Init

Author: j3ssie

Dockerfile

@@ -0,0 +1,73 @@
+FROM ubuntu:20.04 AS codeql_base
+LABEL maintainer="Github codeql team"
+
+# tzdata install needs to be non-interactive
+ENV DEBIAN_FRONTEND=noninteractive
+
+# install/update basics and python
+RUN apt-get update && \
+    apt-get upgrade -y && \
+    apt-get install -y --no-install-recommends \
+    	software-properties-common \
+    	vim \
+    	curl \
+    	wget \
+    	git \
+    	jq \
+    	build-essential \
+    	unzip \
+    	apt-transport-https \
+        python3.8 \
+    	python3-venv \
+    	python3-pip \
+    	python3-setuptools \
+        python3-dev \
+    	gnupg \
+    	g++ \
+    	make \
+    	gcc \
+    	apt-utils \
+        rsync \
+    	file \
+        dos2unix \
+        default-jdk \
+    	gettext && \
+        apt-get clean && \
+        ln -s /usr/bin/python3.8 /usr/bin/python && \
+        ln -s /usr/bin/pip3 /usr/bin/pip 
+
+# Install Golang
+RUN wget -q -O - https://raw.githubusercontent.com/canha/golang-tools-install-script/master/goinstall.sh | bash
+
+# Install latest codeQL
+ENV CODEQL_HOME /opt/codeql-home
+
+# Get CodeQL verion
+RUN curl --silent "https://api.github.com/repos/github/codeql-cli-binaries/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/' > /tmp/codeql_version
+
+# record the latest version of the codeql-cli
+RUN mkdir -p ${CODEQL_HOME} \
+    ${CODEQL_HOME}/codeql-repo \
+    ${CODEQL_HOME}/codeql-go-repo \
+    /opt/codeql
+
+# get the latest codeql queries and record the HEAD
+RUN git clone https://github.com/github/codeql ${CODEQL_HOME}/codeql-repo && \
+    git --git-dir ${CODEQL_HOME}/codeql-repo/.git log --pretty=reference -1 > /opt/codeql/codeql-repo-last-commit
+RUN git clone https://github.com/github/codeql-go ${CODEQL_HOME}/codeql-go-repo && \
+    git --git-dir ${CODEQL_HOME}/codeql-go-repo/.git log --pretty=reference -1 > /opt/codeql/codeql-go-repo-last-commit
+
+RUN CODEQL_VERSION=$(cat /tmp/codeql_version) && \
+    wget -q https://github.com/github/codeql-cli-binaries/releases/download/${CODEQL_VERSION}/codeql-linux64.zip -O /tmp/codeql_linux.zip && \
+    unzip /tmp/codeql_linux.zip -d ${CODEQL_HOME} && \
+    rm /tmp/codeql_linux.zip
+
+ENV PATH="${CODEQL_HOME}/codeql:${PATH}"
+
+## Pre-compile our queries to save time later
+# RUN codeql query compile --threads=0 ${CODEQL_HOME}/codeql-repo/*/ql/src/codeql-suites/*.qls
+# RUN codeql query compile --threads=0 ${CODEQL_HOME}/codeql-go-repo/ql/src/codeql-suites/*.qls
+
+ENTRYPOINT /bin/bash
+# ENV PYTHONIOENCODING=utf-8
+# ENTRYPOINT ["python3", "/usr/local/startup_scripts/startup.py"]

README.md

@@ -0,0 +1,56 @@
+# CodeQL docker build
+
+Based on [microsoft/codeql-container](https://github.com/microsoft/codeql-container) with java, golang installed and .NET removed.
+
+## Build & Run
+
+```shell
+docker build -t j3ssie/codeql-docker:latest .
+```
+
+or pull the latest from docker hub
+
+```shell
+docker pull j3ssie/codeql-docker:latest
+
+# then run the container
+docker run -it j3ssie/codeql-docker:latest
+```
+
+
+## Usage
+
+### Access container with shell
+
+```shell
+docker run -it -t j3ssie/codeql-docker:latest /bin/bash
+```
+
+### Do analyze
+
+```shell
+# Copy your code to container
+docker cp <your-source-cde> <docker-ID>:/opt/src
+
+# create DB in this folder /opt/src/db
+# This might take a while depend on your code
+codeql database create --language=<language> /opt/src/db -s /opt/src
+
+# run analyze
+# normally query-suites will will be: <language>-security-and-quality.qls
+codeql database analyze --format=sarif-latest --output=/opt/issues.sarif /opt/src/db <query-suites>
+
+# copy the result back to host machine
+docker cp <docker-ID>:/opt/issues.sarif .
+```
+
+### Other commands
+
+```shell
+# List all query suites
+codeql resolve queries
+
+# Upgrade DB
+codeql database upgrade <database>
+
+```