robojerk/codeql-action

Merge branch 'main' into henrymercer/pr-check-validate-node-12-build

Browse source
This commit is contained in:
Henry Mercer 2022-03-29 13:27:16 +01:00
commit 73ba7ffb48
26 changed files with 114 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

2
CHANGELOG.md
View file

@ -2,7 +2,7 @@
## [UNRELEASED] ## [UNRELEASED]
- The CodeQL Action now runs on Node.js v16. [#1000](https://github.com/github/codeql-action/pull/1000) - [v2+ only] The CodeQL Action now runs on Node.js v16. [#1000](https://github.com/github/codeql-action/pull/1000)
## 1.1.5 - 15 Mar 2022 ## 1.1.5 - 15 Mar 2022

3
lib/analysis-paths.test.js generated
View file

@ -45,6 +45,7 @@ const util = __importStar(require("./util"));
debugMode: false, debugMode: false,
debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME, debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME, debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
injectedMlQueries: false,
}; };
analysisPaths.includeAndExcludeAnalysisPaths(config); analysisPaths.includeAndExcludeAnalysisPaths(config);
t.is(process.env["LGTM_INDEX_INCLUDE"], undefined); t.is(process.env["LGTM_INDEX_INCLUDE"], undefined);
@ -69,6 +70,7 @@ const util = __importStar(require("./util"));
debugMode: false, debugMode: false,
debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME, debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME, debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
injectedMlQueries: false,
}; };
analysisPaths.includeAndExcludeAnalysisPaths(config); analysisPaths.includeAndExcludeAnalysisPaths(config);
t.is(process.env["LGTM_INDEX_INCLUDE"], "path1\npath2"); t.is(process.env["LGTM_INDEX_INCLUDE"], "path1\npath2");
@ -94,6 +96,7 @@ const util = __importStar(require("./util"));
debugMode: false, debugMode: false,
debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME, debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME, debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
injectedMlQueries: false,
}; };
analysisPaths.includeAndExcludeAnalysisPaths(config); analysisPaths.includeAndExcludeAnalysisPaths(config);
t.is(process.env["LGTM_INDEX_INCLUDE"], undefined); t.is(process.env["LGTM_INDEX_INCLUDE"], undefined);

2
lib/analysis-paths.test.js.map
View file

@ -1 +1 @@
{"version":3,"file":"analysis-paths.test.js","sourceRoot":"","sources":["../src/analysis-paths.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAA6B;AAE7B,8CAAuB;AAEvB,gEAAkD;AAClD,mDAA6C;AAC7C,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,IAAA,aAAI,EAAC,YAAY,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC7B,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAC5C,MAAM,MAAM,GAAG;YACb,SAAS,EAAE,EAAE;YACb,OAAO,EAAE,EAAE;YACX,WAAW,EAAE,EAAE;YACf,KAAK,EAAE,EAAE;YACT,iBAAiB,EAAE,EAAE;YACrB,OAAO,EAAE,MAAM;YACf,YAAY,EAAE,MAAM;YACpB,SAAS,EAAE,EAAE;YACb,aAAa,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,EAAwB;YACxE,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,kBAAkB,CAAC;YACpD,KAAK,EAAE,EAAE;YACT,SAAS,EAAE,KAAK;YAChB,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;YACnD,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;SACpD,CAAC;QACF,aAAa,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC;QACrD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;QACnD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;QACnD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,eAAe,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAChC,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAC5C,MAAM,MAAM,GAAG;YACb,SAAS,EAAE,EAAE;YACb,OAAO,EAAE,EAAE;YACX,KAAK,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC;YACrC,WAAW,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC;YAC3C,iBAAiB,EAAE,EAAE;YACrB,OAAO,EAAE,MAAM;YACf,YAAY,EAAE,MAAM;YACpB,SAAS,EAAE,EAAE;YACb,aAAa,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,EAAwB;YACxE,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,kBAAkB,CAAC;YACpD,KAAK,EAAE,EAAE;YACT,SAAS,EAAE,KAAK;YAChB,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;YACnD,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;SACpD,CAAC;QACF,aAAa,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC;QACrD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,cAAc,CAAC,CAAC;QACxD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,cAAc,CAAC,CAAC;QACxD,CAAC,CAAC,EAAE,CACF,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EACjC,gGAAgG,CACjG,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,kBAAkB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACnC,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,YAAY,EAAE,EAAE;QAClD,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,oBAAoB,CAAC,CAAC;QAC/D,MAAM,MAAM,GAAG;YACb,SAAS,EAAE,EAAE;YACb,OAAO,EAAE,EAAE;YACX,WAAW,EAAE,EAAE;YACf,KAAK,EAAE,EAAE;YACT,iBAAiB,EAAE,EAAE;YACrB,OAAO;YACP,YAAY;YACZ,SAAS,EAAE,EAAE;YACb,aAAa,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,EAAwB;YACxE,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,kBAAkB,CAAC;YACrD,KAAK,EAAE,EAAE;YACT,SAAS,EAAE,KAAK;YAChB,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;YACnD,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;SACpD,CAAC;QACF,aAAa,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC;QACrD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;QACnD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,oBAAoB,CAAC,CAAC;QAC9D,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"} {"version":3,"file":"analysis-paths.test.js","sourceRoot":"","sources":["../src/analysis-paths.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAA6B;AAE7B,8CAAuB;AAEvB,gEAAkD;AAClD,mDAA6C;AAC7C,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,IAAA,aAAI,EAAC,YAAY,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC7B,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAC5C,MAAM,MAAM,GAAG;YACb,SAAS,EAAE,EAAE;YACb,OAAO,EAAE,EAAE;YACX,WAAW,EAAE,EAAE;YACf,KAAK,EAAE,EAAE;YACT,iBAAiB,EAAE,EAAE;YACrB,OAAO,EAAE,MAAM;YACf,YAAY,EAAE,MAAM;YACpB,SAAS,EAAE,EAAE;YACb,aAAa,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,EAAwB;YACxE,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,kBAAkB,CAAC;YACpD,KAAK,EAAE,EAAE;YACT,SAAS,EAAE,KAAK;YAChB,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;YACnD,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;YACnD,iBAAiB,EAAE,KAAK;SACzB,CAAC;QACF,aAAa,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC;QACrD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;QACnD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;QACnD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,eAAe,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAChC,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAC5C,MAAM,MAAM,GAAG;YACb,SAAS,EAAE,EAAE;YACb,OAAO,EAAE,EAAE;YACX,KAAK,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC;YACrC,WAAW,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC;YAC3C,iBAAiB,EAAE,EAAE;YACrB,OAAO,EAAE,MAAM;YACf,YAAY,EAAE,MAAM;YACpB,SAAS,EAAE,EAAE;YACb,aAAa,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,EAAwB;YACxE,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,kBAAkB,CAAC;YACpD,KAAK,EAAE,EAAE;YACT,SAAS,EAAE,KAAK;YAChB,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;YACnD,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;YACnD,iBAAiB,EAAE,KAAK;SACzB,CAAC;QACF,aAAa,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC;QACrD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,cAAc,CAAC,CAAC;QACxD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,cAAc,CAAC,CAAC;QACxD,CAAC,CAAC,EAAE,CACF,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EACjC,gGAAgG,CACjG,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,kBAAkB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACnC,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,YAAY,EAAE,EAAE;QAClD,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,oBAAoB,CAAC,CAAC;QAC/D,MAAM,MAAM,GAAG;YACb,SAAS,EAAE,EAAE;YACb,OAAO,EAAE,EAAE;YACX,WAAW,EAAE,EAAE;YACf,KAAK,EAAE,EAAE;YACT,iBAAiB,EAAE,EAAE;YACrB,OAAO;YACP,YAAY;YACZ,SAAS,EAAE,EAAE;YACb,aAAa,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,EAAwB;YACxE,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,kBAAkB,CAAC;YACrD,KAAK,EAAE,EAAE;YACT,SAAS,EAAE,KAAK;YAChB,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;YACnD,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;YACnD,iBAAiB,EAAE,KAAK;SACzB,CAAC;QACF,aAAa,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC;QACrD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;QACnD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,oBAAoB,CAAC,CAAC;QAC9D,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

1
lib/analyze.test.js generated
View file

@ -128,6 +128,7 @@ const util = __importStar(require("./util"));
debugMode: false, debugMode: false,
debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME, debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME, debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
injectedMlQueries: false,
}; };
fs.mkdirSync(util.getCodeQLDatabasePath(config, language), { fs.mkdirSync(util.getCodeQLDatabasePath(config, language), {
recursive: true, recursive: true,

2
lib/analyze.test.js.map
View file

File diff suppressed because one or more lines are too long

20
lib/codeql.js generated
View file

@ -470,7 +470,25 @@ async function getCodeQLForCmd(cmd, checkVersion) {
} }
if (await util.codeQlVersionAbove(codeql, exports.CODEQL_VERSION_CONFIG_FILES)) { if (await util.codeQlVersionAbove(codeql, exports.CODEQL_VERSION_CONFIG_FILES)) {
const configLocation = path.resolve(config.tempDir, "user-config.yaml"); const configLocation = path.resolve(config.tempDir, "user-config.yaml");
fs.writeFileSync(configLocation, yaml.dump(config.originalUserInput)); const augmentedConfig = config.originalUserInput;
if (config.injectedMlQueries) {
// We need to inject the ML queries into the original user input before
// we pass this on to the CLI, to make sure these get run.
let packString = util_1.ML_POWERED_JS_QUERIES_PACK.packName;
if (util_1.ML_POWERED_JS_QUERIES_PACK.version)
packString = `${packString}@${util_1.ML_POWERED_JS_QUERIES_PACK.version}`;
if (augmentedConfig.packs === undefined)
augmentedConfig.packs = [];
if (Array.isArray(augmentedConfig.packs)) {
augmentedConfig.packs.push(packString);
}
else {
if (!augmentedConfig.packs.javascript)
augmentedConfig.packs["javascript"] = [];
augmentedConfig.packs["javascript"].push(packString);
}
}
fs.writeFileSync(configLocation, yaml.dump(augmentedConfig));
extraArgs.push(`--codescanning-config=${configLocation}`); extraArgs.push(`--codescanning-config=${configLocation}`);
} }
await runTool(cmd, [ await runTool(cmd, [

2
lib/codeql.js.map
View file

File diff suppressed because one or more lines are too long

28
lib/config-utils.js generated
View file

@ -118,9 +118,11 @@ const builtinSuites = ["security-extended", "security-and-quality"];
/** /**
* Determine the set of queries associated with suiteName's suites and add them to resultMap. * Determine the set of queries associated with suiteName's suites and add them to resultMap.
* Throws an error if suiteName is not a valid builtin suite. * Throws an error if suiteName is not a valid builtin suite.
* May inject ML queries, and the return value will declare if this was done.
*/ */
async function addBuiltinSuiteQueries(languages, codeQL, resultMap, packs, suiteName, featureFlags, configFile) { async function addBuiltinSuiteQueries(languages, codeQL, resultMap, packs, suiteName, featureFlags, configFile) {
var _a; var _a;
let injectedMlQueries = false;
const found = builtinSuites.find((suite) => suite === suiteName); const found = builtinSuites.find((suite) => suite === suiteName);
if (!found) { if (!found) {
throw new Error(getQueryUsesInvalid(configFile, suiteName)); throw new Error(getQueryUsesInvalid(configFile, suiteName));
@ -137,9 +139,11 @@ async function addBuiltinSuiteQueries(languages, codeQL, resultMap, packs, suite
packs.javascript = []; packs.javascript = [];
} }
packs.javascript.push(util_1.ML_POWERED_JS_QUERIES_PACK); packs.javascript.push(util_1.ML_POWERED_JS_QUERIES_PACK);
injectedMlQueries = true;
} }
const suites = languages.map((l) => `${l}-${suiteName}.qls`); const suites = languages.map((l) => `${l}-${suiteName}.qls`);
await runResolveQueries(codeQL, resultMap, suites, undefined); await runResolveQueries(codeQL, resultMap, suites, undefined);
return injectedMlQueries;
} }
/** /**
* Retrieve the set of queries at localQueryPath and add them to resultMap. * Retrieve the set of queries at localQueryPath and add them to resultMap.
@ -196,6 +200,11 @@ async function addRemoteQueries(codeQL, resultMap, queryUses, tempDir, apiDetail
* parsing the 'uses' actions in the workflow file. So it can handle * parsing the 'uses' actions in the workflow file. So it can handle
* local paths starting with './', or references to remote repos, or * local paths starting with './', or references to remote repos, or
* a finite set of hardcoded terms for builtin suites. * a finite set of hardcoded terms for builtin suites.
*
* This may inject ML queries into the packs to use, and the return value will
* declare if this was done.
*
* @returns whether or not we injected ML queries into the packs
*/ */
async function parseQueryUses(languages, codeQL, resultMap, packs, queryUses, tempDir, workspacePath, apiDetails, featureFlags, logger, configFile) { async function parseQueryUses(languages, codeQL, resultMap, packs, queryUses, tempDir, workspacePath, apiDetails, featureFlags, logger, configFile) {
queryUses = queryUses.trim(); queryUses = queryUses.trim();
@ -205,15 +214,15 @@ async function parseQueryUses(languages, codeQL, resultMap, packs, queryUses, te
// Check for the local path case before we start trying to parse the repository name // Check for the local path case before we start trying to parse the repository name
if (queryUses.startsWith("./")) { if (queryUses.startsWith("./")) {
await addLocalQueries(codeQL, resultMap, queryUses.slice(2), workspacePath, configFile); await addLocalQueries(codeQL, resultMap, queryUses.slice(2), workspacePath, configFile);
return; return false;
} }
// Check for one of the builtin suites // Check for one of the builtin suites
if (queryUses.indexOf("/") === -1 && queryUses.indexOf("@") === -1) { if (queryUses.indexOf("/") === -1 && queryUses.indexOf("@") === -1) {
await addBuiltinSuiteQueries(languages, codeQL, resultMap, packs, queryUses, featureFlags, configFile); return await addBuiltinSuiteQueries(languages, codeQL, resultMap, packs, queryUses, featureFlags, configFile);
return;
} }
// Otherwise, must be a reference to another repo // Otherwise, must be a reference to another repo
await addRemoteQueries(codeQL, resultMap, queryUses, tempDir, apiDetails, logger, configFile); await addRemoteQueries(codeQL, resultMap, queryUses, tempDir, apiDetails, logger, configFile);
return false;
} }
// Regex validating stars in paths or paths-ignore entries. // Regex validating stars in paths or paths-ignore entries.
// The intention is to only allow ** to appear when immediately // The intention is to only allow ** to appear when immediately
@ -422,12 +431,15 @@ async function getLanguages(codeQL, languagesInput, repository, apiDetails, logg
return parsedLanguages; return parsedLanguages;
} }
async function addQueriesAndPacksFromWorkflow(codeQL, queriesInput, languages, resultMap, packs, tempDir, workspacePath, apiDetails, featureFlags, logger) { async function addQueriesAndPacksFromWorkflow(codeQL, queriesInput, languages, resultMap, packs, tempDir, workspacePath, apiDetails, featureFlags, logger) {
let injectedMlQueries = false;
queriesInput = queriesInput.trim(); queriesInput = queriesInput.trim();
// "+" means "don't override config file" - see shouldAddConfigFileQueries // "+" means "don't override config file" - see shouldAddConfigFileQueries
queriesInput = queriesInput.replace(/^\+/, ""); queriesInput = queriesInput.replace(/^\+/, "");
for (const query of queriesInput.split(",")) { for (const query of queriesInput.split(",")) {
await parseQueryUses(languages, codeQL, resultMap, packs, query, tempDir, workspacePath, apiDetails, featureFlags, logger); const didInject = await parseQueryUses(languages, codeQL, resultMap, packs, query, tempDir, workspacePath, apiDetails, featureFlags, logger);
injectedMlQueries = injectedMlQueries || didInject;
} }
return injectedMlQueries;
} }
// Returns true if either no queries were provided in the workflow. // Returns true if either no queries were provided in the workflow.
// or if the queries in the workflow were provided in "additive" mode, // or if the queries in the workflow were provided in "additive" mode,
@ -454,8 +466,9 @@ async function getDefaultConfig(languagesInput, queriesInput, packsInput, dbLoca
} }
await addDefaultQueries(codeQL, languages, queries); await addDefaultQueries(codeQL, languages, queries);
const packs = (_a = parsePacksFromInput(packsInput, languages)) !== null && _a !== void 0 ? _a : {}; const packs = (_a = parsePacksFromInput(packsInput, languages)) !== null && _a !== void 0 ? _a : {};
let injectedMlQueries = false;
if (queriesInput) { if (queriesInput) {
await addQueriesAndPacksFromWorkflow(codeQL, queriesInput, languages, queries, packs, tempDir, workspacePath, apiDetails, featureFlags, logger); injectedMlQueries = await addQueriesAndPacksFromWorkflow(codeQL, queriesInput, languages, queries, packs, tempDir, workspacePath, apiDetails, featureFlags, logger);
} }
return { return {
languages, languages,
@ -472,6 +485,7 @@ async function getDefaultConfig(languagesInput, queriesInput, packsInput, dbLoca
debugMode, debugMode,
debugArtifactName, debugArtifactName,
debugDatabaseName, debugDatabaseName,
injectedMlQueries,
}; };
} }
exports.getDefaultConfig = getDefaultConfig; exports.getDefaultConfig = getDefaultConfig;
@ -524,8 +538,9 @@ async function loadConfig(languagesInput, queriesInput, packsInput, configFile,
// they should take precedence over the queries in the config file // they should take precedence over the queries in the config file
// unless they're prefixed with "+", in which case they supplement those // unless they're prefixed with "+", in which case they supplement those
// in the config file. // in the config file.
let injectedMlQueries = false;
if (queriesInput) { if (queriesInput) {
await addQueriesAndPacksFromWorkflow(codeQL, queriesInput, languages, queries, packs, tempDir, workspacePath, apiDetails, featureFlags, logger); injectedMlQueries = await addQueriesAndPacksFromWorkflow(codeQL, queriesInput, languages, queries, packs, tempDir, workspacePath, apiDetails, featureFlags, logger);
} }
if (shouldAddConfigFileQueries(queriesInput) && if (shouldAddConfigFileQueries(queriesInput) &&
QUERIES_PROPERTY in parsedYAML) { QUERIES_PROPERTY in parsedYAML) {
@ -578,6 +593,7 @@ async function loadConfig(languagesInput, queriesInput, packsInput, configFile,
debugMode, debugMode,
debugArtifactName, debugArtifactName,
debugDatabaseName, debugDatabaseName,
injectedMlQueries,
}; };
} }
/** /**

2
lib/config-utils.js.map
View file

File diff suppressed because one or more lines are too long

1
lib/config-utils.test.js generated
View file

@ -221,6 +221,7 @@ function mockListLanguages(languages) {
debugMode: false, debugMode: false,
debugArtifactName: "my-artifact", debugArtifactName: "my-artifact",
debugDatabaseName: "my-db", debugDatabaseName: "my-db",
injectedMlQueries: false,
}; };
const languages = "javascript"; const languages = "javascript";
const configFilePath = createConfigFile(inputFileContents, tmpDir); const configFilePath = createConfigFile(inputFileContents, tmpDir);

2
lib/config-utils.test.js.map
View file

File diff suppressed because one or more lines are too long

1
lib/database-upload.test.js generated
View file

@ -58,6 +58,7 @@ function getTestConfig(tmpDir) {
debugMode: false, debugMode: false,
debugArtifactName: util_1.DEFAULT_DEBUG_ARTIFACT_NAME, debugArtifactName: util_1.DEFAULT_DEBUG_ARTIFACT_NAME,
debugDatabaseName: util_1.DEFAULT_DEBUG_DATABASE_NAME, debugDatabaseName: util_1.DEFAULT_DEBUG_DATABASE_NAME,
injectedMlQueries: false,
}; };
} }
async function mockHttpRequests(databaseUploadStatusCode) { async function mockHttpRequests(databaseUploadStatusCode) {

2
lib/database-upload.test.js.map
View file

File diff suppressed because one or more lines are too long

1
lib/tracer-config.test.js generated
View file

@ -47,6 +47,7 @@ function getTestConfig(tmpDir) {
debugMode: false, debugMode: false,
debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME, debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME, debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
injectedMlQueries: false,
}; };
} }
// A very minimal setup // A very minimal setup

2
lib/tracer-config.test.js.map
View file

File diff suppressed because one or more lines are too long

1
lib/util.test.js generated
View file

@ -257,6 +257,7 @@ for (const [packs, expectedStatus] of ML_POWERED_JS_STATUS_TESTS) {
debugMode: false, debugMode: false,
debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME, debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME, debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
injectedMlQueries: false,
}; };
t.is(util.getMlPoweredJsQueriesStatus(config), expectedStatus); t.is(util.getMlPoweredJsQueriesStatus(config), expectedStatus);
}); });

2
lib/util.test.js.map
View file

File diff suppressed because one or more lines are too long

2
python-setup/install_tools.sh
View file

@ -28,7 +28,7 @@ python3 -m pip install --user 'virtualenv<20.11'
python3 -m pip install --user poetry!=1.0.10 python3 -m pip install --user poetry!=1.0.10
python3 -m pip install --user pipenv python3 -m pip install --user pipenv
if command -v python2 &> /dev/null; then if command -v python2 >/dev/null 2>&1; then
# Setup Python 2 dependency installation tools. # Setup Python 2 dependency installation tools.
# The Ubuntu 20.04 GHA environment does not come with a Python 2 pip # The Ubuntu 20.04 GHA environment does not come with a Python 2 pip
curl --location --fail https://bootstrap.pypa.io/pip/2.7/get-pip.py | python2 curl --location --fail https://bootstrap.pypa.io/pip/2.7/get-pip.py | python2

3
src/analysis-paths.test.ts
View file

@ -25,6 +25,7 @@ test("emptyPaths", async (t) => {
debugMode: false, debugMode: false,
debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME, debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME, debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
injectedMlQueries: false,
}; };
analysisPaths.includeAndExcludeAnalysisPaths(config); analysisPaths.includeAndExcludeAnalysisPaths(config);
t.is(process.env["LGTM_INDEX_INCLUDE"], undefined); t.is(process.env["LGTM_INDEX_INCLUDE"], undefined);
@ -50,6 +51,7 @@ test("nonEmptyPaths", async (t) => {
debugMode: false, debugMode: false,
debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME, debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME, debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
injectedMlQueries: false,
}; };
analysisPaths.includeAndExcludeAnalysisPaths(config); analysisPaths.includeAndExcludeAnalysisPaths(config);
t.is(process.env["LGTM_INDEX_INCLUDE"], "path1\npath2"); t.is(process.env["LGTM_INDEX_INCLUDE"], "path1\npath2");
@ -79,6 +81,7 @@ test("exclude temp dir", async (t) => {
debugMode: false, debugMode: false,
debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME, debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME, debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
injectedMlQueries: false,
}; };
analysisPaths.includeAndExcludeAnalysisPaths(config); analysisPaths.includeAndExcludeAnalysisPaths(config);
t.is(process.env["LGTM_INDEX_INCLUDE"], undefined); t.is(process.env["LGTM_INDEX_INCLUDE"], undefined);

1
src/analyze.test.ts
View file

@ -122,6 +122,7 @@ test("status report fields and search path setting", async (t) => {
debugMode: false, debugMode: false,
debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME, debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME, debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
injectedMlQueries: false,
}; };
fs.mkdirSync(util.getCodeQLDatabasePath(config, language), { fs.mkdirSync(util.getCodeQLDatabasePath(config, language), {
recursive: true, recursive: true,

20
src/codeql.ts
View file

@ -18,7 +18,7 @@ import { Logger } from "./logging";
import * as toolcache from "./toolcache"; import * as toolcache from "./toolcache";
import { toolrunnerErrorCatcher } from "./toolrunner-error-catcher"; import { toolrunnerErrorCatcher } from "./toolrunner-error-catcher";
import * as util from "./util"; import * as util from "./util";
import { isGoodVersion } from "./util"; import { isGoodVersion, ML_POWERED_JS_QUERIES_PACK } from "./util";
type Options = Array<string | number | boolean>; type Options = Array<string | number | boolean>;
@ -737,7 +737,23 @@ async function getCodeQLForCmd(
} }
if (await util.codeQlVersionAbove(codeql, CODEQL_VERSION_CONFIG_FILES)) { if (await util.codeQlVersionAbove(codeql, CODEQL_VERSION_CONFIG_FILES)) {
const configLocation = path.resolve(config.tempDir, "user-config.yaml"); const configLocation = path.resolve(config.tempDir, "user-config.yaml");
fs.writeFileSync(configLocation, yaml.dump(config.originalUserInput)); const augmentedConfig = config.originalUserInput;
if (config.injectedMlQueries) {
// We need to inject the ML queries into the original user input before
// we pass this on to the CLI, to make sure these get run.
let packString = ML_POWERED_JS_QUERIES_PACK.packName;
if (ML_POWERED_JS_QUERIES_PACK.version)
packString = `${packString}@${ML_POWERED_JS_QUERIES_PACK.version}`;
if (augmentedConfig.packs === undefined) augmentedConfig.packs = [];
if (Array.isArray(augmentedConfig.packs)) {
augmentedConfig.packs.push(packString);
} else {
if (!augmentedConfig.packs.javascript)
augmentedConfig.packs["javascript"] = [];
augmentedConfig.packs["javascript"].push(packString);
}
}
fs.writeFileSync(configLocation, yaml.dump(augmentedConfig));
extraArgs.push(`--codescanning-config=${configLocation}`); extraArgs.push(`--codescanning-config=${configLocation}`);
} }
await runTool(cmd, [ await runTool(cmd, [

1
src/config-utils.test.ts
View file

@ -357,6 +357,7 @@ test("load non-empty input", async (t) => {
debugMode: false, debugMode: false,
debugArtifactName: "my-artifact", debugArtifactName: "my-artifact",
debugDatabaseName: "my-db", debugDatabaseName: "my-db",
injectedMlQueries: false,
}; };
const languages = "javascript"; const languages = "javascript";

38
src/config-utils.ts
View file

@ -147,6 +147,10 @@ export interface Config {
* Specifies the name of the database in the debugging artifact. * Specifies the name of the database in the debugging artifact.
*/ */
debugDatabaseName: string; debugDatabaseName: string;
/**
* Whether we injected ML queries into this configuration.
*/
injectedMlQueries: boolean;
} }
export type Packs = Partial<Record<Language, PackWithVersion[]>>; export type Packs = Partial<Record<Language, PackWithVersion[]>>;
@ -274,6 +278,7 @@ const builtinSuites = ["security-extended", "security-and-quality"] as const;
/** /**
* Determine the set of queries associated with suiteName's suites and add them to resultMap. * Determine the set of queries associated with suiteName's suites and add them to resultMap.
* Throws an error if suiteName is not a valid builtin suite. * Throws an error if suiteName is not a valid builtin suite.
* May inject ML queries, and the return value will declare if this was done.
*/ */
async function addBuiltinSuiteQueries( async function addBuiltinSuiteQueries(
languages: string[], languages: string[],
@ -283,7 +288,8 @@ async function addBuiltinSuiteQueries(
suiteName: string, suiteName: string,
featureFlags: FeatureFlags, featureFlags: FeatureFlags,
configFile?: string configFile?: string
) { ): Promise<boolean> {
let injectedMlQueries = false;
const found = builtinSuites.find((suite) => suite === suiteName); const found = builtinSuites.find((suite) => suite === suiteName);
if (!found) { if (!found) {
throw new Error(getQueryUsesInvalid(configFile, suiteName)); throw new Error(getQueryUsesInvalid(configFile, suiteName));
@ -305,10 +311,12 @@ async function addBuiltinSuiteQueries(
packs.javascript = []; packs.javascript = [];
} }
packs.javascript.push(ML_POWERED_JS_QUERIES_PACK); packs.javascript.push(ML_POWERED_JS_QUERIES_PACK);
injectedMlQueries = true;
} }
const suites = languages.map((l) => `${l}-${suiteName}.qls`); const suites = languages.map((l) => `${l}-${suiteName}.qls`);
await runResolveQueries(codeQL, resultMap, suites, undefined); await runResolveQueries(codeQL, resultMap, suites, undefined);
return injectedMlQueries;
} }
/** /**
@ -410,6 +418,11 @@ async function addRemoteQueries(
* parsing the 'uses' actions in the workflow file. So it can handle * parsing the 'uses' actions in the workflow file. So it can handle
* local paths starting with './', or references to remote repos, or * local paths starting with './', or references to remote repos, or
* a finite set of hardcoded terms for builtin suites. * a finite set of hardcoded terms for builtin suites.
*
* This may inject ML queries into the packs to use, and the return value will
* declare if this was done.
*
* @returns whether or not we injected ML queries into the packs
*/ */
async function parseQueryUses( async function parseQueryUses(
languages: string[], languages: string[],
@ -423,7 +436,7 @@ async function parseQueryUses(
featureFlags: FeatureFlags, featureFlags: FeatureFlags,
logger: Logger, logger: Logger,
configFile?: string configFile?: string
) { ): Promise<boolean> {
queryUses = queryUses.trim(); queryUses = queryUses.trim();
if (queryUses === "") { if (queryUses === "") {
throw new Error(getQueryUsesInvalid(configFile)); throw new Error(getQueryUsesInvalid(configFile));
@ -438,12 +451,12 @@ async function parseQueryUses(
workspacePath, workspacePath,
configFile configFile
); );
return; return false;
} }
// Check for one of the builtin suites // Check for one of the builtin suites
if (queryUses.indexOf("/") === -1 && queryUses.indexOf("@") === -1) { if (queryUses.indexOf("/") === -1 && queryUses.indexOf("@") === -1) {
await addBuiltinSuiteQueries( return await addBuiltinSuiteQueries(
languages, languages,
codeQL, codeQL,
resultMap, resultMap,
@ -452,7 +465,6 @@ async function parseQueryUses(
featureFlags, featureFlags,
configFile configFile
); );
return;
} }
// Otherwise, must be a reference to another repo // Otherwise, must be a reference to another repo
@ -465,6 +477,7 @@ async function parseQueryUses(
logger, logger,
configFile configFile
); );
return false;
} }
// Regex validating stars in paths or paths-ignore entries. // Regex validating stars in paths or paths-ignore entries.
@ -822,13 +835,14 @@ async function addQueriesAndPacksFromWorkflow(
apiDetails: api.GitHubApiExternalRepoDetails, apiDetails: api.GitHubApiExternalRepoDetails,
featureFlags: FeatureFlags, featureFlags: FeatureFlags,
logger: Logger logger: Logger
) { ): Promise<boolean> {
let injectedMlQueries = false;
queriesInput = queriesInput.trim(); queriesInput = queriesInput.trim();
// "+" means "don't override config file" - see shouldAddConfigFileQueries // "+" means "don't override config file" - see shouldAddConfigFileQueries
queriesInput = queriesInput.replace(/^\+/, ""); queriesInput = queriesInput.replace(/^\+/, "");
for (const query of queriesInput.split(",")) { for (const query of queriesInput.split(",")) {
await parseQueryUses( const didInject = await parseQueryUses(
languages, languages,
codeQL, codeQL,
resultMap, resultMap,
@ -840,7 +854,9 @@ async function addQueriesAndPacksFromWorkflow(
featureFlags, featureFlags,
logger logger
); );
injectedMlQueries = injectedMlQueries || didInject;
} }
return injectedMlQueries;
} }
// Returns true if either no queries were provided in the workflow. // Returns true if either no queries were provided in the workflow.
@ -892,8 +908,9 @@ export async function getDefaultConfig(
} }
await addDefaultQueries(codeQL, languages, queries); await addDefaultQueries(codeQL, languages, queries);
const packs = parsePacksFromInput(packsInput, languages) ?? {}; const packs = parsePacksFromInput(packsInput, languages) ?? {};
let injectedMlQueries = false;
if (queriesInput) { if (queriesInput) {
await addQueriesAndPacksFromWorkflow( injectedMlQueries = await addQueriesAndPacksFromWorkflow(
codeQL, codeQL,
queriesInput, queriesInput,
languages, languages,
@ -922,6 +939,7 @@ export async function getDefaultConfig(
debugMode, debugMode,
debugArtifactName, debugArtifactName,
debugDatabaseName, debugDatabaseName,
injectedMlQueries,
}; };
} }
@ -1008,8 +1026,9 @@ async function loadConfig(
// they should take precedence over the queries in the config file // they should take precedence over the queries in the config file
// unless they're prefixed with "+", in which case they supplement those // unless they're prefixed with "+", in which case they supplement those
// in the config file. // in the config file.
let injectedMlQueries = false;
if (queriesInput) { if (queriesInput) {
await addQueriesAndPacksFromWorkflow( injectedMlQueries = await addQueriesAndPacksFromWorkflow(
codeQL, codeQL,
queriesInput, queriesInput,
languages, languages,
@ -1101,6 +1120,7 @@ async function loadConfig(
debugMode, debugMode,
debugArtifactName, debugArtifactName,
debugDatabaseName, debugDatabaseName,
injectedMlQueries,
}; };
} }

1
src/database-upload.test.ts
View file

@ -56,6 +56,7 @@ function getTestConfig(tmpDir: string): Config {
debugMode: false, debugMode: false,
debugArtifactName: DEFAULT_DEBUG_ARTIFACT_NAME, debugArtifactName: DEFAULT_DEBUG_ARTIFACT_NAME,
debugDatabaseName: DEFAULT_DEBUG_DATABASE_NAME, debugDatabaseName: DEFAULT_DEBUG_DATABASE_NAME,
injectedMlQueries: false,
}; };
} }

1
src/tracer-config.test.ts
View file

@ -32,6 +32,7 @@ function getTestConfig(tmpDir: string): configUtils.Config {
debugMode: false, debugMode: false,
debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME, debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME, debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
injectedMlQueries: false,
}; };
} }

1
src/util.test.ts
View file

@ -347,6 +347,7 @@ for (const [packs, expectedStatus] of ML_POWERED_JS_STATUS_TESTS) {
debugMode: false, debugMode: false,
debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME, debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME, debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
injectedMlQueries: false,
}; };
t.is(util.getMlPoweredJsQueriesStatus(config), expectedStatus); t.is(util.getMlPoweredJsQueriesStatus(config), expectedStatus);