robojerk/codeql-action

Merge pull request #61 from github/disable_queries

Browse source 
Add a quick way to disable builtin queries
This commit is contained in:
Robert 2020-06-15 14:14:57 +01:00 committed by GitHub
commit 042ab541fd
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 44 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

21
lib/finalize-db.js generated
View file

@ -18,6 +18,25 @@ const externalQueries = __importStar(require("./external-queries"));
const sharedEnv = __importStar(require("./shared-environment"));
const upload_lib = __importStar(require("./upload-lib"));
const util = __importStar(require("./util"));
/**
* A list of queries from https://github.com/github/codeql that
* we don't want to run. Disabling them here is a quicker alternative to
* disabling them in the code scanning query suites. Queries should also
* be disabled in the suites, and removed from this list here once the
* bundle is updated to make those suite changes live.
*
* Format is a map from language to an array of path suffixes of .ql files.
*/
const DISABLED_BUILTIN_QUERIES = {
'csharp': [
'ql/src/Security Features/CWE-937/VulnerablePackage.ql',
'ql/src/Security Features/CWE-451/MissingXFrameOptions.ql',
]
};
function queryIsDisabled(language, query) {
return (DISABLED_BUILTIN_QUERIES[language] || [])
.some(disabledQuery => query.endsWith(disabledQuery));
}
function getMemoryFlag() {
let memoryToUseMegaBytes;
const memoryToUseString = core.getInput("ram");
@ -101,7 +120,7 @@ async function resolveQueryLanguages(codeqlCmd, config) {
if (res[language] === undefined) {
res[language] = [];
}
res[language].push(...Object.keys(queries));
res[language].push(...Object.keys(queries).filter(q => !queryIsDisabled(language, q)));
}
}
if (config.additionalQueries.length !== 0) {

2
lib/finalize-db.js.map
View file

File diff suppressed because one or more lines are too long

25
src/finalize-db.ts
View file

@ -11,6 +11,27 @@ import * as sharedEnv from './shared-environment';
import * as upload_lib from './upload-lib';
import * as util from './util';
/**
* A list of queries from https://github.com/github/codeql that
* we don't want to run. Disabling them here is a quicker alternative to
* disabling them in the code scanning query suites. Queries should also
* be disabled in the suites, and removed from this list here once the
* bundle is updated to make those suite changes live.
*
* Format is a map from language to an array of path suffixes of .ql files.
*/
const DISABLED_BUILTIN_QUERIES: {[language: string]: string[]} = {
'csharp': [
'ql/src/Security Features/CWE-937/VulnerablePackage.ql',
'ql/src/Security Features/CWE-451/MissingXFrameOptions.ql',
]
};
function queryIsDisabled(language, query): boolean {
return (DISABLED_BUILTIN_QUERIES[language] || [])
.some(disabledQuery => query.endsWith(disabledQuery));
}
function getMemoryFlag(): string {
let memoryToUseMegaBytes: number;
const memoryToUseString = core.getInput("ram");
@ -125,7 +146,7 @@ async function resolveQueryLanguages(codeqlCmd: string, config: configUtils.Conf
if (res[language] === undefined) {
res[language] = [];
}
res[language].push(...Object.keys(<any>queries));
res[language].push(...Object.keys(queries).filter(q => !queryIsDisabled(language, q)));
}
}
@ -136,7 +157,7 @@ async function resolveQueryLanguages(codeqlCmd: string, config: configUtils.Conf
if (res[language] === undefined) {
res[language] = [];
}
res[language].push(...Object.keys(<any>queries));
res[language].push(...Object.keys(queries));
}
const noDeclaredLanguage = resolveQueriesOutputObject.noDeclaredLanguage;