Files
wehub-resource-sync 7a0da7932b
OSV-Scanner (Scheduled) / scan-scheduled (push) Failing after 0s
Create Release / test-gate (push) Has been cancelled
Create Release / release-gate (push) Has been cancelled
Create Release / ci-gate (push) Has been cancelled
Create Release / version-check (push) Has been cancelled
Create Release / e2e-test-gate (push) Has been cancelled
Create Release / responsive-test-gate (push) Has been cancelled
Create Release / compat-test-gate (push) Has been cancelled
Create Release / compose-integration-gate (push) Has been cancelled
Create Release / vulture-gate (push) Has been cancelled
Create Release / build (push) Has been cancelled
Create Release / provenance (push) Has been cancelled
Create Release / prerelease-docker (push) Has been cancelled
Create Release / publish-docker (push) Has been cancelled
Create Release / create-release (push) Has been cancelled
Create Release / cleanup-changelog (push) Has been cancelled
Create Release / trigger-pypi (push) Has been cancelled
Create Release / monitor-pypi (push) Has been cancelled
Create Release / Clean up orphan prerelease tags and signatures (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [research-form] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [research-metrics] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [research-workflow] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [settings-core] (push) Has been cancelled
CodeQL Advanced / Analyze (javascript-typescript) (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [history-news] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [library] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [link-analytics] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [chat-core] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [chat-lifecycle] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [error-benchmark] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [settings-pages] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) (push) Has been cancelled
Docker Tests (Consolidated) / Accessibility Tests (push) Has been cancelled
Docker Tests (Consolidated) / LLM Unit Tests (push) Has been cancelled
Docker Tests (Consolidated) / LLM Example Tests (push) Has been cancelled
Docker Tests (Consolidated) / Production Image Smoke Test (push) Has been cancelled
Docker Tests (Consolidated) / Infrastructure Tests (push) Has been cancelled
OSSF Scorecard / OSSF Security Scorecard Analysis (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [mobile] (push) Has been cancelled
Backwards Compatibility / Verify Encryption Constants (push) Has been cancelled
Backwards Compatibility / PyPI Version Compatibility (push) Has been cancelled
Backwards Compatibility / Database Migration Tests (push) Has been cancelled
CodeQL Advanced / Analyze (python) (push) Has been cancelled
Docker Tests (Consolidated) / detect-changes (push) Has been cancelled
Docker Tests (Consolidated) / Build Test Image (push) Has been cancelled
Docker Tests (Consolidated) / All Pytest Tests + Coverage (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [accessibility] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [api-crud] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [auth-login] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [auth-pages] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [auth-register] (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 13:08:55 +08:00

112 lines
3.0 KiB
Bash

#!/bin/bash
# CodeQL SARIF Analysis Script for Unix/Linux
# This script analyzes CodeQL SARIF results using Ollama for human-readable explanations
# Configuration
SARIF_PATH="python-results.sarif"
OUTPUT_PATH="codeql_analysis_results.txt"
OLLAMA_ENDPOINT="http://localhost:11434/api/generate"
MODEL="deepseek-r1:32b"
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
CYAN='\033[0;36m'
NC='\033[0m' # No Color
# Function to check if Ollama is running
check_ollama() {
echo -n "Checking Ollama connection... "
if curl -s "$OLLAMA_ENDPOINT" > /dev/null; then
echo -e "${GREEN}OK${NC}"
return 0
else
echo -e "${RED}FAILED${NC}"
echo -e "${RED}Error: Ollama is not running. Please start Ollama first.${NC}"
return 1
fi
}
# Function to validate SARIF file
validate_sarif() {
echo -n "Validating SARIF file... "
if [ ! -f "$SARIF_PATH" ]; then
echo -e "${RED}FAILED${NC}"
echo -e "${RED}Error: SARIF file not found at: $SARIF_PATH${NC}"
return 1
fi
if jq empty "$SARIF_PATH" 2>/dev/null; then
echo -e "${GREEN}OK${NC}"
return 0
else
echo -e "${RED}FAILED${NC}"
echo -e "${RED}Error: Invalid SARIF file format${NC}"
return 1
fi
}
# Main script
echo -e "${CYAN}CodeQL SARIF Analysis Tool${NC}"
echo -e "${CYAN}=========================${NC}"
# Check if required tools are installed
command -v curl >/dev/null 2>&1 || { echo -e "${RED}Error: curl is required but not installed.${NC}"; exit 1; }
command -v jq >/dev/null 2>&1 || { echo -e "${RED}Error: jq is required but not installed.${NC}"; exit 1; }
# Check if Ollama is running
check_ollama || exit 1
# Validate SARIF file
validate_sarif || exit 1
# Read SARIF content
echo -n "Reading SARIF file... "
if SARIF_CONTENT=$(cat "$SARIF_PATH"); then
echo -e "${GREEN}OK${NC}"
else
echo -e "${RED}FAILED${NC}"
echo -e "${RED}Error: Failed to read SARIF file${NC}"
exit 1
fi
# Prepare the prompt
PROMPT="Please analyze these security findings from CodeQL analysis.
Focus on:
1. Critical vulnerabilities
2. High priority issues
3. Potential impact
4. Recommended fixes
Here is the analysis data:
$SARIF_CONTENT"
# Prepare the request body
REQUEST_BODY=$(jq -n \
--arg model "$MODEL" \
--arg prompt "$PROMPT" \
'{"model": $model, "prompt": $prompt}')
# Make the request to Ollama and process the streaming response
echo -n "Analyzing results with Ollama... "
if curl -s -X POST "$OLLAMA_ENDPOINT" \
-H "Content-Type: application/json" \
-d "$REQUEST_BODY" | \
while IFS= read -r line; do
if [ -n "$line" ]; then
echo "$line" | jq -r '.response // empty'
fi
done > "$OUTPUT_PATH"; then
echo -e "${GREEN}OK${NC}"
else
echo -e "${RED}FAILED${NC}"
echo -e "${RED}Error: Failed to analyze with Ollama${NC}"
exit 1
fi
echo -e "\n${GREEN}Analysis complete!${NC}"
echo -e "${YELLOW}Results saved to: $OUTPUT_PATH${NC}"
echo -e "${YELLOW}You can view the results by opening: $OUTPUT_PATH${NC}"