Mark third-party SARIF limits errors as configuration errors

2024-02-28 19:41:43 +00:00 · 2024-02-28 19:41:43 +00:00 · 888ab31e3e
commit 888ab31e3e
parent bd56a05133
12 changed files with 63 additions and 62 deletions
--- a/src/analyze-action.ts
+++ b/src/analyze-action.ts
@ -286,7 +286,6 @@ async function run() {
        actionsUtil.getRequiredInput("checkout_path"),
        actionsUtil.getOptionalInput("category"),
        logger,
-        { isThirdPartyUpload: false },
      );
      core.setOutput("sarif-id", uploadResult.sarifID);
    } else {
--- a/src/init-action-post-helper.ts
+++ b/src/init-action-post-helper.ts
@ -107,7 +107,6 @@ async function maybeUploadFailedSarif(
    checkoutPath,
    category,
    logger,
-    { isThirdPartyUpload: false },
  );
  await uploadLib.waitForProcessing(
    repositoryNwo,
--- a/src/upload-lib.ts
+++ b/src/upload-lib.ts
@ -178,40 +178,27 @@ export function findSarifFilesInDir(sarifPath: string): string[] {
 /**
 * Uploads a single SARIF file or a directory of SARIF files depending on what `sarifPath` refers
 * to.
- *
- * @param isThirdPartyUpload           Whether the SARIF to upload comes from a third party, or from
- *                                     first-party CodeQL analysis. If it comes from a third party,
- *                                     we classify certain errors as configuration errors for
- *                                     telemetry purposes.
 */
 export async function uploadFromActions(
  sarifPath: string,
  checkoutPath: string,
  category: string | undefined,
  logger: Logger,
-  { isThirdPartyUpload: isThirdPartyUpload }: { isThirdPartyUpload: boolean },
 ): Promise<UploadResult> {
-  try {
-    return await uploadFiles(
-      getSarifFilePaths(sarifPath),
-      parseRepositoryNwo(util.getRequiredEnvParam("GITHUB_REPOSITORY")),
-      await actionsUtil.getCommitOid(checkoutPath),
-      await actionsUtil.getRef(),
-      await api.getAnalysisKey(),
-      category,
-      util.getRequiredEnvParam("GITHUB_WORKFLOW"),
-      actionsUtil.getWorkflowRunID(),
-      actionsUtil.getWorkflowRunAttempt(),
-      checkoutPath,
-      actionsUtil.getRequiredInput("matrix"),
-      logger,
-    );
-  } catch (e) {
-    if (e instanceof InvalidSarifUploadError && isThirdPartyUpload) {
-      throw new ConfigurationError(e.message);
-    }
-    throw e;
-  }
+  return await uploadFiles(
+    getSarifFilePaths(sarifPath),
+    parseRepositoryNwo(util.getRequiredEnvParam("GITHUB_REPOSITORY")),
+    await actionsUtil.getCommitOid(checkoutPath),
+    await actionsUtil.getRef(),
+    await api.getAnalysisKey(),
+    category,
+    util.getRequiredEnvParam("GITHUB_WORKFLOW"),
+    actionsUtil.getWorkflowRunID(),
+    actionsUtil.getWorkflowRunAttempt(),
+    checkoutPath,
+    actionsUtil.getRequiredInput("matrix"),
+    logger,
+  );
 }

 function getSarifFilePaths(sarifPath: string) {
@ -509,9 +496,12 @@ export async function waitForProcessing(
        break;
      } else if (status === "failed") {
        const message = `Code Scanning could not process the submitted SARIF file:\n${response.data.errors}`;
-        throw shouldConsiderConfigurationError(response.data.errors as string[])
+        const processingErrors = response.data.errors as string[];
+        throw shouldConsiderConfigurationError(processingErrors)
          ? new ConfigurationError(message)
-          : new InvalidSarifUploadError(message);
+          : shouldConsiderInvalidRequest(processingErrors)
+          ? new InvalidSarifUploadError(message)
+          : new Error(message);
      } else {
        util.assertNever(status);
      }
@ -526,7 +516,7 @@ export async function waitForProcessing(
 }

 /**
- * Returns whether the provided processing errors should be considered a user error.
+ * Returns whether the provided processing errors are a configuration error.
 */
 function shouldConsiderConfigurationError(processingErrors: string[]): boolean {
  return (
@ -536,6 +526,16 @@ function shouldConsiderConfigurationError(processingErrors: string[]): boolean {
  );
 }

+/**
+ * Returns whether the provided processing errors are the result of an invalid SARIF upload request.
+ */
+function shouldConsiderInvalidRequest(processingErrors: string[]): boolean {
+  return (
+    processingErrors.length === 1 &&
+    processingErrors[0].startsWith("rejecting SARIF,")
+  );
+}
+
 /**
 * Checks the processing result for an unsuccessful execution. Throws if the
 * result is not a failure with a single "unsuccessful execution" error.
@ -615,7 +615,7 @@ function sanitize(str?: string) {
 /**
 * An error that occurred due to an invalid SARIF upload request.
 */
-class InvalidSarifUploadError extends Error {
+export class InvalidSarifUploadError extends Error {
  constructor(message: string) {
    super(message);
  }
--- a/src/upload-sarif-action.ts
+++ b/src/upload-sarif-action.ts
@ -13,6 +13,7 @@ import {
 } from "./status-report";
 import * as upload_lib from "./upload-lib";
 import {
+  ConfigurationError,
  checkActionVersion,
  checkDiskUsage,
  getRequiredEnvParam,
@ -70,7 +71,6 @@ async function run() {
      actionsUtil.getRequiredInput("checkout_path"),
      actionsUtil.getOptionalInput("category"),
      logger,
-      { isThirdPartyUpload: true },
    );
    core.setOutput("sarif-id", uploadResult.sarifID);

@ -86,7 +86,10 @@ async function run() {
    }
    await sendSuccessStatusReport(startedAt, uploadResult.statusReport, logger);
  } catch (unwrappedError) {
-    const error = wrapError(unwrappedError);
+    const error =
+      unwrappedError instanceof upload_lib.InvalidSarifUploadError
+        ? new ConfigurationError(unwrappedError.message)
+        : wrapError(unwrappedError);
    const message = error.message;
    core.setFailed(message);
    console.log(error);