Merge branch 'main' of https://github.com/microsoft/codeql-container into main

Author: jacobmsft

Dockerfile

@@ -35,12 +35,12 @@ RUN apt-get update && \
         ln -s /usr/bin/python3.8 /usr/bin/python && \
         ln -s /usr/bin/pip3 /usr/bin/pip 
 
-# Install .NET Core for tools/builds
+# Install .NET Core and Java for tools/builds
 RUN cd /tmp && \
     wget https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb -O packages-microsoft-prod.deb && \
     dpkg -i packages-microsoft-prod.deb && \
     apt-get update; \
-    apt-get install -y apt-transport-https && \
+    apt-get install -y default-jdk apt-transport-https && \
     apt-get update && \
     rm packages-microsoft-prod.deb
 RUN apt-get install -y dotnet-sdk-3.1
@@ -63,9 +63,9 @@ RUN mkdir -p ${CODEQL_HOME} \
     /opt/codeql
 
 # get the latest codeql queries and record the HEAD
-RUN git clone https://github.com/github/codeql ${CODEQL_HOME}/codeql-repo && \
+RUN git clone --depth 1 https://github.com/github/codeql ${CODEQL_HOME}/codeql-repo && \
     git --git-dir ${CODEQL_HOME}/codeql-repo/.git log --pretty=reference -1 > /opt/codeql/codeql-repo-last-commit
-RUN git clone https://github.com/github/codeql-go ${CODEQL_HOME}/codeql-go-repo && \
+RUN git clone --depth 1 https://github.com/github/codeql-go ${CODEQL_HOME}/codeql-go-repo && \
     git --git-dir ${CODEQL_HOME}/codeql-go-repo/.git log --pretty=reference -1 > /opt/codeql/codeql-go-repo-last-commit
 
 RUN CODEQL_VERSION=$(cat /tmp/codeql_version) && \

README.md

@@ -38,7 +38,7 @@ docker run --rm --name codeql-container -e CODEQL_CLI_ARGS="resolve qlpacks"  mc
 
 ### Downloading a pre-built container
 
-We keep updating the docker image periodically and uploading it to the Microsoft Container Registry at: ```mcr.microsoft.com/codeql/codeql-container```.
+We keep updating the docker image periodically and uploading it to the Microsoft Container Registry at: ```mcr.microsoft.com/cstsectools/codeql-container```.
 
 You can pull the image by running the command:
 ```
@@ -98,13 +98,14 @@ to analyze and get a SARIF result file, you will have to run:
 
 ```
 # create the codeql db
-$ docker run --rm --name codeql-container -v /dir/to/analyze:/opt/src -v /dir/for/results:/opt/results -e CODEQL_CLI_ARGS="database create --language=python /opt/results/source_db -s /opt/src" mcr.microsoft.com/cstsectools/codeql-container
+$ export language="python"
+$ docker run --rm --name codeql-container -v /dir/to/analyze:/opt/src -v /dir/for/results:/opt/results -e CODEQL_CLI_ARGS="database create --language=${language} /opt/results/source_db -s /opt/src" mcr.microsoft.com/cstsectools/codeql-container
 
 # upgrade the db if necessary
 $ docker run --rm --name codeql-container -v /dir/to/analyze:/opt/src -v /dir/for/results:/opt/results -e CODEQL_CLI_ARGS=" database upgrade /opt/results/source_db" mcr.microsoft.com/cstsectools/codeql-container
 
 # run the queries in the qlpack
-$ docker run --rm --name codeql-container -v /dir/to/analyze:/opt/src -v /dir/for/results:/opt/results -e CODEQL_CLI_ARGS="database analyze --format=sarifv2 --output=/opt/results/issues.sarif /opt/results/source_db qlpack.qps" mcr.microsoft.com/cstsectools/codeql-container
+$ docker run --rm --name codeql-container -v /dir/to/analyze:/opt/src -v /dir/for/results:/opt/results -e CODEQL_CLI_ARGS="database analyze --format=sarifv2 --output=/opt/results/issues.sarif /opt/results/source_db ${language}-security-and-quality.qls" mcr.microsoft.com/cstsectools/codeql-container
 ```
 
 For more information on CodeQL and QL packs, please visit https://www.github.com/github/codeql.

container/libs/codeql.py

@@ -68,6 +68,7 @@ def get_current_local_version(self):
         if ret_string is CalledProcessError:
             logger.error("Could not run codeql command")
             exit(self.ERROR_EXECUTING_CODEQL)
+            
         version_match = search("toolchain release ([0-9.]+)\.", ret_string)
         if not version_match:
             logger.error("Could not determine existing codeql version")
@@ -85,11 +86,11 @@ def install_codeql_cli(self, download_path):
         ret1 = check_output_wrapper(f'unzip {download_path} -d {codeql_dir}', shell=True)
 
     def precompile_queries(self):
-        execute_codeql_command(f' query compile --search-path {self.CODEQL_HOME} {self.CODEQL_HOME}/codeql-repo/*/ql/src/codeql-suites/*.qls')
+        self.execute_codeql_command(f' query compile --search-path {self.CODEQL_HOME} {self.CODEQL_HOME}/codeql-repo/*/ql/src/codeql-suites/*.qls')
 
     def execute_codeql_command(self, args):
         ret_string = check_output_wrapper(f'{self.CODEQL_HOME}/codeql/codeql {args}', shell=True)
         if ret_string is CalledProcessError:
             logger.error("Could not run codeql command")
             exit(self.ERROR_EXECUTING_CODEQL)
-        return bytearray(ret_string).decode('utf-8')
+        return bytearray(ret_string).decode('utf-8')