Added TypeScript analysis, Optimize the build image, and also added a new helper script

Author: j3ssie

Dockerfile

@@ -1,72 +1,8 @@
-FROM ubuntu:20.04 AS codeql_base
-LABEL maintainer="Github codeql team"
-
-# tzdata install needs to be non-interactive
-ENV DEBIAN_FRONTEND=noninteractive
-
-# install/update basics and python
-RUN apt-get update && \
-    apt-get upgrade -y && \
-    apt-get install -y --no-install-recommends \
-    	software-properties-common \
-    	vim \
-    	curl \
-    	wget \
-    	git \
-    	jq \
-    	build-essential \
-    	unzip \
-    	apt-transport-https \
-        python3.8 \
-    	python3-venv \
-    	python3-pip \
-    	python3-setuptools \
-        python3-dev \
-    	gnupg \
-    	g++ \
-    	make \
-    	gcc \
-    	apt-utils \
-        rsync \
-    	file \
-        dos2unix \
-        default-jdk \
-    	gettext && \
-        apt-get clean && \
-        ln -sf /usr/bin/python3.8 /usr/bin/python && \
-        ln -sf /usr/bin/pip3 /usr/bin/pip 
-
-# Install Golang
-RUN wget -q -O - https://raw.githubusercontent.com/canha/golang-tools-install-script/master/goinstall.sh | bash
-
-# Install latest codeQL
+FROM j3ssie/codeql-base:latest
 ENV CODEQL_HOME /root/codeql-home
-
-# Get CodeQL verion
-RUN curl --silent "https://api.github.com/repos/github/codeql-cli-binaries/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/' > /tmp/codeql_version
-
-# record the latest version of the codeql-cli
-RUN mkdir -p ${CODEQL_HOME} \
-    ${CODEQL_HOME}/codeql-repo \
-    ${CODEQL_HOME}/codeql-go-repo \
-    /opt/codeql
-
-# get the latest codeql queries and record the HEAD
-RUN git clone --depth=1 https://github.com/github/codeql ${CODEQL_HOME}/codeql-repo && \
-    git --git-dir ${CODEQL_HOME}/codeql-repo/.git log --pretty=reference -1 > /opt/codeql/codeql-repo-last-commit
-RUN git clone --depth=1 https://github.com/github/codeql-go ${CODEQL_HOME}/codeql-go-repo && \
-    git --git-dir ${CODEQL_HOME}/codeql-go-repo/.git log --pretty=reference -1 > /opt/codeql/codeql-go-repo-last-commit
-
-RUN CODEQL_VERSION=$(cat /tmp/codeql_version) && \
-    wget -q https://github.com/github/codeql-cli-binaries/releases/download/${CODEQL_VERSION}/codeql-linux64.zip -O /tmp/codeql_linux.zip && \
-    unzip /tmp/codeql_linux.zip -d ${CODEQL_HOME} && \
-    rm /tmp/codeql_linux.zip
-
 ENV PATH="$PATH:${CODEQL_HOME}/codeql:/root/go/bin:/root/.go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+COPY containers /root/containers
 COPY scripts /root/scripts
 
-# Pre-compile our queries to save time later
-RUN /root/scripts/compile-qs.sh
-
 WORKDIR /root/
-ENTRYPOINT ["/root/scripts/analyze.sh"]
+ENTRYPOINT ["/root/scripts/analyze.py"]

README.md

@@ -31,7 +31,6 @@ cat results/issues.sarif-latest| jq '.runs[].results'
 # with custom format and output
 ./scripts/run.py -l javascript -s /tmp/cc/code-scanning-javascript-demo --format=csv -o sample
 # your output will be store at sample/issues.csv
-
 ```
 
 ### Run with docker command
@@ -41,12 +40,15 @@ With `/tmp/src` is your source code and `/tmp/results` is where result store.
 > NOTE: make sure /tmp/results folder exist otherwise it won't work
 
 ```shell
-# simple usage
+# simple usage which will run the QL Packs of that language
 docker run --rm --name codeql-docker -v "/tmp/src:/opt/src" -v "/tmp/results:/opt/results" -e "LANGUAGE=go" j3ssie/codeql-docker:latest
 
-# more options
+# Run with specific Queries Suite and different output format
 docker run --rm --name codeql-docker -v "/tmp/src:/opt/src" -v "/tmp/results:/opt/results" -e "LANGUAGE=javascript" -e "FORMAT=csv" -e "QS=javascript-security-and-quality.qls" j3ssie/codeql-docker:latest
 
+# Override the source code DB tree
+docker run --rm --name codeql-docker -v "/tmp/src:/opt/src" -v "/tmp/results:/opt/results" -e "LANGUAGE=javascript" -e "FORMAT=csv" -e "QS=javascript-security-and-quality.qls" -e "OVERRIDE=True" j3ssie/codeql-docker:latest
+
 ```
 
 ### Manual analyze
@@ -58,12 +60,16 @@ docker run -it --entrypoint=/bin/bash -t j3ssie/codeql-docker:latest
 # Copy your code to container
 docker cp <your-source-cde> <docker-ID>:/opt/src
 
-# create DB in this folder /opt/src/db
-# This might take a while depend on your code
+# You use the helper scripts to run CodeQL
+python3 analyze.py -d /opt/src/db -s /opt/src/ -l javascript --override=True
+
+# Or using raw command from codeQL
+## create DB in this folder /opt/src/db
+## This might take a while depend on your code
 codeql database create --language=<language> /opt/src/db -s /opt/src
 
-# run analyze
-# normally query-suites will will be: <language>-security-and-quality.qls
+## run analyze
+## normally query-suites will will be: <language>-security-and-quality.qls
 codeql database analyze --format=sarif-latest --output=/opt/issues.sarif /opt/src/db <query-suites>
 
 # copy the result back to host machine
@@ -73,12 +79,17 @@ docker cp <docker-ID>:/opt/issues.sarif .
 ### Other commands
 
 ```shell
+# List all query packs
+codeql resolve qlpacks --format=json | jq -r 'keys[]'
+
 # List all query suites
 codeql resolve queries
 
 # Upgrade DB
 codeql database upgrade <database>
 
+# Building the base image
+docker build -f base-image-Dockerfile -t j3ssie/codeql-base:latest .
 ```
 
 ## Donation

base-image-Dockerfile

@@ -0,0 +1,69 @@
+FROM ubuntu:20.04 AS codeql_base
+LABEL maintainer="Github codeql team"
+
+# tzdata install needs to be non-interactive
+ENV DEBIAN_FRONTEND=noninteractive
+
+# install/update basics and python
+RUN apt-get update && \
+    apt-get upgrade -y && \
+    apt-get install -y --no-install-recommends \
+    	software-properties-common \
+    	vim \
+    	curl \
+    	wget \
+    	git \
+    	jq \
+    	build-essential \
+    	unzip \
+    	apt-transport-https \
+        python3.8 \
+    	python3-venv \
+    	python3-pip \
+    	python3-setuptools \
+        python3-dev \
+    	gnupg \
+    	g++ \
+    	make \
+    	gcc \
+    	apt-utils \
+        rsync \
+    	file \
+        dos2unix \
+        default-jdk \
+    	gettext
+# support typescript
+RUN apt-get install nodejs -y -qq
+RUN apt-get clean && \
+        ln -sf /usr/bin/python3.8 /usr/bin/python && \
+        ln -sf /usr/bin/pip3 /usr/bin/pip 
+
+# Install Golang
+RUN wget -q -O - https://raw.githubusercontent.com/canha/golang-tools-install-script/master/goinstall.sh | bash
+
+# Install latest codeQL
+ENV CODEQL_HOME /root/codeql-home
+
+# Get CodeQL verion
+RUN curl --silent "https://api.github.com/repos/github/codeql-cli-binaries/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/' > /tmp/codeql_version
+
+# record the latest version of the codeql-cli
+RUN mkdir -p ${CODEQL_HOME} \
+    ${CODEQL_HOME}/codeql-repo \
+    ${CODEQL_HOME}/codeql-go-repo \
+    /opt/codeql
+
+# get the latest codeql queries and record the HEAD
+RUN git clone --depth=1 https://github.com/github/codeql ${CODEQL_HOME}/codeql-repo && \
+    git --git-dir ${CODEQL_HOME}/codeql-repo/.git log --pretty=reference -1 > /opt/codeql/codeql-repo-last-commit
+
+RUN CODEQL_VERSION=$(cat /tmp/codeql_version) && \
+    wget -q https://github.com/github/codeql-cli-binaries/releases/download/${CODEQL_VERSION}/codeql-linux64.zip -O /tmp/codeql_linux.zip && \
+    unzip /tmp/codeql_linux.zip -d ${CODEQL_HOME} && \
+    rm /tmp/codeql_linux.zip
+
+ENV PATH="$PATH:${CODEQL_HOME}/codeql:/root/go/bin:/root/.go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+COPY containers /root/containers
+# Pre-compile our queries to save time later
+RUN /root/containers/compile-qs.sh
+

scripts/analyze.sh containers/analyze.shscripts/analyze.sh renamed to containers/analyze.sh

@@ -2,6 +2,7 @@
 
 RED="\033[31m"
 YELLOW="\033[33m"
+CYAN="\033[96m"
 GREEN="\033[32m"
 RESET="\033[0m"
 
@@ -35,8 +36,8 @@ print_green " [+] Output: $OUTPUT"
 print_green " [+] Format: $FORMAT"
 echo "----------------"
 
-echo -e "Creating DB: codeql database create --language=$LANGUAGE $DB -s $SRC"
+echo -e "$CYAN ==> Creating DB:$GREEN codeql database create --language=$LANGUAGE $DB -s $SRC"
 codeql database create --language=$LANGUAGE $DB -s $SRC
 
-echo -e "Start Scanning: codeql database analyze --format=$FORMAT --output=$OUTPUT/issues.$FORMAT $DB $QS"
-codeql database analyze --format=$FORMAT --output=$OUTPUT/issues.$FORMAT $DB $QS
+echo -e "$CYAN ==> Start Scanning:$GREEN codeql database analyze --format=$FORMAT --output=$OUTPUT/issues.$FORMAT $DB $QS"
+codeql database analyze --overwrite --format=$FORMAT --output=$OUTPUT/issues.$FORMAT $DB $QS

scripts/compile-qs.sh containers/compile-qs.shscripts/compile-qs.sh renamed to containers/compile-qs.sh

@@ -12,13 +12,13 @@ print_green() {
 print_green "[+] Start Compiling query suites"
 
 # get all query suites except Java
-ls /root/codeql-home/codeql-go-repo/ql/src/codeql-suites/*.qls > /tmp/list-querysuites
+ls /root/codeql-home/codeql-repo/go/ql/src/codeql-suites/*.qls > /tmp/list-querysuites
 ls /root/codeql-home/codeql-repo/*/ql/src/codeql-suites/*.qls  | grep -v 'java-' | grep -v 'csharp' >> /tmp/list-querysuites
 
 while IFS="" read -r qs || [ -n "$qs" ]
 do
   print_green "[+] Compiling query suites: $qs"
-  codeql query compile --threads=0 $qs
+  codeql query compile --threads=20 $qs
 done < /tmp/list-querysuites
 
 print_green "[+] Done Compiling query suites ..."