robojerk/codeql-action

Remove CodeQL version guards for 2.11.5 and earlier

Browse source
This commit is contained in:
Henry Mercer 2023-11-27 12:49:28 +00:00
parent 649145214e
commit a36fc67ec3
12 changed files with 14 additions and 114 deletions
Download patch file Download diff file Expand all files Collapse all files

14
lib/codeql.js generated
View file

@ -23,7 +23,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
return result; return result;
}; };
Object.defineProperty(exports, "__esModule", { value: true }); Object.defineProperty(exports, "__esModule", { value: true });
exports.getGeneratedCodeScanningConfigPath = exports.getTrapCachingExtractorConfigArgsForLang = exports.getTrapCachingExtractorConfigArgs = exports.getExtraOptions = exports.getCodeQLForCmd = exports.getCodeQLForTesting = exports.getCachedCodeQL = exports.setCodeQL = exports.getCodeQL = exports.setupCodeQL = exports.CODEQL_VERSION_SUBLANGUAGE_FILE_COVERAGE = exports.CODEQL_VERSION_ANALYSIS_SUMMARY_V2 = exports.CODEQL_VERSION_LANGUAGE_ALIASING = exports.CODEQL_VERSION_LANGUAGE_BASELINE_CONFIG = exports.CODEQL_VERSION_RESOLVE_ENVIRONMENT = exports.CODEQL_VERSION_DIAGNOSTICS_EXPORT_FIXED = exports.CODEQL_VERSION_BETTER_NO_CODE_ERROR_MESSAGE = exports.CODEQL_VERSION_INIT_WITH_QLCONFIG = exports.CODEQL_VERSION_EXPORT_CODE_SCANNING_CONFIG = exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = exports.CODEQL_VERSION_EXPORT_FAILED_SARIF = exports.CommandInvocationError = void 0; exports.getGeneratedCodeScanningConfigPath = exports.getTrapCachingExtractorConfigArgsForLang = exports.getTrapCachingExtractorConfigArgs = exports.getExtraOptions = exports.getCodeQLForCmd = exports.getCodeQLForTesting = exports.getCachedCodeQL = exports.setCodeQL = exports.getCodeQL = exports.setupCodeQL = exports.CODEQL_VERSION_SUBLANGUAGE_FILE_COVERAGE = exports.CODEQL_VERSION_ANALYSIS_SUMMARY_V2 = exports.CODEQL_VERSION_LANGUAGE_ALIASING = exports.CODEQL_VERSION_LANGUAGE_BASELINE_CONFIG = exports.CODEQL_VERSION_RESOLVE_ENVIRONMENT = exports.CODEQL_VERSION_DIAGNOSTICS_EXPORT_FIXED = exports.CODEQL_VERSION_BETTER_NO_CODE_ERROR_MESSAGE = exports.CODEQL_VERSION_INIT_WITH_QLCONFIG = exports.CODEQL_VERSION_EXPORT_CODE_SCANNING_CONFIG = exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = exports.CommandInvocationError = void 0;
const fs = __importStar(require("fs")); const fs = __importStar(require("fs"));
const path = __importStar(require("path")); const path = __importStar(require("path"));
const core = __importStar(require("@actions/core")); const core = __importStar(require("@actions/core"));
@ -92,13 +92,7 @@ const GHES_MOST_RECENT_DEPRECATION_DATE = "2023-11-08";
* flag is older than the oldest supported version above, it may be removed. * flag is older than the oldest supported version above, it may be removed.
*/ */
/** /**
* Versions 2.11.3+ of the CodeQL CLI support exporting a failed SARIF file via * Versions 2.12.1+ of the CodeQL Bundle include a `security-experimental` built-in query suite for
* `codeql database export-diagnostics` or `codeql diagnostics export`.
*/
exports.CODEQL_VERSION_EXPORT_FAILED_SARIF = "2.11.3";
const CODEQL_VERSION_FILE_BASELINE_INFORMATION = "2.11.3";
/**
* Versions 2.11.1+ of the CodeQL Bundle include a `security-experimental` built-in query suite for
* each language. * each language.
*/ */
exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = "2.12.1"; exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = "2.12.1";
@ -509,6 +503,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
addSnippetsFlag, addSnippetsFlag,
"--print-diagnostics-summary", "--print-diagnostics-summary",
"--print-metrics-summary", "--print-metrics-summary",
"--sarif-add-baseline-file-info",
"--sarif-add-query-help", "--sarif-add-query-help",
"--sarif-group-rules-by-pack", "--sarif-group-rules-by-pack",
...(await getCodeScanningConfigExportArguments(config, this)), ...(await getCodeScanningConfigExportArguments(config, this)),
@ -517,9 +512,6 @@ async function getCodeQLForCmd(cmd, checkVersion) {
if (automationDetailsId !== undefined) { if (automationDetailsId !== undefined) {
codeqlArgs.push("--sarif-category", automationDetailsId); codeqlArgs.push("--sarif-category", automationDetailsId);
} }
if (await util.codeQlVersionAbove(this, CODEQL_VERSION_FILE_BASELINE_INFORMATION)) {
codeqlArgs.push("--sarif-add-baseline-file-info");
}
if (await isSublanguageFileCoverageEnabled(config, this)) { if (await isSublanguageFileCoverageEnabled(config, this)) {
codeqlArgs.push("--sublanguage-file-coverage"); codeqlArgs.push("--sublanguage-file-coverage");
} }

2
lib/codeql.js.map
View file

File diff suppressed because one or more lines are too long

18
lib/codeql.test.js generated
View file

@ -604,24 +604,6 @@ const injectedConfigMacro = ava_1.default.macro({
t.false(hasQlconfigArg, "should NOT have injected a qlconfig"); t.false(hasQlconfigArg, "should NOT have injected a qlconfig");
}); });
}); });
(0, ava_1.default)("databaseInterpretResults() sets --sarif-add-baseline-file-info for 2.11.3", async (t) => {
const runnerConstructorStub = stubToolRunnerConstructor();
const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.11.3"));
// safeWhich throws because of the test CodeQL object.
sinon.stub(safeWhich, "safeWhich").resolves("");
await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "", stubConfig, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
t.true(runnerConstructorStub.firstCall.args[1].includes("--sarif-add-baseline-file-info"), "--sarif-add-baseline-file-info should be present, but it is absent");
});
(0, ava_1.default)("databaseInterpretResults() does not set --sarif-add-baseline-file-info for 2.11.2", async (t) => {
const runnerConstructorStub = stubToolRunnerConstructor();
const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.11.2"));
// safeWhich throws because of the test CodeQL object.
sinon.stub(safeWhich, "safeWhich").resolves("");
await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "", stubConfig, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
t.false(runnerConstructorStub.firstCall.args[1].includes("--sarif-add-baseline-file-info"), "--sarif-add-baseline-file-info must be absent, but it is present");
});
const NEW_ANALYSIS_SUMMARY_TEST_CASES = [ const NEW_ANALYSIS_SUMMARY_TEST_CASES = [
{ {
codeqlVersion: "2.15.0", codeqlVersion: "2.15.0",

2
lib/codeql.test.js.map
View file

File diff suppressed because one or more lines are too long

2
lib/feature-flags.js generated
View file

@ -75,7 +75,7 @@ exports.featureConfig = {
}, },
[Feature.CliConfigFileEnabled]: { [Feature.CliConfigFileEnabled]: {
envVar: "CODEQL_PASS_CONFIG_TO_CLI", envVar: "CODEQL_PASS_CONFIG_TO_CLI",
minimumVersion: "2.11.6", minimumVersion: undefined,
defaultValue: true, defaultValue: true,
}, },
[Feature.EvaluatorFineGrainedParallelismEnabled]: { [Feature.EvaluatorFineGrainedParallelismEnabled]: {

2
lib/feature-flags.js.map
View file

File diff suppressed because one or more lines are too long

5
lib/init-action-post-helper.js generated
View file

@ -49,10 +49,6 @@ async function maybeUploadFailedSarif(config, repositoryNwo, features, logger) {
if (!config.codeQLCmd) { if (!config.codeQLCmd) {
return { upload_failed_run_skipped_because: "CodeQL command not found" }; return { upload_failed_run_skipped_because: "CodeQL command not found" };
} }
const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
if (!(await (0, util_1.codeQlVersionAbove)(codeql, codeql_1.CODEQL_VERSION_EXPORT_FAILED_SARIF))) {
return { upload_failed_run_skipped_because: "Unsupported by CodeQL CLI" };
}
const workflow = await (0, workflow_1.getWorkflow)(logger); const workflow = await (0, workflow_1.getWorkflow)(logger);
const jobName = (0, util_1.getRequiredEnvParam)("GITHUB_JOB"); const jobName = (0, util_1.getRequiredEnvParam)("GITHUB_JOB");
const matrix = (0, util_1.parseMatrixInput)(actionsUtil.getRequiredInput("matrix")); const matrix = (0, util_1.parseMatrixInput)(actionsUtil.getRequiredInput("matrix"));
@ -64,6 +60,7 @@ async function maybeUploadFailedSarif(config, repositoryNwo, features, logger) {
const category = (0, workflow_1.getCategoryInputOrThrow)(workflow, jobName, matrix); const category = (0, workflow_1.getCategoryInputOrThrow)(workflow, jobName, matrix);
const checkoutPath = (0, workflow_1.getCheckoutPathInputOrThrow)(workflow, jobName, matrix); const checkoutPath = (0, workflow_1.getCheckoutPathInputOrThrow)(workflow, jobName, matrix);
const databasePath = config.dbLocation; const databasePath = config.dbLocation;
const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
const sarifFile = "../codeql-failed-run.sarif"; const sarifFile = "../codeql-failed-run.sarif";
// If there is no database or the feature flag is off, we run 'export diagnostics' // If there is no database or the feature flag is off, we run 'export diagnostics'
if (databasePath === undefined || if (databasePath === undefined ||

2
lib/init-action-post-helper.js.map
View file

File diff suppressed because one or more lines are too long

52
src/codeql.test.ts
View file

@ -951,58 +951,6 @@ test("does not pass a qlconfig to the CLI when it is undefined", async (t: Execu
}); });
}); });
test("databaseInterpretResults() sets --sarif-add-baseline-file-info for 2.11.3", async (t) => {
const runnerConstructorStub = stubToolRunnerConstructor();
const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeqlObject, "getVersion").resolves(makeVersionInfo("2.11.3"));
// safeWhich throws because of the test CodeQL object.
sinon.stub(safeWhich, "safeWhich").resolves("");
await codeqlObject.databaseInterpretResults(
"",
[],
"",
"",
"",
"-v",
"",
stubConfig,
createFeatures([]),
getRunnerLogger(true),
);
t.true(
runnerConstructorStub.firstCall.args[1].includes(
"--sarif-add-baseline-file-info",
),
"--sarif-add-baseline-file-info should be present, but it is absent",
);
});
test("databaseInterpretResults() does not set --sarif-add-baseline-file-info for 2.11.2", async (t) => {
const runnerConstructorStub = stubToolRunnerConstructor();
const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeqlObject, "getVersion").resolves(makeVersionInfo("2.11.2"));
// safeWhich throws because of the test CodeQL object.
sinon.stub(safeWhich, "safeWhich").resolves("");
await codeqlObject.databaseInterpretResults(
"",
[],
"",
"",
"",
"-v",
"",
stubConfig,
createFeatures([]),
getRunnerLogger(true),
);
t.false(
runnerConstructorStub.firstCall.args[1].includes(
"--sarif-add-baseline-file-info",
),
"--sarif-add-baseline-file-info must be absent, but it is present",
);
});
const NEW_ANALYSIS_SUMMARY_TEST_CASES = [ const NEW_ANALYSIS_SUMMARY_TEST_CASES = [
{ {
codeqlVersion: "2.15.0", codeqlVersion: "2.15.0",

19
src/codeql.ts
View file

@ -317,15 +317,7 @@ const GHES_MOST_RECENT_DEPRECATION_DATE = "2023-11-08";
*/ */
/** /**
* Versions 2.11.3+ of the CodeQL CLI support exporting a failed SARIF file via * Versions 2.12.1+ of the CodeQL Bundle include a `security-experimental` built-in query suite for
* `codeql database export-diagnostics` or `codeql diagnostics export`.
*/
export const CODEQL_VERSION_EXPORT_FAILED_SARIF = "2.11.3";
const CODEQL_VERSION_FILE_BASELINE_INFORMATION = "2.11.3";
/**
* Versions 2.11.1+ of the CodeQL Bundle include a `security-experimental` built-in query suite for
* each language. * each language.
*/ */
export const CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = "2.12.1"; export const CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = "2.12.1";
@ -905,6 +897,7 @@ export async function getCodeQLForCmd(
addSnippetsFlag, addSnippetsFlag,
"--print-diagnostics-summary", "--print-diagnostics-summary",
"--print-metrics-summary", "--print-metrics-summary",
"--sarif-add-baseline-file-info",
"--sarif-add-query-help", "--sarif-add-query-help",
"--sarif-group-rules-by-pack", "--sarif-group-rules-by-pack",
...(await getCodeScanningConfigExportArguments(config, this)), ...(await getCodeScanningConfigExportArguments(config, this)),
@ -913,14 +906,6 @@ export async function getCodeQLForCmd(
if (automationDetailsId !== undefined) { if (automationDetailsId !== undefined) {
codeqlArgs.push("--sarif-category", automationDetailsId); codeqlArgs.push("--sarif-category", automationDetailsId);
} }
if (
await util.codeQlVersionAbove(
this,
CODEQL_VERSION_FILE_BASELINE_INFORMATION,
)
) {
codeqlArgs.push("--sarif-add-baseline-file-info");
}
if (await isSublanguageFileCoverageEnabled(config, this)) { if (await isSublanguageFileCoverageEnabled(config, this)) {
codeqlArgs.push("--sublanguage-file-coverage"); codeqlArgs.push("--sublanguage-file-coverage");
} else if ( } else if (

2
src/feature-flags.ts
View file

@ -75,7 +75,7 @@ export const featureConfig: Record<
}, },
[Feature.CliConfigFileEnabled]: { [Feature.CliConfigFileEnabled]: {
envVar: "CODEQL_PASS_CONFIG_TO_CLI", envVar: "CODEQL_PASS_CONFIG_TO_CLI",
minimumVersion: "2.11.6", minimumVersion: undefined,
defaultValue: true, defaultValue: true,
}, },
[Feature.EvaluatorFineGrainedParallelismEnabled]: { [Feature.EvaluatorFineGrainedParallelismEnabled]: {

8
src/init-action-post-helper.ts
View file

@ -1,6 +1,6 @@
import * as actionsUtil from "./actions-util"; import * as actionsUtil from "./actions-util";
import { getApiClient } from "./api-client"; import { getApiClient } from "./api-client";
import { CODEQL_VERSION_EXPORT_FAILED_SARIF, getCodeQL } from "./codeql"; import { getCodeQL } from "./codeql";
import { Config, getConfig } from "./config-utils"; import { Config, getConfig } from "./config-utils";
import { EnvVar } from "./environment"; import { EnvVar } from "./environment";
import { Feature, FeatureEnablement } from "./feature-flags"; import { Feature, FeatureEnablement } from "./feature-flags";
@ -8,7 +8,6 @@ import { Logger } from "./logging";
import { RepositoryNwo, parseRepositoryNwo } from "./repository"; import { RepositoryNwo, parseRepositoryNwo } from "./repository";
import * as uploadLib from "./upload-lib"; import * as uploadLib from "./upload-lib";
import { import {
codeQlVersionAbove,
delay, delay,
getErrorMessage, getErrorMessage,
getRequiredEnvParam, getRequiredEnvParam,
@ -58,10 +57,6 @@ async function maybeUploadFailedSarif(
if (!config.codeQLCmd) { if (!config.codeQLCmd) {
return { upload_failed_run_skipped_because: "CodeQL command not found" }; return { upload_failed_run_skipped_because: "CodeQL command not found" };
} }
const codeql = await getCodeQL(config.codeQLCmd);
if (!(await codeQlVersionAbove(codeql, CODEQL_VERSION_EXPORT_FAILED_SARIF))) {
return { upload_failed_run_skipped_because: "Unsupported by CodeQL CLI" };
}
const workflow = await getWorkflow(logger); const workflow = await getWorkflow(logger);
const jobName = getRequiredEnvParam("GITHUB_JOB"); const jobName = getRequiredEnvParam("GITHUB_JOB");
const matrix = parseMatrixInput(actionsUtil.getRequiredInput("matrix")); const matrix = parseMatrixInput(actionsUtil.getRequiredInput("matrix"));
@ -78,6 +73,7 @@ async function maybeUploadFailedSarif(
const checkoutPath = getCheckoutPathInputOrThrow(workflow, jobName, matrix); const checkoutPath = getCheckoutPathInputOrThrow(workflow, jobName, matrix);
const databasePath = config.dbLocation; const databasePath = config.dbLocation;
const codeql = await getCodeQL(config.codeQLCmd);
const sarifFile = "../codeql-failed-run.sarif"; const sarifFile = "../codeql-failed-run.sarif";
// If there is no database or the feature flag is off, we run 'export diagnostics' // If there is no database or the feature flag is off, we run 'export diagnostics'