Skip to content

feat: add in new metadata-based heuristic to pypi malware analyzer #2632

feat: add in new metadata-based heuristic to pypi malware analyzer

feat: add in new metadata-based heuristic to pypi malware analyzer #2632

# Copyright (c) 2022 - 2023, Oracle and/or its affiliates. All rights reserved.
# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/.
# Run CodeQL over the package. For more configuration options see codeql/codeql-config.yaml
# and: https://github.com/github/codeql-action
name: CodeQL
on:
push:
branches:
- main
- staging
pull_request:
branches:
- main
- staging
schedule:
- cron: 20 15 * * 3
permissions:
contents: read
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
# Learn more about CodeQL language support at https://git.io/codeql-language-support
# We enable JavaScript language to analyze JavaScript expressions in GitHub Actions.
language: [python, go, javascript]
steps:
- name: Checkout repository
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Set up Python
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
with:
python-version: '3.11'
# For more details see the comment in _build.yaml.
- name: Create empty virtual environment for Actions
run: mkdir .venv
- name: Install dependencies
run: make setup
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0
with:
languages: ${{ matrix.language }}
config-file: .github/codeql/codeql-config.yaml
# Override the default behavior so that the action doesn't attempt
# to auto-install Python dependencies
setup-python-dependencies: false
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# queries: ./path/to/local/query, your-org/your-repo/queries@main
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0