From ed9b5be5fcce36627ccb9c30eb4390e463c3f326 Mon Sep 17 00:00:00 2001 From: Shivasurya Date: Sun, 13 Oct 2024 21:05:01 -0400 Subject: [PATCH 01/17] =?UTF-8?q?=E2=9C=A8=20Add=20GitHub=20Action=20templ?= =?UTF-8?q?ate=20with=20action.yml?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Introduced a new GitHub Action template to streamline CI/CD workflows. - Created an `action.yml` file to define the action metadata and inputs. - This addition will help automate processes and improve project maintainability. 🔧 This enhancement sets the foundation for future automation tasks. --- Dockerfile | 12 ++++++++---- action.yml | 16 ++++++++++++++++ entrypoint.sh | 7 +++++++ 3 files changed, 31 insertions(+), 4 deletions(-) create mode 100644 action.yml create mode 100644 entrypoint.sh diff --git a/Dockerfile b/Dockerfile index b21ae02f..1e57a7f1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -22,10 +22,14 @@ FROM cgr.dev/chainguard/wolfi-base:latest WORKDIR /app -COPY --from=builder /app/pathfinder /usr/local/bin/pathfinder +COPY --from=builder /app/pathfinder /usr/bin/pathfinder -RUN chmod +x /usr/local/bin/pathfinder +COPY entrypoint.sh /usr/bin/entrypoint.sh -CMD ["pathfinder", "version"] +RUN chmod +x /usr/bin/pathfinder -LABEL maintainer="shiva@shivasurya.me" \ No newline at end of file +RUN chmod +x /usr/bin/entrypoint.sh + +LABEL maintainer="shiva@shivasurya.me" + +ENTRYPOINT ["/usr/bin/entrypoint.sh"] \ No newline at end of file diff --git a/action.yml b/action.yml new file mode 100644 index 00000000..9788d6cb --- /dev/null +++ b/action.yml @@ -0,0 +1,16 @@ +# action.yml +name: 'Code-Pathfinder OSS' +description: 'Code-Pathfinder open source alternative to CodeQL' +inputs: + command: + description: 'Command to run' + required: true + default: 'ci' +outputs: + result: + description: 'Query result' +runs: + using: 'docker' + image: 'Dockerfile' + args: + - ${{ inputs.command }} diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100644 index 00000000..faa35ce0 --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env sh + +if [ $# -eq 0 ]; then + /usr/bin/pathfinder version +else + /usr/bin/pathfinder "$@" +fi \ No newline at end of file From 1909b96f6990f49e7b7d78e943c98ef0cf524668 Mon Sep 17 00:00:00 2001 From: Shivasurya Date: Sun, 13 Oct 2024 21:25:48 -0400 Subject: [PATCH 02/17] added params for github actions --- action.yml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/action.yml b/action.yml index 9788d6cb..572cd0d6 100644 --- a/action.yml +++ b/action.yml @@ -6,6 +6,23 @@ inputs: description: 'Command to run' required: true default: 'ci' + project: + description: 'Project to scan' + required: true + rules-directory: + description: 'Rules directory' + required: false + rules-set: + description: 'Predefined rules eg: cpf/java' + required: false + output: + description: 'Output format eg: json' + required: false + default: 'json' + output-file: + description: 'Output file' + required: false + default: 'output.json' outputs: result: description: 'Query result' From 9c32ca269aef7a9fdd4a97390f9c73c397bf713f Mon Sep 17 00:00:00 2001 From: Shivasurya Date: Mon, 14 Oct 2024 12:06:09 -0400 Subject: [PATCH 03/17] updated readme and spelling --- README.md | 16 ++++++++++++++-- action.yml | 2 +- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 00c615be..2bffc7e4 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,25 @@ Code Pathfinder, the open-source alternative to GitHub CodeQL. Built for advance [![codecov](https://codecov.io/gh/shivasurya/code-pathfinder/graph/badge.svg?token=VYQLI49TF4)](https://codecov.io/gh/shivasurya/code-pathfinder) -## Documentation +## :tv: Demo + +```bash +docker run --rm -v "./src:/src" shivasurya/code-pathfinder:dev-0.0.28 pathfinder ci --project /src/code-pathfinder/test-src --ruleset cpf/java +``` + +## :book: Documentation - [Documentation](https://codepathfinder.dev/) - [Pathfinder Queries](https://github.com/shivasurya/code-pathfinder/tree/main/pathfinder-rules) -## Installation +## :floppy_disk: Installation + +### :whale: Using Docker + +```bash +$ docker pull shivasurya/code-pathfinder:dev +``` ### From npm diff --git a/action.yml b/action.yml index 572cd0d6..fb34cdd8 100644 --- a/action.yml +++ b/action.yml @@ -1,6 +1,6 @@ # action.yml name: 'Code-Pathfinder OSS' -description: 'Code-Pathfinder open source alternative to CodeQL' +description: 'Code-Pathfinder open-source alternative to CodeQL' inputs: command: description: 'Command to run' From c89abadc7c9fad999b532cb5e4cbec41f9139f8d Mon Sep 17 00:00:00 2001 From: Shivasurya Date: Mon, 14 Oct 2024 18:07:36 -0400 Subject: [PATCH 04/17] updated input args --- action.yml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/action.yml b/action.yml index fb34cdd8..c70ad892 100644 --- a/action.yml +++ b/action.yml @@ -7,7 +7,7 @@ inputs: required: true default: 'ci' project: - description: 'Project to scan' + description: 'Source code to scan' required: true rules-directory: description: 'Rules directory' @@ -23,11 +23,13 @@ inputs: description: 'Output file' required: false default: 'output.json' -outputs: - result: - description: 'Query result' runs: using: 'docker' image: 'Dockerfile' args: - ${{ inputs.command }} + - ${{ inputs.project }} + - ${{ inputs.rules-directory }} + - ${{ inputs.rules-set }} + - ${{ inputs.output }} + - ${{ inputs.output-file }} From d22f6cecaa21fb35b375b9abc66caab5c609285b Mon Sep 17 00:00:00 2001 From: Shivasurya Date: Mon, 14 Oct 2024 18:13:23 -0400 Subject: [PATCH 05/17] updated input args --- action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/action.yml b/action.yml index c70ad892..992911c0 100644 --- a/action.yml +++ b/action.yml @@ -12,7 +12,7 @@ inputs: rules-directory: description: 'Rules directory' required: false - rules-set: + ruleset: description: 'Predefined rules eg: cpf/java' required: false output: From cde12d03d7b376baadfec288cf79a4fe4fba9c70 Mon Sep 17 00:00:00 2001 From: Shivasurya Date: Mon, 14 Oct 2024 18:20:17 -0400 Subject: [PATCH 06/17] updated input args --- action.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/action.yml b/action.yml index 992911c0..58867fb5 100644 --- a/action.yml +++ b/action.yml @@ -28,8 +28,11 @@ runs: image: 'Dockerfile' args: - ${{ inputs.command }} + - --project - ${{ inputs.project }} - - ${{ inputs.rules-directory }} + - --ruleset - ${{ inputs.rules-set }} + - --output - ${{ inputs.output }} + - --output-file - ${{ inputs.output-file }} From f6faefda6326d1cb3585fbf2d4906d50c31821c4 Mon Sep 17 00:00:00 2001 From: Shivasurya Date: Mon, 14 Oct 2024 18:22:27 -0400 Subject: [PATCH 07/17] updated input args --- action.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/action.yml b/action.yml index 58867fb5..4a84e024 100644 --- a/action.yml +++ b/action.yml @@ -9,6 +9,7 @@ inputs: project: description: 'Source code to scan' required: true + default: ${{ github.workspace }} rules-directory: description: 'Rules directory' required: false @@ -31,7 +32,7 @@ runs: - --project - ${{ inputs.project }} - --ruleset - - ${{ inputs.rules-set }} + - ${{ inputs.ruleset }} - --output - ${{ inputs.output }} - --output-file From d7d67409e5b90f202e4a43de634ff2f0cb35e33f Mon Sep 17 00:00:00 2001 From: Shivasurya Date: Mon, 14 Oct 2024 18:25:56 -0400 Subject: [PATCH 08/17] try pre-built image --- action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/action.yml b/action.yml index 4a84e024..3fb8fd0d 100644 --- a/action.yml +++ b/action.yml @@ -26,7 +26,7 @@ inputs: default: 'output.json' runs: using: 'docker' - image: 'Dockerfile' + image: 'shivasurya/code-pathfinder:dev-0.0.28' args: - ${{ inputs.command }} - --project From 7b1a845ef09644bd0990dfbf541a5bbb86a77e88 Mon Sep 17 00:00:00 2001 From: Shivasurya Date: Mon, 14 Oct 2024 18:27:12 -0400 Subject: [PATCH 09/17] try pre-built image --- action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/action.yml b/action.yml index 3fb8fd0d..e0a68823 100644 --- a/action.yml +++ b/action.yml @@ -26,7 +26,7 @@ inputs: default: 'output.json' runs: using: 'docker' - image: 'shivasurya/code-pathfinder:dev-0.0.28' + image: 'docker://shivasurya/code-pathfinder:dev-0.0.28' args: - ${{ inputs.command }} - --project From 57c50687ebbd37d7e3c04c6302a8740df1e4852b Mon Sep 17 00:00:00 2001 From: Shivasurya Date: Mon, 14 Oct 2024 20:38:55 -0400 Subject: [PATCH 10/17] try pre-built image --- action.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/action.yml b/action.yml index e0a68823..28b1e797 100644 --- a/action.yml +++ b/action.yml @@ -28,6 +28,7 @@ runs: using: 'docker' image: 'docker://shivasurya/code-pathfinder:dev-0.0.28' args: + - pathfinder - ${{ inputs.command }} - --project - ${{ inputs.project }} From 1fba8f90aa7df66cedabbbbff3ddcdacc8a1dda7 Mon Sep 17 00:00:00 2001 From: Shivasurya Date: Mon, 14 Oct 2024 21:11:26 -0400 Subject: [PATCH 11/17] simplified ruleset param --- action.yml | 5 +---- sourcecode-parser/cmd/ci.go | 32 ++++++++------------------------ sourcecode-parser/cmd/ci_test.go | 2 +- 3 files changed, 10 insertions(+), 29 deletions(-) diff --git a/action.yml b/action.yml index 28b1e797..e22baf40 100644 --- a/action.yml +++ b/action.yml @@ -10,11 +10,8 @@ inputs: description: 'Source code to scan' required: true default: ${{ github.workspace }} - rules-directory: - description: 'Rules directory' - required: false ruleset: - description: 'Predefined rules eg: cpf/java' + description: 'Predefined rules eg: cpf/java or rules directory' required: false output: description: 'Output format eg: json' diff --git a/sourcecode-parser/cmd/ci.go b/sourcecode-parser/cmd/ci.go index aee9389b..12e57669 100644 --- a/sourcecode-parser/cmd/ci.go +++ b/sourcecode-parser/cmd/ci.go @@ -17,7 +17,6 @@ var ciCmd = &cobra.Command{ Short: "Scan a project for vulnerabilities with ruleset in ci mode", Run: func(cmd *cobra.Command, _ []string) { rulesetConfig := cmd.Flag("ruleset").Value.String() - rulesetDirectory := cmd.Flag("rules-directory").Value.String() projectInput := cmd.Flag("project").Value.String() output := cmd.Flag("output").Value.String() outputFile := cmd.Flag("output-file").Value.String() @@ -31,8 +30,8 @@ var ciCmd = &cobra.Command{ fmt.Println("Executing in CI mode") } - if rulesetConfig == "" && rulesetDirectory == "" { - fmt.Println("Ruleset or rules directory not specified") + if rulesetConfig == "" { + fmt.Println("ruleset are not specified. Please specify a ruleset eg: cpf/java or directory path") os.Exit(1) } @@ -41,26 +40,12 @@ var ciCmd = &cobra.Command{ os.Exit(1) } - if rulesetConfig != "" { - if !strings.HasPrefix(rulesetConfig, "cpf/") { - fmt.Println("Ruleset not specified") - os.Exit(1) - } - ruleset, err = loadRules(rulesetConfig, true) - if err != nil { - if verboseFlag { - fmt.Printf("%s - error loading rules or ruleset not found: \nStacktrace: \n%s \n", rulesetConfig, err) - } - os.Exit(1) - } - } else if rulesetDirectory != "" { - ruleset, err = loadRules(rulesetDirectory, false) - if err != nil { - if verboseFlag { - fmt.Printf("%s - error loading rules or ruleset not found: \nStacktrace: \n%s \n", rulesetDirectory, err) - } - os.Exit(1) + ruleset, err = loadRules(rulesetConfig, strings.HasPrefix(rulesetConfig, "cpf/")) + if err != nil { + if verboseFlag { + fmt.Printf("%s - error loading rules or ruleset not found: \nStacktrace: \n%s \n", rulesetConfig, err) } + os.Exit(1) } codeGraph := initializeProject(projectInput) for _, rule := range ruleset { @@ -115,8 +100,7 @@ func init() { ciCmd.Flags().StringP("output", "o", "", "Supported output format: json") ciCmd.Flags().StringP("output-file", "f", "", "Output file path") ciCmd.Flags().StringP("project", "p", "", "Project to analyze") - ciCmd.Flags().StringP("ruleset", "q", "", "Ruleset to use example: cfp/java") - ciCmd.Flags().StringP("rules-directory", "r", "", "Rules directory to use") + ciCmd.Flags().StringP("ruleset", "r", "", "Ruleset to use example: cfp/java or directory path") } func loadRules(rulesDirectory string, isHosted bool) ([]string, error) { diff --git a/sourcecode-parser/cmd/ci_test.go b/sourcecode-parser/cmd/ci_test.go index 785039e9..1ade3f46 100644 --- a/sourcecode-parser/cmd/ci_test.go +++ b/sourcecode-parser/cmd/ci_test.go @@ -20,7 +20,7 @@ func TestCiCmd(t *testing.T) { { name: "Basic CI command", args: []string{"ci", "--help"}, - expectedOutput: "Scan a project for vulnerabilities with ruleset in ci mode\n\nUsage:\n pathfinder ci [flags]\n\nFlags:\n -h, --help help for ci\n -o, --output string Supported output format: json\n -f, --output-file string Output file path\n -p, --project string Project to analyze\n -r, --rules-directory string Rules directory to use\n -q, --ruleset string Ruleset to use example: cfp/java\n", + expectedOutput: "Scan a project for vulnerabilities with ruleset in ci mode\n\nUsage:\n pathfinder ci [flags]\n\nFlags:\n -h, --help help for ci\n -o, --output string Supported output format: json\n -f, --output-file string Output file path\n -p, --project string Project to analyze\n -r, --ruleset string Ruleset to use example: cfp/java or directory path\n", }, } From b29bd094ebe116f2efff9999e716e609b0c43432 Mon Sep 17 00:00:00 2001 From: Shivasurya Date: Mon, 14 Oct 2024 23:00:39 -0400 Subject: [PATCH 12/17] added github output file support --- action.yml | 4 ++-- sourcecode-parser/cmd/ci.go | 5 +++++ sourcecode-parser/graph/util.go | 5 +++++ 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/action.yml b/action.yml index e22baf40..a60a61fa 100644 --- a/action.yml +++ b/action.yml @@ -3,11 +3,11 @@ name: 'Code-Pathfinder OSS' description: 'Code-Pathfinder open-source alternative to CodeQL' inputs: command: - description: 'Command to run' + description: 'Command to run example: ci, query' required: true default: 'ci' project: - description: 'Source code to scan' + description: 'Source code to scan. eg: /path/to/project' required: true default: ${{ github.workspace }} ruleset: diff --git a/sourcecode-parser/cmd/ci.go b/sourcecode-parser/cmd/ci.go index 12e57669..83855afc 100644 --- a/sourcecode-parser/cmd/ci.go +++ b/sourcecode-parser/cmd/ci.go @@ -3,6 +3,7 @@ package cmd import ( "encoding/json" "fmt" + "github.com/shivasurya/code-pathfinder/sourcecode-parser/graph" "io" "net/http" "os" @@ -70,6 +71,10 @@ var ciCmd = &cobra.Command{ // TODO: Add sarif file support if output == "json" { if outputFile != "" { + if graph.IsGitHubActions() { + // append GITHUB_WORKSPACE to output file path + outputFile = os.Getenv("GITHUB_WORKSPACE") + "/" + outputFile + } file, err := os.Create(outputFile) if err != nil { fmt.Println("Error creating output file: ", err) diff --git a/sourcecode-parser/graph/util.go b/sourcecode-parser/graph/util.go index 129c7c59..1cb41aaf 100644 --- a/sourcecode-parser/graph/util.go +++ b/sourcecode-parser/graph/util.go @@ -6,6 +6,7 @@ import ( "encoding/json" "fmt" "log" + "os" ) var verboseFlag bool @@ -63,3 +64,7 @@ func Fmt(format string, args ...interface{}) { fmt.Printf(format, args...) } } + +func IsGitHubActions() bool { + return os.Getenv("GITHUB_ACTIONS") == "true" +} From 7117b41852932cc2c8f22908b59a43f4216231b2 Mon Sep 17 00:00:00 2001 From: Shivasurya Date: Mon, 14 Oct 2024 23:01:19 -0400 Subject: [PATCH 13/17] added github output file support --- action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/action.yml b/action.yml index a60a61fa..1caf2346 100644 --- a/action.yml +++ b/action.yml @@ -18,7 +18,7 @@ inputs: required: false default: 'json' output-file: - description: 'Output file' + description: 'Output file name eg: output.json' required: false default: 'output.json' runs: From 1725922661b401a0de4fd7397856398fb478fae3 Mon Sep 17 00:00:00 2001 From: Shivasurya Date: Mon, 14 Oct 2024 23:02:17 -0400 Subject: [PATCH 14/17] :bug: lint issues --- sourcecode-parser/cmd/ci.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sourcecode-parser/cmd/ci.go b/sourcecode-parser/cmd/ci.go index 83855afc..5143f36a 100644 --- a/sourcecode-parser/cmd/ci.go +++ b/sourcecode-parser/cmd/ci.go @@ -3,13 +3,14 @@ package cmd import ( "encoding/json" "fmt" - "github.com/shivasurya/code-pathfinder/sourcecode-parser/graph" "io" "net/http" "os" "path/filepath" "strings" + "github.com/shivasurya/code-pathfinder/sourcecode-parser/graph" + "github.com/spf13/cobra" ) From a36aaf7233cfae5db6f6bfdf5667c3cd304ba2de Mon Sep 17 00:00:00 2001 From: Shivasurya Date: Mon, 14 Oct 2024 23:10:50 -0400 Subject: [PATCH 15/17] tagged docker image --- .github/workflows/docker-publish.yml | 4 ++-- action.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 8f05efd0..ee3fba8a 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -48,10 +48,10 @@ jobs: run: | if [[ "${{ github.ref }}" == refs/tags/* ]]; then VERSION=$(cat sourcecode-parser/VERSION) - echo "tag=${VERSION}" >> $GITHUB_OUTPUT + echo "tag=v${VERSION}, stable-latest" >> $GITHUB_OUTPUT elif [ "${{ github.event_name }}" == "push" ] && [ "${{ github.ref }}" == "refs/heads/main" ]; then VERSION=$(cat sourcecode-parser/VERSION) - echo "tag=dev-${VERSION}" >> $GITHUB_OUTPUT + echo "tag=dev-${VERSION}, nightly-latest" >> $GITHUB_OUTPUT else echo "tag=dev" >> $GITHUB_OUTPUT fi diff --git a/action.yml b/action.yml index 1caf2346..6680c1ca 100644 --- a/action.yml +++ b/action.yml @@ -23,7 +23,7 @@ inputs: default: 'output.json' runs: using: 'docker' - image: 'docker://shivasurya/code-pathfinder:dev-0.0.28' + image: 'docker://shivasurya/code-pathfinder:stable-latest' args: - pathfinder - ${{ inputs.command }} From e37339bcce59fb6069e263ee6212d508f1a0a59e Mon Sep 17 00:00:00 2001 From: Shivasurya Date: Mon, 14 Oct 2024 23:12:06 -0400 Subject: [PATCH 16/17] tagged docker image --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2bffc7e4..2fd167bd 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ Code Pathfinder, the open-source alternative to GitHub CodeQL. Built for advance ## :tv: Demo ```bash -docker run --rm -v "./src:/src" shivasurya/code-pathfinder:dev-0.0.28 pathfinder ci --project /src/code-pathfinder/test-src --ruleset cpf/java +docker run --rm -v "./src:/src" shivasurya/code-pathfinder:stable-latest pathfinder ci --project /src/code-pathfinder/test-src --ruleset cpf/java ``` ## :book: Documentation From 6817ff39386d5dc07e9a03c94331131044c48cfb Mon Sep 17 00:00:00 2001 From: Shivasurya Date: Mon, 14 Oct 2024 23:15:09 -0400 Subject: [PATCH 17/17] added branding and author details --- action.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/action.yml b/action.yml index 6680c1ca..810018a4 100644 --- a/action.yml +++ b/action.yml @@ -1,6 +1,10 @@ # action.yml name: 'Code-Pathfinder OSS' description: 'Code-Pathfinder open-source alternative to CodeQL' +author: 'Shivasurya shiva@shivasurya.me' +branding: + icon: "shield" + color: "blue" inputs: command: description: 'Command to run example: ci, query'