mirror of
https://github.com/elastic/kibana.git
synced 2025-04-24 17:59:23 -04:00
9a7dafcf38
# Backport This will backport the following commits from `main` to `8.x`: - [[CodeQL] Local run script (#194272)](https://github.com/elastic/kibana/pull/194272) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Elena Shostak","email":"165678770+elena-shostak@users.noreply.github.com"},"sourceCommit":{"committedDate":"2024-10-28T12:40:27Z","message":"[CodeQL] Local run script (#194272)\n\n## Summary\r\n\r\nThis PR introduces a script that allows developers to run CodeQL\r\nanalysis locally. It uses a Docker container with prebuilt CodeQL\r\nqueries to facilitate easy setup and execution.\r\nThe script has the following key steps:\r\n- Creating a CodeQL database from the source code. The database is\r\nessentially a representation of the codebase that CodeQL uses to analyze\r\nfor potential issues.\r\n- Running the analysis on the created database,\r\n`javascript-security-and-quality` suit is used.\r\n\r\n### Usage\r\n```\r\nbash scripts/codeql/quick_check.sh -s path/to/your-source-dir\r\n```\r\nFor example\r\n```\r\nbash scripts/codeql/quick_check.sh -s ./x-pack/plugins/security_solution/public/common/components/ml/conditional_links\r\n```\r\n\r\nThe `-s` option allows you to specify the path to the source code\r\ndirectory that you wish to analyze.\r\n\r\n### Why custom Docker file?\r\nChecked the ability to use MSFT image for local run\r\nhttps://github.com/microsoft/codeql-container. Turned out it has several\r\nproblems:\r\n1. The published one has an error with [execute\r\npermissions](https://github.com/microsoft/codeql-container/issues/53).\r\n2. Container has outdated nodejs version, so it didn't parse our syntax\r\n(like `??`) and failed.\r\n3. The technique used in the repository to download the CodeQL binaries\r\nand precompile the queries is outdated in the sense that GitHub now\r\noffers pre-compiled queries you can just download. Follow this\r\n[comment](https://github.com/microsoft/codeql-container/issues/53#issuecomment-1875879512).\r\n\r\nTaking this into consideration I have created a lightweight docker image\r\nwithout extraneous dependencies for go/.net/java.\r\n\r\n## Context and interdependencies issues\r\nThere are issues sometimes when analyze run returns no results,\r\nparticularly when analyzing a single folder.\r\nIt might be due to the missing context for the data flow graph CodeQL\r\ngenerates or context for interdependencies. This is actually a trade off\r\nof running it locally for a subset of source directories. We need to\r\nexplicitly state that in the documentation and advise to expand the\r\nscope of source code directories involved for local scan.\r\n\r\nDocumentation for triaging issues will be updated separately.\r\n\r\n__Closes: https://github.com/elastic/kibana/issues/195740__","sha":"9dd4205639ed16f9086a7c5d70e077b6db21d73b","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Security","enhancement","release_note:skip","v9.0.0","backport:prev-minor"],"title":"[CodeQL] Local run script","number":194272,"url":"https://github.com/elastic/kibana/pull/194272","mergeCommit":{"message":"[CodeQL] Local run script (#194272)\n\n## Summary\r\n\r\nThis PR introduces a script that allows developers to run CodeQL\r\nanalysis locally. It uses a Docker container with prebuilt CodeQL\r\nqueries to facilitate easy setup and execution.\r\nThe script has the following key steps:\r\n- Creating a CodeQL database from the source code. The database is\r\nessentially a representation of the codebase that CodeQL uses to analyze\r\nfor potential issues.\r\n- Running the analysis on the created database,\r\n`javascript-security-and-quality` suit is used.\r\n\r\n### Usage\r\n```\r\nbash scripts/codeql/quick_check.sh -s path/to/your-source-dir\r\n```\r\nFor example\r\n```\r\nbash scripts/codeql/quick_check.sh -s ./x-pack/plugins/security_solution/public/common/components/ml/conditional_links\r\n```\r\n\r\nThe `-s` option allows you to specify the path to the source code\r\ndirectory that you wish to analyze.\r\n\r\n### Why custom Docker file?\r\nChecked the ability to use MSFT image for local run\r\nhttps://github.com/microsoft/codeql-container. Turned out it has several\r\nproblems:\r\n1. The published one has an error with [execute\r\npermissions](https://github.com/microsoft/codeql-container/issues/53).\r\n2. Container has outdated nodejs version, so it didn't parse our syntax\r\n(like `??`) and failed.\r\n3. The technique used in the repository to download the CodeQL binaries\r\nand precompile the queries is outdated in the sense that GitHub now\r\noffers pre-compiled queries you can just download. Follow this\r\n[comment](https://github.com/microsoft/codeql-container/issues/53#issuecomment-1875879512).\r\n\r\nTaking this into consideration I have created a lightweight docker image\r\nwithout extraneous dependencies for go/.net/java.\r\n\r\n## Context and interdependencies issues\r\nThere are issues sometimes when analyze run returns no results,\r\nparticularly when analyzing a single folder.\r\nIt might be due to the missing context for the data flow graph CodeQL\r\ngenerates or context for interdependencies. This is actually a trade off\r\nof running it locally for a subset of source directories. We need to\r\nexplicitly state that in the documentation and advise to expand the\r\nscope of source code directories involved for local scan.\r\n\r\nDocumentation for triaging issues will be updated separately.\r\n\r\n__Closes: https://github.com/elastic/kibana/issues/195740__","sha":"9dd4205639ed16f9086a7c5d70e077b6db21d73b"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/194272","number":194272,"mergeCommit":{"message":"[CodeQL] Local run script (#194272)\n\n## Summary\r\n\r\nThis PR introduces a script that allows developers to run CodeQL\r\nanalysis locally. It uses a Docker container with prebuilt CodeQL\r\nqueries to facilitate easy setup and execution.\r\nThe script has the following key steps:\r\n- Creating a CodeQL database from the source code. The database is\r\nessentially a representation of the codebase that CodeQL uses to analyze\r\nfor potential issues.\r\n- Running the analysis on the created database,\r\n`javascript-security-and-quality` suit is used.\r\n\r\n### Usage\r\n```\r\nbash scripts/codeql/quick_check.sh -s path/to/your-source-dir\r\n```\r\nFor example\r\n```\r\nbash scripts/codeql/quick_check.sh -s ./x-pack/plugins/security_solution/public/common/components/ml/conditional_links\r\n```\r\n\r\nThe `-s` option allows you to specify the path to the source code\r\ndirectory that you wish to analyze.\r\n\r\n### Why custom Docker file?\r\nChecked the ability to use MSFT image for local run\r\nhttps://github.com/microsoft/codeql-container. Turned out it has several\r\nproblems:\r\n1. The published one has an error with [execute\r\npermissions](https://github.com/microsoft/codeql-container/issues/53).\r\n2. Container has outdated nodejs version, so it didn't parse our syntax\r\n(like `??`) and failed.\r\n3. The technique used in the repository to download the CodeQL binaries\r\nand precompile the queries is outdated in the sense that GitHub now\r\noffers pre-compiled queries you can just download. Follow this\r\n[comment](https://github.com/microsoft/codeql-container/issues/53#issuecomment-1875879512).\r\n\r\nTaking this into consideration I have created a lightweight docker image\r\nwithout extraneous dependencies for go/.net/java.\r\n\r\n## Context and interdependencies issues\r\nThere are issues sometimes when analyze run returns no results,\r\nparticularly when analyzing a single folder.\r\nIt might be due to the missing context for the data flow graph CodeQL\r\ngenerates or context for interdependencies. This is actually a trade off\r\nof running it locally for a subset of source directories. We need to\r\nexplicitly state that in the documentation and advise to expand the\r\nscope of source code directories involved for local scan.\r\n\r\nDocumentation for triaging issues will be updated separately.\r\n\r\n__Closes: https://github.com/elastic/kibana/issues/195740__","sha":"9dd4205639ed16f9086a7c5d70e077b6db21d73b"}}]}] BACKPORT--> Co-authored-by: Elena Shostak <165678770+elena-shostak@users.noreply.github.com> |
||
|---|---|---|
| .. | ||
| codeql | ||
| archive_migration_functions.sh | ||
| backport.js | ||
| build.js | ||
| build_api_docs.js | ||
| build_kibana_platform_plugins.js | ||
| build_plugin_list_docs.js | ||
| build_product_doc_artifacts.js | ||
| capture_oas_snapshot.js | ||
| check_file_casing.js | ||
| check_ftr_code_owners.js | ||
| check_ftr_configs.js | ||
| check_jest_configs.js | ||
| check_licenses.js | ||
| check_mappings_update.js | ||
| check_prod_native_modules.js | ||
| chromium_version.js | ||
| classify_source.js | ||
| create_observability_rules.js | ||
| delete_kibana_indices.sh | ||
| dev_docs.sh | ||
| docs.js | ||
| download_pr_list.js | ||
| enabled_ftr_configs.js | ||
| es.js | ||
| es_archiver.js | ||
| eslint.js | ||
| eslint_with_types.js | ||
| extract_performance_testing_dataset.js | ||
| find_babel_runtime_helpers_in_use.js | ||
| find_node_libs_browser_polyfills_in_use.js | ||
| functional_test_runner.js | ||
| functional_tests.js | ||
| functional_tests_server.js | ||
| generate.js | ||
| generate_console_definitions.js | ||
| generate_openapi.js | ||
| generate_plugin.js | ||
| generate_team_assignments.js | ||
| i18n_check.js | ||
| i18n_extract.js | ||
| i18n_integrate.js | ||
| ingest_coverage.js | ||
| jest.js | ||
| jest_integration.js | ||
| kbn.js | ||
| kbn_archiver.js | ||
| kibana.js | ||
| kibana_encryption_keys.js | ||
| kibana_keystore.js | ||
| kibana_plugin.js | ||
| kibana_setup.js | ||
| kibana_verification_code.js | ||
| licenses_csv_report.js | ||
| lint_packages.js | ||
| lint_ts_projects.js | ||
| makelogs.js | ||
| manifest.js | ||
| notice.js | ||
| plugin_check.js | ||
| plugin_helpers.js | ||
| precommit_hook.js | ||
| prettier_topology_check.js | ||
| quick_checks.js | ||
| read_jest_help.mjs | ||
| README.md | ||
| register_git_hook.js | ||
| report_failed_tests.js | ||
| report_performance_metrics.js | ||
| rewrite_buildkite_definitions.js | ||
| run_performance.js | ||
| run_scalability.js | ||
| saved_objs_info.js | ||
| ship_ci_stats.js | ||
| snapshot_plugin_types.js | ||
| spec_to_console.js | ||
| storybook.js | ||
| stylelint.js | ||
| synthtrace.js | ||
| telemetry_check.js | ||
| telemetry_extract.js | ||
| test_hardening.js | ||
| type_check.js | ||
| update_prs.js | ||
| update_vscode_config.js | ||
| validate_next_docs.js | ||
| whereis_pkg.js | ||
| yarn_deduplicate.js | ||
Kibana Dev Scripts
This directory contains scripts useful for interacting with Kibana tools in development. Use the node executable and --help flag to learn about how they work:
node scripts/{{script name}} --help
For Developers
This directory is excluded from the build and tools within it should help users discover their capabilities. Each script in this directory must:
- require
src/setup_node_envto bootstrap NodeJS environment - call out to source code in the
srcorpackagesdirectories - react to the
--helpflag - run everywhere OR check and fail fast when a required OS or toolchain is not available
Functional Test Scripts
node scripts/functional_tests [--config test/functional/config.base.js --config test/api_integration/config.js]
Runs all the functional tests: selenium tests and api integration tests. List configs with multiple --config arguments. Uses the @kbn/test library to run Elasticsearch and Kibana servers and tests against those servers, for multiple server+test setups. In particular, calls out to runTests(). Can be run on a single config.
node scripts/functional_tests_server [--config test/functional/config.base.js]
Starts just the Elasticsearch and Kibana servers given a single config, i.e. via --config test/functional/config.base.js or --config test/api_integration/config. Allows the user to start just the servers with this script, and keep them running while running tests against these servers. The idea is that the same config file configures both Elasticsearch and Kibana servers. Uses the startServers() method from @kbn/test library.
Example. Start servers and run tests, separately, but using the same config:
# Just the servers
node scripts/functional_tests_server --config path/to/config
In another terminal:
# Just the tests--against the running servers
node scripts/functional_test_runner --config path/to/config
For details on how the internal methods work, read this readme.
ES archiver
Loading data
If you wish to load up specific es archived data for your test, you can do so via:
node scripts/es_archiver.js load <archive> [--es-url=http://username:password@localhost:9200] [--kibana-url=http://username:password@localhost:5601/{basepath?}]
That will load the specified archive located in the archive directory specified by the default functional config file, located in test/functional/config.base.js. To load archives from other function config files you can pass --config path/to/config.js.
Note: The --es-url and --kibana-url options may or may not be neccessary depending on your current Kibana configuration settings, and their values
may also change based on those settings (for example if you are not running with security you will not need the username:password portion).
Saving data
You can save existing data into an archive by using the save command:
node scripts/es_archiver.js save <archive name for kibana data> [space separated list of index patterns to include]
You may want to store the .kibana index separate from data. Since adding a lot of data will bloat our repo size, we have many tests that reuse the same
data indices but use their own .kibana index.