Merge remote-tracking branch 'origin/main' into hmakholm/pr/2.7.1

2021-11-15 20:05:55 +01:00 · 2021-11-15 20:05:55 +01:00 · 720bf9d157
commit 720bf9d157
parent 37a4db94ad bbf0a22e84
10 changed files with 101 additions and 22 deletions
--- a/src/actions-util.ts
+++ b/src/actions-util.ts
@ -85,6 +85,7 @@ export const getCommitOid = async function (ref = "HEAD"): Promise<string> {
    core.info(
      `Failed to call git to get current commit. Continuing with data from environment: ${e}`
    );
+    core.info((e as Error).stack || "NO STACK");
    return getRequiredEnvParam("GITHUB_SHA");
  }
 };
--- a/src/upload-lib.test.ts
+++ b/src/upload-lib.test.ts
@ -175,3 +175,24 @@ test("populateRunAutomationDetails", (t) => {
  );
  t.deepEqual(modifiedSarif, expectedSarif);
 });
+
+test("validateUniqueCategory", (t) => {
+  t.notThrows(() => uploadLib.validateUniqueCategory(undefined));
+  t.throws(() => uploadLib.validateUniqueCategory(undefined));
+
+  t.notThrows(() => uploadLib.validateUniqueCategory("abc"));
+  t.throws(() => uploadLib.validateUniqueCategory("abc"));
+
+  t.notThrows(() => uploadLib.validateUniqueCategory("def"));
+  t.throws(() => uploadLib.validateUniqueCategory("def"));
+
+  // Our category sanitization is not perfect. Here are some examples
+  // of where we see false clashes
+  t.notThrows(() => uploadLib.validateUniqueCategory("abc/def"));
+  t.throws(() => uploadLib.validateUniqueCategory("abc@def"));
+  t.throws(() => uploadLib.validateUniqueCategory("abc_def"));
+  t.throws(() => uploadLib.validateUniqueCategory("abc def"));
+
+  // this one is fine
+  t.notThrows(() => uploadLib.validateUniqueCategory("abc_ def"));
+});
--- a/src/upload-lib.ts
+++ b/src/upload-lib.ts
@ -343,16 +343,7 @@ async function uploadFiles(
  logger.startGroup("Uploading results");
  logger.info(`Processing sarif files: ${JSON.stringify(sarifFiles)}`);

-  if (util.isActions()) {
-    // This check only works on actions as env vars don't persist between calls to the runner
-    const sentinelEnvVar = "CODEQL_UPLOAD_SARIF";
-    if (process.env[sentinelEnvVar]) {
-      throw new Error(
-        "Aborting upload: only one run of the codeql/analyze or codeql/upload-sarif actions is allowed per job"
-      );
-    }
-    core.exportVariable(sentinelEnvVar, sentinelEnvVar);
-  }
+  validateUniqueCategory(category);

  // Validate that the files we were asked to upload are all valid SARIF files
  for (const file of sarifFiles) {
@ -409,3 +400,33 @@ async function uploadFiles(
    num_results_in_sarif: numResultInSarif,
  };
 }
+
+export function validateUniqueCategory(category: string | undefined) {
+  if (util.isActions()) {
+    // This check only works on actions as env vars don't persist between calls to the runner
+    const sentinelEnvVar = `CODEQL_UPLOAD_SARIF${
+      category ? `_${sanitize(category)}` : ""
+    }`;
+    if (process.env[sentinelEnvVar]) {
+      throw new Error(
+        "Aborting upload: only one run of the codeql/analyze or codeql/upload-sarif actions is allowed per job per category. " +
+          "Please specify a unique `category` to call this action multiple times. " +
+          `Category: ${category ? category : "(none)"}`
+      );
+    }
+    core.exportVariable(sentinelEnvVar, sentinelEnvVar);
+  }
+}
+
+/**
+ * Santizes a string to be used as an environment variable name.
+ * This will replace all non-alphanumeric characters with underscores.
+ * There could still be some false category clashes if two uploads
+ * occur that differ only in their non-alphanumeric characters. This is
+ * unlikely.
+ *
+ * @param str the initial value to sanitize
+ */
+function sanitize(str: string) {
+  return str.replace(/[^a-zA-Z0-9_]/g, "_");
+}