8000 [UHxIZ8JO] Add CodeQL by AzuObs · Pull Request #186 · neo4j/apoc · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

[UHxIZ8JO] Add CodeQL #186

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Oct 4, 2022
Merged

[UHxIZ8JO] Add CodeQL #186

merged 3 commits into from
Oct 4, 2022

Conversation

AzuObs
Copy link
Contributor
@AzuObs AzuObs commented Sep 15, 2022
edited
Loading
  • Ignore automated security PR from JLLeitschuh
  • Install CodeQL

The CodeQL job is not decoupled from the main CI job. This is because CodeQL requires the artefacts to be built, and I didn't think it was worth to build the project twice.

@AzuObs AzuObs force-pushed the dev_code-ql branch 3 times, most recently from dd6146f to 8c1c00a Compare September 16, 2022 16:31
@AzuObs AzuObs changed the title Dev code ql Add CodeQL Sep 16, 2022
@AzuObs AzuObs changed the title Add CodeQL [UHxIZ8JO] Add CodeQL Sep 28, 2022
@AzuObs AzuObs added NOT READY FOR MERGE PR isn't ready to be merged 5.1 and removed 5.0 labels Sep 29, 2022
@AzuObs AzuObs force-pushed the dev_code-ql branch 2 times, most recently from 2780cdb to 24ca169 Compare September 30, 2022 12:27
AzuObs added 3 commits October 4, 2022 10:38
@AzuObs
[UHxIZ8JO] Ignore PRs from JLLeitschuh/security-research
0e08d92 
We want to ignore PRs from this security researcher because they do not follow our private disclosure process. These PRs highlight that our code is exploitable before we've had the opportunity to fix it.

However, we will take JLLeitschuh up on his suggestion to add https://github.com/github/codeql-action to run checks in the background.
@AzuObs
[UHxIZ8JO] Install CodeQL
1d29f3d
@AzuObs
[UHxIZ8JO] Remove unused file
afcf584 
The file was removed because it contained some vulnerabilities, and also because it was not used. It's also not used in APOC Extended.
@AzuObs AzuObs removed the NOT READY FOR MERGE PR isn't ready to be merged label Oct 4, 2022
ncordon
ncordon reviewed Oct 4, 2022
View reviewed changes
common/src/main/java/apoc/export/util/ElementCounter.java
* @author mh
* @since 17.01.14
*/
public class ElementCounter {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this used in extended?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Daniel has confirmed this was not used in extended

ncordon
ncordon reviewed Oct 4, 2022
View reviewed changes
Copy link
Collaborator
@ncordon ncordon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM with the exception of the small comment I left

@AzuObs AzuObs merged commit 6bb8434 into dev Oct 4, 2022
@AzuObs AzuObs deleted the dev_code-ql branch October 4, 2022 14:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ncordon ncordon ncordon approved these changes

Assignees

@ncordon ncordon

Labels
5.1 team-cypher-surface
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@AzuObs @ncordon
0