add optional workflow input to specify whether snippets are added to sarif output

src/analyze-action.ts

@@ -50,6 +50,7 @@ async function run() {
       'actions',
       core.getInput('output'),
       util.getMemoryFlag(core.getInput('ram')),
+      util.getAddSnippetsFlag(core.getInput('add-snippets')),
       util.getThreadsFlag(core.getInput('threads'), logger),
       config,
       logger);

src/analyze.ts

@@ -78,6 +78,7 @@ async function finalizeDatabaseCreation(
 async function runQueries(
   sarifFolder: string,
   memoryFlag: string,
+  addSnippetsFlag: string,
   threadsFlag: string,
   config: configUtils.Config,
   logger: Logger): Promise<QueriesStatusReport> {
@@ -102,7 +103,7 @@ async function runQueries(
 
       const sarifFile = path.join(sarifFolder, language + '.sarif');
 
-      await codeql.databaseAnalyze(databasePath, sarifFile, querySuite, memoryFlag, threadsFlag);
+      await codeql.databaseAnalyze(databasePath, sarifFile, querySuite, memoryFlag, addSnippetsFlag, threadsFlag);
 
       logger.debug('SARIF results for database ' + language + ' created at "' + sarifFile + '"');
       logger.endGroup();
@@ -133,6 +134,7 @@ export async function runAnalyze(
   mode: util.Mode,
   outputDir: string,
   memoryFlag: string,
+  addSnippetsFlag: string,
   threadsFlag: string,
   config: configUtils.Config,
   logger: Logger): Promise<AnalysisStatusReport> {
@@ -146,7 +148,7 @@ export async function runAnalyze(
   await finalizeDatabaseCreation(config, logger);
 
   logger.info('Analyzing database');
-  const queriesStats = await runQueries(outputDir, memoryFlag, threadsFlag, config, logger);
+  const queriesStats = await runQueries(outputDir, memoryFlag, addSnippetsFlag, threadsFlag, config, logger);
 
   if (!doUpload) {
     logger.info('Not uploading results');

src/codeql.ts

@@ -79,6 +79,7 @@ export interface CodeQL {
     sarifFile: string,
     querySuite: string,
     memoryFlag: string,
+    addSnippetsFlag: string,
     threadsFlag: string): Promise<void>;
 }
 
@@ -467,6 +468,7 @@ function getCodeQLForCmd(cmd: string): CodeQL {
       sarifFile: string,
       querySuite: string,
       memoryFlag: string,
+      addSnippetsFlag: string,
       threadsFlag: string) {
 
       await new toolrunnner.ToolRunner(cmd, [
@@ -477,7 +479,7 @@ function getCodeQLForCmd(cmd: string): CodeQL {
         databasePath,
         '--format=sarif-latest',
         '--output=' + sarifFile,
-        '--no-sarif-add-snippets',
+        addSnippetsFlag,
         ...getExtraOptionsFromEnv(['database', 'analyze']),
         querySuite
       ]).exec();

src/runner.ts

@@ -12,7 +12,7 @@ import { Language, parseLanguage } from './languages';
 import { getRunnerLogger } from './logging';
 import { parseRepositoryNwo } from './repository';
 import * as upload_lib from './upload-lib';
-import { getMemoryFlag, getThreadsFlag } from './util';
+import { getAddSnippetsFlag, getMemoryFlag, getThreadsFlag } from './util';
 
 const program = new Command();
 program.version('0.0.1');
@@ -274,6 +274,7 @@ interface AnalyzeArgs {
   upload: boolean;
   outputDir: string | undefined;
   ram: string | undefined;
+  addSnippets: boolean;
   threads: string | undefined;
   tempDir: string | undefined;
   debug: boolean;
@@ -288,9 +289,10 @@ program
   .requiredOption('--github-url <url>', 'URL of GitHub instance. (Required)')
   .requiredOption('--github-auth <auth>', 'GitHub Apps token or personal access token. (Required)')
   .option('--checkout-path <path>', 'Checkout path. Default is the current working directory.')
-  .option('--no-upload', 'Do not upload results after analysis.', false)
+  .option('--no-upload', 'Do not upload results after analysis.')
   .option('--output-dir <dir>', 'Directory to output SARIF files to. Default is in the temp directory.')
   .option('--ram <ram>', 'Amount of memory to use when running queries. Default is to use all available memory.')
+  .option('--no-add-snippets', 'Specify whether to include code snippets in the sarif output.')
   .option('--threads <threads>', 'Number of threads to use when running queries. ' +
     'Default is to use all available cores.')
   .option('--temp-dir <dir>', 'Directory to use for temporary files. Default is "./codeql-runner".')
@@ -320,6 +322,7 @@ program
         'runner',
         outputDir,
         getMemoryFlag(cmd.ram),
+        getAddSnippetsFlag(cmd.addSnippets),
         getThreadsFlag(cmd.threads, logger),
         config,
         logger);

src/util.test.ts

@@ -35,6 +35,18 @@ test('getMemoryFlag() throws if the ram input is < 0 or NaN', t => {
   }
 });
 
+test('getAddSnippetsFlag() should return the correct flag', t => {
+
+  t.deepEqual(util.getAddSnippetsFlag(true), "--sarif-add-snippets");
+  t.deepEqual(util.getAddSnippetsFlag("true"), "--sarif-add-snippets");
+
+  t.deepEqual(util.getAddSnippetsFlag(false), "--no-sarif-add-snippets");
+  t.deepEqual(util.getAddSnippetsFlag(undefined), "--no-sarif-add-snippets");
+  t.deepEqual(util.getAddSnippetsFlag("false"), "--no-sarif-add-snippets");
+  t.deepEqual(util.getAddSnippetsFlag("foo bar"), "--no-sarif-add-snippets");
+
+});
+
 test('getThreadsFlag() should return the correct --threads flag', t => {
 
   const numCpus = os.cpus().length;

src/util.ts

@@ -386,6 +386,19 @@ export function getMemoryFlag(userInput: string | undefined): string {
   return "--ram=" + Math.floor(memoryToUseMegaBytes);
 }
 
+/**
+ * Get the codeql flag to specify whether to add code snippets to the sarif file.
+ *
+ * @returns string
+ */
+export function getAddSnippetsFlag(userInput: string | boolean | undefined): string {
+  if (typeof userInput === "string") {
+    // have to process specifically because any non-empty string is truthy
+    userInput = userInput.toLowerCase() === "true";
+  }
+  return userInput ?  "--sarif-add-snippets" : "--no-sarif-add-snippets";
+}
+
 /**
  * Get the codeql `--threads` value specified for the `threads` input.
  * If not value was specified, all available threads will be used.