robojerk/codeql-action

Merge branch 'main' into daverlo/min-disk-free

Browse source
This commit is contained in:
David Verdeguer 2020-10-30 11:25:55 +01:00
commit 04e7c3cfe7
213 changed files with 4805 additions and 543 deletions
Download patch file Download diff file Expand all files Collapse all files

35
src/actions-util.test.ts
View file

@ -1,13 +1,36 @@
import test from "ava";
import sinon from "sinon";
import { getRef, prepareLocalRunEnvironment } from "./actions-util";
import * as actionsutil from "./actions-util";
import { setupTests } from "./testing-utils";
setupTests(test);
test("getRef() throws on the empty string", (t) => {
test("getRef() throws on the empty string", async (t) => {
process.env["GITHUB_REF"] = "";
t.throws(getRef);
await t.throwsAsync(actionsutil.getRef);
});
test("getRef() returns merge PR ref if GITHUB_SHA still checked out", async (t) => {
const expectedRef = "refs/pull/1/merge";
const currentSha = "a".repeat(40);
process.env["GITHUB_REF"] = expectedRef;
process.env["GITHUB_SHA"] = currentSha;
sinon.stub(actionsutil, "getCommitOid").resolves(currentSha);
const actualRef = await actionsutil.getRef();
t.deepEqual(actualRef, expectedRef);
});
test("getRef() returns head PR ref if GITHUB_SHA not currently checked out", async (t) => {
process.env["GITHUB_REF"] = "refs/pull/1/merge";
process.env["GITHUB_SHA"] = "a".repeat(40);
sinon.stub(actionsutil, "getCommitOid").resolves("b".repeat(40));
const actualRef = await actionsutil.getRef();
t.deepEqual(actualRef, "refs/pull/1/head");
});
test("prepareEnvironment() when a local run", (t) => {
@ -16,21 +39,21 @@ test("prepareEnvironment() when a local run", (t) => {
process.env.CODEQL_LOCAL_RUN = "false";
process.env.GITHUB_JOB = "YYY";
prepareLocalRunEnvironment();
actionsutil.prepareLocalRunEnvironment();
// unchanged
t.deepEqual(process.env.GITHUB_JOB, "YYY");
process.env.CODEQL_LOCAL_RUN = "true";
prepareLocalRunEnvironment();
actionsutil.prepareLocalRunEnvironment();
// unchanged
t.deepEqual(process.env.GITHUB_JOB, "YYY");
process.env.GITHUB_JOB = "";
prepareLocalRunEnvironment();
actionsutil.prepareLocalRunEnvironment();
// updated
t.deepEqual(process.env.GITHUB_JOB, "UNKNOWN-JOB");

25
src/actions-util.ts
View file

@ -3,7 +3,7 @@ import * as toolrunnner from "@actions/exec/lib/toolrunner";
import * as api from "./api-client";
import * as sharedEnv from "./shared-environment";
import { isLocalRun, GITHUB_DOTCOM_URL } from "./util";
import { GITHUB_DOTCOM_URL, isLocalRun } from "./util";
/**
* Wrapper around core.getInput for inputs that always have a value.
@ -57,7 +57,7 @@ export function prepareLocalRunEnvironment() {
/**
* Gets the SHA of the commit that is currently checked out.
*/
export async function getCommitOid(): Promise<string> {
export const getCommitOid = async function (): Promise<string> {
// Try to use git to get the current commit SHA. If that fails then
// log but otherwise silently fall back to using the SHA from the environment.
// The only time these two values will differ is during analysis of a PR when
@ -85,7 +85,7 @@ export async function getCommitOid(): Promise<string> {
);
return getRequiredEnvParam("GITHUB_SHA");
}
}
};
/**
* Get the path of the currently executing workflow.
@ -149,17 +149,22 @@ export async function getAnalysisKey(): Promise<string> {
/**
* Get the ref currently being analyzed.
*/
export function getRef(): string {
export async function getRef(): Promise<string> {
// Will be in the form "refs/heads/master" on a push event
// or in the form "refs/pull/N/merge" on a pull_request event
const ref = getRequiredEnvParam("GITHUB_REF");
// For pull request refs we want to convert from the 'merge' ref
// to the 'head' ref, as that is what we want to analyse.
// There should have been some code earlier in the workflow to do
// the checkout, but we have no way of verifying that here.
// For pull request refs we want to detect whether the workflow
// has run `git checkout HEAD^2` to analyze the 'head' ref rather
// than the 'merge' ref. If so, we want to convert the ref that
// we report back.
const pull_ref_regex = /refs\/pull\/(\d+)\/merge/;
if (pull_ref_regex.test(ref)) {
const checkoutSha = await getCommitOid();
if (
pull_ref_regex.test(ref) &&
checkoutSha !== getRequiredEnvParam("GITHUB_SHA")
) {
return ref.replace(pull_ref_regex, "refs/pull/$1/head");
} else {
return ref;
@ -219,7 +224,7 @@ export async function createStatusReportBase(
exception?: string
): Promise<StatusReportBase> {
const commitOid = process.env["GITHUB_SHA"] || "";
const ref = getRef();
const ref = await getRef();
const workflowRunIDStr = process.env["GITHUB_RUN_ID"];
let workflowRunID = -1;
if (workflowRunIDStr) {

22
src/analysis-paths.test.ts
View file

@ -1,3 +1,5 @@
import * as path from "path";
import test from "ava";
import * as analysisPaths from "./analysis-paths";
@ -46,3 +48,23 @@ test("nonEmptyPaths", async (t) => {
);
});
});
test("exclude temp dir", async (t) => {
return await util.withTmpDir(async (toolCacheDir) => {
const tempDir = path.join(process.cwd(), "codeql-runner-temp");
const config = {
languages: [],
queries: {},
pathsIgnore: [],
paths: [],
originalUserInput: {},
tempDir,
toolCacheDir,
codeQLCmd: "",
};
analysisPaths.includeAndExcludeAnalysisPaths(config);
t.is(process.env["LGTM_INDEX_INCLUDE"], undefined);
t.is(process.env["LGTM_INDEX_EXCLUDE"], "codeql-runner-temp");
t.is(process.env["LGTM_INDEX_FILTERS"], undefined);
});
});

23
src/analysis-paths.ts
View file

@ -1,3 +1,5 @@
import * as path from "path";
import * as configUtils from "./config-utils";
import { Logger } from "./logging";
@ -6,7 +8,7 @@ function isInterpretedLanguage(language): boolean {
}
// Matches a string containing only characters that are legal to include in paths on windows.
export const legalWindowsPathCharactersRegex = /^[^<>:"\|?]*$/;
export const legalWindowsPathCharactersRegex = /^[^<>:"|?]*$/;
// Builds an environment variable suitable for LGTM_INDEX_INCLUDE or LGTM_INDEX_EXCLUDE
function buildIncludeExcludeEnvVar(paths: string[]): string {
@ -48,10 +50,21 @@ export function includeAndExcludeAnalysisPaths(config: configUtils.Config) {
if (config.paths.length !== 0) {
process.env["LGTM_INDEX_INCLUDE"] = buildIncludeExcludeEnvVar(config.paths);
}
if (config.pathsIgnore.length !== 0) {
process.env["LGTM_INDEX_EXCLUDE"] = buildIncludeExcludeEnvVar(
config.pathsIgnore
);
// If the temporary or tools directory is in the working directory ignore that too.
const tempRelativeToWorking = path.relative(process.cwd(), config.tempDir);
const toolsRelativeToWorking = path.relative(
process.cwd(),
config.toolCacheDir
);
let pathsIgnore = config.pathsIgnore;
if (!tempRelativeToWorking.startsWith("..")) {
pathsIgnore = pathsIgnore.concat(tempRelativeToWorking);
}
if (!toolsRelativeToWorking.startsWith("..")) {
pathsIgnore = pathsIgnore.concat(toolsRelativeToWorking);
}
if (pathsIgnore.length !== 0) {
process.env["LGTM_INDEX_EXCLUDE"] = buildIncludeExcludeEnvVar(pathsIgnore);
}
// The 'LGTM_INDEX_FILTERS' environment variable controls which files are

13
src/analyze-action.ts
View file

@ -1,7 +1,11 @@
import * as core from "@actions/core";
import * as actionsUtil from "./actions-util";
import { AnalysisStatusReport, runAnalyze } from "./analyze";
import {
AnalysisStatusReport,
runAnalyze,
CodeQLAnalysisError,
} from "./analyze";
import { getConfig } from "./config-utils";
import { getActionsLogger } from "./logging";
import { parseRepositoryNwo } from "./repository";
@ -64,7 +68,7 @@ async function run() {
stats = await runAnalyze(
parseRepositoryNwo(actionsUtil.getRequiredEnvParam("GITHUB_REPOSITORY")),
await actionsUtil.getCommitOid(),
actionsUtil.getRef(),
await actionsUtil.getRef(),
await actionsUtil.getAnalysisKey(),
actionsUtil.getRequiredEnvParam("GITHUB_WORKFLOW"),
actionsUtil.getWorkflowRunID(),
@ -84,6 +88,11 @@ async function run() {
} catch (error) {
core.setFailed(error.message);
console.log(error);
if (error instanceof CodeQLAnalysisError) {
stats = { ...error.queriesStatusReport };
}
await sendStatusReport(startedAt, stats, error);
return;
}

3
src/analyze.test.ts
View file

@ -1,6 +1,7 @@
import test from "ava";
import * as fs from "fs";
import test from "ava";
import { runQueries } from "./analyze";
import { setCodeQL } from "./codeql";
import { Config } from "./config-utils";

63
src/analyze.ts
View file

@ -1,16 +1,29 @@
import * as fs from "fs";
import * as path from "path";
import * as toolrunnner from "@actions/exec/lib/toolrunner";
import * as analysisPaths from "./analysis-paths";
import { getCodeQL } from "./codeql";
import * as configUtils from "./config-utils";
import { isScannedLanguage } from "./languages";
import { isScannedLanguage, Language } from "./languages";
import { Logger } from "./logging";
import { RepositoryNwo } from "./repository";
import * as sharedEnv from "./shared-environment";
import * as upload_lib from "./upload-lib";
import * as util from "./util";
export class CodeQLAnalysisError extends Error {
queriesStatusReport: QueriesStatusReport;
constructor(queriesStatusReport: QueriesStatusReport, message: string) {
super(message);
this.name = "CodeQLAnalysisError";
this.queriesStatusReport = queriesStatusReport;
}
}
export interface QueriesStatusReport {
// Time taken in ms to analyze builtin queries for cpp (or undefined if this language was not analyzed)
analyze_builtin_queries_cpp_duration_ms?: number;
@ -44,6 +57,43 @@ export interface AnalysisStatusReport
extends upload_lib.UploadStatusReport,
QueriesStatusReport {}
async function setupPythonExtractor(logger: Logger) {
const codeqlPython = process.env["CODEQL_PYTHON"];
if (codeqlPython === undefined || codeqlPython.length === 0) {
// If CODEQL_PYTHON is not set, no dependencies were installed, so we don't need to do anything
return;
}
let output = "";
const options = {
listeners: {
stdout: (data: Buffer) => {
output += data.toString();
},
},
};
await new toolrunnner.ToolRunner(
codeqlPython,
[
"-c",
"import os; import pip; print(os.path.dirname(os.path.dirname(pip.__file__)))",
],
options
).exec();
logger.info(`Setting LGTM_INDEX_IMPORT_PATH=${output}`);
process.env["LGTM_INDEX_IMPORT_PATH"] = output;
output = "";
await new toolrunnner.ToolRunner(
codeqlPython,
["-c", "import sys; print(sys.version_info[0])"],
options
).exec();
logger.info(`Setting LGTM_PYTHON_SETUP_VERSION=${output}`);
process.env["LGTM_PYTHON_SETUP_VERSION"] = output;
}
async function createdDBForScannedLanguages(
config: configUtils.Config,
logger: Logger
@ -56,6 +106,11 @@ async function createdDBForScannedLanguages(
for (const language of config.languages) {
if (isScannedLanguage(language)) {
logger.startGroup(`Extracting ${language}`);
if (language === Language.python) {
await setupPythonExtractor(logger);
}
await codeql.extractScannedLanguage(
util.getCodeQLDatabasePath(config.tempDir, language),
language
@ -146,10 +201,12 @@ export async function runQueries(
}
}
} catch (e) {
logger.error(`Error running analysis for ${language}: ${e}`);
logger.info(e);
statusReport.analyze_failure_language = language;
return statusReport;
throw new CodeQLAnalysisError(
statusReport,
`Error running analysis for ${language}: ${e}`
);
}
}

3
src/api-client.ts
View file

@ -1,7 +1,8 @@
import * as path from "path";
import * as githubUtils from "@actions/github/lib/utils";
import * as retry from "@octokit/plugin-retry";
import consoleLogLevel from "console-log-level";
import * as path from "path";
import { getRequiredEnvParam, getRequiredInput } from "./actions-util";
import { isLocalRun } from "./util";

24
src/codeql.test.ts
View file

@ -1,13 +1,14 @@
import * as path from "path";
import * as toolcache from "@actions/tool-cache";
import test from "ava";
import nock from "nock";
import * as path from "path";
import * as codeql from "./codeql";
import * as defaults from "./defaults.json";
import { getRunnerLogger } from "./logging";
import { setupTests } from "./testing-utils";
import * as util from "./util";
import * as defaults from "./defaults.json";
setupTests(test);
@ -143,10 +144,16 @@ test("download codeql bundle cache with different version cached (not pinned)",
);
t.assert(toolcache.find("CodeQL", "0.0.0-20200601"));
const platform =
process.platform === "win32"
? "win64"
: process.platform === "linux"
? "linux64"
: "osx64";
nock("https://github.com")
.get(
`/github/codeql-action/releases/download/${defaults.bundleVersion}/codeql-bundle.tar.gz`
`/github/codeql-action/releases/download/${defaults.bundleVersion}/codeql-bundle-${platform}.tar.gz`
)
.replyWithFile(
200,
@ -169,7 +176,7 @@ test("download codeql bundle cache with different version cached (not pinned)",
});
});
test('download codeql bundle cache with pinned different version cached if "latests" tools specied', async (t) => {
test('download codeql bundle cache with pinned different version cached if "latests" tools specified', async (t) => {
await util.withTmpDir(async (tmpDir) => {
nock("https://example.com")
.get(`/download/codeql-bundle-20200601/codeql-bundle.tar.gz`)
@ -190,9 +197,16 @@ test('download codeql bundle cache with pinned different version cached if "late
t.assert(toolcache.find("CodeQL", "0.0.0-20200601"));
const platform =
process.platform === "win32"
? "win64"
: process.platform === "linux"
? "linux64"
: "osx64";
nock("https://github.com")
.get(
`/github/codeql-action/releases/download/${defaults.bundleVersion}/codeql-bundle.tar.gz`
`/github/codeql-action/releases/download/${defaults.bundleVersion}/codeql-bundle-${platform}.tar.gz`
)
.replyWithFile(
200,

31
src/codeql.ts
View file

@ -1,13 +1,14 @@
import * as fs from "fs";
import * as path from "path";
import * as stream from "stream";
import * as globalutil from "util";
import * as toolrunnner from "@actions/exec/lib/toolrunner";
import * as http from "@actions/http-client";
import { IHeaders } from "@actions/http-client/interfaces";
import * as toolcache from "@actions/tool-cache";
import * as fs from "fs";
import * as path from "path";
import * as semver from "semver";
import * as stream from "stream";
import * as globalutil from "util";
import uuidV4 from "uuid/v4";
import { v4 as uuidV4 } from "uuid";
import { getRequiredEnvParam } from "./actions-util";
import * as api from "./api-client";
@ -115,9 +116,22 @@ export interface ResolveQueriesOutput {
let cachedCodeQL: CodeQL | undefined = undefined;
const CODEQL_BUNDLE_VERSION = defaults.bundleVersion;
const CODEQL_BUNDLE_NAME = "codeql-bundle.tar.gz";
const CODEQL_DEFAULT_ACTION_REPOSITORY = "github/codeql-action";
function getCodeQLBundleName(): string {
let platform: string;
if (process.platform === "win32") {
platform = "win64";
} else if (process.platform === "linux") {
platform = "linux64";
} else if (process.platform === "darwin") {
platform = "osx64";
} else {
return "codeql-bundle.tar.gz";
}
return `codeql-bundle-${platform}.tar.gz`;
}
function getCodeQLActionRepository(mode: util.Mode): string {
if (mode !== "actions") {
return CODEQL_DEFAULT_ACTION_REPOSITORY;
@ -161,6 +175,7 @@ async function getCodeQLBundleDownloadURL(
const uniqueDownloadSources = potentialDownloadSources.filter(
(url, index, self) => index === self.indexOf(url)
);
const codeQLBundleName = getCodeQLBundleName();
for (const downloadSource of uniqueDownloadSources) {
const [apiURL, repository] = downloadSource;
// If we've reached the final case, short-circuit the API check since we know the bundle exists and is public.
@ -180,7 +195,7 @@ async function getCodeQLBundleDownloadURL(
tag: CODEQL_BUNDLE_VERSION,
});
for (const asset of release.data.assets) {
if (asset.name === CODEQL_BUNDLE_NAME) {
if (asset.name === codeQLBundleName) {
logger.info(
`Found CodeQL bundle in ${downloadSource[1]} on ${downloadSource[0]} with URL ${asset.url}.`
);
@ -193,7 +208,7 @@ async function getCodeQLBundleDownloadURL(
);
}
}
return `https://github.com/${CODEQL_DEFAULT_ACTION_REPOSITORY}/releases/download/${CODEQL_BUNDLE_VERSION}/${CODEQL_BUNDLE_NAME}`;
return `https://github.com/${CODEQL_DEFAULT_ACTION_REPOSITORY}/releases/download/${CODEQL_BUNDLE_VERSION}/${codeQLBundleName}`;
}
// We have to download CodeQL manually because the toolcache doesn't support Accept headers.

5
src/config-utils.test.ts
View file

@ -1,7 +1,8 @@
import * as github from "@actions/github";
import test from "ava";
import * as fs from "fs";
import * as path from "path";
import * as github from "@actions/github";
import test from "ava";
import sinon from "sinon";
import * as api from "./api-client";

5
src/config-utils.ts
View file

@ -1,7 +1,8 @@
import * as fs from "fs";
import * as yaml from "js-yaml";
import * as path from "path";
import * as yaml from "js-yaml";
import * as api from "./api-client";
import { CodeQL, ResolveQueriesOutput } from "./codeql";
import * as externalQueries from "./external-queries";
@ -375,7 +376,7 @@ const pathStarsRegex = /.*(?:\*\*[^/].*|\*\*$|[^/]\*\*.*)/;
// Characters that are supported by filters in workflows, but not by us.
// See https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet
const filterPatternCharactersRegex = /.*[\?\+\[\]!].*/;
const filterPatternCharactersRegex = /.*[?+[\]!].*/;
// Checks that a paths of paths-ignore entry is valid, possibly modifying it
// to make it valid, or if not possible then throws an error.

2
src/defaults.json
View file

@ -1,3 +1,3 @@
{
"bundleVersion": "codeql-bundle-20200826"
"bundleVersion": "codeql-bundle-20201028"
}

5
src/external-queries.test.ts
View file

@ -1,8 +1,9 @@
import * as toolrunnner from "@actions/exec/lib/toolrunner";
import test from "ava";
import * as fs from "fs";
import * as path from "path";
import * as toolrunnner from "@actions/exec/lib/toolrunner";
import test from "ava";
import * as externalQueries from "./external-queries";
import { getRunnerLogger } from "./logging";
import { setupTests } from "./testing-utils";

3
src/external-queries.ts
View file

@ -1,7 +1,8 @@
import * as toolrunnner from "@actions/exec/lib/toolrunner";
import * as fs from "fs";
import * as path from "path";
import * as toolrunnner from "@actions/exec/lib/toolrunner";
import { Logger } from "./logging";
/**

5
src/fingerprints.test.ts
View file

@ -1,8 +1,9 @@
import test from "ava";
import * as ava from "ava";
import * as fs from "fs";
import * as path from "path";
import * as ava from "ava";
import test from "ava";
import * as fingerprints from "./fingerprints";
import { getRunnerLogger } from "./logging";
import { setupTests } from "./testing-utils";

1
src/fingerprints.ts
View file

@ -1,4 +1,5 @@
import * as fs from "fs";
import Long from "long";
import { Logger } from "./logging";

22
src/init-action.ts
View file

@ -3,7 +3,14 @@ import * as core from "@actions/core";
import * as actionsUtil from "./actions-util";
import { CodeQL } from "./codeql";
import * as configUtils from "./config-utils";
import { initCodeQL, initConfig, injectWindowsTracer, runInit } from "./init";
import {
initCodeQL,
initConfig,
injectWindowsTracer,
installPythonDeps,
runInit,
} from "./init";
import { Language } from "./languages";
import { getActionsLogger } from "./logging";
import { parseRepositoryNwo } from "./repository";
@ -111,6 +118,19 @@ async function run() {
actionsUtil.getRequiredEnvParam("GITHUB_SERVER_URL"),
logger
);
if (
config.languages.includes(Language.python) &&
actionsUtil.getRequiredInput("setup-python-dependencies") === "true"
) {
try {
await installPythonDeps(codeql, logger);
} catch (err) {
logger.warning(
`${err.message} You can call this action with 'setup-python-dependencies: false' to disable this process`
);
}
}
} catch (e) {
core.setFailed(e.message);
console.log(e);

55
src/init.ts
View file

@ -1,7 +1,8 @@
import * as toolrunnner from "@actions/exec/lib/toolrunner";
import * as fs from "fs";
import * as path from "path";
import * as toolrunnner from "@actions/exec/lib/toolrunner";
import * as analysisPaths from "./analysis-paths";
import { CodeQL, setupCodeQL } from "./codeql";
import * as configUtils from "./config-utils";
@ -181,3 +182,55 @@ export async function injectWindowsTracer(
{ env: { ODASA_TRACER_CONFIGURATION: tracerConfig.spec } }
).exec();
}
export async function installPythonDeps(codeql: CodeQL, logger: Logger) {
logger.startGroup("Setup Python dependencies");
const scriptsFolder = path.resolve(__dirname, "../python-setup");
// Setup tools on the Github hosted runners
if (process.env["ImageOS"] !== undefined) {
try {
if (process.platform === "win32") {
await new toolrunnner.ToolRunner("powershell", [
path.join(scriptsFolder, "install_tools.ps1"),
]).exec();
} else {
await new toolrunnner.ToolRunner(
path.join(scriptsFolder, "install_tools.sh")
).exec();
}
} catch (e) {
// This script tries to install some needed tools in the runner. It should not fail, but if it does
// we just abort the process without failing the action
logger.endGroup();
logger.warning(
"Unable to download and extract the tools needed for installing the python dependecies. You can call this action with 'setup-python-dependencies: false' to disable this process."
);
return;
}
}
// Install dependencies
try {
const script = "auto_install_packages.py";
if (process.platform === "win32") {
await new toolrunnner.ToolRunner("py", [
"-3",
path.join(scriptsFolder, script),
path.dirname(codeql.getPath()),
]).exec();
} else {
await new toolrunnner.ToolRunner(path.join(scriptsFolder, script), [
path.dirname(codeql.getPath()),
]).exec();
}
} catch (e) {
logger.endGroup();
logger.warning(
"We were unable to install your python dependencies. You can call this action with 'setup-python-dependencies: false' to disable this process."
);
return;
}
logger.endGroup();
}

31
src/runner.ts
View file

@ -1,8 +1,9 @@
import { Command } from "commander";
import * as fs from "fs";
import * as os from "os";
import * as path from "path";
import { Command } from "commander";
import { runAnalyze } from "./analyze";
import { determineAutobuildLanguage, runAutobuild } from "./autobuild";
import { CodeQL, getCodeQL } from "./codeql";
@ -12,32 +13,16 @@ import { Language, parseLanguage } from "./languages";
import { getRunnerLogger } from "./logging";
import { parseRepositoryNwo } from "./repository";
import * as upload_lib from "./upload-lib";
import { getAddSnippetsFlag, getMemoryFlag, getThreadsFlag } from "./util";
import {
getAddSnippetsFlag,
getMemoryFlag,
getThreadsFlag,
parseGithubUrl,
} from "./util";
const program = new Command();
program.version("0.0.1");
function parseGithubUrl(inputUrl: string): string {
try {
const url = new URL(inputUrl);
// If we detect this is trying to be to github.com
// then return with a fixed canonical URL.
if (url.hostname === "github.com" || url.hostname === "api.github.com") {
return "https://github.com";
}
// Remove the API prefix if it's present
if (url.pathname.indexOf("/api/v3") !== -1) {
url.pathname = url.pathname.substring(0, url.pathname.indexOf("/api/v3"));
}
return url.toString();
} catch (e) {
throw new Error(`"${inputUrl}" is not a valid URL`);
}
}
function getTempDir(userInput: string | undefined): string {
const tempDir = path.join(userInput || process.cwd(), "codeql-runner");
if (!fs.existsSync(tempDir)) {

2
src/toolrunner-error-catcher.ts
View file

@ -77,7 +77,7 @@ export async function toolrunnerErrorCatcher(
return returnState;
} else {
throw new Error(
`The process \'${commandLine}\' failed with exit code ${returnState}`
`The process '${commandLine}' failed with exit code ${returnState}`
);
}
} else {

3
src/tracer-config.test.ts
View file

@ -1,7 +1,8 @@
import test from "ava";
import * as fs from "fs";
import * as path from "path";
import test from "ava";
import { setCodeQL } from "./codeql";
import * as configUtils from "./config-utils";
import { Language } from "./languages";

11
src/upload-lib.ts
View file

@ -1,10 +1,11 @@
import * as core from "@actions/core";
import fileUrl from "file-url";
import * as fs from "fs";
import * as jsonschema from "jsonschema";
import * as path from "path";
import zlib from "zlib";
import * as core from "@actions/core";
import fileUrl from "file-url";
import * as jsonschema from "jsonschema";
import * as api from "./api-client";
import * as fingerprints from "./fingerprints";
import { Logger } from "./logging";
@ -26,7 +27,9 @@ export function combineSarifFiles(sarifFiles: string[]): string {
if (combinedSarif.version === null) {
combinedSarif.version = sarifObject.version;
} else if (combinedSarif.version !== sarifObject.version) {
throw `Different SARIF versions encountered: ${combinedSarif.version} and ${sarifObject.version}`;
throw new Error(
`Different SARIF versions encountered: ${combinedSarif.version} and ${sarifObject.version}`
);
}
combinedSarif.runs.push(...sarifObject.runs);

2
src/upload-sarif-action.ts
View file

@ -45,7 +45,7 @@ async function run() {
actionsUtil.getRequiredInput("sarif_file"),
parseRepositoryNwo(actionsUtil.getRequiredEnvParam("GITHUB_REPOSITORY")),
await actionsUtil.getCommitOid(),
actionsUtil.getRef(),
await actionsUtil.getRef(),
await actionsUtil.getAnalysisKey(),
actionsUtil.getRequiredEnvParam("GITHUB_WORKFLOW"),
actionsUtil.getWorkflowRunID(),

63
src/util.test.ts
View file

@ -1,7 +1,8 @@
import test from "ava";
import * as fs from "fs";
import * as os from "os";
import test from "ava";
import { getRunnerLogger } from "./logging";
import { setupTests } from "./testing-utils";
import * as util from "./util";
@ -122,3 +123,63 @@ test("getExtraOptionsEnvParam() fails on invalid JSON", (t) => {
process.env.CODEQL_ACTION_EXTRA_OPTIONS = origExtraOptions;
});
test("parseGithubUrl", (t) => {
t.deepEqual(util.parseGithubUrl("github.com"), "https://github.com");
t.deepEqual(util.parseGithubUrl("https://github.com"), "https://github.com");
t.deepEqual(
util.parseGithubUrl("https://api.github.com"),
"https://github.com"
);
t.deepEqual(
util.parseGithubUrl("https://github.com/foo/bar"),
"https://github.com"
);
t.deepEqual(
util.parseGithubUrl("github.example.com"),
"https://github.example.com/"
);
t.deepEqual(
util.parseGithubUrl("https://github.example.com"),
"https://github.example.com/"
);
t.deepEqual(
util.parseGithubUrl("https://api.github.example.com"),
"https://github.example.com/"
);
t.deepEqual(
util.parseGithubUrl("https://github.example.com/api/v3"),
"https://github.example.com/"
);
t.deepEqual(
util.parseGithubUrl("https://github.example.com:1234"),
"https://github.example.com:1234/"
);
t.deepEqual(
util.parseGithubUrl("https://api.github.example.com:1234"),
"https://github.example.com:1234/"
);
t.deepEqual(
util.parseGithubUrl("https://github.example.com:1234/api/v3"),
"https://github.example.com:1234/"
);
t.deepEqual(
util.parseGithubUrl("https://github.example.com/base/path"),
"https://github.example.com/base/path/"
);
t.deepEqual(
util.parseGithubUrl("https://github.example.com/base/path/api/v3"),
"https://github.example.com/base/path/"
);
t.throws(() => util.parseGithubUrl(""), {
message: '"" is not a valid URL',
});
t.throws(() => util.parseGithubUrl("ssh://github.com"), {
message: '"ssh://github.com" is not a http or https URL',
});
t.throws(() => util.parseGithubUrl("http:///::::433"), {
message: '"http:///::::433" is not a valid URL',
});
});

43
src/util.ts
View file

@ -165,3 +165,46 @@ export function getCodeQLDatabasesDir(tempDir: string) {
export function getCodeQLDatabasePath(tempDir: string, language: Language) {
return path.resolve(getCodeQLDatabasesDir(tempDir), language);
}
/**
* Parses user input of a github.com or GHES URL to a canonical form.
* Removes any API prefix or suffix if one is present.
*/
export function parseGithubUrl(inputUrl: string): string {
const originalUrl = inputUrl;
if (inputUrl.indexOf("://") === -1) {
inputUrl = `https://${inputUrl}`;
}
if (!inputUrl.startsWith("http://") && !inputUrl.startsWith("https://")) {
throw new Error(`"${originalUrl}" is not a http or https URL`);
}
let url: URL;
try {
url = new URL(inputUrl);
} catch (e) {
throw new Error(`"${originalUrl}" is not a valid URL`);
}
// If we detect this is trying to be to github.com
// then return with a fixed canonical URL.
if (url.hostname === "github.com" || url.hostname === "api.github.com") {
return GITHUB_DOTCOM_URL;
}
// Remove the API prefix if it's present
if (url.pathname.indexOf("/api/v3") !== -1) {
url.pathname = url.pathname.substring(0, url.pathname.indexOf("/api/v3"));
}
// Also consider subdomain isolation on GHES
if (url.hostname.startsWith("api.")) {
url.hostname = url.hostname.substring(4);
}
// Normalise path to having a trailing slash for consistency
if (!url.pathname.endsWith("/")) {
url.pathname = `${url.pathname}/`;
}
return url.toString();
}