From 24b99136254a878b643370830391650d0a453d9f Mon Sep 17 00:00:00 2001 From: agius Date: Wed, 2 Sep 2020 11:46:03 -0400 Subject: [PATCH 01/14] Fix codeql path in CI workflow --- .github/workflows/continuous-integration.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml index c9c5a40..8a7996d 100644 --- a/.github/workflows/continuous-integration.yml +++ b/.github/workflows/continuous-integration.yml @@ -87,6 +87,13 @@ jobs: run: | bundle exec rake spec:ci + - name: Run CodeQL Tests + env: + CODEQL_PATH: "$GITHUB_WORKSPACE/codeql/codeql" + working-directory: ./codeql-ruby + run: | + $CODEQL_PATH test run ql/test + # - name: Setup tmate session # uses: mxschmitt/action-tmate@v2 From 6a8d35c7218fe734aadd4daa8b9259fcfbad384e Mon Sep 17 00:00:00 2001 From: agius Date: Wed, 2 Sep 2020 11:50:18 -0400 Subject: [PATCH 02/14] Fix CodeQL integration tests harder --- .github/workflows/continuous-integration.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml index 8a7996d..9fdb055 100644 --- a/.github/workflows/continuous-integration.yml +++ b/.github/workflows/continuous-integration.yml @@ -92,7 +92,7 @@ jobs: CODEQL_PATH: "$GITHUB_WORKSPACE/codeql/codeql" working-directory: ./codeql-ruby run: | - $CODEQL_PATH test run ql/test + $GITHUB_WORKSPACE/codeql/codeql test run ql/test # - name: Setup tmate session # uses: mxschmitt/action-tmate@v2 From 67f9699b3681cd9d00087e2f755b2762ad033d64 Mon Sep 17 00:00:00 2001 From: agius Date: Wed, 2 Sep 2020 11:57:05 -0400 Subject: [PATCH 03/14] Moar verbose codeql tests for Github Actions debugging --- .github/workflows/continuous-integration.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml index 9fdb055..f03d905 100644 --- a/.github/workflows/continuous-integration.yml +++ b/.github/workflows/continuous-integration.yml @@ -92,7 +92,7 @@ jobs: CODEQL_PATH: "$GITHUB_WORKSPACE/codeql/codeql" working-directory: ./codeql-ruby run: | - $GITHUB_WORKSPACE/codeql/codeql test run ql/test + $GITHUB_WORKSPACE/codeql/codeql test run -vvv ql/test # - name: Setup tmate session # uses: mxschmitt/action-tmate@v2 From 513d53d28d7c666ca4b5a3fbc3b8807d02c498ab Mon Sep 17 00:00:00 2001 From: agius Date: Wed, 2 Sep 2020 12:01:58 -0400 Subject: [PATCH 04/14] Show extractor output for Actions debugging --- .github/workflows/continuous-integration.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml index f03d905..d8b8744 100644 --- a/.github/workflows/continuous-integration.yml +++ b/.github/workflows/continuous-integration.yml @@ -92,7 +92,7 @@ jobs: CODEQL_PATH: "$GITHUB_WORKSPACE/codeql/codeql" working-directory: ./codeql-ruby run: | - $GITHUB_WORKSPACE/codeql/codeql test run -vvv ql/test + $GITHUB_WORKSPACE/codeql/codeql test run -vvv --show-extractor-output ql/test # - name: Setup tmate session # uses: mxschmitt/action-tmate@v2 From 771f1a5724ac51472237c536be073820a364edc2 Mon Sep 17 00:00:00 2001 From: agius Date: Wed, 2 Sep 2020 12:24:49 -0400 Subject: [PATCH 05/14] moar Actions debugging --- .github/workflows/continuous-integration.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml index d8b8744..04f539c 100644 --- a/.github/workflows/continuous-integration.yml +++ b/.github/workflows/continuous-integration.yml @@ -92,7 +92,7 @@ jobs: CODEQL_PATH: "$GITHUB_WORKSPACE/codeql/codeql" working-directory: ./codeql-ruby run: | - $GITHUB_WORKSPACE/codeql/codeql test run -vvv --show-extractor-output ql/test + $GITHUB_WORKSPACE/codeql/codeql test run -vvvvv ql/test # - name: Setup tmate session # uses: mxschmitt/action-tmate@v2 From 0dc91f3bc71dc6f0b8ee40437ecb832a7f51211f Mon Sep 17 00:00:00 2001 From: agius Date: Wed, 2 Sep 2020 14:19:43 -0400 Subject: [PATCH 06/14] Moar debugging info in legacy test extractor --- extractor/tools/index.sh | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100755 extractor/tools/index.sh diff --git a/extractor/tools/index.sh b/extractor/tools/index.sh new file mode 100755 index 0000000..76f8f66 --- /dev/null +++ b/extractor/tools/index.sh @@ -0,0 +1,25 @@ +#!/bin/sh + +#################################################################################### +# +# Required for running `codeql test run my/test/dir` +# when legacy_qltest_extraction is set to true in ruby/codeql-extractor.yml +# +# +# FIXME: figure out what "non-legacy" test extraction looks like and how it works +# +#################################################################################### + +set -eu + +echo "running index.sh" +echo "CODEQL_PLATFORM: $CODEQL_PLATFORM" +echo "CODEQL_EXTRACTOR_RUBY_ROOT: $CODEQL_EXTRACTOR_RUBY_ROOT" +ls -lha "$CODEQL_EXTRACTOR_RUBY_ROOT/tools/$CODEQL_PLATFORM/" + +if [ "$CODEQL_PLATFORM" != "linux64" ] && [ "$CODEQL_PLATFORM" != "osx64" ] ; then + echo "Automatic build detection for $CODEQL_PLATFORM is not implemented." + exit 1 +fi + +"$CODEQL_EXTRACTOR_RUBY_ROOT/tools/$CODEQL_PLATFORM/ruby-autobuilder" From 8baef51bfb353fee59cc54a404718a65ec4b75be Mon Sep 17 00:00:00 2001 From: agius Date: Wed, 2 Sep 2020 14:39:45 -0400 Subject: [PATCH 07/14] wtf m8 :/ --- .github/workflows/continuous-integration.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml index 04f539c..1c521b4 100644 --- a/.github/workflows/continuous-integration.yml +++ b/.github/workflows/continuous-integration.yml @@ -88,11 +88,8 @@ jobs: bundle exec rake spec:ci - name: Run CodeQL Tests - env: - CODEQL_PATH: "$GITHUB_WORKSPACE/codeql/codeql" - working-directory: ./codeql-ruby run: | - $GITHUB_WORKSPACE/codeql/codeql test run -vvvvv ql/test + $GITHUB_WORKSPACE/codeql/codeql test run -vvvvv codeql-ruby/ql/test # - name: Setup tmate session # uses: mxschmitt/action-tmate@v2 From d930d628a37dd36843180c24e97c19d9b9dd75bf Mon Sep 17 00:00:00 2001 From: agius Date: Fri, 4 Sep 2020 15:52:07 -0400 Subject: [PATCH 08/14] Move codeql query tests to use codeql cli runner --- .codeqlmanifest.json | 1 + extractor/codeql-extractor.yml | 2 +- ql/test/base_unsafe_script/example.expected | 3 +++ .../test}/base_unsafe_script/example.ql | 0 .../base_unsafe_script/unsafe_command.rb | 0 ql/test/leaf_node_location/example.expected | 4 ++++ .../test}/leaf_node_location/example.ql | 0 .../leaf_node_location/leaf_node_location.rb | 0 ql/test/qlpack.yml | 5 ++++ ql/test/script_with_require/example.expected | 14 +++++++++++ .../test}/script_with_require/example.ql | 0 .../script_with_require/required_file.rb | 0 .../script_with_require.rb | 0 spec/base_unsafe_script/qlpack.yml | 3 --- spec/codeql_ruby_spec.rb | 23 +------------------ spec/leaf_node_location/qlpack.yml | 3 --- spec/script_with_require/qlpack.yml | 3 --- 17 files changed, 29 insertions(+), 32 deletions(-) create mode 100644 ql/test/base_unsafe_script/example.expected rename {spec => ql/test}/base_unsafe_script/example.ql (100%) rename {spec => ql/test}/base_unsafe_script/unsafe_command.rb (100%) create mode 100644 ql/test/leaf_node_location/example.expected rename {spec => ql/test}/leaf_node_location/example.ql (100%) rename {spec => ql/test}/leaf_node_location/leaf_node_location.rb (100%) create mode 100644 ql/test/qlpack.yml create mode 100644 ql/test/script_with_require/example.expected rename {spec => ql/test}/script_with_require/example.ql (100%) rename {spec => ql/test}/script_with_require/required_file.rb (100%) rename {spec => ql/test}/script_with_require/script_with_require.rb (100%) delete mode 100644 spec/base_unsafe_script/qlpack.yml delete mode 100644 spec/leaf_node_location/qlpack.yml delete mode 100644 spec/script_with_require/qlpack.yml diff --git a/.codeqlmanifest.json b/.codeqlmanifest.json index 7a76f3a..6e70fe8 100644 --- a/.codeqlmanifest.json +++ b/.codeqlmanifest.json @@ -1,6 +1,7 @@ { "provide": [ "ql/src/qlpack.yml", + "ql/test/qlpack.yml", "extractor/codeql-extractor.yml" ], "ignore": [ diff --git a/extractor/codeql-extractor.yml b/extractor/codeql-extractor.yml index a52bba6..1d3ab21 100644 --- a/extractor/codeql-extractor.yml +++ b/extractor/codeql-extractor.yml @@ -8,4 +8,4 @@ file_types: display_name: Ruby extensions: - .rb -legacy_qltest_extraction: false +legacy_qltest_extraction: true diff --git a/ql/test/base_unsafe_script/example.expected b/ql/test/base_unsafe_script/example.expected new file mode 100644 index 0000000..9fb3375 --- /dev/null +++ b/ql/test/base_unsafe_script/example.expected @@ -0,0 +1,3 @@ +| 1 | This is a leaf node. | +| ARGV | This is a leaf node. | +| eval | This is a leaf node. | diff --git a/spec/base_unsafe_script/example.ql b/ql/test/base_unsafe_script/example.ql similarity index 100% rename from spec/base_unsafe_script/example.ql rename to ql/test/base_unsafe_script/example.ql diff --git a/spec/base_unsafe_script/unsafe_command.rb b/ql/test/base_unsafe_script/unsafe_command.rb similarity index 100% rename from spec/base_unsafe_script/unsafe_command.rb rename to ql/test/base_unsafe_script/unsafe_command.rb diff --git a/ql/test/leaf_node_location/example.expected b/ql/test/leaf_node_location/example.expected new file mode 100644 index 0000000..e871bb8 --- /dev/null +++ b/ql/test/leaf_node_location/example.expected @@ -0,0 +1,4 @@ +| leaf_node_location.rb:1:0:1:4 | LeafNode | puts | leaf_node_location.rb:1 | +| leaf_node_location.rb:1:0:1:4 | LeafNode | puts | leaf_node_location.rb:1 | +| leaf_node_location.rb:1:6:1:40 | LeafNode | this file contains some leaf nodes | leaf_node_location.rb:1 | +| leaf_node_location.rb:1:6:1:40 | LeafNode | this file contains some leaf nodes | leaf_node_location.rb:1 | diff --git a/spec/leaf_node_location/example.ql b/ql/test/leaf_node_location/example.ql similarity index 100% rename from spec/leaf_node_location/example.ql rename to ql/test/leaf_node_location/example.ql diff --git a/spec/leaf_node_location/leaf_node_location.rb b/ql/test/leaf_node_location/leaf_node_location.rb similarity index 100% rename from spec/leaf_node_location/leaf_node_location.rb rename to ql/test/leaf_node_location/leaf_node_location.rb diff --git a/ql/test/qlpack.yml b/ql/test/qlpack.yml new file mode 100644 index 0000000..b47ea53 --- /dev/null +++ b/ql/test/qlpack.yml @@ -0,0 +1,5 @@ +name: codeql-ruby-tests +version: 0.0.0 +libraryPathDependencies: + - codeql-ruby +extractor: ruby diff --git a/ql/test/script_with_require/example.expected b/ql/test/script_with_require/example.expected new file mode 100644 index 0000000..ae60544 --- /dev/null +++ b/ql/test/script_with_require/example.expected @@ -0,0 +1,14 @@ +| . | This is a leaf node. | +| ./required_file | This is a leaf node. | +| @fullpath | This is a leaf node. | +| File | This is a leaf node. | +| RequiredFile | This is a leaf node. | +| __FILE__ | This is a leaf node. | +| attr_reader | This is a leaf node. | +| expand_path | This is a leaf node. | +| fullpath | This is a leaf node. | +| initialize | This is a leaf node. | +| new | This is a leaf node. | +| puts | This is a leaf node. | +| require_relative | This is a leaf node. | +| rf | This is a leaf node. | diff --git a/spec/script_with_require/example.ql b/ql/test/script_with_require/example.ql similarity index 100% rename from spec/script_with_require/example.ql rename to ql/test/script_with_require/example.ql diff --git a/spec/script_with_require/required_file.rb b/ql/test/script_with_require/required_file.rb similarity index 100% rename from spec/script_with_require/required_file.rb rename to ql/test/script_with_require/required_file.rb diff --git a/spec/script_with_require/script_with_require.rb b/ql/test/script_with_require/script_with_require.rb similarity index 100% rename from spec/script_with_require/script_with_require.rb rename to ql/test/script_with_require/script_with_require.rb diff --git a/spec/base_unsafe_script/qlpack.yml b/spec/base_unsafe_script/qlpack.yml deleted file mode 100644 index f918ed8..0000000 --- a/spec/base_unsafe_script/qlpack.yml +++ /dev/null @@ -1,3 +0,0 @@ -name: base-unsafe-script-ruby-queries -version: 0.0.0 -libraryPathDependencies: codeql-ruby diff --git a/spec/codeql_ruby_spec.rb b/spec/codeql_ruby_spec.rb index 4333f25..121241c 100644 --- a/spec/codeql_ruby_spec.rb +++ b/spec/codeql_ruby_spec.rb @@ -5,32 +5,11 @@ expect(CodeqlRuby::VERSION).not_to be nil end - it "extracts a db, runs a query, and generates JSON results" do - results = CodeqlRunner.results_for_db('base_unsafe_script') - tuples = results.dig('#select', 'tuples') - - expect(tuples).to include(['eval', 'This is a leaf node.']) - end - - it "extracts a directory as a db and queries it" do - results = CodeqlRunner.results_for_db('script_with_require') - tuples = results.dig('#select', 'tuples') - - expect(tuples).to include(['RequiredFile', 'This is a leaf node.']) - end - it "extracts a file to relevant trap structures" do - filepath = File.expand_path(File.join(File.dirname(__FILE__), 'script_with_require', 'script_with_require.rb')) + filepath = File.expand_path(File.join(File.dirname(__FILE__), '..', 'ql', 'test', 'script_with_require', 'script_with_require.rb')) ef = CodeqlRuby::ExtractorFile.new(filepath) results = ef.to_trap expect(results).to be_a(String) end - - it "extracts Location info from LeafNodes" do - results = CodeqlRunner.results_for_db('leaf_node_location') - tuples = results.dig('#select', 'tuples') - - expect(tuples).to include([{'label'=>'LeafNode'}, 'puts', 'leaf_node_location.rb:1']) - end end diff --git a/spec/leaf_node_location/qlpack.yml b/spec/leaf_node_location/qlpack.yml deleted file mode 100644 index d18b613..0000000 --- a/spec/leaf_node_location/qlpack.yml +++ /dev/null @@ -1,3 +0,0 @@ -name: leaf-node-location-ruby-queries -version: 0.0.0 -libraryPathDependencies: codeql-ruby diff --git a/spec/script_with_require/qlpack.yml b/spec/script_with_require/qlpack.yml deleted file mode 100644 index a40d8a2..0000000 --- a/spec/script_with_require/qlpack.yml +++ /dev/null @@ -1,3 +0,0 @@ -name: ruby-script-with-require -version: 0.0.0 -libraryPathDependencies: codeql-ruby From b9ffb7c052773dc4d97ac1e4cee6d1415cb4aecd Mon Sep 17 00:00:00 2001 From: agius Date: Sun, 6 Sep 2020 15:55:32 -0400 Subject: [PATCH 09/14] print ls debugging --- .github/workflows/continuous-integration.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml index 1c521b4..e6c8abc 100644 --- a/.github/workflows/continuous-integration.yml +++ b/.github/workflows/continuous-integration.yml @@ -89,6 +89,14 @@ jobs: - name: Run CodeQL Tests run: | + ls -lha /home + ls -lha /home/runner + ls -lha /home/runner/work + ls -lha /home/runner/work/codeql_ruby + ls -lha /home/runner/work/codeql_ruby/codeql_ruby/ + ls -lha /home/runner/work/codeql_ruby/codeql_ruby/codeql/ + ls -lha /home/runner/work/codeql_ruby/codeql_ruby/codeql/ruby/ + ls -lha /home/runner/work/codeql_ruby/codeql_ruby/codeql/ruby/tools/ $GITHUB_WORKSPACE/codeql/codeql test run -vvvvv codeql-ruby/ql/test # - name: Setup tmate session From 9d201c8d417659f1a3e75f86d21a155881c0a23c Mon Sep 17 00:00:00 2001 From: agius Date: Sun, 6 Sep 2020 16:00:31 -0400 Subject: [PATCH 10/14] Fix test extractor runner maybe --- extractor/tools/index.sh | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/extractor/tools/index.sh b/extractor/tools/index.sh index 76f8f66..d0ecab2 100755 --- a/extractor/tools/index.sh +++ b/extractor/tools/index.sh @@ -12,14 +12,4 @@ set -eu -echo "running index.sh" -echo "CODEQL_PLATFORM: $CODEQL_PLATFORM" -echo "CODEQL_EXTRACTOR_RUBY_ROOT: $CODEQL_EXTRACTOR_RUBY_ROOT" -ls -lha "$CODEQL_EXTRACTOR_RUBY_ROOT/tools/$CODEQL_PLATFORM/" - -if [ "$CODEQL_PLATFORM" != "linux64" ] && [ "$CODEQL_PLATFORM" != "osx64" ] ; then - echo "Automatic build detection for $CODEQL_PLATFORM is not implemented." - exit 1 -fi - -"$CODEQL_EXTRACTOR_RUBY_ROOT/tools/$CODEQL_PLATFORM/ruby-autobuilder" +codeql_ruby $@ From 9f227136d9b5273ff0a9eeb0bd823098c878e407 Mon Sep 17 00:00:00 2001 From: agius Date: Sun, 6 Sep 2020 16:05:59 -0400 Subject: [PATCH 11/14] is it even running index.sh? --- extractor/tools/index.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/extractor/tools/index.sh b/extractor/tools/index.sh index d0ecab2..522b686 100755 --- a/extractor/tools/index.sh +++ b/extractor/tools/index.sh @@ -1,5 +1,7 @@ #!/bin/sh +exit 187 + #################################################################################### # # Required for running `codeql test run my/test/dir` @@ -10,6 +12,8 @@ # #################################################################################### + + set -eu codeql_ruby $@ From 9357ebc4d32ff856c33b1f2587a8950d91837fb5 Mon Sep 17 00:00:00 2001 From: agius Date: Sun, 6 Sep 2020 16:09:10 -0400 Subject: [PATCH 12/14] it is running the script - just cannot find codeql? --- .github/workflows/continuous-integration.yml | 9 +-------- extractor/tools/index.sh | 2 -- 2 files changed, 1 insertion(+), 10 deletions(-) diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml index e6c8abc..53b4394 100644 --- a/.github/workflows/continuous-integration.yml +++ b/.github/workflows/continuous-integration.yml @@ -89,14 +89,7 @@ jobs: - name: Run CodeQL Tests run: | - ls -lha /home - ls -lha /home/runner - ls -lha /home/runner/work - ls -lha /home/runner/work/codeql_ruby - ls -lha /home/runner/work/codeql_ruby/codeql_ruby/ - ls -lha /home/runner/work/codeql_ruby/codeql_ruby/codeql/ - ls -lha /home/runner/work/codeql_ruby/codeql_ruby/codeql/ruby/ - ls -lha /home/runner/work/codeql_ruby/codeql_ruby/codeql/ruby/tools/ + bundle exec rake install $GITHUB_WORKSPACE/codeql/codeql test run -vvvvv codeql-ruby/ql/test # - name: Setup tmate session diff --git a/extractor/tools/index.sh b/extractor/tools/index.sh index 522b686..6d0f3a2 100755 --- a/extractor/tools/index.sh +++ b/extractor/tools/index.sh @@ -1,7 +1,5 @@ #!/bin/sh -exit 187 - #################################################################################### # # Required for running `codeql test run my/test/dir` From e1fff1cfa15f179c36c06d3bf5166fd6f44f38ca Mon Sep 17 00:00:00 2001 From: agius Date: Sun, 6 Sep 2020 16:11:54 -0400 Subject: [PATCH 13/14] okay one moar thing --- .github/workflows/continuous-integration.yml | 3 ++- extractor/tools/index.sh | 2 -- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml index 53b4394..7835965 100644 --- a/.github/workflows/continuous-integration.yml +++ b/.github/workflows/continuous-integration.yml @@ -88,9 +88,10 @@ jobs: bundle exec rake spec:ci - name: Run CodeQL Tests + working-directory: ./codeql-ruby run: | bundle exec rake install - $GITHUB_WORKSPACE/codeql/codeql test run -vvvvv codeql-ruby/ql/test + $GITHUB_WORKSPACE/codeql/codeql test run -vvvvv ql/test # - name: Setup tmate session # uses: mxschmitt/action-tmate@v2 diff --git a/extractor/tools/index.sh b/extractor/tools/index.sh index 6d0f3a2..d0ecab2 100755 --- a/extractor/tools/index.sh +++ b/extractor/tools/index.sh @@ -10,8 +10,6 @@ # #################################################################################### - - set -eu codeql_ruby $@ From 3d454ceb61cdc35c5cca5468e3e7f5aa7df54eb8 Mon Sep 17 00:00:00 2001 From: agius Date: Sun, 13 Sep 2020 13:49:08 -0400 Subject: [PATCH 14/14] Gitignore .testproj/ databases --- .gitignore | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.gitignore b/.gitignore index ca14ba2..dca2a60 100644 --- a/.gitignore +++ b/.gitignore @@ -11,6 +11,9 @@ # rspec failure tracking .rspec_status +# CodeQL test runner databases +*.testproj + .cache/ TODOS.md