robojerk/codeql-action

address review comments

Browse source
This commit is contained in:
Robert Brignull 2020-08-27 16:34:09 +01:00
parent 6f422a4303
commit 1fd45d7407
9 changed files with 147 additions and 149 deletions
Download patch file Download diff file Expand all files Collapse all files

39
lib/codeql.js generated
View file

@ -31,24 +31,22 @@ const CODEQL_BUNDLE_VERSION = defaults.bundleVersion;
const CODEQL_BUNDLE_NAME = "codeql-bundle.tar.gz"; const CODEQL_BUNDLE_NAME = "codeql-bundle.tar.gz";
const CODEQL_DEFAULT_ACTION_REPOSITORY = "github/codeql-action"; const CODEQL_DEFAULT_ACTION_REPOSITORY = "github/codeql-action";
function getCodeQLActionRepository(mode) { function getCodeQLActionRepository(mode) {
if (mode === 'actions') { if (mode !== 'actions') {
// Actions do not know their own repository name,
// so we currently use this hack to find the name based on where our files are.
// This can be removed once the change to the runner in https://github.com/actions/runner/pull/585 is deployed.
const runnerTemp = util.getRequiredEnvParam("RUNNER_TEMP");
const actionsDirectory = path.join(path.dirname(runnerTemp), "_actions");
const relativeScriptPath = path.relative(actionsDirectory, __filename);
// This handles the case where the Action does not come from an Action repository,
// e.g. our integration tests which use the Action code from the current checkout.
if (relativeScriptPath.startsWith("..") || path.isAbsolute(relativeScriptPath)) {
return CODEQL_DEFAULT_ACTION_REPOSITORY;
}
const relativeScriptPathParts = relativeScriptPath.split(path.sep);
return relativeScriptPathParts[0] + "/" + relativeScriptPathParts[1];
}
else {
return CODEQL_DEFAULT_ACTION_REPOSITORY; return CODEQL_DEFAULT_ACTION_REPOSITORY;
} }
// Actions do not know their own repository name,
// so we currently use this hack to find the name based on where our files are.
// This can be removed once the change to the runner in https://github.com/actions/runner/pull/585 is deployed.
const runnerTemp = util.getRequiredEnvParam("RUNNER_TEMP");
const actionsDirectory = path.join(path.dirname(runnerTemp), "_actions");
const relativeScriptPath = path.relative(actionsDirectory, __filename);
// This handles the case where the Action does not come from an Action repository,
// e.g. our integration tests which use the Action code from the current checkout.
if (relativeScriptPath.startsWith("..") || path.isAbsolute(relativeScriptPath)) {
return CODEQL_DEFAULT_ACTION_REPOSITORY;
}
const relativeScriptPathParts = relativeScriptPath.split(path.sep);
return relativeScriptPathParts[0] + "/" + relativeScriptPathParts[1];
} }
async function getCodeQLBundleDownloadURL(githubUrl, mode, logger) { async function getCodeQLBundleDownloadURL(githubUrl, mode, logger) {
const codeQLActionRepository = getCodeQLActionRepository(mode); const codeQLActionRepository = getCodeQLActionRepository(mode);
@ -89,6 +87,8 @@ async function getCodeQLBundleDownloadURL(githubUrl, mode, logger) {
} }
return `https://github.com/${CODEQL_DEFAULT_ACTION_REPOSITORY}/releases/download/${CODEQL_BUNDLE_VERSION}/${CODEQL_BUNDLE_NAME}`; return `https://github.com/${CODEQL_DEFAULT_ACTION_REPOSITORY}/releases/download/${CODEQL_BUNDLE_VERSION}/${CODEQL_BUNDLE_NAME}`;
} }
// We have to download CodeQL manually because the toolcache doesn't support Accept headers.
// This can be removed once https://github.com/actions/toolkit/pull/530 is merged and released.
async function toolcacheDownloadTool(url, headers, tempDir, logger) { async function toolcacheDownloadTool(url, headers, tempDir, logger) {
const client = new http.HttpClient('CodeQL Action'); const client = new http.HttpClient('CodeQL Action');
const dest = path.join(tempDir, v4_1.default()); const dest = path.join(tempDir, v4_1.default());
@ -103,8 +103,8 @@ async function toolcacheDownloadTool(url, headers, tempDir, logger) {
return dest; return dest;
} }
async function setupCodeQL(codeqlURL, githubAuth, githubUrl, tempDir, toolsDir, mode, logger) { async function setupCodeQL(codeqlURL, githubAuth, githubUrl, tempDir, toolsDir, mode, logger) {
// Setting these two env vars makes the toolcache code safe to use, // Setting these two env vars makes the toolcache code safe to use outside,
// but this is obviously not a great thing we're doing and it would // of actions but this is obviously not a great thing we're doing and it would
// be better to write our own implementation to use outside of actions. // be better to write our own implementation to use outside of actions.
process.env['RUNNER_TEMP'] = tempDir; process.env['RUNNER_TEMP'] = tempDir;
process.env['RUNNER_TOOL_CACHE'] = toolsDir; process.env['RUNNER_TOOL_CACHE'] = toolsDir;
@ -236,8 +236,7 @@ function getCodeQLForCmd(cmd) {
]); ]);
}, },
getTracerEnv: async function (databasePath) { getTracerEnv: async function (databasePath) {
// Write tracer-env.js to a temp location. When running in CLI mode we can't rely // Write tracer-env.js to a temp location.
// on this file existing so we have to create it ourselves.
const tracerEnvJs = path.resolve(databasePath, 'working', 'tracer-env.js'); const tracerEnvJs = path.resolve(databasePath, 'working', 'tracer-env.js');
fs.mkdirSync(path.dirname(tracerEnvJs), { recursive: true }); fs.mkdirSync(path.dirname(tracerEnvJs), { recursive: true });
fs.writeFileSync(tracerEnvJs, ` fs.writeFileSync(tracerEnvJs, `

2
lib/codeql.js.map
View file

File diff suppressed because one or more lines are too long

34
lib/init.js generated
View file

@ -40,24 +40,22 @@ async function runInit(codeql, config) {
await codeql.databaseInit(util.getCodeQLDatabasePath(config.tempDir, language), language, sourceRoot); await codeql.databaseInit(util.getCodeQLDatabasePath(config.tempDir, language), language, sourceRoot);
} }
const tracerConfig = await tracer_config_1.getCombinedTracerConfig(config, codeql); const tracerConfig = await tracer_config_1.getCombinedTracerConfig(config, codeql);
if (tracerConfig !== undefined) { if (tracerConfig !== undefined && process.platform === 'win32') {
if (process.platform === 'win32') { const injectTracerPath = path.join(config.tempDir, 'inject-tracer.ps1');
const injectTracerPath = path.join(config.tempDir, 'inject-tracer.ps1'); fs.writeFileSync(injectTracerPath, `
fs.writeFileSync(injectTracerPath, ` Param(
Param( [Parameter(Position=0)]
[Parameter(Position=0)] [String]
[String] $tracer
$tracer )
) Get-Process -Name Runner.Worker
Get-Process -Name Runner.Worker $process=Get-Process -Name Runner.Worker
$process=Get-Process -Name Runner.Worker $id=$process.Id
$id=$process.Id Invoke-Expression "&$tracer --inject=$id"`);
Invoke-Expression "&$tracer --inject=$id"`); await exec.exec('powershell', [
await exec.exec('powershell', [ injectTracerPath,
injectTracerPath, path.resolve(path.dirname(codeql.getPath()), 'tools', 'win64', 'tracer.exe'),
path.resolve(path.dirname(codeql.getPath()), 'tools', 'win64', 'tracer.exe'), ], { env: { 'ODASA_TRACER_CONFIGURATION': tracerConfig.spec } });
], { env: { 'ODASA_TRACER_CONFIGURATION': tracerConfig.spec } });
}
} }
return tracerConfig; return tracerConfig;
} }

2
lib/init.js.map
View file

@ -1 +1 @@
{"version":3,"file":"init.js","sourceRoot":"","sources":["../src/init.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AACtC,uCAAyB;AACzB,2CAA6B;AAE7B,gEAAkD;AAClD,qCAA+C;AAC/C,4DAA8C;AAG9C,mDAAwE;AACxE,6CAA+B;AAExB,KAAK,UAAU,UAAU,CAC9B,SAA6B,EAC7B,UAAkB,EAClB,SAAiB,EACjB,OAAe,EACf,QAAgB,EAChB,IAAe,EACf,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,oBAAoB,CAAC,CAAC;IACxC,MAAM,MAAM,GAAG,MAAM,oBAAW,CAC9B,SAAS,EACT,UAAU,EACV,SAAS,EACT,OAAO,EACP,QAAQ,EACR,IAAI,EACJ,MAAM,CAAC,CAAC;IACV,MAAM,MAAM,CAAC,YAAY,EAAE,CAAC;IAC5B,MAAM,CAAC,QAAQ,EAAE,CAAC;IAClB,OAAO,MAAM,CAAC;AAChB,CAAC;AArBD,gCAqBC;AAEM,KAAK,UAAU,UAAU,CAC9B,cAAkC,EAClC,YAAgC,EAChC,UAA8B,EAC9B,UAAyB,EACzB,OAAe,EACf,YAAoB,EACpB,MAAc,EACd,YAAoB,EACpB,UAAkB,EAClB,SAAiB,EACjB,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,6BAA6B,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,UAAU,CACzC,cAAc,EACd,YAAY,EACZ,UAAU,EACV,UAAU,EACV,OAAO,EACP,YAAY,EACZ,MAAM,EACN,YAAY,EACZ,UAAU,EACV,SAAS,EACT,MAAM,CAAC,CAAC;IACV,aAAa,CAAC,uBAAuB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACtD,MAAM,CAAC,QAAQ,EAAE,CAAC;IAClB,OAAO,MAAM,CAAC;AAChB,CAAC;AA7BD,gCA6BC;AAEM,KAAK,UAAU,OAAO,CAC3B,MAAc,EACd,MAA0B;IAE1B,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;IAElC,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAE9E,sEAAsE;IACtE,KAAK,IAAI,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;QACrC,yBAAyB;QACzB,MAAM,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;KACvG;IAED,MAAM,YAAY,GAAG,MAAM,uCAAuB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACnE,IAAI,YAAY,KAAK,SAAS,EAAE;QAC9B,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;YAChC,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,mBAAmB,CAAC,CAAC;YACxE,EAAE,CAAC,aAAa,CAAC,gBAAgB,EAAE;;;;;;;;;kDASS,CAAC,CAAC;YAE9C,MAAM,IAAI,CAAC,IAAI,CACb,YAAY,EACZ;gBACE,gBAAgB;gBAChB,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE,YAAY,CAAC;aAC7E,EACD,EAAE,GAAG,EAAE,EAAE,4BAA4B,EAAE,YAAY,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;SACjE;KACF;IACD,OAAO,YAAY,CAAC;AACtB,CAAC;AAvCD,0BAuCC"} {"version":3,"file":"init.js","sourceRoot":"","sources":["../src/init.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AACtC,uCAAyB;AACzB,2CAA6B;AAE7B,gEAAkD;AAClD,qCAA+C;AAC/C,4DAA8C;AAG9C,mDAAwE;AACxE,6CAA+B;AAExB,KAAK,UAAU,UAAU,CAC9B,SAA6B,EAC7B,UAAkB,EAClB,SAAiB,EACjB,OAAe,EACf,QAAgB,EAChB,IAAe,EACf,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,oBAAoB,CAAC,CAAC;IACxC,MAAM,MAAM,GAAG,MAAM,oBAAW,CAC9B,SAAS,EACT,UAAU,EACV,SAAS,EACT,OAAO,EACP,QAAQ,EACR,IAAI,EACJ,MAAM,CAAC,CAAC;IACV,MAAM,MAAM,CAAC,YAAY,EAAE,CAAC;IAC5B,MAAM,CAAC,QAAQ,EAAE,CAAC;IAClB,OAAO,MAAM,CAAC;AAChB,CAAC;AArBD,gCAqBC;AAEM,KAAK,UAAU,UAAU,CAC9B,cAAkC,EAClC,YAAgC,EAChC,UAA8B,EAC9B,UAAyB,EACzB,OAAe,EACf,YAAoB,EACpB,MAAc,EACd,YAAoB,EACpB,UAAkB,EAClB,SAAiB,EACjB,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,6BAA6B,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,UAAU,CACzC,cAAc,EACd,YAAY,EACZ,UAAU,EACV,UAAU,EACV,OAAO,EACP,YAAY,EACZ,MAAM,EACN,YAAY,EACZ,UAAU,EACV,SAAS,EACT,MAAM,CAAC,CAAC;IACV,aAAa,CAAC,uBAAuB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACtD,MAAM,CAAC,QAAQ,EAAE,CAAC;IAClB,OAAO,MAAM,CAAC;AAChB,CAAC;AA7BD,gCA6BC;AAEM,KAAK,UAAU,OAAO,CAC3B,MAAc,EACd,MAA0B;IAE1B,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;IAElC,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAE9E,sEAAsE;IACtE,KAAK,IAAI,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;QACrC,yBAAyB;QACzB,MAAM,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;KACvG;IAED,MAAM,YAAY,GAAG,MAAM,uCAAuB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACnE,IAAI,YAAY,KAAK,SAAS,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;QAC9D,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,mBAAmB,CAAC,CAAC;QACxE,EAAE,CAAC,aAAa,CAAC,gBAAgB,EAAE;;;;;;;;;gDASS,CAAC,CAAC;QAE9C,MAAM,IAAI,CAAC,IAAI,CACb,YAAY,EACZ;YACE,gBAAgB;YAChB,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE,YAAY,CAAC;SAC7E,EACD,EAAE,GAAG,EAAE,EAAE,4BAA4B,EAAE,YAAY,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;KACjE;IACD,OAAO,YAAY,CAAC;AACtB,CAAC;AArCD,0BAqCC"}

69
lib/runner.js generated
View file

@ -64,7 +64,7 @@ function checkEnvironmentSetup(config) {
if (config.languages.some(languages_1.isTracedLanguage) && !('ODASA_TRACER_CONFIGURATION' in process.env)) { if (config.languages.some(languages_1.isTracedLanguage) && !('ODASA_TRACER_CONFIGURATION' in process.env)) {
throw new Error("Could not detect 'ODASA_TRACER_CONFIGURATION' in environment. " + throw new Error("Could not detect 'ODASA_TRACER_CONFIGURATION' in environment. " +
"Make sure that environment variables were correctly exported to future processes. " + "Make sure that environment variables were correctly exported to future processes. " +
"See end out output from 'init' command for instructions."); "See end of output from 'init' command for instructions.");
} }
} }
program program
@ -77,7 +77,7 @@ program
.option('--queries <queries>', 'Comma-separated list of additional queries to run. By default, this overrides the same setting in a configuration file.') .option('--queries <queries>', 'Comma-separated list of additional queries to run. By default, this overrides the same setting in a configuration file.')
.option('--config-file <file>', 'Path to config file') .option('--config-file <file>', 'Path to config file')
.option('--codeql-path <path>', 'Path to a copy of the CodeQL CLI executable to use. Otherwise downloads a copy.') .option('--codeql-path <path>', 'Path to a copy of the CodeQL CLI executable to use. Otherwise downloads a copy.')
.option('--temp-dir <dir>', 'Directory to use for temporary files. By default will use current working directory.') .option('--temp-dir <dir>', 'Directory to use for temporary files. By default will use a subdirectory of the current working directory.')
.option('--tools-dir <dir>', 'Directory to use for CodeQL tools and other files to store between runs. By default will use home directory.') .option('--tools-dir <dir>', 'Directory to use for CodeQL tools and other files to store between runs. By default will use home directory.')
.option('--checkout-path <path>', 'Checkout path (default: current working directory)') .option('--checkout-path <path>', 'Checkout path (default: current working directory)')
.option('--debug', 'Print more verbose output', false) .option('--debug', 'Print more verbose output', false)
@ -98,35 +98,36 @@ program
} }
const config = await init_1.initConfig(cmd.languages, cmd.queries, cmd.configFile, repository_1.parseRepositoryNwo(cmd.repository), tempDir, toolsDir, codeql, cmd.checkoutPath || process.cwd(), cmd.githubAuth, parseGithubUrl(cmd.githubUrl), logger); const config = await init_1.initConfig(cmd.languages, cmd.queries, cmd.configFile, repository_1.parseRepositoryNwo(cmd.repository), tempDir, toolsDir, codeql, cmd.checkoutPath || process.cwd(), cmd.githubAuth, parseGithubUrl(cmd.githubUrl), logger);
const tracerConfig = await init_1.runInit(codeql, config); const tracerConfig = await init_1.runInit(codeql, config);
if (tracerConfig !== undefined) { if (tracerConfig === undefined) {
if (process.platform === 'win32') { return;
const batEnvFile = path.join(config.tempDir, 'codeql-env.bat'); }
const batEnvFileContents = Object.entries(tracerConfig.env) if (process.platform === 'win32') {
.map(([key, value]) => `Set ${key}=${value}`) const batEnvFile = path.join(config.tempDir, 'codeql-env.bat');
.join('\n'); const batEnvFileContents = Object.entries(tracerConfig.env)
fs.writeFileSync(batEnvFile, batEnvFileContents); .map(([key, value]) => `Set ${key}=${value}`)
const powershellEnvFile = path.join(config.tempDir, 'codeql-env.sh'); .join('\n');
const powershellEnvFileContents = Object.entries(tracerConfig.env) fs.writeFileSync(batEnvFile, batEnvFileContents);
.map(([key, value]) => `$env:${key}="${value}"`) const powershellEnvFile = path.join(config.tempDir, 'codeql-env.sh');
.join('\n'); const powershellEnvFileContents = Object.entries(tracerConfig.env)
fs.writeFileSync(powershellEnvFile, powershellEnvFileContents); .map(([key, value]) => `$env:${key}="${value}"`)
logger.info(`\nCodeQL environment outputted to "${batEnvFileContents}" and "${powershellEnvFile}". ` + .join('\n');
`Please export these variables to future processes so the build can tbe traced. ` + fs.writeFileSync(powershellEnvFile, powershellEnvFileContents);
`If using cmd/batch run "call ${batEnvFileContents}" ` + logger.info(`\nCodeQL environment output to "${batEnvFileContents}" and "${powershellEnvFile}". ` +
`or if using PowerShell run "cat ${powershellEnvFile} | Invoke-Expression".`); `Please export these variables to future processes so the build can be traced. ` +
} `If using cmd/batch run "call ${batEnvFileContents}" ` +
else { `or if using PowerShell run "cat ${powershellEnvFile} | Invoke-Expression".`);
// Assume that anything that's not windows is using a unix-style shell }
const envFile = path.join(config.tempDir, 'codeql-env.sh'); else {
const envFileContents = Object.entries(tracerConfig.env) // Assume that anything that's not windows is using a unix-style shell
// Some vars contain ${LIB} that we do not want to be expanded when executing this script const envFile = path.join(config.tempDir, 'codeql-env.sh');
.map(([key, value]) => `export ${key}="${value.replace('$', '\\$')}"`) const envFileContents = Object.entries(tracerConfig.env)
.join('\n'); // Some vars contain ${LIB} that we do not want to be expanded when executing this script
fs.writeFileSync(envFile, envFileContents); .map(([key, value]) => `export ${key}="${value.replace('$', '\\$')}"`)
logger.info(`\nCodeQL environment outputted to "${envFile}". ` + .join('\n');
`Please export these variables to future processes so the build can tbe traced, ` + fs.writeFileSync(envFile, envFileContents);
`for example by running "source ${envFile}".`); logger.info(`\nCodeQL environment output to "${envFile}". ` +
} `Please export these variables to future processes so the build can be traced, ` +
`for example by running "source ${envFile}".`);
} }
} }
catch (e) { catch (e) {
@ -139,7 +140,7 @@ program
.command('autobuild') .command('autobuild')
.description('Attempts to automatically build code') .description('Attempts to automatically build code')
.option('--language <language>', 'The language to build. By default will try to detect the dominant language.') .option('--language <language>', 'The language to build. By default will try to detect the dominant language.')
.option('--temp-dir <dir>', 'Directory to use for temporary files. By default will use current working directory.') .option('--temp-dir <dir>', 'Directory to use for temporary files. By default will use a subdirectory of the current working directory.')
.option('--debug', 'Print more verbose output', false) .option('--debug', 'Print more verbose output', false)
.action(async (cmd) => { .action(async (cmd) => {
const logger = logging_1.getRunnerLogger(cmd.debug); const logger = logging_1.getRunnerLogger(cmd.debug);
@ -178,7 +179,7 @@ program
.option('--checkout-path <path>', 'Checkout path (default: current working directory)') .option('--checkout-path <path>', 'Checkout path (default: current working directory)')
.option('--no-upload', 'Do not upload results after analysis', false) .option('--no-upload', 'Do not upload results after analysis', false)
.option('--output-dir <dir>', 'Directory to output SARIF files to. By default will use temp directory.') .option('--output-dir <dir>', 'Directory to output SARIF files to. By default will use temp directory.')
.option('--temp-dir <dir>', 'Directory to use for temporary files. By default will use current working directory.') .option('--temp-dir <dir>', 'Directory to use for temporary files. By default will use a subdirectory of the current working directory.')
.option('--debug', 'Print more verbose output', false) .option('--debug', 'Print more verbose output', false)
.action(async (cmd) => { .action(async (cmd) => {
const logger = logging_1.getRunnerLogger(cmd.debug); const logger = logging_1.getRunnerLogger(cmd.debug);
@ -190,7 +191,7 @@ program
await analyze_1.runAnalyze(repository_1.parseRepositoryNwo(cmd.repository), cmd.commit, cmd.ref, undefined, undefined, undefined, cmd.checkoutPath || process.cwd(), undefined, cmd.githubAuth, parseGithubUrl(cmd.githubUrl), cmd.upload, 'runner', outputDir, config, logger); await analyze_1.runAnalyze(repository_1.parseRepositoryNwo(cmd.repository), cmd.commit, cmd.ref, undefined, undefined, undefined, cmd.checkoutPath || process.cwd(), undefined, cmd.githubAuth, parseGithubUrl(cmd.githubUrl), cmd.upload, 'runner', outputDir, config, logger);
} }
catch (e) { catch (e) {
logger.error('Upload failed'); logger.error('Analyze failed');
logger.error(e); logger.error(e);
process.exitCode = 1; process.exitCode = 1;
} }

2
lib/runner.js.map
View file

File diff suppressed because one or more lines are too long

40
src/codeql.ts
View file

@ -102,24 +102,23 @@ const CODEQL_BUNDLE_NAME = "codeql-bundle.tar.gz";
const CODEQL_DEFAULT_ACTION_REPOSITORY = "github/codeql-action"; const CODEQL_DEFAULT_ACTION_REPOSITORY = "github/codeql-action";
function getCodeQLActionRepository(mode: util.Mode): string { function getCodeQLActionRepository(mode: util.Mode): string {
if (mode === 'actions') { if (mode !== 'actions') {
// Actions do not know their own repository name,
// so we currently use this hack to find the name based on where our files are.
// This can be removed once the change to the runner in https://github.com/actions/runner/pull/585 is deployed.
const runnerTemp = util.getRequiredEnvParam("RUNNER_TEMP");
const actionsDirectory = path.join(path.dirname(runnerTemp), "_actions");
const relativeScriptPath = path.relative(actionsDirectory, __filename);
// This handles the case where the Action does not come from an Action repository,
// e.g. our integration tests which use the Action code from the current checkout.
if (relativeScriptPath.startsWith("..") || path.isAbsolute(relativeScriptPath)) {
return CODEQL_DEFAULT_ACTION_REPOSITORY;
}
const relativeScriptPathParts = relativeScriptPath.split(path.sep);
return relativeScriptPathParts[0] + "/" + relativeScriptPathParts[1];
} else {
return CODEQL_DEFAULT_ACTION_REPOSITORY; return CODEQL_DEFAULT_ACTION_REPOSITORY;
} }
// Actions do not know their own repository name,
// so we currently use this hack to find the name based on where our files are.
// This can be removed once the change to the runner in https://github.com/actions/runner/pull/585 is deployed.
const runnerTemp = util.getRequiredEnvParam("RUNNER_TEMP");
const actionsDirectory = path.join(path.dirname(runnerTemp), "_actions");
const relativeScriptPath = path.relative(actionsDirectory, __filename);
// This handles the case where the Action does not come from an Action repository,
// e.g. our integration tests which use the Action code from the current checkout.
if (relativeScriptPath.startsWith("..") || path.isAbsolute(relativeScriptPath)) {
return CODEQL_DEFAULT_ACTION_REPOSITORY;
}
const relativeScriptPathParts = relativeScriptPath.split(path.sep);
return relativeScriptPathParts[0] + "/" + relativeScriptPathParts[1];
} }
async function getCodeQLBundleDownloadURL(githubUrl: string, mode: util.Mode, logger: Logger): Promise<string> { async function getCodeQLBundleDownloadURL(githubUrl: string, mode: util.Mode, logger: Logger): Promise<string> {
@ -161,6 +160,8 @@ async function getCodeQLBundleDownloadURL(githubUrl: string, mode: util.Mode, lo
return `https://github.com/${CODEQL_DEFAULT_ACTION_REPOSITORY}/releases/download/${CODEQL_BUNDLE_VERSION}/${CODEQL_BUNDLE_NAME}`; return `https://github.com/${CODEQL_DEFAULT_ACTION_REPOSITORY}/releases/download/${CODEQL_BUNDLE_VERSION}/${CODEQL_BUNDLE_NAME}`;
} }
// We have to download CodeQL manually because the toolcache doesn't support Accept headers.
// This can be removed once https://github.com/actions/toolkit/pull/530 is merged and released.
async function toolcacheDownloadTool( async function toolcacheDownloadTool(
url: string, url: string,
headers: IHeaders | undefined, headers: IHeaders | undefined,
@ -189,8 +190,8 @@ export async function setupCodeQL(
mode: util.Mode, mode: util.Mode,
logger: Logger): Promise<CodeQL> { logger: Logger): Promise<CodeQL> {
// Setting these two env vars makes the toolcache code safe to use, // Setting these two env vars makes the toolcache code safe to use outside,
// but this is obviously not a great thing we're doing and it would // of actions but this is obviously not a great thing we're doing and it would
// be better to write our own implementation to use outside of actions. // be better to write our own implementation to use outside of actions.
process.env['RUNNER_TEMP'] = tempDir; process.env['RUNNER_TEMP'] = tempDir;
process.env['RUNNER_TOOL_CACHE'] = toolsDir; process.env['RUNNER_TOOL_CACHE'] = toolsDir;
@ -334,8 +335,7 @@ function getCodeQLForCmd(cmd: string): CodeQL {
]); ]);
}, },
getTracerEnv: async function(databasePath: string) { getTracerEnv: async function(databasePath: string) {
// Write tracer-env.js to a temp location. When running in CLI mode we can't rely // Write tracer-env.js to a temp location.
// on this file existing so we have to create it ourselves.
const tracerEnvJs = path.resolve(databasePath, 'working', 'tracer-env.js'); const tracerEnvJs = path.resolve(databasePath, 'working', 'tracer-env.js');
fs.mkdirSync(path.dirname(tracerEnvJs), {recursive: true}); fs.mkdirSync(path.dirname(tracerEnvJs), {recursive: true});
fs.writeFileSync(tracerEnvJs, ` fs.writeFileSync(tracerEnvJs, `

40
src/init.ts
View file

@ -79,28 +79,26 @@ export async function runInit(
} }
const tracerConfig = await getCombinedTracerConfig(config, codeql); const tracerConfig = await getCombinedTracerConfig(config, codeql);
if (tracerConfig !== undefined) { if (tracerConfig !== undefined && process.platform === 'win32') {
if (process.platform === 'win32') { const injectTracerPath = path.join(config.tempDir, 'inject-tracer.ps1');
const injectTracerPath = path.join(config.tempDir, 'inject-tracer.ps1'); fs.writeFileSync(injectTracerPath, `
fs.writeFileSync(injectTracerPath, ` Param(
Param( [Parameter(Position=0)]
[Parameter(Position=0)] [String]
[String] $tracer
$tracer )
) Get-Process -Name Runner.Worker
Get-Process -Name Runner.Worker $process=Get-Process -Name Runner.Worker
$process=Get-Process -Name Runner.Worker $id=$process.Id
$id=$process.Id Invoke-Expression "&$tracer --inject=$id"`);
Invoke-Expression "&$tracer --inject=$id"`);
await exec.exec( await exec.exec(
'powershell', 'powershell',
[ [
injectTracerPath, injectTracerPath,
path.resolve(path.dirname(codeql.getPath()), 'tools', 'win64', 'tracer.exe'), path.resolve(path.dirname(codeql.getPath()), 'tools', 'win64', 'tracer.exe'),
], ],
{ env: { 'ODASA_TRACER_CONFIGURATION': tracerConfig.spec } }); { env: { 'ODASA_TRACER_CONFIGURATION': tracerConfig.spec } });
}
} }
return tracerConfig; return tracerConfig;
} }

68
src/runner.ts
View file

@ -61,7 +61,7 @@ function checkEnvironmentSetup(config: Config) {
if (config.languages.some(isTracedLanguage) && !('ODASA_TRACER_CONFIGURATION' in process.env)) { if (config.languages.some(isTracedLanguage) && !('ODASA_TRACER_CONFIGURATION' in process.env)) {
throw new Error("Could not detect 'ODASA_TRACER_CONFIGURATION' in environment. " + throw new Error("Could not detect 'ODASA_TRACER_CONFIGURATION' in environment. " +
"Make sure that environment variables were correctly exported to future processes. " + "Make sure that environment variables were correctly exported to future processes. " +
"See end out output from 'init' command for instructions."); "See end of output from 'init' command for instructions.");
} }
} }
@ -89,7 +89,7 @@ program
.option('--queries <queries>', 'Comma-separated list of additional queries to run. By default, this overrides the same setting in a configuration file.') .option('--queries <queries>', 'Comma-separated list of additional queries to run. By default, this overrides the same setting in a configuration file.')
.option('--config-file <file>', 'Path to config file') .option('--config-file <file>', 'Path to config file')
.option('--codeql-path <path>', 'Path to a copy of the CodeQL CLI executable to use. Otherwise downloads a copy.') .option('--codeql-path <path>', 'Path to a copy of the CodeQL CLI executable to use. Otherwise downloads a copy.')
.option('--temp-dir <dir>', 'Directory to use for temporary files. By default will use current working directory.') .option('--temp-dir <dir>', 'Directory to use for temporary files. By default will use a subdirectory of the current working directory.')
.option('--tools-dir <dir>', 'Directory to use for CodeQL tools and other files to store between runs. By default will use home directory.') .option('--tools-dir <dir>', 'Directory to use for CodeQL tools and other files to store between runs. By default will use home directory.')
.option('--checkout-path <path>', 'Checkout path (default: current working directory)') .option('--checkout-path <path>', 'Checkout path (default: current working directory)')
.option('--debug', 'Print more verbose output', false) .option('--debug', 'Print more verbose output', false)
@ -131,38 +131,40 @@ program
logger); logger);
const tracerConfig = await runInit(codeql, config); const tracerConfig = await runInit(codeql, config);
if (tracerConfig !== undefined) { if (tracerConfig === undefined) {
if (process.platform === 'win32') { return;
const batEnvFile = path.join(config.tempDir, 'codeql-env.bat'); }
const batEnvFileContents = Object.entries(tracerConfig.env)
.map(([key, value]) => `Set ${key}=${value}`)
.join('\n');
fs.writeFileSync(batEnvFile, batEnvFileContents);
const powershellEnvFile = path.join(config.tempDir, 'codeql-env.sh'); if (process.platform === 'win32') {
const powershellEnvFileContents = Object.entries(tracerConfig.env) const batEnvFile = path.join(config.tempDir, 'codeql-env.bat');
.map(([key, value]) => `$env:${key}="${value}"`) const batEnvFileContents = Object.entries(tracerConfig.env)
.join('\n'); .map(([key, value]) => `Set ${key}=${value}`)
fs.writeFileSync(powershellEnvFile, powershellEnvFileContents); .join('\n');
fs.writeFileSync(batEnvFile, batEnvFileContents);
logger.info(`\nCodeQL environment outputted to "${batEnvFileContents}" and "${powershellEnvFile}". ` + const powershellEnvFile = path.join(config.tempDir, 'codeql-env.sh');
`Please export these variables to future processes so the build can tbe traced. ` + const powershellEnvFileContents = Object.entries(tracerConfig.env)
`If using cmd/batch run "call ${batEnvFileContents}" ` + .map(([key, value]) => `$env:${key}="${value}"`)
`or if using PowerShell run "cat ${powershellEnvFile} | Invoke-Expression".`); .join('\n');
fs.writeFileSync(powershellEnvFile, powershellEnvFileContents);
} else { logger.info(`\nCodeQL environment output to "${batEnvFileContents}" and "${powershellEnvFile}". ` +
// Assume that anything that's not windows is using a unix-style shell `Please export these variables to future processes so the build can be traced. ` +
const envFile = path.join(config.tempDir, 'codeql-env.sh'); `If using cmd/batch run "call ${batEnvFileContents}" ` +
const envFileContents = Object.entries(tracerConfig.env) `or if using PowerShell run "cat ${powershellEnvFile} | Invoke-Expression".`);
// Some vars contain ${LIB} that we do not want to be expanded when executing this script
.map(([key, value]) => `export ${key}="${value.replace('$', '\\$')}"`)
.join('\n');
fs.writeFileSync(envFile, envFileContents);
logger.info(`\nCodeQL environment outputted to "${envFile}". ` + } else {
`Please export these variables to future processes so the build can tbe traced, ` + // Assume that anything that's not windows is using a unix-style shell
`for example by running "source ${envFile}".`); const envFile = path.join(config.tempDir, 'codeql-env.sh');
} const envFileContents = Object.entries(tracerConfig.env)
// Some vars contain ${LIB} that we do not want to be expanded when executing this script
.map(([key, value]) => `export ${key}="${value.replace('$', '\\$')}"`)
.join('\n');
fs.writeFileSync(envFile, envFileContents);
logger.info(`\nCodeQL environment output to "${envFile}". ` +
`Please export these variables to future processes so the build can be traced, ` +
`for example by running "source ${envFile}".`);
} }
} catch (e) { } catch (e) {
@ -182,7 +184,7 @@ program
.command('autobuild') .command('autobuild')
.description('Attempts to automatically build code') .description('Attempts to automatically build code')
.option('--language <language>', 'The language to build. By default will try to detect the dominant language.') .option('--language <language>', 'The language to build. By default will try to detect the dominant language.')
.option('--temp-dir <dir>', 'Directory to use for temporary files. By default will use current working directory.') .option('--temp-dir <dir>', 'Directory to use for temporary files. By default will use a subdirectory of the current working directory.')
.option('--debug', 'Print more verbose output', false) .option('--debug', 'Print more verbose output', false)
.action(async (cmd: AutobuildArgs) => { .action(async (cmd: AutobuildArgs) => {
const logger = getRunnerLogger(cmd.debug); const logger = getRunnerLogger(cmd.debug);
@ -233,7 +235,7 @@ program
.option('--checkout-path <path>', 'Checkout path (default: current working directory)') .option('--checkout-path <path>', 'Checkout path (default: current working directory)')
.option('--no-upload', 'Do not upload results after analysis', false) .option('--no-upload', 'Do not upload results after analysis', false)
.option('--output-dir <dir>', 'Directory to output SARIF files to. By default will use temp directory.') .option('--output-dir <dir>', 'Directory to output SARIF files to. By default will use temp directory.')
.option('--temp-dir <dir>', 'Directory to use for temporary files. By default will use current working directory.') .option('--temp-dir <dir>', 'Directory to use for temporary files. By default will use a subdirectory of the current working directory.')
.option('--debug', 'Print more verbose output', false) .option('--debug', 'Print more verbose output', false)
.action(async (cmd: AnalyzeArgs) => { .action(async (cmd: AnalyzeArgs) => {
const logger = getRunnerLogger(cmd.debug); const logger = getRunnerLogger(cmd.debug);
@ -259,7 +261,7 @@ program
config, config,
logger); logger);
} catch (e) { } catch (e) {
logger.error('Upload failed'); logger.error('Analyze failed');
logger.error(e); logger.error(e);
process.exitCode = 1; process.exitCode = 1;
} }