From 0f32de9d8cb542c7a4ee04930eef137cf85bd64b Mon Sep 17 00:00:00 2001 From: Chocobo1 Date: Sun, 12 Mar 2023 03:11:02 +0800 Subject: [PATCH 1/3] GHA CI: add CodeQL scanning This enable codebase scanning for C++ and JavaScript languages. https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-with-codeql https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/customizing-code-scanning --- .github/workflows/ci_ubuntu.yaml | 13 +++++++++++++ .github/workflows/ci_webui.yaml | 12 +++++++++++- .github/workflows/helper/codeql/cpp.yaml | 14 ++++++++++++++ .github/workflows/helper/codeql/js.yaml | 11 +++++++++++ 4 files changed, 49 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/helper/codeql/cpp.yaml create mode 100644 .github/workflows/helper/codeql/js.yaml diff --git a/.github/workflows/ci_ubuntu.yaml b/.github/workflows/ci_ubuntu.yaml index f9b0d4181..168b8a7b3 100644 --- a/.github/workflows/ci_ubuntu.yaml +++ b/.github/workflows/ci_ubuntu.yaml @@ -4,6 +4,7 @@ on: [pull_request, push] permissions: actions: write + security-events: write concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} @@ -65,6 +66,14 @@ jobs: cmake --build build sudo cmake --install build + # to avoid scanning 3rdparty codebases, initialize it just before building qbt + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + if: startsWith(matrix.libt_version, 2) && (matrix.qbt_gui == 'GUI=ON') && startsWith(matrix.qt_version, 6) + with: + config-file: ./.github/workflows/helper/codeql/cpp.yaml + languages: cpp + - name: Build qBittorrent (Qt5) if: ${{ startsWith(matrix.qt_version, 5) }} run: | @@ -104,6 +113,10 @@ jobs: cmake --build build --target check DESTDIR="qbittorrent" cmake --install build + - name: Run CodeQL analysis + uses: github/codeql-action/analyze@v2 + if: startsWith(matrix.libt_version, 2) && (matrix.qbt_gui == 'GUI=ON') && startsWith(matrix.qt_version, 6) + - name: Prepare build artifacts run: | mkdir upload diff --git a/.github/workflows/ci_webui.yaml b/.github/workflows/ci_webui.yaml index 335cfe6ad..08daaae6f 100644 --- a/.github/workflows/ci_webui.yaml +++ b/.github/workflows/ci_webui.yaml @@ -2,7 +2,8 @@ name: CI - WebUI on: [pull_request, push] -permissions: {} +permissions: + security-events: write concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} @@ -36,3 +37,12 @@ jobs: run: | npm run format git diff --exit-code + + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + config-file: ./.github/workflows/helper/codeql/js.yaml + languages: javascript + + - name: Run CodeQL analysis + uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/helper/codeql/cpp.yaml b/.github/workflows/helper/codeql/cpp.yaml new file mode 100644 index 000000000..3e09fec53 --- /dev/null +++ b/.github/workflows/helper/codeql/cpp.yaml @@ -0,0 +1,14 @@ +name: "CodeQL config for C++" + +queries: + - uses: security-and-quality + +query-filters: + - exclude: + id: cpp/commented-out-code + - exclude: + id: cpp/include-non-header + - exclude: + id: cpp/loop-variable-changed + - exclude: + id: cpp/useless-expression diff --git a/.github/workflows/helper/codeql/js.yaml b/.github/workflows/helper/codeql/js.yaml new file mode 100644 index 000000000..4d05b6db2 --- /dev/null +++ b/.github/workflows/helper/codeql/js.yaml @@ -0,0 +1,11 @@ +name: "CodeQL config for Javascript" + +paths-ignore: + - "**/lib/*" + +queries: + - uses: security-and-quality + +query-filters: + - exclude: + id: js/superfluous-trailing-arguments From 6fd522472cc554642284c74dcd0741e3a8281eca Mon Sep 17 00:00:00 2001 From: Chocobo1 Date: Sun, 12 Mar 2023 04:58:04 +0800 Subject: [PATCH 2/3] GHA CI: drop needless syntax https://docs.github.com/en/actions/learn-github-actions/expressions#about-expressions >When you use expressions in an if conditional, you may omit the >expression syntax (${{ }}) because GitHub automatically evaluates the if conditional as an expression. --- .github/workflows/ci_macos.yaml | 4 ++-- .github/workflows/ci_ubuntu.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci_macos.yaml b/.github/workflows/ci_macos.yaml index 181331069..5f660bce8 100644 --- a/.github/workflows/ci_macos.yaml +++ b/.github/workflows/ci_macos.yaml @@ -84,7 +84,7 @@ jobs: sudo cmake --install build - name: Build qBittorrent (Qt5) - if: ${{ startsWith(matrix.qt_version, 5) }} + if: startsWith(matrix.qt_version, 5) run: | CXXFLAGS="$CXXFLAGS -Werror -Wno-error=deprecated-declarations" \ LDFLAGS="$LDFLAGS -gz" \ @@ -103,7 +103,7 @@ jobs: cmake --build build --target check - name: Build qBittorrent (Qt6) - if: ${{ startsWith(matrix.qt_version, 6) }} + if: startsWith(matrix.qt_version, 6) run: | CXXFLAGS="$CXXFLAGS -Wno-gnu-zero-variadic-macro-arguments -Werror -Wno-error=deprecated-declarations" \ LDFLAGS="$LDFLAGS -gz" \ diff --git a/.github/workflows/ci_ubuntu.yaml b/.github/workflows/ci_ubuntu.yaml index 168b8a7b3..8d2fbbe68 100644 --- a/.github/workflows/ci_ubuntu.yaml +++ b/.github/workflows/ci_ubuntu.yaml @@ -75,7 +75,7 @@ jobs: languages: cpp - name: Build qBittorrent (Qt5) - if: ${{ startsWith(matrix.qt_version, 5) }} + if: startsWith(matrix.qt_version, 5) run: | CXXFLAGS="$CXXFLAGS -Werror -Wno-error=deprecated-declarations" \ LDFLAGS="$LDFLAGS -gz" \ @@ -94,7 +94,7 @@ jobs: DESTDIR="qbittorrent" cmake --install build - name: Build qBittorrent (Qt6) - if: ${{ startsWith(matrix.qt_version, 6) }} + if: startsWith(matrix.qt_version, 6) run: | CXXFLAGS="$CXXFLAGS -Werror" \ LDFLAGS="$LDFLAGS -gz" \ From fa30b7045364ba359bf8c9b0267b3d896cbe6222 Mon Sep 17 00:00:00 2001 From: Chocobo1 Date: Sun, 12 Mar 2023 05:12:02 +0800 Subject: [PATCH 3/3] Fix code defects --- src/webui/www/private/rename_files.html | 4 +++- src/webui/www/private/scripts/piecesbar.js | 1 - src/webui/www/private/scripts/prop-files.js | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/src/webui/www/private/rename_files.html b/src/webui/www/private/rename_files.html index d5d4155ca..327fabede 100644 --- a/src/webui/www/private/rename_files.html +++ b/src/webui/www/private/rename_files.html @@ -68,8 +68,10 @@ } // Register keyboard events to modal window + // https://github.com/qbittorrent/qBittorrent/pull/18687#discussion_r1135045726 + var keyboard; if (!keyboard) { - var keyboard = new Keyboard({ + keyboard = new Keyboard({ defaultEventType: 'keydown', events: { 'Escape': function(event) { diff --git a/src/webui/www/private/scripts/piecesbar.js b/src/webui/www/private/scripts/piecesbar.js index 4a7fc83c7..96d21af86 100644 --- a/src/webui/www/private/scripts/piecesbar.js +++ b/src/webui/www/private/scripts/piecesbar.js @@ -106,7 +106,6 @@ window.qBittorrent.PiecesBar = (() => { } function refresh(force) { - const start = Date.now(); if (!this.parentNode) return; diff --git a/src/webui/www/private/scripts/prop-files.js b/src/webui/www/private/scripts/prop-files.js index 6b3a4bf32..503350f90 100644 --- a/src/webui/www/private/scripts/prop-files.js +++ b/src/webui/www/private/scripts/prop-files.js @@ -564,7 +564,7 @@ window.qBittorrent.PropFiles = (function() { }; const multiFileRename = function(hash) { - const win = new MochaUI.Window({ + new MochaUI.Window({ id: 'multiRenamePage', title: "QBT_TR(Renaming)QBT_TR[CONTEXT=TorrentContentTreeView]", data: { hash: hash, selectedRows: torrentFilesTable.selectedRows },