From 801c0980ced6fa569f64fb7fb250c63f5201c35a Mon Sep 17 00:00:00 2001 From: Noelle Murata Date: Thu, 9 Oct 2025 18:08:34 -0700 Subject: [PATCH 01/12] Modifying codeql to use a config file --- .github/workflows/codeql.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 7ac6c2e1b..c338c4eaf 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -34,6 +34,7 @@ jobs: - name: Initialize CodeQL uses: github/codeql-action/init@v3 with: + config-file: ./.github/codeql/codeql-config.yml languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} # If you wish to specify custom queries, you can do so here or in a config file. From 7ddb0b78f26b34292e8e64900350ed995420bc60 Mon Sep 17 00:00:00 2001 From: Noelle Murata Date: Thu, 9 Oct 2025 20:08:32 -0700 Subject: [PATCH 02/12] Config file added and codeql YML modified --- .github/codeql/codeql-config.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 .github/codeql/codeql-config.yml diff --git a/.github/codeql/codeql-config.yml b/.github/codeql/codeql-config.yml new file mode 100644 index 000000000..163030d43 --- /dev/null +++ b/.github/codeql/codeql-config.yml @@ -0,0 +1,18 @@ +name: "CodeQL config for iterable-android-sdk" + +### by noelle.murata@iterable.com 10/10/25 + +packs: + - security-extended, security-and-quality +query-filters: + - exclude: + problem.severity: + - warning + - recommendation + +paths: + - src +paths-ignore: + - src/node_modules + - '**/*.test.js' + - '**/*.md'' From 9c157b4162abdee07078db20b0d6a4ee4579af7e Mon Sep 17 00:00:00 2001 From: Noelle Murata Date: Thu, 9 Oct 2025 20:12:31 -0700 Subject: [PATCH 03/12] typed a character and saved accidentally --- .github/codeql/codeql-config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/codeql/codeql-config.yml b/.github/codeql/codeql-config.yml index 163030d43..110a91900 100644 --- a/.github/codeql/codeql-config.yml +++ b/.github/codeql/codeql-config.yml @@ -15,4 +15,4 @@ paths: paths-ignore: - src/node_modules - '**/*.test.js' - - '**/*.md'' + - '**/*.md' From d757518852248e57e9b7289185277c16a5cad792 Mon Sep 17 00:00:00 2001 From: Noelle Murata Date: Thu, 9 Oct 2025 20:14:57 -0700 Subject: [PATCH 04/12] query packs defined --- .github/codeql/codeql-config.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/codeql/codeql-config.yml b/.github/codeql/codeql-config.yml index 110a91900..a6b012b49 100644 --- a/.github/codeql/codeql-config.yml +++ b/.github/codeql/codeql-config.yml @@ -2,13 +2,13 @@ name: "CodeQL config for iterable-android-sdk" ### by noelle.murata@iterable.com 10/10/25 -packs: - - security-extended, security-and-quality -query-filters: - - exclude: - problem.severity: - - warning - - recommendation +#packs: +# - security-extended, security-and-quality +#query-filters: +# - exclude: +# problem.severity: +# - warning +# - recommendation paths: - src From b0c73d5b5f9d690fe3c06c9b9a2dfbb3cbdb4134 Mon Sep 17 00:00:00 2001 From: Noelle Murata Date: Thu, 9 Oct 2025 20:32:19 -0700 Subject: [PATCH 05/12] filter test files while using autobuild --- .github/codeql/codeql-config.yml | 11 +++++------ .github/workflows/codeql.yml | 18 +++++++++++++++++- 2 files changed, 22 insertions(+), 7 deletions(-) diff --git a/.github/codeql/codeql-config.yml b/.github/codeql/codeql-config.yml index a6b012b49..a8862b2b5 100644 --- a/.github/codeql/codeql-config.yml +++ b/.github/codeql/codeql-config.yml @@ -10,9 +10,8 @@ name: "CodeQL config for iterable-android-sdk" # - warning # - recommendation -paths: - - src -paths-ignore: - - src/node_modules - - '**/*.test.js' - - '**/*.md' +#paths: +# - src +#paths-ignore: +# - '**/src/androidTest' +# - '**/src/test' \ No newline at end of file diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index c338c4eaf..48194d8da 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -34,7 +34,7 @@ jobs: - name: Initialize CodeQL uses: github/codeql-action/init@v3 with: - config-file: ./.github/codeql/codeql-config.yml +# config-file: ./.github/codeql/codeql-config.yml languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -64,3 +64,19 @@ jobs: uses: github/codeql-action/analyze@v3 with: category: "/language:${{matrix.language}}" + output: sarif-results + upload: failure-only + + - name: filter-sarif + uses: advanced-security/filter-sarif@v1 + with: + patterns: | + +**/*.java + -**/*Test*.java + input: sarif-results/java.sarif + output: sarif-results/java.sarif + + - name: Upload SARIF + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: sarif-results/java.sarif From aa0532d268dda40c53be326f6bc062563878697e Mon Sep 17 00:00:00 2001 From: Noelle Murata Date: Thu, 9 Oct 2025 20:58:29 -0700 Subject: [PATCH 06/12] handling the test files via the filter-serif advanced security --- .github/codeql/codeql-config.yml | 17 ----------------- 1 file changed, 17 deletions(-) delete mode 100644 .github/codeql/codeql-config.yml diff --git a/.github/codeql/codeql-config.yml b/.github/codeql/codeql-config.yml deleted file mode 100644 index a8862b2b5..000000000 --- a/.github/codeql/codeql-config.yml +++ /dev/null @@ -1,17 +0,0 @@ -name: "CodeQL config for iterable-android-sdk" - -### by noelle.murata@iterable.com 10/10/25 - -#packs: -# - security-extended, security-and-quality -#query-filters: -# - exclude: -# problem.severity: -# - warning -# - recommendation - -#paths: -# - src -#paths-ignore: -# - '**/src/androidTest' -# - '**/src/test' \ No newline at end of file From 9120934162c0c8351b37784497ad484b047e1988 Mon Sep 17 00:00:00 2001 From: Noelle Murata Date: Thu, 9 Oct 2025 21:02:35 -0700 Subject: [PATCH 07/12] handling the test files via the filter-serif advanced security, removed the config file --- .github/workflows/codeql.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 48194d8da..0423295e4 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -34,7 +34,6 @@ jobs: - name: Initialize CodeQL uses: github/codeql-action/init@v3 with: -# config-file: ./.github/codeql/codeql-config.yml languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} # If you wish to specify custom queries, you can do so here or in a config file. From a412e0022b0763e6860d45ade0ae054ce5ea070d Mon Sep 17 00:00:00 2001 From: Noelle Murata Date: Thu, 9 Oct 2025 21:10:39 -0700 Subject: [PATCH 08/12] including kotlin patterns --- .github/workflows/codeql.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 0423295e4..210895eb4 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -71,7 +71,9 @@ jobs: with: patterns: | +**/*.java + +**/*.kt -**/*Test*.java + -**/*Test*.kt input: sarif-results/java.sarif output: sarif-results/java.sarif From 07a3a62e206f9ea6c6a4681b0ff37b9b22326029 Mon Sep 17 00:00:00 2001 From: Noelle Murata Date: Thu, 9 Oct 2025 23:31:23 -0700 Subject: [PATCH 09/12] Trying to see if we can minimize the warning noise --- .github/codeql/codeql-config.yml | 11 +++++++++++ .github/workflows/codeql.yml | 1 + 2 files changed, 12 insertions(+) create mode 100644 .github/codeql/codeql-config.yml diff --git a/.github/codeql/codeql-config.yml b/.github/codeql/codeql-config.yml new file mode 100644 index 000000000..d0e107206 --- /dev/null +++ b/.github/codeql/codeql-config.yml @@ -0,0 +1,11 @@ +name: "my config file" + +query-filters: + - include: + precision: + - high + - very-high + - exclude: + problem.severity: + - warning + - recommendation diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 210895eb4..7eb778370 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -36,6 +36,7 @@ jobs: with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} + config-file: ./github/codeql/codeql-config.yml # If you wish to specify custom queries, you can do so here or in a config file. # By default, queries listed here will override any specified in a config file. # Prefix the list here with "+" to use these queries and those in the config file. From 92d96b9e7b2b2acb102a99fe95cb1d110045918a Mon Sep 17 00:00:00 2001 From: Noelle Murata Date: Thu, 9 Oct 2025 23:33:01 -0700 Subject: [PATCH 10/12] Trying to see if we can minimize the warning noise, try again --- .github/workflows/codeql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 7eb778370..2070c6bc9 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -36,7 +36,7 @@ jobs: with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} - config-file: ./github/codeql/codeql-config.yml + config-file: './github/codeql/codeql-config.yml' # If you wish to specify custom queries, you can do so here or in a config file. # By default, queries listed here will override any specified in a config file. # Prefix the list here with "+" to use these queries and those in the config file. From 81828ad87ddfc82bca68247e30176cdbffbc0beb Mon Sep 17 00:00:00 2001 From: Noelle Murata Date: Thu, 9 Oct 2025 23:37:04 -0700 Subject: [PATCH 11/12] Trying to see if we can minimize the warning noise, trying yet again --- .github/workflows/codeql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 2070c6bc9..7eb778370 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -36,7 +36,7 @@ jobs: with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} - config-file: './github/codeql/codeql-config.yml' + config-file: ./github/codeql/codeql-config.yml # If you wish to specify custom queries, you can do so here or in a config file. # By default, queries listed here will override any specified in a config file. # Prefix the list here with "+" to use these queries and those in the config file. From bd7e28e22325fe2b9218dbf9c00f181f54917046 Mon Sep 17 00:00:00 2001 From: Noelle Murata Date: Thu, 9 Oct 2025 23:38:18 -0700 Subject: [PATCH 12/12] Trying to see if we can minimize the warning noise, i am tired. i a space --- .github/workflows/codeql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 7eb778370..b05558144 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -36,7 +36,7 @@ jobs: with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} - config-file: ./github/codeql/codeql-config.yml + config-file: .github/codeql/codeql-config.yml # If you wish to specify custom queries, you can do so here or in a config file. # By default, queries listed here will override any specified in a config file. # Prefix the list here with "+" to use these queries and those in the config file.