Testing CodeQL

videlais · Jan 24, 2024 · 622b88a · 622b88a
1 parent b95a0b8
commit 622b88a
Showing 1 changed file with 44 additions and 6 deletions.
diff --git a/.github/codeql-analysis.yml b/.github/codeql-analysis.yml
@@ -1,13 +1,51 @@
+name: "CodeQL"
+
 on:
   push:
-    branches: [develop]
+    branches: [ develop ]
     paths-ignore:
       - 'test/**'
-    paths:
-      - src
   pull_request:
-    branches: [develop]
+    branches: [ develop ]
     paths-ignore:
       - 'test/**'
-    paths:
-      - src
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'javascript' ]
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: ${{ matrix.language }}
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2
+      with:
+        upload: false # disable the upload here - we will upload in a different action
+        output: sarif-results
+
+    - name: filter-sarif
+      uses: advanced-security/filter-sarif@v1
+      with:
+        # filter out all test files unless they contain a sql-injection vulnerability
+        patterns:
+          -test/**/*
+          +test/**/*:js/sql-injection
+        input: sarif-results/${{ matrix.language }}.sarif
+        output: sarif-results/${{ matrix.language }}.sarif
+
+    - name: Upload SARIF
+      uses: github/codeql-action/upload-sarif@v2
+      with:
+        sarif_file: sarif-results/${{ matrix.language }}.sarif