Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[StepSecurity] Add CodeQL Workflow (SAST Tool) #1946

Closed
wants to merge 1 commit into from
Closed

[StepSecurity] Add CodeQL Workflow (SAST Tool) #1946

wants to merge 1 commit into from

Conversation

step-security-bot
Copy link
Contributor

Summary

This pull request is created by StepSecurity at the request of @larseggert. Please merge the Pull Request to incorporate the requested changes. Please tag @larseggert on your message if you have any questions related to the PR.

Security Fixes

Detect Vulnerabilities with SAST Workflow

Static Code Analysis (also known as Source Code Analysis) is usually performed as part of a Code Review (also known as clear-box testing) and is carried out at the Implementation phase of a Security Development Lifecycle (SDL). Static Code Analysis commonly refers to the running of Static Code Analysis tools that attempt to highlight possible vulnerabilities within ‘static’ (non-running) source code by using techniques such as Taint Analysis and Data Flow Analysis.

Feedback

For bug reports, feature requests, and general feedback; please email [email protected]. To create such PRs, please visit https://app.stepsecurity.io/securerepo.

Signed-off-by: StepSecurity Bot [email protected]

@larseggert larseggert changed the title [StepSecurity] Apply security best practices [StepSecurity] Add CodeQL Workflow (SAST Tool) Jul 2, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 2, 2024

Failed Interop Tests

QUIC Interop Runner, client vs. server

All results

Succeeded Interop Tests

QUIC Interop Runner, client vs. server

Unsupported Interop Tests

QUIC Interop Runner, client vs. server

@codecov Codecov
Copy link

codecov bot commented Jul 2, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 94.81%. Comparing base (ea54273) to head (74ff8c3).

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #1946   +/-   ##
=======================================
  Coverage   94.81%   94.81%           
=======================================
  Files         110      110           
  Lines       35773    35773           
=======================================
  Hits        33918    33918           
  Misses       1855     1855

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 2, 2024

Benchmark results

Performance differences relative to ea54273.

coalesce_acked_from_zero 1+1 entries: 💔 Performance has regressed.
       time:   [195.82 ns 196.24 ns 196.68 ns]
       change: [+2.1602% +2.5511% +2.9349%] (p = 0.00 < 0.05)
Found 16 outliers among 100 measurements (16.00%)
  1 (1.00%) low mild
  9 (9.00%) high mild
  6 (6.00%) high severe
coalesce_acked_from_zero 3+1 entries: 💔 Performance has regressed.
       time:   [237.94 ns 238.62 ns 239.31 ns]
       change: [+2.0238% +2.5487% +3.2107%] (p = 0.00 < 0.05)
Found 20 outliers among 100 measurements (20.00%)
  20 (20.00%) high severe
coalesce_acked_from_zero 10+1 entries: 💔 Performance has regressed.
       time:   [237.41 ns 238.15 ns 239.05 ns]
       change: [+1.1573% +1.6667% +2.1180%] (p = 0.00 < 0.05)
Found 7 outliers among 100 measurements (7.00%)
  2 (2.00%) low mild
  5 (5.00%) high severe
coalesce_acked_from_zero 1000+1 entries: Change within noise threshold.
       time:   [217.80 ns 218.01 ns 218.25 ns]
       change: [+0.1729% +0.9810% +1.6981%] (p = 0.00 < 0.05)
Found 6 outliers among 100 measurements (6.00%)
  3 (3.00%) high mild
  3 (3.00%) high severe
RxStreamOrderer::inbound_frame(): Change within noise threshold.
       time:   [118.44 ms 118.54 ms 118.64 ms]
       change: [+0.2819% +0.3975% +0.5189%] (p = 0.00 < 0.05)
Found 4 outliers among 100 measurements (4.00%)
  4 (4.00%) high mild
transfer/Run multiple transfers with varying seeds: Change within noise threshold.
       time:   [122.05 ms 122.30 ms 122.56 ms]
       thrpt:  [32.636 MiB/s 32.705 MiB/s 32.774 MiB/s]
change:
       time:   [+1.7322% +2.0333% +2.3445%] (p = 0.00 < 0.05)
       thrpt:  [-2.2908% -1.9928% -1.7027%]

transfer/Run multiple transfers with the same seed

time:   [122.03 ms 122.19 ms 122.36 ms]

thrpt:  [32.692 MiB/s 32.735 MiB/s 32.778 MiB/s]

change:

time:   [+1.4884% +1.6982% +1.9032%] (p = 0.00 < 0.05)

thrpt:  [-1.8676% -1.6698% -1.4666%]

Change within noise threshold.

Found 1 outliers among 100 measurements (1.00%)

1 (1.00%) low mild

1-conn/1-100mb-resp (aka. Download)/client: No change in performance detected.
       time:   [1.0721 s 1.0921 s 1.1172 s]
       thrpt:  [89.509 MiB/s 91.569 MiB/s 93.271 MiB/s]
change:
       time:   [-2.7800% +0.3488% +3.4126%] (p = 0.84 > 0.05)
       thrpt:  [-3.3000% -0.3476% +2.8595%]
Found 2 outliers among 10 measurements (20.00%)
  2 (20.00%) high severe
1-conn/10_000-parallel-1b-resp (aka. RPS)/client: No change in performance detected.
       time:   [387.90 ms 391.18 ms 394.46 ms]
       thrpt:  [25.351 Kelem/s 25.564 Kelem/s 25.780 Kelem/s]
change:
       time:   [-1.5096% -0.3658% +0.7945%] (p = 0.52 > 0.05)
       thrpt:  [-0.7882% +0.3672% +1.5327%]

1-conn/1-1b-resp (aka. HPS)/client

time:   [41.837 ms 41.964 ms 42.110 ms]

thrpt:  [23.748  elem/s 23.830  elem/s 23.902  elem/s]

change:

time:   [-1.6862% -1.1773% -0.6958%] (p = 0.00 < 0.05)

thrpt:  [+0.7006% +1.1914% +1.7152%]

Change within noise threshold.

Found 31 outliers among 100 measurements (31.00%)

15 (15.00%) low severe

3 (3.00%) low mild

1 (1.00%) high mild

12 (12.00%) high severe

Client/server transfer results

Transfer of 33554432 bytes over loopback.

Client Server CC Pacing Mean [ms] Min [ms] Max [ms] Relative
msquic msquic 127.6 ± 21.3 103.4 193.6 1.00
neqo msquic reno on 265.5 ± 9.2 248.4 280.8 1.00
neqo msquic reno 267.9 ± 11.4 249.0 284.8 1.00
neqo msquic cubic on 268.6 ± 13.2 253.9 293.4 1.00
neqo msquic cubic 262.9 ± 11.2 248.6 291.2 1.00
msquic neqo reno on 925.3 ± 14.6 898.0 945.3 1.00
msquic neqo reno 913.6 ± 13.9 896.4 939.5 1.00
msquic neqo cubic on 882.7 ± 11.5 869.3 901.1 1.00
msquic neqo cubic 883.2 ± 15.7 868.7 908.9 1.00
neqo neqo reno on 920.3 ± 15.1 908.0 950.4 1.00
neqo neqo reno 917.6 ± 7.7 907.0 932.4 1.00
neqo neqo cubic on 868.3 ± 11.9 853.1 889.5 1.00
neqo neqo cubic 897.7 ± 30.8 874.5 979.0 1.00

⬇️ Download logs

@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 2, 2024

Firefox builds for this PR

The following builds are available for testing. Crossed-out builds did not succeed.

@larseggert
Copy link
Collaborator

CodeQL doesn't do Rust yet, so limited benefit.

@larseggert larseggert closed this Jul 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@KershawChang KershawChang Awaiting requested review from KershawChang KershawChang is a code owner

@martinthomson martinthomson Awaiting requested review from martinthomson martinthomson is a code owner

@larseggert larseggert Awaiting requested review from larseggert larseggert is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@step-security-bot @larseggert