Add category input

2021-04-28 14:32:16 +02:00 · 2021-04-28 14:32:16 +02:00 · 40fb1f3f00
commit 40fb1f3f00
parent 03f029c2a1
8 changed files with 111 additions and 31 deletions
--- a/analyze/action.yml
+++ b/analyze/action.yml
@ -27,6 +27,9 @@ inputs:
    description: "The path at which the analyzed repository was checked out. Used to relativize any absolute paths in the uploaded SARIF file."
    required: false
    default: ${{ github.workspace }}
+  category:
+    description: String used by Code Scanning for matching the analyses
+    required: false
  token:
    default: ${{ github.token }}
  matrix:
--- a/lib/upload-lib.js
+++ b/lib/upload-lib.js
@ -46,10 +46,33 @@ function combineSarifFiles(sarifFiles) {
 exports.combineSarifFiles = combineSarifFiles;
 // Populates the run.automationDetails.id field using the analysis_key and environment
 // and return an updated sarif file contents.
-function populateRunAutomationDetails(sarifContents, analysis_key, environment) {
+function populateRunAutomationDetails(sarifContents, category, analysis_key, environment) {
    if (analysis_key === undefined) {
        return sarifContents;
    }
+    const automationID = getAutomationID(category, analysis_key, environment);
+    const sarif = JSON.parse(sarifContents);
+    for (const run of sarif.runs || []) {
+        if (run.automationDetails === undefined) {
+            run.automationDetails = {
+                id: automationID,
+            };
+        }
+    }
+    return JSON.stringify(sarif);
+}
+exports.populateRunAutomationDetails = populateRunAutomationDetails;
+function getAutomationID(category, analysis_key, environment) {
+    if (category !== undefined) {
+        let automationID = category;
+        if (!automationID.endsWith("/")) {
+            automationID += "/";
+        }
+        return automationID;
+    }
+    return computeAutomationID(analysis_key, environment);
+}
+function computeAutomationID(analysis_key, environment) {
    let automationID = `${analysis_key}/`;
    // the id has to be deterministic so we sort the fields
    if (environment !== undefined && environment !== "null") {
@ -65,17 +88,8 @@ function populateRunAutomationDetails(sarifContents, analysis_key, environment)
            }
        }
    }
-    const sarif = JSON.parse(sarifContents);
-    for (const run of sarif.runs || []) {
-        if (run.automationDetails === undefined) {
-            run.automationDetails = {
-                id: automationID,
-            };
-        }
-    }
-    return JSON.stringify(sarif);
+    return automationID;
 }
-exports.populateRunAutomationDetails = populateRunAutomationDetails;
 // Upload the given payload.
 // If the request fails then this will retry a small number of times.
 async function uploadPayload(payload, repositoryNwo, apiDetails, mode, logger) {
@ -247,7 +261,7 @@ async function uploadFiles(sarifFiles, repositoryNwo, commitOid, ref, analysisKe
    }
    let sarifPayload = combineSarifFiles(sarifFiles);
    sarifPayload = fingerprints.addFingerprints(sarifPayload, checkoutPath, logger);
-    sarifPayload = populateRunAutomationDetails(sarifPayload, analysisKey, environment);
+    sarifPayload = populateRunAutomationDetails(sarifPayload, actionsUtil.getOptionalInput("category"), analysisKey, environment);
    const zippedSarif = zlib_1.default.gzipSync(sarifPayload).toString("base64");
    const checkoutURI = file_url_1.default(checkoutPath);
    const toolNames = util.getToolNames(sarifPayload);
--- a/lib/upload-lib.js.map
+++ b/lib/upload-lib.js.map
--- a/lib/upload-lib.test.js
+++ b/lib/upload-lib.test.js
@ -85,26 +85,34 @@ ava_1.default("finding SARIF files", async (t) => {
 ava_1.default("populateRunAutomationDetails", (t) => {
    let sarif = '{"runs": [{}]}';
    const analysisKey = ".github/workflows/codeql-analysis.yml:analyze";
-    let expectedSarif = '{"runs":[{"automationDetails":{"id":".github/workflows/codeql-analysis.yml:analyze/language:javascript/os:linux/"}}]}';
-    let modifiedSarif = uploadLib.populateRunAutomationDetails(sarif, analysisKey, '{"language": "javascript", "os": "linux"}');
+    let expectedSarif = '{"runs":[{"automationDetails":{"id":"language:javascript/os:linux/"}}]}';
+    // Category has priority over analysis_key/environment
+    let modifiedSarif = uploadLib.populateRunAutomationDetails(sarif, "language:javascript/os:linux", analysisKey, '{"language": "other", "os": "other"}');
+    t.deepEqual(modifiedSarif, expectedSarif);
+    // It doesn't matter if the category has a slash at the end or not
+    modifiedSarif = uploadLib.populateRunAutomationDetails(sarif, "language:javascript/os:linux/", analysisKey, "");
+    t.deepEqual(modifiedSarif, expectedSarif);
+    expectedSarif =
+        '{"runs":[{"automationDetails":{"id":".github/workflows/codeql-analysis.yml:analyze/language:javascript/os:linux/"}}]}';
+    modifiedSarif = uploadLib.populateRunAutomationDetails(sarif, undefined, analysisKey, '{"language": "javascript", "os": "linux"}');
    t.deepEqual(modifiedSarif, expectedSarif);
    // check the environment sorting
-    modifiedSarif = uploadLib.populateRunAutomationDetails(sarif, analysisKey, '{"os": "linux", "language": "javascript"}');
+    modifiedSarif = uploadLib.populateRunAutomationDetails(sarif, undefined, analysisKey, '{"os": "linux", "language": "javascript"}');
    t.deepEqual(modifiedSarif, expectedSarif);
    // check that an empty environment produces the right results
    expectedSarif =
        '{"runs":[{"automationDetails":{"id":".github/workflows/codeql-analysis.yml:analyze/"}}]}';
-    modifiedSarif = uploadLib.populateRunAutomationDetails(sarif, analysisKey, "{}");
+    modifiedSarif = uploadLib.populateRunAutomationDetails(sarif, undefined, analysisKey, "{}");
    t.deepEqual(modifiedSarif, expectedSarif);
    // check non string environment values
    expectedSarif =
        '{"runs":[{"automationDetails":{"id":".github/workflows/codeql-analysis.yml:analyze/number:/object:/"}}]}';
-    modifiedSarif = uploadLib.populateRunAutomationDetails(sarif, analysisKey, '{"number": 1, "object": {"language": "javascript"}}');
+    modifiedSarif = uploadLib.populateRunAutomationDetails(sarif, undefined, analysisKey, '{"number": 1, "object": {"language": "javascript"}}');
    t.deepEqual(modifiedSarif, expectedSarif);
    // check that the automation details doesn't get overwritten
    sarif = '{"runs":[{"automationDetails":{"id":"my_id"}}]}';
    expectedSarif = '{"runs":[{"automationDetails":{"id":"my_id"}}]}';
-    modifiedSarif = uploadLib.populateRunAutomationDetails(sarif, analysisKey, '{"os": "linux", "language": "javascript"}');
+    modifiedSarif = uploadLib.populateRunAutomationDetails(sarif, undefined, analysisKey, '{"os": "linux", "language": "javascript"}');
    t.deepEqual(modifiedSarif, expectedSarif);
 });
 //# sourceMappingURL=upload-lib.test.js.map
--- a/lib/upload-lib.test.js.map
+++ b/lib/upload-lib.test.js.map
--- a/src/upload-lib.test.ts
+++ b/src/upload-lib.test.ts
@ -137,10 +137,31 @@ test("populateRunAutomationDetails", (t) => {
  const analysisKey = ".github/workflows/codeql-analysis.yml:analyze";

  let expectedSarif =
-    '{"runs":[{"automationDetails":{"id":".github/workflows/codeql-analysis.yml:analyze/language:javascript/os:linux/"}}]}';
+    '{"runs":[{"automationDetails":{"id":"language:javascript/os:linux/"}}]}';

+  // Category has priority over analysis_key/environment
  let modifiedSarif = uploadLib.populateRunAutomationDetails(
    sarif,
+    "language:javascript/os:linux",
+    analysisKey,
+    '{"language": "other", "os": "other"}'
+  );
+  t.deepEqual(modifiedSarif, expectedSarif);
+
+  // It doesn't matter if the category has a slash at the end or not
+  modifiedSarif = uploadLib.populateRunAutomationDetails(
+    sarif,
+    "language:javascript/os:linux/",
+    analysisKey,
+    ""
+  );
+  t.deepEqual(modifiedSarif, expectedSarif);
+
+  expectedSarif =
+    '{"runs":[{"automationDetails":{"id":".github/workflows/codeql-analysis.yml:analyze/language:javascript/os:linux/"}}]}';
+  modifiedSarif = uploadLib.populateRunAutomationDetails(
+    sarif,
+    undefined,
    analysisKey,
    '{"language": "javascript", "os": "linux"}'
  );
@ -149,6 +170,7 @@ test("populateRunAutomationDetails", (t) => {
  // check the environment sorting
  modifiedSarif = uploadLib.populateRunAutomationDetails(
    sarif,
+    undefined,
    analysisKey,
    '{"os": "linux", "language": "javascript"}'
  );
@ -159,6 +181,7 @@ test("populateRunAutomationDetails", (t) => {
    '{"runs":[{"automationDetails":{"id":".github/workflows/codeql-analysis.yml:analyze/"}}]}';
  modifiedSarif = uploadLib.populateRunAutomationDetails(
    sarif,
+    undefined,
    analysisKey,
    "{}"
  );
@ -169,6 +192,7 @@ test("populateRunAutomationDetails", (t) => {
    '{"runs":[{"automationDetails":{"id":".github/workflows/codeql-analysis.yml:analyze/number:/object:/"}}]}';
  modifiedSarif = uploadLib.populateRunAutomationDetails(
    sarif,
+    undefined,
    analysisKey,
    '{"number": 1, "object": {"language": "javascript"}}'
  );
@ -179,6 +203,7 @@ test("populateRunAutomationDetails", (t) => {
  expectedSarif = '{"runs":[{"automationDetails":{"id":"my_id"}}]}';
  modifiedSarif = uploadLib.populateRunAutomationDetails(
    sarif,
+    undefined,
    analysisKey,
    '{"os": "linux", "language": "javascript"}'
  );
--- a/src/upload-lib.ts
+++ b/src/upload-lib.ts
@ -44,12 +44,47 @@ export function combineSarifFiles(sarifFiles: string[]): string {
 // and return an updated sarif file contents.
 export function populateRunAutomationDetails(
  sarifContents: string,
+  category: string | undefined,
  analysis_key: string | undefined,
  environment: string | undefined
 ): string {
  if (analysis_key === undefined) {
    return sarifContents;
  }
+  const automationID = getAutomationID(category, analysis_key, environment);
+
+  const sarif = JSON.parse(sarifContents);
+  for (const run of sarif.runs || []) {
+    if (run.automationDetails === undefined) {
+      run.automationDetails = {
+        id: automationID,
+      };
+    }
+  }
+
+  return JSON.stringify(sarif);
+}
+
+function getAutomationID(
+  category: string | undefined,
+  analysis_key: string | undefined,
+  environment: string | undefined
+): string {
+  if (category !== undefined) {
+    let automationID = category;
+    if (!automationID.endsWith("/")) {
+      automationID += "/";
+    }
+    return automationID;
+  }
+
+  return computeAutomationID(analysis_key, environment);
+}
+
+function computeAutomationID(
+  analysis_key: string | undefined,
+  environment: string | undefined
+): string {
  let automationID = `${analysis_key}/`;

  // the id has to be deterministic so we sort the fields
@ -66,16 +101,7 @@ export function populateRunAutomationDetails(
    }
  }

-  const sarif = JSON.parse(sarifContents);
-  for (const run of sarif.runs || []) {
-    if (run.automationDetails === undefined) {
-      run.automationDetails = {
-        id: automationID,
-      };
-    }
-  }
-
-  return JSON.stringify(sarif);
+  return automationID;
 }

 // Upload the given payload.
@ -361,6 +387,7 @@ async function uploadFiles(
  );
  sarifPayload = populateRunAutomationDetails(
    sarifPayload,
+    actionsUtil.getOptionalInput("category"),
    analysisKey,
    environment
  );
--- a/upload-sarif/action.yml
+++ b/upload-sarif/action.yml
@ -14,6 +14,9 @@ inputs:
    default: ${{ github.token }}
  matrix:
    default: ${{ toJson(matrix) }}
+  category:
+    description: String used by Code Scanning for matching the analyses
+    required: false
 runs:
  using: 'node12'
  main: '../lib/upload-sarif-action.js'