robojerk/codeql-action

Remove support for CodeQL v2.12.5 and earlier

Browse source
This commit is contained in:
Henry Mercer 2024-04-09 12:29:14 +01:00
parent 2f0d0eaebd
commit 1a60a91726
19 changed files with 45 additions and 315 deletions
Download patch file Download diff file Expand all files Collapse all files

26
lib/cli-errors.js generated
View file

@ -2,7 +2,6 @@
Object.defineProperty(exports, "__esModule", { value: true });
exports.wrapCliConfigurationError = exports.getCliConfigCategoryIfExists = exports.cliErrorsConfig = exports.CliConfigErrorCategory = exports.CommandInvocationError = void 0;
const util_1 = require("./util");
const NO_SOURCE_CODE_SEEN_DOCS_LINK = "https://gh.io/troubleshooting-code-scanning/no-source-code-seen-during-build";
/**
* A class of Error that we can classify as an error stemming from a CLI
* invocation, with associated exit code, stderr,etc.
@ -177,15 +176,6 @@ exports.cliErrorsConfig = {
cliErrorMessageCandidates: [
new RegExp("CodeQL detected code written in .* but could not process any of it"),
new RegExp("CodeQL did not detect any code written in languages supported by CodeQL"),
/**
* Earlier versions of the JavaScript extractor (pre-CodeQL 2.12.0) extract externs even if no
* source code was found. This means that we don't get the no code found error from
* `codeql database finalize`. To ensure users get a good error message, we detect this manually
* here, and upon detection override the error message.
*
* This can be removed once support for CodeQL 2.11.6 is removed.
*/
new RegExp("No JavaScript or TypeScript code found"),
],
},
[CliConfigErrorCategory.NoSupportedBuildCommandSucceeded]: {
@ -226,17 +216,6 @@ function getCliConfigCategoryIfExists(cliError) {
return undefined;
}
exports.getCliConfigCategoryIfExists = getCliConfigCategoryIfExists;
/**
* Prepend a clearer error message with the docs link if the error message does not already
* include it. Can be removed once support for CodeQL 2.11.6 is removed; at that point, all runs
* should already include the doc link.
*/
function prependDocsLinkIfApplicable(cliErrorMessage) {
if (!cliErrorMessage.includes(NO_SOURCE_CODE_SEEN_DOCS_LINK)) {
return `No code found during the build. Please see: ${NO_SOURCE_CODE_SEEN_DOCS_LINK}. Detailed error: ${cliErrorMessage}`;
}
return cliErrorMessage;
}
/**
* Changes an error received from the CLI to a ConfigurationError with optionally an extra
* error message appended, if it exists in a known set of configuration errors. Otherwise,
@ -251,11 +230,6 @@ function wrapCliConfigurationError(cliError) {
return cliError;
}
let errorMessageBuilder = cliError.message;
// Can be removed once support for CodeQL 2.11.6 is removed; at that point, all runs should
// already include the doc link.
if (cliConfigErrorCategory === CliConfigErrorCategory.NoSourceCodeSeen) {
errorMessageBuilder = prependDocsLinkIfApplicable(errorMessageBuilder);
}
const additionalErrorMessageToAppend = exports.cliErrorsConfig[cliConfigErrorCategory].additionalErrorMessageToAppend;
if (additionalErrorMessageToAppend !== undefined) {
errorMessageBuilder = `${errorMessageBuilder} ${additionalErrorMessageToAppend}`;

2
lib/cli-errors.js.map
View file

File diff suppressed because one or more lines are too long

43
lib/codeql.js generated
View file

@ -23,7 +23,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
return result;
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.getGeneratedCodeScanningConfigPath = exports.getTrapCachingExtractorConfigArgsForLang = exports.getTrapCachingExtractorConfigArgs = exports.getExtraOptions = exports.getCodeQLForCmd = exports.getCodeQLForTesting = exports.getCachedCodeQL = exports.setCodeQL = exports.getCodeQL = exports.setupCodeQL = exports.CODEQL_VERSION_SUBLANGUAGE_FILE_COVERAGE = exports.CODEQL_VERSION_ANALYSIS_SUMMARY_V2 = exports.CODEQL_VERSION_LANGUAGE_ALIASING = exports.CODEQL_VERSION_LANGUAGE_BASELINE_CONFIG = exports.CODEQL_VERSION_RESOLVE_ENVIRONMENT = exports.CODEQL_VERSION_DIAGNOSTICS_EXPORT_FIXED = exports.CODEQL_VERSION_INIT_WITH_QLCONFIG = exports.CODEQL_VERSION_EXPORT_CODE_SCANNING_CONFIG = exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = void 0;
exports.getGeneratedCodeScanningConfigPath = exports.getTrapCachingExtractorConfigArgsForLang = exports.getTrapCachingExtractorConfigArgs = exports.getExtraOptions = exports.getCodeQLForCmd = exports.getCodeQLForTesting = exports.getCachedCodeQL = exports.setCodeQL = exports.getCodeQL = exports.setupCodeQL = exports.CODEQL_VERSION_SUBLANGUAGE_FILE_COVERAGE = exports.CODEQL_VERSION_ANALYSIS_SUMMARY_V2 = exports.CODEQL_VERSION_LANGUAGE_ALIASING = exports.CODEQL_VERSION_LANGUAGE_BASELINE_CONFIG = exports.CODEQL_VERSION_RESOLVE_ENVIRONMENT = exports.CODEQL_VERSION_DIAGNOSTICS_EXPORT_FIXED = void 0;
const fs = __importStar(require("fs"));
const path = __importStar(require("path"));
const core = __importStar(require("@actions/core"));
@ -74,20 +74,6 @@ const EXTRACTION_DEBUG_MODE_VERBOSITY = "progress++";
* For convenience, please keep these in descending order. Once a version
* flag is older than the oldest supported version above, it may be removed.
*/
/**
* Versions 2.12.1+ of the CodeQL Bundle include a `security-experimental` built-in query suite for
* each language.
*/
exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = "2.12.1";
/**
* Versions 2.12.3+ of the CodeQL CLI support exporting configuration information from a code
* scanning config file to SARIF.
*/
exports.CODEQL_VERSION_EXPORT_CODE_SCANNING_CONFIG = "2.12.3";
/**
* Versions 2.12.4+ of the CodeQL CLI support the `--qlconfig-file` flag in calls to `database init`.
*/
exports.CODEQL_VERSION_INIT_WITH_QLCONFIG = "2.12.4";
/**
* Versions 2.13.1+ of the CodeQL CLI fix a bug where diagnostics export could produce invalid SARIF.
*/
@ -285,8 +271,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
(await this.supportsFeature(tools_features_1.ToolsFeature.BuildModeOption))) {
extraArgs.push(`--build-mode=${config.buildMode}`);
}
if (qlconfigFile !== undefined &&
(await util.codeQlVersionAbove(this, exports.CODEQL_VERSION_INIT_WITH_QLCONFIG))) {
if (qlconfigFile !== undefined) {
extraArgs.push(`--qlconfig-file=${qlconfigFile}`);
}
if (await util.codeQlVersionAbove(this, exports.CODEQL_VERSION_LANGUAGE_BASELINE_CONFIG)) {
@ -454,13 +439,11 @@ async function getCodeQLForCmd(cmd, checkVersion) {
"run-queries",
...flags,
databasePath,
"--expect-discarded-cache",
"--min-disk-free=1024", // Try to leave at least 1GB free
"-v",
...getExtraOptionsFromEnv(["database", "run-queries"]),
];
if (await util.supportExpectDiscardedCache(this)) {
codeqlArgs.push("--expect-discarded-cache");
}
if (await util.codeQlVersionAbove(this, feature_flags_1.CODEQL_VERSION_FINE_GRAINED_PARALLELISM)) {
codeqlArgs.push("--intra-layer-parallelism");
}
@ -484,7 +467,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
"--print-diagnostics-summary",
"--print-metrics-summary",
"--sarif-add-baseline-file-info",
...(await getCodeScanningConfigExportArguments(config, this)),
`--sarif-codescanning-config=${getGeneratedCodeScanningConfigPath(config)}`,
"--sarif-group-rules-by-pack",
...(await getCodeScanningQueryHelpArguments(this)),
...getExtraOptionsFromEnv(["database", "interpret-results"]),
@ -501,7 +484,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
if (shouldExportDiagnostics) {
codeqlArgs.push("--sarif-include-diagnostics");
}
else if (await util.codeQlVersionAbove(this, "2.12.4")) {
else {
codeqlArgs.push("--no-sarif-include-diagnostics");
}
if ((await util.codeQlVersionAbove(this, exports.CODEQL_VERSION_ANALYSIS_SUMMARY_V2)) &&
@ -627,7 +610,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
"export",
"--format=sarif-latest",
`--output=${sarifFile}`,
...(await getCodeScanningConfigExportArguments(config, this)),
`--sarif-codescanning-config=${getGeneratedCodeScanningConfigPath(config)}`,
...getExtraOptionsFromEnv(["diagnostics", "export"]),
];
if (automationDetailsId !== undefined) {
@ -852,20 +835,6 @@ async function generateCodeScanningConfig(config, logger) {
function cloneObject(obj) {
return JSON.parse(JSON.stringify(obj));
}
/**
* Gets arguments for passing the code scanning configuration file to interpretation commands like
* `codeql database interpret-results` and `codeql database export-diagnostics`.
*
* Returns an empty list if a code scanning configuration file was not generated by the CLI.
*/
async function getCodeScanningConfigExportArguments(config, codeql) {
const codeScanningConfigPath = getGeneratedCodeScanningConfigPath(config);
if (fs.existsSync(codeScanningConfigPath) &&
(await util.codeQlVersionAbove(codeql, exports.CODEQL_VERSION_EXPORT_CODE_SCANNING_CONFIG))) {
return ["--sarif-codescanning-config", codeScanningConfigPath];
}
return [];
}
// This constant sets the size of each TRAP cache in megabytes.
const TRAP_CACHE_SIZE_MB = 1024;
async function getTrapCachingExtractorConfigArgs(config) {

2
lib/codeql.js.map
View file

File diff suppressed because one or more lines are too long

64
lib/codeql.test.js generated
View file

@ -262,7 +262,7 @@ for (const toolcacheVersion of [
mockApiDetails(testing_utils_1.SAMPLE_DOTCOM_API_DETAILS);
sinon.stub(actionsUtil, "isRunningLocalAction").returns(true);
const releasesApiMock = mockReleaseApi({
assetNames: ["cli-version-2.12.2.txt"],
assetNames: ["cli-version-2.12.6.txt"],
tagName: "codeql-bundle-20230203",
});
(0, testing_utils_1.mockBundleDownloadApi)({
@ -450,9 +450,7 @@ const injectedConfigMacro = ava_1.default.macro({
await util.withTmpDir(async (tempDir) => {
const runnerConstructorStub = stubToolRunnerConstructor();
const codeqlObject = await codeql.getCodeQLForTesting();
sinon
.stub(codeqlObject, "getVersion")
.resolves((0, testing_utils_1.makeVersionInfo)(codeql.CODEQL_VERSION_INIT_WITH_QLCONFIG));
sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.6"));
await codeqlObject.databaseInitCluster({ ...stubConfig, tempDir }, "", undefined, "/path/to/qlconfig.yml", (0, logging_1.getRunnerLogger)(true));
const args = runnerConstructorStub.firstCall.args[1];
// should have used a config file
@ -463,28 +461,11 @@ const injectedConfigMacro = ava_1.default.macro({
t.truthy(hasQlconfigArg, "Should have injected a codescanning config");
});
});
(0, ava_1.default)("passes a code scanning config BUT NOT a qlconfig to the CLI for CodeQL v2.12.2", async (t) => {
await util.withTmpDir(async (tempDir) => {
const runnerConstructorStub = stubToolRunnerConstructor();
const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.2"));
await codeqlObject.databaseInitCluster({ ...stubConfig, tempDir }, "", undefined, "/path/to/qlconfig.yml", (0, logging_1.getRunnerLogger)(true));
const args = runnerConstructorStub.firstCall.args[1];
// should have used a config file
const hasCodeScanningConfigArg = args.some((arg) => arg.startsWith("--codescanning-config="));
t.true(hasCodeScanningConfigArg, "Should have injected a codescanning config");
// should not have passed a qlconfig file
const hasQlconfigArg = args.some((arg) => arg.startsWith("--qlconfig-file="));
t.false(hasQlconfigArg, "should NOT have injected a qlconfig");
});
});
(0, ava_1.default)("does not pass a qlconfig to the CLI when it is undefined", async (t) => {
await util.withTmpDir(async (tempDir) => {
const runnerConstructorStub = stubToolRunnerConstructor();
const codeqlObject = await codeql.getCodeQLForTesting();
sinon
.stub(codeqlObject, "getVersion")
.resolves((0, testing_utils_1.makeVersionInfo)(codeql.CODEQL_VERSION_INIT_WITH_QLCONFIG));
sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.6"));
await codeqlObject.databaseInitCluster({ ...stubConfig, tempDir }, "", undefined, undefined, // undefined qlconfigFile
(0, logging_1.getRunnerLogger)(true));
const args = runnerConstructorStub.firstCall.args[1];
@ -545,39 +526,12 @@ for (const { codeqlVersion, flagPassed, githubVersion, negativeFlagPassed, } of
t.is(runnerConstructorStub.firstCall.args[1].includes("--no-new-analysis-summary"), negativeFlagPassed, `--no-new-analysis-summary should${negativeFlagPassed ? "" : "n't"} be passed`);
});
}
(0, ava_1.default)("database finalize recognises JavaScript no code found error on CodeQL 2.11.6", async (t) => {
stubToolRunnerConstructor(1, `2020-09-07T17:39:53.9050522Z [2020-09-07 17:39:53] [build] Done extracting /opt/hostedtoolcache/CodeQL/0.0.0-20200630/x64/codeql/javascript/tools/data/externs/web/ie_vml.js (3 ms)
2020-09-07T17:39:53.9051849Z [2020-09-07 17:39:53] [build-err] No JavaScript or TypeScript code found.
2020-09-07T17:39:53.9052444Z [2020-09-07 17:39:53] [build-err] No JavaScript or TypeScript code found.
2020-09-07T17:39:53.9251124Z [2020-09-07 17:39:53] [ERROR] Spawned process exited abnormally (code 255; tried to run: [/opt/hostedtoolcache/CodeQL/0.0.0-20200630/x64/codeql/javascript/tools/autobuild.sh])`);
const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.11.6"));
// safeWhich throws because of the test CodeQL object.
sinon.stub(safeWhich, "safeWhich").resolves("");
await t.throwsAsync(async () => await codeqlObject.finalizeDatabase("", "", "", false), {
instanceOf: util.ConfigurationError,
message: new RegExp("No code found during the build\\. Please see: " +
"https://gh\\.io/troubleshooting-code-scanning/no-source-code-seen-during-build\\."),
});
});
(0, ava_1.default)("database finalize overrides no code found error on CodeQL 2.11.6", async (t) => {
stubToolRunnerConstructor(32);
const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.11.6"));
// safeWhich throws because of the test CodeQL object.
sinon.stub(safeWhich, "safeWhich").resolves("");
await t.throwsAsync(async () => await codeqlObject.finalizeDatabase("", "", "", false), {
instanceOf: util.ConfigurationError,
message: new RegExp("No code found during the build\\. Please see: " +
"https://gh\\.io/troubleshooting-code-scanning/no-source-code-seen-during-build\\."),
});
});
(0, ava_1.default)("database finalize does not override no code found error on CodeQL 2.12.4", async (t) => {
(0, ava_1.default)("database finalize does not override no code found error on CodeQL 2.12.6", async (t) => {
const cliMessage = "CodeQL did not detect any code written in languages supported by CodeQL. Review our troubleshooting guide at " +
"https://gh.io/troubleshooting-code-scanning/no-source-code-seen-during-build.";
stubToolRunnerConstructor(32, cliMessage);
const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.4"));
sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.6"));
// safeWhich throws because of the test CodeQL object.
sinon.stub(safeWhich, "safeWhich").resolves("");
await t.throwsAsync(async () => await codeqlObject.finalizeDatabase("db", "--threads=2", "--ram=2048", false), {
@ -592,7 +546,7 @@ for (const { codeqlVersion, flagPassed, githubVersion, negativeFlagPassed, } of
`${heapError}\n${datasetImportError}.`;
stubToolRunnerConstructor(32, cliStderr);
const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.4"));
sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.6"));
// safeWhich throws because of the test CodeQL object.
sinon.stub(safeWhich, "safeWhich").resolves("");
await t.throwsAsync(async () => await codeqlObject.finalizeDatabase("db", "--threads=2", "--ram=2048", false), {
@ -614,7 +568,7 @@ for (const { codeqlVersion, flagPassed, githubVersion, negativeFlagPassed, } of
`;
stubToolRunnerConstructor(1, stderr);
const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.4"));
sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.6"));
sinon.stub(codeqlObject, "resolveExtractor").resolves("/path/to/extractor");
// safeWhich throws because of the test CodeQL object.
sinon.stub(safeWhich, "safeWhich").resolves("");
@ -633,7 +587,7 @@ for (const { codeqlVersion, flagPassed, githubVersion, negativeFlagPassed, } of
const stderr = Array.from({ length: 20 }, (_, i) => `[2019-09-18 12:00:00] [autobuild] [ERROR] line${i + 1}`).join("\n");
stubToolRunnerConstructor(1, stderr);
const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.4"));
sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.6"));
sinon.stub(codeqlObject, "resolveExtractor").resolves("/path/to/extractor");
// safeWhich throws because of the test CodeQL object.
sinon.stub(safeWhich, "safeWhich").resolves("");
@ -650,7 +604,7 @@ for (const { codeqlVersion, flagPassed, githubVersion, negativeFlagPassed, } of
const cliStderr = "line1\nline2\nline3\nline4\nline5";
stubToolRunnerConstructor(32, cliStderr);
const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.4"));
sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.6"));
// safeWhich throws because of the test CodeQL object.
sinon.stub(safeWhich, "safeWhich").resolves("");
await t.throwsAsync(async () => await codeqlObject.finalizeDatabase("db", "--threads=2", "--ram=2048", false), {

2
lib/codeql.test.js.map
View file

File diff suppressed because one or more lines are too long

2
lib/feature-flags.js generated
View file

@ -87,7 +87,7 @@ exports.featureConfig = {
},
[Feature.ExportDiagnosticsEnabled]: {
envVar: "CODEQL_ACTION_EXPORT_DIAGNOSTICS",
minimumVersion: "2.12.4",
minimumVersion: undefined,
defaultValue: true,
},
[Feature.QaTelemetryEnabled]: {

2
lib/feature-flags.js.map
View file

File diff suppressed because one or more lines are too long

2
lib/init-action-post-helper.test.js generated
View file

@ -315,7 +315,7 @@ async function testFailedSarifUpload(t, actionsWorkflow, { category, databaseExi
.returns(JSON.stringify(matrix));
const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeql, "getCodeQL").resolves(codeqlObject);
sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.0"));
sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.6"));
const databaseExportDiagnosticsStub = sinon.stub(codeqlObject, "databaseExportDiagnostics");
const diagnosticsExportStub = sinon.stub(codeqlObject, "diagnosticsExport");
sinon.stub(workflow, "getWorkflow").resolves(actionsWorkflow);

2
lib/setup-codeql.js generated
View file

@ -241,7 +241,7 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian
logger.info("Overriding the version of the CodeQL tools by the version shipped with the Action since " +
`"tools: latest" was requested.`);
}
/** CLI version number, for example 2.12.1. */
/** CLI version number, for example 2.12.6. */
let cliVersion;
/** Tag name of the CodeQL bundle, for example `codeql-bundle-20230120`. */
let tagName;

9
lib/util.js generated
View file

@ -26,7 +26,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.checkActionVersion = exports.checkDiskUsage = exports.prettyPrintPack = exports.getErrorMessage = exports.wrapError = exports.fixInvalidNotificationsInFile = exports.fixInvalidNotifications = exports.parseMatrixInput = exports.isHostedRunner = exports.checkForTimeout = exports.withTimeout = exports.tryGetFolderBytes = exports.listFolder = exports.doesDirectoryExist = exports.isInTestMode = exports.supportExpectDiscardedCache = exports.isGoodVersion = exports.delay = exports.bundleDb = exports.codeQlVersionAbove = exports.getCachedCodeQlVersion = exports.cacheCodeQlVersion = exports.isHTTPError = exports.ConfigurationError = exports.HTTPError = exports.getRequiredEnvParam = exports.initializeEnvironment = exports.assertNever = exports.apiVersionInRange = exports.DisallowedAPIVersionReason = exports.checkGitHubVersionInRange = exports.GitHubVariant = exports.parseGitHubUrl = exports.getCodeQLDatabasePath = exports.getThreadsFlag = exports.getCgroupCpuCountFromCpus = exports.getThreadsFlagValue = exports.getAddSnippetsFlag = exports.getMemoryFlag = exports.getMemoryFlagValue = exports.getMemoryFlagValueForPlatform = exports.withTmpDir = exports.getToolNames = exports.getExtraOptionsEnvParam = exports.DEFAULT_DEBUG_DATABASE_NAME = exports.DEFAULT_DEBUG_ARTIFACT_NAME = exports.GITHUB_DOTCOM_URL = void 0;
exports.checkActionVersion = exports.checkDiskUsage = exports.prettyPrintPack = exports.getErrorMessage = exports.wrapError = exports.fixInvalidNotificationsInFile = exports.fixInvalidNotifications = exports.parseMatrixInput = exports.isHostedRunner = exports.checkForTimeout = exports.withTimeout = exports.tryGetFolderBytes = exports.listFolder = exports.doesDirectoryExist = exports.isInTestMode = exports.isGoodVersion = exports.delay = exports.bundleDb = exports.codeQlVersionAbove = exports.getCachedCodeQlVersion = exports.cacheCodeQlVersion = exports.isHTTPError = exports.ConfigurationError = exports.HTTPError = exports.getRequiredEnvParam = exports.initializeEnvironment = exports.assertNever = exports.apiVersionInRange = exports.DisallowedAPIVersionReason = exports.checkGitHubVersionInRange = exports.GitHubVariant = exports.parseGitHubUrl = exports.getCodeQLDatabasePath = exports.getThreadsFlag = exports.getCgroupCpuCountFromCpus = exports.getThreadsFlagValue = exports.getAddSnippetsFlag = exports.getMemoryFlag = exports.getMemoryFlagValue = exports.getMemoryFlagValueForPlatform = exports.withTmpDir = exports.getToolNames = exports.getExtraOptionsEnvParam = exports.DEFAULT_DEBUG_DATABASE_NAME = exports.DEFAULT_DEBUG_ARTIFACT_NAME = exports.GITHUB_DOTCOM_URL = void 0;
const fs = __importStar(require("fs"));
const os = __importStar(require("os"));
const path = __importStar(require("path"));
@ -545,13 +545,6 @@ function isGoodVersion(versionSpec) {
return !BROKEN_VERSIONS.includes(versionSpec);
}
exports.isGoodVersion = isGoodVersion;
/**
* Checks whether the CodeQL CLI supports the `--expect-discarded-cache` command-line flag.
*/
async function supportExpectDiscardedCache(codeQL) {
return codeQlVersionAbove(codeQL, "2.12.1");
}
exports.supportExpectDiscardedCache = supportExpectDiscardedCache;
/*
* Returns whether we are in test mode.
*

2
lib/util.js.map
View file

File diff suppressed because one or more lines are too long

30
src/cli-errors.ts
View file

@ -1,8 +1,5 @@
import { ConfigurationError } from "./util";
const NO_SOURCE_CODE_SEEN_DOCS_LINK =
"https://gh.io/troubleshooting-code-scanning/no-source-code-seen-during-build";
/**
* A class of Error that we can classify as an error stemming from a CLI
* invocation, with associated exit code, stderr,etc.
@ -203,15 +200,6 @@ export const cliErrorsConfig: Record<
new RegExp(
"CodeQL did not detect any code written in languages supported by CodeQL",
),
/**
* Earlier versions of the JavaScript extractor (pre-CodeQL 2.12.0) extract externs even if no
* source code was found. This means that we don't get the no code found error from
* `codeql database finalize`. To ensure users get a good error message, we detect this manually
* here, and upon detection override the error message.
*
* This can be removed once support for CodeQL 2.11.6 is removed.
*/
new RegExp("No JavaScript or TypeScript code found"),
],
},
@ -262,18 +250,6 @@ export function getCliConfigCategoryIfExists(
return undefined;
}
/**
* Prepend a clearer error message with the docs link if the error message does not already
* include it. Can be removed once support for CodeQL 2.11.6 is removed; at that point, all runs
* should already include the doc link.
*/
function prependDocsLinkIfApplicable(cliErrorMessage: string): string {
if (!cliErrorMessage.includes(NO_SOURCE_CODE_SEEN_DOCS_LINK)) {
return `No code found during the build. Please see: ${NO_SOURCE_CODE_SEEN_DOCS_LINK}. Detailed error: ${cliErrorMessage}`;
}
return cliErrorMessage;
}
/**
* Changes an error received from the CLI to a ConfigurationError with optionally an extra
* error message appended, if it exists in a known set of configuration errors. Otherwise,
@ -291,12 +267,6 @@ export function wrapCliConfigurationError(cliError: Error): Error {
let errorMessageBuilder = cliError.message;
// Can be removed once support for CodeQL 2.11.6 is removed; at that point, all runs should
// already include the doc link.
if (cliConfigErrorCategory === CliConfigErrorCategory.NoSourceCodeSeen) {
errorMessageBuilder = prependDocsLinkIfApplicable(errorMessageBuilder);
}
const additionalErrorMessageToAppend =
cliErrorsConfig[cliConfigErrorCategory].additionalErrorMessageToAppend;
if (additionalErrorMessageToAppend !== undefined) {

98
src/codeql.test.ts
View file

@ -385,7 +385,7 @@ test("bundle URL from another repo is cached as 0.0.0-bundleVersion", async (t)
mockApiDetails(SAMPLE_DOTCOM_API_DETAILS);
sinon.stub(actionsUtil, "isRunningLocalAction").returns(true);
const releasesApiMock = mockReleaseApi({
assetNames: ["cli-version-2.12.2.txt"],
assetNames: ["cli-version-2.12.6.txt"],
tagName: "codeql-bundle-20230203",
});
mockBundleDownloadApi({
@ -688,9 +688,7 @@ test("passes a code scanning config AND qlconfig to the CLI", async (t: Executio
await util.withTmpDir(async (tempDir) => {
const runnerConstructorStub = stubToolRunnerConstructor();
const codeqlObject = await codeql.getCodeQLForTesting();
sinon
.stub(codeqlObject, "getVersion")
.resolves(makeVersionInfo(codeql.CODEQL_VERSION_INIT_WITH_QLCONFIG));
sinon.stub(codeqlObject, "getVersion").resolves(makeVersionInfo("2.12.6"));
await codeqlObject.databaseInitCluster(
{ ...stubConfig, tempDir },
@ -715,45 +713,11 @@ test("passes a code scanning config AND qlconfig to the CLI", async (t: Executio
});
});
test("passes a code scanning config BUT NOT a qlconfig to the CLI for CodeQL v2.12.2", async (t: ExecutionContext<unknown>) => {
await util.withTmpDir(async (tempDir) => {
const runnerConstructorStub = stubToolRunnerConstructor();
const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeqlObject, "getVersion").resolves(makeVersionInfo("2.12.2"));
await codeqlObject.databaseInitCluster(
{ ...stubConfig, tempDir },
"",
undefined,
"/path/to/qlconfig.yml",
getRunnerLogger(true),
);
const args = runnerConstructorStub.firstCall.args[1] as any[];
// should have used a config file
const hasCodeScanningConfigArg = args.some((arg: string) =>
arg.startsWith("--codescanning-config="),
);
t.true(
hasCodeScanningConfigArg,
"Should have injected a codescanning config",
);
// should not have passed a qlconfig file
const hasQlconfigArg = args.some((arg: string) =>
arg.startsWith("--qlconfig-file="),
);
t.false(hasQlconfigArg, "should NOT have injected a qlconfig");
});
});
test("does not pass a qlconfig to the CLI when it is undefined", async (t: ExecutionContext<unknown>) => {
await util.withTmpDir(async (tempDir) => {
const runnerConstructorStub = stubToolRunnerConstructor();
const codeqlObject = await codeql.getCodeQLForTesting();
sinon
.stub(codeqlObject, "getVersion")
.resolves(makeVersionInfo(codeql.CODEQL_VERSION_INIT_WITH_QLCONFIG));
sinon.stub(codeqlObject, "getVersion").resolves(makeVersionInfo("2.12.6"));
await codeqlObject.databaseInitCluster(
{ ...stubConfig, tempDir },
@ -860,57 +824,13 @@ for (const {
});
}
test("database finalize recognises JavaScript no code found error on CodeQL 2.11.6", async (t) => {
stubToolRunnerConstructor(
1,
`2020-09-07T17:39:53.9050522Z [2020-09-07 17:39:53] [build] Done extracting /opt/hostedtoolcache/CodeQL/0.0.0-20200630/x64/codeql/javascript/tools/data/externs/web/ie_vml.js (3 ms)
2020-09-07T17:39:53.9051849Z [2020-09-07 17:39:53] [build-err] No JavaScript or TypeScript code found.
2020-09-07T17:39:53.9052444Z [2020-09-07 17:39:53] [build-err] No JavaScript or TypeScript code found.
2020-09-07T17:39:53.9251124Z [2020-09-07 17:39:53] [ERROR] Spawned process exited abnormally (code 255; tried to run: [/opt/hostedtoolcache/CodeQL/0.0.0-20200630/x64/codeql/javascript/tools/autobuild.sh])`,
);
const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeqlObject, "getVersion").resolves(makeVersionInfo("2.11.6"));
// safeWhich throws because of the test CodeQL object.
sinon.stub(safeWhich, "safeWhich").resolves("");
await t.throwsAsync(
async () => await codeqlObject.finalizeDatabase("", "", "", false),
{
instanceOf: util.ConfigurationError,
message: new RegExp(
"No code found during the build\\. Please see: " +
"https://gh\\.io/troubleshooting-code-scanning/no-source-code-seen-during-build\\.",
),
},
);
});
test("database finalize overrides no code found error on CodeQL 2.11.6", async (t) => {
stubToolRunnerConstructor(32);
const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeqlObject, "getVersion").resolves(makeVersionInfo("2.11.6"));
// safeWhich throws because of the test CodeQL object.
sinon.stub(safeWhich, "safeWhich").resolves("");
await t.throwsAsync(
async () => await codeqlObject.finalizeDatabase("", "", "", false),
{
instanceOf: util.ConfigurationError,
message: new RegExp(
"No code found during the build\\. Please see: " +
"https://gh\\.io/troubleshooting-code-scanning/no-source-code-seen-during-build\\.",
),
},
);
});
test("database finalize does not override no code found error on CodeQL 2.12.4", async (t) => {
test("database finalize does not override no code found error on CodeQL 2.12.6", async (t) => {
const cliMessage =
"CodeQL did not detect any code written in languages supported by CodeQL. Review our troubleshooting guide at " +
"https://gh.io/troubleshooting-code-scanning/no-source-code-seen-during-build.";
stubToolRunnerConstructor(32, cliMessage);
const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeqlObject, "getVersion").resolves(makeVersionInfo("2.12.4"));
sinon.stub(codeqlObject, "getVersion").resolves(makeVersionInfo("2.12.6"));
// safeWhich throws because of the test CodeQL object.
sinon.stub(safeWhich, "safeWhich").resolves("");
@ -940,7 +860,7 @@ test("runTool summarizes several fatal errors", async (t) => {
`${heapError}\n${datasetImportError}.`;
stubToolRunnerConstructor(32, cliStderr);
const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeqlObject, "getVersion").resolves(makeVersionInfo("2.12.4"));
sinon.stub(codeqlObject, "getVersion").resolves(makeVersionInfo("2.12.6"));
// safeWhich throws because of the test CodeQL object.
sinon.stub(safeWhich, "safeWhich").resolves("");
@ -981,7 +901,7 @@ test("runTool summarizes autobuilder errors", async (t) => {
`;
stubToolRunnerConstructor(1, stderr);
const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeqlObject, "getVersion").resolves(makeVersionInfo("2.12.4"));
sinon.stub(codeqlObject, "getVersion").resolves(makeVersionInfo("2.12.6"));
sinon.stub(codeqlObject, "resolveExtractor").resolves("/path/to/extractor");
// safeWhich throws because of the test CodeQL object.
sinon.stub(safeWhich, "safeWhich").resolves("");
@ -1009,7 +929,7 @@ test("runTool truncates long autobuilder errors", async (t) => {
).join("\n");
stubToolRunnerConstructor(1, stderr);
const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeqlObject, "getVersion").resolves(makeVersionInfo("2.12.4"));
sinon.stub(codeqlObject, "getVersion").resolves(makeVersionInfo("2.12.6"));
sinon.stub(codeqlObject, "resolveExtractor").resolves("/path/to/extractor");
// safeWhich throws because of the test CodeQL object.
sinon.stub(safeWhich, "safeWhich").resolves("");
@ -1034,7 +954,7 @@ test("runTool outputs last line of stderr if fatal error could not be found", as
const cliStderr = "line1\nline2\nline3\nline4\nline5";
stubToolRunnerConstructor(32, cliStderr);
const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeqlObject, "getVersion").resolves(makeVersionInfo("2.12.4"));
sinon.stub(codeqlObject, "getVersion").resolves(makeVersionInfo("2.12.6"));
// safeWhich throws because of the test CodeQL object.
sinon.stub(safeWhich, "safeWhich").resolves("");

59
src/codeql.ts
View file

@ -303,23 +303,6 @@ const EXTRACTION_DEBUG_MODE_VERBOSITY = "progress++";
* flag is older than the oldest supported version above, it may be removed.
*/
/**
* Versions 2.12.1+ of the CodeQL Bundle include a `security-experimental` built-in query suite for
* each language.
*/
export const CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = "2.12.1";
/**
* Versions 2.12.3+ of the CodeQL CLI support exporting configuration information from a code
* scanning config file to SARIF.
*/
export const CODEQL_VERSION_EXPORT_CODE_SCANNING_CONFIG = "2.12.3";
/**
* Versions 2.12.4+ of the CodeQL CLI support the `--qlconfig-file` flag in calls to `database init`.
*/
export const CODEQL_VERSION_INIT_WITH_QLCONFIG = "2.12.4";
/**
* Versions 2.13.1+ of the CodeQL CLI fix a bug where diagnostics export could produce invalid SARIF.
*/
@ -602,10 +585,7 @@ export async function getCodeQLForCmd(
) {
extraArgs.push(`--build-mode=${config.buildMode}`);
}
if (
qlconfigFile !== undefined &&
(await util.codeQlVersionAbove(this, CODEQL_VERSION_INIT_WITH_QLCONFIG))
) {
if (qlconfigFile !== undefined) {
extraArgs.push(`--qlconfig-file=${qlconfigFile}`);
}
@ -817,13 +797,11 @@ export async function getCodeQLForCmd(
"run-queries",
...flags,
databasePath,
"--expect-discarded-cache",
"--min-disk-free=1024", // Try to leave at least 1GB free
"-v",
...getExtraOptionsFromEnv(["database", "run-queries"]),
];
if (await util.supportExpectDiscardedCache(this)) {
codeqlArgs.push("--expect-discarded-cache");
}
if (
await util.codeQlVersionAbove(
this,
@ -867,7 +845,9 @@ export async function getCodeQLForCmd(
"--print-diagnostics-summary",
"--print-metrics-summary",
"--sarif-add-baseline-file-info",
...(await getCodeScanningConfigExportArguments(config, this)),
`--sarif-codescanning-config=${getGeneratedCodeScanningConfigPath(
config,
)}`,
"--sarif-group-rules-by-pack",
...(await getCodeScanningQueryHelpArguments(this)),
...getExtraOptionsFromEnv(["database", "interpret-results"]),
@ -887,7 +867,7 @@ export async function getCodeQLForCmd(
}
if (shouldExportDiagnostics) {
codeqlArgs.push("--sarif-include-diagnostics");
} else if (await util.codeQlVersionAbove(this, "2.12.4")) {
} else {
codeqlArgs.push("--no-sarif-include-diagnostics");
}
if (
@ -1051,7 +1031,9 @@ export async function getCodeQLForCmd(
"export",
"--format=sarif-latest",
`--output=${sarifFile}`,
...(await getCodeScanningConfigExportArguments(config, this)),
`--sarif-codescanning-config=${getGeneratedCodeScanningConfigPath(
config,
)}`,
...getExtraOptionsFromEnv(["diagnostics", "export"]),
];
if (automationDetailsId !== undefined) {
@ -1334,29 +1316,6 @@ function cloneObject<T>(obj: T): T {
return JSON.parse(JSON.stringify(obj));
}
/**
* Gets arguments for passing the code scanning configuration file to interpretation commands like
* `codeql database interpret-results` and `codeql database export-diagnostics`.
*
* Returns an empty list if a code scanning configuration file was not generated by the CLI.
*/
async function getCodeScanningConfigExportArguments(
config: Config,
codeql: CodeQL,
): Promise<string[]> {
const codeScanningConfigPath = getGeneratedCodeScanningConfigPath(config);
if (
fs.existsSync(codeScanningConfigPath) &&
(await util.codeQlVersionAbove(
codeql,
CODEQL_VERSION_EXPORT_CODE_SCANNING_CONFIG,
))
) {
return ["--sarif-codescanning-config", codeScanningConfigPath];
}
return [];
}
// This constant sets the size of each TRAP cache in megabytes.
const TRAP_CACHE_SIZE_MB = 1024;

2
src/feature-flags.ts
View file

@ -87,7 +87,7 @@ export const featureConfig: Record<
},
[Feature.ExportDiagnosticsEnabled]: {
envVar: "CODEQL_ACTION_EXPORT_DIAGNOSTICS",
minimumVersion: "2.12.4",
minimumVersion: undefined,
defaultValue: true,
},
[Feature.QaTelemetryEnabled]: {

2
src/init-action-post-helper.test.ts
View file

@ -359,7 +359,7 @@ async function testFailedSarifUpload(
const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeql, "getCodeQL").resolves(codeqlObject);
sinon.stub(codeqlObject, "getVersion").resolves(makeVersionInfo("2.12.0"));
sinon.stub(codeqlObject, "getVersion").resolves(makeVersionInfo("2.12.6"));
const databaseExportDiagnosticsStub = sinon.stub(
codeqlObject,
"databaseExportDiagnostics",

2
src/setup-codeql.ts
View file

@ -304,7 +304,7 @@ export async function getCodeQLSource(
);
}
/** CLI version number, for example 2.12.1. */
/** CLI version number, for example 2.12.6. */
let cliVersion: string | undefined;
/** Tag name of the CodeQL bundle, for example `codeql-bundle-20230120`. */
let tagName: string | undefined;

9
src/util.ts
View file

@ -734,15 +734,6 @@ export function isGoodVersion(versionSpec: string) {
return !BROKEN_VERSIONS.includes(versionSpec);
}
/**
* Checks whether the CodeQL CLI supports the `--expect-discarded-cache` command-line flag.
*/
export async function supportExpectDiscardedCache(
codeQL: CodeQL,
): Promise<boolean> {
return codeQlVersionAbove(codeQL, "2.12.1");
}
/*
* Returns whether we are in test mode.
*