Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Scan with CodeQL #332

Merged
merged 1 commit into from
Nov 5, 2020
Merged

Scan with CodeQL #332

merged 1 commit into from
Nov 5, 2020

Conversation

jasongrout
Copy link
Contributor

@jasongrout jasongrout commented Nov 5, 2020
edited
Loading

@jasongrout jasongrout mentioned this pull request Nov 5, 2020
Merged
@jasongrout
Copy link
Contributor Author

Codeql reports 147 issues. Lots of low-hanging fruit there to tackle.

@jasongrout
Copy link
Contributor Author

(I think we could merge this to expose the report, then resolving the reported issues can be low-hanging maintenance tasks)

@echarles echarles merged commit a409056 into master Nov 5, 2020
@echarles
Copy link
Member

echarles commented Nov 5, 2020

Thx @jasongrout I guess a next step will be to open an issue with the report.

@jasongrout
Copy link
Contributor Author

Thx @jasongrout I guess a next step will be to open an issue with the report.

The alerts are now available from the Security tab: https://github.com/jupyter/jupyter_server/security/code-scanning

I think from here it is just opening PRs fixing them.

@kevin-bates
Copy link
Member

I would like that all pushed branches trigger this report so that would-be pull requests could first have a chance to address any flagged issues. I'll provide a PR to make that change.

Overall, this seems a little invasive in my opinion. For example, the tests re-use r to hold responses all over the place.

If a given flagged issue is dismissed, do you know if it records that dismissal so as to not raise it again? I guess I need to go look at CodeQL.

@jasongrout
Copy link
Contributor Author

If a given flagged issue is dismissed, do you know if it records that dismissal so as to not raise it again? I guess I need to go look at CodeQL.

I think so? At least, that would make sense to me.

@kevin-bates
Copy link
Member

Yeah, after looking at the results on my pushed branch (for #333), no new alerts were found so the security tab represents an accumulation of whatever has been encountered, which, I agree, must consist of some persisted state.

Once we get the flagged issues addressed, things will settle down (in my head 😄 ).

@farisachugthai
Copy link
Contributor

Hey I'm sorry @jasongrout but I might be missing something here. The results link provided doesn't seem to be working and the security/code-scanning isn't working either.

I tried looking under actions to see the code scan being run in this repos workflow but couldn't locate that either.

Id definitely be interested in helping to fix these issues but unless I'm missing something I can't see the results 😞

@Zsailer Zsailer deleted the jasongrout-patch-1 branch December 2, 2020 23:12
Zsailer added a commit to Zsailer/jupyter_server that referenced this pull request Nov 18, 2022
@Zsailer
skip failed loop for now (jupyter-server#332)
698f147
hMED22 pushed a commit to hMED22/jupyter_server that referenced this pull request Jan 23, 2023
@echarles
Merge pull request jupyter-server#332 from jupyter/jasongrout-patch-1
6045989 
Scan with CodeQL
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@echarles echarles echarles approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jasongrout @echarles @kevin-bates @farisachugthai