Uploaded image for project: 'Compass '
  1. Compass
  2. COMPASS-7540

Setup CodeQL for cpp in boxednode

    XMLWordPrintableJSON

Details

    • Icon: Task Task
    • Resolution: Unresolved
    • Icon: Major - P3 Major - P3
    • None
    • None
    • None
    • None
    • Developer Tools
    • 5
    • Iteration Scutellosaurus, Iteration Triceratops, Iteration Triceratops 1

    Description

      This was split from https://jira.mongodb.org/browse/COMPASS-7482, since the analysis for ccp in boxednode requires the template to be built seemingly in a different way as what boxednode is doing: CodeQL needs to trace the compilation of the template before analyzing it. Unfortunalely it doesn't seem to be happy with just instrumenting one execution of boxednode, which compiles node.js with the main template.

      The action fails without further output and the job is reported as skipped: https://github.com/mongodb-js/boxednode/actions/runs/7198182160/job/19607029983?pr=52

      NOTES:

      • I've not investigated further, but a simple explanation could be that we are not compiling directly the template but one of its instances in a different path, so nothing would trace back to any of the paths present in the repo, hence there is nothing to report back in the analysis.
      • While more complex than anticipated, scanning the main template is still useful since a modified version is used as main entry for mongosh.

      Attachments

        Activity

          People

            Unassigned Unassigned
            maurizio.casimirri@mongodb.com Maurizio Casimirri
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: