feat: classify some observed SARIF errors as InvalidSarifUploadError

2025-03-31 12:17:23 +01:00 · 2025-03-31 12:17:23 +01:00 · 72a2b1295e
commit 72a2b1295e
parent a022653e2d
6 changed files with 99 additions and 8 deletions
--- a/lib/upload-lib.js
+++ b/lib/upload-lib.js
@ -44,6 +44,8 @@ exports.validateSarifFileSchema = validateSarifFileSchema;
 exports.buildPayload = buildPayload;
 exports.uploadFiles = uploadFiles;
 exports.waitForProcessing = waitForProcessing;
+exports.shouldConsiderConfigurationError = shouldConsiderConfigurationError;
+exports.shouldConsiderInvalidRequest = shouldConsiderInvalidRequest;
 exports.validateUniqueCategory = validateUniqueCategory;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
@ -524,9 +526,12 @@ async function waitForProcessing(repositoryNwo, sarifID, logger, options = {
 * Returns whether the provided processing errors are a configuration error.
 */
 function shouldConsiderConfigurationError(processingErrors) {
+    const expectedConfigErrors = [
+        "CodeQL analyses from advanced configurations cannot be processed when the default setup is enabled",
+        "rejecting delivery as the repository has too many logical alerts",
+    ];
    return (processingErrors.length === 1 &&
-        processingErrors[0] ===
-            "CodeQL analyses from advanced configurations cannot be processed when the default setup is enabled");
+        expectedConfigErrors.some((msg) => processingErrors[0].includes(msg)));
 }
 /**
 * Returns whether the provided processing errors are the result of an invalid SARIF upload request.
@ -535,6 +540,7 @@ function shouldConsiderInvalidRequest(processingErrors) {
    return processingErrors.every((error) => error.startsWith("rejecting SARIF") ||
        error.startsWith("an invalid URI was provided as a SARIF location") ||
        error.startsWith("locationFromSarifResult: expected artifact location") ||
+        error.startsWith("SyntaxError: Unexpected end of JSON input") ||
        error.startsWith("could not convert rules: invalid security severity value, is not a number") ||
        /^SARIF URI scheme [^\s]* did not match the checkout URI scheme [^\s]*/.test(error));
 }
--- a/lib/upload-lib.js.map
+++ b/lib/upload-lib.js.map
--- a/lib/upload-lib.test.js
+++ b/lib/upload-lib.test.js
@ -244,6 +244,41 @@ ava_1.default.beforeEach(() => {
        type: util_1.GitHubVariant.DOTCOM,
    }));
 });
+(0, ava_1.default)("shouldConsiderConfigurationError correctly detects configuration errors", (t) => {
+    const error1 = [
+        "CodeQL analyses from advanced configurations cannot be processed when the default setup is enabled",
+    ];
+    t.true(uploadLib.shouldConsiderConfigurationError(error1));
+    const error2 = [
+        "rejecting delivery as the repository has too many logical alerts",
+    ];
+    t.true(uploadLib.shouldConsiderConfigurationError(error2));
+    // We fail cases where we get > 1 error messages back
+    const error3 = [
+        "rejecting delivery as the repository has too many alerts",
+        "extra error message",
+    ];
+    t.false(uploadLib.shouldConsiderConfigurationError(error3));
+});
+(0, ava_1.default)("shouldConsiderInvalidRequest returns correct recognises processing errors", (t) => {
+    const error1 = [
+        "rejecting SARIF",
+        "an invalid URI was provided as a SARIF location",
+    ];
+    t.true(uploadLib.shouldConsiderInvalidRequest(error1));
+    const error2 = [
+        "locationFromSarifResult: expected artifact location",
+        "SyntaxError: Unexpected end of JSON input",
+    ];
+    t.true(uploadLib.shouldConsiderInvalidRequest(error2));
+    // We expect ALL errors to be of processing errors, for the outcome to be classified as
+    // an invalid SARIF upload error.
+    const error3 = [
+        "could not convert rules: invalid security severity value, is not a number",
+        "an unknown error occurred",
+    ];
+    t.false(uploadLib.shouldConsiderInvalidRequest(error3));
+});
 function createMockSarif(id, tool) {
    return {
        runs: [
--- a/lib/upload-lib.test.js.map
+++ b/lib/upload-lib.test.js.map
--- a/src/upload-lib.test.ts
+++ b/src/upload-lib.test.ts
@ -405,6 +405,47 @@ test("shouldShowCombineSarifFilesDeprecationWarning when environment variable is
  );
 });

+test("shouldConsiderConfigurationError correctly detects configuration errors", (t) => {
+  const error1 = [
+    "CodeQL analyses from advanced configurations cannot be processed when the default setup is enabled",
+  ];
+  t.true(uploadLib.shouldConsiderConfigurationError(error1));
+
+  const error2 = [
+    "rejecting delivery as the repository has too many logical alerts",
+  ];
+  t.true(uploadLib.shouldConsiderConfigurationError(error2));
+
+  // We fail cases where we get > 1 error messages back
+  const error3 = [
+    "rejecting delivery as the repository has too many alerts",
+    "extra error message",
+  ];
+  t.false(uploadLib.shouldConsiderConfigurationError(error3));
+});
+
+test("shouldConsiderInvalidRequest returns correct recognises processing errors", (t) => {
+  const error1 = [
+    "rejecting SARIF",
+    "an invalid URI was provided as a SARIF location",
+  ];
+  t.true(uploadLib.shouldConsiderInvalidRequest(error1));
+
+  const error2 = [
+    "locationFromSarifResult: expected artifact location",
+    "SyntaxError: Unexpected end of JSON input",
+  ];
+  t.true(uploadLib.shouldConsiderInvalidRequest(error2));
+
+  // We expect ALL errors to be of processing errors, for the outcome to be classified as
+  // an invalid SARIF upload error.
+  const error3 = [
+    "could not convert rules: invalid security severity value, is not a number",
+    "an unknown error occurred",
+  ];
+  t.false(uploadLib.shouldConsiderInvalidRequest(error3));
+});
+
 function createMockSarif(id?: string, tool?: string) {
  return {
    runs: [
--- a/src/upload-lib.ts
+++ b/src/upload-lib.ts
@ -734,23 +734,32 @@ export async function waitForProcessing(
 /**
 * Returns whether the provided processing errors are a configuration error.
 */
-function shouldConsiderConfigurationError(processingErrors: string[]): boolean {
+export function shouldConsiderConfigurationError(
+  processingErrors: string[],
+): boolean {
+  const expectedConfigErrors = [
+    "CodeQL analyses from advanced configurations cannot be processed when the default setup is enabled",
+    "rejecting delivery as the repository has too many logical alerts",
+  ];
+
  return (
    processingErrors.length === 1 &&
-    processingErrors[0] ===
-      "CodeQL analyses from advanced configurations cannot be processed when the default setup is enabled"
+    expectedConfigErrors.some((msg) => processingErrors[0].includes(msg))
  );
 }

 /**
 * Returns whether the provided processing errors are the result of an invalid SARIF upload request.
 */
-function shouldConsiderInvalidRequest(processingErrors: string[]): boolean {
+export function shouldConsiderInvalidRequest(
+  processingErrors: string[],
+): boolean {
  return processingErrors.every(
    (error) =>
      error.startsWith("rejecting SARIF") ||
      error.startsWith("an invalid URI was provided as a SARIF location") ||
      error.startsWith("locationFromSarifResult: expected artifact location") ||
+      error.startsWith("SyntaxError: Unexpected end of JSON input") ||
      error.startsWith(
        "could not convert rules: invalid security severity value, is not a number",
      ) ||