Merge pull request #7 from github/disable-default-queries

Disable default queries
2020-04-30 14:54:55 +02:00 · 2020-04-30 14:54:55 +02:00 · 1cdde3eb41
commit 1cdde3eb41
parent 292747618d d2a505de4c
5 changed files with 26 additions and 6 deletions
--- a/README.md
+++ b/README.md
@ -80,6 +80,8 @@ The CodeQL action should be run on `push` events, and on a `schedule`. `Push` ev

 You may optionally specify additional queries for CodeQL to execute by using a config file. The queries must belong to a [QL pack](https://help.semmle.com/codeql/codeql-cli/reference/qlpack-overview.html) and can be in your repository or any public repository. You can choose a single .ql file, a folder containing multiple .ql files, a .qls [query suite](https://help.semmle.com/codeql/codeql-cli/procedures/query-suites.html) file, or any combination of the above. To use queries from other repositories use the same syntax as when [using an action](https://help.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstepsuses).

+You can disable the default queries using `disable-default-queries: true`.
+
 You can choose to ignore some files or folders from the analysis, or include additional files/folders for analysis. This *only* works for Javascript and Python analysis.
 Identifying potential files for extraction:

@ -100,6 +102,8 @@ A config file looks like this:
 ```yaml
 name: "My CodeQL config"

+disable-default-queries: true
+
 queries:
  - name: In-repo queries (Runs the queries located in the my-queries folder of the repo)
    uses: ./my-queries
--- a/lib/config-utils.js
+++ b/lib/config-utils.js
@ -23,6 +23,7 @@ exports.ExternalQuery = ExternalQuery;
 class Config {
    constructor() {
        this.name = "";
+        this.disableDefaultQueries = false;
        this.additionalQueries = [];
        this.externalQueries = [];
        this.pathsIgnore = [];
@ -75,6 +76,9 @@ function initConfig() {
        if (parsedYAML.name && typeof parsedYAML.name === "string") {
            config.name = parsedYAML.name;
        }
+        if (parsedYAML['disable-default-queries'] && typeof parsedYAML['disable-default-queries'] === "boolean") {
+            config.disableDefaultQueries = parsedYAML['disable-default-queries'];
+        }
        const queries = parsedYAML.queries;
        if (queries && queries instanceof Array) {
            queries.forEach(query => {
--- a/lib/finalize-db.js
+++ b/lib/finalize-db.js
@ -88,7 +88,11 @@ async function runQueries(codeqlCmd, databaseFolder, sarifFolder, config) {
    const queriesPerLanguage = await resolveQueryLanguages(codeqlCmd, config);
    for (let database of fs.readdirSync(databaseFolder)) {
        core.startGroup('Analyzing ' + database);
-        const additionalQueries = queriesPerLanguage[database] || [];
+        const queries = [];
+        if (!config.disableDefaultQueries) {
+            queries.push(database + '-code-scanning.qls');
+        }
+        queries.push(...(queriesPerLanguage[database] || []));
        const sarifFile = path.join(sarifFolder, database + '.sarif');
        await exec.exec(codeqlCmd, [
            'database',
@ -97,8 +101,7 @@ async function runQueries(codeqlCmd, databaseFolder, sarifFolder, config) {
            '--format=sarif-latest',
            '--output=' + sarifFile,
            '--no-sarif-add-snippets',
-            database + '-code-scanning.qls',
-            ...additionalQueries,
+            ...queries
        ]);
        core.debug('SARIF results for database ' + database + ' created at "' + sarifFile + '"');
        core.endGroup();
--- a/src/config-utils.ts
+++ b/src/config-utils.ts
@ -17,6 +17,7 @@ export class ExternalQuery {

 export class Config {
    public name = "";
+    public disableDefaultQueries = false;
    public additionalQueries: string[] = [];
    public externalQueries: ExternalQuery[] = [];
    public pathsIgnore: string[] = [];
@ -81,6 +82,10 @@ function initConfig(): Config {
            config.name = parsedYAML.name;
        }

+        if (parsedYAML['disable-default-queries'] && typeof parsedYAML['disable-default-queries'] === "boolean") {
+            config.disableDefaultQueries = parsedYAML['disable-default-queries'];
+        }
+
        const queries = parsedYAML.queries;
        if (queries && queries instanceof Array) {
            queries.forEach(query => {
--- a/src/finalize-db.ts
+++ b/src/finalize-db.ts
@ -102,7 +102,12 @@ async function runQueries(codeqlCmd: string, databaseFolder: string, sarifFolder
  for (let database of fs.readdirSync(databaseFolder)) {
    core.startGroup('Analyzing ' + database);

-    const additionalQueries = queriesPerLanguage[database] || [];
+    const queries: string[] = [];
+    if (!config.disableDefaultQueries) {
+      queries.push(database + '-code-scanning.qls');
+    }
+    queries.push(...(queriesPerLanguage[database] || []));
+
    const sarifFile = path.join(sarifFolder, database + '.sarif');

    await exec.exec(codeqlCmd, [
@ -112,8 +117,7 @@ async function runQueries(codeqlCmd: string, databaseFolder: string, sarifFolder
      '--format=sarif-latest',
      '--output=' + sarifFile,
      '--no-sarif-add-snippets',
-      database + '-code-scanning.qls',
-      ...additionalQueries,
+      ...queries
    ]);

    core.debug('SARIF results for database ' + database + ' created at "' + sarifFile + '"');