ghastoolkit 0.12.2

GitHub Advanced Security Toolkit in Rust
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304

//! # CodeQL Databases

use log::debug;
use std::path::PathBuf;
use walkdir::WalkDir;

use super::CodeQLLanguage;
use crate::{GHASError, GitHub};
use crate::{Repository, codeql::database::CodeQLDatabase};

/// A list of CodeQL databases
#[derive(Debug, Clone)]
pub struct CodeQLDatabases {
    /// The Base path for the databases
    path: PathBuf,
    /// The list of databases
    databases: Vec<CodeQLDatabase>,
}

impl Iterator for CodeQLDatabases {
    type Item = CodeQLDatabase;

    fn next(&mut self) -> Option<Self::Item> {
        self.databases.pop()
    }
}

impl CodeQLDatabases {
    /// Create a new list of databases
    pub fn new() -> Self {
        Self {
            path: CodeQLDatabases::default_path(),
            databases: Vec::new(),
        }
    }

    /// Set the root path where the databases are stored
    pub fn set_path(&mut self, path: impl Into<PathBuf>) {
        self.path = path.into();
    }

    /// Get all of the loaded databases
    pub fn databases(&self) -> Vec<CodeQLDatabase> {
        self.databases.clone()
    }

    /// Add a database to the list
    pub fn add(&mut self, database: CodeQLDatabase) {
        self.databases.push(database);
    }

    /// Check if the list is empty
    pub fn is_empty(&self) -> bool {
        self.databases.is_empty()
    }

    /// Get the number of databases in the list
    pub fn len(&self) -> usize {
        self.databases.len()
    }

    /// Dowload a database from the GitHub API
    pub(crate) async fn download_database(
        output: &PathBuf,
        repository: &Repository,
        github: &GitHub,
        language: &CodeQLLanguage,
    ) -> Result<CodeQLDatabase, GHASError> {
        if github.is_enterprise_server() {
            return Err(GHASError::CodeQLDatabaseError(
                "CodeQL database download is not supported on GitHub Enterprise Server".to_string(),
            ));
        }

        let dbpath = output.join("codeql-database.zip");
        let route = format!(
            "{base}repos/{owner}/{repo}/code-scanning/codeql/databases/{language}",
            base = github.base(),
            owner = repository.owner(),
            repo = repository.name(),
            language = language.language()
        );
        log::debug!("Route: {}", route);

        let client = reqwest::Client::new();
        let mut request = client
            .get(route)
            .header(
                http::header::ACCEPT,
                http::header::HeaderValue::from_str("application/zip")?,
            )
            .header(
                http::header::USER_AGENT,
                http::header::HeaderValue::from_str("ghastoolkit")?,
            );

        if let Some(token) = github.token() {
            request = request.header(http::header::AUTHORIZATION, format!("Bearer {}", token));
        }

        let data = request.send().await?.bytes().await?;

        tokio::fs::write(&dbpath, data).await?;
        log::debug!("Database archive downloaded to {}", dbpath.display());

        if !dbpath.exists() {
            return Err(crate::GHASError::CodeQLDatabaseError(format!(
                "Database not found at: {}",
                output.display()
            )));
        }

        log::debug!("Unzipping CodeQL database to {}", output.display());
        Self::unzip_codeql_database(&dbpath, &output)?;

        let mut db = CodeQLDatabase::load(output)?;
        db.set_repository(repository);

        Ok(db)
    }

    /// Download a database and store it in the CodeQL Databases path
    pub async fn download(
        &mut self,
        repository: &Repository,
        github: &GitHub,
    ) -> Result<Vec<CodeQLDatabase>, GHASError> {
        let mut databases = Vec::new();
        let database_list = github
            .code_scanning(repository)
            .list_codeql_databases()
            .await?;

        for dbitem in database_list {
            let language = CodeQLLanguage::from(dbitem.language);

            let path = Self::default_db_path(&self.path, repository, language.language());
            if !path.exists() {
                debug!("Creating database path: {}", path.display());
                tokio::fs::create_dir_all(&path).await?;
            }
            debug!("Downloading database to: {}", path.display());

            let db = Self::download_database(&path, repository, github, &language).await?;
            log::debug!("Database: {db:?}");

            self.add(db.clone());
            databases.push(db);
        }

        Ok(databases)
    }

    /// Download a database for a specific language
    pub async fn download_language(
        &mut self,
        repository: &Repository,
        github: &GitHub,
        language: impl Into<CodeQLLanguage>,
    ) -> Result<CodeQLDatabase, GHASError> {
        let language = language.into();

        let path = Self::default_db_path(&self.path, repository, language.language());
        if !path.exists() {
            debug!("Creating database path: {}", path.display());
            tokio::fs::create_dir_all(&path).await?;
        }
        log::debug!("Downloading database to: {}", path.display());
        let db = Self::download_database(&path, repository, github, &language).await?;
        log::debug!("Database: {db:?}");

        self.add(db.clone());

        Ok(db)
    }

    /// Unzip the CodeQL database
    fn unzip_codeql_database(zip: &PathBuf, output: &PathBuf) -> Result<(), GHASError> {
        log::debug!("Unzipping CodeQL database to {}", output.display());
        let file = std::fs::File::open(zip)?;
        let mut archive = zip::ZipArchive::new(file)?;
        archive.extract(output)?;

        Ok(())
    }

    /// Create a default path for the database to be stored
    pub(crate) fn default_db_path(
        base: &PathBuf,
        repo: &Repository,
        language: impl Into<String>,
    ) -> PathBuf {
        base.join(repo.owner())
            .join(repo.name())
            .join(language.into())
    }

    /// Get the default path for CodeQL databases
    pub fn default_path() -> PathBuf {
        // Get env var CODEQL_DATABASES
        match std::env::var("CODEQL_DATABASES") {
            Ok(p) => PathBuf::from(p),
            Err(_) => {
                // Get HOME directory
                match std::env::var("HOME") {
                    Ok(p) => {
                        let mut base = PathBuf::from(p);
                        base.push(".codeql");
                        base.push("databases");
                        base
                    }
                    Err(_) => PathBuf::from("/tmp/codeql"),
                }
            }
        }
    }

    /// Get the default path for CodeQL results
    pub fn default_results() -> PathBuf {
        match std::env::var("CODEQL_RESULTS") {
            Ok(p) => PathBuf::from(p),
            Err(_) => match std::env::var("HOME") {
                Ok(p) => {
                    let mut base = PathBuf::from(p);
                    base.push(".codeql");
                    base.push("results");
                    base
                }
                Err(_) => PathBuf::from("/tmp/codeql"),
            },
        }
    }

    /// Walk directory to find all CodeQL databases.
    pub fn load(path: impl Into<PathBuf>) -> CodeQLDatabases {
        let path = path.into();
        debug!("Loading databases from: {}", path.display());

        let mut databases = CodeQLDatabases::new();
        databases.path = path.clone();

        WalkDir::new(path)
            .into_iter()
            .filter_map(|e| e.ok())
            .filter(|e| e.file_name() == "codeql-database.yml")
            .for_each(|path| {
                let database = CodeQLDatabase::from(path.path());
                databases.add(database);
            });

        databases
    }
}

impl From<String> for CodeQLDatabases {
    fn from(path: String) -> Self {
        CodeQLDatabases::load(path)
    }
}

impl From<&str> for CodeQLDatabases {
    fn from(path: &str) -> Self {
        CodeQLDatabases::load(path.to_string())
    }
}

impl From<PathBuf> for CodeQLDatabases {
    fn from(path: PathBuf) -> Self {
        CodeQLDatabases::load(path.to_str().expect("Invalid path").to_string())
    }
}

impl Default for CodeQLDatabases {
    fn default() -> Self {
        let path = CodeQLDatabases::default_path()
            .to_str()
            .expect("Invalid path")
            .to_string();
        CodeQLDatabases::load(format!("{}/**/codeql-database.yml", path))
    }
}

#[cfg(test)]
mod tests {
    use std::path::PathBuf;

    use crate::CodeQLDatabases;

    #[test]
    fn test_default_codeql_path() {
        let home_path = match std::env::var("HOME") {
            Ok(p) => {
                let mut path = PathBuf::from(p);
                path.push(".codeql");
                path.push("databases");
                path
            }
            Err(_) => PathBuf::from("/tmp/codeql"),
        };
        let path = CodeQLDatabases::default_path();

        assert_eq!(path, home_path);
    }
}