Use Github Actions CodeQL tests

.github/workflows/build.yml

@@ -3,7 +3,6 @@ on: [push, pull_request]
 permissions:
   contents: read
 env:
-  RUN_TESTS: ALL
   BUILD_NUMBER: ${{ github.run_number }}
   MAKEFLAGS: -j3
 jobs:
@@ -24,7 +23,7 @@ jobs:
       run: |
         brew update
         brew install doxygen boost xsd || brew link --overwrite xsd
-        brew unlink xerces-c python@3.10
+        brew unlink xerces-c python@3.10 python@3.11
     - name: Cache
       uses: actions/cache@v3
       id: cache
@@ -52,7 +51,7 @@ jobs:
       run: sudo ln -s $PWD/cache/* /Library/
     - name: Build macOS
       if: matrix.target == 'osx'
-      run: ./build-library.sh all pkcs11sign zipdebug embedlibs pkgbuild
+      run: ./build-library.sh test pkcs11sign zipdebug embedlibs pkgbuild
     - name: Build ${{ matrix.target }}
       if: matrix.target != 'osx'
       run: |
@@ -251,3 +250,48 @@ jobs:
           --form version=master \
           --form description="Github Actions CI build" \
           https://scan.coverity.com/builds?project=$PROJECTNAME
+  codeql:
+    name: Run CodeQL tests
+    if: github.repository == 'open-eid/libdigidocpp'
+    runs-on: ubuntu-20.04
+    permissions:
+      security-events: write
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v3
+      with:
+        submodules: recursive
+    - name: Install dependencies
+      run: sudo apt update -qq && sudo apt install --no-install-recommends -y cmake vim-common xsdcxx libxml-security-c-dev zlib1g-dev curl ca-certificates
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: cpp
+        queries: +security-and-quality
+    - name: Build
+      run: |
+        cmake -B build -S . \
+          -DSWIG_EXECUTABLE=NOTFOUND \
+          -DBoost_INCLUDE_DIR=NOTFOUND \
+          -DDOXYGEN_EXECUTABLE=NOTFOUND \
+          -DBUILD_TOOLS=NO
+        cmake --build build
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2
+      with:
+        upload: False
+        output: sarif-results
+    - name: Filter results
+      uses: advanced-security/filter-sarif@develop
+      with:
+        patterns: |
+          -src/json.hpp
+          -src/minizip/*
+          -build/src/xml/*
+          -**:cpp/poorly-documented-function
+        input: sarif-results/cpp.sarif
+        output: sarif-results/cpp.sarif
+    - name: Upload results
+      uses: github/codeql-action/upload-sarif@v2
+      with:
+        sarif_file: sarif-results/cpp.sarif

README.md

@@ -9,7 +9,6 @@
 ## Building
 [![Build Status](https://github.com/open-eid/libdigidocpp/workflows/CI/badge.svg?branch=master)](https://github.com/open-eid/libdigidocpp/actions)
 [![Coverity Scan Build Status](https://scan.coverity.com/projects/727/badge.svg)](https://scan.coverity.com/projects/727)
-[![LGTM alerts](https://img.shields.io/lgtm/alerts/g/open-eid/libdigidocpp.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/open-eid/libdigidocpp/alerts/)
 
 ### Ubuntu, Fedora
 

build-library.sh

@@ -79,7 +79,6 @@ case "$@" in
     -DCMAKE_C_COMPILER_WORKS=yes \
     -DCMAKE_CXX_COMPILER_WORKS=yes \
     -DCMAKE_OSX_SYSROOT=${SYSROOT} \
-    -DIOS=YES \
     -DFRAMEWORK=off \
     -DUSE_KEYCHAIN=off \
     -DSWIG_EXECUTABLE=NOTFOUND \
@@ -97,17 +96,20 @@ case "$@" in
   export MACOSX_DEPLOYMENT_TARGET
 esac
 
-rm -rf ${TARGET}
-mkdir -p ${TARGET}
-cd ${TARGET}
-cmake \
+cmake --fresh -B ${TARGET} -S . \
     -DCMAKE_BUILD_TYPE="RelWithDebInfo" \
     -DCMAKE_INSTALL_PREFIX=${TARGET_PATH} \
     -DCMAKE_OSX_ARCHITECTURES="${ARCHS// /;}" \
     -DOPENSSL_ROOT_DIR=${TARGET_PATH} \
     -DXercesC_ROOT=${TARGET_PATH} \
-    ${CMAKEARGS} \
-    ..
-make
-sudo make ${@:2}
-cd ..
+    ${CMAKEARGS}
+cmake --build ${TARGET}
+
+while test $# -gt 0; do
+    case "$1" in
+        android*|*ios*|*mac*|*osx*) ;;
+        install*) sudo cmake --build ${TARGET} --target $1 ;;
+        *) cmake --build ${TARGET} --target $1 ;;
+    esac
+    shift
+done

build.ps1

@@ -73,7 +73,7 @@ foreach($platform in @("x86", "x64")) {
       "-DXSD_EXECUTABLE=$xsd/bin/xsd.exe" `
       "-DSIGNCERT=$sign" `
       "-DCROSSSIGNCERT=$crosssign" `
-      $cmakeext -B $buildpath -S $libdigidocpp "&&" $cmake --build $buildpath --target install
+      $cmakeext -B $buildpath -S $libdigidocpp "&&" $cmake --build $buildpath --target check install
   }
 }
 

debian/rules

@@ -4,3 +4,4 @@ include /usr/share/cdbs/1/class/cmake.mk
 DEB_CMAKE_EXTRA_FLAGS = \
 	-DCMAKE_INSTALL_SYSCONFDIR="/etc" \
 	-DCMAKE_INSTALL_LIBDIR="lib/$(DEB_HOST_MULTIARCH)"
+DEB_MAKE_CHECK_TARGET = test

patches/vcpkg-ports/xerces-c/disable-tests.patch

@@ -0,0 +1,21 @@
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 4254f89..aa08565 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -175,10 +175,16 @@ install(
+   COMPONENT "development")
+
+ # Process subdirectories
++if(NOT DISABLE_DOC)
+ add_subdirectory(doc)
++endif()
+ add_subdirectory(src)
++if(NOT DISABLE_TESTS)
+ add_subdirectory(tests)
++endif()
++if(NOT DISABLE_SAMPLES)
+ add_subdirectory(samples)
++endif()
+
+ # Display configuration summary
+ message(STATUS "")

patches/vcpkg-ports/xerces-c/portfile.cmake

@@ -0,0 +1,78 @@
+vcpkg_from_github(
+    OUT_SOURCE_PATH SOURCE_PATH
+    REPO apache/xerces-c
+    REF v3.2.4
+    SHA512 0da61e000e871c045fb6e546cabba244eb6470a7a972c1d1b817ba5ce91c0d1d12dfb3ff1479d8b57ab06c49deefd1c16c36dc2541055e41a1cdb15dbd769fcf
+    HEAD_REF master
+    PATCHES
+        disable-tests.patch
+        remove-dll-export-macro.patch
+)
+
+set(DISABLE_ICU ON)
+if("icu" IN_LIST FEATURES)
+    set(DISABLE_ICU OFF)
+endif()
+if ("xmlch-wchar" IN_LIST FEATURES)
+    set(XMLCHTYPE -Dxmlch-type=wchar_t)
+endif()
+
+vcpkg_configure_cmake(
+    SOURCE_PATH ${SOURCE_PATH}
+    PREFER_NINJA
+    OPTIONS
+        -DDISABLE_TESTS=ON
+        -DDISABLE_DOC=ON
+        -DDISABLE_SAMPLES=ON
+        -DCMAKE_DISABLE_FIND_PACKAGE_ICU=${DISABLE_ICU}
+        -DCMAKE_DISABLE_FIND_PACKAGE_CURL=ON
+        ${XMLCHTYPE}
+)
+
+vcpkg_install_cmake()
+
+vcpkg_copy_pdbs()
+
+if(EXISTS ${CURRENT_PACKAGES_DIR}/cmake)
+    vcpkg_fixup_cmake_targets(CONFIG_PATH cmake TARGET_PATH share/xercesc)
+else()
+    vcpkg_fixup_cmake_targets(CONFIG_PATH lib/cmake/XercesC TARGET_PATH share/xercesc)
+endif()
+
+file(READ ${CURRENT_PACKAGES_DIR}/share/xercesc/XercesCConfigInternal.cmake _contents)
+string(REPLACE
+    "get_filename_component(_IMPORT_PREFIX \"\${_IMPORT_PREFIX}\" PATH)\nget_filename_component(_IMPORT_PREFIX \"\${_IMPORT_PREFIX}\" PATH)\nget_filename_component(_IMPORT_PREFIX \"\${_IMPORT_PREFIX}\" PATH)"
+    "get_filename_component(_IMPORT_PREFIX \"\${_IMPORT_PREFIX}\" PATH)\nget_filename_component(_IMPORT_PREFIX \"\${_IMPORT_PREFIX}\" PATH)"
+    _contents
+    "${_contents}"
+)
+file(WRITE ${CURRENT_PACKAGES_DIR}/share/xercesc/XercesCConfigInternal.cmake "${_contents}")
+
+file(READ ${CURRENT_PACKAGES_DIR}/share/xercesc/XercesCConfig.cmake _contents)
+file(WRITE ${CURRENT_PACKAGES_DIR}/share/xercesc/XercesCConfig.cmake "include(CMakeFindDependencyMacro)\nfind_dependency(Threads)\n${_contents}")
+
+configure_file(
+    ${CMAKE_CURRENT_LIST_DIR}/vcpkg-cmake-wrapper.cmake
+    ${CURRENT_PACKAGES_DIR}/share/xercesc
+    @ONLY
+)
+
+file(REMOVE_RECURSE
+    "${CURRENT_PACKAGES_DIR}/debug/include"
+    "${CURRENT_PACKAGES_DIR}/debug/share"
+)
+
+# Handle copyright
+file(INSTALL ${SOURCE_PATH}/LICENSE DESTINATION ${CURRENT_PACKAGES_DIR}/share/${PORT} RENAME copyright)
+
+vcpkg_fixup_pkgconfig()
+if (VCPKG_TARGET_IS_WINDOWS AND NOT VCPKG_TARGET_IS_MINGW)
+    set(pc_file_release "${CURRENT_PACKAGES_DIR}/lib/pkgconfig/xerces-c.pc")
+    set(pc_file_debug "${CURRENT_PACKAGES_DIR}/debug/lib/pkgconfig/xerces-c.pc")
+    if(EXISTS "${pc_file_release}")
+        vcpkg_replace_string("${pc_file_release}" "-lxerces-c" "-lxerces-c_3")
+    endif()
+    if(EXISTS "${pc_file_debug}")
+        vcpkg_replace_string("${pc_file_debug}" "-lxerces-c" "-lxerces-c_3D")
+    endif()
+endif()

patches/vcpkg-ports/xerces-c/remove-dll-export-macro.patch

@@ -0,0 +1,27 @@
+diff --git a/src/xercesc/util/XercesDefs.hpp b/src/xercesc/util/XercesDefs.hpp
+index 8071260..cd6bd68 100644
+--- a/src/xercesc/util/XercesDefs.hpp
++++ b/src/xercesc/util/XercesDefs.hpp
+@@ -133,7 +133,7 @@ typedef XMLUInt32           UCS4Ch;
+ // The DLL_EXPORT flag should be defined on the command line during the build of a DLL
+ // configure conspires to make this happen.
+
+-#if defined(DLL_EXPORT)
++#if defined(XERCES_DLL_EXPORT)
+   #if defined(XERCES_BUILDING_LIBRARY)
+     #define XMLUTIL_EXPORT XERCES_PLATFORM_EXPORT
+     #define XMLPARSER_EXPORT XERCES_PLATFORM_EXPORT
+diff --git a/src/xercesc/util/Xerces_autoconf_config.hpp.cmake.in b/src/xercesc/util/Xerces_autoconf_config.hpp.cmake.in
+index e849e08..69fe3bf 100644
+--- a/src/xercesc/util/Xerces_autoconf_config.hpp.cmake.in
++++ b/src/xercesc/util/Xerces_autoconf_config.hpp.cmake.in
+@@ -85,9 +85,6 @@
+ #define XERCES_PLATFORM_EXPORT @XERCES_PLATFORM_EXPORT@
+ #define XERCES_PLATFORM_IMPORT @XERCES_PLATFORM_IMPORT@
+ #define XERCES_TEMPLATE_EXTERN @XERCES_TEMPLATE_EXTERN@
+-#ifdef XERCES_DLL_EXPORT
+-#  define DLL_EXPORT
+-#endif
+
+ // ---------------------------------------------------------------------------
+ //  Include standard headers, if available, that we may rely on below.

patches/vcpkg-ports/xerces-c/usage

@@ -0,0 +1,4 @@
+The package xerces-c is compatible with built-in CMake targets:
+
+    find_package(XercesC REQUIRED)
+    target_link_libraries(main PRIVATE XercesC::XercesC)

patches/vcpkg-ports/xerces-c/vcpkg-cmake-wrapper.cmake

@@ -0,0 +1,8 @@
+_find_package(${ARGS})
+
+if (APPLE)
+   if (TARGET XercesC::XercesC)
+      set_property(TARGET XercesC::XercesC APPEND PROPERTY INTERFACE_LINK_LIBRARIES  "-framework CoreServices" "-framework CoreFoundation" curl)  
+      list(APPEND XercesC_LIBRARIES "-framework CoreServices" "-framework CoreFoundation" curl)
+   endif()
+endif()

patches/vcpkg-ports/xerces-c/vcpkg.json

@@ -0,0 +1,18 @@
+{
+  "name": "xerces-c",
+  "version": "3.2.4",
+  "description": "Xerces-C++ is a XML parser, for parsing, generating, manipulating, and validating XML documents using the DOM, SAX, and SAX2 APIs.",
+  "homepage": "https://github.com/apache/xerces-c",
+  "license": "Apache-2.0",
+  "features": {
+    "icu": {
+      "description": "ICU support",
+      "dependencies": [
+        "icu"
+      ]
+    },
+    "xmlch-wchar": {
+      "description": "XMLCh type uses wchar_t"
+    }
+  }
+}