From 0288e6a2e84a6eddb528aa1b3a4f51fadb8aa572 Mon Sep 17 00:00:00 2001
From: Suraj Jacob <28795567+jacobmsft@users.noreply.github.com>
Date: Tue, 14 Mar 2023 14:45:07 -0700
Subject: [PATCH 1/2] change sarif format to 2.1.0

---
 scripts/unix/analyze_security.sh     | 2 +-
 scripts/unix/run_ql_suite.sh         | 2 +-
 scripts/windows/analyze_security.bat | 2 +-
 scripts/windows/run_ql_suite.bat     | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/scripts/unix/analyze_security.sh b/scripts/unix/analyze_security.sh
index fd327c2..8db0d26 100755
--- a/scripts/unix/analyze_security.sh
+++ b/scripts/unix/analyze_security.sh
@@ -58,7 +58,7 @@ else
 fi
 
 print_yellow "\nRunning the Quality and Security rules on the project"
-docker run --rm --name codeql-container -v ${inputfile}:/opt/src -v ${outputfile}:/opt/results -e CODEQL_CLI_ARGS=database\ analyze\ /opt/results/source_db\ --format=sarifv2\ --output=/opt/results/issues.sarif\ ${language}-security-and-quality.qls mcr.microsoft.com/cstsectools/codeql-container 
+docker run --rm --name codeql-container -v ${inputfile}:/opt/src -v ${outputfile}:/opt/results -e CODEQL_CLI_ARGS=database\ analyze\ /opt/results/source_db\ --format=sarifv2.1.0\ --output=/opt/results/issues.sarif\ ${language}-security-and-quality.qls mcr.microsoft.com/cstsectools/codeql-container 
 if [ $? -eq 0 ]
 then
     print_green "\nQuery execution successful" 
diff --git a/scripts/unix/run_ql_suite.sh b/scripts/unix/run_ql_suite.sh
index eebe17e..6de1c33 100755
--- a/scripts/unix/run_ql_suite.sh
+++ b/scripts/unix/run_ql_suite.sh
@@ -60,7 +60,7 @@ else
 fi
 
 print_yellow "\nRunning the ${qlpack} ql pack rules on the project"
-docker run --rm --name codeql-container -v ${inputfile}:/opt/src -v ${outputfile}:/opt/results -e CODEQL_CLI_ARGS=database\ analyze\ /opt/results/source_db\ --format=sarifv2\ --output=/opt/results/issues.sarif\ ${language}-${qlpack}.qls mcr.microsoft.com/cstsectools/codeql-container 
+docker run --rm --name codeql-container -v ${inputfile}:/opt/src -v ${outputfile}:/opt/results -e CODEQL_CLI_ARGS=database\ analyze\ /opt/results/source_db\ --format=sarifv2.1.0\ --output=/opt/results/issues.sarif\ ${language}-${qlpack}.qls mcr.microsoft.com/cstsectools/codeql-container 
 if [ $? -eq 0 ]
 then
     print_green "\nQuery execution successful" 
diff --git a/scripts/windows/analyze_security.bat b/scripts/windows/analyze_security.bat
index ecc47b2..0977d95 100644
--- a/scripts/windows/analyze_security.bat
+++ b/scripts/windows/analyze_security.bat
@@ -38,7 +38,7 @@ if %errorlevel% GTR 0 (
 )
 
 call :print_yellow "Running the Quality and Security rules on the project"
-start /W /B docker run --rm --name codeql-container -v "%inputfile%:/opt/src" -v "%outputfile%:/opt/results" -e CODEQL_CLI_ARGS="database analyze /opt/results/source_db --format=sarifv2 --output=/opt/results/issues.sarif %language%-security-and-quality.qls" mcr.microsoft.com/cstsectools/codeql-container
+start /W /B docker run --rm --name codeql-container -v "%inputfile%:/opt/src" -v "%outputfile%:/opt/results" -e CODEQL_CLI_ARGS="database analyze /opt/results/source_db --format=sarifv2.1.0 --output=/opt/results/issues.sarif %language%-security-and-quality.qls" mcr.microsoft.com/cstsectools/codeql-container
 if %errorlevel% GTR 0 (
     call :print_red "Failed to run the query on the database"    
     exit /b %errorlevel%
diff --git a/scripts/windows/run_ql_suite.bat b/scripts/windows/run_ql_suite.bat
index bd93ee3..1e59bd8 100644
--- a/scripts/windows/run_ql_suite.bat
+++ b/scripts/windows/run_ql_suite.bat
@@ -39,7 +39,7 @@ if %errorlevel% GTR 0 (
 )
 
 call :print_yellow "Running the %qlpack% ql pack rules on the project"
-start /W /B docker run --rm --name codeql-container -v "%inputfile%:/opt/src" -v "%outputfile%:/opt/results" -e CODEQL_CLI_ARGS="database analyze /opt/results/source_db --format=sarifv2 --output=/opt/results/issues.sarif %language%-%qlpack%.qls" mcr.microsoft.com/cstsectools/codeql-container
+start /W /B docker run --rm --name codeql-container -v "%inputfile%:/opt/src" -v "%outputfile%:/opt/results" -e CODEQL_CLI_ARGS="database analyze /opt/results/source_db --format=sarifv2.1.0 --output=/opt/results/issues.sarif %language%-%qlpack%.qls" mcr.microsoft.com/cstsectools/codeql-container
 if %errorlevel% GTR 0 (
     call :print_red "Failed to run the query on the database"    
     exit /b %errorlevel%

From 89d7b072c39ac223d90d5577dfbdc9e15ebf2a1c Mon Sep 17 00:00:00 2001
From: Suraj Jacob <28795567+jacobmsft@users.noreply.github.com>
Date: Tue, 14 Mar 2023 14:53:56 -0700
Subject: [PATCH 2/2] fix doc

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 054f311..a498b02 100644
--- a/README.md
+++ b/README.md
@@ -25,7 +25,7 @@ The results will be stored in /tmp/django/results/issues.sarif.
 
 Analyze the Javascript project express located in /tmp/express/src by running the extended security QL pack on it:
 ```
-scripts/unix/run_qlpack.sh /tmp/express/src /tmp/express/results javascript security-extended
+scripts/unix/run_ql_suite.sh /tmp/express/src /tmp/express/results javascript security-extended
 ```
 
 The results will be stored in /tmp/express/results/issues.sarif