robojerk/codeql-action

Merge pull request #1631 from github/henrymercer/duplicate-diagnostics-fixed-in-cli

Browse source 
Skip the SARIF notification object workaround for CLIs that have fixed this bug
This commit is contained in:
Henry Mercer 2023-04-05 10:46:12 +01:00 committed by GitHub
commit 66aeadb4c9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
11 changed files with 73 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

6
.github/workflows/__diagnostics-export.yml generated vendored
View file

@ -25,6 +25,12 @@ jobs:
strategy: strategy:
matrix: matrix:
include: include:
- os: ubuntu-latest
version: stable-20230317
- os: macos-latest
version: stable-20230317
- os: windows-latest
version: stable-20230317
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: latest
- os: macos-latest - os: macos-latest

26
lib/codeql.js generated
View file

@ -23,7 +23,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
return result; return result;
}; };
Object.defineProperty(exports, "__esModule", { value: true }); Object.defineProperty(exports, "__esModule", { value: true });
exports.enrichEnvironment = exports.getExtraOptions = exports.getCodeQLForCmd = exports.getCodeQLForTesting = exports.getCachedCodeQL = exports.setCodeQL = exports.getCodeQL = exports.setupCodeQL = exports.CODEQL_VERSION_INIT_WITH_QLCONFIG = exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = exports.CODEQL_VERSION_BETTER_RESOLVE_LANGUAGES = exports.CODEQL_VERSION_ML_POWERED_QUERIES_WINDOWS = exports.CODEQL_VERSION_TRACING_GLIBC_2_34 = exports.CODEQL_VERSION_NEW_TRACING = exports.CODEQL_VERSION_GHES_PACK_DOWNLOAD = exports.CommandInvocationError = void 0; exports.enrichEnvironment = exports.getExtraOptions = exports.getCodeQLForCmd = exports.getCodeQLForTesting = exports.getCachedCodeQL = exports.setCodeQL = exports.getCodeQL = exports.setupCodeQL = exports.CODEQL_VERSION_DUPLICATE_NOTIFICATIONS_FIXED = exports.CODEQL_VERSION_INIT_WITH_QLCONFIG = exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = exports.CODEQL_VERSION_BETTER_RESOLVE_LANGUAGES = exports.CODEQL_VERSION_ML_POWERED_QUERIES_WINDOWS = exports.CODEQL_VERSION_TRACING_GLIBC_2_34 = exports.CODEQL_VERSION_NEW_TRACING = exports.CODEQL_VERSION_GHES_PACK_DOWNLOAD = exports.CommandInvocationError = void 0;
const fs = __importStar(require("fs")); const fs = __importStar(require("fs"));
const path = __importStar(require("path")); const path = __importStar(require("path"));
const core = __importStar(require("@actions/core")); const core = __importStar(require("@actions/core"));
@ -106,6 +106,11 @@ exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = "2.12.1";
* Versions 2.12.4+ of the CodeQL CLI support the `--qlconfig-file` flag in calls to `database init`. * Versions 2.12.4+ of the CodeQL CLI support the `--qlconfig-file` flag in calls to `database init`.
*/ */
exports.CODEQL_VERSION_INIT_WITH_QLCONFIG = "2.12.4"; exports.CODEQL_VERSION_INIT_WITH_QLCONFIG = "2.12.4";
/**
* Versions 2.12.6+ of the CodeQL CLI fix a bug where duplicate notification objects could be produced,
* leading to an invalid SARIF output.
*/
exports.CODEQL_VERSION_DUPLICATE_NOTIFICATIONS_FIXED = "2.12.6";
/** /**
* Set up CodeQL CLI access. * Set up CodeQL CLI access.
* *
@ -509,7 +514,9 @@ async function getCodeQLForCmd(cmd, checkVersion) {
}, },
async databaseInterpretResults(databasePath, querySuitePaths, sarifFile, addSnippetsFlag, threadsFlag, verbosityFlag, automationDetailsId, config, features, logger) { async databaseInterpretResults(databasePath, querySuitePaths, sarifFile, addSnippetsFlag, threadsFlag, verbosityFlag, automationDetailsId, config, features, logger) {
const shouldExportDiagnostics = await features.getValue(feature_flags_1.Feature.ExportDiagnosticsEnabled, this); const shouldExportDiagnostics = await features.getValue(feature_flags_1.Feature.ExportDiagnosticsEnabled, this);
const codeqlOutputFile = shouldExportDiagnostics const shouldWorkaroundInvalidNotifications = shouldExportDiagnostics &&
!(await util.codeQlVersionAbove(this, exports.CODEQL_VERSION_DUPLICATE_NOTIFICATIONS_FIXED));
const codeqlOutputFile = shouldWorkaroundInvalidNotifications
? path.join(config.tempDir, "codeql-intermediate-results.sarif") ? path.join(config.tempDir, "codeql-intermediate-results.sarif")
: sarifFile; : sarifFile;
const codeqlArgs = [ const codeqlArgs = [
@ -546,7 +553,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
} }
// capture stdout, which contains analysis summaries // capture stdout, which contains analysis summaries
const returnState = await (0, toolrunner_error_catcher_1.toolrunnerErrorCatcher)(cmd, codeqlArgs, error_matcher_1.errorMatchers); const returnState = await (0, toolrunner_error_catcher_1.toolrunnerErrorCatcher)(cmd, codeqlArgs, error_matcher_1.errorMatchers);
if (shouldExportDiagnostics) { if (shouldWorkaroundInvalidNotifications) {
util.fixInvalidNotificationsInFile(codeqlOutputFile, sarifFile, logger); util.fixInvalidNotificationsInFile(codeqlOutputFile, sarifFile, logger);
} }
return returnState.stdout; return returnState.stdout;
@ -626,14 +633,17 @@ async function getCodeQLForCmd(cmd, checkVersion) {
await new toolrunner.ToolRunner(cmd, args).exec(); await new toolrunner.ToolRunner(cmd, args).exec();
}, },
async databaseExportDiagnostics(databasePath, sarifFile, automationDetailsId, tempDir, logger) { async databaseExportDiagnostics(databasePath, sarifFile, automationDetailsId, tempDir, logger) {
const intermediateSarifFile = path.join(tempDir, "codeql-intermediate-results.sarif"); const shouldWorkaroundInvalidNotifications = !(await util.codeQlVersionAbove(this, exports.CODEQL_VERSION_DUPLICATE_NOTIFICATIONS_FIXED));
const codeqlOutputFile = shouldWorkaroundInvalidNotifications
? path.join(tempDir, "codeql-intermediate-results.sarif")
: sarifFile;
const args = [ const args = [
"database", "database",
"export-diagnostics", "export-diagnostics",
`${databasePath}`, `${databasePath}`,
"--db-cluster", "--db-cluster",
"--format=sarif-latest", "--format=sarif-latest",
`--output=${intermediateSarifFile}`, `--output=${codeqlOutputFile}`,
"--sarif-include-diagnostics", "--sarif-include-diagnostics",
"-vvv", "-vvv",
...getExtraOptionsFromEnv(["diagnostics", "export"]), ...getExtraOptionsFromEnv(["diagnostics", "export"]),
@ -642,8 +652,10 @@ async function getCodeQLForCmd(cmd, checkVersion) {
args.push("--sarif-category", automationDetailsId); args.push("--sarif-category", automationDetailsId);
} }
await new toolrunner.ToolRunner(cmd, args).exec(); await new toolrunner.ToolRunner(cmd, args).exec();
// Fix invalid notifications in the SARIF file output by CodeQL. if (shouldWorkaroundInvalidNotifications) {
util.fixInvalidNotificationsInFile(intermediateSarifFile, sarifFile, logger); // Fix invalid notifications in the SARIF file output by CodeQL.
util.fixInvalidNotificationsInFile(codeqlOutputFile, sarifFile, logger);
}
}, },
async diagnosticsExport(sarifFile, automationDetailsId, config, features) { async diagnosticsExport(sarifFile, automationDetailsId, config, features) {
const args = [ const args = [

2
lib/codeql.js.map
View file

File diff suppressed because one or more lines are too long

3
lib/util.js generated
View file

@ -719,6 +719,9 @@ function fixInvalidNotifications(sarif, logger) {
logger.info(`Removed ${numDuplicateLocationsRemoved} duplicate locations from SARIF notification ` + logger.info(`Removed ${numDuplicateLocationsRemoved} duplicate locations from SARIF notification ` +
"objects."); "objects.");
} }
else {
logger.debug("No duplicate locations found in SARIF notification objects.");
}
return newSarif; return newSarif;
} }
exports.fixInvalidNotifications = fixInvalidNotifications; exports.fixInvalidNotifications = fixInvalidNotifications;

2
lib/util.js.map
View file

File diff suppressed because one or more lines are too long

6
lib/util.test.js generated
View file

@ -363,7 +363,11 @@ const stubLocation = {
const messages = []; const messages = [];
const result = util.fixInvalidNotifications(createMockSarifWithNotification([stubLocation]), (0, testing_utils_1.getRecordingLogger)(messages)); const result = util.fixInvalidNotifications(createMockSarifWithNotification([stubLocation]), (0, testing_utils_1.getRecordingLogger)(messages));
t.deepEqual(result, createMockSarifWithNotification([stubLocation])); t.deepEqual(result, createMockSarifWithNotification([stubLocation]));
t.is(messages.length, 0); t.is(messages.length, 1);
t.deepEqual(messages[0], {
type: "debug",
message: "No duplicate locations found in SARIF notification objects.",
});
}); });
(0, ava_1.default)("fixInvalidNotifications removes duplicate locations", (t) => { (0, ava_1.default)("fixInvalidNotifications removes duplicate locations", (t) => {
const messages = []; const messages = [];

2
lib/util.test.js.map
View file

File diff suppressed because one or more lines are too long

4
pr-checks/checks/diagnostics-export.yml
View file

@ -1,6 +1,8 @@
name: "Diagnostic export" name: "Diagnostic export"
description: "Tests that manually added diagnostics are correctly exported to SARIF." description: "Tests that manually added diagnostics are correctly exported to SARIF."
versions: ["latest", "nightly-latest"] # Test on 2.12.5 (which requires a workaround in the Action), the latest release, and the latest
# nightly.
versions: ["stable-20230317", "latest", "nightly-latest"]
env: env:
CODEQL_ACTION_EXPORT_DIAGNOSTICS: true CODEQL_ACTION_EXPORT_DIAGNOSTICS: true
steps: steps:

40
src/codeql.ts
View file

@ -319,6 +319,12 @@ export const CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = "2.12.1";
*/ */
export const CODEQL_VERSION_INIT_WITH_QLCONFIG = "2.12.4"; export const CODEQL_VERSION_INIT_WITH_QLCONFIG = "2.12.4";
/**
* Versions 2.12.6+ of the CodeQL CLI fix a bug where duplicate notification objects could be produced,
* leading to an invalid SARIF output.
*/
export const CODEQL_VERSION_DUPLICATE_NOTIFICATIONS_FIXED = "2.12.6";
/** /**
* Set up CodeQL CLI access. * Set up CodeQL CLI access.
* *
@ -878,7 +884,13 @@ export async function getCodeQLForCmd(
Feature.ExportDiagnosticsEnabled, Feature.ExportDiagnosticsEnabled,
this this
); );
const codeqlOutputFile = shouldExportDiagnostics const shouldWorkaroundInvalidNotifications =
shouldExportDiagnostics &&
!(await util.codeQlVersionAbove(
this,
CODEQL_VERSION_DUPLICATE_NOTIFICATIONS_FIXED
));
const codeqlOutputFile = shouldWorkaroundInvalidNotifications
? path.join(config.tempDir, "codeql-intermediate-results.sarif") ? path.join(config.tempDir, "codeql-intermediate-results.sarif")
: sarifFile; : sarifFile;
const codeqlArgs = [ const codeqlArgs = [
@ -924,7 +936,7 @@ export async function getCodeQLForCmd(
errorMatchers errorMatchers
); );
if (shouldExportDiagnostics) { if (shouldWorkaroundInvalidNotifications) {
util.fixInvalidNotificationsInFile(codeqlOutputFile, sarifFile, logger); util.fixInvalidNotificationsInFile(codeqlOutputFile, sarifFile, logger);
} }
@ -1027,17 +1039,21 @@ export async function getCodeQLForCmd(
tempDir: string, tempDir: string,
logger: Logger logger: Logger
): Promise<void> { ): Promise<void> {
const intermediateSarifFile = path.join( const shouldWorkaroundInvalidNotifications =
tempDir, !(await util.codeQlVersionAbove(
"codeql-intermediate-results.sarif" this,
); CODEQL_VERSION_DUPLICATE_NOTIFICATIONS_FIXED
));
const codeqlOutputFile = shouldWorkaroundInvalidNotifications
? path.join(tempDir, "codeql-intermediate-results.sarif")
: sarifFile;
const args = [ const args = [
"database", "database",
"export-diagnostics", "export-diagnostics",
`${databasePath}`, `${databasePath}`,
"--db-cluster", // Database is always a cluster for CodeQL versions that support diagnostics. "--db-cluster", // Database is always a cluster for CodeQL versions that support diagnostics.
"--format=sarif-latest", "--format=sarif-latest",
`--output=${intermediateSarifFile}`, `--output=${codeqlOutputFile}`,
"--sarif-include-diagnostics", // ExportDiagnosticsEnabled is always true if this command is run. "--sarif-include-diagnostics", // ExportDiagnosticsEnabled is always true if this command is run.
"-vvv", "-vvv",
...getExtraOptionsFromEnv(["diagnostics", "export"]), ...getExtraOptionsFromEnv(["diagnostics", "export"]),
@ -1047,12 +1063,10 @@ export async function getCodeQLForCmd(
} }
await new toolrunner.ToolRunner(cmd, args).exec(); await new toolrunner.ToolRunner(cmd, args).exec();
// Fix invalid notifications in the SARIF file output by CodeQL. if (shouldWorkaroundInvalidNotifications) {
util.fixInvalidNotificationsInFile( // Fix invalid notifications in the SARIF file output by CodeQL.
intermediateSarifFile, util.fixInvalidNotificationsInFile(codeqlOutputFile, sarifFile, logger);
sarifFile, }
logger
);
}, },
async diagnosticsExport( async diagnosticsExport(
sarifFile: string, sarifFile: string,

6
src/util.test.ts
View file

@ -441,7 +441,11 @@ test("fixInvalidNotifications leaves notifications with unique locations alone",
getRecordingLogger(messages) getRecordingLogger(messages)
); );
t.deepEqual(result, createMockSarifWithNotification([stubLocation])); t.deepEqual(result, createMockSarifWithNotification([stubLocation]));
t.is(messages.length, 0); t.is(messages.length, 1);
t.deepEqual(messages[0], {
type: "debug",
message: "No duplicate locations found in SARIF notification objects.",
});
}); });
test("fixInvalidNotifications removes duplicate locations", (t) => { test("fixInvalidNotifications removes duplicate locations", (t) => {

2
src/util.ts
View file

@ -875,6 +875,8 @@ export function fixInvalidNotifications(
`Removed ${numDuplicateLocationsRemoved} duplicate locations from SARIF notification ` + `Removed ${numDuplicateLocationsRemoved} duplicate locations from SARIF notification ` +
"objects." "objects."
); );
} else {
logger.debug("No duplicate locations found in SARIF notification objects.");
} }
return newSarif; return newSarif;
} }