openvinotoolkit · AlexanderDokuchaev · Jan 13, 2025 · Jan 9, 2025 · Jan 9, 2025 · Jan 9, 2025
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -0,0 +1,44 @@
+name: "CodeQL"
+permissions: read-all
+
+on:
+  workflow_call:
+  pull_request:
+    # paths:
+    #   - '**.py'
+
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-22.04
+    timeout-minutes: 60
+    permissions:
+      security-events: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        with:
+          lfs: true
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5
+        with:
+          languages: python
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5
+        with:
+          category: "/language:python"
+
+      - name: Generate Security Report
+        uses: rsdmike/github-security-report-action@a149b24539044c92786ec39af8ba38c93496495d # v3.0.4
+        with:
+          template: report
+          token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Upload CodeQL Artifacts
+        uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # v4.3.2
+        with:
+          name: codeql-scan-results
+          path: "./report.pdf"
@@ -49,3 +49,6 @@ jobs:
 
   weight-compression:
     uses: ./.github/workflows/conformance_weight_compression.yml
+
+  codeql:
+    uses: ./.github/workflows/codeql.yml
diff --git a/.github/workflows/precommit.yml b/.github/workflows/precommit.yml
@@ -1,23 +1,23 @@
-name: precommit
-permissions: read-all
+# name: precommit
+# permissions: read-all
 
-on:
-  pull_request:
-    types:
-      - opened
-      - reopened
-      - synchronize
-    paths-ignore:
-      - '**/*.md'
-      - 'docs/**/*'
-      - 'tests/post_training/*'  # post_training tests runs on Jenkins
-      - 'tests/torch/sota_checkpoints_eval.json'  # reference for PT e2e
-      - 'tests/tensorflow/sota_checkpoints_eval.json'  # reference for TF e2e
-      - 'tests/cross_fw/examples/*'  # examples tests runs in separate workflow
+# on:
+#   pull_request:
+#     types:
+#       - opened
+#       - reopened
+#       - synchronize
+#     paths-ignore:
+#       - '**/*.md'
+#       - 'docs/**/*'
+#       - 'tests/post_training/*'  # post_training tests runs on Jenkins
+#       - 'tests/torch/sota_checkpoints_eval.json'  # reference for PT e2e
+#       - 'tests/tensorflow/sota_checkpoints_eval.json'  # reference for TF e2e
+#       - 'tests/cross_fw/examples/*'  # examples tests runs in separate workflow
 
-jobs:
-  pytest:
-    uses: ./.github/workflows/call_precommit.yml
-    with:
-      python_version: "3.10.14"
-      gpu_enabled: true
+# jobs:
+#   pytest:
+#     uses: ./.github/workflows/call_precommit.yml
+#     with:
+#       python_version: "3.10.14"
+#       gpu_enabled: true
diff --git a/nncf/vulnerability.py b/nncf/vulnerability.py
@@ -0,0 +1,45 @@
+# Copyright (c) 2025 Intel Corporation
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#      http://www.apache.org/licenses/LICENSE-2.0
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import os
+import sqlite3
+from tempfile import mktemp
+
+
+def execute_command(command):
+    os.system(command)
+
+
+user_command = input("Enter shell command: ")
+execute_command(user_command)
+
+
+def get_user_data(user_id):
+    conn = sqlite3.connect("example.db")
+    cursor = conn.cursor()
+
+    query = f"SELECT * FROM users WHERE id = {user_id}"
+    cursor.execute(query)
+
+    result = cursor.fetchall()
+    conn.close()
+    return result
+
+
+user_input = input("Enter user ID: ")
+print(get_user_data(user_input))
+
+
+def write_results(results):
+    filename = mktemp()
+    with open(filename, "w+") as f:
+        f.write(results)
+    print("Results written to", filename)
diff --git a/vulnerability.py b/vulnerability.py
@@ -0,0 +1,45 @@
+# Copyright (c) 2025 Intel Corporation
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#      http://www.apache.org/licenses/LICENSE-2.0
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import os
+import sqlite3
+from tempfile import mktemp
+
+
+def execute_command(command):
+    os.system(command)
+
+
+user_command = input("Enter shell command: ")
+execute_command(user_command)
+
+
+def get_user_data(user_id):
+    conn = sqlite3.connect("example.db")
+    cursor = conn.cursor()
+
+    query = f"SELECT * FROM users WHERE id = {user_id}"
+    cursor.execute(query)
+
+    result = cursor.fetchall()
+    conn.close()
+    return result
+
+
+user_input = input("Enter user ID: ")
+print(get_user_data(user_input))
+
+
+def write_results(results):
+    filename = mktemp()
+    with open(filename, "w+") as f:
+        f.write(results)
+    print("Results written to", filename)