From ae686056a0b33781264e40e42a41d62bf575f709 Mon Sep 17 00:00:00 2001
From: Lemongrass3110 <lemongrass@kstp.at>
Date: Fri, 16 Dec 2022 22:34:59 +0100
Subject: [PATCH] Added CodeQL analysis (#7208)

Adds CodeQL analysis because LGTM was disabled and removed.
---
 .github/workflows/analysis_codeql.yml | 91 +++++++++++++++++++++++++++
 src/common/ers.cpp                    |  4 +-
 src/map/battle.cpp                    |  2 +-
 src/map/script.cpp                    | 32 +++++-----
 4 files changed, 109 insertions(+), 20 deletions(-)
 create mode 100644 .github/workflows/analysis_codeql.yml

diff --git a/.github/workflows/analysis_codeql.yml b/.github/workflows/analysis_codeql.yml
new file mode 100644
index 0000000000..c5a9ae7f19
--- /dev/null
+++ b/.github/workflows/analysis_codeql.yml
@@ -0,0 +1,91 @@
+name: Analyse servers with CodeQL
+# analysis_codeql.yml
+
+concurrency:
+  group: ${{ github.repository }}-${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    paths:
+      # Always trigger all Github Actions if an action or something CI related was changed
+      - '.github/workflows/**'
+      - 'tools/ci/**'
+      # This workflow should run when a file in a source directory has been modified.
+      - 'src/**'
+      - '3rdparty/**'
+
+jobs:
+  analyze:
+    # Github Actions checks for '[ci skip]', '[skip ci]', '[no ci]', '[skip actions]', or '[actions skip]' but not a hyphenated version.
+    # It's a catch-all incase a Pull Request has been opened and someone is on auto-pilot.
+    if: "!contains(github.event.head_commit.message, 'ci-skip')"
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+          # The ubuntu-latest label currently points to ubuntu-20.04.
+          # Available: ubuntu-22.04, ubuntu-20.04
+          os: [ubuntu-latest]
+          # Older versions of GCC are not available via unaltered aptitude repo lists.
+          gcc: ['10']
+          # We run build checks for both Renewal and PRE-Renewal
+          mode: ['PRE','RE']
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+           # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+           # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+           languages: cpp
+           # Trigger security and quality findings
+           # https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+           # TODO: Resolve the issues and then enable it again
+           #queries: +security-and-quality
+
+      # A simple 'yes' and 'no' can be confusing, so we use names to display in the current job then convert them for use in the compiler.
+      - name: Variable Parsing - PRE
+        if: ${{ matrix.mode == 'PRE' }} 
+        run: |
+          echo "PRERE=yes" >> $GITHUB_ENV
+      - name: Variable Parsing - RE
+        if: ${{ matrix.mode == 'RE' }} 
+        run: |
+          echo "PRERE=no" >> $GITHUB_ENV
+
+      - name: Update & Install packages
+        # Ubuntu runners already have most of the packages rAthena requires to build.
+        # https://github.com/actions/virtual-environments/blob/main/images/linux/Ubuntu2004-Readme.md
+        run: |
+          sudo apt update
+          sudo apt install zlib1g-dev libpcre3-dev gcc-${{ matrix.gcc }} g++-${{ matrix.gcc }}
+
+      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+      # If this step fails, then you should remove it and run the build manually (see below)
+      #- name: Autobuild
+      #  uses: github/codeql-action/autobuild@v2
+
+      # ✏️ If the Autobuild fails above, remove it and uncomment the following
+      #    three lines and modify them (or add more) to build your code if your
+      #    project uses a compiled language
+      - name: Command - configure
+        env:
+            CONFIGURE_FLAGS: 'CC=gcc-${{ matrix.gcc }} CXX=g++-${{ matrix.gcc }} --enable-prere=${{ env.PRERE }} --enable-buildbot=yes'
+        run: ./configure $CONFIGURE_FLAGS
+
+      - name: Command - make clean
+        run: make clean
+
+      - name: Command - make server
+        run: make server
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
diff --git a/src/common/ers.cpp b/src/common/ers.cpp
index dea4047481..29af2037c2 100644
--- a/src/common/ers.cpp
+++ b/src/common/ers.cpp
@@ -193,7 +193,7 @@ static void *ers_obj_alloc_entry(ERS *self)
 		instance->Cache->ReuseList = instance->Cache->ReuseList->Next;
 	} else if (instance->Cache->Free > 0) {
 		instance->Cache->Free--;
-		ret = &instance->Cache->Blocks[instance->Cache->Used - 1][instance->Cache->Free * instance->Cache->ObjectSize + sizeof(struct ers_list)];
+		ret = &instance->Cache->Blocks[instance->Cache->Used - 1][static_cast<size_t>( instance->Cache->Free ) * static_cast<size_t>( instance->Cache->ObjectSize ) + sizeof( struct ers_list )];
 	} else {
 		if (instance->Cache->Used == instance->Cache->Max) {
 			instance->Cache->Max = (instance->Cache->Max * 4) + 3;
@@ -204,7 +204,7 @@ static void *ers_obj_alloc_entry(ERS *self)
 		instance->Cache->Used++;
 
 		instance->Cache->Free = instance->Cache->ChunkSize -1;
-		ret = &instance->Cache->Blocks[instance->Cache->Used - 1][instance->Cache->Free * instance->Cache->ObjectSize + sizeof(struct ers_list)];
+		ret = &instance->Cache->Blocks[instance->Cache->Used - 1][static_cast<size_t>( instance->Cache->Free ) * static_cast<size_t>( instance->Cache->ObjectSize ) + sizeof( struct ers_list )];
 	}
 
 	instance->Count++;
diff --git a/src/map/battle.cpp b/src/map/battle.cpp
index 55ea9f9ac2..0decc518b7 100644
--- a/src/map/battle.cpp
+++ b/src/map/battle.cpp
@@ -7017,7 +7017,7 @@ struct Damage battle_calc_magic_attack(struct block_list *src,struct block_list
 				break;
 			case NPC_ICEMINE:
 			case NPC_FLAMECROSS:
-				ad.damage = sstatus->rhw.atk * 20 * skill_lv;
+				ad.damage = static_cast<int64>( sstatus->rhw.atk ) * static_cast<int64>( 20 ) * static_cast<int64>( skill_lv );
 				break;
 			default: {
 				if (sstatus->matk_max > sstatus->matk_min) {
diff --git a/src/map/script.cpp b/src/map/script.cpp
index 2101b069d7..d83f0560e1 100644
--- a/src/map/script.cpp
+++ b/src/map/script.cpp
@@ -16954,10 +16954,6 @@ BUILDIN_FUNC(explode)
 BUILDIN_FUNC(implode)
 {
 	struct script_data* data = script_getdata(st, 2);
-	const char *name;
-	uint32 glue_len = 0, array_size, id;
-	char *output;
-	TBL_PC* sd = NULL;
 
 	if( !data_isreference(data) ) {
 		ShowError("script:implode: not a variable\n");
@@ -16966,8 +16962,8 @@ BUILDIN_FUNC(implode)
 		return SCRIPT_CMD_FAILURE;// not a variable
 	}
 
-	id = reference_getid(data);
-	name = reference_getname(data);
+	uint32 id = reference_getid( data );
+	const char* name = reference_getname( data );
 
 	if( !is_string_variable(name) ) {
 		ShowError("script:implode: not string array\n");
@@ -16975,24 +16971,24 @@ BUILDIN_FUNC(implode)
 		st->state = END;
 		return SCRIPT_CMD_FAILURE;// data type mismatch
 	}
+	
+	map_session_data* sd = nullptr;
 
 	if( not_server_variable(*name) && !script_rid2sd(sd) ) {
 		return SCRIPT_CMD_SUCCESS;// no player attached
 	}
 
 	//count chars
-	array_size = script_array_highest_key(st, sd, name, reference_getref(data)) - 1;
+	size_t array_size = script_array_highest_key( st, sd, name, reference_getref( data ) ) - 1;
 
 	if(array_size == -1) { //empty array check (AmsTaff)
 		ShowWarning("script:implode: array length = 0\n");
-		output = (char*)aMalloc(sizeof(char)*5);
-		sprintf(output,"%s","NULL");
+		script_pushstrcopy( st, "NULL" );
 	} else {
-		const char *glue = NULL, *temp;
-		size_t len = 0;
-		int i, k = 0;
+		const char *glue = nullptr, *temp;
+		size_t len = 0, glue_len = 0, k = 0;
 
-		for(i = 0; i <= array_size; ++i) {
+		for( int i = 0; i <= array_size; ++i ){
 			temp = get_val2_str( st, reference_uid( id, i ), reference_getref( data ) );
 			len += strlen(temp);
 			// Remove stack entry from get_val2_str
@@ -17003,12 +16999,13 @@ BUILDIN_FUNC(implode)
 		if( script_hasdata(st,3) ) {
 			glue = script_getstr(st,3);
 			glue_len = strlen(glue);
-			len += glue_len * (array_size);
+			len += glue_len * array_size;
 		}
-		output = (char*)aMalloc(len + 1);
+
+		char* output = (char*)aMalloc( len + 1 );
 
 		//build output
-		for(i = 0; i < array_size; ++i) {
+		for( int i = 0; i < array_size; ++i ){
 			temp = get_val2_str( st, reference_uid( id, i ), reference_getref( data ) );
 			len = strlen(temp);
 			memcpy(&output[k], temp, len);
@@ -17029,9 +17026,10 @@ BUILDIN_FUNC(implode)
 		output[k] = '\0';
 		// Remove stack entry from get_val2_str
 		script_removetop( st, -1, 0 );
+
+		script_pushstr( st, output );
 	}
 
-	script_pushstr(st, output);
 	return SCRIPT_CMD_SUCCESS;
 }