From ada64cc66c26575a1018dbd7956a6b870ce6f08c Mon Sep 17 00:00:00 2001
From: Luisito Canlas <luisitocanlas@gmail.com>
Date: Thu, 13 Jun 2024 10:37:08 -0700
Subject: [PATCH 1/7] Added files per issue #6548 to update codeql

---
 .github/workflows/codeql-scan-job.yml |  3 ++-
 codeql-queries/exclude-patterns.ql    | 10 ++++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)
 create mode 100644 codeql-queries/exclude-patterns.ql

diff --git a/.github/workflows/codeql-scan-job.yml b/.github/workflows/codeql-scan-job.yml
index 1b5823692c..2bda09a055 100644
--- a/.github/workflows/codeql-scan-job.yml
+++ b/.github/workflows/codeql-scan-job.yml
@@ -45,13 +45,14 @@ jobs:
       uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
-        queries: security-and-quality
+        queries: codeql-queries/exclude-patterns.ql,security-and-quality
         # If you wish to specify custom queries, you can do so here or in a config file.
         # By default, queries listed here will override any specified in a config file.
         # Prefix the list here with "+" to use these queries and those in the config file.
 
         # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
         # queries: security-extended,security-and-quality
+        # added codeql-queries/exclude-patterns.ql for issue #6548
 
 
     # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
diff --git a/codeql-queries/exclude-patterns.ql b/codeql-queries/exclude-patterns.ql
new file mode 100644
index 0000000000..bf91c22def
--- /dev/null
+++ b/codeql-queries/exclude-patterns.ql
@@ -0,0 +1,10 @@
+// This file was created for issue  #6548
+// File: codeql-queries/exclude-patterns.ql
+
+import javascript
+
+from File file
+where (file.getExtension() = "js" or file.getExtension() = "html")
+  and not file.getCode().matches(".*\\{%.*%\\}.*") // Exclude Liquid code
+  and not file.getCode().matches(".*---.*")        // Exclude YAML front matter
+select file

From 907138e4e4ab0adb9676f2484272a477b243a7d4 Mon Sep 17 00:00:00 2001
From: Luisito Canlas <luisitocanlas@gmail.com>
Date: Thu, 13 Jun 2024 10:40:36 -0700
Subject: [PATCH 2/7] Updated path for exclude-patterns.ql

---
 .github/workflows/codeql-scan-job.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/codeql-scan-job.yml b/.github/workflows/codeql-scan-job.yml
index 2bda09a055..b751654247 100644
--- a/.github/workflows/codeql-scan-job.yml
+++ b/.github/workflows/codeql-scan-job.yml
@@ -45,7 +45,7 @@ jobs:
       uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
-        queries: codeql-queries/exclude-patterns.ql,security-and-quality
+        queries: ./codeql-queries/exclude-patterns.ql,security-and-quality
         # If you wish to specify custom queries, you can do so here or in a config file.
         # By default, queries listed here will override any specified in a config file.
         # Prefix the list here with "+" to use these queries and those in the config file.

From 044aa1ed0c35a23c7632eedaeb352915e9e8d843 Mon Sep 17 00:00:00 2001
From: Luisito Canlas <luisitocanlas@gmail.com>
Date: Fri, 28 Jun 2024 16:09:49 -0700
Subject: [PATCH 3/7] Updated exclude patterns

---
 codeql-queries/exclude-patterns.ql | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/codeql-queries/exclude-patterns.ql b/codeql-queries/exclude-patterns.ql
index bf91c22def..62af09e667 100644
--- a/codeql-queries/exclude-patterns.ql
+++ b/codeql-queries/exclude-patterns.ql
@@ -5,6 +5,6 @@ import javascript
 
 from File file
 where (file.getExtension() = "js" or file.getExtension() = "html")
-  and not file.getCode().matches(".*\\{%.*%\\}.*") // Exclude Liquid code
-  and not file.getCode().matches(".*---.*")        // Exclude YAML front matter
+  and not file.getCode().matches(".*\\{%-?\\s*[a-zA-Z]+.*%\\}.*") // Exclude Liquid code
+  and not file.getCode().matches("(?s).*---.*---.*") // Exclude YAML front matter
 select file

From a2e1e59b440f1251411c3916fe7f57a8b7a417a1 Mon Sep 17 00:00:00 2001
From: Luisito Canlas <luisitocanlas@gmail.com>
Date: Sat, 20 Jul 2024 11:06:59 -0700
Subject: [PATCH 4/7] Moved exclude-patterns.ql

---
 {codeql-queries => github-actions/code-ql}/exclude-patterns.ql | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename {codeql-queries => github-actions/code-ql}/exclude-patterns.ql (100%)

diff --git a/codeql-queries/exclude-patterns.ql b/github-actions/code-ql/exclude-patterns.ql
similarity index 100%
rename from codeql-queries/exclude-patterns.ql
rename to github-actions/code-ql/exclude-patterns.ql

From c7bc408fc5ced69256334776973a9cf30ba2bea2 Mon Sep 17 00:00:00 2001
From: Luisito Canlas <luisitocanlas@gmail.com>
Date: Sat, 20 Jul 2024 11:08:49 -0700
Subject: [PATCH 5/7] Updated path for exclude-patterns.ql

---
 .github/workflows/codeql-scan-job.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/codeql-scan-job.yml b/.github/workflows/codeql-scan-job.yml
index b751654247..a71782ea65 100644
--- a/.github/workflows/codeql-scan-job.yml
+++ b/.github/workflows/codeql-scan-job.yml
@@ -45,7 +45,7 @@ jobs:
       uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
-        queries: ./codeql-queries/exclude-patterns.ql,security-and-quality
+        queries: ./github-actions/code-ql/exclude-patterns.ql,security-and-quality
         # If you wish to specify custom queries, you can do so here or in a config file.
         # By default, queries listed here will override any specified in a config file.
         # Prefix the list here with "+" to use these queries and those in the config file.

From a9104d73231e2df18bd6dccbda81de62057a8d89 Mon Sep 17 00:00:00 2001
From: Luisito Canlas <luisitocanlas@gmail.com>
Date: Sat, 20 Jul 2024 11:13:19 -0700
Subject: [PATCH 6/7] Updated comment for exclude-patterns.ql

---
 .github/workflows/codeql-scan-job.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/codeql-scan-job.yml b/.github/workflows/codeql-scan-job.yml
index a71782ea65..55d7f90b41 100644
--- a/.github/workflows/codeql-scan-job.yml
+++ b/.github/workflows/codeql-scan-job.yml
@@ -52,7 +52,7 @@ jobs:
 
         # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
         # queries: security-extended,security-and-quality
-        # added codeql-queries/exclude-patterns.ql for issue #6548
+        # added ./github-actions/code-ql/exclude-patterns.ql for issue #6548
 
 
     # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).

From 2fda37856e17c9c2a1d5c95d01d83166e374b3c7 Mon Sep 17 00:00:00 2001
From: Luisito Canlas <luisitocanlas@gmail.com>
Date: Sat, 20 Jul 2024 11:15:19 -0700
Subject: [PATCH 7/7] Implementing predicates for excluding YAML and Liquid
 code

---
 github-actions/code-ql/exclude-patterns.ql | 61 +++++++++++++++++++---
 1 file changed, 54 insertions(+), 7 deletions(-)

diff --git a/github-actions/code-ql/exclude-patterns.ql b/github-actions/code-ql/exclude-patterns.ql
index 62af09e667..1e1e0f2958 100644
--- a/github-actions/code-ql/exclude-patterns.ql
+++ b/github-actions/code-ql/exclude-patterns.ql
@@ -1,10 +1,57 @@
 // This file was created for issue  #6548
-// File: codeql-queries/exclude-patterns.ql
+// File: ./github-actions/code-ql/exclude-patterns.ql
 
-import javascript
+// import javascript
 
-from File file
-where (file.getExtension() = "js" or file.getExtension() = "html")
-  and not file.getCode().matches(".*\\{%-?\\s*[a-zA-Z]+.*%\\}.*") // Exclude Liquid code
-  and not file.getCode().matches("(?s).*---.*---.*") // Exclude YAML front matter
-select file
+// from File file
+// where (file.getExtension() = "js" or file.getExtension() = "html")
+//   and not file.getCode().matches(".*\\{%-?\\s*[a-zA-Z]+.*%\\}.*") // Exclude Liquid code
+//   and not file.getCode().matches("(?s).*---.*---.*") // Exclude YAML front matter
+// select file
+
+
+/**
+ * @name Exclude YAML and Liquid Front Matter
+ * @description Excludes YAML front matter and Liquid template sections from the analysis
+ * @kind problem
+ * @problem.severity warning
+ */
+
+ import javascript
+
+ /** Predicate to identify YAML front matter lines */
+ predicate isYamlFrontMatterLine(File f, int line) {
+   exists (
+     int start, int end |
+     start = f.getLine(1).getLineNumber() and
+     (end = f.getLine(2).getLineNumber() or end = f.getLine(3).getLineNumber()) and
+     line >= start and
+     line <= end and
+     f.getLine(start).getText().matches("---") and
+     f.getLine(end).getText().matches("---")
+   )
+ }
+ 
+ /** Predicate to identify Liquid template sections */
+ predicate isLiquidTemplateLine(File f, int line) {
+   exists (
+     string content |
+     f.getLine(line).getText() = content and
+     (
+       content.matches("{%.*%}") or
+       content.matches("{{.*}}")
+     )
+   )
+ }
+ 
+ /** Class to represent code excluding YAML front matter and Liquid templates */
+ class CodeExcludingFrontMatter extends Expr {
+   CodeExcludingFrontMatter() {
+     this.getFile().getExtension() = "js" and
+     not isYamlFrontMatterLine(this.getFile(), this.getLocation().getStartLine()) and
+     not isLiquidTemplateLine(this.getFile(), this.getLocation().getStartLine())
+   }
+ }
+ 
+ from CodeExcludingFrontMatter c
+ select c, "Code excluding YAML front matter and Liquid templates"
\ No newline at end of file