Update README.md, fix CI for new changes (#58)

Adds Quickstart to README.md, fixes the CI: 1) Adds automatic acceptance of new Conda ToS 2) Reconfigures cached file locations based on output structure.

Author: IcebladeLabs

.github/cached_output/perwendel__spark_CVE-2018-9159_2.7.1/test/cwe-022/llm_labelled_sink_apis.json renamed to .github/cached_output/perwendel__spark_CVE-2018-9159_2.7.1/test/llm_labelled_sink_apis.json

@@ -374,4 +374,4 @@
     ],
     "type": "sink"
   }
-]
+]

.github/cached_output/perwendel__spark_CVE-2018-9159_2.7.1/test/cwe-022/llm_labelled_source_apis.json renamed to .github/cached_output/perwendel__spark_CVE-2018-9159_2.7.1/test/llm_labelled_source_apis.json

@@ -231,4 +231,4 @@
     "sink_args": [],
     "type": "source"
   }
-]
+]

.github/cached_output/perwendel__spark_CVE-2018-9159_2.7.1/test/common/llm_labelled_source_func_params.json renamed to .github/cached_output/perwendel__spark_CVE-2018-9159_2.7.1/test/llm_labelled_source_func_params.json

@@ -183,4 +183,4 @@
       "path"
     ]
   }
-]
+]

.github/cached_output/perwendel__spark_CVE-2018-9159_2.7.1/test/cwe-022/llm_labelled_taint_prop_apis.json renamed to .github/cached_output/perwendel__spark_CVE-2018-9159_2.7.1/test/llm_labelled_taint_prop_apis.json

@@ -225,4 +225,4 @@
     ],
     "type": "taint-propagator"
   }
-]
+]

.github/workflows/CI_pipeline.yml

@@ -63,7 +63,7 @@ jobs:
           activate-environment: iris
           auto-update-conda: true
 
-      - name: Set up Java ${{ matrix.java_version }}
+      - name: Set up Java version ${{ matrix.java_version }}
         uses: actions/setup-java@v4
         with:
           distribution: 'temurin'
@@ -165,11 +165,8 @@ jobs:
 
       - name: Relocate cached output for ${{ matrix.project_slug }}
         run: |          
-          mkdir output/${{ matrix.project_slug }}/test/analysis/${{ matrix.cwe }}
-          mv .github/cached_output/${{ matrix.project_slug }}/test/common/llm_labelled_source_func_params.json output/${{ matrix.project_slug }}/test/analysis/${{ matrix.cwe }}
-          mv .github/cached_output/${{ matrix.project_slug }}/test/cwe-022/llm_labelled_sink_apis.json output/${{ matrix.project_slug }}/test/analysis/${{ matrix.cwe }}
-          mv .github/cached_output/${{ matrix.project_slug }}/test/cwe-022/llm_labelled_source_apis.json output/${{ matrix.project_slug }}/test/analysis/${{ matrix.cwe }}
-          mv .github/cached_output/${{ matrix.project_slug }}/test/cwe-022/llm_labelled_taint_prop_apis.json output/${{ matrix.project_slug }}/test/analysis/${{ matrix.cwe }}
+          mkdir -p output/${{ matrix.project_slug }}/test/analysis/${{ matrix.cwe }}
+          mv .github/cached_output/perwendel__spark_CVE-2018-9159_2.7.1/test/* output/${{ matrix.project_slug }}/test/analysis/${{ matrix.cwe }}/
 
       - name: Build project ${{ matrix.project_slug }}
         run: |

README.md

@@ -90,8 +90,6 @@ Lastly, add the path of this executable to your `PATH` environment variable:
 export PATH="$PWD/codeql:$PATH"
 ```
 
-**Note:** Also adjust the environment variable `CODEQL_QUERY_VERSION` in `src/config.py` according to the instructions therein. For instance, for CodeQL v2.15.0, this should be `0.8.0`.
-
 ### Visualizer
 
 IRIS comes with a visualizer to view the SARIF output files. More detailed instructions can be found in the [docs](https://iris-sast.github.io/iris/features/visualizer.html).
@@ -106,6 +104,24 @@ IRIS comes with a visualizer to view the SARIF output files. More detailed instr
 4. **Select a project**: Choose a project from the dropdown to load its analysis results
 5. **Filter and explore**: Use the CWE and model filters to explore specific vulnerabilities
 
+## ⚡ Quickstart
+
+Make sure you have followed all of the environment setup instructions before proceeding!
+
+To quickly try IRIS on the example project `perwendel__spark_CVE-2018-9159_2.7.1`, run the following commands:
+
+```sh
+# Build the project
+python scripts/fetch_and_build.py --filter perwendel__spark_CVE-2018-9159_2.7.1
+
+# Generate the CodeQL database
+python scripts/build_codeql_dbs.py --project perwendel__spark_CVE-2018-9159_2.7.1
+
+# Run IRIS analysis
+python src/iris.py --query cwe-022wLLM --run-id test --llm qwen2.5-coder-7b perwendel__spark_CVE-2018-9159_2.7.1
+```
+
+This will build the project, generate the CodeQL database, and analyze it for CWE-022 vulnerabilities using the specified LLM (qwen2.5-coder-7b). The output of these three steps will be stored under `data/build-info/`, `data/codeql-dbs/`, and `output/` respectively.
 
 ## 💫 Contributions
 We welcome any contributions, pull requests, or issues!

docs/environment-setup/native.md

@@ -56,5 +56,3 @@ Lastly, add the path of this executable to your `PATH` environment variable:
 ```sh
 export PATH="$PWD/codeql:$PATH"
 ```
-
-**Note:** Also adjust the environment variable `CODEQL_QUERY_VERSION` in `src/config.py` according to the instructions therein. For instance, for CodeQL v2.15.0, this should be `0.8.0`.

src/codeql_vul.py

@@ -116,7 +116,7 @@ def run_codeql_query(self):
         sp.run(cmd + ["--format=csv"])
 
     def run_simple_codeql_query(self, query, target_csv_path=None, suffix=None, dyn_queries={}):
-        runner = CodeQLQueryRunner(self.project_name, self.project_output_path, self.project_codeql_db_path, self.master_logger)
+        runner = CodeQLQueryRunner(self.project_output_path, self.project_codeql_db_path, self.master_logger)
         runner.run(query, target_csv_path, suffix, dyn_queries)
 
     def extract_class_locations(self):

src/iris.py

@@ -11,19 +11,17 @@
 import math
 import random
 
-from src.config import CODEQL_DIR, CODEQL_QUERY_VERSION
+from src.config import CODEQL_DIR
 from src.queries import QUERIES
 
 CODEQL = f"{CODEQL_DIR}/codeql"
-CODEQL_CUSTOM_QUERY_DIR = f"{CODEQL_DIR}/qlpacks/codeql/java-queries/{CODEQL_QUERY_VERSION}/myqueries"
 
 ENTRY_SCRIPT_DIR = os.path.abspath(os.path.dirname(os.path.realpath(__file__)) + "/../")
 
 class CodeQLQueryRunner:
-    def __init__(self, project_name, project_output_path, project_codeql_db_path, project_logger):
-        self.project_name = project_name
-        self.project_codeql_db_path = project_codeql_db_path
+    def __init__(self, project_output_path, project_codeql_db_path, project_logger):
         self.project_output_path = project_output_path
+        self.project_codeql_db_path = project_codeql_db_path
         self.project_logger = project_logger
 
     def run(self, query, target_csv_path=None, suffix=None, dyn_queries={}):
@@ -40,7 +38,7 @@ def run(self, query, target_csv_path=None, suffix=None, dyn_queries={}):
 
         # 1. Create the directory in CodeQL's queries path
         suffix_dir = "" if suffix is None else f"/{suffix}"
-        codeql_query_dir = f"{CODEQL_CUSTOM_QUERY_DIR}/{self.project_name}/{query}{suffix_dir}"
+        codeql_query_dir = f"{self.project_output_path}/myqueries/{query}{suffix_dir}"
         os.makedirs(codeql_query_dir, exist_ok=True)
 
         # 2. Copy the basic queries and supporting queries to the codeql directory