OneSignal-Android-SDK icon indicating copy to clipboard operation
OneSignal-Android-SDK copied to clipboard
verified publisher icon OneSignal

Add CodeQL

Open jennantilla opened this issue 2 years ago • 5 comments

Description

One Line Summary

Add the CodeQL GitHub security scanning action to this repository.

Details

Add the CodeQL GitHub security scanning action to the this repository. This action will run on PRs into user-model/main and main branches.

Motivation

Security scanning

Scope

Static analysis

Checklist

Overview

  • [X] I have filled out all REQUIRED sections above
  • [X] PR does one thing
    • If it is hard to explain how any codes changes are related to each other then it most likely needs to be more than one PR
  • [X] Any Public API changes are explained in the PR details and conform to existing APIs

Testing

  • [X] I have included test coverage for these changes, or explained why they are not needed
  • [X] All automated tests pass, or I explained why that is not possible
  • [X] I have personally tested this on my device, or explained why that is not possible

Final pass

  • [X] Code is as readable as possible.
    • Simplify with less code, followed by splitting up code into well named functions and variables, followed by adding comments to the code.
  • [X] I have reviewed this PR myself, ensuring it meets each checklist item
    • WIP (Work In Progress) is ok, but explain what is still in progress and what you would like feedback on. Start the PR title with "WIP" to indicate this.

This change is Reviewable

jennantilla avatar Oct 27 '23 22:10 jennantilla

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

github-advanced-security[bot] avatar Oct 30 '23 19:10 github-advanced-security[bot]

Added intent verification for BroadcastReceiver classes as flagged by CodeQL, screening now passes (Test/build fixed here). cc @emawby @shepherd-l

Screenshot 2023-11-01 at 1 07 33 PM

jennantilla avatar Nov 01 '23 20:11 jennantilla

Great catch @shepherd-l! Looks like this was accidentally added and unused so I removed it.

jennantilla avatar Nov 02 '23 17:11 jennantilla

Oops, @jinliu9508 this work should eventually get merged (it became stagnant due to a build error). But I think it will be easier for me to just create a new PR once we update to main.

jennantilla avatar Jan 31 '24 21:01 jennantilla

Re-opening so we don't lose this, we can always refactor later. The deletion of the usermodel branch (now recovered) caused the PRs to close.

nan-li avatar Jan 31 '24 22:01 nan-li