2020-06-26 17:22:19 +01:00
|
|
|
"use strict";
|
2021-07-27 17:59:59 +01:00
|
|
|
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
|
|
|
if (k2 === undefined) k2 = k;
|
2023-01-18 20:00:33 +00:00
|
|
|
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
|
|
|
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
|
|
|
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
|
|
|
}
|
|
|
|
|
Object.defineProperty(o, k2, desc);
|
2021-07-27 17:59:59 +01:00
|
|
|
}) : (function(o, m, k, k2) {
|
|
|
|
|
if (k2 === undefined) k2 = k;
|
|
|
|
|
o[k2] = m[k];
|
|
|
|
|
}));
|
|
|
|
|
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
|
|
|
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
|
|
|
}) : function(o, v) {
|
|
|
|
|
o["default"] = v;
|
|
|
|
|
});
|
2020-06-26 17:22:19 +01:00
|
|
|
var __importStar = (this && this.__importStar) || function (mod) {
|
|
|
|
|
if (mod && mod.__esModule) return mod;
|
|
|
|
|
var result = {};
|
2021-07-27 17:59:59 +01:00
|
|
|
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
|
|
|
|
|
__setModuleDefault(result, mod);
|
2020-06-26 17:22:19 +01:00
|
|
|
return result;
|
|
|
|
|
};
|
|
|
|
|
Object.defineProperty(exports, "__esModule", { value: true });
|
2023-10-04 15:45:42 +01:00
|
|
|
exports.getGeneratedCodeScanningConfigPath = exports.getTrapCachingExtractorConfigArgsForLang = exports.getTrapCachingExtractorConfigArgs = exports.getExtraOptions = exports.getCodeQLForCmd = exports.getCodeQLForTesting = exports.getCachedCodeQL = exports.setCodeQL = exports.getCodeQL = exports.setupCodeQL = exports.CODEQL_VERSION_LANGUAGE_ALIASING = exports.CODEQL_VERSION_LANGUAGE_BASELINE_CONFIG = exports.CODEQL_VERSION_RESOLVE_ENVIRONMENT = exports.CODEQL_VERSION_DIAGNOSTICS_EXPORT_FIXED = exports.CODEQL_VERSION_BETTER_NO_CODE_ERROR_MESSAGE = exports.CODEQL_VERSION_INIT_WITH_QLCONFIG = exports.CODEQL_VERSION_EXPORT_CODE_SCANNING_CONFIG = exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = exports.CommandInvocationError = void 0;
|
2020-06-26 17:22:19 +01:00
|
|
|
const fs = __importStar(require("fs"));
|
|
|
|
|
const path = __importStar(require("path"));
|
2023-07-06 11:56:49 +01:00
|
|
|
const core = __importStar(require("@actions/core"));
|
2020-11-20 11:35:59 +01:00
|
|
|
const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
|
2022-06-16 18:10:13 -07:00
|
|
|
const yaml = __importStar(require("js-yaml"));
|
2020-09-29 14:43:37 +01:00
|
|
|
const actions_util_1 = require("./actions-util");
|
2023-07-06 12:28:03 +01:00
|
|
|
const environment_1 = require("./environment");
|
2023-03-09 16:44:45 +00:00
|
|
|
const feature_flags_1 = require("./feature-flags");
|
2021-09-15 14:49:20 +01:00
|
|
|
const languages_1 = require("./languages");
|
2023-01-10 13:16:22 +00:00
|
|
|
const setupCodeql = __importStar(require("./setup-codeql"));
|
2020-10-01 11:03:30 +01:00
|
|
|
const util = __importStar(require("./util"));
|
2023-04-06 17:04:21 +01:00
|
|
|
const util_1 = require("./util");
|
2021-06-24 17:30:42 +01:00
|
|
|
class CommandInvocationError extends Error {
|
2023-10-06 15:53:15 +01:00
|
|
|
constructor(cmd, args, exitCode, stderr, stdout) {
|
2023-07-20 18:58:37 +01:00
|
|
|
const prettyCommand = [cmd, ...args]
|
|
|
|
|
.map((x) => (x.includes(" ") ? `'${x}'` : x))
|
|
|
|
|
.join(" ");
|
2023-10-06 15:53:15 +01:00
|
|
|
const fatalErrors = extractFatalErrors(stderr);
|
|
|
|
|
const lastLine = stderr.trim().split("\n").pop()?.trim();
|
|
|
|
|
let error = fatalErrors
|
|
|
|
|
? ` and error was: ${fatalErrors.trim()}`
|
|
|
|
|
: lastLine
|
|
|
|
|
? ` and last log line was: ${lastLine}`
|
|
|
|
|
: "";
|
|
|
|
|
if (error[error.length - 1] !== ".") {
|
|
|
|
|
error += ".";
|
|
|
|
|
}
|
2023-07-21 14:26:44 +01:00
|
|
|
super(`Encountered a fatal error while running "${prettyCommand}". ` +
|
2023-10-06 15:53:15 +01:00
|
|
|
`Exit code was ${exitCode}${error} See the logs for more details.`);
|
2023-07-20 18:16:02 +01:00
|
|
|
this.exitCode = exitCode;
|
2023-10-06 15:53:15 +01:00
|
|
|
this.stderr = stderr;
|
|
|
|
|
this.stdout = stdout;
|
2021-06-24 17:30:42 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
exports.CommandInvocationError = CommandInvocationError;
|
2020-06-26 15:33:59 +01:00
|
|
|
/**
|
2020-07-15 17:36:49 +01:00
|
|
|
* Stores the CodeQL object, and is populated by `setupCodeQL` or `getCodeQL`.
|
2020-06-26 15:33:59 +01:00
|
|
|
* Can be overridden in tests using `setCodeQL`.
|
|
|
|
|
*/
|
|
|
|
|
let cachedCodeQL = undefined;
|
2021-08-18 10:15:48 +01:00
|
|
|
/**
|
|
|
|
|
* The oldest version of CodeQL that the Action will run with. This should be
|
2022-11-11 18:00:58 +00:00
|
|
|
* at least three minor versions behind the current version and must include the
|
|
|
|
|
* CLI versions shipped with each supported version of GHES.
|
2021-08-18 10:15:48 +01:00
|
|
|
*
|
2022-11-11 18:00:58 +00:00
|
|
|
* The version flags below can be used to conditionally enable certain features
|
|
|
|
|
* on versions newer than this.
|
2021-08-18 10:15:48 +01:00
|
|
|
*/
|
2023-09-27 16:08:27 +01:00
|
|
|
const CODEQL_MINIMUM_VERSION = "2.10.5";
|
2023-07-06 11:56:49 +01:00
|
|
|
/**
|
|
|
|
|
* This version will shortly become the oldest version of CodeQL that the Action will run with.
|
|
|
|
|
*/
|
2023-09-14 16:34:07 +01:00
|
|
|
const CODEQL_NEXT_MINIMUM_VERSION = "2.10.5";
|
|
|
|
|
/**
|
|
|
|
|
* This is the version of GHES that was most recently deprecated.
|
|
|
|
|
*/
|
|
|
|
|
const GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.6";
|
|
|
|
|
/**
|
|
|
|
|
* This is the deprecation date for the version of GHES that was most recently deprecated.
|
|
|
|
|
*/
|
|
|
|
|
const GHES_MOST_RECENT_DEPRECATION_DATE = "2023-09-12";
|
2023-09-27 16:16:13 +01:00
|
|
|
/*
|
2021-08-18 09:44:49 +01:00
|
|
|
* Versions of CodeQL that version-flag certain functionality in the Action.
|
2021-08-18 10:15:48 +01:00
|
|
|
* For convenience, please keep these in descending order. Once a version
|
|
|
|
|
* flag is older than the oldest supported version above, it may be removed.
|
2021-08-18 09:44:49 +01:00
|
|
|
*/
|
2022-12-05 14:10:06 +00:00
|
|
|
const CODEQL_VERSION_FILE_BASELINE_INFORMATION = "2.11.3";
|
2023-02-06 11:26:03 -08:00
|
|
|
/**
|
2023-07-05 16:26:20 +01:00
|
|
|
* Versions 2.11.1+ of the CodeQL Bundle include a `security-experimental` built-in query suite for
|
|
|
|
|
* each language.
|
2023-02-06 11:26:03 -08:00
|
|
|
*/
|
|
|
|
|
exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = "2.12.1";
|
2023-07-05 16:26:20 +01:00
|
|
|
/**
|
|
|
|
|
* Versions 2.12.3+ of the CodeQL CLI support exporting configuration information from a code
|
|
|
|
|
* scanning config file to SARIF.
|
|
|
|
|
*/
|
|
|
|
|
exports.CODEQL_VERSION_EXPORT_CODE_SCANNING_CONFIG = "2.12.3";
|
2023-02-07 10:40:49 -08:00
|
|
|
/**
|
2023-03-06 10:46:36 +00:00
|
|
|
* Versions 2.12.4+ of the CodeQL CLI support the `--qlconfig-file` flag in calls to `database init`.
|
2023-02-07 10:40:49 -08:00
|
|
|
*/
|
2023-02-26 18:35:21 -08:00
|
|
|
exports.CODEQL_VERSION_INIT_WITH_QLCONFIG = "2.12.4";
|
2023-07-20 18:16:02 +01:00
|
|
|
/**
|
|
|
|
|
* Versions 2.12.4+ of the CodeQL CLI provide a better error message when `database finalize`
|
|
|
|
|
* determines that no code has been found.
|
|
|
|
|
*/
|
|
|
|
|
exports.CODEQL_VERSION_BETTER_NO_CODE_ERROR_MESSAGE = "2.12.4";
|
2023-08-03 22:22:31 +01:00
|
|
|
/**
|
|
|
|
|
* Versions 2.13.1+ of the CodeQL CLI fix a bug where diagnostics export could produce invalid SARIF.
|
|
|
|
|
*/
|
|
|
|
|
exports.CODEQL_VERSION_DIAGNOSTICS_EXPORT_FIXED = "2.13.1";
|
2023-06-15 10:15:03 +01:00
|
|
|
/**
|
|
|
|
|
* Versions 2.13.4+ of the CodeQL CLI support the `resolve build-environment` command.
|
|
|
|
|
*/
|
|
|
|
|
exports.CODEQL_VERSION_RESOLVE_ENVIRONMENT = "2.13.4";
|
2023-09-05 14:36:51 +02:00
|
|
|
/**
|
|
|
|
|
* Versions 2.14.2+ of the CodeQL CLI support language-specific baseline configuration.
|
|
|
|
|
*/
|
|
|
|
|
exports.CODEQL_VERSION_LANGUAGE_BASELINE_CONFIG = "2.14.2";
|
2023-09-14 15:26:38 +01:00
|
|
|
/**
|
|
|
|
|
* Versions 2.14.4+ of the CodeQL CLI support language aliasing.
|
|
|
|
|
*/
|
|
|
|
|
exports.CODEQL_VERSION_LANGUAGE_ALIASING = "2.14.4";
|
2022-03-17 10:07:29 -07:00
|
|
|
/**
|
|
|
|
|
* Set up CodeQL CLI access.
|
|
|
|
|
*
|
2023-01-05 16:54:18 +00:00
|
|
|
* @param toolsInput
|
2022-03-17 10:07:29 -07:00
|
|
|
* @param apiDetails
|
|
|
|
|
* @param tempDir
|
|
|
|
|
* @param variant
|
2023-01-10 13:16:22 +00:00
|
|
|
* @param defaultCliVersion
|
2022-03-17 10:07:29 -07:00
|
|
|
* @param logger
|
|
|
|
|
* @param checkVersion Whether to check that CodeQL CLI meets the minimum
|
|
|
|
|
* version requirement. Must be set to true outside tests.
|
2022-10-05 09:16:42 -07:00
|
|
|
* @returns a { CodeQL, toolsVersion } object.
|
2022-03-17 10:07:29 -07:00
|
|
|
*/
|
2023-02-08 15:20:51 +00:00
|
|
|
async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, logger, checkVersion) {
|
2020-06-26 17:22:19 +01:00
|
|
|
try {
|
2023-02-08 15:20:51 +00:00
|
|
|
const { codeqlFolder, toolsDownloadDurationMs, toolsSource, toolsVersion } = await setupCodeql.setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, logger);
|
2020-09-14 10:44:43 +01:00
|
|
|
let codeqlCmd = path.join(codeqlFolder, "codeql", "codeql");
|
|
|
|
|
if (process.platform === "win32") {
|
2020-06-26 17:22:19 +01:00
|
|
|
codeqlCmd += ".exe";
|
|
|
|
|
}
|
2020-09-14 10:44:43 +01:00
|
|
|
else if (process.platform !== "linux" && process.platform !== "darwin") {
|
|
|
|
|
throw new Error(`Unsupported platform: ${process.platform}`);
|
2020-06-26 17:22:19 +01:00
|
|
|
}
|
2021-08-18 10:15:48 +01:00
|
|
|
cachedCodeQL = await getCodeQLForCmd(codeqlCmd, checkVersion);
|
2023-01-25 11:09:18 -08:00
|
|
|
return {
|
|
|
|
|
codeql: cachedCodeQL,
|
|
|
|
|
toolsDownloadDurationMs,
|
|
|
|
|
toolsSource,
|
|
|
|
|
toolsVersion,
|
|
|
|
|
};
|
2020-06-26 17:22:19 +01:00
|
|
|
}
|
|
|
|
|
catch (e) {
|
2023-04-24 07:46:45 -07:00
|
|
|
throw new Error(`Unable to download and extract CodeQL CLI: ${(0, util_1.wrapError)(e).message}`);
|
2020-06-26 17:22:19 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
exports.setupCodeQL = setupCodeQL;
|
2020-08-19 15:54:23 +01:00
|
|
|
/**
|
|
|
|
|
* Use the CodeQL executable located at the given path.
|
|
|
|
|
*/
|
2021-08-18 10:15:48 +01:00
|
|
|
async function getCodeQL(cmd) {
|
2020-06-26 15:33:59 +01:00
|
|
|
if (cachedCodeQL === undefined) {
|
2021-08-18 10:15:48 +01:00
|
|
|
cachedCodeQL = await getCodeQLForCmd(cmd, true);
|
2020-06-26 15:33:59 +01:00
|
|
|
}
|
|
|
|
|
return cachedCodeQL;
|
2020-06-26 17:22:19 +01:00
|
|
|
}
|
|
|
|
|
exports.getCodeQL = getCodeQL;
|
2020-08-19 15:54:23 +01:00
|
|
|
function resolveFunction(partialCodeql, methodName, defaultImplementation) {
|
2020-09-14 10:44:43 +01:00
|
|
|
if (typeof partialCodeql[methodName] !== "function") {
|
2020-08-19 15:54:23 +01:00
|
|
|
if (defaultImplementation !== undefined) {
|
|
|
|
|
return defaultImplementation;
|
|
|
|
|
}
|
2020-06-26 15:33:59 +01:00
|
|
|
const dummyMethod = () => {
|
2020-09-14 10:44:43 +01:00
|
|
|
throw new Error(`CodeQL ${methodName} method not correctly defined`);
|
2020-06-26 15:33:59 +01:00
|
|
|
};
|
|
|
|
|
return dummyMethod;
|
|
|
|
|
}
|
|
|
|
|
return partialCodeql[methodName];
|
|
|
|
|
}
|
2020-07-15 17:36:49 +01:00
|
|
|
/**
|
|
|
|
|
* Set the functionality for CodeQL methods. Only for use in tests.
|
|
|
|
|
*
|
|
|
|
|
* Accepts a partial object and any undefined methods will be implemented
|
|
|
|
|
* to immediately throw an exception indicating which method is missing.
|
|
|
|
|
*/
|
2020-06-26 15:33:59 +01:00
|
|
|
function setCodeQL(partialCodeql) {
|
|
|
|
|
cachedCodeQL = {
|
2020-09-14 10:44:43 +01:00
|
|
|
getPath: resolveFunction(partialCodeql, "getPath", () => "/tmp/dummy-path"),
|
2023-10-04 15:45:42 +01:00
|
|
|
getVersion: resolveFunction(partialCodeql, "getVersion", () => new Promise((resolve) => resolve({
|
|
|
|
|
version: "1.0.0",
|
|
|
|
|
}))),
|
2020-09-14 10:44:43 +01:00
|
|
|
printVersion: resolveFunction(partialCodeql, "printVersion"),
|
2021-09-15 14:49:20 +01:00
|
|
|
databaseInitCluster: resolveFunction(partialCodeql, "databaseInitCluster"),
|
2020-09-14 10:44:43 +01:00
|
|
|
runAutobuild: resolveFunction(partialCodeql, "runAutobuild"),
|
|
|
|
|
extractScannedLanguage: resolveFunction(partialCodeql, "extractScannedLanguage"),
|
|
|
|
|
finalizeDatabase: resolveFunction(partialCodeql, "finalizeDatabase"),
|
2021-05-23 16:27:46 +02:00
|
|
|
resolveLanguages: resolveFunction(partialCodeql, "resolveLanguages"),
|
2022-08-02 17:52:22 +01:00
|
|
|
betterResolveLanguages: resolveFunction(partialCodeql, "betterResolveLanguages"),
|
2020-09-14 10:44:43 +01:00
|
|
|
resolveQueries: resolveFunction(partialCodeql, "resolveQueries"),
|
2023-05-18 20:12:12 +01:00
|
|
|
resolveBuildEnvironment: resolveFunction(partialCodeql, "resolveBuildEnvironment"),
|
2021-06-03 09:32:44 -07:00
|
|
|
packDownload: resolveFunction(partialCodeql, "packDownload"),
|
2021-05-24 17:26:13 +01:00
|
|
|
databaseCleanup: resolveFunction(partialCodeql, "databaseCleanup"),
|
2021-06-22 13:05:12 +01:00
|
|
|
databaseBundle: resolveFunction(partialCodeql, "databaseBundle"),
|
2021-06-04 14:28:55 +01:00
|
|
|
databaseRunQueries: resolveFunction(partialCodeql, "databaseRunQueries"),
|
|
|
|
|
databaseInterpretResults: resolveFunction(partialCodeql, "databaseInterpretResults"),
|
2021-09-28 09:25:35 +01:00
|
|
|
databasePrintBaseline: resolveFunction(partialCodeql, "databasePrintBaseline"),
|
2023-03-20 14:09:04 -07:00
|
|
|
databaseExportDiagnostics: resolveFunction(partialCodeql, "databaseExportDiagnostics"),
|
2022-11-09 17:32:21 +00:00
|
|
|
diagnosticsExport: resolveFunction(partialCodeql, "diagnosticsExport"),
|
2023-05-16 11:18:16 +01:00
|
|
|
resolveExtractor: resolveFunction(partialCodeql, "resolveExtractor"),
|
2020-06-26 15:33:59 +01:00
|
|
|
};
|
2020-08-19 15:54:23 +01:00
|
|
|
return cachedCodeQL;
|
2020-06-26 15:33:59 +01:00
|
|
|
}
|
|
|
|
|
exports.setCodeQL = setCodeQL;
|
2020-08-19 15:54:23 +01:00
|
|
|
/**
|
|
|
|
|
* Get the cached CodeQL object. Should only be used from tests.
|
|
|
|
|
*
|
|
|
|
|
* TODO: Work out a good way for tests to get this from the test context
|
|
|
|
|
* instead of having to have this method.
|
|
|
|
|
*/
|
|
|
|
|
function getCachedCodeQL() {
|
|
|
|
|
if (cachedCodeQL === undefined) {
|
|
|
|
|
// Should never happen as setCodeQL is called by testing-utils.setupTests
|
2020-09-14 10:44:43 +01:00
|
|
|
throw new Error("cachedCodeQL undefined");
|
2020-08-19 15:54:23 +01:00
|
|
|
}
|
|
|
|
|
return cachedCodeQL;
|
|
|
|
|
}
|
|
|
|
|
exports.getCachedCodeQL = getCachedCodeQL;
|
2021-11-03 13:19:01 -07:00
|
|
|
/**
|
|
|
|
|
* Get a real, newly created CodeQL instance for testing. The instance refers to
|
|
|
|
|
* a non-existent placeholder codeql command, so tests that use this function
|
|
|
|
|
* should also stub the toolrunner.ToolRunner constructor.
|
|
|
|
|
*/
|
2022-06-27 16:01:48 +00:00
|
|
|
async function getCodeQLForTesting(cmd = "codeql-for-testing") {
|
|
|
|
|
return getCodeQLForCmd(cmd, false);
|
2021-11-03 13:19:01 -07:00
|
|
|
}
|
|
|
|
|
exports.getCodeQLForTesting = getCodeQLForTesting;
|
2022-03-17 10:07:29 -07:00
|
|
|
/**
|
|
|
|
|
* Return a CodeQL object for CodeQL CLI access.
|
|
|
|
|
*
|
|
|
|
|
* @param cmd Path to CodeQL CLI
|
|
|
|
|
* @param checkVersion Whether to check that CodeQL CLI meets the minimum
|
|
|
|
|
* version requirement. Must be set to true outside tests.
|
|
|
|
|
* @returns A new CodeQL object
|
|
|
|
|
*/
|
2021-08-18 10:15:48 +01:00
|
|
|
async function getCodeQLForCmd(cmd, checkVersion) {
|
|
|
|
|
const codeql = {
|
2020-09-14 10:44:43 +01:00
|
|
|
getPath() {
|
2020-08-19 15:54:23 +01:00
|
|
|
return cmd;
|
2020-06-26 17:22:19 +01:00
|
|
|
},
|
2021-08-12 16:02:19 +01:00
|
|
|
async getVersion() {
|
2022-03-17 10:07:29 -07:00
|
|
|
let result = util.getCachedCodeQlVersion();
|
|
|
|
|
if (result === undefined) {
|
2023-10-04 15:49:25 +01:00
|
|
|
const output = await runTool(cmd, ["version", "--format=json"]);
|
|
|
|
|
try {
|
|
|
|
|
result = JSON.parse(output);
|
|
|
|
|
}
|
|
|
|
|
catch (err) {
|
|
|
|
|
throw Error(`Invalid JSON output from \`version --format=json\`: ${output}`);
|
|
|
|
|
}
|
2022-03-17 10:07:29 -07:00
|
|
|
util.cacheCodeQlVersion(result);
|
|
|
|
|
}
|
|
|
|
|
return result;
|
2021-08-12 16:02:19 +01:00
|
|
|
},
|
2020-09-14 10:44:43 +01:00
|
|
|
async printVersion() {
|
2021-06-09 13:17:25 -07:00
|
|
|
await runTool(cmd, ["version", "--format=json"]);
|
2020-06-26 17:22:19 +01:00
|
|
|
},
|
2023-03-09 16:46:51 +00:00
|
|
|
async databaseInitCluster(config, sourceRoot, processName, features, qlconfigFile, logger) {
|
2022-03-01 14:33:00 +00:00
|
|
|
const extraArgs = config.languages.map((language) => `--language=${language}`);
|
2022-11-14 13:54:35 -08:00
|
|
|
if (config.languages.filter((l) => (0, languages_1.isTracedLanguage)(l)).length > 0) {
|
2021-09-15 14:49:20 +01:00
|
|
|
extraArgs.push("--begin-tracing");
|
2023-07-19 17:30:23 +01:00
|
|
|
extraArgs.push(...(await getTrapCachingExtractorConfigArgs(config)));
|
2022-11-14 18:49:17 +00:00
|
|
|
extraArgs.push(`--trace-process-name=${processName}`);
|
2021-09-15 14:49:20 +01:00
|
|
|
}
|
2023-02-09 11:19:27 -08:00
|
|
|
// A code scanning config file is only generated if the CliConfigFileEnabled feature flag is enabled.
|
2023-03-09 16:46:51 +00:00
|
|
|
const codeScanningConfigFile = await generateCodeScanningConfig(codeql, config, features, logger);
|
2023-01-10 12:17:26 -08:00
|
|
|
// Only pass external repository token if a config file is going to be parsed by the CLI.
|
|
|
|
|
let externalRepositoryToken;
|
2023-02-09 11:19:27 -08:00
|
|
|
if (codeScanningConfigFile) {
|
2023-01-05 17:34:59 -08:00
|
|
|
externalRepositoryToken = (0, actions_util_1.getOptionalInput)("external-repository-token");
|
2023-02-09 11:19:27 -08:00
|
|
|
extraArgs.push(`--codescanning-config=${codeScanningConfigFile}`);
|
2023-01-05 17:34:59 -08:00
|
|
|
if (externalRepositoryToken) {
|
|
|
|
|
extraArgs.push("--external-repository-token-stdin");
|
|
|
|
|
}
|
2022-06-16 18:10:13 -07:00
|
|
|
}
|
2023-03-06 10:26:34 +00:00
|
|
|
if (qlconfigFile !== undefined &&
|
|
|
|
|
(await util.codeQlVersionAbove(this, exports.CODEQL_VERSION_INIT_WITH_QLCONFIG))) {
|
2023-03-06 10:46:36 +00:00
|
|
|
extraArgs.push(`--qlconfig-file=${qlconfigFile}`);
|
2023-02-07 10:40:49 -08:00
|
|
|
}
|
2023-09-05 14:36:51 +02:00
|
|
|
if (await util.codeQlVersionAbove(this, exports.CODEQL_VERSION_LANGUAGE_BASELINE_CONFIG)) {
|
2023-08-11 17:20:42 +01:00
|
|
|
extraArgs.push("--calculate-language-specific-baseline");
|
|
|
|
|
}
|
2023-09-26 11:29:48 +01:00
|
|
|
if (await features.getValue(feature_flags_1.Feature.SublanguageFileCoverageEnabled, this)) {
|
|
|
|
|
extraArgs.push("--sublanguage-file-coverage");
|
|
|
|
|
}
|
|
|
|
|
else if (await util.codeQlVersionAbove(this, feature_flags_1.CODEQL_VERSION_SUBLANGUAGE_FILE_COVERAGE)) {
|
|
|
|
|
extraArgs.push("--no-sublanguage-file-coverage");
|
|
|
|
|
}
|
2021-09-15 14:49:20 +01:00
|
|
|
await runTool(cmd, [
|
|
|
|
|
"database",
|
|
|
|
|
"init",
|
|
|
|
|
"--db-cluster",
|
2022-03-01 14:33:00 +00:00
|
|
|
config.dbLocation,
|
2021-09-15 14:49:20 +01:00
|
|
|
`--source-root=${sourceRoot}`,
|
2023-10-05 14:54:24 +01:00
|
|
|
...(await getLanguageAliasingArguments(this)),
|
2021-09-15 14:49:20 +01:00
|
|
|
...extraArgs,
|
|
|
|
|
...getExtraOptionsFromEnv(["database", "init"]),
|
2023-01-10 12:17:26 -08:00
|
|
|
], { stdin: externalRepositoryToken });
|
2021-09-15 14:49:20 +01:00
|
|
|
},
|
2020-09-14 10:44:43 +01:00
|
|
|
async runAutobuild(language) {
|
2023-05-16 11:18:16 +01:00
|
|
|
const autobuildCmd = path.join(await this.resolveExtractor(language), "tools", process.platform === "win32" ? "autobuild.cmd" : "autobuild.sh");
|
2020-07-02 14:45:14 +01:00
|
|
|
// Update JAVA_TOOL_OPTIONS to contain '-Dhttp.keepAlive=false'
|
|
|
|
|
// This is because of an issue with Azure pipelines timing out connections after 4 minutes
|
|
|
|
|
// and Maven not properly handling closed connections
|
|
|
|
|
// Otherwise long build processes will timeout when pulling down Java packages
|
|
|
|
|
// https://developercommunity.visualstudio.com/content/problem/292284/maven-hosted-agent-connection-timeout.html
|
2020-09-14 10:44:43 +01:00
|
|
|
const javaToolOptions = process.env["JAVA_TOOL_OPTIONS"] || "";
|
|
|
|
|
process.env["JAVA_TOOL_OPTIONS"] = [
|
|
|
|
|
...javaToolOptions.split(/\s+/),
|
|
|
|
|
"-Dhttp.keepAlive=false",
|
|
|
|
|
"-Dmaven.wagon.http.pool=false",
|
|
|
|
|
].join(" ");
|
2022-07-25 14:31:52 -07:00
|
|
|
// On macOS, System Integrity Protection (SIP) typically interferes with
|
|
|
|
|
// CodeQL build tracing of protected binaries.
|
|
|
|
|
// The usual workaround is to prefix `$CODEQL_RUNNER` to build commands:
|
|
|
|
|
// `$CODEQL_RUNNER` (not to be confused with the deprecated CodeQL Runner tool)
|
|
|
|
|
// points to a simple wrapper binary included with the CLI, and the extra layer of
|
|
|
|
|
// process indirection helps the tracer bypass SIP.
|
|
|
|
|
// The above SIP workaround is *not* needed here.
|
|
|
|
|
// At the `autobuild` step in the Actions workflow, we assume the `init` step
|
|
|
|
|
// has successfully run, and will have exported `DYLD_INSERT_LIBRARIES`
|
|
|
|
|
// into the environment of subsequent steps, to activate the tracer.
|
|
|
|
|
// When `DYLD_INSERT_LIBRARIES` is set in the environment for a step,
|
|
|
|
|
// the Actions runtime introduces its own workaround for SIP
|
|
|
|
|
// (https://github.com/actions/runner/pull/416).
|
2021-12-08 10:07:10 -08:00
|
|
|
await runTool(autobuildCmd);
|
2020-07-02 14:45:14 +01:00
|
|
|
},
|
2022-09-13 11:19:13 +00:00
|
|
|
async extractScannedLanguage(config, language) {
|
2022-08-02 17:52:22 +01:00
|
|
|
const databasePath = util.getCodeQLDatabasePath(config, language);
|
2020-06-26 17:22:19 +01:00
|
|
|
// Set trace command
|
2020-09-14 10:44:43 +01:00
|
|
|
const ext = process.platform === "win32" ? ".cmd" : ".sh";
|
2023-05-16 11:18:16 +01:00
|
|
|
const traceCommand = path.resolve(await this.resolveExtractor(language), "tools", `autobuild${ext}`);
|
2020-06-26 17:22:19 +01:00
|
|
|
// Run trace command
|
2023-07-20 18:31:37 +01:00
|
|
|
await runTool(cmd, [
|
2020-09-14 10:44:43 +01:00
|
|
|
"database",
|
|
|
|
|
"trace-command",
|
2023-07-19 17:30:23 +01:00
|
|
|
...(await getTrapCachingExtractorConfigArgsForLang(config, language)),
|
2020-09-14 10:44:43 +01:00
|
|
|
...getExtraOptionsFromEnv(["database", "trace-command"]),
|
2020-07-02 14:45:14 +01:00
|
|
|
databasePath,
|
2020-09-14 10:44:43 +01:00
|
|
|
"--",
|
|
|
|
|
traceCommand,
|
2023-07-20 18:31:37 +01:00
|
|
|
]);
|
2020-06-26 17:22:19 +01:00
|
|
|
},
|
2021-08-12 16:02:19 +01:00
|
|
|
async finalizeDatabase(databasePath, threadsFlag, memoryFlag) {
|
|
|
|
|
const args = [
|
2020-09-14 10:44:43 +01:00
|
|
|
"database",
|
|
|
|
|
"finalize",
|
2021-06-09 15:00:42 +01:00
|
|
|
"--finalize-dataset",
|
2020-11-03 08:25:40 -08:00
|
|
|
threadsFlag,
|
2022-11-11 18:05:24 +00:00
|
|
|
memoryFlag,
|
2020-09-14 10:44:43 +01:00
|
|
|
...getExtraOptionsFromEnv(["database", "finalize"]),
|
|
|
|
|
databasePath,
|
2021-08-12 16:02:19 +01:00
|
|
|
];
|
2023-07-20 18:16:02 +01:00
|
|
|
try {
|
|
|
|
|
await runTool(cmd, args);
|
|
|
|
|
}
|
|
|
|
|
catch (e) {
|
|
|
|
|
if (e instanceof CommandInvocationError &&
|
|
|
|
|
!(await util.codeQlVersionAbove(this, exports.CODEQL_VERSION_BETTER_NO_CODE_ERROR_MESSAGE)) &&
|
|
|
|
|
isNoCodeFoundError(e)) {
|
|
|
|
|
throw new util.UserError("No code found during the build. Please see: " +
|
|
|
|
|
"https://gh.io/troubleshooting-code-scanning/no-source-code-seen-during-build");
|
|
|
|
|
}
|
|
|
|
|
throw e;
|
|
|
|
|
}
|
2020-06-26 17:22:19 +01:00
|
|
|
},
|
2021-05-23 16:27:46 +02:00
|
|
|
async resolveLanguages() {
|
2022-01-21 13:44:52 +00:00
|
|
|
const codeqlArgs = [
|
|
|
|
|
"resolve",
|
|
|
|
|
"languages",
|
|
|
|
|
"--format=json",
|
|
|
|
|
...getExtraOptionsFromEnv(["resolve", "languages"]),
|
|
|
|
|
];
|
2021-06-09 13:17:25 -07:00
|
|
|
const output = await runTool(cmd, codeqlArgs);
|
2021-05-24 11:00:02 +02:00
|
|
|
try {
|
|
|
|
|
return JSON.parse(output);
|
|
|
|
|
}
|
|
|
|
|
catch (e) {
|
|
|
|
|
throw new Error(`Unexpected output from codeql resolve languages: ${e}`);
|
|
|
|
|
}
|
2021-05-23 16:27:46 +02:00
|
|
|
},
|
2022-08-02 17:52:22 +01:00
|
|
|
async betterResolveLanguages() {
|
|
|
|
|
const codeqlArgs = [
|
|
|
|
|
"resolve",
|
|
|
|
|
"languages",
|
|
|
|
|
"--format=betterjson",
|
|
|
|
|
"--extractor-options-verbosity=4",
|
2023-10-05 14:54:24 +01:00
|
|
|
...(await getLanguageAliasingArguments(this)),
|
2022-08-02 17:52:22 +01:00
|
|
|
...getExtraOptionsFromEnv(["resolve", "languages"]),
|
|
|
|
|
];
|
|
|
|
|
const output = await runTool(cmd, codeqlArgs);
|
|
|
|
|
try {
|
|
|
|
|
return JSON.parse(output);
|
|
|
|
|
}
|
|
|
|
|
catch (e) {
|
|
|
|
|
throw new Error(`Unexpected output from codeql resolve languages with --format=betterjson: ${e}`);
|
|
|
|
|
}
|
|
|
|
|
},
|
2020-09-14 10:44:43 +01:00
|
|
|
async resolveQueries(queries, extraSearchPath) {
|
2020-06-26 15:33:59 +01:00
|
|
|
const codeqlArgs = [
|
2020-09-14 10:44:43 +01:00
|
|
|
"resolve",
|
|
|
|
|
"queries",
|
2020-06-26 17:22:19 +01:00
|
|
|
...queries,
|
2020-09-14 10:44:43 +01:00
|
|
|
"--format=bylanguage",
|
|
|
|
|
...getExtraOptionsFromEnv(["resolve", "queries"]),
|
2020-06-26 15:33:59 +01:00
|
|
|
];
|
|
|
|
|
if (extraSearchPath !== undefined) {
|
2021-05-20 19:03:50 +00:00
|
|
|
codeqlArgs.push("--additional-packs", extraSearchPath);
|
2020-06-26 15:33:59 +01:00
|
|
|
}
|
2021-06-09 13:17:25 -07:00
|
|
|
const output = await runTool(cmd, codeqlArgs);
|
2021-05-24 11:00:02 +02:00
|
|
|
try {
|
|
|
|
|
return JSON.parse(output);
|
|
|
|
|
}
|
|
|
|
|
catch (e) {
|
|
|
|
|
throw new Error(`Unexpected output from codeql resolve queries: ${e}`);
|
|
|
|
|
}
|
2020-06-26 17:22:19 +01:00
|
|
|
},
|
2023-06-02 19:36:07 +01:00
|
|
|
async resolveBuildEnvironment(workingDir, language) {
|
2023-05-18 20:12:12 +01:00
|
|
|
const codeqlArgs = [
|
|
|
|
|
"resolve",
|
|
|
|
|
"build-environment",
|
|
|
|
|
`--language=${language}`,
|
2023-10-05 14:54:24 +01:00
|
|
|
...(await getLanguageAliasingArguments(this)),
|
2023-05-18 20:12:12 +01:00
|
|
|
...getExtraOptionsFromEnv(["resolve", "build-environment"]),
|
|
|
|
|
];
|
2023-06-02 19:36:07 +01:00
|
|
|
if (workingDir !== undefined) {
|
|
|
|
|
codeqlArgs.push("--working-dir", workingDir);
|
|
|
|
|
}
|
2023-05-18 20:12:12 +01:00
|
|
|
const output = await runTool(cmd, codeqlArgs);
|
|
|
|
|
try {
|
|
|
|
|
return JSON.parse(output);
|
|
|
|
|
}
|
|
|
|
|
catch (e) {
|
2023-06-06 12:17:21 +01:00
|
|
|
throw new Error(`Unexpected output from codeql resolve build-environment: ${e} in\n${output}`);
|
2023-05-18 20:12:12 +01:00
|
|
|
}
|
|
|
|
|
},
|
2023-07-31 09:44:35 +01:00
|
|
|
async databaseRunQueries(databasePath, extraSearchPath, querySuitePath, flags, optimizeForLastQueryRun, features) {
|
2021-06-09 13:17:25 -07:00
|
|
|
const codeqlArgs = [
|
2020-09-14 10:44:43 +01:00
|
|
|
"database",
|
2021-06-04 14:28:55 +01:00
|
|
|
"run-queries",
|
2023-02-14 11:53:52 -08:00
|
|
|
...flags,
|
2020-07-02 14:45:14 +01:00
|
|
|
databasePath,
|
2020-09-24 11:42:21 +02:00
|
|
|
"--min-disk-free=1024",
|
2021-05-05 18:09:10 +01:00
|
|
|
"-v",
|
2021-06-04 14:28:55 +01:00
|
|
|
...getExtraOptionsFromEnv(["database", "run-queries"]),
|
2021-04-01 12:38:13 +01:00
|
|
|
];
|
2023-02-15 08:45:13 -08:00
|
|
|
if (optimizeForLastQueryRun &&
|
|
|
|
|
(await util.supportExpectDiscardedCache(this))) {
|
|
|
|
|
codeqlArgs.push("--expect-discarded-cache");
|
|
|
|
|
}
|
2021-04-01 12:38:13 +01:00
|
|
|
if (extraSearchPath !== undefined) {
|
2021-06-09 13:17:25 -07:00
|
|
|
codeqlArgs.push("--additional-packs", extraSearchPath);
|
2021-04-01 12:38:13 +01:00
|
|
|
}
|
2022-06-29 12:50:24 -07:00
|
|
|
if (querySuitePath) {
|
2022-06-16 18:10:13 -07:00
|
|
|
codeqlArgs.push(querySuitePath);
|
|
|
|
|
}
|
2023-07-31 09:44:35 +01:00
|
|
|
if (await features.getValue(feature_flags_1.Feature.EvaluatorIntraLayerParallelismEnabled, this)) {
|
|
|
|
|
codeqlArgs.push("--intra-layer-parallelism");
|
|
|
|
|
}
|
2023-07-31 11:47:25 +01:00
|
|
|
else if (await util.codeQlVersionAbove(this, feature_flags_1.CODEQL_VERSION_INTRA_LAYER_PARALLELISM)) {
|
|
|
|
|
codeqlArgs.push("--no-intra-layer-parallelism");
|
|
|
|
|
}
|
2023-07-20 18:31:37 +01:00
|
|
|
await runTool(cmd, codeqlArgs);
|
2021-06-04 14:28:55 +01:00
|
|
|
},
|
2023-03-24 20:14:00 +00:00
|
|
|
async databaseInterpretResults(databasePath, querySuitePaths, sarifFile, addSnippetsFlag, threadsFlag, verbosityFlag, automationDetailsId, config, features, logger) {
|
|
|
|
|
const shouldExportDiagnostics = await features.getValue(feature_flags_1.Feature.ExportDiagnosticsEnabled, this);
|
2023-08-03 22:22:31 +01:00
|
|
|
const shouldWorkaroundInvalidNotifications = shouldExportDiagnostics &&
|
|
|
|
|
!(await isDiagnosticsExportInvalidSarifFixed(this));
|
2023-04-04 16:46:45 +01:00
|
|
|
const codeqlOutputFile = shouldWorkaroundInvalidNotifications
|
2023-03-24 20:14:00 +00:00
|
|
|
? path.join(config.tempDir, "codeql-intermediate-results.sarif")
|
|
|
|
|
: sarifFile;
|
2021-06-09 13:17:25 -07:00
|
|
|
const codeqlArgs = [
|
2021-06-04 14:28:55 +01:00
|
|
|
"database",
|
|
|
|
|
"interpret-results",
|
|
|
|
|
threadsFlag,
|
|
|
|
|
"--format=sarif-latest",
|
2022-06-28 22:51:46 +01:00
|
|
|
verbosityFlag,
|
2023-03-24 20:14:00 +00:00
|
|
|
`--output=${codeqlOutputFile}`,
|
2021-06-04 14:28:55 +01:00
|
|
|
addSnippetsFlag,
|
2022-11-11 18:05:24 +00:00
|
|
|
"--print-diagnostics-summary",
|
|
|
|
|
"--print-metrics-summary",
|
2023-05-16 18:20:13 +01:00
|
|
|
"--sarif-add-query-help",
|
2022-11-11 18:05:24 +00:00
|
|
|
"--sarif-group-rules-by-pack",
|
2023-07-05 16:26:20 +01:00
|
|
|
...(await getCodeScanningConfigExportArguments(config, this)),
|
2021-06-04 14:28:55 +01:00
|
|
|
...getExtraOptionsFromEnv(["database", "interpret-results"]),
|
|
|
|
|
];
|
2022-11-11 18:05:24 +00:00
|
|
|
if (automationDetailsId !== undefined) {
|
2021-06-09 13:17:25 -07:00
|
|
|
codeqlArgs.push("--sarif-category", automationDetailsId);
|
2021-05-03 19:41:53 +02:00
|
|
|
}
|
2022-12-05 14:10:06 +00:00
|
|
|
if (await util.codeQlVersionAbove(this, CODEQL_VERSION_FILE_BASELINE_INFORMATION)) {
|
2022-10-26 16:14:02 +01:00
|
|
|
codeqlArgs.push("--sarif-add-baseline-file-info");
|
|
|
|
|
}
|
2023-03-24 20:14:00 +00:00
|
|
|
if (shouldExportDiagnostics) {
|
2023-03-20 14:09:04 -07:00
|
|
|
codeqlArgs.push("--sarif-include-diagnostics");
|
|
|
|
|
}
|
2023-03-29 18:52:51 +01:00
|
|
|
else if (await util.codeQlVersionAbove(this, "2.12.4")) {
|
|
|
|
|
codeqlArgs.push("--no-sarif-include-diagnostics");
|
|
|
|
|
}
|
2023-08-11 15:51:44 +01:00
|
|
|
if (await features.getValue(feature_flags_1.Feature.AnalysisSummaryV2Enabled, this)) {
|
2023-07-05 18:56:55 +01:00
|
|
|
codeqlArgs.push("--new-analysis-summary");
|
|
|
|
|
}
|
2023-08-11 15:51:44 +01:00
|
|
|
else if (await util.codeQlVersionAbove(this, feature_flags_1.CODEQL_VERSION_ANALYSIS_SUMMARY_V2)) {
|
2023-07-05 18:56:55 +01:00
|
|
|
codeqlArgs.push("--no-new-analysis-summary");
|
|
|
|
|
}
|
2022-03-01 14:33:00 +00:00
|
|
|
codeqlArgs.push(databasePath);
|
2022-06-29 12:50:24 -07:00
|
|
|
if (querySuitePaths) {
|
2022-06-16 18:10:13 -07:00
|
|
|
codeqlArgs.push(...querySuitePaths);
|
|
|
|
|
}
|
2023-07-28 12:04:12 +01:00
|
|
|
// Capture the stdout, which contains the analysis summary. Don't stream it to the Actions
|
|
|
|
|
// logs to avoid printing it twice.
|
|
|
|
|
const analysisSummary = await runTool(cmd, codeqlArgs, {
|
|
|
|
|
noStreamStdout: true,
|
|
|
|
|
});
|
2023-04-04 16:46:45 +01:00
|
|
|
if (shouldWorkaroundInvalidNotifications) {
|
2023-03-27 15:44:47 +01:00
|
|
|
util.fixInvalidNotificationsInFile(codeqlOutputFile, sarifFile, logger);
|
2023-03-24 20:14:00 +00:00
|
|
|
}
|
2023-07-28 12:04:12 +01:00
|
|
|
return analysisSummary;
|
2020-09-14 10:44:43 +01:00
|
|
|
},
|
2021-09-28 09:25:35 +01:00
|
|
|
async databasePrintBaseline(databasePath) {
|
|
|
|
|
const codeqlArgs = [
|
|
|
|
|
"database",
|
|
|
|
|
"print-baseline",
|
|
|
|
|
...getExtraOptionsFromEnv(["database", "print-baseline"]),
|
|
|
|
|
databasePath,
|
|
|
|
|
];
|
|
|
|
|
return await runTool(cmd, codeqlArgs);
|
|
|
|
|
},
|
2021-06-04 10:18:24 -07:00
|
|
|
/**
|
|
|
|
|
* Download specified packs into the package cache. If the specified
|
|
|
|
|
* package and version already exists (e.g., from a previous analysis run),
|
|
|
|
|
* then it is not downloaded again (unless the extra option `--force` is
|
|
|
|
|
* specified).
|
|
|
|
|
*
|
|
|
|
|
* If no version is specified, then the latest version is
|
|
|
|
|
* downloaded. The check to determine what the latest version is is done
|
|
|
|
|
* each time this package is requested.
|
2022-08-29 12:57:46 -07:00
|
|
|
*
|
|
|
|
|
* Optionally, a `qlconfigFile` is included. If used, then this file
|
|
|
|
|
* is used to determine which registry each pack is downloaded from.
|
2021-06-04 10:18:24 -07:00
|
|
|
*/
|
2022-08-29 12:57:46 -07:00
|
|
|
async packDownload(packs, qlconfigFile) {
|
|
|
|
|
const qlconfigArg = qlconfigFile
|
|
|
|
|
? [`--qlconfig-file=${qlconfigFile}`]
|
|
|
|
|
: [];
|
2021-06-09 13:17:25 -07:00
|
|
|
const codeqlArgs = [
|
2021-06-03 09:32:44 -07:00
|
|
|
"pack",
|
|
|
|
|
"download",
|
2022-08-29 12:57:46 -07:00
|
|
|
...qlconfigArg,
|
2021-06-04 13:44:24 -07:00
|
|
|
"--format=json",
|
2022-04-29 10:54:01 -07:00
|
|
|
"--resolve-query-specs",
|
2021-06-03 09:32:44 -07:00
|
|
|
...getExtraOptionsFromEnv(["pack", "download"]),
|
2022-04-26 19:47:59 -07:00
|
|
|
...packs,
|
2021-06-03 09:32:44 -07:00
|
|
|
];
|
2021-06-09 13:17:25 -07:00
|
|
|
const output = await runTool(cmd, codeqlArgs);
|
2021-06-03 09:32:44 -07:00
|
|
|
try {
|
2021-06-07 16:05:32 -07:00
|
|
|
const parsedOutput = JSON.parse(output);
|
|
|
|
|
if (Array.isArray(parsedOutput.packs) &&
|
2021-06-08 10:24:08 -07:00
|
|
|
// TODO PackDownloadOutput will not include the version if it is not specified
|
|
|
|
|
// in the input. The version is always the latest version available.
|
|
|
|
|
// It should be added to the output, but this requires a CLI change
|
|
|
|
|
parsedOutput.packs.every((p) => p.name /* && p.version */)) {
|
2021-06-07 16:05:32 -07:00
|
|
|
return parsedOutput;
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
throw new Error("Unexpected output from pack download");
|
|
|
|
|
}
|
2021-06-03 09:32:44 -07:00
|
|
|
}
|
|
|
|
|
catch (e) {
|
2021-06-07 16:05:32 -07:00
|
|
|
throw new Error(`Attempted to download specified packs but got an error:\n${output}\n${e}`);
|
2021-06-03 09:32:44 -07:00
|
|
|
}
|
2020-09-14 10:44:43 +01:00
|
|
|
},
|
2021-05-24 17:26:13 +01:00
|
|
|
async databaseCleanup(databasePath, cleanupLevel) {
|
2021-06-09 13:17:25 -07:00
|
|
|
const codeqlArgs = [
|
2021-05-24 17:26:13 +01:00
|
|
|
"database",
|
|
|
|
|
"cleanup",
|
|
|
|
|
databasePath,
|
|
|
|
|
`--mode=${cleanupLevel}`,
|
2022-01-21 13:44:52 +00:00
|
|
|
...getExtraOptionsFromEnv(["database", "cleanup"]),
|
2021-05-24 17:26:13 +01:00
|
|
|
];
|
2021-06-09 13:17:25 -07:00
|
|
|
await runTool(cmd, codeqlArgs);
|
2021-05-24 17:26:13 +01:00
|
|
|
},
|
2022-01-07 13:11:51 +00:00
|
|
|
async databaseBundle(databasePath, outputFilePath, databaseName) {
|
2021-06-22 13:05:12 +01:00
|
|
|
const args = [
|
|
|
|
|
"database",
|
|
|
|
|
"bundle",
|
|
|
|
|
databasePath,
|
|
|
|
|
`--output=${outputFilePath}`,
|
2022-01-07 13:11:51 +00:00
|
|
|
`--name=${databaseName}`,
|
2022-01-21 13:44:52 +00:00
|
|
|
...getExtraOptionsFromEnv(["database", "bundle"]),
|
2021-06-22 13:05:12 +01:00
|
|
|
];
|
|
|
|
|
await new toolrunner.ToolRunner(cmd, args).exec();
|
|
|
|
|
},
|
2023-03-24 20:19:37 +00:00
|
|
|
async databaseExportDiagnostics(databasePath, sarifFile, automationDetailsId, tempDir, logger) {
|
2023-08-03 22:22:31 +01:00
|
|
|
const shouldWorkaroundInvalidNotifications = !(await isDiagnosticsExportInvalidSarifFixed(this));
|
2023-04-04 16:46:45 +01:00
|
|
|
const codeqlOutputFile = shouldWorkaroundInvalidNotifications
|
|
|
|
|
? path.join(tempDir, "codeql-intermediate-results.sarif")
|
|
|
|
|
: sarifFile;
|
2023-03-20 14:09:04 -07:00
|
|
|
const args = [
|
|
|
|
|
"database",
|
|
|
|
|
"export-diagnostics",
|
|
|
|
|
`${databasePath}`,
|
|
|
|
|
"--db-cluster",
|
|
|
|
|
"--format=sarif-latest",
|
2023-04-04 16:46:45 +01:00
|
|
|
`--output=${codeqlOutputFile}`,
|
2023-03-20 14:09:04 -07:00
|
|
|
"--sarif-include-diagnostics",
|
|
|
|
|
"-vvv",
|
|
|
|
|
...getExtraOptionsFromEnv(["diagnostics", "export"]),
|
|
|
|
|
];
|
|
|
|
|
if (automationDetailsId !== undefined) {
|
|
|
|
|
args.push("--sarif-category", automationDetailsId);
|
|
|
|
|
}
|
|
|
|
|
await new toolrunner.ToolRunner(cmd, args).exec();
|
2023-04-04 16:46:45 +01:00
|
|
|
if (shouldWorkaroundInvalidNotifications) {
|
|
|
|
|
// Fix invalid notifications in the SARIF file output by CodeQL.
|
|
|
|
|
util.fixInvalidNotificationsInFile(codeqlOutputFile, sarifFile, logger);
|
|
|
|
|
}
|
2023-03-20 14:09:04 -07:00
|
|
|
},
|
2023-07-05 16:26:20 +01:00
|
|
|
async diagnosticsExport(sarifFile, automationDetailsId, config) {
|
2022-11-09 17:32:21 +00:00
|
|
|
const args = [
|
|
|
|
|
"diagnostics",
|
|
|
|
|
"export",
|
|
|
|
|
"--format=sarif-latest",
|
|
|
|
|
`--output=${sarifFile}`,
|
2023-07-05 16:26:20 +01:00
|
|
|
...(await getCodeScanningConfigExportArguments(config, this)),
|
2022-11-09 17:32:21 +00:00
|
|
|
...getExtraOptionsFromEnv(["diagnostics", "export"]),
|
|
|
|
|
];
|
|
|
|
|
if (automationDetailsId !== undefined) {
|
|
|
|
|
args.push("--sarif-category", automationDetailsId);
|
|
|
|
|
}
|
|
|
|
|
await new toolrunner.ToolRunner(cmd, args).exec();
|
|
|
|
|
},
|
2023-05-16 11:18:16 +01:00
|
|
|
async resolveExtractor(language) {
|
|
|
|
|
// Request it using `format=json` so we don't need to strip the trailing new line generated by
|
|
|
|
|
// the CLI.
|
|
|
|
|
let extractorPath = "";
|
|
|
|
|
await new toolrunner.ToolRunner(cmd, [
|
|
|
|
|
"resolve",
|
|
|
|
|
"extractor",
|
|
|
|
|
"--format=json",
|
|
|
|
|
`--language=${language}`,
|
2023-10-05 14:54:24 +01:00
|
|
|
...(await getLanguageAliasingArguments(this)),
|
2023-05-16 11:18:16 +01:00
|
|
|
...getExtraOptionsFromEnv(["resolve", "extractor"]),
|
|
|
|
|
], {
|
|
|
|
|
silent: true,
|
|
|
|
|
listeners: {
|
|
|
|
|
stdout: (data) => {
|
|
|
|
|
extractorPath += data.toString();
|
|
|
|
|
},
|
|
|
|
|
stderr: (data) => {
|
|
|
|
|
process.stderr.write(data);
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
}).exec();
|
|
|
|
|
return JSON.parse(extractorPath);
|
|
|
|
|
},
|
2020-06-26 17:22:19 +01:00
|
|
|
};
|
2022-11-11 18:09:53 +00:00
|
|
|
// To ensure that status reports include the CodeQL CLI version wherever
|
|
|
|
|
// possible, we want to call getVersion(), which populates the version value
|
2022-03-17 10:07:29 -07:00
|
|
|
// used by status reporting, at the earliest opportunity. But invoking
|
|
|
|
|
// getVersion() directly here breaks tests that only pretend to create a
|
|
|
|
|
// CodeQL object. So instead we rely on the assumption that all non-test
|
|
|
|
|
// callers would set checkVersion to true, and util.codeQlVersionAbove()
|
|
|
|
|
// would call getVersion(), so the CLI version would be cached as soon as the
|
|
|
|
|
// CodeQL object is created.
|
2021-08-18 10:15:48 +01:00
|
|
|
if (checkVersion &&
|
|
|
|
|
!(await util.codeQlVersionAbove(codeql, CODEQL_MINIMUM_VERSION))) {
|
2023-10-04 11:28:28 +01:00
|
|
|
throw new Error(`Expected a CodeQL CLI with version at least ${CODEQL_MINIMUM_VERSION} but got version ${(await codeql.getVersion()).version}`);
|
2021-08-18 10:15:48 +01:00
|
|
|
}
|
2023-07-06 11:56:49 +01:00
|
|
|
else if (checkVersion &&
|
2023-07-06 12:28:03 +01:00
|
|
|
process.env[environment_1.EnvVar.SUPPRESS_DEPRECATED_SOON_WARNING] !== "true" &&
|
2023-07-06 11:56:49 +01:00
|
|
|
!(await util.codeQlVersionAbove(codeql, CODEQL_NEXT_MINIMUM_VERSION))) {
|
2023-10-04 11:28:28 +01:00
|
|
|
const result = await codeql.getVersion();
|
|
|
|
|
core.warning(`CodeQL CLI version ${result.version} was discontinued on ` +
|
2023-09-14 16:34:07 +01:00
|
|
|
`${GHES_MOST_RECENT_DEPRECATION_DATE} alongside GitHub Enterprise Server ` +
|
|
|
|
|
`${GHES_VERSION_MOST_RECENTLY_DEPRECATED} and will not be supported by the next minor ` +
|
|
|
|
|
`release of the CodeQL Action. Please update to CodeQL CLI version ` +
|
|
|
|
|
`${CODEQL_NEXT_MINIMUM_VERSION} or later. For instance, if you have specified a custom ` +
|
|
|
|
|
"version of the CLI using the 'tools' input to the 'init' Action, you can remove this " +
|
|
|
|
|
"input to use the default version.\n\n" +
|
2023-07-06 11:56:49 +01:00
|
|
|
"Alternatively, if you want to continue using CodeQL CLI version " +
|
2023-10-04 11:28:28 +01:00
|
|
|
`${result.version}, you can replace 'github/codeql-action/*@v2' by ` +
|
2023-09-14 16:34:07 +01:00
|
|
|
`'github/codeql-action/*@v${(0, actions_util_1.getActionVersion)()}' in your code scanning workflow to ` +
|
|
|
|
|
"continue using this version of the CodeQL Action.");
|
2023-07-06 12:28:03 +01:00
|
|
|
core.exportVariable(environment_1.EnvVar.SUPPRESS_DEPRECATED_SOON_WARNING, "true");
|
2023-07-06 11:56:49 +01:00
|
|
|
}
|
2021-08-18 10:15:48 +01:00
|
|
|
return codeql;
|
2020-06-26 17:22:19 +01:00
|
|
|
}
|
2023-01-09 14:53:52 +00:00
|
|
|
exports.getCodeQLForCmd = getCodeQLForCmd;
|
2020-08-10 09:25:14 +02:00
|
|
|
/**
|
|
|
|
|
* Gets the options for `path` of `options` as an array of extra option strings.
|
|
|
|
|
*/
|
2020-11-19 23:03:45 +01:00
|
|
|
function getExtraOptionsFromEnv(paths) {
|
2020-09-14 10:44:43 +01:00
|
|
|
const options = util.getExtraOptionsEnvParam();
|
2020-11-19 23:03:45 +01:00
|
|
|
return getExtraOptions(options, paths, []);
|
|
|
|
|
}
|
|
|
|
|
/**
|
|
|
|
|
* Gets `options` as an array of extra option strings.
|
|
|
|
|
*
|
|
|
|
|
* - throws an exception mentioning `pathInfo` if this conversion is impossible.
|
|
|
|
|
*/
|
|
|
|
|
function asExtraOptions(options, pathInfo) {
|
|
|
|
|
if (options === undefined) {
|
|
|
|
|
return [];
|
|
|
|
|
}
|
|
|
|
|
if (!Array.isArray(options)) {
|
|
|
|
|
const msg = `The extra options for '${pathInfo.join(".")}' ('${JSON.stringify(options)}') are not in an array.`;
|
|
|
|
|
throw new Error(msg);
|
|
|
|
|
}
|
|
|
|
|
return options.map((o) => {
|
|
|
|
|
const t = typeof o;
|
|
|
|
|
if (t !== "string" && t !== "number" && t !== "boolean") {
|
|
|
|
|
const msg = `The extra option for '${pathInfo.join(".")}' ('${JSON.stringify(o)}') is not a primitive value.`;
|
|
|
|
|
throw new Error(msg);
|
|
|
|
|
}
|
|
|
|
|
return `${o}`;
|
|
|
|
|
});
|
2020-08-10 09:25:14 +02:00
|
|
|
}
|
|
|
|
|
/**
|
|
|
|
|
* Gets the options for `path` of `options` as an array of extra option strings.
|
|
|
|
|
*
|
|
|
|
|
* - the special terminal step name '*' in `options` matches all path steps
|
|
|
|
|
* - throws an exception if this conversion is impossible.
|
2020-09-23 20:25:45 +08:00
|
|
|
*
|
|
|
|
|
* Exported for testing.
|
2020-08-10 09:25:14 +02:00
|
|
|
*/
|
2020-11-19 23:03:45 +01:00
|
|
|
function getExtraOptions(options, paths, pathInfo) {
|
2023-01-18 20:00:33 +00:00
|
|
|
const all = asExtraOptions(options?.["*"], pathInfo.concat("*"));
|
2020-11-19 23:03:45 +01:00
|
|
|
const specific = paths.length === 0
|
2020-09-14 10:44:43 +01:00
|
|
|
? asExtraOptions(options, pathInfo)
|
2023-01-18 20:00:33 +00:00
|
|
|
: getExtraOptions(options?.[paths[0]], paths?.slice(1), pathInfo.concat(paths[0]));
|
2020-08-10 09:25:14 +02:00
|
|
|
return all.concat(specific);
|
|
|
|
|
}
|
|
|
|
|
exports.getExtraOptions = getExtraOptions;
|
2021-06-24 17:30:42 +01:00
|
|
|
/*
|
|
|
|
|
* A constant defining the maximum number of characters we will keep from
|
|
|
|
|
* the programs stderr for logging. This serves two purposes:
|
|
|
|
|
* (1) It avoids an OOM if a program fails in a way that results it
|
|
|
|
|
* printing many log lines.
|
|
|
|
|
* (2) It avoids us hitting the limit of how much data we can send in our
|
|
|
|
|
* status reports on GitHub.com.
|
|
|
|
|
*/
|
|
|
|
|
const maxErrorSize = 20000;
|
2023-01-10 12:17:26 -08:00
|
|
|
async function runTool(cmd, args = [], opts = {}) {
|
2021-06-09 13:17:25 -07:00
|
|
|
let output = "";
|
2021-06-24 17:30:42 +01:00
|
|
|
let error = "";
|
2023-08-10 15:29:57 +01:00
|
|
|
process.stdout.write(`[command]${cmd} ${args.join(" ")}\n`);
|
2021-06-24 17:30:42 +01:00
|
|
|
const exitCode = await new toolrunner.ToolRunner(cmd, args, {
|
2023-07-28 12:04:12 +01:00
|
|
|
ignoreReturnCode: true,
|
2021-06-09 13:17:25 -07:00
|
|
|
listeners: {
|
|
|
|
|
stdout: (data) => {
|
2022-12-02 14:05:21 +01:00
|
|
|
output += data.toString("utf8");
|
2023-07-28 12:04:12 +01:00
|
|
|
if (!opts.noStreamStdout) {
|
|
|
|
|
process.stdout.write(data);
|
|
|
|
|
}
|
2021-06-09 13:17:25 -07:00
|
|
|
},
|
2021-06-24 17:30:42 +01:00
|
|
|
stderr: (data) => {
|
2022-12-02 14:05:21 +01:00
|
|
|
let readStartIndex = 0;
|
|
|
|
|
// If the error is too large, then we only take the last 20,000 characters
|
|
|
|
|
if (data.length - maxErrorSize > 0) {
|
|
|
|
|
// Eg: if we have 20,000 the start index should be 2.
|
|
|
|
|
readStartIndex = data.length - maxErrorSize + 1;
|
|
|
|
|
}
|
|
|
|
|
error += data.toString("utf8", readStartIndex);
|
2023-07-28 12:04:12 +01:00
|
|
|
// Mimic the standard behavior of the toolrunner by writing stderr to stdout
|
|
|
|
|
process.stdout.write(data);
|
2021-06-24 17:30:42 +01:00
|
|
|
},
|
2021-06-09 13:17:25 -07:00
|
|
|
},
|
2023-07-28 12:04:12 +01:00
|
|
|
silent: true,
|
2023-01-10 12:17:26 -08:00
|
|
|
...(opts.stdin ? { input: Buffer.from(opts.stdin || "") } : {}),
|
2021-06-09 13:17:25 -07:00
|
|
|
}).exec();
|
2023-07-20 18:31:37 +01:00
|
|
|
if (exitCode !== 0) {
|
2022-10-28 18:59:02 +01:00
|
|
|
throw new CommandInvocationError(cmd, args, exitCode, error, output);
|
2023-07-20 18:31:37 +01:00
|
|
|
}
|
2021-06-09 13:17:25 -07:00
|
|
|
return output;
|
|
|
|
|
}
|
2023-07-24 16:47:33 +01:00
|
|
|
/**
|
|
|
|
|
* Provide a better error message from the stderr of a CLI invocation that failed with a fatal
|
|
|
|
|
* error.
|
|
|
|
|
*
|
|
|
|
|
* - If the CLI invocation failed with a fatal error, this returns that fatal error, followed by
|
|
|
|
|
* any fatal errors that occurred in plumbing commands.
|
|
|
|
|
* - If the CLI invocation did not fail with a fatal error, this returns `undefined`.
|
|
|
|
|
*
|
|
|
|
|
* ### Example
|
|
|
|
|
*
|
|
|
|
|
* ```
|
|
|
|
|
* Running TRAP import for CodeQL database at /home/runner/work/_temp/codeql_databases/javascript...
|
|
|
|
|
* A fatal error occurred: Evaluator heap must be at least 384.00 MiB
|
|
|
|
|
* A fatal error occurred: Dataset import for
|
|
|
|
|
* /home/runner/work/_temp/codeql_databases/javascript/db-javascript failed with code 2
|
|
|
|
|
* ```
|
|
|
|
|
*
|
|
|
|
|
* becomes
|
|
|
|
|
*
|
|
|
|
|
* ```
|
|
|
|
|
* Encountered a fatal error while running "codeql-for-testing database finalize --finalize-dataset
|
|
|
|
|
* --threads=2 --ram=2048 db". Exit code was 32 and error was: A fatal error occurred: Dataset
|
|
|
|
|
* import for /home/runner/work/_temp/codeql_databases/javascript/db-javascript failed with code 2.
|
|
|
|
|
* Context: A fatal error occurred: Evaluator heap must be at least 384.00 MiB.
|
|
|
|
|
* ```
|
|
|
|
|
*
|
|
|
|
|
* Where possible, this tries to summarize the error into a single line, as this displays better in
|
|
|
|
|
* the Actions UI.
|
|
|
|
|
*/
|
2023-07-20 18:31:37 +01:00
|
|
|
function extractFatalErrors(error) {
|
|
|
|
|
const fatalErrorRegex = /.*fatal error occurred:/gi;
|
2023-07-21 14:39:30 +01:00
|
|
|
let fatalErrors = [];
|
2023-07-20 18:31:37 +01:00
|
|
|
let lastFatalErrorIndex;
|
|
|
|
|
let match;
|
|
|
|
|
while ((match = fatalErrorRegex.exec(error)) !== null) {
|
|
|
|
|
if (lastFatalErrorIndex !== undefined) {
|
2023-07-21 14:24:59 +01:00
|
|
|
fatalErrors.push(error.slice(lastFatalErrorIndex, match.index).trim());
|
2023-07-20 18:31:37 +01:00
|
|
|
}
|
|
|
|
|
lastFatalErrorIndex = match.index;
|
|
|
|
|
}
|
|
|
|
|
if (lastFatalErrorIndex !== undefined) {
|
2023-07-21 14:24:59 +01:00
|
|
|
const lastError = error.slice(lastFatalErrorIndex).trim();
|
|
|
|
|
if (fatalErrors.length === 0) {
|
|
|
|
|
// No other errors
|
|
|
|
|
return lastError;
|
|
|
|
|
}
|
2023-07-21 14:39:30 +01:00
|
|
|
const isOneLiner = !fatalErrors.some((e) => e.includes("\n"));
|
|
|
|
|
if (isOneLiner) {
|
|
|
|
|
fatalErrors = fatalErrors.map(ensureEndsInPeriod);
|
|
|
|
|
}
|
|
|
|
|
return [
|
|
|
|
|
ensureEndsInPeriod(lastError),
|
|
|
|
|
"Context:",
|
|
|
|
|
...fatalErrors.reverse(),
|
|
|
|
|
].join(isOneLiner ? " " : "\n");
|
2023-07-20 18:31:37 +01:00
|
|
|
}
|
|
|
|
|
return undefined;
|
|
|
|
|
}
|
2023-07-21 14:39:30 +01:00
|
|
|
function ensureEndsInPeriod(text) {
|
|
|
|
|
return text[text.length - 1] === "." ? text : `${text}.`;
|
|
|
|
|
}
|
2022-06-19 16:44:24 -07:00
|
|
|
/**
|
|
|
|
|
* If appropriate, generates a code scanning configuration that is to be used for a scan.
|
|
|
|
|
* If the configuration is not to be generated, returns undefined.
|
|
|
|
|
*
|
|
|
|
|
* @param codeql The CodeQL object to use.
|
|
|
|
|
* @param config The configuration to use.
|
|
|
|
|
* @returns the path to the generated user configuration file.
|
|
|
|
|
*/
|
2023-03-09 16:46:51 +00:00
|
|
|
async function generateCodeScanningConfig(codeql, config, features, logger) {
|
2023-07-19 15:57:59 +01:00
|
|
|
if (!(await (0, feature_flags_1.useCodeScanningConfigInCli)(codeql, features))) {
|
2022-06-19 16:44:24 -07:00
|
|
|
return;
|
|
|
|
|
}
|
2023-07-19 17:37:43 +01:00
|
|
|
const codeScanningConfigFile = getGeneratedCodeScanningConfigPath(config);
|
2022-06-19 16:44:24 -07:00
|
|
|
// make a copy so we can modify it
|
2022-08-11 09:56:08 -07:00
|
|
|
const augmentedConfig = cloneObject(config.originalUserInput);
|
2022-06-19 16:44:24 -07:00
|
|
|
// Inject the queries from the input
|
|
|
|
|
if (config.augmentationProperties.queriesInput) {
|
|
|
|
|
if (config.augmentationProperties.queriesInputCombines) {
|
|
|
|
|
augmentedConfig.queries = (augmentedConfig.queries || []).concat(config.augmentationProperties.queriesInput);
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
augmentedConfig.queries = config.augmentationProperties.queriesInput;
|
|
|
|
|
}
|
|
|
|
|
}
|
2023-01-18 20:00:33 +00:00
|
|
|
if (augmentedConfig.queries?.length === 0) {
|
2022-06-19 16:44:24 -07:00
|
|
|
delete augmentedConfig.queries;
|
|
|
|
|
}
|
|
|
|
|
// Inject the packs from the input
|
|
|
|
|
if (config.augmentationProperties.packsInput) {
|
|
|
|
|
if (config.augmentationProperties.packsInputCombines) {
|
|
|
|
|
// At this point, we already know that this is a single-language analysis
|
|
|
|
|
if (Array.isArray(augmentedConfig.packs)) {
|
|
|
|
|
augmentedConfig.packs = (augmentedConfig.packs || []).concat(config.augmentationProperties.packsInput);
|
|
|
|
|
}
|
|
|
|
|
else if (!augmentedConfig.packs) {
|
|
|
|
|
augmentedConfig.packs = config.augmentationProperties.packsInput;
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
// At this point, we know there is only one language.
|
|
|
|
|
// If there were more than one language, an error would already have been thrown.
|
|
|
|
|
const language = Object.keys(augmentedConfig.packs)[0];
|
|
|
|
|
augmentedConfig.packs[language] = augmentedConfig.packs[language].concat(config.augmentationProperties.packsInput);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
augmentedConfig.packs = config.augmentationProperties.packsInput;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (Array.isArray(augmentedConfig.packs) && !augmentedConfig.packs.length) {
|
|
|
|
|
delete augmentedConfig.packs;
|
|
|
|
|
}
|
2023-02-09 11:19:27 -08:00
|
|
|
logger.info(`Writing augmented user configuration file to ${codeScanningConfigFile}`);
|
2023-01-17 20:59:36 -08:00
|
|
|
logger.startGroup("Augmented user configuration file contents");
|
|
|
|
|
logger.info(yaml.dump(augmentedConfig));
|
|
|
|
|
logger.endGroup();
|
2023-02-09 11:19:27 -08:00
|
|
|
fs.writeFileSync(codeScanningConfigFile, yaml.dump(augmentedConfig));
|
|
|
|
|
return codeScanningConfigFile;
|
2022-06-19 16:44:24 -07:00
|
|
|
}
|
2022-08-11 09:56:08 -07:00
|
|
|
function cloneObject(obj) {
|
|
|
|
|
return JSON.parse(JSON.stringify(obj));
|
|
|
|
|
}
|
2023-03-07 18:03:58 +00:00
|
|
|
/**
|
|
|
|
|
* Gets arguments for passing the code scanning configuration file to interpretation commands like
|
|
|
|
|
* `codeql database interpret-results` and `codeql database export-diagnostics`.
|
|
|
|
|
*
|
|
|
|
|
* Returns an empty list if a code scanning configuration file was not generated by the CLI.
|
|
|
|
|
*/
|
2023-07-05 16:26:20 +01:00
|
|
|
async function getCodeScanningConfigExportArguments(config, codeql) {
|
2023-07-19 17:37:43 +01:00
|
|
|
const codeScanningConfigPath = getGeneratedCodeScanningConfigPath(config);
|
2023-03-07 18:03:58 +00:00
|
|
|
if (fs.existsSync(codeScanningConfigPath) &&
|
2023-07-05 16:26:20 +01:00
|
|
|
(await util.codeQlVersionAbove(codeql, exports.CODEQL_VERSION_EXPORT_CODE_SCANNING_CONFIG))) {
|
2023-03-07 18:03:58 +00:00
|
|
|
return ["--sarif-codescanning-config", codeScanningConfigPath];
|
|
|
|
|
}
|
|
|
|
|
return [];
|
|
|
|
|
}
|
2023-07-19 17:30:23 +01:00
|
|
|
// This constant sets the size of each TRAP cache in megabytes.
|
|
|
|
|
const TRAP_CACHE_SIZE_MB = 1024;
|
|
|
|
|
async function getTrapCachingExtractorConfigArgs(config) {
|
|
|
|
|
const result = [];
|
|
|
|
|
for (const language of config.languages)
|
|
|
|
|
result.push(await getTrapCachingExtractorConfigArgsForLang(config, language));
|
|
|
|
|
return result.flat();
|
|
|
|
|
}
|
|
|
|
|
exports.getTrapCachingExtractorConfigArgs = getTrapCachingExtractorConfigArgs;
|
|
|
|
|
async function getTrapCachingExtractorConfigArgsForLang(config, language) {
|
|
|
|
|
const cacheDir = config.trapCaches[language];
|
|
|
|
|
if (cacheDir === undefined)
|
|
|
|
|
return [];
|
|
|
|
|
const write = await (0, actions_util_1.isAnalyzingDefaultBranch)();
|
|
|
|
|
return [
|
|
|
|
|
`-O=${language}.trap.cache.dir=${cacheDir}`,
|
|
|
|
|
`-O=${language}.trap.cache.bound=${TRAP_CACHE_SIZE_MB}`,
|
|
|
|
|
`-O=${language}.trap.cache.write=${write}`,
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
exports.getTrapCachingExtractorConfigArgsForLang = getTrapCachingExtractorConfigArgsForLang;
|
2023-07-19 17:37:43 +01:00
|
|
|
/**
|
|
|
|
|
* Get the path to the code scanning configuration generated by the CLI.
|
|
|
|
|
*
|
|
|
|
|
* This will not exist if the configuration is being parsed in the Action.
|
|
|
|
|
*/
|
|
|
|
|
function getGeneratedCodeScanningConfigPath(config) {
|
|
|
|
|
return path.resolve(config.tempDir, "user-config.yaml");
|
|
|
|
|
}
|
|
|
|
|
exports.getGeneratedCodeScanningConfigPath = getGeneratedCodeScanningConfigPath;
|
2023-07-20 18:16:02 +01:00
|
|
|
function isNoCodeFoundError(e) {
|
|
|
|
|
/**
|
|
|
|
|
* Earlier versions of the JavaScript extractor (pre-CodeQL 2.12.0) extract externs even if no
|
|
|
|
|
* source code was found. This means that we don't get the no code found error from
|
|
|
|
|
* `codeql database finalize`. To ensure users get a good error message, we detect this manually
|
|
|
|
|
* here, and upon detection override the error message.
|
|
|
|
|
*
|
|
|
|
|
* This can be removed once support for CodeQL 2.11.6 is removed.
|
|
|
|
|
*/
|
|
|
|
|
const javascriptNoCodeFoundWarning = "No JavaScript or TypeScript code found.";
|
2023-10-06 15:53:15 +01:00
|
|
|
return e.exitCode === 32 || e.stderr.includes(javascriptNoCodeFoundWarning);
|
2023-07-20 18:16:02 +01:00
|
|
|
}
|
2023-08-03 22:22:31 +01:00
|
|
|
async function isDiagnosticsExportInvalidSarifFixed(codeql) {
|
|
|
|
|
return await util.codeQlVersionAbove(codeql, exports.CODEQL_VERSION_DIAGNOSTICS_EXPORT_FIXED);
|
|
|
|
|
}
|
2023-10-05 14:54:24 +01:00
|
|
|
async function getLanguageAliasingArguments(codeql) {
|
|
|
|
|
if (await util.codeQlVersionAbove(codeql, exports.CODEQL_VERSION_LANGUAGE_ALIASING)) {
|
|
|
|
|
return ["--extractor-include-aliases"];
|
|
|
|
|
}
|
|
|
|
|
return [];
|
|
|
|
|
}
|
2020-06-26 17:22:19 +01:00
|
|
|
//# sourceMappingURL=codeql.js.map
|
