robojerk/codeql-action

Mark invalid SARIF errors as user errors in the upload-sarif Action

Browse source
This commit is contained in:
Henry Mercer 2023-09-06 18:14:30 +01:00
parent 07d42ec34e
commit 583a1019cc
12 changed files with 95 additions and 47 deletions
Download patch file Download diff file Expand all files Collapse all files

46
lib/upload-lib.js generated
View file

@ -55,7 +55,7 @@ function combineSarifFiles(sarifFiles) {
combinedSarif.version = sarifObject.version;
}
else if (combinedSarif.version !== sarifObject.version) {
throw new Error(`Different SARIF versions encountered: ${combinedSarif.version} and ${sarifObject.version}`);
throw new InvalidUploadSarifRequest(`Different SARIF versions encountered: ${combinedSarif.version} and ${sarifObject.version}`);
}
combinedSarif.runs.push(...sarifObject.runs);
}
@ -129,21 +129,33 @@ function findSarifFilesInDir(sarifPath) {
return sarifFiles;
}
exports.findSarifFilesInDir = findSarifFilesInDir;
// Uploads a single sarif file or a directory of sarif files
// depending on what the path happens to refer to.
async function uploadFromActions(sarifPath, checkoutPath, category, logger) {
return await uploadFiles(getSarifFilePaths(sarifPath), (0, repository_1.parseRepositoryNwo)(util.getRequiredEnvParam("GITHUB_REPOSITORY")), await actionsUtil.getCommitOid(checkoutPath), await actionsUtil.getRef(), await api.getAnalysisKey(), category, util.getRequiredEnvParam("GITHUB_WORKFLOW"), actionsUtil.getWorkflowRunID(), actionsUtil.getWorkflowRunAttempt(), checkoutPath, actionsUtil.getRequiredInput("matrix"), logger);
/**
* Uploads a single SARIF file or a directory of SARIF files depending on what `sarifPath` refers to.
*
* @param invalidRequestIsUserError Whether an invalid request, for example one with a `sarifPath`
* that does not exist, should be considered a user error.
*/
async function uploadFromActions(sarifPath, checkoutPath, category, logger, { invalidRequestIsUserError }) {
try {
return await uploadFiles(getSarifFilePaths(sarifPath), (0, repository_1.parseRepositoryNwo)(util.getRequiredEnvParam("GITHUB_REPOSITORY")), await actionsUtil.getCommitOid(checkoutPath), await actionsUtil.getRef(), await api.getAnalysisKey(), category, util.getRequiredEnvParam("GITHUB_WORKFLOW"), actionsUtil.getWorkflowRunID(), actionsUtil.getWorkflowRunAttempt(), checkoutPath, actionsUtil.getRequiredInput("matrix"), logger);
}
catch (e) {
if (e instanceof InvalidUploadSarifRequest && invalidRequestIsUserError) {
throw new util_1.UserError(e.message);
}
throw e;
}
}
exports.uploadFromActions = uploadFromActions;
function getSarifFilePaths(sarifPath) {
if (!fs.existsSync(sarifPath)) {
throw new Error(`Path does not exist: ${sarifPath}`);
throw new InvalidUploadSarifRequest(`Path does not exist: ${sarifPath}`);
}
let sarifFiles;
if (fs.lstatSync(sarifPath).isDirectory()) {
sarifFiles = findSarifFilesInDir(sarifPath);
if (sarifFiles.length === 0) {
throw new Error(`No SARIF files found to upload in "${sarifPath}".`);
throw new InvalidUploadSarifRequest(`No SARIF files found to upload in "${sarifPath}".`);
}
}
else {
@ -159,14 +171,14 @@ function countResultsInSarif(sarif) {
parsedSarif = JSON.parse(sarif);
}
catch (e) {
throw new Error(`Invalid SARIF. JSON syntax error: ${(0, util_1.wrapError)(e).message}`);
throw new InvalidUploadSarifRequest(`Invalid SARIF. JSON syntax error: ${(0, util_1.wrapError)(e).message}`);
}
if (!Array.isArray(parsedSarif.runs)) {
throw new Error("Invalid SARIF. Missing 'runs' array.");
throw new InvalidUploadSarifRequest("Invalid SARIF. Missing 'runs' array.");
}
for (const run of parsedSarif.runs) {
if (!Array.isArray(run.results)) {
throw new Error("Invalid SARIF. Missing 'results' array in run.");
throw new InvalidUploadSarifRequest("Invalid SARIF. Missing 'results' array in run.");
}
numResults += run.results.length;
}
@ -195,7 +207,7 @@ function validateSarifFileSchema(sarifFilePath, logger) {
// Set the main error message to the stacks of all the errors.
// This should be of a manageable size and may even give enough to fix the error.
const sarifErrors = errors.map((e) => `- ${e.stack}`);
throw new Error(`Unable to upload "${sarifFilePath}" as it is not valid SARIF:\n${sarifErrors.join("\n")}`);
throw new InvalidUploadSarifRequest(`Unable to upload "${sarifFilePath}" as it is not valid SARIF:\n${sarifErrors.join("\n")}`);
}
}
exports.validateSarifFileSchema = validateSarifFileSchema;
@ -334,7 +346,7 @@ async function waitForProcessing(repositoryNwo, sarifID, logger, options = {
const message = `Code Scanning could not process the submitted SARIF file:\n${response.data.errors}`;
throw shouldConsiderAsUserError(response.data.errors)
? new util_1.UserError(message)
: new Error(message);
: new InvalidUploadSarifRequest(message);
}
else {
util.assertNever(status);
@ -397,7 +409,7 @@ function validateUniqueCategory(sarif) {
for (const [category, { id, tool }] of Object.entries(categories)) {
const sentinelEnvVar = `CODEQL_UPLOAD_SARIF_${category}`;
if (process.env[sentinelEnvVar]) {
throw new Error("Aborting upload: only one run of the codeql/analyze or codeql/upload-sarif actions is allowed per job per tool/category. " +
throw new InvalidUploadSarifRequest("Aborting upload: only one run of the codeql/analyze or codeql/upload-sarif actions is allowed per job per tool/category. " +
"The easiest fix is to specify a unique value for the `category` input. If .runs[].automationDetails.id is specified " +
"in the sarif file, that will take precedence over your configured `category`. " +
`Category: (${id ? id : "none"}) Tool: (${tool ? tool : "none"})`);
@ -449,4 +461,12 @@ function pruneInvalidResults(sarif, logger) {
return { ...sarif, runs: newRuns };
}
exports.pruneInvalidResults = pruneInvalidResults;
/**
* An error that occurred due to an invalid SARIF upload request.
*/
class InvalidUploadSarifRequest extends Error {
constructor(message) {
super(message);
}
}
//# sourceMappingURL=upload-lib.js.map