chore: 📈 Update codeql setup.

Change codeql-config.yml.
RicardoGEsteves · Dec 12, 2023 · e9c882a · e9c882a
1 parent 8dee0cc
commit e9c882a
Showing 1 changed file with 49 additions and 59 deletions.
diff --git a/.github/codeql-config.yml b/.github/codeql-config.yml
@@ -1,68 +1,58 @@
-# .github/codeql-config.yml
+name: Node.js Security Scan Configuration
+description: Scans Node.js projects for potential security issues using CodeQL
+language: typescript
+version: 1.0.2
+
+connection:
+  database:
+    type: hosted
+    # url: https://codeql.codecov.io/
+    # token: <your_codecov_token>
+
+queries:
+  - name: Unused Variables
+    query: |
+      from sources
+      where sources.code.contains("unused")
+      select sources.code.location, sources.code, "Unused variable detected"
+
+  - name: Insecure Dependency Usage
+    query: |
+      from dependencies
+      where dependencies.version < "16.13.1"
+      and dependencies.product = "npm:react-dom"
+      select dependencies.name, dependencies.version, "Insecure react-dom version used"
+
+  - name: NoESLint
+    query: |
+      from sources
+      where not sources.code.contains("eslint")
+      select sources.code.location, sources.code, "Missing ESLint"
+
+  - name: XSS Vulnerabilities
+    query: |
+      from sources
+      where sources.code.matches("(dangerousXSSMethod|unsafePattern)")
+      select sources.code.location, sources.code, "Potential XSS vulnerability"
+
+  - name: Injection Vulnerabilities
+    query: |
+      from sources
+      where sources.code.matches("(dangerousSQLQuery|unvalidatedInput)")
+      select sources.code.location, sources.code, "Possible injection vulnerability"
+
+  - name: Improper Error Handling
+    query: |
+      from controlflow
+      where controlflow.reachesExit() and not controlflow.traversesCatch()
+      select controlflow, "Improper error handling"
 
-# Language configuration
 languages:
   - javascript
   - typescript
 
-# Analysis configuration
-queries:
-  - ./
-
-# Specify Node.js environment (assuming Node.js is used)
 environments:
   - name: Node.js
     variables:
       - name: NODE_PATH
-        value: /omniscient/node_modules
-
-# Specific rules or configurations for Node.js/npm projects
-nodejs:
-  package-json: |
-    {
-      "name": "omniscient",
-      "version": "0.1.0",
-      "private": true,
-      "dependencies": {
-        "@clerk/nextjs": "^4.27.2",
-        "@hookform/resolvers": "^3.3.2",
-        "@prisma/client": "^5.6.0",
-        "@radix-ui/react-avatar": "^1.0.4",
-        "@radix-ui/react-dialog": "^1.0.5",
-        "@radix-ui/react-label": "^2.0.2",
-        "@radix-ui/react-progress": "^1.0.3",
-        "@radix-ui/react-select": "^2.0.0",
-        "@radix-ui/react-slot": "^1.0.2",
-        "axios": "^1.6.2",
-        "class-variance-authority": "^0.7.0",
-        "clsx": "^2.0.0",
-        "crisp-sdk-web": "^1.0.21",
-        "lucide-react": "^0.293.0",
-        "next": "14.0.3",
-        "openai": "^4.20.1",
-        "react": "^18",
-        "react-dom": "^18",
-        "react-hook-form": "^7.48.2",
-        "react-hot-toast": "^2.4.1",
-        "react-markdown": "^9.0.1",
-        "replicate": "^0.22.0",
-        "stripe": "^14.5.0",
-        "tailwind-merge": "^2.0.0",
-        "tailwindcss-animate": "^1.0.7",
-        "typewriter-effect": "^2.21.0",
-        "zod": "^3.22.4",
-        "zustand": "^4.4.7"
-      },
-      "devDependencies": {
-        "@types/node": "^20",
-        "@types/react": "^18",
-        "@types/react-dom": "^18",
-        "autoprefixer": "^10.0.1",
-        "eslint": "^8",
-        "eslint-config-next": "14.0.3",
-        "postcss": "^8",
-        "prisma": "^5.6.0",
-        "tailwindcss": "^3.3.0",
-        "typescript": "^5"
-      }
-    }
+        value: "./node_modules"