-
-
Notifications
You must be signed in to change notification settings - Fork 764
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update codeql.yml to exclude YAML front-matter and Liquid code #6548
Comments
This comment has been minimized.
This comment has been minimized.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
Progress update: Below are the solutions that I've tried and the errors that kept flagging. I would have to say that I did not find a solution and would be moving this issue back to the Solution # 1: Option 1 under the possible solutions that is slightly modified.
Solution # 2: Using predicates.
Error 1: When the first solution was implemented, this error keeps popping up. When the second solution was implemented this error didn't pop up. Error 2: For both solutions, the alerts are persistent. |
@ExperimentsInHonesty @t-will-gillis Here is a summary of our options:
|
This comment has been minimized.
This comment has been minimized.
I look forward to tackling this issue! It seems to be a challenge but also presents a good learning opportunity. This week 8/26 I have time Mon - Thurs and then will be away labor day weekend and back the following week. My eta on this is not known at this point. I plan on reviewing the previous work on this/looking at comments.. after that I may have a better estimate. |
Hey @duojet2ez We talked about this issue in our Monday meeting... If you look at @roslynwythe 's note above, we would like to focus most of your efforts on the last one:
|
gotcha! |
This comment has been minimized.
This comment has been minimized.
|
I'll be at the meeting tomorrow to discuss this issue. I would like to edit the codeql-scan-job.yml file and test but not entirely sure how to do this |
Progress: This week I was able to successfully reproduce the issue with my fork by starting a codeql scan. I have something to test against. I am considering modifying the codeql.yml file or codeql-scan-job.yml and then running a test again to see if that solves the issue. I also started watching a docker youtube tutorial Blockers: I don't know enough about containers, specifically docker. To remedy this I am going through a docker youtube tutorial. I am hoping at the end of this I'll have some answers. Availability: roughly 5 hours a week Eta: no idea there's a lot to learn |
This comment has been minimized.
This comment has been minimized.
Please add update using the below template (even if you have a pull request). Afterwards, remove the '2 weeks inactive' label and add the 'Status: Updated' label.
If you need help, be sure to either: 1) place your issue in the You are receiving this comment because your last comment was before Tuesday, October 8, 2024 at 12:05 AM PST. |
Progress: Not making a lot of progress with this. Didn't have much time this week to do anything! Blockers: I don't know enough about containers, specifically docker. To remedy this I am going through a docker youtube tutorial. I am hoping at the end of this I'll have some answers. Availability: roughly 5 hours a week Eta: no idea there's a lot to learn |
Overview
Many of our Javascript and HTML code files cannot be scanned by CodeQL as-is because they contain non-JS Liquid code
{% ... %}
or YAML front matter--- ... ---
, which cause syntax errors. We need to try and resolve these errors without removing all non-JS code.Details
The error message "Could not process some files due to syntax errors" indicates that these "syntax errors" may prevent CodeQL from scanning the files below (see issue #5234 for details).
hamburger-nav.js
: YAML front-matter with a titletoolkit.js
: 1 line of Liquid, empty YAML front-matterwins.js
: 2 lines (Liquid), empty YAML front-matterproject.js
: 2 lines (Liquid), empty YAML front-matterabout.js
: for loop (Liquid), empty YAML front-mattercurrent-project.js
: 2 lines + for loop (Liquid), empty YAML front-matterScreenshot: CodeQL error message
Simply deleting the Liquid lines would break the site (and CodeQL raised those errors accordingly in testing), so an alternative, holistic solution is required.
Action Items
Testing
.codeql-scan-job.yml
workflow.Resources/Instructions
Possible Solutions
Here are two possible solutions (in order of preference) to this problem. Please use your best judgment, these are only recommendations.
Option 1
This approach is preferred because it is
Define a new CodeQL query file that excludes Liquid and YAML patterns within JavaScript files.
Create a file named exclude-patterns.ql
Then modify codeql-scan-job.yml file to use the new query file for analysis. Update the queries section in the Initialize CodeQL step to include the new query file:
Option 2
Exclude liquid code and YAML front matter patterns from the CodeQL analysis within `codeql-scan-job.yml`
The text was updated successfully, but these errors were encountered: