Merge branch 'main' into update-bundle/codeql-bundle-v2.16.5

2024-03-21 13:09:07 +01:00 · 2024-03-21 13:09:07 +01:00 · a3ab02e645
commit a3ab02e645
parent 9cf4574790 964f5e7811
445 changed files with 3839 additions and 1965 deletions
--- a/src/analyze.ts
+++ b/src/analyze.ts
@ -198,7 +198,26 @@ export async function runExtraction(
        ) {
          await setupCppAutobuild(codeql, logger);
        }
-        await codeql.extractUsingBuildMode(config, language);
+        try {
+          await codeql.extractUsingBuildMode(config, language);
+        } catch (e) {
+          if (config.buildMode === BuildMode.Autobuild) {
+            const prefix =
+              "We were unable to automatically build your code. " +
+              "Please change the build mode for this language to manual and specify build steps " +
+              "for your project. For more information, see " +
+              "https://docs.github.com/en/code-security/code-scanning/troubleshooting-code-scanning/automatic-build-failed.";
+            const ErrorConstructor =
+              e instanceof util.ConfigurationError
+                ? util.ConfigurationError
+                : Error;
+            throw new ErrorConstructor(
+              `${prefix} ${util.wrapError(e).message}`,
+            );
+          } else {
+            throw e;
+          }
+        }
      } else {
        await codeql.extractScannedLanguage(config, language);
      }
--- a/src/codeql.ts
+++ b/src/codeql.ts
@ -616,27 +616,20 @@ export async function getCodeQLForCmd(
        extraArgs.push("--no-sublanguage-file-coverage");
      }

-      try {
-        await runTool(
-          cmd,
-          [
-            "database",
-            "init",
-            "--db-cluster",
-            config.dbLocation,
-            `--source-root=${sourceRoot}`,
-            ...(await getLanguageAliasingArguments(this)),
-            ...extraArgs,
-            ...getExtraOptionsFromEnv(["database", "init"]),
-          ],
-          { stdin: externalRepositoryToken },
-        );
-      } catch (e) {
-        if (e instanceof Error) {
-          throw wrapCliConfigurationError(e);
-        }
-        throw e;
-      }
+      await runTool(
+        cmd,
+        [
+          "database",
+          "init",
+          "--db-cluster",
+          config.dbLocation,
+          `--source-root=${sourceRoot}`,
+          ...(await getLanguageAliasingArguments(this)),
+          ...extraArgs,
+          ...getExtraOptionsFromEnv(["database", "init"]),
+        ],
+        { stdin: externalRepositoryToken },
+      );
    },
    async runAutobuild(language: Language, enableDebugLogging: boolean) {
      const autobuildCmd = path.join(
@ -677,14 +670,7 @@ export async function getCodeQLForCmd(
      // When `DYLD_INSERT_LIBRARIES` is set in the environment for a step,
      // the Actions runtime introduces its own workaround for SIP
      // (https://github.com/actions/runner/pull/416).
-      try {
-        await runTool(autobuildCmd);
-      } catch (e) {
-        if (e instanceof Error) {
-          throw wrapCliConfigurationError(e);
-        }
-        throw e;
-      }
+      await runTool(autobuildCmd);
    },
    async extractScannedLanguage(config: Config, language: Language) {
      await runTool(cmd, [
@ -724,14 +710,7 @@ export async function getCodeQLForCmd(
        ...getExtraOptionsFromEnv(["database", "finalize"]),
        databasePath,
      ];
-      try {
-        await runTool(cmd, args);
-      } catch (e) {
-        if (e instanceof Error) {
-          throw wrapCliConfigurationError(e);
-        }
-        throw e;
-      }
+      await runTool(cmd, args);
    },
    async resolveLanguages() {
      const codeqlArgs = [
@ -1215,14 +1194,14 @@ async function runTool(
  args: string[] = [],
  opts: { stdin?: string; noStreamStdout?: boolean } = {},
 ) {
-  let output = "";
-  let error = "";
+  let stdout = "";
+  let stderr = "";
  process.stdout.write(`[command]${cmd} ${args.join(" ")}\n`);
  const exitCode = await new toolrunner.ToolRunner(cmd, args, {
    ignoreReturnCode: true,
    listeners: {
      stdout: (data: Buffer) => {
-        output += data.toString("utf8");
+        stdout += data.toString("utf8");
        if (!opts.noStreamStdout) {
          process.stdout.write(data);
        }
@ -1234,7 +1213,7 @@ async function runTool(
          // Eg: if we have 20,000 the start index should be 2.
          readStartIndex = data.length - maxErrorSize + 1;
        }
-        error += data.toString("utf8", readStartIndex);
+        stderr += data.toString("utf8", readStartIndex);
        // Mimic the standard behavior of the toolrunner by writing stderr to stdout
        process.stdout.write(data);
      },
@ -1243,9 +1222,10 @@ async function runTool(
    ...(opts.stdin ? { input: Buffer.from(opts.stdin || "") } : {}),
  }).exec();
  if (exitCode !== 0) {
-    throw new CommandInvocationError(cmd, args, exitCode, error, output);
+    const e = new CommandInvocationError(cmd, args, exitCode, stderr, stdout);
+    throw wrapCliConfigurationError(e);
  }
-  return output;
+  return stdout;
 }

 /**
--- a/src/upload-lib.ts
+++ b/src/upload-lib.ts
@ -530,9 +530,15 @@ function shouldConsiderConfigurationError(processingErrors: string[]): boolean {
 * Returns whether the provided processing errors are the result of an invalid SARIF upload request.
 */
 function shouldConsiderInvalidRequest(processingErrors: string[]): boolean {
-  return (
-    processingErrors.length === 1 &&
-    processingErrors[0].startsWith("rejecting SARIF,")
+  return processingErrors.every(
+    (error) =>
+      error.startsWith("rejecting SARIF") ||
+      error.startsWith(
+        "could not convert rules: invalid security severity value, is not a number",
+      ) ||
+      /^SARIF URI scheme [^\s]* did not match the checkout URI scheme [^\s]*/.test(
+        error,
+      ),
  );
 }