Skip to content

357 sa create needs bounds checking #192

357 sa create needs bounds checking

357 sa create needs bounds checking #192

Workflow file for this run

# For most projects, this workflow file will not need changing; you simply need
# to commit it to your repository.
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
#
# ******** NOTE ********
# We have attempted to detect the languages in your repository. Please check
# the `language` matrix defined below to confirm you have the correct set of
# supported CodeQL languages.
#
name: "CodeQL Advanced"
on:
push:
branches: [ dev ]
pull_request:
branches: [ main, dev ]
jobs:
build_internal:
name: Analyze Build_Internal
runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
container:
image: ivvitc/cryptolib:20240814
permissions:
# required for all workflows
security-events: write
# required to fetch internal or private CodeQL packs
packages: read
# only required for workflows in private repositories
actions: write
contents: read
env:
BUILD_STRING: build_internal.sh
strategy:
fail-fast: false
matrix:
include:
- language: c-cpp
build-mode: manual
# - language: python
# build-mode: none
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Update Dependencies
run: |
bash ${GITHUB_WORKSPACE}/support/scripts/update_env.sh
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}
- if: matrix.build-mode == 'manual'
shell: bash
run: |
bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:${{matrix.language}}"
build_minimal:
name: Analyze Build_Minimal
runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
container:
image: ivvitc/cryptolib:20240814
permissions:
# required for all workflows
security-events: write
# required to fetch internal or private CodeQL packs
packages: read
# only required for workflows in private repositories
actions: read
contents: read
env:
BUILD_STRING: build_minimal.sh
strategy:
fail-fast: false
matrix:
include:
- language: c-cpp
build-mode: manual
# - language: python
# build-mode: none
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Update Dependencies
run: |
bash ${GITHUB_WORKSPACE}/support/scripts/update_env.sh
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}
- if: matrix.build-mode == 'manual'
shell: bash
run: |
bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:${{matrix.language}}"
build_wolf:
name: Analyze Build_Wolf
runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
container:
image: ivvitc/cryptolib:20240814
permissions:
# required for all workflows
security-events: write
# required to fetch internal or private CodeQL packs
packages: read
# only required for workflows in private repositories
actions: read
contents: read
env:
BUILD_STRING: build_wolf.sh
strategy:
fail-fast: false
matrix:
include:
- language: c-cpp
build-mode: manual
# - language: python
# build-mode: none
steps:
- name: Clone WolfSSL
run: git clone --depth 1 --branch v5.6.0-stable https://github.com/wolfSSL/wolfssl.git /tmp/wolfssl
- name: Build WolfSSL
run: mkdir /tmp/wolfssl/build;
cd /tmp/wolfssl/build;
cmake -DWOLFSSL_AESCCM=yes -DWOLFSSL_AESSIV=yes -DWOLFSSL_CMAC=yes ..;
cmake --build .;
make install;
ldconfig;
- name: Install Dependencies
run: |
apt-get update
apt-get install -y lcov libcurl4-openssl-dev libmariadb-dev libmariadb-dev-compat python3 autoconf libtool
- name: Install Python Libraries
run: pip install pycryptodome
- name: Update Dependencies
run: >
curl -LS https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.50.tar.bz2 -o /tmp/libgpg-error-1.50.tar.bz2
&& tar -xjf /tmp/libgpg-error-1.50.tar.bz2 -C /tmp/
&& cd /tmp/libgpg-error-1.50
&& ./configure
&& make install
&& curl -LS https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.11.0.tar.bz2 -o /tmp/libgcrypt-1.11.0.tar.bz2
&& tar -xjf /tmp/libgcrypt-1.11.0.tar.bz2 -C /tmp/
&& cd /tmp/libgcrypt-1.11.0
&& ./configure
&& make install
&& ldconfig
- name: Checkout repository
uses: actions/checkout@v4
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}
- if: matrix.build-mode == 'manual'
shell: bash
run: |
bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:${{matrix.language}}"
build_rhel:
name: Analyze Build_RHEL
runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
container:
image: ivvitc/cryptolib:20240814
permissions:
# required for all workflows
security-events: write
# required to fetch internal or private CodeQL packs
packages: read
# only required for workflows in private repositories
actions: read
contents: read
env:
BUILD_STRING: build_rhel.sh
strategy:
fail-fast: false
matrix:
include:
- language: c-cpp
build-mode: manual
# - language: python
# build-mode: none
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Update Dependencies
run: |
bash ${GITHUB_WORKSPACE}/support/scripts/update_env.sh
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}
- if: matrix.build-mode == 'manual'
shell: bash
run: |
bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:${{matrix.language}}"
build_ep:
name: Analyze Build_EP
runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
container:
image: ivvitc/cryptolib:20240814
permissions:
# required for all workflows
security-events: write
# required to fetch internal or private CodeQL packs
packages: read
# only required for workflows in private repositories
actions: write
contents: read
env:
BUILD_STRING: build_ep.sh
strategy:
fail-fast: false
matrix:
include:
- language: c-cpp
build-mode: manual
# - language: python
# build-mode: none
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Update Dependencies
run: |
bash ${GITHUB_WORKSPACE}/support/scripts/update_env.sh
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}
- if: matrix.build-mode == 'manual'
shell: bash
run: |
bash ${GITHUB_WORKSPACE}/support/scripts/$BUILD_STRING
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:${{matrix.language}}"