141,7 +141,7 @@ jobs: - name: Collect test results - uses: actions/download-artifact@v2 + uses: actions/download-artifact@v4 - name: Validate test results run: | diff --git a/javascript/frameworks/cap/ext/codeql-pack.lock.yml b/javascript/frameworks/cap/ext/codeql-pack.lock.yml deleted file mode 100644 index 530042745..000000000 --- a/javascript/frameworks/cap/ext/codeql-pack.lock.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -lockVersion: 1.0.0 -dependencies: {} -compiled: false diff --git a/javascript/frameworks/cap/lib/codeql-pack.lock.yml b/javascript/frameworks/cap/lib/codeql-pack.lock.yml deleted file mode 100644 index 9c7802785..000000000 --- a/javascript/frameworks/cap/lib/codeql-pack.lock.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -lockVersion: 1.0.0 -dependencies: - codeql/dataflow: - version: 0.2.7 - codeql/javascript-all: - version: 0.9.1 - codeql/mad: - version: 0.2.16 - codeql/regex: - version: 0.2.16 - codeql/ssa: - version: 0.2.16 - codeql/tutorial: - version: 0.2.16 - codeql/typetracking: - version: 0.2.16 - codeql/util: - version: 0.2.16 - codeql/xml: - version: 0.0.3 - codeql/yaml: - version: 0.2.16 -compiled: false diff --git a/javascript/frameworks/cap/src/codeql-pack.lock.yml b/javascript/frameworks/cap/src/codeql-pack.lock.yml deleted file mode 100644 index 9c7802785..000000000 --- a/javascript/frameworks/cap/src/codeql-pack.lock.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -lockVersion: 1.0.0 -dependencies: - codeql/dataflow: - version: 0.2.7 - codeql/javascript-all: - version: 0.9.1 - codeql/mad: - version: 0.2.16 - codeql/regex: - version: 0.2.16 - codeql/ssa: - version: 0.2.16 - codeql/tutorial: - version: 0.2.16 - codeql/typetracking: - version: 0.2.16 - codeql/util: - version: 0.2.16 - codeql/xml: - version: 0.0.3 - codeql/yaml: - version: 0.2.16 -compiled: false diff --git a/javascript/frameworks/cap/test/codeql-pack.lock.yml b/javascript/frameworks/cap/test/codeql-pack.lock.yml deleted file mode 100644 index 09a0ed7e9..000000000 --- a/javascript/frameworks/cap/test/codeql-pack.lock.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -lockVersion: 1.0.0 -dependencies: - codeql/dataflow: - version: 0.2.7 - codeql/javascript-all: - version: 0.9.1 - codeql/javascript-queries: - version: 0.8.16 - codeql/mad: - version: 0.2.16 - codeql/regex: - version: 0.2.16 - codeql/ssa: - version: 0.2.16 - codeql/suite-helpers: - version: 0.7.16 - codeql/tutorial: - version: 0.2.16 - codeql/typetracking: - version: 0.2.16 - codeql/typos: - version: 0.2.16 - codeql/util: - version: 0.2.16 - codeql/xml: - version: 0.0.3 - codeql/yaml: - version: 0.2.16 -compiled: false diff --git a/javascript/frameworks/ui5/ext/codeql-pack.lock.yml b/javascript/frameworks/ui5/ext/codeql-pack.lock.yml deleted file mode 100644 index 530042745..000000000 --- a/javascript/frameworks/ui5/ext/codeql-pack.lock.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -lockVersion: 1.0.0 -dependencies: {} -compiled: false diff --git a/javascript/frameworks/ui5/lib/codeql-pack.lock.yml b/javascript/frameworks/ui5/lib/codeql-pack.lock.yml deleted file mode 100644 index 9c7802785..000000000 --- a/javascript/frameworks/ui5/lib/codeql-pack.lock.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -lockVersion: 1.0.0 -dependencies: - codeql/dataflow: - version: 0.2.7 - codeql/javascript-all: - version: 0.9.1 - codeql/mad: - version: 0.2.16 - codeql/regex: - version: 0.2.16 - codeql/ssa: - version: 0.2.16 - codeql/tutorial: - version: 0.2.16 - codeql/typetracking: - version: 0.2.16 - codeql/util: - version: 0.2.16 - codeql/xml: - version: 0.0.3 - codeql/yaml: - version: 0.2.16 -compiled: false diff --git a/javascript/frameworks/ui5/src/codeql-pack.lock.yml b/javascript/frameworks/ui5/src/codeql-pack.lock.yml deleted file mode 100644 index 9c7802785..000000000 --- a/javascript/frameworks/ui5/src/codeql-pack.lock.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -lockVersion: 1.0.0 -dependencies: - codeql/dataflow: - version: 0.2.7 - codeql/javascript-all: - version: 0.9.1 - codeql/mad: - version: 0.2.16 - codeql/regex: - version: 0.2.16 - codeql/ssa: - version: 0.2.16 - codeql/tutorial: - version: 0.2.16 - codeql/typetracking: - version: 0.2.16 - codeql/util: - version: 0.2.16 - codeql/xml: - version: 0.0.3 - codeql/yaml: - version: 0.2.16 -compiled: false diff --git a/javascript/frameworks/ui5/test/codeql-pack.lock.yml b/javascript/frameworks/ui5/test/codeql-pack.lock.yml deleted file mode 100644 index 09a0ed7e9..000000000 --- a/javascript/frameworks/ui5/test/codeql-pack.lock.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -lockVersion: 1.0.0 -dependencies: - codeql/dataflow: - version: 0.2.7 - codeql/javascript-all: - version: 0.9.1 - codeql/javascript-queries: - version: 0.8.16 - codeql/mad: - version: 0.2.16 - codeql/regex: - version: 0.2.16 - codeql/ssa: - version: 0.2.16 - codeql/suite-helpers: - version: 0.7.16 - codeql/tutorial: - version: 0.2.16 - codeql/typetracking: - version: 0.2.16 - codeql/typos: - version: 0.2.16 - codeql/util: - version: 0.2.16 - codeql/xml: - version: 0.0.3 - codeql/yaml: - version: 0.2.16 -compiled: false diff --git a/javascript/heuristic-models/ext/codeql-pack.lock.yml b/javascript/heuristic-models/ext/codeql-pack.lock.yml deleted file mode 100644 index 530042745..000000000 --- a/javascript/heuristic-models/ext/codeql-pack.lock.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -lockVersion: 1.0.0 -dependencies: {} -compiled: false diff --git a/javascript/heuristic-models/tests/codeql-pack.lock.yml b/javascript/heuristic-models/tests/codeql-pack.lock.yml deleted file mode 100644 index 9c7802785..000000000 --- a/javascript/heuristic-models/tests/codeql-pack.lock.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -lockVersion: 1.0.0 -dependencies: - codeql/dataflow: - version: 0.2.7 - codeql/javascript-all: - version: 0.9.1 - codeql/mad: - version: 0.2.16 - codeql/regex: - version: 0.2.16 - codeql/ssa: - version: 0.2.16 - codeql/tutorial: - version: 0.2.16 - codeql/typetracking: - version: 0.2.16 - codeql/util: - version: 0.2.16 - codeql/xml: - version: 0.0.3 - codeql/yaml: - version: 0.2.16 -compiled: false diff --git a/qlt.conf.json b/qlt.conf.json index e33a2227f..07c20a03e 100644 --- a/qlt.conf.json +++ b/qlt.conf.json @@ -2,4 +2,4 @@ "CodeQLCLI": "2.17.3", "CodeQLStandardLibrary": "codeql-cli/v2.17.3", "CodeQLCLIBundle": "codeql-bundle-v2.17.3" -} \ No newline at end of file +} diff --git a/scripts/codeql-pack.lock.yml b/scripts/codeql-pack.lock.yml deleted file mode 100644 index 9c7802785..000000000 --- a/scripts/codeql-pack.lock.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -lockVersion: 1.0.0 -dependencies: - codeql/dataflow: - version: 0.2.7 - codeql/javascript-all: - version: 0.9.1 - codeql/mad: - version: 0.2.16 - codeql/regex: - version: 0.2.16 - codeql/ssa: - version: 0.2.16 - codeql/tutorial: - version: 0.2.16 - codeql/typetracking: - version: 0.2.16 - codeql/util: - version: 0.2.16 - codeql/xml: - version: 0.0.3 - codeql/yaml: - version: 0.2.16 -compiled: false