robojerk/codeql-action

Merge pull request #625 from github/update-v1.0.7-3428407b

Browse source 
Merge main into v1
This commit is contained in:
Edoardo Pirovano 2021-07-21 15:22:02 +01:00 committed by GitHub
commit 592af860c5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
14 changed files with 153 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

4
CHANGELOG.md
View file

@ -1,5 +1,9 @@
# CodeQL Action and CodeQL Runner Changelog
## 1.0.7 - 21 Jul 2021
No user facing changes.
## 1.0.6 - 19 Jul 2021
- The `init` step of the Action now supports a `source-root` input as a path to the root source-code directory. By default, the path is relative to `$GITHUB_WORKSPACE`. [#607](https://github.com/github/codeql-action/pull/607)

11
lib/analyze.js generated
View file

@ -219,12 +219,14 @@ async function runCleanup(config, cleanupLevel, logger) {
}
exports.runCleanup = runCleanup;
async function injectLinesOfCode(sarifFile, language, locPromise) {
var _a;
const lineCounts = await locPromise;
const idPrefix = count_loc_1.getIdPrefix(language);
if (language in lineCounts) {
const sarif = JSON.parse(fs.readFileSync(sarifFile, "utf8"));
if (Array.isArray(sarif.runs)) {
for (const run of sarif.runs) {
// Old style: Baseline is inserted when rule ID has suffix /summary/lines-of-code
const ruleId = `${idPrefix}/summary/lines-of-code`;
run.properties = run.properties || {};
run.properties.metricResults = run.properties.metricResults || [];
@ -235,6 +237,15 @@ async function injectLinesOfCode(sarifFile, language, locPromise) {
if (rule) {
rule.baseline = lineCounts[language];
}
// New style: Baseline is inserted when matching rule has tag lines-of-code
for (const metric of run.properties.metricResults) {
if (metric.rule && metric.rule.toolComponent) {
const matchingRule = run.tool.extensions[metric.rule.toolComponent.index].rules[metric.rule.index];
if ((_a = matchingRule.properties.tags) === null || _a === void 0 ? void 0 : _a.includes("lines-of-code")) {
metric.baseline = lineCounts[language];
}
}
}
}
}
fs.writeFileSync(sarifFile, JSON.stringify(sarif));

2
lib/analyze.js.map
View file

File diff suppressed because one or more lines are too long

43
lib/analyze.test.js generated
View file

@ -88,6 +88,35 @@ ava_1.default("status report fields and search path setting", async (t) => {
],
},
},
// variant 3 references a rule with the lines-of-code tag
{
tool: {
extensions: [
{
rules: [
{
properties: {
tags: ["lines-of-code"],
},
},
],
},
],
},
properties: {
metricResults: [
{
rule: {
index: 0,
toolComponent: {
index: 0,
},
},
value: 123,
},
],
},
},
{},
],
}));
@ -180,8 +209,20 @@ ava_1.default("status report fields and search path setting", async (t) => {
baseline: lineCount,
},
]);
t.deepEqual(sarif.runs[2].properties.metricResults, [
{
rule: {
index: 0,
toolComponent: {
index: 0,
},
},
value: 123,
baseline: lineCount,
},
]);
// when the rule doesn't exist, it should not be added
t.deepEqual(sarif.runs[2].properties.metricResults, []);
t.deepEqual(sarif.runs[3].properties.metricResults, []);
}
function verifyQuerySuites(tmpDir) {
const qlsContent = [

2
lib/analyze.test.js.map
View file

File diff suppressed because one or more lines are too long

7
node_modules/glob-parent/CHANGELOG.md generated vendored
View file

@ -4,6 +4,13 @@
- eliminate ReDoS ([#36](https://github.com/gulpjs/glob-parent/issues/36)) ([f923116](https://github.com/gulpjs/glob-parent/commit/f9231168b0041fea3f8f954b3cceb56269fc6366))
### [6.0.1](https://www.github.com/gulpjs/glob-parent/compare/v6.0.0...v6.0.1) (2021-07-20)
### Bug Fixes
* Resolve ReDoS vulnerability from CVE-2021-35065 ([#49](https://www.github.com/gulpjs/glob-parent/issues/49)) ([3e9f04a](https://www.github.com/gulpjs/glob-parent/commit/3e9f04a3b4349db7e1962d87c9a7398cda51f339))
## [6.0.0](https://www.github.com/gulpjs/glob-parent/compare/v5.1.2...v6.0.0) (2021-05-03)
### ⚠ BREAKING CHANGES

26
node_modules/glob-parent/index.js generated vendored
View file

@ -6,7 +6,6 @@ var isWin32 = require('os').platform() === 'win32';
var slash = '/';
var backslash = /\\/g;
var enclosure = /[{[].*\/.*[}\]]$/;
var globby = /(^|[^\\])([{[]|\([^)]+$)/;
var escaped = /\\([!*?|[\](){}])/g;
@ -24,7 +23,7 @@ module.exports = function globParent(str, opts) {
}
// special case for strings ending in enclosure containing path separator
if (enclosure.test(str)) {
if (isEnclosure(str)) {
str += slash;
}
@ -39,3 +38,26 @@ module.exports = function globParent(str, opts) {
// remove escape chars and return result
return str.replace(escaped, '$1');
};
function isEnclosure(str) {
var lastChar = str.slice(-1);
var enclosureStart;
switch (lastChar) {
case '}':
enclosureStart = '{';
break;
case ']':
enclosureStart = '[';
break;
default:
return false;
}
var foundIndex = str.indexOf(enclosureStart);
if (foundIndex < 0) {
return false;
}
return str.slice(foundIndex + 1, -1).includes(slash);
}

2
node_modules/glob-parent/package.json generated vendored
View file

@ -1,6 +1,6 @@
{
"name": "glob-parent",
"version": "6.0.0",
"version": "6.0.1",
"description": "Extract the non-magic parent path from a glob string.",
"author": "Gulp Team <team@gulpjs.com> (https://gulpjs.com/)",
"contributors": [

2
package-lock.json generated
View file

@ -1,6 +1,6 @@
{
"name": "codeql",
"version": "1.0.6",
"version": "1.0.7",
"lockfileVersion": 2,
"requires": true,
"packages": {

2
package.json
View file

@ -1,6 +1,6 @@
{
"name": "codeql",
"version": "1.0.6",
"version": "1.0.7",
"private": true,
"description": "CodeQL action",
"scripts": {

2
runner/package-lock.json generated
View file

@ -1,6 +1,6 @@
{
"name": "codeql-runner",
"version": "1.0.6",
"version": "1.0.7",
"lockfileVersion": 1,
"requires": true,
"dependencies": {

2
runner/package.json
View file

@ -1,6 +1,6 @@
{
"name": "codeql-runner",
"version": "1.0.6",
"version": "1.0.7",
"private": true,
"description": "CodeQL runner",
"scripts": {

43
src/analyze.test.ts
View file

@ -94,6 +94,35 @@ test("status report fields and search path setting", async (t) => {
],
},
},
// variant 3 references a rule with the lines-of-code tag
{
tool: {
extensions: [
{
rules: [
{
properties: {
tags: ["lines-of-code"],
},
},
],
},
],
},
properties: {
metricResults: [
{
rule: {
index: 0,
toolComponent: {
index: 0,
},
},
value: 123,
},
],
},
},
{},
],
})
@ -233,8 +262,20 @@ test("status report fields and search path setting", async (t) => {
baseline: lineCount,
},
]);
t.deepEqual(sarif.runs[2].properties.metricResults, [
{
rule: {
index: 0,
toolComponent: {
index: 0,
},
},
value: 123,
baseline: lineCount,
},
]);
// when the rule doesn't exist, it should not be added
t.deepEqual(sarif.runs[2].properties.metricResults, []);
t.deepEqual(sarif.runs[3].properties.metricResults, []);
}
function verifyQuerySuites(tmpDir: string) {

16
src/analyze.ts
View file

@ -415,8 +415,10 @@ async function injectLinesOfCode(
const idPrefix = getIdPrefix(language);
if (language in lineCounts) {
const sarif = JSON.parse(fs.readFileSync(sarifFile, "utf8"));
if (Array.isArray(sarif.runs)) {
for (const run of sarif.runs) {
// Old style: Baseline is inserted when rule ID has suffix /summary/lines-of-code
const ruleId = `${idPrefix}/summary/lines-of-code`;
run.properties = run.properties || {};
run.properties.metricResults = run.properties.metricResults || [];
@ -428,8 +430,22 @@ async function injectLinesOfCode(
if (rule) {
rule.baseline = lineCounts[language];
}
// New style: Baseline is inserted when matching rule has tag lines-of-code
for (const metric of run.properties.metricResults) {
if (metric.rule && metric.rule.toolComponent) {
const matchingRule =
run.tool.extensions[metric.rule.toolComponent.index].rules[
metric.rule.index
];
if (matchingRule.properties.tags?.includes("lines-of-code")) {
metric.baseline = lineCounts[language];
}
}
}
}
}
fs.writeFileSync(sarifFile, JSON.stringify(sarif));
}
}