From 15c8c4e9e0fd0e067908878b17c271cce66c2f05 Mon Sep 17 00:00:00 2001 From: RAprogramm Date: Sun, 19 Oct 2025 08:16:09 +0700 Subject: [PATCH 1/3] #19 feat: add GitHub Security Code Scanning (CodeQL) - Add CodeQL workflow for automated security scanning - Configure Rust language analysis - Enable security-extended query suite - Schedule weekly scans on Mondays - Integrate with GitHub Security tab Workflow features: - Runs on every PR and push to main - Weekly scheduled scans for continuous monitoring - Security-extended queries for comprehensive analysis - Automatic build with Rust stable - Results visible in GitHub Security tab - Integration with pull request checks Benefits: - Automated security vulnerability detection - Industry-standard CodeQL analysis - Early detection of security issues - Professional security posture - Complements cargo-audit and cargo-deny - Required for enterprise adoption - GitHub Security Dashboard integration --- .github/workflows/codeql.yml | 50 ++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..4d9caab --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,50 @@ +# SPDX-FileCopyrightText: 2025 RAprogramm +# SPDX-License-Identifier: MIT + +name: CodeQL + +on: + push: + branches: [main] + pull_request: + branches: [main] + schedule: + - cron: '0 0 * * 1' + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [rust] + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: ${{ matrix.language }} + queries: security-extended + + - name: Install Rust stable + uses: dtolnay/rust-toolchain@stable + + - name: Setup Rust cache + uses: Swatinem/rust-cache@v2 + + - name: Autobuild + uses: github/codeql-action/autobuild@v3 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:${{ matrix.language }}" From ab2d3af5cd2a02dd6015a89fd6c7547c46b44d53 Mon Sep 17 00:00:00 2001 From: RAprogramm Date: Sun, 19 Oct 2025 08:16:48 +0700 Subject: [PATCH 2/3] #19 chore: apply rustfmt formatting --- examples/command_line.rs | 4 ++-- examples/zero_copy.rs | 5 ++++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/examples/command_line.rs b/examples/command_line.rs index 3676288..15bf4a5 100644 --- a/examples/command_line.rs +++ b/examples/command_line.rs @@ -9,7 +9,7 @@ //! - Simulating a C function that takes char** argv //! - Real-world usage pattern -use std::ffi::{c_char, c_int, CStr}; +use std::ffi::{CStr, c_char, c_int}; use cstring_array::CStringArray; @@ -57,7 +57,7 @@ fn main() { s if s.starts_with("--") => println!(" Option: {}", s), s if s.starts_with('-') => println!(" Flag: {}", s), s if i == 0 => println!(" Program: {}", s), - s => println!(" Argument: {}", s), + s => println!(" Argument: {}", s) } } } diff --git a/examples/zero_copy.rs b/examples/zero_copy.rs index eab057c..e751552 100644 --- a/examples/zero_copy.rs +++ b/examples/zero_copy.rs @@ -54,7 +54,10 @@ fn main() { println!(" Created {} CStrings", large_cstrings.len()); let large_array = CStringArray::from_cstrings(large_cstrings).expect("Failed to create array"); println!(" Zero-copy array length: {}", large_array.len()); - println!(" First element: {}", large_array.get(0).unwrap().to_str().unwrap()); + println!( + " First element: {}", + large_array.get(0).unwrap().to_str().unwrap() + ); println!( " Last element: {}", large_array From a66e5f32d3ce15102535643526c0dfc8289040e9 Mon Sep 17 00:00:00 2001 From: RAprogramm Date: Sun, 19 Oct 2025 08:27:09 +0700 Subject: [PATCH 3/3] #19 fix: add actions write permission for rust-cache --- .github/workflows/codeql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 4d9caab..5bd8cff 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -16,7 +16,7 @@ jobs: name: Analyze runs-on: ubuntu-latest permissions: - actions: read + actions: write contents: read security-events: write