NH-66480: fix the codeql warning and avoid scan test file

solarwinds · Jan 18, 2024 · f270fb1 · f270fb1
1 parent 0bb8c76
commit f270fb1
Show file tree

Hide file tree

Showing 6 changed files with 23 additions and 36 deletions.
diff --git a/.github/codeql/codeql-config.yml b/.github/codeql/codeql-config.yml
@@ -0,0 +1,2 @@
+paths-ignore:
+  - 'test/**/*.rb'
diff --git a/.github/workflows/codeql_analysis.yml b/.github/workflows/codeql_analysis.yml
@@ -31,11 +31,12 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@v3
         with:
           languages: ${{ matrix.language }}
           # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
           queries: security-extended,security-and-quality
+          config-file: ./.github/codeql/codeql-config.yml
 
       - name: Autobuild
         uses: github/codeql-action/autobuild@v2

diff --git a/lib/solarwinds_apm/config.rb b/lib/solarwinds_apm/config.rb
@@ -283,27 +283,6 @@ def self.[]=(key, value)
       end
     end
     # rubocop:enable Metrics/AbcSize, Metrics/PerceivedComplexity, Metrics/CyclomaticComplexity
-
-    def self.method_missing(sym, *args)
-      class_var_name = "@@#{sym}"
-
-      if sym.to_s =~ /(.+)=$/
-        self[$1] = args.first
-      else
-        # Try part of the @@config hash first
-        if @@config.key?(sym)
-          self[sym]
-
-        # Then try as a class variable
-        elsif self.class_variable_defined?(class_var_name.to_sym)
-          self.class_eval(class_var_name)
-
-        # Congrats - You've won a brand new nil...
-        else
-          nil
-        end
-      end
-    end
   end
 end
 

diff --git a/lib/solarwinds_apm/inst/graphql.rb b/lib/solarwinds_apm/inst/graphql.rb
@@ -21,6 +21,7 @@ class SolarWindsAPMTracing < GraphQL::Tracing::PlatformTracing
         # These GraphQL events will show up as 'graphql.prep' spans
         PREP_KEYS = ['lex', 'parse', 'validate', 'analyze_query', 'analyze_multiplex'].freeze
         EXEC_KEYS = ['execute_multiplex', 'execute_query', 'execute_query_lazy'].freeze
+        MAX_QUERY_LENGTH = 1000
 
         self.platform_keys = {
           'lex' => 'lex',
@@ -150,6 +151,7 @@ def graphql_multiplex(data)
 
         def sanitize(query)
           return unless query
+          raise ArgumentError, "Query is too long for sanitize." if query.length > MAX_QUERY_LENGTH
 
           # remove arguments
           query.gsub(/"[^"]*"/, '"?"')                 # strings

diff --git a/lib/solarwinds_apm/loading.rb b/lib/solarwinds_apm/loading.rb
@@ -13,13 +13,17 @@ module Base64URL
       module_function
 
       def encode(bin)
+        raise ArgumentError, "Input too long for encoding" if bin.length > 200
+
         c = [bin].pack('m0').gsub(/\=+\Z/, '').tr('+/', '-_').rstrip
         m = c.size % 4
         c += '=' * (4 - m) if m != 0
         c
       end
 
       def decode(bin)
+        raise ArgumentError, "Input too long for decoding" if bin.length > 200
+
         m = bin.size % 4
         bin += '=' * (4 - m) if m != 0
         bin.tr('-_', '+/').unpack('m0').first

diff --git a/lib/solarwinds_apm/oboe_init_options.rb b/lib/solarwinds_apm/oboe_init_options.rb
@@ -189,30 +189,29 @@ def read_and_validate_proxy
     end
 
     def read_certificates
+      certificate = ''
+
+      file = appoptics_collector?? "#{__dir__}/cert/star.appoptics.com.issuer.crt" : ENV['SW_APM_TRUSTEDPATH']
+      return certificate if file.nil? || file&.empty?
 
-      file = ''
-      file = "#{File.expand_path File.dirname(__FILE__)}/cert/star.appoptics.com.issuer.crt" if ENV["SW_APM_COLLECTOR"]&.include? "appoptics.com"
-      file = ENV['SW_APM_TRUSTEDPATH'] if (!ENV['SW_APM_TRUSTEDPATH'].nil? && !ENV['SW_APM_TRUSTEDPATH']&.empty?)
-
-      return String.new if file.empty?
-
       begin
         certificate = File.open(file,"r").read
       rescue StandardError => e
         SolarWindsAPM.logger.error "[solarwinds_apm/oboe_options] certificates: #{file} doesn't exist or caused by #{e.message}."
-        certificate = String.new
       end
-
-      return certificate
 
+      certificate
     end
 
     def determine_the_metric_model
-      if ENV['SW_APM_COLLECTOR']&.include? "appoptics.com"
-        return 1
-      else
-        return 0
-      end
+      appoptics_collector? ? 1 : 2
+    end
+
+    def appoptics_collector?
+      allowed_uri = ['collector.appoptics.com', 'collector-stg.appoptics.com',
+                     'collector.appoptics.com:443', 'collector-stg.appoptics.com:443']
+
+      (allowed_uri.include? ENV["SW_APM_COLLECTOR"])? true : false
     end
   end
 end