Revert "Add capability to filter queries #1098"

https://github.com/github/codeql-action/pull/1098
This reverts commit 777b778409.
This reverts commit 59ca9b59cb.
This reverts commit eec34d5f05.
This reverts commit 40b280032c.

.github/query-filter-test/action.yml

@@ -1,5 +1,5 @@
 name: Query Filter Test
-description: Runs a test of query filters using the check SARIF action
+description: Runs a test of query filters using the check sarif action
 inputs:
   sarif-file:
     required: true

.github/workflows/expected-queries-runs.yml

@@ -1,4 +1,6 @@
-name: Check queries that ran
+name: Expected queries runs
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
 on:
   push:

.github/workflows/query-filters.yml

@@ -1,56 +0,0 @@
-name: Query filters tests
-
-on:
-  push:
-    branches:
-    - main
-    - releases/v1
-    - releases/v2
-  pull_request:
-    types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
-  workflow_dispatch: {}
-
-jobs:
-  query-filters:
-    name: Query Filters Tests
-    timeout-minutes: 45
-    runs-on: ubuntu-latest
-    steps:
-    - name: Check out repository
-      uses: actions/checkout@v3
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/prepare-test
-      with:
-        version: latest
-
-    - name: Check SARIF for default queries with Single include, Single exclude
-      uses: ./../action/.github/query-filter-test
-      with:
-        sarif-file:  ${{ runner.temp }}/results/javascript.sarif
-        queries-run: js/zipslip
-        queries-not-run: js/path-injection
-        config-file: ./.github/codeql/codeql-config-query-filters1.yml
-        tools: ${{ steps.prepare-test.outputs.tools-url }}
-
-    - name: Check SARIF for query packs with Single include, Single exclude
-      uses: ./../action/.github/query-filter-test
-      with:
-        sarif-file:  ${{ runner.temp }}/results/javascript.sarif
-        queries-run: js/zipslip,javascript/example/empty-or-one-block
-        queries-not-run: js/path-injection
-        config-file: ./.github/codeql/codeql-config-query-filters2.yml
-        tools: ${{ steps.prepare-test.outputs.tools-url }}
-
-    - name: Check SARIF for query packs and local queries with Single include, Single exclude
-      uses: ./../action/.github/query-filter-test
-      with:
-        sarif-file:  ${{ runner.temp }}/results/javascript.sarif
-        queries-run: js/zipslip,javascript/example/empty-or-one-block,inrepo-javascript-querypack/show-ifs
-        queries-not-run: js/path-injection,complex-python-querypack/show-ifs,complex-python-querypack/foo/bar/show-ifs
-        config-file: ./.github/codeql/codeql-config-query-filters3.yml
-        tools: ${{ steps.prepare-test.outputs.tools-url }}

CHANGELOG.md

@@ -6,7 +6,6 @@ No user facing changes.
 
 ## 2.1.13 - 21 Jun 2022
 
-- Add the ability to filter queries from a code scanning run by using the `query-filters` option in the code scanning configuration file. [#1098](https://github.com/github/codeql-action/pull/1098)
 - Update default CodeQL bundle version to 2.9.4. [#1100](https://github.com/github/codeql-action/pull/1100)
 
 ## 2.1.12 - 01 Jun 2022

lib/analyze.js

@@ -22,7 +22,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.validateQueryFilters = exports.runCleanup = exports.runFinalize = exports.createQuerySuiteContents = exports.convertPackToQuerySuiteEntry = exports.runQueries = exports.CodeQLAnalysisError = void 0;
+exports.runCleanup = exports.runFinalize = exports.runQueries = exports.CodeQLAnalysisError = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
@@ -30,7 +30,6 @@ const del_1 = __importDefault(require("del"));
 const yaml = __importStar(require("js-yaml"));
 const analysisPaths = __importStar(require("./analysis-paths"));
 const codeql_1 = require("./codeql");
-const configUtils = __importStar(require("./config-utils"));
 const count_loc_1 = require("./count-loc");
 const languages_1 = require("./languages");
 const sharedEnv = __importStar(require("./shared-environment"));
@@ -129,7 +128,6 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
     }
     for (const language of config.languages) {
         const queries = config.queries[language];
-        const queryFilters = validateQueryFilters(config.originalUserInput["query-filters"]);
         const packsWithVersion = config.packs[language] || [];
         const hasBuiltinQueries = (queries === null || queries === void 0 ? void 0 : queries.builtin.length) > 0;
         const hasCustomQueries = (queries === null || queries === void 0 ? void 0 : queries.custom.length) > 0;
@@ -152,7 +150,7 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
             const querySuitePaths = [];
             if (queries["builtin"].length > 0) {
                 const startTimeBuiltIn = new Date().getTime();
-                querySuitePaths.push(await runQueryGroup(language, "builtin", createQuerySuiteContents(queries["builtin"], queryFilters), undefined));
+                querySuitePaths.push(await runQueryGroup(language, "builtin", createQuerySuiteContents(queries["builtin"]), undefined));
                 statusReport[`analyze_builtin_queries_${language}_duration_ms`] =
                     new Date().getTime() - startTimeBuiltIn;
             }
@@ -160,12 +158,12 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
             let ranCustom = false;
             for (let i = 0; i < queries["custom"].length; ++i) {
                 if (queries["custom"][i].queries.length > 0) {
-                    querySuitePaths.push(await runQueryGroup(language, `custom-${i}`, createQuerySuiteContents(queries["custom"][i].queries, queryFilters), queries["custom"][i].searchPath));
+                    querySuitePaths.push(await runQueryGroup(language, `custom-${i}`, createQuerySuiteContents(queries["custom"][i].queries), queries["custom"][i].searchPath));
                     ranCustom = true;
                 }
             }
             if (packsWithVersion.length > 0) {
-                querySuitePaths.push(await runQueryPacks(language, "packs", packsWithVersion, queryFilters));
+                querySuitePaths.push(...(await runQueryPacks(language, "packs", packsWithVersion, undefined)));
                 ranCustom = true;
             }
             if (ranCustom) {
@@ -223,41 +221,23 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
         logger.debug(`BQRS results produced for ${language} (queries: ${type})"`);
         return querySuitePath;
     }
-    async function runQueryPacks(language, type, packs, queryFilters) {
+    async function runQueryPacks(language, type, packs, searchPath) {
         const databasePath = util.getCodeQLDatabasePath(config, language);
+        // Run the queries individually instead of all at once to avoid command
+        // line length restrictions, particularly on windows.
         for (const pack of packs) {
             logger.debug(`Running query pack for ${language}-${type}: ${pack}`);
+            const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
+            await codeql.databaseRunQueries(databasePath, searchPath, pack, memoryFlag, threadsFlag);
+            logger.debug(`BQRS results produced for ${language} (queries: ${type})"`);
         }
-        // combine the list of packs into a query suite in order to run them all simultaneously.
-        const querySuite = packs.map(convertPackToQuerySuiteEntry).concat(queryFilters);
-        const querySuitePath = `${databasePath}-queries-${type}.qls`;
-        fs.writeFileSync(querySuitePath, yaml.dump(querySuite));
-        logger.debug(`BQRS results produced for ${language} (queries: ${type})"`);
-        const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
-        await codeql.databaseRunQueries(databasePath, undefined, querySuitePath, memoryFlag, threadsFlag);
-        return querySuitePath;
+        return packs;
     }
 }
 exports.runQueries = runQueries;
-function convertPackToQuerySuiteEntry(packStr) {
-    var _a, _b, _c, _d;
-    const pack = configUtils.parsePacksSpecification(packStr);
-    return {
-        qlpack: !pack.path ? pack.name : undefined,
-        from: pack.path ? pack.name : undefined,
-        version: pack.version,
-        query: ((_a = pack.path) === null || _a === void 0 ? void 0 : _a.endsWith(".ql")) ? pack.path : undefined,
-        queries: !((_b = pack.path) === null || _b === void 0 ? void 0 : _b.endsWith(".ql")) && !((_c = pack.path) === null || _c === void 0 ? void 0 : _c.endsWith(".qls"))
-            ? pack.path
-            : undefined,
-        apply: ((_d = pack.path) === null || _d === void 0 ? void 0 : _d.endsWith(".qls")) ? pack.path : undefined,
-    };
+function createQuerySuiteContents(queries) {
+    return queries.map((q) => `- query: ${q}`).join("\n");
 }
-exports.convertPackToQuerySuiteEntry = convertPackToQuerySuiteEntry;
-function createQuerySuiteContents(queries, queryFilters) {
-    return yaml.dump(queries.map((q) => ({ query: q })).concat(queryFilters));
-}
-exports.createQuerySuiteContents = createQuerySuiteContents;
 async function runFinalize(outputDir, threadsFlag, memoryFlag, config, logger) {
     const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
     if (await util.codeQlVersionAbove(codeql, codeql_1.CODEQL_VERSION_NEW_TRACING)) {
@@ -318,25 +298,4 @@ function printLinesOfCodeSummary(logger, language, lineCounts) {
         logger.info(`Counted a baseline of ${lineCounts[language]} lines of code for ${language}.`);
     }
 }
-// exported for testing
-function validateQueryFilters(queryFilters) {
-    if (!queryFilters) {
-        return [];
-    }
-    const errors = [];
-    for (const qf of queryFilters) {
-        const keys = Object.keys(qf);
-        if (keys.length !== 1) {
-            errors.push(`Query filter must have exactly one key: ${JSON.stringify(qf)}`);
-        }
-        if (!["exclude", "include"].includes(keys[0])) {
-            errors.push(`Only "include" or "exclude" filters are allowed:\n${JSON.stringify(qf)}`);
-        }
-    }
-    if (errors.length) {
-        throw new Error(`Invalid query filter.\n${errors.join("\n")}`);
-    }
-    return queryFilters;
-}
-exports.validateQueryFilters = validateQueryFilters;
 //# sourceMappingURL=analyze.js.map

lib/analyze.test.js

@@ -210,136 +210,4 @@ const util = __importStar(require("./util"));
         }
     }
 });
-(0, ava_1.default)("validateQueryFilters", (t) => {
-    t.notThrows(() => (0, analyze_1.validateQueryFilters)([]));
-    t.notThrows(() => (0, analyze_1.validateQueryFilters)(undefined));
-    t.notThrows(() => {
-        return (0, analyze_1.validateQueryFilters)([
-            {
-                exclude: {
-                    "problem.severity": "recommendation",
-                },
-            },
-            {
-                exclude: {
-                    "tags contain": ["foo", "bar"],
-                },
-            },
-            {
-                include: {
-                    "problem.severity": "something-to-think-about",
-                },
-            },
-            {
-                include: {
-                    "tags contain": ["baz", "bop"],
-                },
-            },
-        ]);
-    });
-    t.throws(() => {
-        return (0, analyze_1.validateQueryFilters)([
-            {
-                exclude: {
-                    "tags contain": ["foo", "bar"],
-                },
-                include: {
-                    "tags contain": ["baz", "bop"],
-                },
-            },
-        ]);
-    }, { message: /Query filter must have exactly one key/ });
-    t.throws(() => {
-        return (0, analyze_1.validateQueryFilters)([{ xxx: "foo" }]);
-    }, { message: /Only "include" or "exclude" filters are allowed/ });
-});
-const convertPackToQuerySuiteEntryMacro = ava_1.default.macro({
-    exec: (t, packSpec, suiteEntry) => t.deepEqual((0, analyze_1.convertPackToQuerySuiteEntry)(packSpec), suiteEntry),
-    title: (_providedTitle, packSpec) => `Query Suite Entry: ${packSpec}`,
-});
-(0, ava_1.default)(convertPackToQuerySuiteEntryMacro, "a/b", {
-    qlpack: "a/b",
-    from: undefined,
-    version: undefined,
-    query: undefined,
-    queries: undefined,
-    apply: undefined,
-});
-(0, ava_1.default)(convertPackToQuerySuiteEntryMacro, "a/b@~1.2.3", {
-    qlpack: "a/b",
-    from: undefined,
-    version: "~1.2.3",
-    query: undefined,
-    queries: undefined,
-    apply: undefined,
-});
-(0, ava_1.default)(convertPackToQuerySuiteEntryMacro, "a/b:my/path", {
-    qlpack: undefined,
-    from: "a/b",
-    version: undefined,
-    query: undefined,
-    queries: "my/path",
-    apply: undefined,
-});
-(0, ava_1.default)(convertPackToQuerySuiteEntryMacro, "a/b@~1.2.3:my/path", {
-    qlpack: undefined,
-    from: "a/b",
-    version: "~1.2.3",
-    query: undefined,
-    queries: "my/path",
-    apply: undefined,
-});
-(0, ava_1.default)(convertPackToQuerySuiteEntryMacro, "a/b:my/path/query.ql", {
-    qlpack: undefined,
-    from: "a/b",
-    version: undefined,
-    query: "my/path/query.ql",
-    queries: undefined,
-    apply: undefined,
-});
-(0, ava_1.default)(convertPackToQuerySuiteEntryMacro, "a/b@~1.2.3:my/path/query.ql", {
-    qlpack: undefined,
-    from: "a/b",
-    version: "~1.2.3",
-    query: "my/path/query.ql",
-    queries: undefined,
-    apply: undefined,
-});
-(0, ava_1.default)(convertPackToQuerySuiteEntryMacro, "a/b:my/path/suite.qls", {
-    qlpack: undefined,
-    from: "a/b",
-    version: undefined,
-    query: undefined,
-    queries: undefined,
-    apply: "my/path/suite.qls",
-});
-(0, ava_1.default)(convertPackToQuerySuiteEntryMacro, "a/b@~1.2.3:my/path/suite.qls", {
-    qlpack: undefined,
-    from: "a/b",
-    version: "~1.2.3",
-    query: undefined,
-    queries: undefined,
-    apply: "my/path/suite.qls",
-});
-(0, ava_1.default)("convertPackToQuerySuiteEntry Failure", (t) => {
-    t.throws(() => (0, analyze_1.convertPackToQuerySuiteEntry)("this-is-not-a-pack"));
-});
-(0, ava_1.default)("createQuerySuiteContents", (t) => {
-    const yamlResult = (0, analyze_1.createQuerySuiteContents)(["query1.ql", "query2.ql"], [
-        {
-            exclude: { "problem.severity": "recommendation" },
-        },
-        {
-            include: { "problem.severity": "recommendation" },
-        },
-    ]);
-    const expected = `- query: query1.ql
-- query: query2.ql
-- exclude:
-    problem.severity: recommendation
-- include:
-    problem.severity: recommendation
-`;
-    t.deepEqual(yamlResult, expected);
-});
 //# sourceMappingURL=analyze.test.js.map

lib/config-utils.js

@@ -19,7 +19,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
     return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getConfig = exports.getPathToParsedConfigFile = exports.initConfig = exports.parsePacks = exports.validatePackSpecification = exports.prettyPrintPack = exports.parsePacksSpecification = exports.parsePacksFromConfig = exports.getDefaultConfig = exports.getUnknownLanguagesError = exports.getNoLanguagesError = exports.getConfigFileDirectoryGivenMessage = exports.getConfigFileFormatInvalidMessage = exports.getConfigFileRepoFormatInvalidMessage = exports.getConfigFileDoesNotExistErrorMessage = exports.getConfigFileOutsideWorkspaceErrorMessage = exports.getLocalPathDoesNotExist = exports.getLocalPathOutsideOfRepository = exports.getPacksStrInvalid = exports.getPacksInvalid = exports.getPacksInvalidSplit = exports.getPacksRequireLanguage = exports.getPathsInvalid = exports.getPathsIgnoreInvalid = exports.getQueryUsesInvalid = exports.getQueriesInvalid = exports.getDisableDefaultQueriesInvalid = exports.getNameInvalid = exports.validateAndSanitisePath = void 0;
+exports.getConfig = exports.getPathToParsedConfigFile = exports.initConfig = exports.parsePacks = exports.validatePacksSpecification = exports.parsePacksFromConfig = exports.getDefaultConfig = exports.getUnknownLanguagesError = exports.getNoLanguagesError = exports.getConfigFileDirectoryGivenMessage = exports.getConfigFileFormatInvalidMessage = exports.getConfigFileRepoFormatInvalidMessage = exports.getConfigFileDoesNotExistErrorMessage = exports.getConfigFileOutsideWorkspaceErrorMessage = exports.getLocalPathDoesNotExist = exports.getLocalPathOutsideOfRepository = exports.getPacksStrInvalid = exports.getPacksInvalid = exports.getPacksInvalidSplit = exports.getPacksRequireLanguage = exports.getPathsInvalid = exports.getPathsIgnoreInvalid = exports.getQueryUsesInvalid = exports.getQueriesInvalid = exports.getDisableDefaultQueriesInvalid = exports.getNameInvalid = exports.validateAndSanitisePath = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const yaml = __importStar(require("js-yaml"));
@@ -150,7 +150,9 @@ async function addBuiltinSuiteQueries(languages, codeQL, resultMap, packs, suite
     return injectedMlQueries;
 }
 function isMlPoweredJsQueriesPack(pack) {
-    return parsePacksSpecification(pack).name === util_1.ML_POWERED_JS_QUERIES_PACK_NAME;
+    return (pack === util_1.ML_POWERED_JS_QUERIES_PACK_NAME ||
+        pack.startsWith(`${util_1.ML_POWERED_JS_QUERIES_PACK_NAME}@`) ||
+        pack.startsWith(`${util_1.ML_POWERED_JS_QUERIES_PACK_NAME}:`));
 }
 /**
  * Retrieve the set of queries at localQueryPath and add them to resultMap.
@@ -636,7 +638,10 @@ function parsePacksFromConfig(packsByLanguage, languages, configFile) {
         if (!languages.includes(lang)) {
             throw new Error(getPacksRequireLanguage(lang, configFile));
         }
-        packs[lang] = packsArr.map((packStr) => validatePackSpecification(packStr, configFile));
+        packs[lang] = [];
+        for (const packStr of packsArr) {
+            packs[lang].push(validatePacksSpecification(packStr, configFile));
+        }
     }
     return packs;
 }
@@ -660,7 +665,7 @@ function parsePacksFromInput(packsInput, languages) {
     }
     return {
         [languages[0]]: packsInput.split(",").reduce((packs, pack) => {
-            packs.push(validatePackSpecification(pack));
+            packs.push(validatePacksSpecification(pack, ""));
             return packs;
         }, []),
     };
@@ -683,7 +688,7 @@ function parsePacksFromInput(packsInput, languages) {
  * @param packStr the package specification to verify.
  * @param configFile Config file to use for error reporting
  */
-function parsePacksSpecification(packStr, configFile) {
+function validatePacksSpecification(packStr, configFile) {
     if (typeof packStr !== "string") {
         throw new Error(getPacksStrInvalid(packStr, configFile));
     }
@@ -725,21 +730,9 @@ function parsePacksSpecification(packStr, configFile) {
         // 0 length path
         throw new Error(getPacksStrInvalid(packStr, configFile));
     }
-    return {
-        name: packName,
-        version,
-        path: packPath,
-    };
+    return (packName + (version ? `@${version}` : "") + (packPath ? `:${packPath}` : ""));
 }
-exports.parsePacksSpecification = parsePacksSpecification;
-function prettyPrintPack(pack) {
-    return `${pack.name}${pack.version ? `@${pack.version}` : ""}${pack.path ? `:${pack.path}` : ""}`;
-}
-exports.prettyPrintPack = prettyPrintPack;
-function validatePackSpecification(pack, configFile) {
-    return prettyPrintPack(parsePacksSpecification(pack, configFile));
-}
-exports.validatePackSpecification = validatePackSpecification;
+exports.validatePacksSpecification = validatePacksSpecification;
 // exported for testing
 function parsePacks(rawPacksFromConfig, rawPacksInput, languages, configFile) {
     const packsFromInput = parsePacksFromInput(rawPacksInput, languages);

lib/config-utils.test.js

@@ -828,46 +828,6 @@ const invalidPackNameMacro = ava_1.default.macro({
 (0, ava_1.default)(invalidPackNameMacro, "c/d@../a");
 (0, ava_1.default)(invalidPackNameMacro, "c/d@b/../a");
 (0, ava_1.default)(invalidPackNameMacro, "c/d:z@1");
-/**
- * Test macro for pretty printing pack specs
- */
-const packSpecPrettyPrintingMacro = ava_1.default.macro({
-    exec: (t, packStr, packObj) => {
-        const parsed = configUtils.parsePacksSpecification(packStr);
-        t.deepEqual(parsed, packObj, "parsed pack spec is correct");
-        const stringified = configUtils.prettyPrintPack(packObj);
-        t.deepEqual(stringified, packStr.trim(), "pretty-printed pack spec is correct");
-        t.deepEqual(configUtils.validatePackSpecification(packStr), packStr.trim(), "pack spec is valid");
-    },
-    title: (_providedTitle, packStr, 
-    // eslint-disable-next-line @typescript-eslint/no-unused-vars
-    _packObj) => `Prettyprint pack spec: '${packStr}'`,
-});
-(0, ava_1.default)(packSpecPrettyPrintingMacro, "a/b", {
-    name: "a/b",
-    version: undefined,
-    path: undefined,
-});
-(0, ava_1.default)(packSpecPrettyPrintingMacro, "a/b@~1.2.3", {
-    name: "a/b",
-    version: "~1.2.3",
-    path: undefined,
-});
-(0, ava_1.default)(packSpecPrettyPrintingMacro, "a/b@~1.2.3:abc/def", {
-    name: "a/b",
-    version: "~1.2.3",
-    path: "abc/def",
-});
-(0, ava_1.default)(packSpecPrettyPrintingMacro, "a/b:abc/def", {
-    name: "a/b",
-    version: undefined,
-    path: "abc/def",
-});
-(0, ava_1.default)(packSpecPrettyPrintingMacro, "    a/b:abc/def    ", {
-    name: "a/b",
-    version: undefined,
-    path: "abc/def",
-});
 /**
  * Test macro for testing the packs block and the packs input
  */

lib/util.js

@@ -33,7 +33,6 @@ const api = __importStar(require("./api-client"));
 const api_client_1 = require("./api-client");
 const apiCompatibility = __importStar(require("./api-compatibility.json"));
 const codeql_1 = require("./codeql");
-const config_utils_1 = require("./config-utils");
 /**
  * Specifies bundle versions that are known to be broken
  * and will not be used if found in the toolcache.
@@ -563,10 +562,7 @@ async function getMlPoweredJsQueriesPack(codeQL) {
     else {
         version = `~0.1.0`;
     }
-    return (0, config_utils_1.prettyPrintPack)({
-        name: exports.ML_POWERED_JS_QUERIES_PACK_NAME,
-        version,
-    });
+    return `${exports.ML_POWERED_JS_QUERIES_PACK_NAME}@${version}`;
 }
 exports.getMlPoweredJsQueriesPack = getMlPoweredJsQueriesPack;
 /**
@@ -592,8 +588,9 @@ exports.getMlPoweredJsQueriesPack = getMlPoweredJsQueriesPack;
  */
 function getMlPoweredJsQueriesStatus(config) {
     const mlPoweredJsQueryPacks = (config.packs.javascript || [])
-        .map((p) => (0, config_utils_1.parsePacksSpecification)(p))
-        .filter((pack) => pack.name === "codeql/javascript-experimental-atm-queries" && !pack.path);
+        .map((pack) => pack.split("@"))
+        .filter((packNameVersion) => packNameVersion[0] === "codeql/javascript-experimental-atm-queries" &&
+        packNameVersion.length <= 2);
     switch (mlPoweredJsQueryPacks.length) {
         case 1:
             // We should always specify an explicit version string in `getMlPoweredJsQueriesPack`,
@@ -601,7 +598,7 @@ function getMlPoweredJsQueriesStatus(config) {
             // with each version of the CodeQL Action. Therefore in practice we should only hit the
             // `latest` case here when customers have explicitly added the ML-powered query pack to their
             // CodeQL config.
-            return mlPoweredJsQueryPacks[0].version || "latest";
+            return mlPoweredJsQueryPacks[0][1] || "latest";
         case 0:
             return "false";
         default:

lib/util.test.js

@@ -209,13 +209,13 @@ const ML_POWERED_JS_STATUS_TESTS = [
     // If no packs are loaded, status is false.
     [[], "false"],
     // If another pack is loaded but not the ML-powered query pack, status is false.
-    [["some-other/pack"], "false"],
+    [["someOtherPack"], "false"],
     // If the ML-powered query pack is loaded with a specific version, status is that version.
     [[`${util.ML_POWERED_JS_QUERIES_PACK_NAME}@~0.1.0`], "~0.1.0"],
     // If the ML-powered query pack is loaded with a specific version and another pack is loaded, the
     // status is the version of the ML-powered query pack.
     [
-        ["some-other/pack", `${util.ML_POWERED_JS_QUERIES_PACK_NAME}@~0.1.0`],
+        ["someOtherPack", `${util.ML_POWERED_JS_QUERIES_PACK_NAME}@~0.1.0`],
         "~0.1.0",
     ],
     // If the ML-powered query pack is loaded without a version, the status is "latest".
@@ -230,7 +230,7 @@ const ML_POWERED_JS_STATUS_TESTS = [
     ],
     // If the ML-powered query pack is loaded with no specific version, and another pack is loaded,
     // the status is "latest".
-    [["some-other/pack", util.ML_POWERED_JS_QUERIES_PACK_NAME], "latest"],
+    [["someOtherPack", util.ML_POWERED_JS_QUERIES_PACK_NAME], "latest"],
 ];
 for (const [packs, expectedStatus] of ML_POWERED_JS_STATUS_TESTS) {
     const packDescriptions = `[${packs

src/analyze.test.ts

@@ -1,16 +1,11 @@
 import * as fs from "fs";
 import * as path from "path";
 
-import test, { ExecutionContext } from "ava";
+import test from "ava";
 import * as yaml from "js-yaml";
 import * as sinon from "sinon";
 
-import {
-  convertPackToQuerySuiteEntry,
-  createQuerySuiteContents,
-  runQueries,
-  validateQueryFilters,
-} from "./analyze";
+import { runQueries } from "./analyze";
 import { setCodeQL } from "./codeql";
 import { Config } from "./config-utils";
 import * as count from "./count-loc";
@@ -254,161 +249,3 @@ test("status report fields and search path setting", async (t) => {
     }
   }
 });
-
-test("validateQueryFilters", (t) => {
-  t.notThrows(() => validateQueryFilters([]));
-  t.notThrows(() => validateQueryFilters(undefined));
-  t.notThrows(() => {
-    return validateQueryFilters([
-      {
-        exclude: {
-          "problem.severity": "recommendation",
-        },
-      },
-      {
-        exclude: {
-          "tags contain": ["foo", "bar"],
-        },
-      },
-      {
-        include: {
-          "problem.severity": "something-to-think-about",
-        },
-      },
-      {
-        include: {
-          "tags contain": ["baz", "bop"],
-        },
-      },
-    ]);
-  });
-
-  t.throws(
-    () => {
-      return validateQueryFilters([
-        {
-          exclude: {
-            "tags contain": ["foo", "bar"],
-          },
-          include: {
-            "tags contain": ["baz", "bop"],
-          },
-        },
-      ]);
-    },
-    { message: /Query filter must have exactly one key/ }
-  );
-
-  t.throws(
-    () => {
-      return validateQueryFilters([{ xxx: "foo" } as any]);
-    },
-    { message: /Only "include" or "exclude" filters are allowed/ }
-  );
-});
-
-const convertPackToQuerySuiteEntryMacro = test.macro({
-  exec: (t: ExecutionContext<unknown>, packSpec: string, suiteEntry: any) =>
-    t.deepEqual(convertPackToQuerySuiteEntry(packSpec), suiteEntry),
-
-  title: (_providedTitle, packSpec: string) => `Query Suite Entry: ${packSpec}`,
-});
-
-test(convertPackToQuerySuiteEntryMacro, "a/b", {
-  qlpack: "a/b",
-  from: undefined,
-  version: undefined,
-  query: undefined,
-  queries: undefined,
-  apply: undefined,
-});
-
-test(convertPackToQuerySuiteEntryMacro, "a/b@~1.2.3", {
-  qlpack: "a/b",
-  from: undefined,
-  version: "~1.2.3",
-  query: undefined,
-  queries: undefined,
-  apply: undefined,
-});
-
-test(convertPackToQuerySuiteEntryMacro, "a/b:my/path", {
-  qlpack: undefined,
-  from: "a/b",
-  version: undefined,
-  query: undefined,
-  queries: "my/path",
-  apply: undefined,
-});
-
-test(convertPackToQuerySuiteEntryMacro, "a/b@~1.2.3:my/path", {
-  qlpack: undefined,
-  from: "a/b",
-  version: "~1.2.3",
-  query: undefined,
-  queries: "my/path",
-  apply: undefined,
-});
-
-test(convertPackToQuerySuiteEntryMacro, "a/b:my/path/query.ql", {
-  qlpack: undefined,
-  from: "a/b",
-  version: undefined,
-  query: "my/path/query.ql",
-  queries: undefined,
-  apply: undefined,
-});
-
-test(convertPackToQuerySuiteEntryMacro, "a/b@~1.2.3:my/path/query.ql", {
-  qlpack: undefined,
-  from: "a/b",
-  version: "~1.2.3",
-  query: "my/path/query.ql",
-  queries: undefined,
-  apply: undefined,
-});
-
-test(convertPackToQuerySuiteEntryMacro, "a/b:my/path/suite.qls", {
-  qlpack: undefined,
-  from: "a/b",
-  version: undefined,
-  query: undefined,
-  queries: undefined,
-  apply: "my/path/suite.qls",
-});
-
-test(convertPackToQuerySuiteEntryMacro, "a/b@~1.2.3:my/path/suite.qls", {
-  qlpack: undefined,
-  from: "a/b",
-  version: "~1.2.3",
-  query: undefined,
-  queries: undefined,
-  apply: "my/path/suite.qls",
-});
-
-test("convertPackToQuerySuiteEntry Failure", (t) => {
-  t.throws(() => convertPackToQuerySuiteEntry("this-is-not-a-pack"));
-});
-
-test("createQuerySuiteContents", (t) => {
-  const yamlResult = createQuerySuiteContents(
-    ["query1.ql", "query2.ql"],
-    [
-      {
-        exclude: { "problem.severity": "recommendation" },
-      },
-      {
-        include: { "problem.severity": "recommendation" },
-      },
-    ]
-  );
-  const expected = `- query: query1.ql
-- query: query2.ql
-- exclude:
-    problem.severity: recommendation
-- include:
-    problem.severity: recommendation
-`;
-
-  t.deepEqual(yamlResult, expected);
-});

src/analyze.ts

@@ -224,9 +224,6 @@ export async function runQueries(
 
   for (const language of config.languages) {
     const queries = config.queries[language];
-    const queryFilters = validateQueryFilters(
-      config.originalUserInput["query-filters"]
-    );
     const packsWithVersion = config.packs[language] || [];
 
     const hasBuiltinQueries = queries?.builtin.length > 0;
@@ -264,7 +261,7 @@ export async function runQueries(
           await runQueryGroup(
             language,
             "builtin",
-            createQuerySuiteContents(queries["builtin"], queryFilters),
+            createQuerySuiteContents(queries["builtin"]),
             undefined
           )
         );
@@ -279,10 +276,7 @@ export async function runQueries(
             await runQueryGroup(
               language,
               `custom-${i}`,
-              createQuerySuiteContents(
-                queries["custom"][i].queries,
-                queryFilters
-              ),
+              createQuerySuiteContents(queries["custom"][i].queries),
               queries["custom"][i].searchPath
             )
           );
@@ -291,7 +285,12 @@ export async function runQueries(
       }
       if (packsWithVersion.length > 0) {
         querySuitePaths.push(
-          await runQueryPacks(language, "packs", packsWithVersion, queryFilters)
+          ...(await runQueryPacks(
+            language,
+            "packs",
+            packsWithVersion,
+            undefined
+          ))
         );
         ranCustom = true;
       }
@@ -393,61 +392,32 @@ export async function runQueries(
     language: Language,
     type: string,
     packs: string[],
-    queryFilters: configUtils.QueryFilter[]
-  ): Promise<string> {
+    searchPath: string | undefined
+  ): Promise<string[]> {
     const databasePath = util.getCodeQLDatabasePath(config, language);
+    // Run the queries individually instead of all at once to avoid command
+    // line length restrictions, particularly on windows.
 
     for (const pack of packs) {
       logger.debug(`Running query pack for ${language}-${type}: ${pack}`);
+
+      const codeql = await getCodeQL(config.codeQLCmd);
+      await codeql.databaseRunQueries(
+        databasePath,
+        searchPath,
+        pack,
+        memoryFlag,
+        threadsFlag
+      );
+
+      logger.debug(`BQRS results produced for ${language} (queries: ${type})"`);
     }
-
-    // combine the list of packs into a query suite in order to run them all simultaneously.
-    const querySuite = (
-      packs.map(convertPackToQuerySuiteEntry) as configUtils.QuerySuiteEntry[]
-    ).concat(queryFilters);
-
-    const querySuitePath = `${databasePath}-queries-${type}.qls`;
-    fs.writeFileSync(querySuitePath, yaml.dump(querySuite));
-
-    logger.debug(`BQRS results produced for ${language} (queries: ${type})"`);
-
-    const codeql = await getCodeQL(config.codeQLCmd);
-    await codeql.databaseRunQueries(
-      databasePath,
-      undefined,
-      querySuitePath,
-      memoryFlag,
-      threadsFlag
-    );
-
-    return querySuitePath;
+    return packs;
   }
 }
 
-export function convertPackToQuerySuiteEntry(
-  packStr: string
-): configUtils.QuerySuitePackEntry {
-  const pack = configUtils.parsePacksSpecification(packStr);
-  return {
-    qlpack: !pack.path ? pack.name : undefined,
-    from: pack.path ? pack.name : undefined,
-    version: pack.version,
-    query: pack.path?.endsWith(".ql") ? pack.path : undefined,
-    queries:
-      !pack.path?.endsWith(".ql") && !pack.path?.endsWith(".qls")
-        ? pack.path
-        : undefined,
-    apply: pack.path?.endsWith(".qls") ? pack.path : undefined,
-  };
-}
-
-export function createQuerySuiteContents(
-  queries: string[],
-  queryFilters: configUtils.QueryFilter[]
-) {
-  return yaml.dump(
-    queries.map((q: string) => ({ query: q })).concat(queryFilters as any)
-  );
+function createQuerySuiteContents(queries: string[]) {
+  return queries.map((q: string) => `- query: ${q}`).join("\n");
 }
 
 export async function runFinalize(
@@ -535,33 +505,3 @@ function printLinesOfCodeSummary(
     );
   }
 }
-
-// exported for testing
-export function validateQueryFilters(queryFilters?: configUtils.QueryFilter[]) {
-  if (!queryFilters) {
-    return [];
-  }
-
-  const errors: string[] = [];
-  for (const qf of queryFilters) {
-    const keys = Object.keys(qf);
-    if (keys.length !== 1) {
-      errors.push(
-        `Query filter must have exactly one key: ${JSON.stringify(qf)}`
-      );
-    }
-    if (!["exclude", "include"].includes(keys[0])) {
-      errors.push(
-        `Only "include" or "exclude" filters are allowed:\n${JSON.stringify(
-          qf
-        )}`
-      );
-    }
-  }
-
-  if (errors.length) {
-    throw new Error(`Invalid query filter.\n${errors.join("\n")}`);
-  }
-
-  return queryFilters;
-}

src/config-utils.test.ts

@@ -1572,60 +1572,6 @@ test(invalidPackNameMacro, "c/d@../a");
 test(invalidPackNameMacro, "c/d@b/../a");
 test(invalidPackNameMacro, "c/d:z@1");
 
-/**
- * Test macro for pretty printing pack specs
- */
-const packSpecPrettyPrintingMacro = test.macro({
-  exec: (t: ExecutionContext, packStr: string, packObj: configUtils.Pack) => {
-    const parsed = configUtils.parsePacksSpecification(packStr);
-    t.deepEqual(parsed, packObj, "parsed pack spec is correct");
-    const stringified = configUtils.prettyPrintPack(packObj);
-    t.deepEqual(
-      stringified,
-      packStr.trim(),
-      "pretty-printed pack spec is correct"
-    );
-
-    t.deepEqual(
-      configUtils.validatePackSpecification(packStr),
-      packStr.trim(),
-      "pack spec is valid"
-    );
-  },
-  title: (
-    _providedTitle: string | undefined,
-    packStr: string,
-    // eslint-disable-next-line @typescript-eslint/no-unused-vars
-    _packObj: configUtils.Pack
-  ) => `Prettyprint pack spec: '${packStr}'`,
-});
-
-test(packSpecPrettyPrintingMacro, "a/b", {
-  name: "a/b",
-  version: undefined,
-  path: undefined,
-});
-test(packSpecPrettyPrintingMacro, "a/b@~1.2.3", {
-  name: "a/b",
-  version: "~1.2.3",
-  path: undefined,
-});
-test(packSpecPrettyPrintingMacro, "a/b@~1.2.3:abc/def", {
-  name: "a/b",
-  version: "~1.2.3",
-  path: "abc/def",
-});
-test(packSpecPrettyPrintingMacro, "a/b:abc/def", {
-  name: "a/b",
-  version: undefined,
-  path: "abc/def",
-});
-test(packSpecPrettyPrintingMacro, "    a/b:abc/def    ", {
-  name: "a/b",
-  version: undefined,
-  path: "abc/def",
-});
-
 /**
  * Test macro for testing the packs block and the packs input
  */

src/config-utils.ts

@@ -49,38 +49,8 @@ export interface UserConfig {
   // language. If this is a single language analysis, then no split by
   // language is necessary.
   packs?: Record<string, string[]> | string[];
-
-  // Set of query filters to include and exclude extra queries based on
-  // codeql query suite `include` and `exclude` properties
-  "query-filters"?: QueryFilter[];
 }
 
-export type QueryFilter = ExcludeQueryFilter | IncludeQueryFilter;
-
-interface ExcludeQueryFilter {
-  exclude: Record<string, string[] | string>;
-}
-
-interface IncludeQueryFilter {
-  include: Record<string, string[] | string>;
-}
-
-export type QuerySuitePackEntry = {
-  version?: string;
-} & (
-  | {
-      qlpack: string;
-    }
-  | {
-      from?: string;
-      query?: string;
-      queries?: string;
-      apply?: string;
-    }
-);
-
-export type QuerySuiteEntry = QuerySuitePackEntry | QueryFilter;
-
 /**
  * Lists of query files for each language.
  * Will only contain .ql files and not other kinds of files,
@@ -187,12 +157,6 @@ export interface Config {
 
 export type Packs = Partial<Record<Language, string[]>>;
 
-export interface Pack {
-  name: string;
-  version?: string;
-  path?: string;
-}
-
 /**
  * A list of queries from https://github.com/github/codeql that
  * we don't want to run. Disabling them here is a quicker alternative to
@@ -355,7 +319,11 @@ async function addBuiltinSuiteQueries(
 }
 
 function isMlPoweredJsQueriesPack(pack: string) {
-  return parsePacksSpecification(pack).name === ML_POWERED_JS_QUERIES_PACK_NAME;
+  return (
+    pack === ML_POWERED_JS_QUERIES_PACK_NAME ||
+    pack.startsWith(`${ML_POWERED_JS_QUERIES_PACK_NAME}@`) ||
+    pack.startsWith(`${ML_POWERED_JS_QUERIES_PACK_NAME}:`)
+  );
 }
 
 /**
@@ -1202,10 +1170,10 @@ export function parsePacksFromConfig(
     if (!languages.includes(lang as Language)) {
       throw new Error(getPacksRequireLanguage(lang, configFile));
     }
-
-    packs[lang] = packsArr.map((packStr) =>
-      validatePackSpecification(packStr, configFile)
-    );
+    packs[lang] = [];
+    for (const packStr of packsArr) {
+      packs[lang].push(validatePacksSpecification(packStr, configFile));
+    }
   }
   return packs;
 }
@@ -1238,7 +1206,7 @@ function parsePacksFromInput(
 
   return {
     [languages[0]]: packsInput.split(",").reduce((packs, pack) => {
-      packs.push(validatePackSpecification(pack));
+      packs.push(validatePacksSpecification(pack, ""));
       return packs;
     }, [] as string[]),
   };
@@ -1262,10 +1230,10 @@ function parsePacksFromInput(
  * @param packStr the package specification to verify.
  * @param configFile Config file to use for error reporting
  */
-export function parsePacksSpecification(
+export function validatePacksSpecification(
   packStr: string,
   configFile?: string
-): Pack {
+): string {
   if (typeof packStr !== "string") {
     throw new Error(getPacksStrInvalid(packStr, configFile));
   }
@@ -1318,21 +1286,9 @@ export function parsePacksSpecification(
     throw new Error(getPacksStrInvalid(packStr, configFile));
   }
 
-  return {
-    name: packName,
-    version,
-    path: packPath,
-  };
-}
-
-export function prettyPrintPack(pack: Pack) {
-  return `${pack.name}${pack.version ? `@${pack.version}` : ""}${
-    pack.path ? `:${pack.path}` : ""
-  }`;
-}
-
-export function validatePackSpecification(pack: string, configFile?: string) {
-  return prettyPrintPack(parsePacksSpecification(pack, configFile));
+  return (
+    packName + (version ? `@${version}` : "") + (packPath ? `:${packPath}` : "")
+  );
 }
 
 // exported for testing

src/util.test.ts

@@ -298,13 +298,13 @@ const ML_POWERED_JS_STATUS_TESTS: Array<[string[], string]> = [
   // If no packs are loaded, status is false.
   [[], "false"],
   // If another pack is loaded but not the ML-powered query pack, status is false.
-  [["some-other/pack"], "false"],
+  [["someOtherPack"], "false"],
   // If the ML-powered query pack is loaded with a specific version, status is that version.
   [[`${util.ML_POWERED_JS_QUERIES_PACK_NAME}@~0.1.0`], "~0.1.0"],
   // If the ML-powered query pack is loaded with a specific version and another pack is loaded, the
   // status is the version of the ML-powered query pack.
   [
-    ["some-other/pack", `${util.ML_POWERED_JS_QUERIES_PACK_NAME}@~0.1.0`],
+    ["someOtherPack", `${util.ML_POWERED_JS_QUERIES_PACK_NAME}@~0.1.0`],
     "~0.1.0",
   ],
   // If the ML-powered query pack is loaded without a version, the status is "latest".
@@ -319,7 +319,7 @@ const ML_POWERED_JS_STATUS_TESTS: Array<[string[], string]> = [
   ],
   // If the ML-powered query pack is loaded with no specific version, and another pack is loaded,
   // the status is "latest".
-  [["some-other/pack", util.ML_POWERED_JS_QUERIES_PACK_NAME], "latest"],
+  [["someOtherPack", util.ML_POWERED_JS_QUERIES_PACK_NAME], "latest"],
 ];
 
 for (const [packs, expectedStatus] of ML_POWERED_JS_STATUS_TESTS) {

src/util.ts

@@ -11,11 +11,7 @@ import * as api from "./api-client";
 import { getApiClient, GitHubApiDetails } from "./api-client";
 import * as apiCompatibility from "./api-compatibility.json";
 import { CodeQL, CODEQL_VERSION_NEW_TRACING } from "./codeql";
-import {
-  Config,
-  parsePacksSpecification,
-  prettyPrintPack,
-} from "./config-utils";
+import { Config } from "./config-utils";
 import { Language } from "./languages";
 import { Logger } from "./logging";
 
@@ -676,10 +672,7 @@ export async function getMlPoweredJsQueriesPack(
   } else {
     version = `~0.1.0`;
   }
-  return prettyPrintPack({
-    name: ML_POWERED_JS_QUERIES_PACK_NAME,
-    version,
-  });
+  return `${ML_POWERED_JS_QUERIES_PACK_NAME}@${version}`;
 }
 
 /**
@@ -705,10 +698,11 @@ export async function getMlPoweredJsQueriesPack(
  */
 export function getMlPoweredJsQueriesStatus(config: Config): string {
   const mlPoweredJsQueryPacks = (config.packs.javascript || [])
-    .map((p) => parsePacksSpecification(p))
+    .map((pack) => pack.split("@"))
     .filter(
-      (pack) =>
-        pack.name === "codeql/javascript-experimental-atm-queries" && !pack.path
+      (packNameVersion) =>
+        packNameVersion[0] === "codeql/javascript-experimental-atm-queries" &&
+        packNameVersion.length <= 2
     );
   switch (mlPoweredJsQueryPacks.length) {
     case 1:
@@ -717,7 +711,7 @@ export function getMlPoweredJsQueriesStatus(config: Config): string {
       // with each version of the CodeQL Action. Therefore in practice we should only hit the
       // `latest` case here when customers have explicitly added the ML-powered query pack to their
       // CodeQL config.
-      return mlPoweredJsQueryPacks[0].version || "latest";
+      return mlPoweredJsQueryPacks[0][1] || "latest";
     case 0:
       return "false";
     default:

tests/multi-language-repo/.github/codeql/codeql-config-query-filters1.yml

@@ -1,10 +0,0 @@
-name: "Check SARIF for default queries with Single include, Single exclude"
-
-query-filters:
-# This should run js/path-injection and js/zipslip
-- include:
-    tags contain: external/cwe/cwe-022
-
-# Removes js/path-injection
-- exclude:
-    id: js/path-injection

tests/multi-language-repo/.github/codeql/codeql-config-query-filters2.yml

@@ -1,21 +0,0 @@
-name: "Check SARIF for query packs with Single include, Single exclude"
-
-disable-default-queries: true
-
-packs:
-  javascript:
-    - codeql/javascript-queries
-    - dsp-testing/codeql-pack1@1.0.0
-
-query-filters:
-# This should run js/path-injection and js/zipslip
-- include:
-    tags contain: external/cwe/cwe-022
-
-# Removes js/path-injection
-- exclude:
-    id: js/path-injection
-
-# Query from extra pack
-- include:
-    id: javascript/example/empty-or-one-block

tests/multi-language-repo/.github/codeql/codeql-config-query-filters3.yml

@@ -1,35 +0,0 @@
-name: "Check SARIF for query packs and local queries with Single include, Single exclude"
-
-disable-default-queries: true
-
-queries:
-# Local query
-  - name: Run an extra local query
-    uses: ./codeql-qlpacks/javascript-qlpack/show_ifs.ql
-
-# These queries are ignored
-  - name: Ignored queries
-    uses: ./codeql-qlpacks/complex-python-qlpack/rootAndBar.qls
-
-
-packs:
-  javascript:
-    - codeql/javascript-queries
-    - dsp-testing/codeql-pack1@1.0.0
-
-query-filters:
-# This should run js/path-injection and js/zipslip
-- include:
-    tags contain: external/cwe/cwe-022
-
-# Removes js/path-injection
-- exclude:
-    id: js/path-injection
-
-# Query from extra pack
-- include:
-    id: javascript/example/empty-or-one-block
-
-# Local query
-- include:
-    id: inrepo-javascript-querypack/show-ifs