v0.5.0

- Fix uploading issues
- Fix CodeQL version && install

Author: GeekMasher

bin/codeql-upload

@@ -1,29 +1,49 @@
 #!/bin/bash
 set -e
+
 source $EXTENSION_LOCATION/bin/codeql-utils
 
-FILES=$(find $CODEQL_RESULTS -type f -name "*.sarif")
+CODEQL_DATABASE_PATHS=$(cat $CODEQL_DATABASE_PATHS_FILE)
+
+
+if [ ! -z $CODEQL_DATABASE_PATHS ]; then
+    debug "Database paths found :: $CODEQL_DATABASE_PATHS"
+    # for each database path, find sarif file
+    FILES=""
+    for CODEQL_DATABASE_PATH in $CODEQL_DATABASE_PATHS; do
+        SARIF_FILE="$CODEQL_RESULTS/$(basename $CODEQL_DATABASE_PATH).sarif"
+        debug "Possible SARIF file :: $SARIF_FILE"
+        if [ -f $SARIF_FILE ]; then
+            FILES="$FILES $SARIF_FILE"
+        fi
+    done
+else
+    info "Uploading all SARIF files found in :: $CODEQL_RESULTS"
+    FILES=$(find $CODEQL_RESULTS -type f -name "*.sarif")
+fi
+
+info "GitHub Instance :: $GITHUB_INSTANCE"
 
 
 # Upload results for each SARIF results file found
 for SARIF_FILE in $FILES; do
-    echo "SARIF File uploading :: $SARIF_FILE"
-    debug "GitHub Instance :: $GITHUB_INSTANCE"
-    debug "GitHub Repository :: $GITHUB_REPOSITORY"
-    
     if [ ! -f $SARIF_FILE ]; then
-        echo "ERROR"
+        error "SARIF file not found :: $SARIF_FILE"
         exit 1
     fi
 
+    info "SARIF File uploading :: $SARIF_FILE"
+
+    debug "GitHub Instance :: $GITHUB_INSTANCE"
+    debug "GitHub Repository :: $GITHUB_REPOSITORY"
+
     gh codeql github upload-results \
         --sarif=$SARIF_FILE \
         --github-url=$GITHUB_INSTANCE \
         --repository=$GITHUB_REPOSITORY \
         --ref=$GIT_REF \
         --commit=$GIT_HASH
-done
-
-
 
+    debug "Finished uploading SARIF file :: $SARIF_FILE"
 
+done

bin/codeql-utils

@@ -2,6 +2,8 @@
 
 set -e
 
+export QL_LANGUAGES="cpp,csharp,go,java,javascript,python,ruby"
+
 # https://unix.stackexchange.com/questions/9957/how-to-check-if-bash-can-print-colors
 if test -t 1; then
     ncolors=$(tput colors)
@@ -69,11 +71,11 @@ info() {
 }
 debug() {
     if [ ! -z ${DEBUG+x} ]; then
-        echo "${blue}[#] DEBUG: $@${normal}"
+        echo "${blue}[#] DEBUG: $@ ${normal}"
     fi
 }
 warning() {
-    echo "${yellow}[!] WARNING: $@${normal}"
+    echo "${yellow}[!] WARNING: $@ ${normal}"
 }
 error() {
     echo "${red}[*] ERROR: $@${normal}"
@@ -82,25 +84,23 @@ error() {
 
 # CodeQL methods
 
+codeql-version() {
+    # return the version of CodeQL installed
+    CODEQL_VERSION=$($CODEQL_BINARY version --format=terse 2>/dev/null)
+    echo "$CODEQL_VERSION"
+}
+
 codeql-install() {
     # https://github.com/GeekMasher/.dotfiles/blob/d08a1525c624e88b4d686cf70da349616d2b8aa4/codeql/.local/codeql-update
     info "Installing CodeQL via gh-cli..."
+
     gh extensions install github/gh-codeql
     gh codeql set-version latest
 
     # install new packs for each language
-    LANGS="cpp,csharp,go,java,javascript,python,ruby"
-    for lang in $(echo $LANGS | sed "s/,/ /g"); do
+    for lang in $(echo $QL_LANGUAGES | sed "s/,/ /g"); do
         gh codeql pack download "codeql/$lang-queries"
     done
-    info "CodeQL installed!"
-}
-
-find-codeql() {
-    # returns the command / location to run CodeQL from 
-    echo "TODO"
-}
 
-get-languages() {
-    echo "TODO"
+    info "CodeQL installed!"
 }

gh-codeql-scan

@@ -5,7 +5,7 @@ export EXTENSION_LOCATION="$(CDPATH= cd -- "$(dirname -- "$0")" && pwd)"
 source $EXTENSION_LOCATION/bin/codeql-utils
 
 # >> CodeQL Scan
-export CODEQL_SCAN_VERSION="0.4.2"
+export CODEQL_SCAN_VERSION="0.5.0"
 # enabled by default
 export CODEQL_SCAN_BANNER=1
 
@@ -116,19 +116,20 @@ done
 
 display-banner
 
-# Check if CodeQL is installed and have a version
-CODEQL_VERSION="$($CODEQL_BINARY version --format=terse || echo '')"
+debug "Checking CodeQL installation :: $CODEQL_BINARY"
+CODEQL_VERSION=$(codeql-version)
+debug "CodeQL Original version :: $CODEQL_VERSION"
 
 if [ "$CODEQL_VERSION" = "" ]; then
     warning "CodeQL is not installed, now installing automatically..."
 
     codeql-install
-
+    # re-export the gh cli codeql extension
     export CODEQL_BINARY="gh codeql"
-    export CODEQL_VERSION=$($CODEQL_BINARY version --format=terse)
+    export CODEQL_VERSION=$(codeql-version)
 fi
 
-debug "Using CodeQL binary :: $CODEQL_BINARY"
+
 info "Using CodeQL version :: $CODEQL_VERSION"
 
 # Output dirs
@@ -168,6 +169,8 @@ elif [ $MODE = "upload" ]; then
 
     $EXTENSION_LOCATION/bin/codeql-upload $@
 
+    info "Find Code Scanning results at: $GITHUB_INSTANCE/$GITHUB_REPOSITORY/security/code-scanning"
+
 elif [ $MODE = "scan" ]; then
     info "Running Scan mode..."
 
@@ -181,6 +184,8 @@ elif [ $MODE = "scan" ]; then
     if [ "$GITHUB_UPLOAD" = "1" ]; then
         info "Uploading results to GitHub..."
         $EXTENSION_LOCATION/bin/codeql-upload $@
+
+        info "Find Code Scanning results at: $GITHUB_INSTANCE/$GITHUB_REPOSITORY/security/code-scanning"
     else
         debug "Results are not uploaded to GitHub"
     fi