Skip to content
/ qcve-runner Public

Quantum CVE engine to evaluate quantum vulnerabilities in open-source projects using CodeQL. Currently in closed-beta testing. Please contact info@pqcee.com for details

www.qcve.org
3 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

pqcee/qcve-runner

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

33 Commits
.github/workflows
.github/workflows
 
 
output
output
 
 
queries
queries
 
 
ref/images
ref/images
 
 
CNAME
CNAME
 
 
README.md
README.md
 
 

Repository files navigation

QCVE (Quantum Computing Vulnerabilities are Everywhere) CodeQL Runner

figure0

This repo is designed to allow CodeQL scripts to be submitted to detect for quantum vulnerabilities in open-source projects. This is a community-sourced project by pQCee.com in collaboration with ayks.io and moonlay.com. For more information or to participate in the program, please contact info@pqcee.com

The URL for the project is: https://github.com/pqcee/QCVE-runner

How To

This repo contains workflow that will analyze submitted query against selected database, the workflow will generate sarif report

  • Clone this repo

    git clone https://github.com/pqcee/qcve-runner.git

  • Checkout new branch with folowing format request/{contributor-name}

    git checkout -b request/john

  • Create folder inside folder queries, make sure folder name using contributor name

  • Create file qlpack.yml inside contributor folder, copy following script

    name: pqcee/qcve-runner
version: 0.0.0
dependencies:
    #this must match your query language
    codeql/javascript-all: "*"

  • Create queries.xml file inside contributor folder, copy following script

    #this must match your query language
<queries language="javascript"/>

  • Add new CodeQL query (with .ql extenstion) inside contributor folder

    figure1

  • Commit and push changes

    git add .
git commit -m “commit message”
git push -u origin request/john

  • Go to Pull Request Page, and Create Pull Request from your request/{contributor-name} branch to main branch

    figure2

  • Select branch to compare and create pull request, this must same with branch you create before.

    figure3

  • Add configuration tag inside PR description

    • #database: selected database for analyze
    • #username: name of contributor (this must equivalent with query folder you created before) example
    Add new query to analyze #database=openssl submitted by #username=maulanardy

    figure4

  • The Pull Request will trigger action to run, You can see the detail in Github Action Tab

    figure5

  • Green check icon marks the process is succeeded.

    figure6

  • Back to Pull Request page, select Tab Commits, you will see new Commit by github-actions[bot] containing new sarif report inside output/{contributor}/result.sarif folder

    figure7

  • Pull your branch to local environment

    git pull

  • You will see sarif generated report inside /output/{username} directory

    figure8

  • Install sarif viewer extension in vscode to view the report

    figure9

    figure10

  • Back to Github Repository, Merge Pull Request to branch ‘main’ if submitted query approved

    figure11

for more details, please contact info@pqcee.com

About

Quantum CVE engine to evaluate quantum vulnerabilities in open-source projects using CodeQL. Currently in closed-beta testing. Please contact info@pqcee.com for details

www.qcve.org

Topics

quantum-computing cve vulnerability-detection post-quantum codeql

Resources

Readme
Activity
Custom properties

Stars

3 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases 1

v1.0.0: Merge pull request #5 from pqcee/request/tanteikg3 Latest
May 8, 2023

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages