Create codeql-analysis.yml (#145)

* Create codeql-analysis.yml, fix all build issues
* Only builds a subset yet

Author: mregen

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,70 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ master ]
+  schedule:
+    - cron: '30 6 * * 1'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: windows-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'csharp' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
+        # Learn more:
+        # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+      
+    - name: Setup .NET
+      uses: actions/setup-dotnet@v1
+      with:
+        dotnet-version: '5.x' # SDK Version to use;
+
+    # Add  MSBuild to the PATH: https://github.com/microsoft/setup-msbuild
+    - name: Setup MSBuild.exe
+      uses: microsoft/[email protected]
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+        # queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+    - name: Restore Packages
+      run: |
+        nuget restore "UA Quickstart Applications.sln"
+        nuget restore "UA Sample Applications.sln"
+
+    - name: Build Solution
+      run: |
+        msbuild.exe "UA Quickstart Applications.sln" /p:configuration="Release" /p:UseSharedCompilation=false
+        msbuild.exe "UA Sample Applications.sln" /p:configuration="Release" /p:UseSharedCompilation=false
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1

ComIOP/Common/Proxy/OpcProxyUtils.cs

@@ -27,18 +27,15 @@
  * http://opcfoundation.org/License/MIT/1.00/
  * ======================================================================*/
 
-using System;
 using System.Collections.Generic;
-using Opc.Ua;
 using System.Security.Cryptography.X509Certificates;
-using System.Threading.Tasks;
 
 namespace Opc.Ua.Com
 {
     /// <summary>
     /// A helper class for COpcProxyUtils.cpp
     /// </summary>
-    public class ProxyUtils
+    public static class ProxyUtils
     {
         /// <summary>
         /// Synchronous helper implementation of CheckApplicationInstanceCertificate for C++ Proxy
@@ -74,44 +71,32 @@ public static void CheckApplicationInstanceCertificate(ApplicationConfiguration
 
             // create a new certificate with a new public key pair.
             certificate = CertificateFactory.CreateCertificate(
-                id.StoreType,
-                id.StorePath,
-                null,
-                configuration.ApplicationUri,
-                configuration.ApplicationName,
-                subjectName,
-                hostNames,
-                2048,
-                DateTime.UtcNow - TimeSpan.FromHours(1),
-                120,
-                256,
-                false,
-                null,
-                null);
+                    configuration.ApplicationUri,
+                    configuration.ApplicationName,
+                    subjectName,
+                    hostNames)
+                .CreateForRSA()
+                .AddToStore(
+                    id.StoreType,
+                    id.StorePath);
 
-            // update and save the configuration file.
             id.Certificate = certificate;
+
+            // update and save the configuration file.
             configuration.SaveToFile(configuration.SourceFilePath);
 
             // add certificate to the trusted peer store so other applications will trust it.
-            ICertificateStore store = configuration.SecurityConfiguration.TrustedPeerCertificates.OpenStore();
-
-            try
+            using (ICertificateStore store = configuration.SecurityConfiguration.TrustedPeerCertificates.OpenStore())
             {
-                    X509Certificate2Collection certificateCollection = store.FindByThumbprint(certificate.Thumbprint).Result;
-                    if (certificateCollection != null)
-                    {
-                        store.Add(certificateCollection[0]).Wait();
-                    }
-            }
-            finally
-            {
-                store.Close();
+                X509Certificate2Collection certificateCollection = store.FindByThumbprint(certificate.Thumbprint).Result;
+                if (certificateCollection != null)
+                {
+                    store.Add(certificateCollection[0]).Wait();
+                }
             }
 
             // tell the certificate validator about the new certificate.
             configuration.CertificateValidator.Update(configuration.SecurityConfiguration).Wait();
-
         }
 
         /// <summary>
@@ -123,6 +108,5 @@ public static ApplicationConfiguration ApplicationConfigurationLoad(string secti
             config = ApplicationConfiguration.Load(sectionName, applicationType).Result;
             return config;
         }
-
     }
-}
+}

ComIOP/Common/UA COM Interop Library.csproj

@@ -64,7 +64,7 @@
   <ItemGroup>
     <Reference Include="System" />
     <Reference Include="System.ComponentModel.DataAnnotations" />
-    <Reference Include="System.configuration" />
+    <Reference Include="System.Configuration" />
     <Reference Include="System.Core">
       <RequiredTargetFramework>3.5</RequiredTargetFramework>
     </Reference>

ComIOP/Wrapper/Common/OPC Sample Utility Classes.vcxproj

@@ -16,7 +16,7 @@
     <RootNamespace>OPC Sample Utility Classes</RootNamespace>
     <WindowsTargetPlatformVersion>10.0.15063.0</WindowsTargetPlatformVersion>
   </PropertyGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" Condition="exists('$(VCTargetsPath)\Microsoft.Cpp.Default.props')" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
     <PlatformToolset>v141</PlatformToolset>
@@ -29,16 +29,14 @@
     <UseOfMfc>false</UseOfMfc>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" Condition="exists('$(VCTargetsPath)\Microsoft.Cpp.props')" />
   <ImportGroup Label="ExtensionSettings">
   </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-    <Import Project="$(VCTargetsPath)Microsoft.CPP.UpgradeFromVC71.props" />
   </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-    <Import Project="$(VCTargetsPath)Microsoft.CPP.UpgradeFromVC71.props" />
   </ImportGroup>
   <PropertyGroup Label="UserMacros" />
   <PropertyGroup>
@@ -47,10 +45,12 @@
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <OutDir>..\..\bin\Release\</OutDir>
     <IntDir>$(OutDir)intermediate\$(ProjectName)\</IntDir>
+    <TargetName>OpcComServer</TargetName>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <OutDir>..\..\bin\Debug\</OutDir>
     <IntDir>$(OutDir)intermediate\$(ProjectName)\</IntDir>
+    <TargetName>OpcComServer</TargetName>
   </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <CustomBuildStep>
@@ -322,7 +322,7 @@
     <ClInclude Include="resource.h" />
     <ClInclude Include="StdAfx.h" />
   </ItemGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" Condition="exists('$(VCTargetsPath)\Microsoft.Cpp.targets')" />
   <ImportGroup Label="ExtensionTargets">
   </ImportGroup>
 </Project>

LICENSE.TXT

@@ -22,3 +22,4 @@ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 
 SOFTWARE.
+

SECURITY.md

@@ -0,0 +1,16 @@
+# Security Policy
+
+## Supported Versions
+
+Only the latest version will receive security updates.
+
+## Reporting a Vulnerability
+
+The OPC Foundation publishes security bulletins that affect software that it maintains or distributes. In many cases these bulletins will affect code that OPC vendors incorporate into their products. As a result, vendors will have to patch their products to address the vulnerabilities identified.
+
+All the bulletins that have been published are available [here](https://opcfoundation.org/security-bulletins/).
+
+Any vulnerabilities or security concerns should be reported to ‘securityteam AT opcfoundation DOT org’.
+A PGP key to encrypt any sensitive security report can be found [here](https://opcfoundation.org/SecurityBulletins/securityteam_public_key.txt).
+
+Complete information can be found [here](https://opcfoundation.org/security/).

Samples/Client.Net4/UA Sample Client.csproj

@@ -51,7 +51,7 @@
   </PropertyGroup>
   <ItemGroup>
     <Reference Include="System" />
-    <Reference Include="System.configuration" />
+    <Reference Include="System.Configuration" />
     <Reference Include="System.Configuration.Install" />
     <Reference Include="System.Core">
       <RequiredTargetFramework>3.5</RequiredTargetFramework>

Samples/GDS/Client/app.config renamed to Samples/GDS/Client/App.config

@@ -47,7 +47,9 @@
     </ConfigurationLocation>
   </Opc.Ua.ClientConfiguration>
 
-<startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6.2"/></startup>
+  <startup>
+    <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6.2"/>
+  </startup>
   <runtime>
   </runtime>
 </configuration>

Samples/GDS/Client/GlobalDiscoveryClient.csproj

@@ -46,8 +46,6 @@
     <ApplicationManifest>app.manifest</ApplicationManifest>
   </PropertyGroup>
   <ItemGroup>
-    <Reference Include="PresentationCore" />
-    <Reference Include="PresentationFramework" />
     <Reference Include="System" />
     <Reference Include="System.Configuration" />
     <Reference Include="System.IdentityModel" />
@@ -57,7 +55,6 @@
     <Reference Include="System.Windows.Forms" />
     <Reference Include="System.Xml" />
     <Reference Include="System.Xml.Serialization" />
-    <Reference Include="WindowsBase" />
   </ItemGroup>
   <ItemGroup>
     <Compile Include="Controls\ApplicationCertificateControl.cs">
@@ -75,7 +72,7 @@
     <Compile Include="Controls\RegisterApplicationControl.cs">
       <SubType>UserControl</SubType>
     </Compile>
-    <Compile Include="Controls\RegisterApplicationControl.designer.cs">
+    <Compile Include="Controls\RegisterApplicationControl.Designer.cs">
       <DependentUpon>RegisterApplicationControl.cs</DependentUpon>
     </Compile>
     <Compile Include="MainForm.cs">
@@ -109,7 +106,9 @@
       <DependentUpon>Resources.resx</DependentUpon>
       <DesignTime>True</DesignTime>
     </Compile>
-    <None Include="App.config" />
+    <None Include="App.config">
+      <SubType>Designer</SubType>
+    </None>
     <None Include="app.manifest">
       <SubType>Designer</SubType>
     </None>

Samples/GDS/Client/Properties/Resources.resx

@@ -119,7 +119,7 @@
   </resheader>
   <assembly alias="System.Windows.Forms" name="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
   <data name="environment_view" type="System.Resources.ResXFileRef, System.Windows.Forms">
-    <value>..\images\environment_view.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
+    <value>..\Images\environment_view.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
   </data>
   <data name="error" type="System.Resources.ResXFileRef, System.Windows.Forms">
     <value>..\Images\error.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>