Skip to content

CDS extractor index-files.sh compile to stdout #171

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 15 commits into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 4 additions & 3 deletions .github/workflows/run-codeql-unit-tests-javascript.yml
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,8 @@ jobs:
run: |
if ! command -v cds &> /dev/null
then
npm install -g @sap/cds-dk
## Workaround for https://github.tools.sap/cap/issues/issues/17840
npm install -g @sap/[email protected]
fi

# Compile .cds files to .cds.json files.
Expand All @@ -97,8 +98,8 @@ jobs:
echo "I am compiling $cds_file"
cds compile $cds_file \
-2 json \
-o "$cds_file.json" \
--locations
--locations \
> "$cds_file.json" 2> "$cds_file.err"
done
popd
done
Expand Down
13 changes: 8 additions & 5 deletions extractors/cds/tools/index-files.sh
Original file line number Diff line number Diff line change
Expand Up @@ -36,12 +36,12 @@ then
# directory.
#
# We also ensure we skip node_modules, as we can end up in a recursive loop
find . -type d -name node_modules -prune -false -o -type f \( -iname 'package.json' \) -exec grep -ql '@sap/cds' {} \; -execdir bash -c "grep -q \"^\$(pwd)\(/\|$\)\" \"$response_file\"" \; -execdir bash -c "echo \"Installing @sap/cds-dk into \$(pwd) to enable CDS compilation.\"" \; -execdir npm install --silent @sap/cds-dk \; -execdir npm install --silent \;
find . -type d -name node_modules -prune -false -o -type f \( -iname 'package.json' \) -exec grep -ql '@sap/cds' {} \; -execdir bash -c "grep -q \"^\$(pwd)\(/\|$\)\" \"$response_file\"" \; -execdir bash -c "echo \"Installing @sap/cds-dk into \$(pwd) to enable CDS compilation.\"" \; -execdir npm install --silent @sap/cds-dk@8.6.1 \; -execdir npm install --silent \;

# Use the npx command to dynamically install the cds development kit (@sap/cds-dk) package if necessary,
# which then provides the cds command line tool in directories which are not covered by the package.json
# install command approach above
cds_command="npx -y --package @sap/cds-dk cds"
cds_command="npx -y --package @sap/cds-dk@8.6.1 cds"
else
cds_command="cds"
fi
Expand All @@ -51,8 +51,11 @@ echo "Processing CDS files to JSON"
# Run the cds compile command on each file in the response file, outputting the compiled JSON to a file with
# the same name
while IFS= read -r cds_file; do
echo "Processing CDS file $cds_file to:"
if ! $cds_command compile "$cds_file" -2 json -o "$cds_file.json" --locations 2> "$cds_file.err"; then
echo "Processing CDS file $cds_file to: $cds_file.json"
# Avoid using the `-o` (or `--dest`) option as it sends output to a new directory, where we want to
# output to a file in the same directory as the input file but with a .json extension.
if ! $cds_command compile "$cds_file" -2 json --locations > "$cds_file.json" 2> "$cds_file.err"
then
stderr_truncated=`grep "^\[ERROR\]" "$cds_file.err" | tail -n 4`
error_message=$'Could not compile the file '"$cds_file"$'.\nReported error(s):\n```\n'"$stderr_truncated"$'\n```'
echo "$error_message"
Expand Down Expand Up @@ -101,4 +104,4 @@ unset LGTM_INDEX_INCLUDE
echo "Extracting the cds.json files"

# Invoke the JavaScript autobuilder to index the .cds.json files only
"$CODEQL_EXTRACTOR_JAVASCRIPT_ROOT"/tools/autobuild.sh
"$CODEQL_EXTRACTOR_JAVASCRIPT_ROOT"/tools/autobuild.sh
4 changes: 2 additions & 2 deletions javascript/frameworks/cap/ext/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
---
library: true
name: advanced-security/javascript-sap-cap-models
version: 0.3.0
version: 0.4.0
extensionTargets:
codeql/javascript-all: "^2.0.0"
codeql/javascript-all: "^2.4.0"
22 changes: 12 additions & 10 deletions javascript/frameworks/cap/lib/codeql-pack.lock.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,23 +2,25 @@
lockVersion: 1.0.0
dependencies:
codeql/dataflow:
version: 1.1.2
codeql/javascript-all:
version: 2.0.0
codeql/javascript-all:
version: 2.4.0
codeql/mad:
version: 1.0.8
version: 1.0.16
codeql/regex:
version: 1.0.8
version: 1.0.16
codeql/ssa:
version: 1.0.8
version: 1.0.16
codeql/threat-models:
version: 1.0.16
codeql/tutorial:
version: 1.0.8
version: 1.0.16
codeql/typetracking:
version: 1.0.8
version: 2.0.0
codeql/util:
version: 1.0.8
version: 2.0.3
codeql/xml:
version: 1.0.8
version: 1.0.16
codeql/yaml:
version: 1.0.8
version: 1.0.16
compiled: false
6 changes: 3 additions & 3 deletions javascript/frameworks/cap/lib/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
---
library: true
name: advanced-security/javascript-sap-cap-all
version: 0.3.0
version: 0.4.0
suites: codeql-suites
extractor: javascript
dependencies:
codeql/javascript-all: "^2.0.0"
advanced-security/javascript-sap-cap-models: "^0.3.0"
codeql/javascript-all: "^2.4.0"
advanced-security/javascript-sap-cap-models: "^0.4.0"
22 changes: 12 additions & 10 deletions javascript/frameworks/cap/src/codeql-pack.lock.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,23 +2,25 @@
lockVersion: 1.0.0
dependencies:
codeql/dataflow:
version: 1.1.2
codeql/javascript-all:
version: 2.0.0
codeql/javascript-all:
version: 2.4.0
codeql/mad:
version: 1.0.8
version: 1.0.16
codeql/regex:
version: 1.0.8
version: 1.0.16
codeql/ssa:
version: 1.0.8
version: 1.0.16
codeql/threat-models:
version: 1.0.16
codeql/tutorial:
version: 1.0.8
version: 1.0.16
codeql/typetracking:
version: 1.0.8
version: 2.0.0
codeql/util:
version: 1.0.8
version: 2.0.3
codeql/xml:
version: 1.0.8
version: 1.0.16
codeql/yaml:
version: 1.0.8
version: 1.0.16
compiled: false
8 changes: 4 additions & 4 deletions javascript/frameworks/cap/src/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
---
library: false
name: advanced-security/javascript-sap-cap-queries
version: 0.3.0
version: 0.4.0
suites: codeql-suites
extractor: javascript
dependencies:
codeql/javascript-all: "^2.0.0"
advanced-security/javascript-sap-cap-models: "^0.3.0"
advanced-security/javascript-sap-cap-all: "^0.3.0"
codeql/javascript-all: "^2.4.0"
advanced-security/javascript-sap-cap-models: "^0.4.0"
advanced-security/javascript-sap-cap-all: "^0.4.0"
default-suite-file: codeql-suites/javascript-code-scanning.qls
22 changes: 12 additions & 10 deletions javascript/frameworks/cap/test/codeql-pack.lock.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,23 +2,25 @@
lockVersion: 1.0.0
dependencies:
codeql/dataflow:
version: 1.1.2
codeql/javascript-all:
version: 2.0.0
codeql/javascript-all:
version: 2.4.0
codeql/mad:
version: 1.0.8
version: 1.0.16
codeql/regex:
version: 1.0.8
version: 1.0.16
codeql/ssa:
version: 1.0.8
version: 1.0.16
codeql/threat-models:
version: 1.0.16
codeql/tutorial:
version: 1.0.8
version: 1.0.16
codeql/typetracking:
version: 1.0.8
version: 2.0.0
codeql/util:
version: 1.0.8
version: 2.0.3
codeql/xml:
version: 1.0.8
version: 1.0.16
codeql/yaml:
version: 1.0.8
version: 1.0.16
compiled: false
10 changes: 5 additions & 5 deletions javascript/frameworks/cap/test/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
---
name: advanced-security/javascript-sap-cap-queries-tests
version: 0.3.0
version: 0.4.0
extractor: javascript
dependencies:
codeql/javascript-all: "^2.0.0"
advanced-security/javascript-sap-cap-queries: "^0.3.0"
advanced-security/javascript-sap-cap-models: "^0.3.0"
advanced-security/javascript-sap-cap-all: "^0.3.0"
codeql/javascript-all: "^2.4.0"
advanced-security/javascript-sap-cap-queries: "^0.4.0"
advanced-security/javascript-sap-cap-models: "^0.4.0"
advanced-security/javascript-sap-cap-all: "^0.4.0"
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
WARNING: module 'PathGraph' has been deprecated and may be removed in future (CqlInjection.ql:14,8-27)
WARNING: type 'Configuration' has been deprecated and may be removed in future (CqlInjection.ql:19,33-61)
WARNING: type 'PathNode' has been deprecated and may be removed in future (CqlInjection.ql:46,29-47)
WARNING: type 'PathNode' has been deprecated and may be removed in future (CqlInjection.ql:46,56-74)
nodes
| cqlinjection.js:7:34:7:36 | req |
| cqlinjection.js:7:34:7:36 | req |
Expand Down
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
WARNING: module 'PathGraph' has been deprecated and may be removed in future (LogInjection.ql:14,8-27)
WARNING: type 'PathNode' has been deprecated and may be removed in future (LogInjection.ql:18,43-61)
WARNING: type 'PathNode' has been deprecated and may be removed in future (LogInjection.ql:18,70-88)
nodes
edges
#select
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
WARNING: module 'PathGraph' has been deprecated and may be removed in future (LogInjection.ql:14,8-27)
WARNING: type 'PathNode' has been deprecated and may be removed in future (LogInjection.ql:18,43-61)
WARNING: type 'PathNode' has been deprecated and may be removed in future (LogInjection.ql:18,70-88)
nodes
edges
#select
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
WARNING: module 'PathGraph' has been deprecated and may be removed in future (LogInjection.ql:14,8-27)
WARNING: type 'PathNode' has been deprecated and may be removed in future (LogInjection.ql:18,43-61)
WARNING: type 'PathNode' has been deprecated and may be removed in future (LogInjection.ql:18,70-88)
nodes
edges
#select
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
WARNING: module 'PathGraph' has been deprecated and may be removed in future (LogInjection.ql:14,8-27)
WARNING: type 'PathNode' has been deprecated and may be removed in future (LogInjection.ql:18,43-61)
WARNING: type 'PathNode' has been deprecated and may be removed in future (LogInjection.ql:18,70-88)
nodes
| srv/service2.js:6:29:6:31 | msg |
| srv/service2.js:6:29:6:31 | msg |
Expand Down
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
WARNING: module 'PathGraph' has been deprecated and may be removed in future (LogInjection.ql:14,8-27)
WARNING: type 'PathNode' has been deprecated and may be removed in future (LogInjection.ql:18,43-61)
WARNING: type 'PathNode' has been deprecated and may be removed in future (LogInjection.ql:18,70-88)
nodes
| srv/service1.js:6:33:6:35 | req |
| srv/service1.js:6:33:6:35 | req |
Expand Down
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
WARNING: module 'PathGraph' has been deprecated and may be removed in future (LogInjection.ql:14,8-27)
WARNING: type 'PathNode' has been deprecated and may be removed in future (LogInjection.ql:18,43-61)
WARNING: type 'PathNode' has been deprecated and may be removed in future (LogInjection.ql:18,70-88)
nodes
| srv/service1.js:6:33:6:35 | req |
| srv/service1.js:6:33:6:35 | req |
Expand Down
Original file line number Diff line number Diff line change
@@ -1,8 +1,12 @@
WARNING: module 'PathGraph' has been deprecated and may be removed in future (SensitiveExposure.ql:17,8-27)
WARNING: type 'Configuration' has been deprecated and may be removed in future (SensitiveExposure.ql:50,42-70)
WARNING: type 'PathNode' has been deprecated and may be removed in future (SensitiveExposure.ql:60,41-59)
WARNING: type 'PathNode' has been deprecated and may be removed in future (SensitiveExposure.ql:60,68-86)
nodes
| sensitive-exposure.js:9:32:9:42 | Sample.name |
| sensitive-exposure.js:9:32:9:42 | Sample.name |
| sensitive-exposure.js:9:32:9:42 | Sample.name |
edges
| sensitive-exposure.js:9:32:9:42 | Sample.name | sensitive-exposure.js:9:32:9:42 | Sample.name |
#select
| sensitive-exposure.js:9:32:9:42 | Sample.name | sensitive-exposure.js:9:32:9:42 | Sample.name | sensitive-exposure.js:9:32:9:42 | Sample.name | Log entry depends on the $@ field which is annotated as potentially sensitive. | sensitive-exposure.cds:4:5:4:8 | {\\n ... } | name |
| sensitive-exposure.js:9:32:9:42 | Sample.name | sensitive-exposure.js:9:32:9:42 | Sample.name | sensitive-exposure.js:9:32:9:42 | Sample.name | Log entry depends on the $@ field which is annotated as potentially sensitive. | sensitive-exposure.cds:4:5:4:8 | {\\n ... } | name |
4 changes: 2 additions & 2 deletions javascript/frameworks/ui5/ext/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
---
library: true
name: advanced-security/javascript-sap-ui5-models
version: 0.6.0
version: 0.7.0
extensionTargets:
codeql/javascript-all: "^2.0.0"
codeql/javascript-all: "^2.4.0"
dataExtensions:
- "*.model.yml"
Original file line number Diff line number Diff line change
Expand Up @@ -83,8 +83,8 @@ class ODataServiceModel extends UI5ExternalModel {
this instanceof NewNode and
(
exists(RequiredObject oDataModel |
oDataModel.flowsTo(this.getCalleeNode()) and
oDataModel.getDependencyType() = "sap/ui/model/odata/v2/ODataModel"
oDataModel.asSourceNode().flowsTo(this.getCalleeNode()) and
oDataModel.getDependency() = "sap/ui/model/odata/v2/ODataModel"
)
or
this.getCalleeName() = "ODataModel"
Expand Down
Loading
Loading