Merge pull request #5 from haqimazhar/codeguru-poc

[MASTER]: Test Codeguru poc

Author: haqimazhar

workflows/main.yml renamed to .github/workflows/main.yml

@@ -3,6 +3,7 @@ on:
   push:
     branches:
       - 'dev'
+      - 'codeguru-poc'
   pull_request:
     branches:
       - "main"
@@ -33,31 +34,19 @@ jobs:
           aws-region: ap-southeast-1
           role-session-name: GitHubActionScript
 
+
       - name: CodeGuru Security
         uses: aws-actions/codeguru-security@v1
         with:
-          source_path: .
-          aws_region: ap-southeast-1
-          fail_on_severity: Critical
+            source_path: .
+            aws_region: ap-southeast-1
+            # fail_on_severity: Critical
       - name: Print findings
         run: |
-          ls -l
-          cat codeguru-security-results.sarif.json
-
-      - name: Upload SARIF file as artifact
-        uses: actions/upload-artifact@v3
-        with:
-          name: codeguru-security-results
-          path: codeguru-security-results.sarif.json
-
-      - name: Install dependencies
-        run: cd action && npm install
-
-      - name: Comment on PR with scan results
-        uses: ./action
+            ls -l
+            cat codeguru-security-results.sarif.json
+  
+      - name: Upload result
+        uses: github/codeql-action/upload-sarif@v2
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-          repository: ${{ github.repository }}
-          pull_request_number: ${{ github.event.pull_request.number }}
-          sarif_path: codeguru-security-results.sarif.json
-          initial_commit_sha: ${{ github.event.pull_request.head.sha }} 
+            sarif_file: codeguru-security-results.sarif.json

python/src/detectors/code_injection/code_injection.py

@@ -18,7 +18,6 @@ def execute_input_noncompliant():
 # {fact [email protected] defects=0}
 from flask import app
 
-
 @app.route('/')
 def execute_input_compliant():
     from flask import request

python/src/detectors/code_readability/code_readability.py

@@ -5,7 +5,7 @@
 def avoid_complex_comprehension_noncompliant():
     text = [['bar', 'pie', 'line'],
             ['Rome', 'Madrid', 'Houston'],
-            ['aa', 'bb', 'cc', 'dd']]
+            ['aa', 'bb', 'cc', 'dd', 'ee']]
     # Noncompliant: list comprehensions with more than two control
     # sub expressions are hard to read and maintain.
     text_3 = [y.upper() for x in text if len(x) == 3 for y in x

python/src/detectors/dangerous_global_variables/dangerous_global_variables.py

@@ -7,6 +7,7 @@ def dangerous_global_noncompliant(w):
     # from multiple sections.
     global width
     width = w
+    lol = lambda x: x + width
 # {/fact}
 
 

python/src/detectors/improper_authentication/improper_authentication.py

@@ -6,6 +6,7 @@ def improper_authentication_noncompliant(token):
     import jwt
     # Noncompliant: The verify flag is set to false.
     jwt.decode(token, verify=False)
+
 # {/fact}
 
 
@@ -14,4 +15,5 @@ def improper_authentication_compliant(token):
     import jwt
     # Compliant: The verify flag is set to true.
     jwt.decode(token, verify=True)
+    
 # {/fact}

python/src/detectors/improper_error_handling/improper_error_handling.py

@@ -18,6 +18,7 @@ def error_handling_continue_noncompliant():
     for i in range(10):
         try:
             int(number)
+            print("Number is an integer.")
         except Exception:
             # Noncompliant: has improper error handling.
             continue