actions/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action synced 2026-05-23 20:00:54 +03:00
Code Issues Packages Projects Releases Wiki Activity

Address minor review comments

Browse Source
This commit is contained in:
Michael B. Gale
2026-03-03 11:05:37 +00:00
parent b43d146e37
commit 1721ce7afd
9 changed files with 461 additions and 475 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lib/analyze-action.js
Generated
+127 -131
View File
@@ -103239,7 +103239,7 @@ var import_perf_hooks3 = require("perf_hooks");
var core14 = __toESM(require_core());
// src/actions-util.ts
var fs3 = __toESM(require("fs"));
var fs2 = __toESM(require("fs"));
var path2 = __toESM(require("path"));
var core4 = __toESM(require_core());
var toolrunner = __toESM(require_toolrunner());
@@ -103247,7 +103247,7 @@ var github = __toESM(require_github());
var io2 = __toESM(require_io());
// src/util.ts
var fs2 = __toESM(require("fs"));
var fs = __toESM(require("fs"));
var fsPromises = __toESM(require("fs/promises"));
var os = __toESM(require("os"));
var path = __toESM(require("path"));
@@ -105897,77 +105897,6 @@ var safeDump = renamed("safeDump", "dump");
// src/util.ts
var semver = __toESM(require_semver2());
// src/sarif/index.ts
var fs = __toESM(require("fs"));
var InvalidSarifUploadError = class extends Error {
};
function getToolNames(sarifFile) {
const toolNames = {};
for (const run2 of sarifFile.runs || []) {
const tool = run2.tool || {};
const driver = tool.driver || {};
if (typeof driver.name === "string" && driver.name.length > 0) {
toolNames[driver.name] = true;
}
}
return Object.keys(toolNames);
}
function readSarifFile(sarifFilePath) {
return JSON.parse(fs.readFileSync(sarifFilePath, "utf8"));
}
function combineSarifFiles(sarifFiles, logger) {
logger.info(`Loading SARIF file(s)`);
const combinedSarif = {
version: "2.1.0",
runs: []
};
for (const sarifFile of sarifFiles) {
logger.debug(`Loading SARIF file: ${sarifFile}`);
const sarifObject = readSarifFile(sarifFile);
if (combinedSarif.version === null) {
combinedSarif.version = sarifObject.version;
} else if (combinedSarif.version !== sarifObject.version) {
throw new InvalidSarifUploadError(
`Different SARIF versions encountered: ${combinedSarif.version} and ${sarifObject.version}`
);
}
combinedSarif.runs.push(...sarifObject.runs);
}
return combinedSarif;
}
function areAllRunsProducedByCodeQL(sarifObjects) {
return sarifObjects.every((sarifObject) => {
return sarifObject.runs?.every(
(run2) => run2.tool?.driver?.name === "CodeQL"
);
});
}
function createRunKey(run2) {
return {
name: run2.tool?.driver?.name,
fullName: run2.tool?.driver?.fullName,
version: run2.tool?.driver?.version,
semanticVersion: run2.tool?.driver?.semanticVersion,
guid: run2.tool?.driver?.guid,
automationId: run2.automationDetails?.id
};
}
function areAllRunsUnique(sarifObjects) {
const keys = /* @__PURE__ */ new Set();
for (const sarifObject of sarifObjects) {
for (const run2 of sarifObject.runs) {
const key = JSON.stringify(createRunKey(run2));
if (keys.has(key)) {
return false;
}
keys.add(key);
}
}
return true;
}
// src/util.ts
var BASE_DATABASE_OIDS_FILE_NAME = "base-database-oids.json";
var BROKEN_VERSIONS = ["0.0.0-20211207"];
var GITHUB_DOTCOM_URL = "https://github.com";
@@ -106039,13 +105968,13 @@ function getTotalMemoryBytes(logger) {
return limit;
}
function getCgroupMemoryLimitBytes(limitFile, logger) {
if (!fs2.existsSync(limitFile)) {
if (!fs.existsSync(limitFile)) {
logger.debug(
`While resolving RAM, did not find a cgroup memory limit at ${limitFile}.`
);
return void 0;
}
const limit = Number(fs2.readFileSync(limitFile, "utf8"));
const limit = Number(fs.readFileSync(limitFile, "utf8"));
if (!Number.isInteger(limit)) {
logger.debug(
`While resolving RAM, ignored the file ${limitFile} that may contain a cgroup memory limit as this file did not contain an integer.`
@@ -106119,13 +106048,13 @@ function getThreadsFlagValue(userInput, logger) {
return numThreads;
}
function getCgroupCpuCountFromCpuMax(cpuMaxFile, logger) {
if (!fs2.existsSync(cpuMaxFile)) {
if (!fs.existsSync(cpuMaxFile)) {
logger.debug(
`While resolving threads, did not find a cgroup CPU file at ${cpuMaxFile}.`
);
return void 0;
}
const cpuMaxString = fs2.readFileSync(cpuMaxFile, "utf-8");
const cpuMaxString = fs.readFileSync(cpuMaxFile, "utf-8");
const cpuMaxStringSplit = cpuMaxString.split(" ");
if (cpuMaxStringSplit.length !== 2) {
logger.debug(
@@ -106145,14 +106074,14 @@ function getCgroupCpuCountFromCpuMax(cpuMaxFile, logger) {
return cpuCount;
}
function getCgroupCpuCountFromCpus(cpusFile, logger) {
if (!fs2.existsSync(cpusFile)) {
if (!fs.existsSync(cpusFile)) {
logger.debug(
`While resolving threads, did not find a cgroup CPUs file at ${cpusFile}.`
);
return void 0;
}
let cpuCount = 0;
const cpusString = fs2.readFileSync(cpusFile, "utf-8").trim();
const cpusString = fs.readFileSync(cpusFile, "utf-8").trim();
if (cpusString.length === 0) {
return void 0;
}
@@ -106282,12 +106211,12 @@ function getBaseDatabaseOidsFilePath(config) {
async function bundleDb(config, language, codeql, dbName, { includeDiagnostics }) {
const databasePath = getCodeQLDatabasePath(config, language);
const databaseBundlePath = path.resolve(config.dbLocation, `${dbName}.zip`);
if (fs2.existsSync(databaseBundlePath)) {
await fs2.promises.rm(databaseBundlePath, { force: true });
if (fs.existsSync(databaseBundlePath)) {
await fs.promises.rm(databaseBundlePath, { force: true });
}
const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config);
const additionalFiles = [];
if (fs2.existsSync(baseDatabaseOidsFilePath)) {
if (fs.existsSync(baseDatabaseOidsFilePath)) {
await fsPromises.copyFile(
baseDatabaseOidsFilePath,
path.join(databasePath, BASE_DATABASE_OIDS_FILE_NAME)
@@ -106435,7 +106364,7 @@ function cloneObject(obj) {
async function cleanUpPath(file, name, logger) {
logger.debug(`Cleaning up ${name}.`);
try {
await fs2.promises.rm(file, {
await fs.promises.rm(file, {
force: true,
recursive: true
});
@@ -106498,7 +106427,7 @@ function getRelativeScriptPath() {
function getWorkflowEvent() {
const eventJsonFile = getRequiredEnvParam("GITHUB_EVENT_PATH");
try {
return JSON.parse(fs3.readFileSync(eventJsonFile, "utf-8"));
return JSON.parse(fs2.readFileSync(eventJsonFile, "utf-8"));
} catch (e) {
throw new Error(
`Unable to read workflow event JSON from ${eventJsonFile}: ${e}`
@@ -106744,7 +106673,7 @@ var SarifScanOrder = [
];
// src/analyze.ts
var fs13 = __toESM(require("fs"));
var fs12 = __toESM(require("fs"));
var path12 = __toESM(require("path"));
var import_perf_hooks2 = require("perf_hooks");
var io5 = __toESM(require_io());
@@ -107026,7 +106955,7 @@ function wrapApiConfigurationError(e) {
}
// src/codeql.ts
var fs12 = __toESM(require("fs"));
var fs11 = __toESM(require("fs"));
var path11 = __toESM(require("path"));
var core10 = __toESM(require_core());
var toolrunner3 = __toESM(require_toolrunner());
@@ -107274,7 +107203,7 @@ function wrapCliConfigurationError(cliError) {
}
// src/config-utils.ts
var fs7 = __toESM(require("fs"));
var fs6 = __toESM(require("fs"));
var path7 = __toESM(require("path"));
// src/caching-utils.ts
@@ -107412,11 +107341,11 @@ function writeDiagnostic(config, language, diagnostic) {
}
// src/diff-informed-analysis-utils.ts
var fs6 = __toESM(require("fs"));
var fs5 = __toESM(require("fs"));
var path6 = __toESM(require("path"));
// src/feature-flags.ts
var fs5 = __toESM(require("fs"));
var fs4 = __toESM(require("fs"));
var path5 = __toESM(require("path"));
var semver5 = __toESM(require_semver2());
@@ -107425,7 +107354,7 @@ var bundleVersion = "codeql-bundle-v2.24.2";
var cliVersion = "2.24.2";
// src/overlay/index.ts
var fs4 = __toESM(require("fs"));
var fs3 = __toESM(require("fs"));
var path4 = __toESM(require("path"));
var actionsCache = __toESM(require_cache5());
@@ -107636,12 +107565,12 @@ async function writeBaseDatabaseOidsFile(config, sourceRoot) {
const gitFileOids = await getFileOidsUnderPath(sourceRoot);
const gitFileOidsJson = JSON.stringify(gitFileOids);
const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config);
await fs4.promises.writeFile(baseDatabaseOidsFilePath, gitFileOidsJson);
await fs3.promises.writeFile(baseDatabaseOidsFilePath, gitFileOidsJson);
}
async function readBaseDatabaseOidsFile(config, logger) {
const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config);
try {
const contents = await fs4.promises.readFile(
const contents = await fs3.promises.readFile(
baseDatabaseOidsFilePath,
"utf-8"
);
@@ -107668,7 +107597,7 @@ async function writeOverlayChangesFile(config, sourceRoot, logger) {
logger.debug(
`Writing overlay changed files to ${overlayChangesFile}: ${changedFilesJson}`
);
await fs4.promises.writeFile(overlayChangesFile, changedFilesJson);
await fs3.promises.writeFile(overlayChangesFile, changedFilesJson);
return overlayChangesFile;
}
function computeChangedFiles(baseFileOids, overlayFileOids) {
@@ -107690,7 +107619,7 @@ var CACHE_PREFIX = "codeql-overlay-base-database";
var MAX_CACHE_OPERATION_MS = 6e5;
async function checkOverlayBaseDatabase(codeql, config, logger, warningPrefix) {
const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config);
if (!fs4.existsSync(baseDatabaseOidsFilePath)) {
if (!fs3.existsSync(baseDatabaseOidsFilePath)) {
logger.warning(
`${warningPrefix}: ${baseDatabaseOidsFilePath} does not exist`
);
@@ -108305,12 +108234,12 @@ var GitHubFeatureFlags = class {
}
async readLocalFlags() {
try {
if (fs5.existsSync(this.featureFlagsFile)) {
if (fs4.existsSync(this.featureFlagsFile)) {
this.logger.debug(
`Loading feature flags from ${this.featureFlagsFile}`
);
return JSON.parse(
fs5.readFileSync(this.featureFlagsFile, "utf8")
fs4.readFileSync(this.featureFlagsFile, "utf8")
);
}
} catch (e) {
@@ -108323,7 +108252,7 @@ var GitHubFeatureFlags = class {
async writeLocalFlags(flags) {
try {
this.logger.debug(`Writing feature flags to ${this.featureFlagsFile}`);
fs5.writeFileSync(this.featureFlagsFile, JSON.stringify(flags));
fs4.writeFileSync(this.featureFlagsFile, JSON.stringify(flags));
} catch (e) {
this.logger.warning(
`Error writing cached feature flags file ${this.featureFlagsFile}: ${e}.`
@@ -108416,7 +108345,7 @@ function getDiffRangesJsonFilePath() {
function writeDiffRangesJsonFile(logger, ranges) {
const jsonContents = JSON.stringify(ranges, null, 2);
const jsonFilePath = getDiffRangesJsonFilePath();
fs6.writeFileSync(jsonFilePath, jsonContents);
fs5.writeFileSync(jsonFilePath, jsonContents);
logger.debug(
`Wrote pr-diff-range JSON file to ${jsonFilePath}:
${jsonContents}`
@@ -108424,11 +108353,11 @@ ${jsonContents}`
}
function readDiffRangesJsonFile(logger) {
const jsonFilePath = getDiffRangesJsonFilePath();
if (!fs6.existsSync(jsonFilePath)) {
if (!fs5.existsSync(jsonFilePath)) {
logger.debug(`Diff ranges JSON file does not exist at ${jsonFilePath}`);
return void 0;
}
const jsonContents = fs6.readFileSync(jsonFilePath, "utf8");
const jsonContents = fs5.readFileSync(jsonFilePath, "utf8");
logger.debug(
`Read pr-diff-range JSON file from ${jsonFilePath}:
${jsonContents}`
@@ -108707,10 +108636,10 @@ function getPathToParsedConfigFile(tempDir) {
}
async function getConfig(tempDir, logger) {
const configFile = getPathToParsedConfigFile(tempDir);
if (!fs7.existsSync(configFile)) {
if (!fs6.existsSync(configFile)) {
return void 0;
}
const configString = fs7.readFileSync(configFile, "utf8");
const configString = fs6.readFileSync(configFile, "utf8");
logger.debug("Loaded config:");
logger.debug(configString);
const config = JSON.parse(configString);
@@ -108761,7 +108690,7 @@ function getPrimaryAnalysisConfig(config) {
}
// src/setup-codeql.ts
var fs10 = __toESM(require("fs"));
var fs9 = __toESM(require("fs"));
var path9 = __toESM(require("path"));
var toolcache3 = __toESM(require_tool_cache());
var import_fast_deep_equal = __toESM(require_fast_deep_equal());
@@ -108823,7 +108752,7 @@ var v4_default = v4;
// src/tar.ts
var import_child_process = require("child_process");
var fs8 = __toESM(require("fs"));
var fs7 = __toESM(require("fs"));
var stream = __toESM(require("stream"));
var import_toolrunner = __toESM(require_toolrunner());
var io4 = __toESM(require_io());
@@ -108896,7 +108825,7 @@ async function isZstdAvailable(logger) {
}
}
async function extract(tarPath, dest, compressionMethod, tarVersion, logger) {
fs8.mkdirSync(dest, { recursive: true });
fs7.mkdirSync(dest, { recursive: true });
switch (compressionMethod) {
case "gzip":
return await toolcache.extractTar(tarPath, dest);
@@ -108980,7 +108909,7 @@ function inferCompressionMethod(tarPath) {
}
// src/tools-download.ts
var fs9 = __toESM(require("fs"));
var fs8 = __toESM(require("fs"));
var os2 = __toESM(require("os"));
var path8 = __toESM(require("path"));
var import_perf_hooks = require("perf_hooks");
@@ -109087,7 +109016,7 @@ async function downloadAndExtract(codeqlURL, compressionMethod, dest, authorizat
};
}
async function downloadAndExtractZstdWithStreaming(codeqlURL, dest, authorization, headers, tarVersion, logger) {
fs9.mkdirSync(dest, { recursive: true });
fs8.mkdirSync(dest, { recursive: true });
const agent = new import_http_client.HttpClient().getAgent(codeqlURL);
headers = Object.assign(
{ "User-Agent": "CodeQL Action" },
@@ -109124,7 +109053,7 @@ function getToolcacheDirectory(version) {
}
function writeToolcacheMarkerFile(extractedPath, logger) {
const markerFilePath = `${extractedPath}.complete`;
fs9.writeFileSync(markerFilePath, "");
fs8.writeFileSync(markerFilePath, "");
logger.info(`Created toolcache marker file ${markerFilePath}`);
}
function sanitizeUrlForStatusReport(url2) {
@@ -109259,7 +109188,7 @@ async function findOverridingToolsInCache(humanReadableVersion, logger) {
const candidates = toolcache3.findAllVersions("CodeQL").filter(isGoodVersion).map((version) => ({
folder: toolcache3.find("CodeQL", version),
version
})).filter(({ folder }) => fs10.existsSync(path9.join(folder, "pinned-version")));
})).filter(({ folder }) => fs9.existsSync(path9.join(folder, "pinned-version")));
if (candidates.length === 1) {
const candidate = candidates[0];
logger.debug(
@@ -109706,7 +109635,7 @@ function isReservedToolsValue(tools) {
}
// src/tracer-config.ts
var fs11 = __toESM(require("fs"));
var fs10 = __toESM(require("fs"));
var path10 = __toESM(require("path"));
async function shouldEnableIndirectTracing(codeql, config) {
if (config.buildMode === "none" /* None */) {
@@ -109726,14 +109655,14 @@ async function endTracingForCluster(codeql, config, logger) {
config.dbLocation,
"temp/tracingEnvironment/end-tracing.json"
);
if (!fs11.existsSync(envVariablesFile)) {
if (!fs10.existsSync(envVariablesFile)) {
throw new Error(
`Environment file for ending tracing not found: ${envVariablesFile}`
);
}
try {
const endTracingEnvVariables = JSON.parse(
fs11.readFileSync(envVariablesFile, "utf8")
fs10.readFileSync(envVariablesFile, "utf8")
);
for (const [key, value] of Object.entries(endTracingEnvVariables)) {
if (value !== null) {
@@ -109846,7 +109775,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
"tools",
"tracing-config.lua"
);
return fs12.existsSync(tracingConfigPath);
return fs11.existsSync(tracingConfigPath);
},
async isScannedLanguage(language) {
return !await this.isTracedLanguage(language);
@@ -110326,7 +110255,7 @@ async function writeCodeScanningConfigFile(config, logger) {
logger.startGroup("Augmented user configuration file contents");
logger.info(dump(augmentedConfig));
logger.endGroup();
fs12.writeFileSync(codeScanningConfigFile, dump(augmentedConfig));
fs11.writeFileSync(codeScanningConfigFile, dump(augmentedConfig));
return codeScanningConfigFile;
}
var TRAP_CACHE_SIZE_MB = 1024;
@@ -110673,7 +110602,7 @@ function dbIsFinalized(config, language, logger) {
const dbPath = getCodeQLDatabasePath(config, language);
try {
const dbInfo = load(
fs13.readFileSync(path12.resolve(dbPath, "codeql-database.yml"), "utf8")
fs12.readFileSync(path12.resolve(dbPath, "codeql-database.yml"), "utf8")
);
return !("inProgress" in dbInfo);
} catch {
@@ -110740,8 +110669,8 @@ function writeDiffRangeDataExtensionPack(logger, ranges) {
ranges = [{ path: "", startLine: 0, endLine: 0 }];
}
const diffRangeDir = path12.join(getTemporaryDirectory(), "pr-diff-range");
fs13.mkdirSync(diffRangeDir, { recursive: true });
fs13.writeFileSync(
fs12.mkdirSync(diffRangeDir, { recursive: true });
fs12.writeFileSync(
path12.join(diffRangeDir, "qlpack.yml"),
`
name: codeql-action/pr-diff-range
@@ -110775,7 +110704,7 @@ extensions:
}
const extensionContents = header + data;
const extensionFilePath = path12.join(diffRangeDir, "pr-diff-range.yml");
fs13.writeFileSync(extensionFilePath, extensionContents);
fs12.writeFileSync(extensionFilePath, extensionContents);
logger.debug(
`Wrote pr-diff-range extension pack to ${extensionFilePath}:
${extensionContents}`
@@ -110928,7 +110857,7 @@ async function runQueries(sarifFolder, memoryFlag, threadsFlag, diffRangePackDir
}
function getPerQueryAlertCounts(sarifPath) {
const sarifObject = JSON.parse(
fs13.readFileSync(sarifPath, "utf8")
fs12.readFileSync(sarifPath, "utf8")
);
const perQueryAlertCounts = {};
for (const sarifRun of sarifObject.runs) {
@@ -110946,13 +110875,13 @@ async function runQueries(sarifFolder, memoryFlag, threadsFlag, diffRangePackDir
}
async function runFinalize(features, outputDir, threadsFlag, memoryFlag, codeql, config, logger) {
try {
await fs13.promises.rm(outputDir, { force: true, recursive: true });
await fs12.promises.rm(outputDir, { force: true, recursive: true });
} catch (error3) {
if (error3?.code !== "ENOENT") {
throw error3;
}
}
await fs13.promises.mkdir(outputDir, { recursive: true });
await fs12.promises.mkdir(outputDir, { recursive: true });
const timings = await finalizeDatabaseCreation(
codeql,
features,
@@ -110996,7 +110925,7 @@ async function warnIfGoInstalledAfterInit(config, logger) {
}
// src/database-upload.ts
var fs14 = __toESM(require("fs"));
var fs13 = __toESM(require("fs"));
async function cleanupAndUploadDatabases(repositoryNwo, codeql, config, apiDetails, features, logger) {
if (getRequiredInput("upload-database") !== "true") {
logger.debug("Database upload disabled in workflow. Skipping upload.");
@@ -111039,8 +110968,8 @@ async function cleanupAndUploadDatabases(repositoryNwo, codeql, config, apiDetai
const bundledDb = await bundleDb(config, language, codeql, language, {
includeDiagnostics: false
});
bundledDbSize = fs14.statSync(bundledDb).size;
const bundledDbReadStream = fs14.createReadStream(bundledDb);
bundledDbSize = fs13.statSync(bundledDb).size;
const bundledDbReadStream = fs13.createReadStream(bundledDb);
const commitOid = await getCommitOid(
getRequiredInput("checkout_path")
);
@@ -111304,7 +111233,7 @@ var core13 = __toESM(require_core());
var jsonschema2 = __toESM(require_lib2());
// src/fingerprints.ts
var fs15 = __toESM(require("fs"));
var fs14 = __toESM(require("fs"));
var import_path3 = __toESM(require("path"));
// node_modules/long/index.js
@@ -112292,7 +112221,7 @@ async function hash(callback, filepath) {
}
updateHash(current);
};
const readStream = fs15.createReadStream(filepath, "utf8");
const readStream = fs14.createReadStream(filepath, "utf8");
for await (const data of readStream) {
for (let i = 0; i < data.length; ++i) {
processCharacter(data.charCodeAt(i));
@@ -112367,11 +112296,11 @@ function resolveUriToFile(location, artifacts, sourceRoot, logger) {
if (!import_path3.default.isAbsolute(uri)) {
uri = srcRootPrefix + uri;
}
if (!fs15.existsSync(uri)) {
if (!fs14.existsSync(uri)) {
logger.debug(`Unable to compute fingerprint for non-existent file: ${uri}`);
return void 0;
}
if (fs15.statSync(uri).isDirectory()) {
if (fs14.statSync(uri).isDirectory()) {
logger.debug(`Unable to compute fingerprint for directory: ${uri}`);
return void 0;
}
@@ -112457,6 +112386,73 @@ async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVe
};
}
// src/sarif/index.ts
var fs15 = __toESM(require("fs"));
var InvalidSarifUploadError = class extends Error {
};
function getToolNames(sarifFile) {
const toolNames = {};
for (const run2 of sarifFile.runs || []) {
const tool = run2.tool || {};
const driver = tool.driver || {};
if (typeof driver.name === "string" && driver.name.length > 0) {
toolNames[driver.name] = true;
}
}
return Object.keys(toolNames);
}
function readSarifFile(sarifFilePath) {
return JSON.parse(fs15.readFileSync(sarifFilePath, "utf8"));
}
function combineSarifFiles(sarifFiles, logger) {
logger.info(`Loading SARIF file(s)`);
const combinedSarif = {
version: "2.1.0",
runs: []
};
for (const sarifFile of sarifFiles) {
logger.debug(`Loading SARIF file: ${sarifFile}`);
const sarifObject = readSarifFile(sarifFile);
if (combinedSarif.version === null) {
combinedSarif.version = sarifObject.version;
} else if (combinedSarif.version !== sarifObject.version) {
throw new InvalidSarifUploadError(
`Different SARIF versions encountered: ${combinedSarif.version} and ${sarifObject.version}`
);
}
combinedSarif.runs.push(...sarifObject.runs);
}
return combinedSarif;
}
function areAllRunsProducedByCodeQL(sarifLogs) {
return sarifLogs.every((sarifLog) => {
return sarifLog.runs?.every((run2) => run2.tool?.driver?.name === "CodeQL");
});
}
function createRunKey(run2) {
return {
name: run2.tool?.driver?.name,
fullName: run2.tool?.driver?.fullName,
version: run2.tool?.driver?.version,
semanticVersion: run2.tool?.driver?.semanticVersion,
guid: run2.tool?.driver?.guid,
automationId: run2.automationDetails?.id
};
}
function areAllRunsUnique(sarifLogs) {
const keys = /* @__PURE__ */ new Set();
for (const sarifLog of sarifLogs) {
for (const run2 of sarifLog.runs) {
const key = JSON.stringify(createRunKey(run2));
if (keys.has(key)) {
return false;
}
keys.add(key);
}
}
return true;
}
// src/upload-lib.ts
var GENERIC_403_MSG = "The repo on which this action is running has not opted-in to CodeQL code scanning.";
var GENERIC_404_MSG = "The CodeQL code scanning feature is forbidden on this repository.";
@@ -112694,7 +112690,7 @@ function countResultsInSarif(sarifLog) {
}
return numResults;
}
function readSarifFile2(sarifFilePath) {
function readSarifFileOrThrow(sarifFilePath) {
try {
return readSarifFile(sarifFilePath);
} catch (e) {
@@ -112780,7 +112776,7 @@ async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths,
category = analysis.fixCategory(logger, category);
if (sarifPaths.length > 1) {
for (const sarifPath of sarifPaths) {
const parsedSarif = readSarifFile2(sarifPath);
const parsedSarif = readSarifFileOrThrow(sarifPath);
validateSarifFileSchema(parsedSarif, sarifPath, logger);
}
sarifLog = await combineSarifFilesUsingCLI(
@@ -112791,7 +112787,7 @@ async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths,
);
} else {
const sarifPath = sarifPaths[0];
sarifLog = readSarifFile2(sarifPath);
sarifLog = readSarifFileOrThrow(sarifPath);
validateSarifFileSchema(sarifLog, sarifPath, logger);
await throwIfCombineSarifFilesDisabled([sarifLog], gitHubVersion);
}
lib/init-action-post.js
Generated
+130 -132
View File
@@ -161339,7 +161339,7 @@ var require_sarif_schema_2_1_0 = __commonJS({
var core16 = __toESM(require_core());
// src/actions-util.ts
var fs3 = __toESM(require("fs"));
var fs2 = __toESM(require("fs"));
var path2 = __toESM(require("path"));
var core4 = __toESM(require_core());
var toolrunner = __toESM(require_toolrunner());
@@ -161347,7 +161347,7 @@ var github = __toESM(require_github());
var io2 = __toESM(require_io());
// src/util.ts
var fs2 = __toESM(require("fs"));
var fs = __toESM(require("fs"));
var fsPromises = __toESM(require("fs/promises"));
var path = __toESM(require("path"));
var core3 = __toESM(require_core());
@@ -164001,75 +164001,6 @@ var semver = __toESM(require_semver2());
var maximumVersion = "3.20";
var minimumVersion = "3.14";
// src/sarif/index.ts
var fs = __toESM(require("fs"));
var InvalidSarifUploadError = class extends Error {
};
function getToolNames(sarifFile) {
const toolNames = {};
for (const run3 of sarifFile.runs || []) {
const tool = run3.tool || {};
const driver = tool.driver || {};
if (typeof driver.name === "string" && driver.name.length > 0) {
toolNames[driver.name] = true;
}
}
return Object.keys(toolNames);
}
function readSarifFile(sarifFilePath) {
return JSON.parse(fs.readFileSync(sarifFilePath, "utf8"));
}
function combineSarifFiles(sarifFiles, logger) {
logger.info(`Loading SARIF file(s)`);
const combinedSarif = {
version: "2.1.0",
runs: []
};
for (const sarifFile of sarifFiles) {
logger.debug(`Loading SARIF file: ${sarifFile}`);
const sarifObject = readSarifFile(sarifFile);
if (combinedSarif.version === null) {
combinedSarif.version = sarifObject.version;
} else if (combinedSarif.version !== sarifObject.version) {
throw new InvalidSarifUploadError(
`Different SARIF versions encountered: ${combinedSarif.version} and ${sarifObject.version}`
);
}
combinedSarif.runs.push(...sarifObject.runs);
}
return combinedSarif;
}
function areAllRunsProducedByCodeQL(sarifObjects) {
return sarifObjects.every((sarifObject) => {
return sarifObject.runs?.every(
(run3) => run3.tool?.driver?.name === "CodeQL"
);
});
}
function createRunKey(run3) {
return {
name: run3.tool?.driver?.name,
fullName: run3.tool?.driver?.fullName,
version: run3.tool?.driver?.version,
semanticVersion: run3.tool?.driver?.semanticVersion,
guid: run3.tool?.driver?.guid,
automationId: run3.automationDetails?.id
};
}
function areAllRunsUnique(sarifObjects) {
const keys = /* @__PURE__ */ new Set();
for (const sarifObject of sarifObjects) {
for (const run3 of sarifObject.runs) {
const key = JSON.stringify(createRunKey(run3));
if (keys.has(key)) {
return false;
}
keys.add(key);
}
}
return true;
}
// src/util.ts
var BASE_DATABASE_OIDS_FILE_NAME = "base-database-oids.json";
var BROKEN_VERSIONS = ["0.0.0-20211207"];
@@ -164210,12 +164141,12 @@ function getBaseDatabaseOidsFilePath(config) {
async function bundleDb(config, language, codeql, dbName, { includeDiagnostics }) {
const databasePath = getCodeQLDatabasePath(config, language);
const databaseBundlePath = path.resolve(config.dbLocation, `${dbName}.zip`);
if (fs2.existsSync(databaseBundlePath)) {
await fs2.promises.rm(databaseBundlePath, { force: true });
if (fs.existsSync(databaseBundlePath)) {
await fs.promises.rm(databaseBundlePath, { force: true });
}
const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config);
const additionalFiles = [];
if (fs2.existsSync(baseDatabaseOidsFilePath)) {
if (fs.existsSync(baseDatabaseOidsFilePath)) {
await fsPromises.copyFile(
baseDatabaseOidsFilePath,
path.join(databasePath, BASE_DATABASE_OIDS_FILE_NAME)
@@ -164258,7 +164189,7 @@ function getTestingEnvironment() {
}
function doesDirectoryExist(dirPath) {
try {
const stats = fs2.lstatSync(dirPath);
const stats = fs.lstatSync(dirPath);
return stats.isDirectory();
} catch {
return false;
@@ -164268,7 +164199,7 @@ function listFolder(dir) {
if (!doesDirectoryExist(dir)) {
return [];
}
const entries = fs2.readdirSync(dir, { withFileTypes: true });
const entries = fs.readdirSync(dir, { withFileTypes: true });
let files = [];
for (const entry of entries) {
if (entry.isFile()) {
@@ -164351,7 +164282,7 @@ function cloneObject(obj) {
async function cleanUpPath(file, name, logger) {
logger.debug(`Cleaning up ${name}.`);
try {
await fs2.promises.rm(file, {
await fs.promises.rm(file, {
force: true,
recursive: true
});
@@ -164409,7 +164340,7 @@ function getRelativeScriptPath() {
function getWorkflowEvent() {
const eventJsonFile = getRequiredEnvParam("GITHUB_EVENT_PATH");
try {
return JSON.parse(fs3.readFileSync(eventJsonFile, "utf-8"));
return JSON.parse(fs2.readFileSync(eventJsonFile, "utf-8"));
} catch (e) {
throw new Error(
`Unable to read workflow event JSON from ${eventJsonFile}: ${e}`
@@ -164425,7 +164356,7 @@ async function printDebugLogs(config) {
continue;
}
const walkLogFiles = (dir) => {
const entries = fs3.readdirSync(dir, { withFileTypes: true });
const entries = fs2.readdirSync(dir, { withFileTypes: true });
if (entries.length === 0) {
core4.info(`No debug logs found at directory ${logsDirectory}.`);
}
@@ -164435,7 +164366,7 @@ async function printDebugLogs(config) {
core4.startGroup(
`CodeQL Debug Logs - ${language} - ${entry.name} from file at path ${absolutePath}`
);
process.stdout.write(fs3.readFileSync(absolutePath));
process.stdout.write(fs2.readFileSync(absolutePath));
core4.endGroup();
} else if (entry.isDirectory()) {
walkLogFiles(path2.resolve(dir, entry.name));
@@ -164856,7 +164787,7 @@ function wrapApiConfigurationError(e) {
var core6 = __toESM(require_core());
// src/codeql.ts
var fs12 = __toESM(require("fs"));
var fs11 = __toESM(require("fs"));
var path11 = __toESM(require("path"));
var core10 = __toESM(require_core());
var toolrunner3 = __toESM(require_toolrunner());
@@ -165104,7 +165035,7 @@ function wrapCliConfigurationError(cliError) {
}
// src/config-utils.ts
var fs8 = __toESM(require("fs"));
var fs7 = __toESM(require("fs"));
var path8 = __toESM(require("path"));
// src/analyses.ts
@@ -165278,11 +165209,11 @@ function writeDiagnostic(config, language, diagnostic) {
}
// src/diff-informed-analysis-utils.ts
var fs6 = __toESM(require("fs"));
var fs5 = __toESM(require("fs"));
var path6 = __toESM(require("path"));
// src/feature-flags.ts
var fs5 = __toESM(require("fs"));
var fs4 = __toESM(require("fs"));
var path5 = __toESM(require("path"));
var semver5 = __toESM(require_semver2());
@@ -165291,7 +165222,7 @@ var bundleVersion = "codeql-bundle-v2.24.2";
var cliVersion = "2.24.2";
// src/overlay/index.ts
var fs4 = __toESM(require("fs"));
var fs3 = __toESM(require("fs"));
var path4 = __toESM(require("path"));
var actionsCache = __toESM(require_cache5());
@@ -165502,12 +165433,12 @@ async function writeBaseDatabaseOidsFile(config, sourceRoot) {
const gitFileOids = await getFileOidsUnderPath(sourceRoot);
const gitFileOidsJson = JSON.stringify(gitFileOids);
const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config);
await fs4.promises.writeFile(baseDatabaseOidsFilePath, gitFileOidsJson);
await fs3.promises.writeFile(baseDatabaseOidsFilePath, gitFileOidsJson);
}
async function readBaseDatabaseOidsFile(config, logger) {
const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config);
try {
const contents = await fs4.promises.readFile(
const contents = await fs3.promises.readFile(
baseDatabaseOidsFilePath,
"utf-8"
);
@@ -165534,7 +165465,7 @@ async function writeOverlayChangesFile(config, sourceRoot, logger) {
logger.debug(
`Writing overlay changed files to ${overlayChangesFile}: ${changedFilesJson}`
);
await fs4.promises.writeFile(overlayChangesFile, changedFilesJson);
await fs3.promises.writeFile(overlayChangesFile, changedFilesJson);
return overlayChangesFile;
}
function computeChangedFiles(baseFileOids, overlayFileOids) {
@@ -166040,12 +165971,12 @@ var GitHubFeatureFlags = class {
}
async readLocalFlags() {
try {
if (fs5.existsSync(this.featureFlagsFile)) {
if (fs4.existsSync(this.featureFlagsFile)) {
this.logger.debug(
`Loading feature flags from ${this.featureFlagsFile}`
);
return JSON.parse(
fs5.readFileSync(this.featureFlagsFile, "utf8")
fs4.readFileSync(this.featureFlagsFile, "utf8")
);
}
} catch (e) {
@@ -166058,7 +165989,7 @@ var GitHubFeatureFlags = class {
async writeLocalFlags(flags) {
try {
this.logger.debug(`Writing feature flags to ${this.featureFlagsFile}`);
fs5.writeFileSync(this.featureFlagsFile, JSON.stringify(flags));
fs4.writeFileSync(this.featureFlagsFile, JSON.stringify(flags));
} catch (e) {
this.logger.warning(
`Error writing cached feature flags file ${this.featureFlagsFile}: ${e}.`
@@ -166134,11 +166065,11 @@ function getDiffRangesJsonFilePath() {
}
function readDiffRangesJsonFile(logger) {
const jsonFilePath = getDiffRangesJsonFilePath();
if (!fs6.existsSync(jsonFilePath)) {
if (!fs5.existsSync(jsonFilePath)) {
logger.debug(`Diff ranges JSON file does not exist at ${jsonFilePath}`);
return void 0;
}
const jsonContents = fs6.readFileSync(jsonFilePath, "utf8");
const jsonContents = fs5.readFileSync(jsonFilePath, "utf8");
logger.debug(
`Read pr-diff-range JSON file from ${jsonFilePath}:
${jsonContents}`
@@ -166147,7 +166078,7 @@ ${jsonContents}`
}
// src/overlay/status.ts
var fs7 = __toESM(require("fs"));
var fs6 = __toESM(require("fs"));
var path7 = __toESM(require("path"));
var actionsCache2 = __toESM(require_cache5());
var MAX_CACHE_OPERATION_MS = 3e4;
@@ -166164,8 +166095,8 @@ async function saveOverlayStatus(codeql, languages, diskUsage, status, logger) {
const cacheKey = await getCacheKey(codeql, languages, diskUsage);
const statusFile = getStatusFilePath(languages);
try {
await fs7.promises.mkdir(path7.dirname(statusFile), { recursive: true });
await fs7.promises.writeFile(statusFile, JSON.stringify(status));
await fs6.promises.mkdir(path7.dirname(statusFile), { recursive: true });
await fs6.promises.writeFile(statusFile, JSON.stringify(status));
const cacheId = await waitForResultWithTimeLimit(
MAX_CACHE_OPERATION_MS,
actionsCache2.saveCache([statusFile], cacheKey),
@@ -166228,10 +166159,10 @@ function getPathToParsedConfigFile(tempDir) {
}
async function getConfig(tempDir, logger) {
const configFile = getPathToParsedConfigFile(tempDir);
if (!fs8.existsSync(configFile)) {
if (!fs7.existsSync(configFile)) {
return void 0;
}
const configString = fs8.readFileSync(configFile, "utf8");
const configString = fs7.readFileSync(configFile, "utf8");
logger.debug("Loaded config:");
logger.debug(configString);
const config = JSON.parse(configString);
@@ -166270,7 +166201,7 @@ function isCodeScanningEnabled(config) {
}
// src/setup-codeql.ts
var fs11 = __toESM(require("fs"));
var fs10 = __toESM(require("fs"));
var path10 = __toESM(require("path"));
var toolcache3 = __toESM(require_tool_cache());
var import_fast_deep_equal = __toESM(require_fast_deep_equal());
@@ -166332,7 +166263,7 @@ var v4_default = v4;
// src/tar.ts
var import_child_process = require("child_process");
var fs9 = __toESM(require("fs"));
var fs8 = __toESM(require("fs"));
var stream = __toESM(require("stream"));
var import_toolrunner = __toESM(require_toolrunner());
var io4 = __toESM(require_io());
@@ -166405,7 +166336,7 @@ async function isZstdAvailable(logger) {
}
}
async function extract(tarPath, dest, compressionMethod, tarVersion, logger) {
fs9.mkdirSync(dest, { recursive: true });
fs8.mkdirSync(dest, { recursive: true });
switch (compressionMethod) {
case "gzip":
return await toolcache.extractTar(tarPath, dest);
@@ -166489,7 +166420,7 @@ function inferCompressionMethod(tarPath) {
}
// src/tools-download.ts
var fs10 = __toESM(require("fs"));
var fs9 = __toESM(require("fs"));
var os = __toESM(require("os"));
var path9 = __toESM(require("path"));
var import_perf_hooks = require("perf_hooks");
@@ -166596,7 +166527,7 @@ async function downloadAndExtract(codeqlURL, compressionMethod, dest, authorizat
};
}
async function downloadAndExtractZstdWithStreaming(codeqlURL, dest, authorization, headers, tarVersion, logger) {
fs10.mkdirSync(dest, { recursive: true });
fs9.mkdirSync(dest, { recursive: true });
const agent = new import_http_client.HttpClient().getAgent(codeqlURL);
headers = Object.assign(
{ "User-Agent": "CodeQL Action" },
@@ -166633,7 +166564,7 @@ function getToolcacheDirectory(version) {
}
function writeToolcacheMarkerFile(extractedPath, logger) {
const markerFilePath = `${extractedPath}.complete`;
fs10.writeFileSync(markerFilePath, "");
fs9.writeFileSync(markerFilePath, "");
logger.info(`Created toolcache marker file ${markerFilePath}`);
}
function sanitizeUrlForStatusReport(url2) {
@@ -166768,7 +166699,7 @@ async function findOverridingToolsInCache(humanReadableVersion, logger) {
const candidates = toolcache3.findAllVersions("CodeQL").filter(isGoodVersion).map((version) => ({
folder: toolcache3.find("CodeQL", version),
version
})).filter(({ folder }) => fs11.existsSync(path10.join(folder, "pinned-version")));
})).filter(({ folder }) => fs10.existsSync(path10.join(folder, "pinned-version")));
if (candidates.length === 1) {
const candidate = candidates[0];
logger.debug(
@@ -167322,7 +167253,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
"tools",
"tracing-config.lua"
);
return fs12.existsSync(tracingConfigPath);
return fs11.existsSync(tracingConfigPath);
},
async isScannedLanguage(language) {
return !await this.isTracedLanguage(language);
@@ -167802,7 +167733,7 @@ async function writeCodeScanningConfigFile(config, logger) {
logger.startGroup("Augmented user configuration file contents");
logger.info(dump(augmentedConfig));
logger.endGroup();
fs12.writeFileSync(codeScanningConfigFile, dump(augmentedConfig));
fs11.writeFileSync(codeScanningConfigFile, dump(augmentedConfig));
return codeScanningConfigFile;
}
var TRAP_CACHE_SIZE_MB = 1024;
@@ -167846,7 +167777,7 @@ async function getJobRunUuidSarifOptions(codeql) {
}
// src/debug-artifacts.ts
var fs15 = __toESM(require("fs"));
var fs14 = __toESM(require("fs"));
var path14 = __toESM(require("path"));
var artifact = __toESM(require_artifact2());
var artifactLegacy = __toESM(require_artifact_client2());
@@ -167854,7 +167785,7 @@ var core12 = __toESM(require_core());
var import_archiver = __toESM(require_archiver());
// src/analyze.ts
var fs13 = __toESM(require("fs"));
var fs12 = __toESM(require("fs"));
var path12 = __toESM(require("path"));
var io5 = __toESM(require_io());
@@ -167886,7 +167817,7 @@ function dbIsFinalized(config, language, logger) {
const dbPath = getCodeQLDatabasePath(config, language);
try {
const dbInfo = load(
fs13.readFileSync(path12.resolve(dbPath, "codeql-database.yml"), "utf8")
fs12.readFileSync(path12.resolve(dbPath, "codeql-database.yml"), "utf8")
);
return !("inProgress" in dbInfo);
} catch {
@@ -167898,7 +167829,7 @@ function dbIsFinalized(config, language, logger) {
}
// src/artifact-scanner.ts
var fs14 = __toESM(require("fs"));
var fs13 = __toESM(require("fs"));
var os2 = __toESM(require("os"));
var path13 = __toESM(require("path"));
var exec = __toESM(require_exec());
@@ -167937,7 +167868,7 @@ var GITHUB_TOKEN_PATTERNS = [
function scanFileForTokens(filePath, relativePath, logger) {
const findings = [];
try {
const content = fs14.readFileSync(filePath, "utf8");
const content = fs13.readFileSync(filePath, "utf8");
for (const { type: type2, pattern } of GITHUB_TOKEN_PATTERNS) {
const matches = content.match(pattern);
if (matches) {
@@ -167967,7 +167898,7 @@ async function scanArchiveFile(archivePath, relativeArchivePath, extractDir, log
findings: []
};
try {
const tempExtractDir = fs14.mkdtempSync(
const tempExtractDir = fs13.mkdtempSync(
path13.join(extractDir, `extract-${depth}-`)
);
const fileName = path13.basename(archivePath).toLowerCase();
@@ -168001,7 +167932,7 @@ async function scanArchiveFile(archivePath, relativeArchivePath, extractDir, log
path13.basename(archivePath, ".gz")
);
await exec.exec("gunzip", ["-c", archivePath], {
outStream: fs14.createWriteStream(outputFile),
outStream: fs13.createWriteStream(outputFile),
silent: true
});
} else if (fileName.endsWith(".zip")) {
@@ -168022,7 +167953,7 @@ async function scanArchiveFile(archivePath, relativeArchivePath, extractDir, log
);
result.scannedFiles += scanResult.scannedFiles;
result.findings.push(...scanResult.findings);
fs14.rmSync(tempExtractDir, { recursive: true, force: true });
fs13.rmSync(tempExtractDir, { recursive: true, force: true });
} catch (e) {
logger.debug(
`Could not extract or scan archive file ${archivePath}: ${getErrorMessage(e)}`
@@ -168057,7 +167988,7 @@ async function scanDirectory(dirPath, baseRelativePath, logger, depth = 0) {
scannedFiles: 0,
findings: []
};
const entries = fs14.readdirSync(dirPath, { withFileTypes: true });
const entries = fs13.readdirSync(dirPath, { withFileTypes: true });
for (const entry of entries) {
const fullPath = path13.join(dirPath, entry.name);
const relativePath = path13.join(baseRelativePath, entry.name);
@@ -168092,10 +168023,10 @@ async function scanArtifactsForTokens(filesToScan, logger) {
scannedFiles: 0,
findings: []
};
const tempScanDir = fs14.mkdtempSync(path13.join(os2.tmpdir(), "artifact-scan-"));
const tempScanDir = fs13.mkdtempSync(path13.join(os2.tmpdir(), "artifact-scan-"));
try {
for (const filePath of filesToScan) {
const stats = fs14.statSync(filePath);
const stats = fs13.statSync(filePath);
const fileName = path13.basename(filePath);
if (stats.isDirectory()) {
const dirResult = await scanDirectory(filePath, fileName, logger);
@@ -168133,7 +168064,7 @@ async function scanArtifactsForTokens(filesToScan, logger) {
}
} finally {
try {
fs14.rmSync(tempScanDir, { recursive: true, force: true });
fs13.rmSync(tempScanDir, { recursive: true, force: true });
} catch (e) {
logger.debug(
`Could not clean up temporary scan directory: ${getErrorMessage(e)}`
@@ -168149,17 +168080,17 @@ function sanitizeArtifactName(name) {
function tryPrepareSarifDebugArtifact(config, language, logger) {
try {
const analyzeActionOutputDir = process.env["CODEQL_ACTION_SARIF_RESULTS_OUTPUT_DIR" /* SARIF_RESULTS_OUTPUT_DIR */];
if (analyzeActionOutputDir !== void 0 && fs15.existsSync(analyzeActionOutputDir) && fs15.lstatSync(analyzeActionOutputDir).isDirectory()) {
if (analyzeActionOutputDir !== void 0 && fs14.existsSync(analyzeActionOutputDir) && fs14.lstatSync(analyzeActionOutputDir).isDirectory()) {
const sarifFile = path14.resolve(
analyzeActionOutputDir,
`${language}.sarif`
);
if (fs15.existsSync(sarifFile)) {
if (fs14.existsSync(sarifFile)) {
const sarifInDbLocation = path14.resolve(
config.dbLocation,
`${language}.sarif`
);
fs15.copyFileSync(sarifFile, sarifInDbLocation);
fs14.copyFileSync(sarifFile, sarifInDbLocation);
return sarifInDbLocation;
}
}
@@ -168338,10 +168269,10 @@ async function createPartialDatabaseBundle(config, language) {
core12.info(
`${config.debugDatabaseName}-${language} is not finalized. Uploading partial database bundle at ${databaseBundlePath}...`
);
if (fs15.existsSync(databaseBundlePath)) {
await fs15.promises.rm(databaseBundlePath, { force: true });
if (fs14.existsSync(databaseBundlePath)) {
await fs14.promises.rm(databaseBundlePath, { force: true });
}
const output = fs15.createWriteStream(databaseBundlePath);
const output = fs14.createWriteStream(databaseBundlePath);
const zip = (0, import_archiver.default)("zip");
zip.on("error", (err) => {
throw err;
@@ -168380,7 +168311,7 @@ var core13 = __toESM(require_core());
var jsonschema2 = __toESM(require_lib2());
// src/fingerprints.ts
var fs16 = __toESM(require("fs"));
var fs15 = __toESM(require("fs"));
var import_path2 = __toESM(require("path"));
// node_modules/long/index.js
@@ -169368,7 +169299,7 @@ async function hash(callback, filepath) {
}
updateHash(current);
};
const readStream = fs16.createReadStream(filepath, "utf8");
const readStream = fs15.createReadStream(filepath, "utf8");
for await (const data of readStream) {
for (let i = 0; i < data.length; ++i) {
processCharacter(data.charCodeAt(i));
@@ -169443,11 +169374,11 @@ function resolveUriToFile(location, artifacts, sourceRoot, logger) {
if (!import_path2.default.isAbsolute(uri)) {
uri = srcRootPrefix + uri;
}
if (!fs16.existsSync(uri)) {
if (!fs15.existsSync(uri)) {
logger.debug(`Unable to compute fingerprint for non-existent file: ${uri}`);
return void 0;
}
if (fs16.statSync(uri).isDirectory()) {
if (fs15.statSync(uri).isDirectory()) {
logger.debug(`Unable to compute fingerprint for directory: ${uri}`);
return void 0;
}
@@ -169533,6 +169464,73 @@ async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVe
};
}
// src/sarif/index.ts
var fs16 = __toESM(require("fs"));
var InvalidSarifUploadError = class extends Error {
};
function getToolNames(sarifFile) {
const toolNames = {};
for (const run3 of sarifFile.runs || []) {
const tool = run3.tool || {};
const driver = tool.driver || {};
if (typeof driver.name === "string" && driver.name.length > 0) {
toolNames[driver.name] = true;
}
}
return Object.keys(toolNames);
}
function readSarifFile(sarifFilePath) {
return JSON.parse(fs16.readFileSync(sarifFilePath, "utf8"));
}
function combineSarifFiles(sarifFiles, logger) {
logger.info(`Loading SARIF file(s)`);
const combinedSarif = {
version: "2.1.0",
runs: []
};
for (const sarifFile of sarifFiles) {
logger.debug(`Loading SARIF file: ${sarifFile}`);
const sarifObject = readSarifFile(sarifFile);
if (combinedSarif.version === null) {
combinedSarif.version = sarifObject.version;
} else if (combinedSarif.version !== sarifObject.version) {
throw new InvalidSarifUploadError(
`Different SARIF versions encountered: ${combinedSarif.version} and ${sarifObject.version}`
);
}
combinedSarif.runs.push(...sarifObject.runs);
}
return combinedSarif;
}
function areAllRunsProducedByCodeQL(sarifLogs) {
return sarifLogs.every((sarifLog) => {
return sarifLog.runs?.every((run3) => run3.tool?.driver?.name === "CodeQL");
});
}
function createRunKey(run3) {
return {
name: run3.tool?.driver?.name,
fullName: run3.tool?.driver?.fullName,
version: run3.tool?.driver?.version,
semanticVersion: run3.tool?.driver?.semanticVersion,
guid: run3.tool?.driver?.guid,
automationId: run3.automationDetails?.id
};
}
function areAllRunsUnique(sarifLogs) {
const keys = /* @__PURE__ */ new Set();
for (const sarifLog of sarifLogs) {
for (const run3 of sarifLog.runs) {
const key = JSON.stringify(createRunKey(run3));
if (keys.has(key)) {
return false;
}
keys.add(key);
}
}
return true;
}
// src/upload-lib.ts
var GENERIC_403_MSG = "The repo on which this action is running has not opted-in to CodeQL code scanning.";
var GENERIC_404_MSG = "The CodeQL code scanning feature is forbidden on this repository.";
@@ -169739,7 +169737,7 @@ function countResultsInSarif(sarifLog) {
}
return numResults;
}
function readSarifFile2(sarifFilePath) {
function readSarifFileOrThrow(sarifFilePath) {
try {
return readSarifFile(sarifFilePath);
} catch (e) {
@@ -169825,7 +169823,7 @@ async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths,
category = analysis.fixCategory(logger, category);
if (sarifPaths.length > 1) {
for (const sarifPath of sarifPaths) {
const parsedSarif = readSarifFile2(sarifPath);
const parsedSarif = readSarifFileOrThrow(sarifPath);
validateSarifFileSchema(parsedSarif, sarifPath, logger);
}
sarifLog = await combineSarifFilesUsingCLI(
@@ -169836,7 +169834,7 @@ async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths,
);
} else {
const sarifPath = sarifPaths[0];
sarifLog = readSarifFile2(sarifPath);
sarifLog = readSarifFileOrThrow(sarifPath);
validateSarifFileSchema(sarifLog, sarifPath, logger);
await throwIfCombineSarifFilesDisabled([sarifLog], gitHubVersion);
}
lib/upload-lib.js
Generated
+100 -104
View File
@@ -103235,7 +103235,7 @@ __export(upload_lib_exports, {
getGroupedSarifFilePaths: () => getGroupedSarifFilePaths,
populateRunAutomationDetails: () => populateRunAutomationDetails,
postProcessSarifFiles: () => postProcessSarifFiles,
readSarifFile: () => readSarifFile2,
readSarifFileOrThrow: () => readSarifFileOrThrow,
shouldConsiderConfigurationError: () => shouldConsiderConfigurationError,
shouldConsiderInvalidRequest: () => shouldConsiderInvalidRequest,
shouldShowCombineSarifFilesDeprecationWarning: () => shouldShowCombineSarifFilesDeprecationWarning,
@@ -103257,7 +103257,7 @@ var core11 = __toESM(require_core());
var jsonschema2 = __toESM(require_lib2());
// src/actions-util.ts
var fs3 = __toESM(require("fs"));
var fs2 = __toESM(require("fs"));
var path2 = __toESM(require("path"));
var core4 = __toESM(require_core());
var toolrunner = __toESM(require_toolrunner());
@@ -103265,7 +103265,7 @@ var github = __toESM(require_github());
var io2 = __toESM(require_io());
// src/util.ts
var fs2 = __toESM(require("fs"));
var fs = __toESM(require("fs"));
var path = __toESM(require("path"));
var core3 = __toESM(require_core());
var io = __toESM(require_io());
@@ -105913,77 +105913,6 @@ var safeDump = renamed("safeDump", "dump");
// src/util.ts
var semver = __toESM(require_semver2());
// src/sarif/index.ts
var fs = __toESM(require("fs"));
var InvalidSarifUploadError = class extends Error {
};
function getToolNames(sarifFile) {
const toolNames = {};
for (const run of sarifFile.runs || []) {
const tool = run.tool || {};
const driver = tool.driver || {};
if (typeof driver.name === "string" && driver.name.length > 0) {
toolNames[driver.name] = true;
}
}
return Object.keys(toolNames);
}
function readSarifFile(sarifFilePath) {
return JSON.parse(fs.readFileSync(sarifFilePath, "utf8"));
}
function combineSarifFiles(sarifFiles, logger) {
logger.info(`Loading SARIF file(s)`);
const combinedSarif = {
version: "2.1.0",
runs: []
};
for (const sarifFile of sarifFiles) {
logger.debug(`Loading SARIF file: ${sarifFile}`);
const sarifObject = readSarifFile(sarifFile);
if (combinedSarif.version === null) {
combinedSarif.version = sarifObject.version;
} else if (combinedSarif.version !== sarifObject.version) {
throw new InvalidSarifUploadError(
`Different SARIF versions encountered: ${combinedSarif.version} and ${sarifObject.version}`
);
}
combinedSarif.runs.push(...sarifObject.runs);
}
return combinedSarif;
}
function areAllRunsProducedByCodeQL(sarifObjects) {
return sarifObjects.every((sarifObject) => {
return sarifObject.runs?.every(
(run) => run.tool?.driver?.name === "CodeQL"
);
});
}
function createRunKey(run) {
return {
name: run.tool?.driver?.name,
fullName: run.tool?.driver?.fullName,
version: run.tool?.driver?.version,
semanticVersion: run.tool?.driver?.semanticVersion,
guid: run.tool?.driver?.guid,
automationId: run.automationDetails?.id
};
}
function areAllRunsUnique(sarifObjects) {
const keys = /* @__PURE__ */ new Set();
for (const sarifObject of sarifObjects) {
for (const run of sarifObject.runs) {
const key = JSON.stringify(createRunKey(run));
if (keys.has(key)) {
return false;
}
keys.add(key);
}
}
return true;
}
// src/util.ts
var BASE_DATABASE_OIDS_FILE_NAME = "base-database-oids.json";
var BROKEN_VERSIONS = ["0.0.0-20211207"];
var GITHUB_DOTCOM_URL = "https://github.com";
@@ -106145,7 +106074,7 @@ function cloneObject(obj) {
async function cleanUpPath(file, name, logger) {
logger.debug(`Cleaning up ${name}.`);
try {
await fs2.promises.rm(file, {
await fs.promises.rm(file, {
force: true,
recursive: true
});
@@ -106203,7 +106132,7 @@ function getRelativeScriptPath() {
function getWorkflowEvent() {
const eventJsonFile = getRequiredEnvParam("GITHUB_EVENT_PATH");
try {
return JSON.parse(fs3.readFileSync(eventJsonFile, "utf-8"));
return JSON.parse(fs2.readFileSync(eventJsonFile, "utf-8"));
} catch (e) {
throw new Error(
`Unable to read workflow event JSON from ${eventJsonFile}: ${e}`
@@ -106635,7 +106564,7 @@ function wrapApiConfigurationError(e) {
}
// src/codeql.ts
var fs10 = __toESM(require("fs"));
var fs9 = __toESM(require("fs"));
var path9 = __toESM(require("path"));
var core10 = __toESM(require_core());
var toolrunner3 = __toESM(require_toolrunner());
@@ -106883,7 +106812,7 @@ function wrapCliConfigurationError(cliError) {
}
// src/config-utils.ts
var fs6 = __toESM(require("fs"));
var fs5 = __toESM(require("fs"));
var path6 = __toESM(require("path"));
// src/caching-utils.ts
@@ -106998,7 +106927,7 @@ function writeDiagnostic(config, language, diagnostic) {
}
// src/diff-informed-analysis-utils.ts
var fs5 = __toESM(require("fs"));
var fs4 = __toESM(require("fs"));
var path5 = __toESM(require("path"));
// src/feature-flags.ts
@@ -107009,7 +106938,7 @@ var bundleVersion = "codeql-bundle-v2.24.2";
var cliVersion = "2.24.2";
// src/overlay/index.ts
var fs4 = __toESM(require("fs"));
var fs3 = __toESM(require("fs"));
var path4 = __toESM(require("path"));
var actionsCache = __toESM(require_cache5());
@@ -107220,12 +107149,12 @@ async function writeBaseDatabaseOidsFile(config, sourceRoot) {
const gitFileOids = await getFileOidsUnderPath(sourceRoot);
const gitFileOidsJson = JSON.stringify(gitFileOids);
const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config);
await fs4.promises.writeFile(baseDatabaseOidsFilePath, gitFileOidsJson);
await fs3.promises.writeFile(baseDatabaseOidsFilePath, gitFileOidsJson);
}
async function readBaseDatabaseOidsFile(config, logger) {
const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config);
try {
const contents = await fs4.promises.readFile(
const contents = await fs3.promises.readFile(
baseDatabaseOidsFilePath,
"utf-8"
);
@@ -107252,7 +107181,7 @@ async function writeOverlayChangesFile(config, sourceRoot, logger) {
logger.debug(
`Writing overlay changed files to ${overlayChangesFile}: ${changedFilesJson}`
);
await fs4.promises.writeFile(overlayChangesFile, changedFilesJson);
await fs3.promises.writeFile(overlayChangesFile, changedFilesJson);
return overlayChangesFile;
}
function computeChangedFiles(baseFileOids, overlayFileOids) {
@@ -107523,11 +107452,11 @@ function getDiffRangesJsonFilePath() {
}
function readDiffRangesJsonFile(logger) {
const jsonFilePath = getDiffRangesJsonFilePath();
if (!fs5.existsSync(jsonFilePath)) {
if (!fs4.existsSync(jsonFilePath)) {
logger.debug(`Diff ranges JSON file does not exist at ${jsonFilePath}`);
return void 0;
}
const jsonContents = fs5.readFileSync(jsonFilePath, "utf8");
const jsonContents = fs4.readFileSync(jsonFilePath, "utf8");
logger.debug(
`Read pr-diff-range JSON file from ${jsonFilePath}:
${jsonContents}`
@@ -107576,10 +107505,10 @@ function getPathToParsedConfigFile(tempDir) {
}
async function getConfig(tempDir, logger) {
const configFile = getPathToParsedConfigFile(tempDir);
if (!fs6.existsSync(configFile)) {
if (!fs5.existsSync(configFile)) {
return void 0;
}
const configString = fs6.readFileSync(configFile, "utf8");
const configString = fs5.readFileSync(configFile, "utf8");
logger.debug("Loaded config:");
logger.debug(configString);
const config = JSON.parse(configString);
@@ -107615,7 +107544,7 @@ function appendExtraQueryExclusions(extraQueryExclusions, cliConfig) {
}
// src/setup-codeql.ts
var fs9 = __toESM(require("fs"));
var fs8 = __toESM(require("fs"));
var path8 = __toESM(require("path"));
var toolcache3 = __toESM(require_tool_cache());
var import_fast_deep_equal = __toESM(require_fast_deep_equal());
@@ -107677,7 +107606,7 @@ var v4_default = v4;
// src/tar.ts
var import_child_process = require("child_process");
var fs7 = __toESM(require("fs"));
var fs6 = __toESM(require("fs"));
var stream = __toESM(require("stream"));
var import_toolrunner = __toESM(require_toolrunner());
var io4 = __toESM(require_io());
@@ -107750,7 +107679,7 @@ async function isZstdAvailable(logger) {
}
}
async function extract(tarPath, dest, compressionMethod, tarVersion, logger) {
fs7.mkdirSync(dest, { recursive: true });
fs6.mkdirSync(dest, { recursive: true });
switch (compressionMethod) {
case "gzip":
return await toolcache.extractTar(tarPath, dest);
@@ -107834,7 +107763,7 @@ function inferCompressionMethod(tarPath) {
}
// src/tools-download.ts
var fs8 = __toESM(require("fs"));
var fs7 = __toESM(require("fs"));
var os = __toESM(require("os"));
var path7 = __toESM(require("path"));
var import_perf_hooks = require("perf_hooks");
@@ -107941,7 +107870,7 @@ async function downloadAndExtract(codeqlURL, compressionMethod, dest, authorizat
};
}
async function downloadAndExtractZstdWithStreaming(codeqlURL, dest, authorization, headers, tarVersion, logger) {
fs8.mkdirSync(dest, { recursive: true });
fs7.mkdirSync(dest, { recursive: true });
const agent = new import_http_client.HttpClient().getAgent(codeqlURL);
headers = Object.assign(
{ "User-Agent": "CodeQL Action" },
@@ -107978,7 +107907,7 @@ function getToolcacheDirectory(version) {
}
function writeToolcacheMarkerFile(extractedPath, logger) {
const markerFilePath = `${extractedPath}.complete`;
fs8.writeFileSync(markerFilePath, "");
fs7.writeFileSync(markerFilePath, "");
logger.info(`Created toolcache marker file ${markerFilePath}`);
}
function sanitizeUrlForStatusReport(url2) {
@@ -108113,7 +108042,7 @@ async function findOverridingToolsInCache(humanReadableVersion, logger) {
const candidates = toolcache3.findAllVersions("CodeQL").filter(isGoodVersion).map((version) => ({
folder: toolcache3.find("CodeQL", version),
version
})).filter(({ folder }) => fs9.existsSync(path8.join(folder, "pinned-version")));
})).filter(({ folder }) => fs8.existsSync(path8.join(folder, "pinned-version")));
if (candidates.length === 1) {
const candidate = candidates[0];
logger.debug(
@@ -108667,7 +108596,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
"tools",
"tracing-config.lua"
);
return fs10.existsSync(tracingConfigPath);
return fs9.existsSync(tracingConfigPath);
},
async isScannedLanguage(language) {
return !await this.isTracedLanguage(language);
@@ -109147,7 +109076,7 @@ async function writeCodeScanningConfigFile(config, logger) {
logger.startGroup("Augmented user configuration file contents");
logger.info(dump(augmentedConfig));
logger.endGroup();
fs10.writeFileSync(codeScanningConfigFile, dump(augmentedConfig));
fs9.writeFileSync(codeScanningConfigFile, dump(augmentedConfig));
return codeScanningConfigFile;
}
var TRAP_CACHE_SIZE_MB = 1024;
@@ -109191,7 +109120,7 @@ async function getJobRunUuidSarifOptions(codeql) {
}
// src/fingerprints.ts
var fs11 = __toESM(require("fs"));
var fs10 = __toESM(require("fs"));
var import_path2 = __toESM(require("path"));
// node_modules/long/index.js
@@ -110179,7 +110108,7 @@ async function hash(callback, filepath) {
}
updateHash(current);
};
const readStream = fs11.createReadStream(filepath, "utf8");
const readStream = fs10.createReadStream(filepath, "utf8");
for await (const data of readStream) {
for (let i = 0; i < data.length; ++i) {
processCharacter(data.charCodeAt(i));
@@ -110254,11 +110183,11 @@ function resolveUriToFile(location, artifacts, sourceRoot, logger) {
if (!import_path2.default.isAbsolute(uri)) {
uri = srcRootPrefix + uri;
}
if (!fs11.existsSync(uri)) {
if (!fs10.existsSync(uri)) {
logger.debug(`Unable to compute fingerprint for non-existent file: ${uri}`);
return void 0;
}
if (fs11.statSync(uri).isDirectory()) {
if (fs10.statSync(uri).isDirectory()) {
logger.debug(`Unable to compute fingerprint for directory: ${uri}`);
return void 0;
}
@@ -110344,6 +110273,73 @@ async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVe
};
}
// src/sarif/index.ts
var fs11 = __toESM(require("fs"));
var InvalidSarifUploadError = class extends Error {
};
function getToolNames(sarifFile) {
const toolNames = {};
for (const run of sarifFile.runs || []) {
const tool = run.tool || {};
const driver = tool.driver || {};
if (typeof driver.name === "string" && driver.name.length > 0) {
toolNames[driver.name] = true;
}
}
return Object.keys(toolNames);
}
function readSarifFile(sarifFilePath) {
return JSON.parse(fs11.readFileSync(sarifFilePath, "utf8"));
}
function combineSarifFiles(sarifFiles, logger) {
logger.info(`Loading SARIF file(s)`);
const combinedSarif = {
version: "2.1.0",
runs: []
};
for (const sarifFile of sarifFiles) {
logger.debug(`Loading SARIF file: ${sarifFile}`);
const sarifObject = readSarifFile(sarifFile);
if (combinedSarif.version === null) {
combinedSarif.version = sarifObject.version;
} else if (combinedSarif.version !== sarifObject.version) {
throw new InvalidSarifUploadError(
`Different SARIF versions encountered: ${combinedSarif.version} and ${sarifObject.version}`
);
}
combinedSarif.runs.push(...sarifObject.runs);
}
return combinedSarif;
}
function areAllRunsProducedByCodeQL(sarifLogs) {
return sarifLogs.every((sarifLog) => {
return sarifLog.runs?.every((run) => run.tool?.driver?.name === "CodeQL");
});
}
function createRunKey(run) {
return {
name: run.tool?.driver?.name,
fullName: run.tool?.driver?.fullName,
version: run.tool?.driver?.version,
semanticVersion: run.tool?.driver?.semanticVersion,
guid: run.tool?.driver?.guid,
automationId: run.automationDetails?.id
};
}
function areAllRunsUnique(sarifLogs) {
const keys = /* @__PURE__ */ new Set();
for (const sarifLog of sarifLogs) {
for (const run of sarifLog.runs) {
const key = JSON.stringify(createRunKey(run));
if (keys.has(key)) {
return false;
}
keys.add(key);
}
}
return true;
}
// src/upload-lib.ts
var GENERIC_403_MSG = "The repo on which this action is running has not opted-in to CodeQL code scanning.";
var GENERIC_404_MSG = "The CodeQL code scanning feature is forbidden on this repository.";
@@ -110598,7 +110594,7 @@ function countResultsInSarif(sarifLog) {
}
return numResults;
}
function readSarifFile2(sarifFilePath) {
function readSarifFileOrThrow(sarifFilePath) {
try {
return readSarifFile(sarifFilePath);
} catch (e) {
@@ -110684,7 +110680,7 @@ async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths,
category = analysis.fixCategory(logger, category);
if (sarifPaths.length > 1) {
for (const sarifPath of sarifPaths) {
const parsedSarif = readSarifFile2(sarifPath);
const parsedSarif = readSarifFileOrThrow(sarifPath);
validateSarifFileSchema(parsedSarif, sarifPath, logger);
}
sarifLog = await combineSarifFilesUsingCLI(
@@ -110695,7 +110691,7 @@ async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths,
);
} else {
const sarifPath = sarifPaths[0];
sarifLog = readSarifFile2(sarifPath);
sarifLog = readSarifFileOrThrow(sarifPath);
validateSarifFileSchema(sarifLog, sarifPath, logger);
await throwIfCombineSarifFilesDisabled([sarifLog], gitHubVersion);
}
@@ -110970,7 +110966,7 @@ function filterAlertsByDiffRange(logger, sarifLog) {
getGroupedSarifFilePaths,
populateRunAutomationDetails,
postProcessSarifFiles,
readSarifFile,
readSarifFileOrThrow,
shouldConsiderConfigurationError,
shouldConsiderInvalidRequest,
shouldShowCombineSarifFilesDeprecationWarning,
lib/upload-sarif-action.js
Generated
+82 -86
View File
@@ -103231,7 +103231,7 @@ var require_sarif_schema_2_1_0 = __commonJS({
var core13 = __toESM(require_core());
// src/actions-util.ts
var fs3 = __toESM(require("fs"));
var fs2 = __toESM(require("fs"));
var path2 = __toESM(require("path"));
var core4 = __toESM(require_core());
var toolrunner = __toESM(require_toolrunner());
@@ -103239,7 +103239,7 @@ var github = __toESM(require_github());
var io2 = __toESM(require_io());
// src/util.ts
var fs2 = __toESM(require("fs"));
var fs = __toESM(require("fs"));
var fsPromises = __toESM(require("fs/promises"));
var path = __toESM(require("path"));
var core3 = __toESM(require_core());
@@ -105888,77 +105888,6 @@ var safeDump = renamed("safeDump", "dump");
// src/util.ts
var semver = __toESM(require_semver2());
// src/sarif/index.ts
var fs = __toESM(require("fs"));
var InvalidSarifUploadError = class extends Error {
};
function getToolNames(sarifFile) {
const toolNames = {};
for (const run2 of sarifFile.runs || []) {
const tool = run2.tool || {};
const driver = tool.driver || {};
if (typeof driver.name === "string" && driver.name.length > 0) {
toolNames[driver.name] = true;
}
}
return Object.keys(toolNames);
}
function readSarifFile(sarifFilePath) {
return JSON.parse(fs.readFileSync(sarifFilePath, "utf8"));
}
function combineSarifFiles(sarifFiles, logger) {
logger.info(`Loading SARIF file(s)`);
const combinedSarif = {
version: "2.1.0",
runs: []
};
for (const sarifFile of sarifFiles) {
logger.debug(`Loading SARIF file: ${sarifFile}`);
const sarifObject = readSarifFile(sarifFile);
if (combinedSarif.version === null) {
combinedSarif.version = sarifObject.version;
} else if (combinedSarif.version !== sarifObject.version) {
throw new InvalidSarifUploadError(
`Different SARIF versions encountered: ${combinedSarif.version} and ${sarifObject.version}`
);
}
combinedSarif.runs.push(...sarifObject.runs);
}
return combinedSarif;
}
function areAllRunsProducedByCodeQL(sarifObjects) {
return sarifObjects.every((sarifObject) => {
return sarifObject.runs?.every(
(run2) => run2.tool?.driver?.name === "CodeQL"
);
});
}
function createRunKey(run2) {
return {
name: run2.tool?.driver?.name,
fullName: run2.tool?.driver?.fullName,
version: run2.tool?.driver?.version,
semanticVersion: run2.tool?.driver?.semanticVersion,
guid: run2.tool?.driver?.guid,
automationId: run2.automationDetails?.id
};
}
function areAllRunsUnique(sarifObjects) {
const keys = /* @__PURE__ */ new Set();
for (const sarifObject of sarifObjects) {
for (const run2 of sarifObject.runs) {
const key = JSON.stringify(createRunKey(run2));
if (keys.has(key)) {
return false;
}
keys.add(key);
}
}
return true;
}
// src/util.ts
var BASE_DATABASE_OIDS_FILE_NAME = "base-database-oids.json";
var BROKEN_VERSIONS = ["0.0.0-20211207"];
var GITHUB_DOTCOM_URL = "https://github.com";
@@ -106169,7 +106098,7 @@ function cloneObject(obj) {
async function cleanUpPath(file, name, logger) {
logger.debug(`Cleaning up ${name}.`);
try {
await fs2.promises.rm(file, {
await fs.promises.rm(file, {
force: true,
recursive: true
});
@@ -106232,7 +106161,7 @@ function getRelativeScriptPath() {
function getWorkflowEvent() {
const eventJsonFile = getRequiredEnvParam("GITHUB_EVENT_PATH");
try {
return JSON.parse(fs3.readFileSync(eventJsonFile, "utf-8"));
return JSON.parse(fs2.readFileSync(eventJsonFile, "utf-8"));
} catch (e) {
throw new Error(
`Unable to read workflow event JSON from ${eventJsonFile}: ${e}`
@@ -106684,7 +106613,7 @@ function wrapApiConfigurationError(e) {
}
// src/feature-flags.ts
var fs5 = __toESM(require("fs"));
var fs4 = __toESM(require("fs"));
var path4 = __toESM(require("path"));
var semver4 = __toESM(require_semver2());
@@ -106693,7 +106622,7 @@ var bundleVersion = "codeql-bundle-v2.24.2";
var cliVersion = "2.24.2";
// src/overlay/index.ts
var fs4 = __toESM(require("fs"));
var fs3 = __toESM(require("fs"));
var path3 = __toESM(require("path"));
var actionsCache = __toESM(require_cache5());
@@ -106932,12 +106861,12 @@ async function writeBaseDatabaseOidsFile(config, sourceRoot) {
const gitFileOids = await getFileOidsUnderPath(sourceRoot);
const gitFileOidsJson = JSON.stringify(gitFileOids);
const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config);
await fs4.promises.writeFile(baseDatabaseOidsFilePath, gitFileOidsJson);
await fs3.promises.writeFile(baseDatabaseOidsFilePath, gitFileOidsJson);
}
async function readBaseDatabaseOidsFile(config, logger) {
const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config);
try {
const contents = await fs4.promises.readFile(
const contents = await fs3.promises.readFile(
baseDatabaseOidsFilePath,
"utf-8"
);
@@ -106964,7 +106893,7 @@ async function writeOverlayChangesFile(config, sourceRoot, logger) {
logger.debug(
`Writing overlay changed files to ${overlayChangesFile}: ${changedFilesJson}`
);
await fs4.promises.writeFile(overlayChangesFile, changedFilesJson);
await fs3.promises.writeFile(overlayChangesFile, changedFilesJson);
return overlayChangesFile;
}
function computeChangedFiles(baseFileOids, overlayFileOids) {
@@ -107466,12 +107395,12 @@ var GitHubFeatureFlags = class {
}
async readLocalFlags() {
try {
if (fs5.existsSync(this.featureFlagsFile)) {
if (fs4.existsSync(this.featureFlagsFile)) {
this.logger.debug(
`Loading feature flags from ${this.featureFlagsFile}`
);
return JSON.parse(
fs5.readFileSync(this.featureFlagsFile, "utf8")
fs4.readFileSync(this.featureFlagsFile, "utf8")
);
}
} catch (e) {
@@ -107484,7 +107413,7 @@ var GitHubFeatureFlags = class {
async writeLocalFlags(flags) {
try {
this.logger.debug(`Writing feature flags to ${this.featureFlagsFile}`);
fs5.writeFileSync(this.featureFlagsFile, JSON.stringify(flags));
fs4.writeFileSync(this.featureFlagsFile, JSON.stringify(flags));
} catch (e) {
this.logger.warning(
`Error writing cached feature flags file ${this.featureFlagsFile}: ${e}.`
@@ -107554,6 +107483,73 @@ function initFeatures(gitHubVersion, repositoryNwo, tempDir, logger) {
}
}
// src/sarif/index.ts
var fs5 = __toESM(require("fs"));
var InvalidSarifUploadError = class extends Error {
};
function getToolNames(sarifFile) {
const toolNames = {};
for (const run2 of sarifFile.runs || []) {
const tool = run2.tool || {};
const driver = tool.driver || {};
if (typeof driver.name === "string" && driver.name.length > 0) {
toolNames[driver.name] = true;
}
}
return Object.keys(toolNames);
}
function readSarifFile(sarifFilePath) {
return JSON.parse(fs5.readFileSync(sarifFilePath, "utf8"));
}
function combineSarifFiles(sarifFiles, logger) {
logger.info(`Loading SARIF file(s)`);
const combinedSarif = {
version: "2.1.0",
runs: []
};
for (const sarifFile of sarifFiles) {
logger.debug(`Loading SARIF file: ${sarifFile}`);
const sarifObject = readSarifFile(sarifFile);
if (combinedSarif.version === null) {
combinedSarif.version = sarifObject.version;
} else if (combinedSarif.version !== sarifObject.version) {
throw new InvalidSarifUploadError(
`Different SARIF versions encountered: ${combinedSarif.version} and ${sarifObject.version}`
);
}
combinedSarif.runs.push(...sarifObject.runs);
}
return combinedSarif;
}
function areAllRunsProducedByCodeQL(sarifLogs) {
return sarifLogs.every((sarifLog) => {
return sarifLog.runs?.every((run2) => run2.tool?.driver?.name === "CodeQL");
});
}
function createRunKey(run2) {
return {
name: run2.tool?.driver?.name,
fullName: run2.tool?.driver?.fullName,
version: run2.tool?.driver?.version,
semanticVersion: run2.tool?.driver?.semanticVersion,
guid: run2.tool?.driver?.guid,
automationId: run2.automationDetails?.id
};
}
function areAllRunsUnique(sarifLogs) {
const keys = /* @__PURE__ */ new Set();
for (const sarifLog of sarifLogs) {
for (const run2 of sarifLog.runs) {
const key = JSON.stringify(createRunKey(run2));
if (keys.has(key)) {
return false;
}
keys.add(key);
}
}
return true;
}
// src/status-report.ts
var os = __toESM(require("os"));
var core9 = __toESM(require_core());
@@ -111173,7 +111169,7 @@ function countResultsInSarif(sarifLog) {
}
return numResults;
}
function readSarifFile2(sarifFilePath) {
function readSarifFileOrThrow(sarifFilePath) {
try {
return readSarifFile(sarifFilePath);
} catch (e) {
@@ -111259,7 +111255,7 @@ async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths,
category = analysis.fixCategory(logger, category);
if (sarifPaths.length > 1) {
for (const sarifPath of sarifPaths) {
const parsedSarif = readSarifFile2(sarifPath);
const parsedSarif = readSarifFileOrThrow(sarifPath);
validateSarifFileSchema(parsedSarif, sarifPath, logger);
}
sarifLog = await combineSarifFilesUsingCLI(
@@ -111270,7 +111266,7 @@ async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths,
);
} else {
const sarifPath = sarifPaths[0];
sarifLog = readSarifFile2(sarifPath);
sarifLog = readSarifFileOrThrow(sarifPath);
validateSarifFileSchema(sarifLog, sarifPath, logger);
await throwIfCombineSarifFilesDisabled([sarifLog], gitHubVersion);
}
src/sarif/index.ts
+8 -10
View File
@@ -71,13 +71,11 @@ export function combineSarifFiles(
/**
* Checks whether all the runs in the given SARIF files were produced by CodeQL.
* @param sarifObjects The list of SARIF objects to check.
* @param sarifLogs The list of SARIF objects to check.
*/
export function areAllRunsProducedByCodeQL(sarifObjects: sarif.Log[]): boolean {
return sarifObjects.every((sarifObject) => {
return sarifObject.runs?.every(
(run) => run.tool?.driver?.name === "CodeQL",
);
export function areAllRunsProducedByCodeQL(sarifLogs: sarif.Log[]): boolean {
return sarifLogs.every((sarifLog: sarif.Log) => {
return sarifLog.runs?.every((run) => run.tool?.driver?.name === "CodeQL");
});
}
@@ -95,13 +93,13 @@ function createRunKey(run: sarif.Run): RunKey {
/**
* Checks whether all runs in the given SARIF files are unique (based on the
* criteria used by Code Scanning to determine analysis categories).
* @param sarifObjects The list of SARIF objects to check.
* @param sarifLogs The list of SARIF objects to check.
*/
export function areAllRunsUnique(sarifObjects: sarif.Log[]): boolean {
export function areAllRunsUnique(sarifLogs: sarif.Log[]): boolean {
const keys = new Set<string>();
for (const sarifObject of sarifObjects) {
for (const run of sarifObject.runs) {
for (const sarifLog of sarifLogs) {
for (const run of sarifLog.runs) {
const key = JSON.stringify(createRunKey(run));
// If the key already exists, the runs are not unique.
src/upload-lib.test.ts
+3 -3
View File
@@ -26,7 +26,7 @@ test("validateSarifFileSchema - valid", (t) => {
const inputFile = `${__dirname}/../src/testdata/valid-sarif.sarif`;
t.notThrows(() =>
uploadLib.validateSarifFileSchema(
uploadLib.readSarifFile(inputFile),
uploadLib.readSarifFileOrThrow(inputFile),
inputFile,
getRunnerLogger(true),
),
@@ -37,7 +37,7 @@ test("validateSarifFileSchema - invalid", (t) => {
const inputFile = `${__dirname}/../src/testdata/invalid-sarif.sarif`;
t.throws(() =>
uploadLib.validateSarifFileSchema(
uploadLib.readSarifFile(inputFile),
uploadLib.readSarifFileOrThrow(inputFile),
inputFile,
getRunnerLogger(true),
),
@@ -608,7 +608,7 @@ test("accept results with invalid artifactLocation.uri value", (t) => {
const sarifFile = `${__dirname}/../src/testdata/with-invalid-uri.sarif`;
uploadLib.validateSarifFileSchema(
uploadLib.readSarifFile(sarifFile),
uploadLib.readSarifFileOrThrow(sarifFile),
sarifFile,
mockLogger,
);
src/upload-lib.ts
+10 -6
View File
@@ -115,7 +115,7 @@ async function combineSarifFilesUsingCLI(
): Promise<sarif.Log> {
logger.info("Combining SARIF files using the CodeQL CLI");
const sarifObjects = sarifFiles.map(util.readSarifFile);
const sarifObjects = sarifFiles.map(sarif.readSarifFile);
const deprecationWarningMessage =
gitHubVersion.type === GitHubVariant.GHES
@@ -197,7 +197,7 @@ async function combineSarifFilesUsingCLI(
mergeRunsFromEqualCategory: true,
});
return util.readSarifFile(outputFile);
return sarif.readSarifFile(outputFile);
}
// Populates the run.automationDetails.id field using the analysis_key and environment
@@ -447,7 +447,11 @@ function countResultsInSarif(sarifLog: string): number {
return numResults;
}
export function readSarifFile(sarifFilePath: string): sarif.Log {
/** A thin wrapper around `readSarifFile` which wraps exceptions in `InvalidSarifUploadError`.
*
* @throws InvalidSarifUploadError If parsing the SARIF file as JSON failed.
*/
export function readSarifFileOrThrow(sarifFilePath: string): sarif.Log {
try {
return sarif.readSarifFile(sarifFilePath);
} catch (e) {
@@ -617,7 +621,7 @@ export async function postProcessSarifFiles(
if (sarifPaths.length > 1) {
// Validate that the files we were asked to upload are all valid SARIF files
for (const sarifPath of sarifPaths) {
const parsedSarif = readSarifFile(sarifPath);
const parsedSarif = readSarifFileOrThrow(sarifPath);
validateSarifFileSchema(parsedSarif, sarifPath, logger);
}
@@ -629,7 +633,7 @@ export async function postProcessSarifFiles(
);
} else {
const sarifPath = sarifPaths[0];
sarifLog = readSarifFile(sarifPath);
sarifLog = readSarifFileOrThrow(sarifPath);
validateSarifFileSchema(sarifLog, sarifPath, logger);
// Validate that there are no runs for the same category
@@ -755,7 +759,7 @@ export async function uploadPostProcessedFiles(
logger.startGroup(`Uploading ${uploadTarget.name} results`);
const sarifLog = postProcessingResults.sarif;
const toolNames = util.getToolNames(sarifLog);
const toolNames = sarif.getToolNames(sarifLog);
logger.debug(`Validating that each SARIF run has a unique category`);
validateUniqueCategory(sarifLog, uploadTarget.sentinelPrefix);
src/upload-sarif-action.ts
+1 -1
View File
@@ -7,6 +7,7 @@ import { getGitHubVersion } from "./api-client";
import { initFeatures } from "./feature-flags";
import { Logger, getActionsLogger } from "./logging";
import { getRepositoryNwo } from "./repository";
import { InvalidSarifUploadError } from "./sarif";
import {
createStatusReportBase,
sendStatusReport,
@@ -20,7 +21,6 @@ import * as upload_lib from "./upload-lib";
import { postProcessAndUploadSarif } from "./upload-sarif";
import {
ConfigurationError,
InvalidSarifUploadError,
checkActionVersion,
checkDiskUsage,
getErrorMessage,
src/util.ts
-2
View File
@@ -17,8 +17,6 @@ import { EnvVar } from "./environment";
import { Language } from "./languages";
import { Logger } from "./logging";
export * from "./sarif";
/**
* The name of the file containing the base database OIDs, as stored in the
* root of the database location.