-
Notifications
You must be signed in to change notification settings - Fork 64
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Declarative cli tool to make use of the query capabilities #1626
Draft
MariusAlbrecht
wants to merge
44
commits into
Fraunhofer-AISEC:main
Choose a base branch
from
MariusAlbrecht:queries
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
utility to easily run rules. For now only for testing, maybe usable as something else later on
(cherry picked from commit 6d197b8)
(cherry picked from commit a559a3d)
utility to easily run rules. For now only for testing, maybe usable as something else later on (cherry picked from commit f3c668c)
(cherry picked from commit d1f9e99)
(cherry picked from commit 1fdcaca)
(cherry picked from commit 59eae97)
(cherry picked from commit 6fd818f)
(cherry picked from commit ea706a1)
|
# Conflicts: # cpg-analysis/build.gradle.kts # cpg-analysis/src/main/kotlin/de/fraunhofer/aisec/cpg/query/RuleRunner.kt # cpg-analysis/src/main/kotlin/de/fraunhofer/aisec/cpg/query/SarifReporter.kt
…ns to run rules and report
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Declarative CLI Tool to Make Use of the Query Capabilities
This pull request introduces a CLI to use Queries outside of the interactive console in a declarative way.
Should work similiar to regular security checkers, insofar it should be able to just be run on a codebase and report something. To do this predefined
Rule
s are neccesary.Should also be extensible / customizable. To do this the
Rule
andReporter
interface can be manually implemented to add new rules and output formats.Usage
Right now the code lives in cpg-analysis (which I acknowledge should probably change).
To actually use
RuleRunner
class (see below for an example)cpg/cpg-analysis/build/install/cpg-analysis/bin/cpg-analysis
Notes
This is still absolutely WIP, just wanted to get this mostly working thing in a PR before being away for holiday. There's a number of actual "TODO" comments in the code, additionally the following should probably be addressed as well
Rule
interface supports this, it's up to the Rule to supply the arguments. This could be explored to improve uxI plan to adddress all of this once I'm back in 3 weeks.
Rule exmaple:
note that this only gives pretty output and evaluation steps when the used
sizeof
andmin
functions are adjusted to include nodes in their children. Just domutableListOf(QueryTree(n))
instead ofmutableListOf()
in these 2 locations:cpg/cpg-analysis/src/main/kotlin/de/fraunhofer/aisec/cpg/query/Query.kt
Line 123 in bf8b37c
cpg/cpg-analysis/src/main/kotlin/de/fraunhofer/aisec/cpg/query/Query.kt
Line 137 in bf8b37c