Merge pull request #7161 from betagouv/try_codeql

try codeql analysis
This commit is contained in:
LeSim 2022-05-06 11:56:18 +02:00 committed by GitHub
commit 572e64a5bf
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 70 additions and 124 deletions

70
.github/workflows/codeql-analysis.yml vendored Normal file
View file

@ -0,0 +1,70 @@
# For most projects, this workflow file will not need changing; you simply need
# to commit it to your repository.
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
#
# ******** NOTE ********
# We have attempted to detect the languages in your repository. Please check
# the `language` matrix defined below to confirm you have the correct set of
# supported CodeQL languages.
#
name: "CodeQL"
on:
push:
branches: [ main ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ main ]
schedule:
- cron: '28 22 * * 1'
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: [ 'javascript', 'ruby' ]
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
# Learn more about CodeQL language support at https://git.io/codeql-language-support
steps:
- name: Checkout repository
uses: actions/checkout@v3
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# queries: ./path/to/local/query, your-org/your-repo/queries@main
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v2
# Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
# and modify them (or add more) to build your code if your project
# uses a compiled language
#- run: |
# make bootstrap
# make release
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2

View file

@ -8,7 +8,6 @@ import * as Turbo from '@hotwired/turbo';
import '../shared/activestorage/ujs';
import '../shared/remote-poller';
import '../shared/safari-11-file-xhr-workaround';
import '../shared/franceconnect';
import '../shared/toggle-target';
import '../shared/ujs-error-handling';

View file

@ -1,123 +0,0 @@
const fconnect = {
tracesUrl: '/traces',
aboutUrl: ''
};
const document = window.document;
function init() {
fconnect.currentHost = 'fcp.integ01.dev-franceconnect.fr';
if (window.location.hostname == 'www.demarches-simplifiees.fr')
fconnect.currentHost = 'app.franceconnect.gouv.fr';
var fconnectProfile = document.getElementById('fconnect-profile');
if (fconnectProfile) {
var linkAccess = document.querySelector('#fconnect-profile > a');
var fcLogoutUrl = fconnectProfile.getAttribute('data-fc-logout-url');
var access = createFCAccessElement(fcLogoutUrl);
fconnectProfile.appendChild(access);
linkAccess.onclick = toggleElement.bind(access);
}
}
addEventListener('DOMContentLoaded', init);
function toggleElement(event) {
event.preventDefault();
if (this.style.display === 'block') {
this.style.display = 'none';
} else {
this.style.display = 'block';
}
}
function closeFCPopin(event) {
event.preventDefault();
fconnect.popin.className = 'fade-out';
setTimeout(function () {
document.body.removeChild(fconnect.popin);
}, 200);
}
function openFCPopin() {
fconnect.popin = document.createElement('div');
fconnect.popin.id = 'fc-background';
var iframe = createFCIframe();
document.body.appendChild(fconnect.popin);
fconnect.popin.appendChild(iframe);
setTimeout(function () {
fconnect.popin.className = 'fade-in';
}, 200);
}
function createFCIframe() {
var iframe = document.createElement('iframe');
iframe.setAttribute('id', 'fconnect-iframe');
iframe.frameBorder = 0;
iframe.name = 'fconnect-iframe';
return iframe;
}
function createFCAccessElement(logoutUrl) {
var access = document.createElement('div');
access.id = 'fconnect-access';
access.innerHTML = '<h5>Vous êtes identifié grâce à FranceConnect</h5>';
access.appendChild(createAboutLink());
access.appendChild(document.createElement('hr'));
access.appendChild(createHistoryLink());
access.appendChild(createLogoutElement(logoutUrl));
return access;
}
function createHistoryLink() {
var historyLink = document.createElement('a');
historyLink.target = 'fconnect-iframe';
historyLink.href = '//' + fconnect.currentHost + fconnect.tracesUrl;
historyLink.onclick = openFCPopin;
historyLink.innerHTML = 'Historique des connexions/échanges de données';
return historyLink;
}
function createAboutLink() {
var aboutLink = document.createElement('a');
aboutLink.href = fconnect.aboutUrl
? '//' + fconnect.currentHost + fconnect.aboutUrl
: '#';
if (fconnect.aboutUrl) {
aboutLink.target = 'fconnect-iframe';
aboutLink.onclick = openFCPopin;
}
aboutLink.innerHTML = "Qu'est-ce-que FranceConnect ?";
return aboutLink;
}
function createLogoutElement(logoutUrl) {
var elm = document.createElement('div');
elm.className = 'logout';
elm.innerHTML =
'<a class="btn btn-default" href="' + logoutUrl + '">Se déconnecter</a>';
return elm;
}
var eventMethod = window.addEventListener ? 'addEventListener' : 'attachEvent';
var eventer = window[eventMethod];
var messageEvent = eventMethod == 'attachEvent' ? 'onmessage' : 'message';
// Listen to message from child window
eventer(
messageEvent,
function (e) {
var key = e.message ? 'message' : 'data';
var data = e[key];
if (data === 'close_popup') {
closeFCPopin(e);
}
},
false
);