7a0da7932b
OSV-Scanner (Scheduled) / scan-scheduled (push) Failing after 0s
Create Release / test-gate (push) Has been cancelled
Create Release / release-gate (push) Has been cancelled
Create Release / ci-gate (push) Has been cancelled
Create Release / version-check (push) Has been cancelled
Create Release / e2e-test-gate (push) Has been cancelled
Create Release / responsive-test-gate (push) Has been cancelled
Create Release / compat-test-gate (push) Has been cancelled
Create Release / compose-integration-gate (push) Has been cancelled
Create Release / vulture-gate (push) Has been cancelled
Create Release / build (push) Has been cancelled
Create Release / provenance (push) Has been cancelled
Create Release / prerelease-docker (push) Has been cancelled
Create Release / publish-docker (push) Has been cancelled
Create Release / create-release (push) Has been cancelled
Create Release / cleanup-changelog (push) Has been cancelled
Create Release / trigger-pypi (push) Has been cancelled
Create Release / monitor-pypi (push) Has been cancelled
Create Release / Clean up orphan prerelease tags and signatures (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [research-form] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [research-metrics] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [research-workflow] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [settings-core] (push) Has been cancelled
CodeQL Advanced / Analyze (javascript-typescript) (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [history-news] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [library] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [link-analytics] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [chat-core] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [chat-lifecycle] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [error-benchmark] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [settings-pages] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) (push) Has been cancelled
Docker Tests (Consolidated) / Accessibility Tests (push) Has been cancelled
Docker Tests (Consolidated) / LLM Unit Tests (push) Has been cancelled
Docker Tests (Consolidated) / LLM Example Tests (push) Has been cancelled
Docker Tests (Consolidated) / Production Image Smoke Test (push) Has been cancelled
Docker Tests (Consolidated) / Infrastructure Tests (push) Has been cancelled
OSSF Scorecard / OSSF Security Scorecard Analysis (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [mobile] (push) Has been cancelled
Backwards Compatibility / Verify Encryption Constants (push) Has been cancelled
Backwards Compatibility / PyPI Version Compatibility (push) Has been cancelled
Backwards Compatibility / Database Migration Tests (push) Has been cancelled
CodeQL Advanced / Analyze (python) (push) Has been cancelled
Docker Tests (Consolidated) / detect-changes (push) Has been cancelled
Docker Tests (Consolidated) / Build Test Image (push) Has been cancelled
Docker Tests (Consolidated) / All Pytest Tests + Coverage (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [accessibility] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [api-crud] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [auth-login] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [auth-pages] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [auth-register] (push) Has been cancelled
112 lines
3.0 KiB
Bash
112 lines
3.0 KiB
Bash
#!/bin/bash
|
|
|
|
# CodeQL SARIF Analysis Script for Unix/Linux
|
|
# This script analyzes CodeQL SARIF results using Ollama for human-readable explanations
|
|
|
|
# Configuration
|
|
SARIF_PATH="python-results.sarif"
|
|
OUTPUT_PATH="codeql_analysis_results.txt"
|
|
OLLAMA_ENDPOINT="http://localhost:11434/api/generate"
|
|
MODEL="deepseek-r1:32b"
|
|
|
|
# Colors for output
|
|
RED='\033[0;31m'
|
|
GREEN='\033[0;32m'
|
|
YELLOW='\033[1;33m'
|
|
CYAN='\033[0;36m'
|
|
NC='\033[0m' # No Color
|
|
|
|
# Function to check if Ollama is running
|
|
check_ollama() {
|
|
echo -n "Checking Ollama connection... "
|
|
if curl -s "$OLLAMA_ENDPOINT" > /dev/null; then
|
|
echo -e "${GREEN}OK${NC}"
|
|
return 0
|
|
else
|
|
echo -e "${RED}FAILED${NC}"
|
|
echo -e "${RED}Error: Ollama is not running. Please start Ollama first.${NC}"
|
|
return 1
|
|
fi
|
|
}
|
|
|
|
# Function to validate SARIF file
|
|
validate_sarif() {
|
|
echo -n "Validating SARIF file... "
|
|
if [ ! -f "$SARIF_PATH" ]; then
|
|
echo -e "${RED}FAILED${NC}"
|
|
echo -e "${RED}Error: SARIF file not found at: $SARIF_PATH${NC}"
|
|
return 1
|
|
fi
|
|
|
|
if jq empty "$SARIF_PATH" 2>/dev/null; then
|
|
echo -e "${GREEN}OK${NC}"
|
|
return 0
|
|
else
|
|
echo -e "${RED}FAILED${NC}"
|
|
echo -e "${RED}Error: Invalid SARIF file format${NC}"
|
|
return 1
|
|
fi
|
|
}
|
|
|
|
# Main script
|
|
echo -e "${CYAN}CodeQL SARIF Analysis Tool${NC}"
|
|
echo -e "${CYAN}=========================${NC}"
|
|
|
|
# Check if required tools are installed
|
|
command -v curl >/dev/null 2>&1 || { echo -e "${RED}Error: curl is required but not installed.${NC}"; exit 1; }
|
|
command -v jq >/dev/null 2>&1 || { echo -e "${RED}Error: jq is required but not installed.${NC}"; exit 1; }
|
|
|
|
# Check if Ollama is running
|
|
check_ollama || exit 1
|
|
|
|
# Validate SARIF file
|
|
validate_sarif || exit 1
|
|
|
|
# Read SARIF content
|
|
echo -n "Reading SARIF file... "
|
|
if SARIF_CONTENT=$(cat "$SARIF_PATH"); then
|
|
echo -e "${GREEN}OK${NC}"
|
|
else
|
|
echo -e "${RED}FAILED${NC}"
|
|
echo -e "${RED}Error: Failed to read SARIF file${NC}"
|
|
exit 1
|
|
fi
|
|
|
|
# Prepare the prompt
|
|
PROMPT="Please analyze these security findings from CodeQL analysis.
|
|
Focus on:
|
|
1. Critical vulnerabilities
|
|
2. High priority issues
|
|
3. Potential impact
|
|
4. Recommended fixes
|
|
|
|
Here is the analysis data:
|
|
$SARIF_CONTENT"
|
|
|
|
# Prepare the request body
|
|
REQUEST_BODY=$(jq -n \
|
|
--arg model "$MODEL" \
|
|
--arg prompt "$PROMPT" \
|
|
'{"model": $model, "prompt": $prompt}')
|
|
|
|
# Make the request to Ollama and process the streaming response
|
|
echo -n "Analyzing results with Ollama... "
|
|
if curl -s -X POST "$OLLAMA_ENDPOINT" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$REQUEST_BODY" | \
|
|
while IFS= read -r line; do
|
|
if [ -n "$line" ]; then
|
|
echo "$line" | jq -r '.response // empty'
|
|
fi
|
|
done > "$OUTPUT_PATH"; then
|
|
echo -e "${GREEN}OK${NC}"
|
|
else
|
|
echo -e "${RED}FAILED${NC}"
|
|
echo -e "${RED}Error: Failed to analyze with Ollama${NC}"
|
|
exit 1
|
|
fi
|
|
|
|
echo -e "\n${GREEN}Analysis complete!${NC}"
|
|
echo -e "${YELLOW}Results saved to: $OUTPUT_PATH${NC}"
|
|
echo -e "${YELLOW}You can view the results by opening: $OUTPUT_PATH${NC}"
|