Merge branch 'main' into dbartol/remove-actions-extractor
This commit is contained in:
Andrew Eisenberg
GitHub
commit
46fbf563e6
21 changed files with 185 additions and 24 deletions
5
lib/api-client.js
generated
5
lib/api-client.js
generated
|
|
@ -206,9 +206,14 @@ function wrapApiConfigurationError(e) {
|
|||
if ((0, util_1.isHTTPError)(e)) {
|
||||
if (e.message.includes("API rate limit exceeded for installation") ||
|
||||
e.message.includes("commit not found") ||
|
||||
e.message.includes("Resource not accessible by integration") ||
|
||||
/ref .* not found in this repository/.test(e.message)) {
|
||||
return new util_1.ConfigurationError(e.message);
|
||||
}
|
||||
else if (e.message.includes("Bad credentials") ||
|
||||
e.message.includes("Not Found")) {
|
||||
return new util_1.ConfigurationError("Please check that your token is valid and has the required permissions: contents: read, security-events: write");
|
||||
}
|
||||
}
|
||||
return e;
|
||||
}
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
10
lib/api-client.test.js
generated
10
lib/api-client.test.js
generated
|
|
@ -145,5 +145,15 @@ function mockGetMetaVersionHeader(versionHeader) {
|
|||
const apiRateLimitError = new util.HTTPError("API rate limit exceeded for installation", 403);
|
||||
res = api.wrapApiConfigurationError(apiRateLimitError);
|
||||
t.deepEqual(res, new util.ConfigurationError("API rate limit exceeded for installation"));
|
||||
const tokenSuggestionMessage = "Please check that your token is valid and has the required permissions: contents: read, security-events: write";
|
||||
const badCredentialsError = new util.HTTPError("Bad credentials", 401);
|
||||
res = api.wrapApiConfigurationError(badCredentialsError);
|
||||
t.deepEqual(res, new util.ConfigurationError(tokenSuggestionMessage));
|
||||
const notFoundError = new util.HTTPError("Not Found", 404);
|
||||
res = api.wrapApiConfigurationError(notFoundError);
|
||||
t.deepEqual(res, new util.ConfigurationError(tokenSuggestionMessage));
|
||||
const resourceNotAccessibleError = new util.HTTPError("Resource not accessible by integration", 403);
|
||||
res = api.wrapApiConfigurationError(resourceNotAccessibleError);
|
||||
t.deepEqual(res, new util.ConfigurationError("Resource not accessible by integration"));
|
||||
});
|
||||
//# sourceMappingURL=api-client.test.js.map
|
||||
File diff suppressed because one or more lines are too long
7
lib/status-report.js
generated
7
lib/status-report.js
generated
|
|
@ -35,6 +35,7 @@ var __importStar = (this && this.__importStar) || (function () {
|
|||
Object.defineProperty(exports, "__esModule", { value: true });
|
||||
exports.JobStatus = exports.ActionName = void 0;
|
||||
exports.isFirstPartyAnalysis = isFirstPartyAnalysis;
|
||||
exports.isThirdPartyAnalysis = isThirdPartyAnalysis;
|
||||
exports.getActionsStatus = getActionsStatus;
|
||||
exports.getJobStatusDisplayName = getJobStatusDisplayName;
|
||||
exports.createStatusReportBase = createStatusReportBase;
|
||||
|
|
@ -71,6 +72,12 @@ function isFirstPartyAnalysis(actionName) {
|
|||
}
|
||||
return process.env[environment_1.EnvVar.INIT_ACTION_HAS_RUN] === "true";
|
||||
}
|
||||
/**
|
||||
* @returns true if the analysis is considered to be third party.
|
||||
*/
|
||||
function isThirdPartyAnalysis(actionName) {
|
||||
return !isFirstPartyAnalysis(actionName);
|
||||
}
|
||||
/** Overall status of the entire job. String values match the Hydro schema. */
|
||||
var JobStatus;
|
||||
(function (JobStatus) {
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
2
lib/status-report.test.js
generated
2
lib/status-report.test.js
generated
|
|
@ -113,7 +113,7 @@ function setupEnvironmentAndStub(tmpDir) {
|
|||
t.is((0, status_report_1.getActionsStatus)(new Error("arbitrary error")), "failure", "We categorise an arbitrary error as a failure");
|
||||
t.is((0, status_report_1.getActionsStatus)(new util_1.ConfigurationError("arbitrary error")), "user-error", "We categorise a ConfigurationError as a user error");
|
||||
t.is((0, status_report_1.getActionsStatus)(new Error("exit code 1"), "multiple things went wrong"), "failure", "getActionsStatus should return failure if passed an arbitrary error and an additional failure cause");
|
||||
t.is((0, status_report_1.getActionsStatus)(new util_1.ConfigurationError("exit code 1"), "multiple things went wrong"), "user-error", "getActionsStatus should return failure if passed a configuration error and an additional failure cause");
|
||||
t.is((0, status_report_1.getActionsStatus)(new util_1.ConfigurationError("exit code 1"), "multiple things went wrong"), "user-error", "getActionsStatus should return user-error if passed a configuration error and an additional failure cause");
|
||||
t.is((0, status_report_1.getActionsStatus)(), "success", "getActionsStatus should return success if no error is passed");
|
||||
t.is((0, status_report_1.getActionsStatus)(new Object()), "failure", "getActionsStatus should return failure if passed an arbitrary object");
|
||||
t.is((0, status_report_1.getActionsStatus)(null, "an error occurred"), "failure", "getActionsStatus should return failure if passed null and an additional failure cause");
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
23
lib/upload-lib.js
generated
23
lib/upload-lib.js
generated
|
|
@ -44,6 +44,8 @@ exports.validateSarifFileSchema = validateSarifFileSchema;
|
|||
exports.buildPayload = buildPayload;
|
||||
exports.uploadFiles = uploadFiles;
|
||||
exports.waitForProcessing = waitForProcessing;
|
||||
exports.shouldConsiderConfigurationError = shouldConsiderConfigurationError;
|
||||
exports.shouldConsiderInvalidRequest = shouldConsiderInvalidRequest;
|
||||
exports.validateUniqueCategory = validateUniqueCategory;
|
||||
const fs = __importStar(require("fs"));
|
||||
const path = __importStar(require("path"));
|
||||
|
|
@ -408,9 +410,17 @@ async function uploadFiles(sarifPath, checkoutPath, category, features, logger)
|
|||
logger.startGroup("Uploading results");
|
||||
logger.info(`Processing sarif files: ${JSON.stringify(sarifFiles)}`);
|
||||
const gitHubVersion = await (0, api_client_1.getGitHubVersion)();
|
||||
// Validate that the files we were asked to upload are all valid SARIF files
|
||||
for (const file of sarifFiles) {
|
||||
validateSarifFileSchema(file, logger);
|
||||
try {
|
||||
// Validate that the files we were asked to upload are all valid SARIF files
|
||||
for (const file of sarifFiles) {
|
||||
validateSarifFileSchema(file, logger);
|
||||
}
|
||||
}
|
||||
catch (e) {
|
||||
if (e instanceof SyntaxError) {
|
||||
throw new InvalidSarifUploadError(e.message);
|
||||
}
|
||||
throw e;
|
||||
}
|
||||
let sarif = await combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, logger);
|
||||
sarif = filterAlertsByDiffRange(logger, sarif);
|
||||
|
|
@ -524,9 +534,12 @@ async function waitForProcessing(repositoryNwo, sarifID, logger, options = {
|
|||
* Returns whether the provided processing errors are a configuration error.
|
||||
*/
|
||||
function shouldConsiderConfigurationError(processingErrors) {
|
||||
const expectedConfigErrors = [
|
||||
"CodeQL analyses from advanced configurations cannot be processed when the default setup is enabled",
|
||||
"rejecting delivery as the repository has too many logical alerts",
|
||||
];
|
||||
return (processingErrors.length === 1 &&
|
||||
processingErrors[0] ===
|
||||
"CodeQL analyses from advanced configurations cannot be processed when the default setup is enabled");
|
||||
expectedConfigErrors.some((msg) => processingErrors[0].includes(msg)));
|
||||
}
|
||||
/**
|
||||
* Returns whether the provided processing errors are the result of an invalid SARIF upload request.
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
35
lib/upload-lib.test.js
generated
35
lib/upload-lib.test.js
generated
|
|
@ -244,6 +244,41 @@ ava_1.default.beforeEach(() => {
|
|||
type: util_1.GitHubVariant.DOTCOM,
|
||||
}));
|
||||
});
|
||||
(0, ava_1.default)("shouldConsiderConfigurationError correctly detects configuration errors", (t) => {
|
||||
const error1 = [
|
||||
"CodeQL analyses from advanced configurations cannot be processed when the default setup is enabled",
|
||||
];
|
||||
t.true(uploadLib.shouldConsiderConfigurationError(error1));
|
||||
const error2 = [
|
||||
"rejecting delivery as the repository has too many logical alerts",
|
||||
];
|
||||
t.true(uploadLib.shouldConsiderConfigurationError(error2));
|
||||
// We fail cases where we get > 1 error messages back
|
||||
const error3 = [
|
||||
"rejecting delivery as the repository has too many alerts",
|
||||
"extra error message",
|
||||
];
|
||||
t.false(uploadLib.shouldConsiderConfigurationError(error3));
|
||||
});
|
||||
(0, ava_1.default)("shouldConsiderInvalidRequest returns correct recognises processing errors", (t) => {
|
||||
const error1 = [
|
||||
"rejecting SARIF",
|
||||
"an invalid URI was provided as a SARIF location",
|
||||
];
|
||||
t.true(uploadLib.shouldConsiderInvalidRequest(error1));
|
||||
const error2 = [
|
||||
"locationFromSarifResult: expected artifact location",
|
||||
"an invalid URI was provided as a SARIF location",
|
||||
];
|
||||
t.true(uploadLib.shouldConsiderInvalidRequest(error2));
|
||||
// We expect ALL errors to be of processing errors, for the outcome to be classified as
|
||||
// an invalid SARIF upload error.
|
||||
const error3 = [
|
||||
"could not convert rules: invalid security severity value, is not a number",
|
||||
"an unknown error occurred",
|
||||
];
|
||||
t.false(uploadLib.shouldConsiderInvalidRequest(error3));
|
||||
});
|
||||
function createMockSarif(id, tool) {
|
||||
return {
|
||||
runs: [
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
2
lib/upload-sarif-action.js
generated
2
lib/upload-sarif-action.js
generated
|
|
@ -80,7 +80,7 @@ async function run() {
|
|||
await sendSuccessStatusReport(startedAt, uploadResult.statusReport, logger);
|
||||
}
|
||||
catch (unwrappedError) {
|
||||
const error = !(0, status_report_1.isFirstPartyAnalysis)(status_report_1.ActionName.UploadSarif) &&
|
||||
const error = (0, status_report_1.isThirdPartyAnalysis)(status_report_1.ActionName.UploadSarif) &&
|
||||
unwrappedError instanceof upload_lib.InvalidSarifUploadError
|
||||
? new util_1.ConfigurationError(unwrappedError.message)
|
||||
: (0, util_1.wrapError)(unwrappedError);
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
{"version":3,"file":"upload-sarif-action.js","sourceRoot":"","sources":["../src/upload-sarif-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,iDAAyE;AACzE,6CAAgD;AAChD,mDAA2C;AAC3C,uCAAqD;AACrD,6CAAgD;AAChD,mDAOyB;AACzB,yDAA2C;AAC3C,iCAQgB;AAMhB,KAAK,UAAU,uBAAuB,CACpC,SAAe,EACf,WAA0C,EAC1C,MAAc;IAEd,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,WAAW,EACtB,SAAS,EACT,SAAS,EACT,SAAS,EACT,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,CACP,CAAC;IACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;QACnC,MAAM,YAAY,GAA4B;YAC5C,GAAG,gBAAgB;YACnB,GAAG,WAAW;SACf,CAAC;QACF,MAAM,IAAA,gCAAgB,EAAC,YAAY,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,IAAA,4BAAqB,EAAC,IAAA,+BAAgB,GAAE,CAAC,CAAC;IAE1C,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;IAC/C,IAAA,yBAAkB,EAAC,IAAA,+BAAgB,GAAE,EAAE,aAAa,CAAC,CAAC;IAEtD,6CAA6C;IAC7C,WAAW,CAAC,aAAa,EAAE,CAAC;IAE5B,MAAM,aAAa,GAAG,IAAA,6BAAgB,GAAE,CAAC;IACzC,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;IAEF,MAAM,wBAAwB,GAAG,MAAM,IAAA,sCAAsB,EAC3D,0BAAU,CAAC,WAAW,EACtB,UAAU,EACV,SAAS,EACT,SAAS,EACT,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,CACP,CAAC;IACF,IAAI,wBAAwB,KAAK,SAAS,EAAE,CAAC;QAC3C,MAAM,IAAA,gCAAgB,EAAC,wBAAwB,CAAC,CAAC;IACnD,CAAC;IAED,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC,WAAW,CAC/C,WAAW,CAAC,gBAAgB,CAAC,YAAY,CAAC,EAC1C,WAAW,CAAC,gBAAgB,CAAC,eAAe,CAAC,EAC7C,WAAW,CAAC,gBAAgB,CAAC,UAAU,CAAC,EACxC,QAAQ,EACR,MAAM,CACP,CAAC;QACF,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;QAEjD,qEAAqE;QACrE,IAAI,IAAA,mBAAY,GAAE,EAAE,CAAC;YACnB,IAAI,CAAC,KAAK,CAAC,mDAAmD,CAAC,CAAC;QAClE,CAAC;aAAM,IAAI,WAAW,CAAC,gBAAgB,CAAC,qBAAqB,CAAC,KAAK,MAAM,EAAE,CAAC;YAC1E,MAAM,UAAU,CAAC,iBAAiB,CAChC,IAAA,6BAAgB,GAAE,EAClB,YAAY,CAAC,OAAO,EACpB,MAAM,CACP,CAAC;QACJ,CAAC;QACD,MAAM,uBAAuB,CAAC,SAAS,EAAE,YAAY,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;IAC9E,CAAC;IAAC,OAAO,cAAc,EAAE,CAAC;QACxB,MAAM,KAAK,GACT,CAAC,IAAA,oCAAoB,EAAC,0BAAU,CAAC,WAAW,CAAC;YAC7C,cAAc,YAAY,UAAU,CAAC,uBAAuB;YAC1D,CAAC,CAAC,IAAI,yBAAkB,CAAC,cAAc,CAAC,OAAO,CAAC;YAChD,CAAC,CAAC,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QAChC,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC;QAC9B,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QAExB,MAAM,qBAAqB,GAAG,MAAM,IAAA,sCAAsB,EACxD,0BAAU,CAAC,WAAW,EACtB,IAAA,gCAAgB,EAAC,KAAK,CAAC,EACvB,SAAS,EACT,SAAS,EACT,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,EACN,OAAO,EACP,KAAK,CAAC,KAAK,CACZ,CAAC;QACF,IAAI,qBAAqB,KAAK,SAAS,EAAE,CAAC;YACxC,MAAM,IAAA,gCAAgB,EAAC,qBAAqB,CAAC,CAAC;QAChD,CAAC;QACD,OAAO;IACT,CAAC;AACH,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,GAAG,EAAE,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CACZ,sCAAsC,IAAA,sBAAe,EAAC,KAAK,CAAC,EAAE,CAC/D,CAAC;IACJ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
|
||||
{"version":3,"file":"upload-sarif-action.js","sourceRoot":"","sources":["../src/upload-sarif-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,iDAAyE;AACzE,6CAAgD;AAChD,mDAA2C;AAC3C,uCAAqD;AACrD,6CAAgD;AAChD,mDAOyB;AACzB,yDAA2C;AAC3C,iCAQgB;AAMhB,KAAK,UAAU,uBAAuB,CACpC,SAAe,EACf,WAA0C,EAC1C,MAAc;IAEd,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,WAAW,EACtB,SAAS,EACT,SAAS,EACT,SAAS,EACT,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,CACP,CAAC;IACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;QACnC,MAAM,YAAY,GAA4B;YAC5C,GAAG,gBAAgB;YACnB,GAAG,WAAW;SACf,CAAC;QACF,MAAM,IAAA,gCAAgB,EAAC,YAAY,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,IAAA,4BAAqB,EAAC,IAAA,+BAAgB,GAAE,CAAC,CAAC;IAE1C,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;IAC/C,IAAA,yBAAkB,EAAC,IAAA,+BAAgB,GAAE,EAAE,aAAa,CAAC,CAAC;IAEtD,6CAA6C;IAC7C,WAAW,CAAC,aAAa,EAAE,CAAC;IAE5B,MAAM,aAAa,GAAG,IAAA,6BAAgB,GAAE,CAAC;IACzC,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;IAEF,MAAM,wBAAwB,GAAG,MAAM,IAAA,sCAAsB,EAC3D,0BAAU,CAAC,WAAW,EACtB,UAAU,EACV,SAAS,EACT,SAAS,EACT,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,CACP,CAAC;IACF,IAAI,wBAAwB,KAAK,SAAS,EAAE,CAAC;QAC3C,MAAM,IAAA,gCAAgB,EAAC,wBAAwB,CAAC,CAAC;IACnD,CAAC;IAED,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC,WAAW,CAC/C,WAAW,CAAC,gBAAgB,CAAC,YAAY,CAAC,EAC1C,WAAW,CAAC,gBAAgB,CAAC,eAAe,CAAC,EAC7C,WAAW,CAAC,gBAAgB,CAAC,UAAU,CAAC,EACxC,QAAQ,EACR,MAAM,CACP,CAAC;QACF,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;QAEjD,qEAAqE;QACrE,IAAI,IAAA,mBAAY,GAAE,EAAE,CAAC;YACnB,IAAI,CAAC,KAAK,CAAC,mDAAmD,CAAC,CAAC;QAClE,CAAC;aAAM,IAAI,WAAW,CAAC,gBAAgB,CAAC,qBAAqB,CAAC,KAAK,MAAM,EAAE,CAAC;YAC1E,MAAM,UAAU,CAAC,iBAAiB,CAChC,IAAA,6BAAgB,GAAE,EAClB,YAAY,CAAC,OAAO,EACpB,MAAM,CACP,CAAC;QACJ,CAAC;QACD,MAAM,uBAAuB,CAAC,SAAS,EAAE,YAAY,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;IAC9E,CAAC;IAAC,OAAO,cAAc,EAAE,CAAC;QACxB,MAAM,KAAK,GACT,IAAA,oCAAoB,EAAC,0BAAU,CAAC,WAAW,CAAC;YAC5C,cAAc,YAAY,UAAU,CAAC,uBAAuB;YAC1D,CAAC,CAAC,IAAI,yBAAkB,CAAC,cAAc,CAAC,OAAO,CAAC;YAChD,CAAC,CAAC,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QAChC,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC;QAC9B,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QAExB,MAAM,qBAAqB,GAAG,MAAM,IAAA,sCAAsB,EACxD,0BAAU,CAAC,WAAW,EACtB,IAAA,gCAAgB,EAAC,KAAK,CAAC,EACvB,SAAS,EACT,SAAS,EACT,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,EACN,OAAO,EACP,KAAK,CAAC,KAAK,CACZ,CAAC;QACF,IAAI,qBAAqB,KAAK,SAAS,EAAE,CAAC;YACxC,MAAM,IAAA,gCAAgB,EAAC,qBAAqB,CAAC,CAAC;QAChD,CAAC;QACD,OAAO;IACT,CAAC;AACH,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,GAAG,EAAE,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CACZ,sCAAsC,IAAA,sBAAe,EAAC,KAAK,CAAC,EAAE,CAC/D,CAAC;IACJ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
|
||||
|
|
@ -149,4 +149,24 @@ test("wrapApiConfigurationError correctly wraps specific configuration errors",
|
|||
res,
|
||||
new util.ConfigurationError("API rate limit exceeded for installation"),
|
||||
);
|
||||
|
||||
const tokenSuggestionMessage =
|
||||
"Please check that your token is valid and has the required permissions: contents: read, security-events: write";
|
||||
const badCredentialsError = new util.HTTPError("Bad credentials", 401);
|
||||
res = api.wrapApiConfigurationError(badCredentialsError);
|
||||
t.deepEqual(res, new util.ConfigurationError(tokenSuggestionMessage));
|
||||
|
||||
const notFoundError = new util.HTTPError("Not Found", 404);
|
||||
res = api.wrapApiConfigurationError(notFoundError);
|
||||
t.deepEqual(res, new util.ConfigurationError(tokenSuggestionMessage));
|
||||
|
||||
const resourceNotAccessibleError = new util.HTTPError(
|
||||
"Resource not accessible by integration",
|
||||
403,
|
||||
);
|
||||
res = api.wrapApiConfigurationError(resourceNotAccessibleError);
|
||||
t.deepEqual(
|
||||
res,
|
||||
new util.ConfigurationError("Resource not accessible by integration"),
|
||||
);
|
||||
});
|
||||
|
|
|
|||
|
|
@ -245,9 +245,17 @@ export function wrapApiConfigurationError(e: unknown) {
|
|||
if (
|
||||
e.message.includes("API rate limit exceeded for installation") ||
|
||||
e.message.includes("commit not found") ||
|
||||
e.message.includes("Resource not accessible by integration") ||
|
||||
/ref .* not found in this repository/.test(e.message)
|
||||
) {
|
||||
return new ConfigurationError(e.message);
|
||||
} else if (
|
||||
e.message.includes("Bad credentials") ||
|
||||
e.message.includes("Not Found")
|
||||
) {
|
||||
return new ConfigurationError(
|
||||
"Please check that your token is valid and has the required permissions: contents: read, security-events: write",
|
||||
);
|
||||
}
|
||||
}
|
||||
return e;
|
||||
|
|
|
|||
|
|
@ -216,7 +216,7 @@ test("getActionStatus handling correctly various types of errors", (t) => {
|
|||
"multiple things went wrong",
|
||||
),
|
||||
"user-error",
|
||||
"getActionsStatus should return failure if passed a configuration error and an additional failure cause",
|
||||
"getActionsStatus should return user-error if passed a configuration error and an additional failure cause",
|
||||
);
|
||||
|
||||
t.is(
|
||||
|
|
|
|||
|
|
@ -55,6 +55,13 @@ export function isFirstPartyAnalysis(actionName: ActionName): boolean {
|
|||
return process.env[EnvVar.INIT_ACTION_HAS_RUN] === "true";
|
||||
}
|
||||
|
||||
/**
|
||||
* @returns true if the analysis is considered to be third party.
|
||||
*/
|
||||
export function isThirdPartyAnalysis(actionName: ActionName): boolean {
|
||||
return !isFirstPartyAnalysis(actionName);
|
||||
}
|
||||
|
||||
export type ActionStatus =
|
||||
| "aborted" // Only used in the init Action, if init failed before initializing the tracer due to something other than a configuration error.
|
||||
| "failure"
|
||||
|
|
|
|||
|
|
@ -405,6 +405,47 @@ test("shouldShowCombineSarifFilesDeprecationWarning when environment variable is
|
|||
);
|
||||
});
|
||||
|
||||
test("shouldConsiderConfigurationError correctly detects configuration errors", (t) => {
|
||||
const error1 = [
|
||||
"CodeQL analyses from advanced configurations cannot be processed when the default setup is enabled",
|
||||
];
|
||||
t.true(uploadLib.shouldConsiderConfigurationError(error1));
|
||||
|
||||
const error2 = [
|
||||
"rejecting delivery as the repository has too many logical alerts",
|
||||
];
|
||||
t.true(uploadLib.shouldConsiderConfigurationError(error2));
|
||||
|
||||
// We fail cases where we get > 1 error messages back
|
||||
const error3 = [
|
||||
"rejecting delivery as the repository has too many alerts",
|
||||
"extra error message",
|
||||
];
|
||||
t.false(uploadLib.shouldConsiderConfigurationError(error3));
|
||||
});
|
||||
|
||||
test("shouldConsiderInvalidRequest returns correct recognises processing errors", (t) => {
|
||||
const error1 = [
|
||||
"rejecting SARIF",
|
||||
"an invalid URI was provided as a SARIF location",
|
||||
];
|
||||
t.true(uploadLib.shouldConsiderInvalidRequest(error1));
|
||||
|
||||
const error2 = [
|
||||
"locationFromSarifResult: expected artifact location",
|
||||
"an invalid URI was provided as a SARIF location",
|
||||
];
|
||||
t.true(uploadLib.shouldConsiderInvalidRequest(error2));
|
||||
|
||||
// We expect ALL errors to be of processing errors, for the outcome to be classified as
|
||||
// an invalid SARIF upload error.
|
||||
const error3 = [
|
||||
"could not convert rules: invalid security severity value, is not a number",
|
||||
"an unknown error occurred",
|
||||
];
|
||||
t.false(uploadLib.shouldConsiderInvalidRequest(error3));
|
||||
});
|
||||
|
||||
function createMockSarif(id?: string, tool?: string) {
|
||||
return {
|
||||
runs: [
|
||||
|
|
|
|||
|
|
@ -568,9 +568,16 @@ export async function uploadFiles(
|
|||
|
||||
const gitHubVersion = await getGitHubVersion();
|
||||
|
||||
// Validate that the files we were asked to upload are all valid SARIF files
|
||||
for (const file of sarifFiles) {
|
||||
validateSarifFileSchema(file, logger);
|
||||
try {
|
||||
// Validate that the files we were asked to upload are all valid SARIF files
|
||||
for (const file of sarifFiles) {
|
||||
validateSarifFileSchema(file, logger);
|
||||
}
|
||||
} catch (e) {
|
||||
if (e instanceof SyntaxError) {
|
||||
throw new InvalidSarifUploadError(e.message);
|
||||
}
|
||||
throw e;
|
||||
}
|
||||
|
||||
let sarif = await combineSarifFilesUsingCLI(
|
||||
|
|
@ -734,18 +741,26 @@ export async function waitForProcessing(
|
|||
/**
|
||||
* Returns whether the provided processing errors are a configuration error.
|
||||
*/
|
||||
function shouldConsiderConfigurationError(processingErrors: string[]): boolean {
|
||||
export function shouldConsiderConfigurationError(
|
||||
processingErrors: string[],
|
||||
): boolean {
|
||||
const expectedConfigErrors = [
|
||||
"CodeQL analyses from advanced configurations cannot be processed when the default setup is enabled",
|
||||
"rejecting delivery as the repository has too many logical alerts",
|
||||
];
|
||||
|
||||
return (
|
||||
processingErrors.length === 1 &&
|
||||
processingErrors[0] ===
|
||||
"CodeQL analyses from advanced configurations cannot be processed when the default setup is enabled"
|
||||
expectedConfigErrors.some((msg) => processingErrors[0].includes(msg))
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns whether the provided processing errors are the result of an invalid SARIF upload request.
|
||||
*/
|
||||
function shouldConsiderInvalidRequest(processingErrors: string[]): boolean {
|
||||
export function shouldConsiderInvalidRequest(
|
||||
processingErrors: string[],
|
||||
): boolean {
|
||||
return processingErrors.every(
|
||||
(error) =>
|
||||
error.startsWith("rejecting SARIF") ||
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ import {
|
|||
StatusReportBase,
|
||||
getActionsStatus,
|
||||
ActionName,
|
||||
isFirstPartyAnalysis,
|
||||
isThirdPartyAnalysis,
|
||||
} from "./status-report";
|
||||
import * as upload_lib from "./upload-lib";
|
||||
import {
|
||||
|
|
@ -105,7 +105,7 @@ async function run() {
|
|||
await sendSuccessStatusReport(startedAt, uploadResult.statusReport, logger);
|
||||
} catch (unwrappedError) {
|
||||
const error =
|
||||
!isFirstPartyAnalysis(ActionName.UploadSarif) &&
|
||||
isThirdPartyAnalysis(ActionName.UploadSarif) &&
|
||||
unwrappedError instanceof upload_lib.InvalidSarifUploadError
|
||||
? new ConfigurationError(unwrappedError.message)
|
||||
: wrapError(unwrappedError);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue