Skip to content

Commit

Permalink
chore: 🔧 Type: Chore | Scope: .github/codeql-config.yml | Title: Simp…
Browse files Browse the repository at this point in the history
…lify CodeQL configuration (#61)

Description:
- This commit simplifies the CodeQL configuration in the .github/codeql-config.yml file. The previous configuration details for Node.js security scan have been removed.
- This change streamlines the configuration and removes unnecessary details.

Details:
- The previous configuration included details for a Node.js security scan, including language specification and versioning.
- These details have been removed in this commit, simplifying the configuration.

Changeset:
- .github/codeql-config.yml: Removed Node.js security scan details.

Footer: Co-authored-by: Ricardo Esteves
 [email protected]
 Related to: [#39]
  • Loading branch information
RicardoGEsteves authored Jan 24, 2024
1 parent a4b5dcb commit db0063a
Show file tree
Hide file tree
Showing 2 changed files with 45 additions and 60 deletions.
103 changes: 45 additions & 58 deletions .github/codeql-config.yml
Original file line number Diff line number Diff line change
@@ -1,58 +1,45 @@
name: Node.js Security Scan Configuration
description: Scans Node.js projects for potential security issues using CodeQL
language: typescript
version: 1.0.2

connection:
database:
type: hosted
# url: https://codeql.codecov.io/
# token: <your_codecov_token>

queries:
- name: Unused Variables
query: |
from sources
where sources.code.contains("unused")
select sources.code.location, sources.code, "Unused variable detected"
- name: Insecure Dependency Usage
query: |
from dependencies
where dependencies.version < "16.13.1"
and dependencies.product = "npm:react-dom"
select dependencies.name, dependencies.version, "Insecure react-dom version used"
- name: NoESLint
query: |
from sources
where not sources.code.contains("eslint")
select sources.code.location, sources.code, "Missing ESLint"
- name: XSS Vulnerabilities
query: |
from sources
where sources.code.matches("(dangerousXSSMethod|unsafePattern)")
select sources.code.location, sources.code, "Potential XSS vulnerability"
- name: Injection Vulnerabilities
query: |
from sources
where sources.code.matches("(dangerousSQLQuery|unvalidatedInput)")
select sources.code.location, sources.code, "Possible injection vulnerability"
- name: Improper Error Handling
query: |
from controlflow
where controlflow.reachesExit() and not controlflow.traversesCatch()
select controlflow, "Improper error handling"
languages:
- javascript
- typescript

environments:
- name: Node.js
variables:
- name: NODE_PATH
value: "./node_modules"
name: "Advanced CodeQL Analysis"

on:
push:
branches: [main, develop]
pull_request:
branches: [main, develop]
schedule:
- cron: "0 1 * * 0"

jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest

strategy:
fail-fast: false
matrix:
node: ["20", "21", "lts/*"]
language: ["javascript"]

steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node }}
cache: "npm"

- name: Install Dependencies
run: npm ci

- name: Initialize CodeQL
uses: github/codeql-action/[email protected]
with:
languages: ${{ matrix.language }}
config-file: ./.github/codeql/codeql-config.yml

- name: Autobuild
uses: github/codeql-action/[email protected]

- name: Perform CodeQL Analysis
uses: github/codeql-action/[email protected]
2 changes: 0 additions & 2 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,6 @@ updates:
schedule:
interval: "daily"
open-pull-requests-limit: 30
ignore:
- dependency-name: "pnpm"

- package-ecosystem: "github-actions"
directory: "/"
Expand Down

0 comments on commit db0063a

Please sign in to comment.