Merge branch 'main' into nickfyson/error_wrapper

# Conflicts:
#	lib/codeql.js.map

.github/workflows/integration-testing.yml

@@ -150,3 +150,297 @@ jobs:
     - uses: ./../action/analyze
       env:
         TEST_MODE: true
+  
+  runner-analyze-javascript-ubuntu:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+
+    - name: Build runner
+      run: |
+        cd runner
+        npm install
+        npm run build-runner
+
+    - name: Run init
+      run: |
+        # Pass --config-file here, but not for other jobs in this workflow.
+        # This means we're testing the config file parsing in the runner
+        # but not slowing down all jobs unnecessarily as it doesn't add much
+        # testing the parsing on different operating systems and languages.
+        runner/dist/codeql-runner-linux init --repository $GITHUB_REPOSITORY --languages javascript --config-file ./.github/codeql/codeql-config.yml --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+
+    - name: Run analyze
+      run: |
+        runner/dist/codeql-runner-linux analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+      env:
+        TEST_MODE: true
+  
+  runner-analyze-javascript-windows:
+    runs-on: windows-latest
+
+    steps:
+    - uses: actions/checkout@v2
+
+    - name: Build runner
+      run: |
+        cd runner
+        npm install
+        npm run build-runner
+
+    - name: Run init
+      run: |
+        runner/dist/codeql-runner-win.exe init --repository $Env:GITHUB_REPOSITORY --languages javascript --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }}
+
+    - name: Run analyze
+      run: |
+        runner/dist/codeql-runner-win.exe analyze --repository $Env:GITHUB_REPOSITORY --commit $Env:GITHUB_SHA --ref $Env:GITHUB_REF --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }}
+      env:
+        TEST_MODE: true
+  
+  runner-analyze-javascript-macos:
+    runs-on: macos-latest
+
+    steps:
+    - uses: actions/checkout@v2
+
+    - name: Build runner
+      run: |
+        cd runner
+        npm install
+        npm run build-runner
+
+    - name: Run init
+      run: |
+        runner/dist/codeql-runner-macos init --repository $GITHUB_REPOSITORY --languages javascript --config-file ./.github/codeql/codeql-config.yml --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+
+    - name: Run analyze
+      run: |
+        runner/dist/codeql-runner-macos analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+      env:
+        TEST_MODE: true
+  
+  runner-analyze-csharp-ubuntu:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+
+    - name: Move codeql-action
+      shell: bash
+      run: |
+        mkdir ../action
+        mv * .github ../action/
+        mv ../action/tests/multi-language-repo/{*,.github} .
+
+    - name: Build runner
+      run: |
+        cd ../action/runner
+        npm install
+        npm run build-runner
+
+    - name: Run init
+      run: |
+        ../action/runner/dist/codeql-runner-linux init --repository $GITHUB_REPOSITORY --languages csharp --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+
+    - name: Build code
+      run: |
+        . ./codeql-runner/codeql-env.sh
+        dotnet build
+
+    - name: Run analyze
+      run: |
+        ../action/runner/dist/codeql-runner-linux analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+      env:
+        TEST_MODE: true
+  
+  runner-analyze-csharp-windows:
+    runs-on: windows-latest
+
+    steps:
+    - uses: actions/checkout@v2
+
+    - name: Move codeql-action
+      shell: bash
+      run: |
+        mkdir ../action
+        mv * .github ../action/
+        mv ../action/tests/multi-language-repo/{*,.github} .
+
+    - name: Build runner
+      run: |
+        cd ../action/runner
+        npm install
+        npm run build-runner
+
+    - name: Run init
+      run: |
+        ../action/runner/dist/codeql-runner-win.exe init --repository $Env:GITHUB_REPOSITORY --languages csharp --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }}
+
+    - name: Build code
+      shell: powershell
+      run: |
+        cat ./codeql-runner/codeql-env.sh | Invoke-Expression
+        dotnet build
+
+    - name: Run analyze
+      run: |
+        ../action/runner/dist/codeql-runner-win.exe analyze --repository $Env:GITHUB_REPOSITORY --commit $Env:GITHUB_SHA --ref $Env:GITHUB_REF --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }}
+      env:
+        TEST_MODE: true
+
+  runner-analyze-csharp-macos:
+    runs-on: macos-latest
+
+    steps:
+    - uses: actions/checkout@v2
+
+    - name: Move codeql-action
+      shell: bash
+      run: |
+        mkdir ../action
+        mv * .github ../action/
+        mv ../action/tests/multi-language-repo/{*,.github} .
+
+    - name: Build runner
+      run: |
+        cd ../action/runner
+        npm install
+        npm run build-runner
+
+    - name: Run init
+      run: |
+        ../action/runner/dist/codeql-runner-macos init --repository $GITHUB_REPOSITORY --languages csharp --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+
+    - name: Build code
+      shell: bash
+      run: |
+        . ./codeql-runner/codeql-env.sh
+        dotnet build
+
+    - name: Run analyze
+      run: |
+        ../action/runner/dist/codeql-runner-macos analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+      env:
+        TEST_MODE: true
+
+  
+  runner-analyze-csharp-autobuild-ubuntu:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+
+    - name: Move codeql-action
+      shell: bash
+      run: |
+        mkdir ../action
+        mv * .github ../action/
+        mv ../action/tests/multi-language-repo/{*,.github} .
+
+    - name: Build runner
+      run: |
+        cd ../action/runner
+        npm install
+        npm run build-runner
+
+    - name: Run init
+      run: |
+        ../action/runner/dist/codeql-runner-linux init --repository $GITHUB_REPOSITORY --languages csharp --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+
+    - name: Build code
+      run: |
+        ../action/runner/dist/codeql-runner-linux autobuild
+
+    - name: Run analyze
+      run: |
+        ../action/runner/dist/codeql-runner-linux analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+      env:
+        TEST_MODE: true
+  
+  runner-analyze-csharp-autobuild-windows:
+    runs-on: windows-latest
+
+    steps:
+    - uses: actions/checkout@v2
+
+    - name: Move codeql-action
+      shell: bash
+      run: |
+        mkdir ../action
+        mv * .github ../action/
+        mv ../action/tests/multi-language-repo/{*,.github} .
+
+    - name: Build runner
+      run: |
+        cd ../action/runner
+        npm install
+        npm run build-runner
+
+    - name: Run init
+      run: |
+        ../action/runner/dist/codeql-runner-win.exe init --repository $Env:GITHUB_REPOSITORY --languages csharp --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }}
+
+    - name: Build code
+      shell: powershell
+      run: |
+        ../action/runner/dist/codeql-runner-win.exe autobuild
+
+    - name: Run analyze
+      run: |
+        ../action/runner/dist/codeql-runner-win.exe analyze --repository $Env:GITHUB_REPOSITORY --commit $Env:GITHUB_SHA --ref $Env:GITHUB_REF --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }}
+      env:
+        TEST_MODE: true
+
+  runner-analyze-csharp-autobuild-macos:
+    runs-on: macos-latest
+
+    steps:
+    - uses: actions/checkout@v2
+
+    - name: Move codeql-action
+      shell: bash
+      run: |
+        mkdir ../action
+        mv * .github ../action/
+        mv ../action/tests/multi-language-repo/{*,.github} .
+
+    - name: Build runner
+      run: |
+        cd ../action/runner
+        npm install
+        npm run build-runner
+
+    - name: Run init
+      run: |
+        ../action/runner/dist/codeql-runner-macos init --repository $GITHUB_REPOSITORY --languages csharp --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+
+    - name: Build code
+      shell: bash
+      run: |
+        ../action/runner/dist/codeql-runner-macos autobuild
+
+    - name: Run analyze
+      run: |
+        ../action/runner/dist/codeql-runner-macos analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+      env:
+        TEST_MODE: true
+
+  runner-upload-sarif:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+
+    - name: Build runner
+      run: |
+        cd runner
+        npm install
+        npm run build-runner
+
+    - name: Upload with runner
+      run: |
+        # Deliberately don't use TEST_MODE here. This is specifically testing
+        # the compatibility with the API.
+        runner/dist/codeql-runner-linux upload --sarif-file src/testdata/empty-sarif.sarif --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}

.github/workflows/runner.yml

@@ -1,26 +0,0 @@
-name: "CodeQL runner"
-
-on: [push, pull_request]
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-
-    steps:
-    - uses: actions/checkout@v2
-
-    - name: Build runner
-      run: |
-        cd runner
-        npm install
-        npm run build-runner
-
-    - name: Upload with runner
-      run: |
-        runner/dist/codeql-runner-linux upload \
-          --sarif-file src/testdata/empty-sarif.sarif \
-          --repository $GITHUB_REPOSITORY \
-          --commit $GITHUB_SHA \
-          --ref $GITHUB_REF \
-          --github-url $GITHUB_SERVER_URL \
-          --github-auth ${{ github.token }}

README.md

@@ -98,7 +98,23 @@ Use the `config-file` parameter of the `init` action to enable the configuration
     config-file: ./.github/codeql/codeql-config.yml
 ```
 
-The configuration file must be located within the local repository. For information on how to write a configuration file, see "[Using a custom configuration](https://help.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#using-a-custom-configuration)."
+The configuration file must be located within the local repository. For information on how to write a configuration file, see "[Using a custom configuration file](https://help.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#using-a-custom-configuration-file)."
+
+If you only want to customise the queries used, you can specify them in your workflow instead of creating a config file, using the `queries` property of the `init` action:
+
+```yaml
+- uses: github/codeql-action/init@v1
+  with:
+    queries: <local-or-remote-query>,<another-query>
+```
+
+By default, this will override any queries specified in a config file. If you wish to use both sets of queries, prefix the list of queries in the workflow with `+`:
+
+```yaml
+- uses: github/codeql-action/init@v1
+  with:
+    queries: +<local-or-remote-query>,<another-query>
+```
 
 ## Troubleshooting
 

analyze/action.yml

@@ -16,6 +16,10 @@ inputs:
   ram:
     description: Override the amount of memory in MB to be used by CodeQL. By default, almost all the memory of the machine is used.
     required: false
+  add-snippets:
+    description: Specify whether or not to add code snippets to the output sarif file.
+    required: false
+    default: "true"
   threads:
     description: The number of threads to be used by CodeQL.
     required: false

init/action.yml

@@ -17,7 +17,7 @@ inputs:
     description: Path of the config file to use
     required: false
   queries:
-    description: Comma-separated list of additional queries to run. By default, this overrides the same setting in a configuration file
+    description: Comma-separated list of additional queries to run. By default, this overrides the same setting in a configuration file; prefix with "+" to use both sets of queries.
     required: false
 runs:
   using: 'node12'

lib/analyze-action.js

@@ -36,7 +36,7 @@ async function run() {
         if (config === undefined) {
             throw new Error("Config file could not be found at expected location. Has the 'init' action been called?");
         }
-        stats = await analyze_1.runAnalyze(repository_1.parseRepositoryNwo(util.getRequiredEnvParam('GITHUB_REPOSITORY')), await util.getCommitOid(), util.getRef(), await util.getAnalysisKey(), util.getRequiredEnvParam('GITHUB_WORKFLOW'), util.getWorkflowRunID(), core.getInput('checkout_path'), core.getInput('matrix'), core.getInput('token'), util.getRequiredEnvParam('GITHUB_SERVER_URL'), core.getInput('upload') === 'true', 'actions', core.getInput('output'), util.getMemoryFlag(core.getInput('ram')), util.getThreadsFlag(core.getInput('threads'), logger), config, logger);
+        stats = await analyze_1.runAnalyze(repository_1.parseRepositoryNwo(util.getRequiredEnvParam('GITHUB_REPOSITORY')), await util.getCommitOid(), util.getRef(), await util.getAnalysisKey(), util.getRequiredEnvParam('GITHUB_WORKFLOW'), util.getWorkflowRunID(), core.getInput('checkout_path'), core.getInput('matrix'), core.getInput('token'), util.getRequiredEnvParam('GITHUB_SERVER_URL'), core.getInput('upload') === 'true', 'actions', core.getInput('output'), util.getMemoryFlag(core.getInput('ram')), util.getAddSnippetsFlag(core.getInput('add-snippets')), util.getThreadsFlag(core.getInput('threads'), logger), config, logger);
     }
     catch (error) {
         core.setFailed(error.message);

lib/analyze-action.js.map

@@ -1 +1 @@
-{"version":3,"file":"analyze-action.js","sourceRoot":"","sources":["../src/analyze-action.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AAEtC,uCAA6D;AAC7D,iDAA2C;AAC3C,uCAA6C;AAC7C,6CAAkD;AAClD,6CAA+B;AAI/B,KAAK,UAAU,gBAAgB,CAC7B,SAAe,EACf,KAAuC,EACvC,KAAa;;IAEb,MAAM,MAAM,GAAG,OAAA,KAAK,0CAAE,wBAAwB,MAAK,SAAS,IAAI,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;IAC5G,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,QAAQ,EAAE,MAAM,EAAE,SAAS,QAAE,KAAK,0CAAE,OAAO,QAAE,KAAK,0CAAE,KAAK,CAAC,CAAC;IACtH,MAAM,YAAY,GAAuB;QACvC,GAAG,gBAAgB;QACnB,GAAG,CAAC,KAAK,IAAI,EAAE,CAAC;KACjB,CAAC;IACF,MAAM,IAAI,CAAC,gBAAgB,CAAC,YAAY,CAAC,CAAC;AAC5C,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IAAI,KAAK,GAAqC,SAAS,CAAC;IACxD,IAAI;QACF,IAAI,CAAC,0BAA0B,EAAE,CAAC;QAClC,IAAI,CAAC,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,IAAI,CAAC,sBAAsB,CAAC,QAAQ,EAAE,UAAU,EAAE,SAAS,CAAC,EAAE,IAAI,CAAC,EAAE;YAC1G,OAAO;SACR;QACD,MAAM,MAAM,GAAG,0BAAgB,EAAE,CAAC;QAClC,MAAM,MAAM,GAAG,MAAM,wBAAS,CAAC,IAAI,CAAC,mBAAmB,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC,CAAC;QAChF,IAAI,MAAM,KAAK,SAAS,EAAE;YACxB,MAAM,IAAI,KAAK,CAAC,yFAAyF,CAAC,CAAC;SAC5G;QACD,KAAK,GAAG,MAAM,oBAAU,CACtB,+BAAkB,CAAC,IAAI,CAAC,mBAAmB,CAAC,mBAAmB,CAAC,CAAC,EACjE,MAAM,IAAI,CAAC,YAAY,EAAE,EACzB,IAAI,CAAC,MAAM,EAAE,EACb,MAAM,IAAI,CAAC,cAAc,EAAE,EAC3B,IAAI,CAAC,mBAAmB,CAAC,iBAAiB,CAAC,EAC3C,IAAI,CAAC,gBAAgB,EAAE,EACvB,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,EAC9B,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,EACvB,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EACtB,IAAI,CAAC,mBAAmB,CAAC,mBAAmB,CAAC,EAC7C,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,MAAM,EAClC,SAAS,EACT,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,EACvB,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EACxC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC,EACrD,MAAM,EACN,MAAM,CAAC,CAAC;KAEX;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAC9B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnB,MAAM,gBAAgB,CAAC,SAAS,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;QAChD,OAAO;KACR;IAED,MAAM,gBAAgB,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;AAC3C,CAAC;AAED,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE;IACd,IAAI,CAAC,SAAS,CAAC,yBAAyB,GAAG,CAAC,CAAC,CAAC;IAC9C,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;AACjB,CAAC,CAAC,CAAC"}
+{"version":3,"file":"analyze-action.js","sourceRoot":"","sources":["../src/analyze-action.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AAEtC,uCAA6D;AAC7D,iDAA2C;AAC3C,uCAA6C;AAC7C,6CAAkD;AAClD,6CAA+B;AAI/B,KAAK,UAAU,gBAAgB,CAC7B,SAAe,EACf,KAAuC,EACvC,KAAa;;IAEb,MAAM,MAAM,GAAG,OAAA,KAAK,0CAAE,wBAAwB,MAAK,SAAS,IAAI,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;IAC5G,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,QAAQ,EAAE,MAAM,EAAE,SAAS,QAAE,KAAK,0CAAE,OAAO,QAAE,KAAK,0CAAE,KAAK,CAAC,CAAC;IACtH,MAAM,YAAY,GAAuB;QACvC,GAAG,gBAAgB;QACnB,GAAG,CAAC,KAAK,IAAI,EAAE,CAAC;KACjB,CAAC;IACF,MAAM,IAAI,CAAC,gBAAgB,CAAC,YAAY,CAAC,CAAC;AAC5C,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IAAI,KAAK,GAAqC,SAAS,CAAC;IACxD,IAAI;QACF,IAAI,CAAC,0BAA0B,EAAE,CAAC;QAClC,IAAI,CAAC,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,IAAI,CAAC,sBAAsB,CAAC,QAAQ,EAAE,UAAU,EAAE,SAAS,CAAC,EAAE,IAAI,CAAC,EAAE;YAC1G,OAAO;SACR;QACD,MAAM,MAAM,GAAG,0BAAgB,EAAE,CAAC;QAClC,MAAM,MAAM,GAAG,MAAM,wBAAS,CAAC,IAAI,CAAC,mBAAmB,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC,CAAC;QAChF,IAAI,MAAM,KAAK,SAAS,EAAE;YACxB,MAAM,IAAI,KAAK,CAAC,yFAAyF,CAAC,CAAC;SAC5G;QACD,KAAK,GAAG,MAAM,oBAAU,CACtB,+BAAkB,CAAC,IAAI,CAAC,mBAAmB,CAAC,mBAAmB,CAAC,CAAC,EACjE,MAAM,IAAI,CAAC,YAAY,EAAE,EACzB,IAAI,CAAC,MAAM,EAAE,EACb,MAAM,IAAI,CAAC,cAAc,EAAE,EAC3B,IAAI,CAAC,mBAAmB,CAAC,iBAAiB,CAAC,EAC3C,IAAI,CAAC,gBAAgB,EAAE,EACvB,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,EAC9B,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,EACvB,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EACtB,IAAI,CAAC,mBAAmB,CAAC,mBAAmB,CAAC,EAC7C,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,MAAM,EAClC,SAAS,EACT,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,EACvB,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EACxC,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,EACtD,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC,EACrD,MAAM,EACN,MAAM,CAAC,CAAC;KAEX;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAC9B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnB,MAAM,gBAAgB,CAAC,SAAS,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;QAChD,OAAO;KACR;IAED,MAAM,gBAAgB,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;AAC3C,CAAC;AAED,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE;IACd,IAAI,CAAC,SAAS,CAAC,yBAAyB,GAAG,CAAC,CAAC,CAAC;IAC9C,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;AACjB,CAAC,CAAC,CAAC"}

lib/analyze.js

@@ -38,7 +38,7 @@ async function finalizeDatabaseCreation(config, logger) {
     }
 }
 // Runs queries and creates sarif files in the given folder
-async function runQueries(sarifFolder, memoryFlag, threadsFlag, config, logger) {
+async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag, config, logger) {
     const codeql = codeql_1.getCodeQL(config.codeQLCmd);
     for (let language of config.languages) {
         logger.startGroup('Analyzing ' + language);
@@ -55,7 +55,7 @@ async function runQueries(sarifFolder, memoryFlag, threadsFlag, config, logger)
             fs.writeFileSync(querySuite, querySuiteContents);
             logger.debug('Query suite file for ' + language + '...\n' + querySuiteContents);
             const sarifFile = path.join(sarifFolder, language + '.sarif');
-            await codeql.databaseAnalyze(databasePath, sarifFile, querySuite, memoryFlag, threadsFlag);
+            await codeql.databaseAnalyze(databasePath, sarifFile, querySuite, memoryFlag, addSnippetsFlag, threadsFlag);
             logger.debug('SARIF results for database ' + language + ' created at "' + sarifFile + '"');
             logger.endGroup();
         }
@@ -68,14 +68,14 @@ async function runQueries(sarifFolder, memoryFlag, threadsFlag, config, logger)
     }
     return {};
 }
-async function runAnalyze(repositoryNwo, commitOid, ref, analysisKey, analysisName, workflowRunID, checkoutPath, environment, githubAuth, githubUrl, doUpload, mode, outputDir, memoryFlag, threadsFlag, config, logger) {
+async function runAnalyze(repositoryNwo, commitOid, ref, analysisKey, analysisName, workflowRunID, checkoutPath, environment, githubAuth, githubUrl, doUpload, mode, outputDir, memoryFlag, addSnippetsFlag, threadsFlag, config, logger) {
     // Delete the tracer config env var to avoid tracing ourselves
     delete process.env[sharedEnv.ODASA_TRACER_CONFIGURATION];
     fs.mkdirSync(outputDir, { recursive: true });
     logger.info('Finalizing database creation');
     await finalizeDatabaseCreation(config, logger);
     logger.info('Analyzing database');
-    const queriesStats = await runQueries(outputDir, memoryFlag, threadsFlag, config, logger);
+    const queriesStats = await runQueries(outputDir, memoryFlag, addSnippetsFlag, threadsFlag, config, logger);
     if (!doUpload) {
         logger.info('Not uploading results');
         return { ...queriesStats };

lib/analyze.js.map

@@ -1 +1 @@
-{"version":3,"file":"analyze.js","sourceRoot":"","sources":["../src/analyze.ts"],"names":[],"mappings":";;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAE7B,gEAAkD;AAClD,qCAAqC;AAErC,2CAAgD;AAGhD,gEAAkD;AAClD,yDAA2C;AAC3C,6CAA+B;AAiC/B,KAAK,UAAU,4BAA4B,CACzC,MAA0B,EAC1B,MAAc;IAEd,sEAAsE;IACtE,oCAAoC;IACpC,aAAa,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC;IAErD,MAAM,MAAM,GAAG,kBAAS,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAC3C,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;QACvC,IAAI,6BAAiB,CAAC,QAAQ,CAAC,EAAE;YAC/B,MAAM,CAAC,UAAU,CAAC,aAAa,GAAG,QAAQ,CAAC,CAAC;YAC5C,MAAM,MAAM,CAAC,sBAAsB,CAAC,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,QAAQ,CAAC,CAAC;YACpG,MAAM,CAAC,QAAQ,EAAE,CAAC;SACnB;KACF;AACH,CAAC;AAED,KAAK,UAAU,wBAAwB,CACrC,MAA0B,EAC1B,MAAc;IAEd,MAAM,4BAA4B,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAEnD,MAAM,MAAM,GAAG,kBAAS,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAC3C,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;QACvC,MAAM,CAAC,UAAU,CAAC,aAAa,GAAG,QAAQ,CAAC,CAAC;QAC5C,MAAM,MAAM,CAAC,gBAAgB,CAAC,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;QACpF,MAAM,CAAC,QAAQ,EAAE,CAAC;KACnB;AACH,CAAC;AAED,2DAA2D;AAC3D,KAAK,UAAU,UAAU,CACvB,WAAmB,EACnB,UAAkB,EAClB,WAAmB,EACnB,MAA0B,EAC1B,MAAc;IAEd,MAAM,MAAM,GAAG,kBAAS,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAC3C,KAAK,IAAI,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;QACrC,MAAM,CAAC,UAAU,CAAC,YAAY,GAAG,QAAQ,CAAC,CAAC;QAE3C,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC/C,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE;YACxB,MAAM,IAAI,KAAK,CAAC,oBAAoB,GAAG,QAAQ,GAAG,gDAAgD,CAAC,CAAC;SACrG;QAED,IAAI;YACF,MAAM,YAAY,GAAG,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;YAC1E,uEAAuE;YACvE,2EAA2E;YAC3E,MAAM,UAAU,GAAG,YAAY,GAAG,cAAc,CAAC;YACjD,MAAM,kBAAkB,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,WAAW,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACxE,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,kBAAkB,CAAC,CAAC;YACjD,MAAM,CAAC,KAAK,CAAC,uBAAuB,GAAG,QAAQ,GAAG,OAAO,GAAG,kBAAkB,CAAC,CAAC;YAEhF,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,QAAQ,GAAG,QAAQ,CAAC,CAAC;YAE9D,MAAM,MAAM,CAAC,eAAe,CAAC,YAAY,EAAE,SAAS,EAAE,UAAU,EAAE,UAAU,EAAE,WAAW,CAAC,CAAC;YAE3F,MAAM,CAAC,KAAK,CAAC,6BAA6B,GAAG,QAAQ,GAAG,eAAe,GAAG,SAAS,GAAG,GAAG,CAAC,CAAC;YAC3F,MAAM,CAAC,QAAQ,EAAE,CAAC;SAEnB;QAAC,OAAO,CAAC,EAAE;YACV,+DAA+D;YAC/D,OAAO;gBACL,wBAAwB,EAAE,QAAQ;aACnC,CAAC;SACH;KACF;IAED,OAAO,EAAE,CAAC;AACZ,CAAC;AAEM,KAAK,UAAU,UAAU,CAC9B,aAA4B,EAC5B,SAAiB,EACjB,GAAW,EACX,WAA+B,EAC/B,YAAgC,EAChC,aAAiC,EACjC,YAAoB,EACpB,WAA+B,EAC/B,UAAkB,EAClB,SAAiB,EACjB,QAAiB,EACjB,IAAe,EACf,SAAiB,EACjB,UAAkB,EAClB,WAAmB,EACnB,MAA0B,EAC1B,MAAc;IAEd,8DAA8D;IAC9D,OAAO,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,0BAA0B,CAAC,CAAC;IAEzD,EAAE,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAE7C,MAAM,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;IAC5C,MAAM,wBAAwB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAE/C,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;IAClC,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC,SAAS,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;IAE1F,IAAI,CAAC,QAAQ,EAAE;QACb,MAAM,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;QACrC,OAAO,EAAE,GAAG,YAAY,EAAE,CAAC;KAC5B;IAED,MAAM,WAAW,GAAG,MAAM,UAAU,CAAC,MAAM,CACzC,SAAS,EACT,aAAa,EACb,SAAS,EACT,GAAG,EACH,WAAW,EACX,YAAY,EACZ,aAAa,EACb,YAAY,EACZ,WAAW,EACX,UAAU,EACV,SAAS,EACT,IAAI,EACJ,MAAM,CAAC,CAAC;IAEV,OAAO,EAAE,GAAG,YAAY,EAAE,GAAG,WAAW,EAAE,CAAC;AAC7C,CAAC;AAnDD,gCAmDC"}
+{"version":3,"file":"analyze.js","sourceRoot":"","sources":["../src/analyze.ts"],"names":[],"mappings":";;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAE7B,gEAAkD;AAClD,qCAAqC;AAErC,2CAAgD;AAGhD,gEAAkD;AAClD,yDAA2C;AAC3C,6CAA+B;AAiC/B,KAAK,UAAU,4BAA4B,CACzC,MAA0B,EAC1B,MAAc;IAEd,sEAAsE;IACtE,oCAAoC;IACpC,aAAa,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC;IAErD,MAAM,MAAM,GAAG,kBAAS,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAC3C,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;QACvC,IAAI,6BAAiB,CAAC,QAAQ,CAAC,EAAE;YAC/B,MAAM,CAAC,UAAU,CAAC,aAAa,GAAG,QAAQ,CAAC,CAAC;YAC5C,MAAM,MAAM,CAAC,sBAAsB,CAAC,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,QAAQ,CAAC,CAAC;YACpG,MAAM,CAAC,QAAQ,EAAE,CAAC;SACnB;KACF;AACH,CAAC;AAED,KAAK,UAAU,wBAAwB,CACrC,MAA0B,EAC1B,MAAc;IAEd,MAAM,4BAA4B,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAEnD,MAAM,MAAM,GAAG,kBAAS,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAC3C,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;QACvC,MAAM,CAAC,UAAU,CAAC,aAAa,GAAG,QAAQ,CAAC,CAAC;QAC5C,MAAM,MAAM,CAAC,gBAAgB,CAAC,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;QACpF,MAAM,CAAC,QAAQ,EAAE,CAAC;KACnB;AACH,CAAC;AAED,2DAA2D;AAC3D,KAAK,UAAU,UAAU,CACvB,WAAmB,EACnB,UAAkB,EAClB,eAAuB,EACvB,WAAmB,EACnB,MAA0B,EAC1B,MAAc;IAEd,MAAM,MAAM,GAAG,kBAAS,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAC3C,KAAK,IAAI,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;QACrC,MAAM,CAAC,UAAU,CAAC,YAAY,GAAG,QAAQ,CAAC,CAAC;QAE3C,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC/C,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE;YACxB,MAAM,IAAI,KAAK,CAAC,oBAAoB,GAAG,QAAQ,GAAG,gDAAgD,CAAC,CAAC;SACrG;QAED,IAAI;YACF,MAAM,YAAY,GAAG,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;YAC1E,uEAAuE;YACvE,2EAA2E;YAC3E,MAAM,UAAU,GAAG,YAAY,GAAG,cAAc,CAAC;YACjD,MAAM,kBAAkB,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,WAAW,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACxE,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,kBAAkB,CAAC,CAAC;YACjD,MAAM,CAAC,KAAK,CAAC,uBAAuB,GAAG,QAAQ,GAAG,OAAO,GAAG,kBAAkB,CAAC,CAAC;YAEhF,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,QAAQ,GAAG,QAAQ,CAAC,CAAC;YAE9D,MAAM,MAAM,CAAC,eAAe,CAAC,YAAY,EAAE,SAAS,EAAE,UAAU,EAAE,UAAU,EAAE,eAAe,EAAE,WAAW,CAAC,CAAC;YAE5G,MAAM,CAAC,KAAK,CAAC,6BAA6B,GAAG,QAAQ,GAAG,eAAe,GAAG,SAAS,GAAG,GAAG,CAAC,CAAC;YAC3F,MAAM,CAAC,QAAQ,EAAE,CAAC;SAEnB;QAAC,OAAO,CAAC,EAAE;YACV,+DAA+D;YAC/D,OAAO;gBACL,wBAAwB,EAAE,QAAQ;aACnC,CAAC;SACH;KACF;IAED,OAAO,EAAE,CAAC;AACZ,CAAC;AAEM,KAAK,UAAU,UAAU,CAC9B,aAA4B,EAC5B,SAAiB,EACjB,GAAW,EACX,WAA+B,EAC/B,YAAgC,EAChC,aAAiC,EACjC,YAAoB,EACpB,WAA+B,EAC/B,UAAkB,EAClB,SAAiB,EACjB,QAAiB,EACjB,IAAe,EACf,SAAiB,EACjB,UAAkB,EAClB,eAAuB,EACvB,WAAmB,EACnB,MAA0B,EAC1B,MAAc;IAEd,8DAA8D;IAC9D,OAAO,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,0BAA0B,CAAC,CAAC;IAEzD,EAAE,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAE7C,MAAM,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;IAC5C,MAAM,wBAAwB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAE/C,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;IAClC,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC,SAAS,EAAE,UAAU,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;IAE3G,IAAI,CAAC,QAAQ,EAAE;QACb,MAAM,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;QACrC,OAAO,EAAE,GAAG,YAAY,EAAE,CAAC;KAC5B;IAED,MAAM,WAAW,GAAG,MAAM,UAAU,CAAC,MAAM,CACzC,SAAS,EACT,aAAa,EACb,SAAS,EACT,GAAG,EACH,WAAW,EACX,YAAY,EACZ,aAAa,EACb,YAAY,EACZ,WAAW,EACX,UAAU,EACV,SAAS,EACT,IAAI,EACJ,MAAM,CAAC,CAAC;IAEV,OAAO,EAAE,GAAG,YAAY,EAAE,GAAG,WAAW,EAAE,CAAC;AAC7C,CAAC;AApDD,gCAoDC"}

lib/codeql.js

@@ -346,7 +346,7 @@ function getCodeQLForCmd(cmd) {
             }).exec();
             return JSON.parse(output);
         },
-        databaseAnalyze: async function (databasePath, sarifFile, querySuite, memoryFlag, threadsFlag) {
+        databaseAnalyze: async function (databasePath, sarifFile, querySuite, memoryFlag, addSnippetsFlag, threadsFlag) {
             await new toolrunnner.ToolRunner(cmd, [
                 'database',
                 'analyze',
@@ -355,7 +355,7 @@ function getCodeQLForCmd(cmd) {
                 databasePath,
                 '--format=sarif-latest',
                 '--output=' + sarifFile,
-                '--no-sarif-add-snippets',
+                addSnippetsFlag,
                 ...getExtraOptionsFromEnv(['database', 'analyze']),
                 querySuite
             ]).exec();

lib/config-utils.js

@@ -356,15 +356,24 @@ async function getLanguages(languagesInput, repository, githubAuth, githubUrl, l
     }
     return parsedLanguages;
 }
-/**
- * Returns true if queries were provided in the workflow file
- * (and thus added), otherwise false
- */
 async function addQueriesFromWorkflow(codeQL, queriesInput, languages, resultMap, tempDir, checkoutPath, githubUrl, logger) {
+    queriesInput = queriesInput.trim();
+    // "+" means "don't override config file" - see shouldAddConfigFileQueries
+    queriesInput = queriesInput.replace(/^\+/, '');
     for (const query of queriesInput.split(',')) {
         await parseQueryUses(languages, codeQL, resultMap, query, tempDir, checkoutPath, githubUrl, logger);
     }
 }
+// Returns true if either no queries were provided in the workflow.
+// or if the queries in the workflow were provided in "additive" mode,
+// indicating that they shouldn't override the config queries but
+// should instead be added in addition
+function shouldAddConfigFileQueries(queriesInput) {
+    if (queriesInput) {
+        return queriesInput.trimStart().substr(0, 1) === '+';
+    }
+    return true;
+}
 /**
  * Get the default config for when the user has not supplied one.
  */
@@ -426,10 +435,12 @@ async function loadConfig(languagesInput, queriesInput, configFile, repository,
     }
     // If queries were provided using `with` in the action configuration,
     // they should take precedence over the queries in the config file
+    // unless they're prefixed with "+", in which case they supplement those
+    // in the config file.
     if (queriesInput) {
         await addQueriesFromWorkflow(codeQL, queriesInput, languages, queries, tempDir, checkoutPath, githubUrl, logger);
     }
-    else if (QUERIES_PROPERTY in parsedYAML) {
+    if (shouldAddConfigFileQueries(queriesInput) && QUERIES_PROPERTY in parsedYAML) {
         if (!(parsedYAML[QUERIES_PROPERTY] instanceof Array)) {
             throw new Error(getQueriesInvalid(configFile));
         }

lib/config-utils.test.js

@@ -23,6 +23,12 @@ const logging_1 = require("./logging");
 const testing_utils_1 = require("./testing-utils");
 const util = __importStar(require("./util"));
 testing_utils_1.setupTests(ava_1.default);
+// Returns the filepath of the newly-created file
+function createConfigFile(inputFileContents, tmpDir) {
+    const configFilePath = path.join(tmpDir, 'input');
+    fs.writeFileSync(configFilePath, inputFileContents, 'utf8');
+    return configFilePath;
+}
 function mockGetContents(content) {
     // Passing an auth token is required, so we just use a dummy value
     let client = new github.GitHub('123');
@@ -170,14 +176,13 @@ ava_1.default("load non-empty input", async (t) => {
             codeQLCmd: codeQL.getPath(),
         };
         const languages = 'javascript';
-        const configFile = 'input';
-        fs.writeFileSync(path.join(tmpDir, configFile), inputFileContents, 'utf8');
-        const actualConfig = await configUtils.initConfig(languages, undefined, configFile, { owner: 'github', repo: 'example ' }, tmpDir, tmpDir, codeQL, tmpDir, 'token', 'https://github.example.com', logging_1.getRunnerLogger(true));
+        const configFilePath = createConfigFile(inputFileContents, tmpDir);
+        const actualConfig = await configUtils.initConfig(languages, undefined, configFilePath, { owner: 'github', repo: 'example ' }, tmpDir, tmpDir, codeQL, tmpDir, 'token', 'https://github.example.com', logging_1.getRunnerLogger(true));
         // Should exactly equal the object we constructed earlier
         t.deepEqual(actualConfig, expectedConfig);
     });
 });
-ava_1.default("default queries are used", async (t) => {
+ava_1.default("Default queries are used", async (t) => {
     return await util.withTmpDir(async (tmpDir) => {
         // Check that the default behaviour is to add the default queries.
         // In this case if a config file is specified but does not include
@@ -207,44 +212,47 @@ ava_1.default("default queries are used", async (t) => {
         - foo`;
         fs.mkdirSync(path.join(tmpDir, 'foo'));
         const languages = 'javascript';
-        const configFile = 'input';
-        fs.writeFileSync(path.join(tmpDir, configFile), inputFileContents, 'utf8');
-        await configUtils.initConfig(languages, undefined, configFile, { owner: 'github', repo: 'example ' }, tmpDir, tmpDir, codeQL, tmpDir, 'token', 'https://github.example.com', logging_1.getRunnerLogger(true));
+        const configFilePath = createConfigFile(inputFileContents, tmpDir);
+        await configUtils.initConfig(languages, undefined, configFilePath, { owner: 'github', repo: 'example ' }, tmpDir, tmpDir, codeQL, tmpDir, 'token', 'https://github.example.com', logging_1.getRunnerLogger(true));
         // Check resolve queries was called correctly
         t.deepEqual(resolveQueriesArgs.length, 1);
         t.deepEqual(resolveQueriesArgs[0].queries, ['javascript-code-scanning.qls']);
         t.deepEqual(resolveQueriesArgs[0].extraSearchPath, undefined);
     });
 });
+/**
+ * Returns the provided queries, just in the right format for a resolved query
+ * This way we can test by seeing which returned items are in the final
+ * configuration.
+ */
+function queriesToResolvedQueryForm(queries) {
+    const dummyResolvedQueries = {};
+    queries.forEach(q => { dummyResolvedQueries[q] = {}; });
+    return {
+        byLanguage: {
+            'javascript': dummyResolvedQueries,
+        },
+        noDeclaredLanguage: {},
+        multipleDeclaredLanguages: {},
+    };
+}
 ava_1.default("Queries can be specified in config file", async (t) => {
     return await util.withTmpDir(async (tmpDir) => {
         const inputFileContents = `
       name: my config
       queries:
         - uses: ./foo`;
-        const configFile = path.join(tmpDir, 'input');
-        fs.writeFileSync(configFile, inputFileContents, 'utf8');
+        const configFilePath = createConfigFile(inputFileContents, tmpDir);
         fs.mkdirSync(path.join(tmpDir, 'foo'));
         const resolveQueriesArgs = [];
         const codeQL = codeql_1.setCodeQL({
             resolveQueries: async function (queries, extraSearchPath) {
                 resolveQueriesArgs.push({ queries, extraSearchPath });
-                // Return what we're given, just in the right format for a resolved query
-                // This way we can test by seeing which returned items are in the final
-                // configuration.
-                const dummyResolvedQueries = {};
-                queries.forEach(q => { dummyResolvedQueries[q] = {}; });
-                return {
-                    byLanguage: {
-                        'javascript': dummyResolvedQueries,
-                    },
-                    noDeclaredLanguage: {},
-                    multipleDeclaredLanguages: {},
-                };
+                return queriesToResolvedQueryForm(queries);
             },
         });
         const languages = 'javascript';
-        const config = await configUtils.initConfig(languages, undefined, configFile, { owner: 'github', repo: 'example ' }, tmpDir, tmpDir, codeQL, tmpDir, 'token', 'https://github.example.com', logging_1.getRunnerLogger(true));
+        const config = await configUtils.initConfig(languages, undefined, configFilePath, { owner: 'github', repo: 'example ' }, tmpDir, tmpDir, codeQL, tmpDir, 'token', 'https://github.example.com', logging_1.getRunnerLogger(true));
         // Check resolveQueries was called correctly
         // It'll be called once for the default queries
         // and once for `./foo` from the config file.
@@ -263,8 +271,7 @@ ava_1.default("Queries from config file can be overridden in workflow file", asy
       name: my config
       queries:
         - uses: ./foo`;
-        const configFile = path.join(tmpDir, 'input');
-        fs.writeFileSync(configFile, inputFileContents, 'utf8');
+        const configFilePath = createConfigFile(inputFileContents, tmpDir);
         // This config item should take precedence over the config file but shouldn't affect the default queries.
         const queries = './override';
         fs.mkdirSync(path.join(tmpDir, 'foo'));
@@ -273,22 +280,11 @@ ava_1.default("Queries from config file can be overridden in workflow file", asy
         const codeQL = codeql_1.setCodeQL({
             resolveQueries: async function (queries, extraSearchPath) {
                 resolveQueriesArgs.push({ queries, extraSearchPath });
-                // Return what we're given, just in the right format for a resolved query
-                // This way we can test overriding by seeing which returned items are in
-                // the final configuration.
-                const dummyResolvedQueries = {};
-                queries.forEach(q => { dummyResolvedQueries[q] = {}; });
-                return {
-                    byLanguage: {
-                        'javascript': dummyResolvedQueries,
-                    },
-                    noDeclaredLanguage: {},
-                    multipleDeclaredLanguages: {},
-                };
+                return queriesToResolvedQueryForm(queries);
             },
         });
         const languages = 'javascript';
-        const config = await configUtils.initConfig(languages, queries, configFile, { owner: 'github', repo: 'example ' }, tmpDir, tmpDir, codeQL, tmpDir, 'token', 'https://github.example.com', logging_1.getRunnerLogger(true));
+        const config = await configUtils.initConfig(languages, queries, configFilePath, { owner: 'github', repo: 'example ' }, tmpDir, tmpDir, codeQL, tmpDir, 'token', 'https://github.example.com', logging_1.getRunnerLogger(true));
         // Check resolveQueries was called correctly
         // It'll be called once for the default queries and once for `./override`,
         // but won't be called for './foo' from the config file.
@@ -301,6 +297,36 @@ ava_1.default("Queries from config file can be overridden in workflow file", asy
         t.regex(config.queries['javascript'][1], /.*\/override$/);
     });
 });
+ava_1.default("Queries in workflow file can be used in tandem with the 'disable default queries' option", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        process.env['RUNNER_TEMP'] = tmpDir;
+        process.env['GITHUB_WORKSPACE'] = tmpDir;
+        const inputFileContents = `
+      name: my config
+      disable-default-queries: true`;
+        const configFilePath = createConfigFile(inputFileContents, tmpDir);
+        const queries = './workflow-query';
+        fs.mkdirSync(path.join(tmpDir, 'workflow-query'));
+        const resolveQueriesArgs = [];
+        const codeQL = codeql_1.setCodeQL({
+            resolveQueries: async function (queries, extraSearchPath) {
+                resolveQueriesArgs.push({ queries, extraSearchPath });
+                return queriesToResolvedQueryForm(queries);
+            },
+        });
+        const languages = 'javascript';
+        const config = await configUtils.initConfig(languages, queries, configFilePath, { owner: 'github', repo: 'example ' }, tmpDir, tmpDir, codeQL, tmpDir, 'token', 'https://github.example.com', logging_1.getRunnerLogger(true));
+        // Check resolveQueries was called correctly
+        // It'll be called once for `./workflow-query`,
+        // but won't be called for the default one since that was disabled
+        t.deepEqual(resolveQueriesArgs.length, 1);
+        t.deepEqual(resolveQueriesArgs[0].queries.length, 1);
+        t.regex(resolveQueriesArgs[0].queries[0], /.*\/workflow-query$/);
+        // Now check that the end result contains only the workflow query, and not the default one
+        t.deepEqual(config.queries['javascript'].length, 1);
+        t.regex(config.queries['javascript'][0], /.*\/workflow-query$/);
+    });
+});
 ava_1.default("Multiple queries can be specified in workflow file, no config file required", async (t) => {
     return await util.withTmpDir(async (tmpDir) => {
         fs.mkdirSync(path.join(tmpDir, 'override1'));
@@ -310,18 +336,7 @@ ava_1.default("Multiple queries can be specified in workflow file, no config fil
         const codeQL = codeql_1.setCodeQL({
             resolveQueries: async function (queries, extraSearchPath) {
                 resolveQueriesArgs.push({ queries, extraSearchPath });
-                // Return what we're given, just in the right format for a resolved query
-                // This way we can test overriding by seeing which returned items are in
-                // the final configuration.
-                const dummyResolvedQueries = {};
-                queries.forEach(q => { dummyResolvedQueries[q] = {}; });
-                return {
-                    byLanguage: {
-                        'javascript': dummyResolvedQueries,
-                    },
-                    noDeclaredLanguage: {},
-                    multipleDeclaredLanguages: {},
-                };
+                return queriesToResolvedQueryForm(queries);
             },
         });
         const languages = 'javascript';
@@ -341,6 +356,48 @@ ava_1.default("Multiple queries can be specified in workflow file, no config fil
         t.regex(config.queries['javascript'][2], /.*\/override2$/);
     });
 });
+ava_1.default("Queries in workflow file can be added to the set of queries without overriding config file", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        process.env['RUNNER_TEMP'] = tmpDir;
+        process.env['GITHUB_WORKSPACE'] = tmpDir;
+        const inputFileContents = `
+      name: my config
+      queries:
+        - uses: ./foo`;
+        const configFilePath = createConfigFile(inputFileContents, tmpDir);
+        // These queries shouldn't override anything, because the value is prefixed with "+"
+        const queries = '+./additional1,./additional2';
+        fs.mkdirSync(path.join(tmpDir, 'foo'));
+        fs.mkdirSync(path.join(tmpDir, 'additional1'));
+        fs.mkdirSync(path.join(tmpDir, 'additional2'));
+        const resolveQueriesArgs = [];
+        const codeQL = codeql_1.setCodeQL({
+            resolveQueries: async function (queries, extraSearchPath) {
+                resolveQueriesArgs.push({ queries, extraSearchPath });
+                return queriesToResolvedQueryForm(queries);
+            },
+        });
+        const languages = 'javascript';
+        const config = await configUtils.initConfig(languages, queries, configFilePath, { owner: 'github', repo: 'example ' }, tmpDir, tmpDir, codeQL, tmpDir, 'token', 'https://github.example.com', logging_1.getRunnerLogger(true));
+        // Check resolveQueries was called correctly
+        // It'll be called once for the default queries,
+        // once for each of additional1 and additional2,
+        // and once for './foo' from the config file
+        t.deepEqual(resolveQueriesArgs.length, 4);
+        t.deepEqual(resolveQueriesArgs[1].queries.length, 1);
+        t.regex(resolveQueriesArgs[1].queries[0], /.*\/additional1$/);
+        t.deepEqual(resolveQueriesArgs[2].queries.length, 1);
+        t.regex(resolveQueriesArgs[2].queries[0], /.*\/additional2$/);
+        t.deepEqual(resolveQueriesArgs[3].queries.length, 1);
+        t.regex(resolveQueriesArgs[3].queries[0], /.*\/foo$/);
+        // Now check that the end result contains all the queries
+        t.deepEqual(config.queries['javascript'].length, 4);
+        t.regex(config.queries['javascript'][0], /javascript-code-scanning.qls$/);
+        t.regex(config.queries['javascript'][1], /.*\/additional1$/);
+        t.regex(config.queries['javascript'][2], /.*\/additional2$/);
+        t.regex(config.queries['javascript'][3], /.*\/foo$/);
+    });
+});
 ava_1.default("Invalid queries in workflow file handled correctly", async (t) => {
     return await util.withTmpDir(async (tmpDir) => {
         const queries = 'foo/bar@v1@v3';

lib/external-queries.js

@@ -21,7 +21,7 @@ async function checkoutExternalRepository(repository, ref, githubUrl, tempDir, l
         throw new Error(`'${repository}@${ref}' is not a valid repository and reference.`);
     }
     if (!fs.existsSync(checkoutLocation)) {
-        const repoURL = githubUrl + '/' + repository + '.git';
+        const repoURL = githubUrl + '/' + repository;
         await new toolrunnner.ToolRunner('git', ['clone', repoURL, checkoutLocation]).exec();
         await new toolrunnner.ToolRunner('git', [
             '--work-tree=' + checkoutLocation,

lib/external-queries.js.map

@@ -1 +1 @@
-{"version":3,"file":"external-queries.js","sourceRoot":"","sources":["../src/external-queries.ts"],"names":[],"mappings":";;;;;;;;;AAAA,0EAA4D;AAC5D,uCAAyB;AACzB,2CAA6B;AAI7B;;GAEG;AACI,KAAK,UAAU,0BAA0B,CAC9C,UAAkB,EAClB,GAAW,EACX,SAAiB,EACjB,OAAe,EACf,MAAc;IAEd,MAAM,CAAC,IAAI,CAAC,eAAe,GAAG,UAAU,CAAC,CAAC;IAE1C,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC;IAE7D,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE;QACzC,wGAAwG;QACxG,MAAM,IAAI,KAAK,CAAC,IAAI,UAAU,IAAI,GAAG,4CAA4C,CAAC,CAAC;KACpF;IAED,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE;QACpC,MAAM,OAAO,GAAG,SAAS,GAAG,GAAG,GAAG,UAAU,GAAG,MAAM,CAAC;QACtD,MAAM,IAAI,WAAW,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,gBAAgB,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACrF,MAAM,IAAI,WAAW,CAAC,UAAU,CAAC,KAAK,EAAE;YACtC,cAAc,GAAG,gBAAgB;YACjC,YAAY,GAAG,gBAAgB,GAAG,OAAO;YACzC,UAAU,EAAE,GAAG;SAChB,CAAC,CAAC,IAAI,EAAE,CAAC;KACX;IAED,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AA3BD,gEA2BC"}
+{"version":3,"file":"external-queries.js","sourceRoot":"","sources":["../src/external-queries.ts"],"names":[],"mappings":";;;;;;;;;AAAA,0EAA4D;AAC5D,uCAAyB;AACzB,2CAA6B;AAI7B;;GAEG;AACI,KAAK,UAAU,0BAA0B,CAC9C,UAAkB,EAClB,GAAW,EACX,SAAiB,EACjB,OAAe,EACf,MAAc;IAEd,MAAM,CAAC,IAAI,CAAC,eAAe,GAAG,UAAU,CAAC,CAAC;IAE1C,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC;IAE7D,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE;QACzC,wGAAwG;QACxG,MAAM,IAAI,KAAK,CAAC,IAAI,UAAU,IAAI,GAAG,4CAA4C,CAAC,CAAC;KACpF;IAED,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE;QACpC,MAAM,OAAO,GAAG,SAAS,GAAG,GAAG,GAAG,UAAU,CAAC;QAC7C,MAAM,IAAI,WAAW,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,gBAAgB,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACrF,MAAM,IAAI,WAAW,CAAC,UAAU,CAAC,KAAK,EAAE;YACtC,cAAc,GAAG,gBAAgB;YACjC,YAAY,GAAG,gBAAgB,GAAG,OAAO;YACzC,UAAU,EAAE,GAAG;SAChB,CAAC,CAAC,IAAI,EAAE,CAAC;KACX;IAED,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AA3BD,gEA2BC"}

lib/external-queries.test.js

@@ -1,7 +1,4 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
 var __importStar = (this && this.__importStar) || function (mod) {
     if (mod && mod.__esModule) return mod;
     var result = {};
@@ -9,7 +6,11 @@ var __importStar = (this && this.__importStar) || function (mod) {
     result["default"] = mod;
     return result;
 };
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", { value: true });
+const toolrunnner = __importStar(require("@actions/exec/lib/toolrunner"));
 const ava_1 = __importDefault(require("ava"));
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
@@ -20,10 +21,67 @@ const util = __importStar(require("./util"));
 testing_utils_1.setupTests(ava_1.default);
 ava_1.default("checkoutExternalQueries", async (t) => {
     await util.withTmpDir(async (tmpDir) => {
-        const ref = "df4c6869212341b601005567381944ed90906b6b";
-        await externalQueries.checkoutExternalRepository("github/codeql-go", ref, 'https://github.com', tmpDir, logging_1.getRunnerLogger(true));
-        // COPYRIGHT file existed in df4c6869212341b601005567381944ed90906b6b but not in the default branch
-        t.true(fs.existsSync(path.join(tmpDir, "github", "codeql-go", ref, "COPYRIGHT")));
+        // Create a test repo in a subdir of the temp dir.
+        // It should have a default branch with two commits after the initial commit, where
+        // - the first commit contains files 'a' and 'b'
+        // - the second commit contains only 'a'
+        // Place the repo in a subdir because we're going to checkout a copy in tmpDir
+        const testRepoBaseDir = path.join(tmpDir, 'test-repo-dir');
+        const repoName = 'some/repo';
+        const repoPath = path.join(testRepoBaseDir, repoName);
+        const repoGitDir = path.join(repoPath, '.git');
+        // Run the given git command, and return the output.
+        // Passes --git-dir and --work-tree.
+        // Any stderr output is suppressed until the command fails.
+        const runGit = async function (command) {
+            let stdout = '';
+            let stderr = '';
+            command = [`--git-dir=${repoGitDir}`, `--work-tree=${repoPath}`, ...command];
+            console.log('Running: git ' + command.join(' '));
+            try {
+                await new toolrunnner.ToolRunner('git', command, {
+                    silent: true,
+                    listeners: {
+                        stdout: (data) => { stdout += data.toString(); },
+                        stderr: (data) => { stderr += data.toString(); },
+                    }
+                }).exec();
+            }
+            catch (e) {
+                console.log('Command failed: git ' + command.join(' '));
+                process.stderr.write(stderr);
+                throw e;
+            }
+            return stdout.trim();
+        };
+        fs.mkdirSync(repoPath, { recursive: true });
+        await runGit(['init', repoPath]);
+        await runGit(['config', 'user.email', 'test@github.com']);
+        await runGit(['config', 'user.name', 'Test Test']);
+        fs.writeFileSync(path.join(repoPath, 'a'), 'a content');
+        await runGit(['add', 'a']);
+        await runGit(['commit', '-m', 'commit1']);
+        fs.writeFileSync(path.join(repoPath, 'b'), 'b content');
+        await runGit(['add', 'b']);
+        await runGit(['commit', '-m', 'commit1']);
+        const commit1Sha = await runGit(['rev-parse', 'HEAD']);
+        fs.unlinkSync(path.join(repoPath, 'b'));
+        await runGit(['add', 'b']);
+        await runGit(['commit', '-m', 'commit2']);
+        const commit2Sha = await runGit(['rev-parse', 'HEAD']);
+        // Checkout the first commit, which should contain 'a' and 'b'
+        t.false(fs.existsSync(path.join(tmpDir, repoName)));
+        await externalQueries.checkoutExternalRepository(repoName, commit1Sha, `file://${testRepoBaseDir}`, tmpDir, logging_1.getRunnerLogger(true));
+        t.true(fs.existsSync(path.join(tmpDir, repoName)));
+        t.true(fs.existsSync(path.join(tmpDir, repoName, commit1Sha)));
+        t.true(fs.existsSync(path.join(tmpDir, repoName, commit1Sha, 'a')));
+        t.true(fs.existsSync(path.join(tmpDir, repoName, commit1Sha, 'b')));
+        // Checkout the second commit as well, which should only contain 'a'
+        t.false(fs.existsSync(path.join(tmpDir, repoName, commit2Sha)));
+        await externalQueries.checkoutExternalRepository(repoName, commit2Sha, `file://${testRepoBaseDir}`, tmpDir, logging_1.getRunnerLogger(true));
+        t.true(fs.existsSync(path.join(tmpDir, repoName, commit2Sha)));
+        t.true(fs.existsSync(path.join(tmpDir, repoName, commit2Sha, 'a')));
+        t.false(fs.existsSync(path.join(tmpDir, repoName, commit2Sha, 'b')));
     });
 });
 //# sourceMappingURL=external-queries.test.js.map

lib/external-queries.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"external-queries.test.js","sourceRoot":"","sources":["../src/external-queries.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,8CAAuB;AACvB,uCAAyB;AACzB,2CAA6B;AAE7B,oEAAsD;AACtD,uCAA4C;AAC5C,mDAA2C;AAC3C,6CAA+B;AAE/B,0BAAU,CAAC,aAAI,CAAC,CAAC;AAEjB,aAAI,CAAC,yBAAyB,EAAE,KAAK,EAAC,CAAC,EAAC,EAAE;IACxC,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAC,MAAM,EAAC,EAAE;QACnC,MAAM,GAAG,GAAG,0CAA0C,CAAC;QACvD,MAAM,eAAe,CAAC,0BAA0B,CAC9C,kBAAkB,EAClB,GAAG,EACH,oBAAoB,EACpB,MAAM,EACN,yBAAe,CAAC,IAAI,CAAC,CAAC,CAAC;QAEzB,mGAAmG;QACnG,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,GAAG,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC;IACpF,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"external-queries.test.js","sourceRoot":"","sources":["../src/external-queries.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,0EAA4D;AAC5D,8CAAuB;AACvB,uCAAyB;AACzB,2CAA6B;AAE7B,oEAAsD;AACtD,uCAA4C;AAC5C,mDAA2C;AAC3C,6CAA+B;AAE/B,0BAAU,CAAC,aAAI,CAAC,CAAC;AAEjB,aAAI,CAAC,yBAAyB,EAAE,KAAK,EAAC,CAAC,EAAC,EAAE;IACxC,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAC,MAAM,EAAC,EAAE;QACnC,kDAAkD;QAClD,mFAAmF;QACnF,gDAAgD;QAChD,wCAAwC;QACxC,8EAA8E;QAC9E,MAAM,eAAe,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;QAC3D,MAAM,QAAQ,GAAG,WAAW,CAAC;QAC7B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,QAAQ,CAAC,CAAC;QACtD,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAE/C,oDAAoD;QACpD,oCAAoC;QACpC,2DAA2D;QAC3D,MAAM,MAAM,GAAG,KAAK,WAAU,OAAiB;YAC7C,IAAI,MAAM,GAAG,EAAE,CAAC;YAChB,IAAI,MAAM,GAAG,EAAE,CAAC;YAChB,OAAO,GAAG,CAAC,aAAa,UAAU,EAAE,EAAE,eAAe,QAAQ,EAAE,EAAE,GAAG,OAAO,CAAC,CAAC;YAC7E,OAAO,CAAC,GAAG,CAAC,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACjD,IAAI;gBACF,MAAM,IAAI,WAAW,CAAC,UAAU,CAAC,KAAK,EAAE,OAAO,EAAE;oBAC/C,MAAM,EAAE,IAAI;oBACZ,SAAS,EAAE;wBACT,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE,GAAG,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;wBAChD,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE,GAAG,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;qBACjD;iBACF,CAAC,CAAC,IAAI,EAAE,CAAC;aACX;YAAC,OAAO,CAAC,EAAE;gBACV,OAAO,CAAC,GAAG,CAAC,sBAAsB,GAAG,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;gBACxD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;gBAC7B,MAAM,CAAC,CAAC;aACT;YACD,OAAO,MAAM,CAAC,IAAI,EAAE,CAAC;QACvB,CAAC,CAAC;QAEF,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC5C,MAAM,MAAM,CAAC,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;QACjC,MAAM,MAAM,CAAC,CAAC,QAAQ,EAAE,YAAY,EAAE,iBAAiB,CAAC,CAAC,CAAC;QAC1D,MAAM,MAAM,CAAC,CAAC,QAAQ,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC,CAAC;QAEnD,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,EAAE,WAAW,CAAC,CAAC;QACxD,MAAM,MAAM,CAAC,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC;QAC3B,MAAM,MAAM,CAAC,CAAC,QAAQ,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC;QAE1C,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,EAAE,WAAW,CAAC,CAAC;QACxD,MAAM,MAAM,CAAC,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC;QAC3B,MAAM,MAAM,CAAC,CAAC,QAAQ,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC;QAC1C,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC,CAAC;QAEvD,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC;QACxC,MAAM,MAAM,CAAC,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC;QAC3B,MAAM,MAAM,CAAC,CAAC,QAAQ,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC;QAC1C,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC,CAAC;QAIvD,8DAA8D;QAC9D,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC;QACpD,MAAM,eAAe,CAAC,0BAA0B,CAC9C,QAAQ,EACR,UAAU,EACV,UAAU,eAAe,EAAE,EAC3B,MAAM,EACN,yBAAe,CAAC,IAAI,CAAC,CAAC,CAAC;QACzB,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC;QACnD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC;QAC/D,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;QACpE,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;QAIpE,oEAAoE;QACpE,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC;QAChE,MAAM,eAAe,CAAC,0BAA0B,CAC9C,QAAQ,EACR,UAAU,EACV,UAAU,eAAe,EAAE,EAC3B,MAAM,EACN,yBAAe,CAAC,IAAI,CAAC,CAAC,CAAC;QACzB,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC;QAC/D,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;QACpE,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;IACvE,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

lib/fingerprints.test.js

@@ -95,6 +95,16 @@ ava_1.default('hash', (t) => {
         "cc97dc7b1d7d8f7b:1",
         "c129715d7a2bc9a3:1"
     ]);
+    testHash(t, "x = 2\nx = 1\nprint(x)\nx = 3\nprint(x)\nx = 4\nprint(x)\n", [
+        "e54938cc54b302f1:1",
+        "bb609acbe9138d60:1",
+        "1131fd5871777f34:1",
+        "5c482a0f8b35ea28:1",
+        "54517377da7028d2:1",
+        "2c644846cb18d53e:1",
+        "f1b89f20de0d133:1",
+        "c129715d7a2bc9a3:1"
+    ]);
 });
 function testResolveUriToFile(uri, index, artifactsURIs) {
     const location = { "uri": uri, "index": index };

lib/init-action.js

@@ -63,6 +63,9 @@ async function run() {
         const tracerConfig = await init_1.runInit(codeql, config);
         if (tracerConfig !== undefined) {
             Object.entries(tracerConfig.env).forEach(([key, value]) => core.exportVariable(key, value));
+            if (process.platform === 'win32') {
+                await init_1.injectWindowsTracer('Runner.Worker.exe', undefined, config, codeql, tracerConfig);
+            }
         }
     }
     catch (error) {

lib/init-action.js.map

@@ -1 +1 @@
-{"version":3,"file":"init-action.js","sourceRoot":"","sources":["../src/init-action.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AAItC,iCAAyD;AACzD,uCAA6C;AAC7C,6CAAkD;AAClD,6CAA+B;AAkB/B,KAAK,UAAU,uBAAuB,CAAC,SAAe,EAAE,MAA0B;IAChF,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,MAAM,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;IAEzF,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC7C,MAAM,iBAAiB,GAAG,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC;IAC1E,MAAM,KAAK,GAAG,CAAC,MAAM,CAAC,iBAAiB,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC/D,MAAM,WAAW,GAAG,CAAC,MAAM,CAAC,iBAAiB,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC/E,MAAM,qBAAqB,GAAG,MAAM,CAAC,iBAAiB,CAAC,yBAAyB,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC;IACnG,MAAM,OAAO,GAAG,CAAC,MAAM,CAAC,iBAAiB,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAEpF,MAAM,YAAY,GAA4B;QAC5C,GAAG,gBAAgB;QACnB,SAAS,EAAE,SAAS;QACpB,kBAAkB,EAAE,iBAAiB;QACrC,KAAK,EAAE,KAAK;QACZ,YAAY,EAAE,WAAW;QACzB,uBAAuB,EAAE,qBAAqB;QAC9C,OAAO,EAAE,OAAO;KACjB,CAAC;IAEF,MAAM,IAAI,CAAC,gBAAgB,CAAC,YAAY,CAAC,CAAC;AAC5C,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,0BAAgB,EAAE,CAAC;IAClC,IAAI,MAA0B,CAAC;IAC/B,IAAI,MAAc,CAAC;IAEnB,IAAI;QACF,IAAI,CAAC,0BAA0B,EAAE,CAAC;QAClC,IAAI,CAAC,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,IAAI,CAAC,sBAAsB,CAAC,MAAM,EAAE,UAAU,EAAE,SAAS,CAAC,EAAE,IAAI,CAAC,EAAE;YACxG,OAAO;SACR;QAED,MAAM,GAAG,MAAM,iBAAU,CACvB,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EACtB,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EACtB,IAAI,CAAC,mBAAmB,CAAC,mBAAmB,CAAC,EAC7C,IAAI,CAAC,mBAAmB,CAAC,aAAa,CAAC,EACvC,IAAI,CAAC,mBAAmB,CAAC,mBAAmB,CAAC,EAC7C,SAAS,EACT,MAAM,CAAC,CAAC;QACV,MAAM,GAAG,MAAM,iBAAU,CACvB,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,EAC1B,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,EACxB,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,EAC5B,+BAAkB,CAAC,IAAI,CAAC,mBAAmB,CAAC,mBAAmB,CAAC,CAAC,EACjE,IAAI,CAAC,mBAAmB,CAAC,aAAa,CAAC,EACvC,IAAI,CAAC,mBAAmB,CAAC,mBAAmB,CAAC,EAC7C,MAAM,EACN,IAAI,CAAC,mBAAmB,CAAC,kBAAkB,CAAC,EAC5C,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EACtB,IAAI,CAAC,mBAAmB,CAAC,mBAAmB,CAAC,EAC7C,MAAM,CAAC,CAAC;KAEX;IAAC,OAAO,CAAC,EAAE;QACV,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;QAC1B,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QACf,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,IAAI,CAAC,sBAAsB,CAAC,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;QACxG,OAAO;KACR;IAED,IAAI;QAEF,mBAAmB;QACnB,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QACvC,IAAI,OAAO,EAAE;YACX,IAAI,CAAC,cAAc,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YACxC,IAAI,CAAC,OAAO,CAAC,6GAA6G,CAAC,CAAC;SAC7H;QAED,mGAAmG;QACnG,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,MAAM,CAAC;QACtD,IAAI,CAAC,cAAc,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;QAE7C,MAAM,YAAY,GAAG,MAAM,cAAO,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACnD,IAAI,YAAY,KAAK,SAAS,EAAE;YAC9B,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC;SAC7F;KAEF;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAC9B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnB,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,IAAI,CAAC,sBAAsB,CAC3D,MAAM,EACN,SAAS,EACT,SAAS,EACT,KAAK,CAAC,OAAO,EACb,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC;QAChB,OAAO;KACR;IACD,MAAM,uBAAuB,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;AACnD,CAAC;AAED,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE;IACd,IAAI,CAAC,SAAS,CAAC,sBAAsB,GAAG,CAAC,CAAC,CAAC;IAC3C,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;AACjB,CAAC,CAAC,CAAC"}
+{"version":3,"file":"init-action.js","sourceRoot":"","sources":["../src/init-action.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AAItC,iCAA8E;AAC9E,uCAA6C;AAC7C,6CAAkD;AAClD,6CAA+B;AAkB/B,KAAK,UAAU,uBAAuB,CAAC,SAAe,EAAE,MAA0B;IAChF,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,MAAM,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;IAEzF,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC7C,MAAM,iBAAiB,GAAG,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC;IAC1E,MAAM,KAAK,GAAG,CAAC,MAAM,CAAC,iBAAiB,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC/D,MAAM,WAAW,GAAG,CAAC,MAAM,CAAC,iBAAiB,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC/E,MAAM,qBAAqB,GAAG,MAAM,CAAC,iBAAiB,CAAC,yBAAyB,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC;IACnG,MAAM,OAAO,GAAG,CAAC,MAAM,CAAC,iBAAiB,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAEpF,MAAM,YAAY,GAA4B;QAC5C,GAAG,gBAAgB;QACnB,SAAS,EAAE,SAAS;QACpB,kBAAkB,EAAE,iBAAiB;QACrC,KAAK,EAAE,KAAK;QACZ,YAAY,EAAE,WAAW;QACzB,uBAAuB,EAAE,qBAAqB;QAC9C,OAAO,EAAE,OAAO;KACjB,CAAC;IAEF,MAAM,IAAI,CAAC,gBAAgB,CAAC,YAAY,CAAC,CAAC;AAC5C,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,0BAAgB,EAAE,CAAC;IAClC,IAAI,MAA0B,CAAC;IAC/B,IAAI,MAAc,CAAC;IAEnB,IAAI;QACF,IAAI,CAAC,0BAA0B,EAAE,CAAC;QAClC,IAAI,CAAC,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,IAAI,CAAC,sBAAsB,CAAC,MAAM,EAAE,UAAU,EAAE,SAAS,CAAC,EAAE,IAAI,CAAC,EAAE;YACxG,OAAO;SACR;QAED,MAAM,GAAG,MAAM,iBAAU,CACvB,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EACtB,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EACtB,IAAI,CAAC,mBAAmB,CAAC,mBAAmB,CAAC,EAC7C,IAAI,CAAC,mBAAmB,CAAC,aAAa,CAAC,EACvC,IAAI,CAAC,mBAAmB,CAAC,mBAAmB,CAAC,EAC7C,SAAS,EACT,MAAM,CAAC,CAAC;QACV,MAAM,GAAG,MAAM,iBAAU,CACvB,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,EAC1B,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,EACxB,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,EAC5B,+BAAkB,CAAC,IAAI,CAAC,mBAAmB,CAAC,mBAAmB,CAAC,CAAC,EACjE,IAAI,CAAC,mBAAmB,CAAC,aAAa,CAAC,EACvC,IAAI,CAAC,mBAAmB,CAAC,mBAAmB,CAAC,EAC7C,MAAM,EACN,IAAI,CAAC,mBAAmB,CAAC,kBAAkB,CAAC,EAC5C,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EACtB,IAAI,CAAC,mBAAmB,CAAC,mBAAmB,CAAC,EAC7C,MAAM,CAAC,CAAC;KAEX;IAAC,OAAO,CAAC,EAAE;QACV,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;QAC1B,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QACf,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,IAAI,CAAC,sBAAsB,CAAC,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;QACxG,OAAO;KACR;IAED,IAAI;QAEF,mBAAmB;QACnB,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QACvC,IAAI,OAAO,EAAE;YACX,IAAI,CAAC,cAAc,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YACxC,IAAI,CAAC,OAAO,CAAC,6GAA6G,CAAC,CAAC;SAC7H;QAED,mGAAmG;QACnG,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,MAAM,CAAC;QACtD,IAAI,CAAC,cAAc,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;QAE7C,MAAM,YAAY,GAAG,MAAM,cAAO,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACnD,IAAI,YAAY,KAAK,SAAS,EAAE;YAC9B,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC;YAE5F,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;gBAChC,MAAM,0BAAmB,CAAC,mBAAmB,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,YAAY,CAAC,CAAC;aACzF;SACF;KAEF;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAC9B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnB,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,IAAI,CAAC,sBAAsB,CAC3D,MAAM,EACN,SAAS,EACT,SAAS,EACT,KAAK,CAAC,OAAO,EACb,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC;QAChB,OAAO;KACR;IACD,MAAM,uBAAuB,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;AACnD,CAAC;AAED,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE;IACd,IAAI,CAAC,SAAS,CAAC,sBAAsB,GAAG,CAAC,CAAC,CAAC;IAC3C,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;AACjB,CAAC,CAAC,CAAC"}

lib/init.js

@@ -39,25 +39,84 @@ async function runInit(codeql, config) {
         // Init language database
         await codeql.databaseInit(util.getCodeQLDatabasePath(config.tempDir, language), language, sourceRoot);
     }
-    const tracerConfig = await tracer_config_1.getCombinedTracerConfig(config, codeql);
-    if (tracerConfig !== undefined && process.platform === 'win32') {
-        const injectTracerPath = path.join(config.tempDir, 'inject-tracer.ps1');
-        fs.writeFileSync(injectTracerPath, `
+    return await tracer_config_1.getCombinedTracerConfig(config, codeql);
+}
+exports.runInit = runInit;
+// Runs a powershell script to inject the tracer into a parent process
+// so it can tracer future processes, hopefully including the build process.
+// If processName is given then injects into the nearest parent process with
+// this name, otherwise uses the processLevel-th parent if defined, otherwise
+// defaults to the 3rd parent as a rough guess.
+async function injectWindowsTracer(processName, processLevel, config, codeql, tracerConfig) {
+    let script;
+    if (processName !== undefined) {
+        script = `
       Param(
           [Parameter(Position=0)]
           [String]
           $tracer
       )
-      Get-Process -Name Runner.Worker
-      $process=Get-Process -Name Runner.Worker
-      $id=$process.Id
-      Invoke-Expression "&$tracer --inject=$id"`);
-        await new toolrunnner.ToolRunner('powershell', [
-            injectTracerPath,
-            path.resolve(path.dirname(codeql.getPath()), 'tools', 'win64', 'tracer.exe'),
-        ], { env: { 'ODASA_TRACER_CONFIGURATION': tracerConfig.spec } }).exec();
+
+      $id = $PID
+      while ($true) {
+        $p = Get-CimInstance -Class Win32_Process -Filter "ProcessId = $id"
+        Write-Host "Found process: $p"
+        if ($p -eq $null) {
+          throw "Could not determine ${processName} process"
+        }
+        if ($p[0].Name -eq "${processName}") {
+          Break
+        } else {
+          $id = $p[0].ParentProcessId
+        }
+      }
+      Write-Host "Final process: $p"
+
+      Invoke-Expression "&$tracer --inject=$id"`;
     }
-    return tracerConfig;
+    else {
+        // If the level is not defined then guess at the 3rd parent process.
+        // This won't be correct in every setting but it should be enough in most settings,
+        // and overestimating is likely better in this situation so we definitely trace
+        // what we want, though this does run the risk of interfering with future CI jobs.
+        // Note that the default of 3 doesn't work on github actions, so we include a
+        // special case in the script that checks for Runner.Worker.exe so we can still work
+        // on actions if the runner is invoked there.
+        processLevel = processLevel || 3;
+        script = `
+      Param(
+          [Parameter(Position=0)]
+          [String]
+          $tracer
+      )
+
+      $id = $PID
+      for ($i = 0; $i -le ${processLevel}; $i++) {
+        $p = Get-CimInstance -Class Win32_Process -Filter "ProcessId = $id"
+        Write-Host "Parent process \${i}: $p"
+        if ($p -eq $null) {
+          throw "Process tree ended before reaching required level"
+        }
+        # Special case just in case the runner is used on actions
+        if ($p[0].Name -eq "Runner.Worker.exe") {
+          Write-Host "Found Runner.Worker.exe process which means we are running on GitHub Actions"
+          Write-Host "Aborting search early and using process: $p"
+          Break
+        } else {
+          $id = $p[0].ParentProcessId
+        }
+      }
+      Write-Host "Final process: $p"
+
+      Invoke-Expression "&$tracer --inject=$id"`;
+    }
+    const injectTracerPath = path.join(config.tempDir, 'inject-tracer.ps1');
+    fs.writeFileSync(injectTracerPath, script);
+    await new toolrunnner.ToolRunner('powershell', [
+        '-ExecutionPolicy', 'Bypass',
+        '-file', injectTracerPath,
+        path.resolve(path.dirname(codeql.getPath()), 'tools', 'win64', 'tracer.exe'),
+    ], { env: { 'ODASA_TRACER_CONFIGURATION': tracerConfig.spec } }).exec();
 }
-exports.runInit = runInit;
+exports.injectWindowsTracer = injectWindowsTracer;
 //# sourceMappingURL=init.js.map

lib/init.js.map

@@ -1 +1 @@
-{"version":3,"file":"init.js","sourceRoot":"","sources":["../src/init.ts"],"names":[],"mappings":";;;;;;;;;AAAA,0EAA4D;AAC5D,uCAAyB;AACzB,2CAA6B;AAE7B,gEAAkD;AAClD,qCAA+C;AAC/C,4DAA8C;AAG9C,mDAAwE;AACxE,6CAA+B;AAExB,KAAK,UAAU,UAAU,CAC9B,SAA6B,EAC7B,UAAkB,EAClB,SAAiB,EACjB,OAAe,EACf,QAAgB,EAChB,IAAe,EACf,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,oBAAoB,CAAC,CAAC;IACxC,MAAM,MAAM,GAAG,MAAM,oBAAW,CAC9B,SAAS,EACT,UAAU,EACV,SAAS,EACT,OAAO,EACP,QAAQ,EACR,IAAI,EACJ,MAAM,CAAC,CAAC;IACV,MAAM,MAAM,CAAC,YAAY,EAAE,CAAC;IAC5B,MAAM,CAAC,QAAQ,EAAE,CAAC;IAClB,OAAO,MAAM,CAAC;AAChB,CAAC;AArBD,gCAqBC;AAEM,KAAK,UAAU,UAAU,CAC9B,cAAkC,EAClC,YAAgC,EAChC,UAA8B,EAC9B,UAAyB,EACzB,OAAe,EACf,YAAoB,EACpB,MAAc,EACd,YAAoB,EACpB,UAAkB,EAClB,SAAiB,EACjB,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,6BAA6B,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,UAAU,CACzC,cAAc,EACd,YAAY,EACZ,UAAU,EACV,UAAU,EACV,OAAO,EACP,YAAY,EACZ,MAAM,EACN,YAAY,EACZ,UAAU,EACV,SAAS,EACT,MAAM,CAAC,CAAC;IACV,aAAa,CAAC,uBAAuB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACtD,MAAM,CAAC,QAAQ,EAAE,CAAC;IAClB,OAAO,MAAM,CAAC;AAChB,CAAC;AA7BD,gCA6BC;AAEM,KAAK,UAAU,OAAO,CAC3B,MAAc,EACd,MAA0B;IAE1B,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;IAElC,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAE9E,sEAAsE;IACtE,KAAK,IAAI,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;QACrC,yBAAyB;QACzB,MAAM,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;KACvG;IAED,MAAM,YAAY,GAAG,MAAM,uCAAuB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACnE,IAAI,YAAY,KAAK,SAAS,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;QAC9D,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,mBAAmB,CAAC,CAAC;QACxE,EAAE,CAAC,aAAa,CAAC,gBAAgB,EAAE;;;;;;;;;gDASS,CAAC,CAAC;QAE9C,MAAM,IAAI,WAAW,CAAC,UAAU,CAC9B,YAAY,EACZ;YACE,gBAAgB;YAChB,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE,YAAY,CAAC;SAC7E,EACD,EAAE,GAAG,EAAE,EAAE,4BAA4B,EAAE,YAAY,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;KACxE;IACD,OAAO,YAAY,CAAC;AACtB,CAAC;AArCD,0BAqCC"}
+{"version":3,"file":"init.js","sourceRoot":"","sources":["../src/init.ts"],"names":[],"mappings":";;;;;;;;;AAAA,0EAA4D;AAC5D,uCAAyB;AACzB,2CAA6B;AAE7B,gEAAkD;AAClD,qCAA+C;AAC/C,4DAA8C;AAG9C,mDAAwE;AACxE,6CAA+B;AAExB,KAAK,UAAU,UAAU,CAC9B,SAA6B,EAC7B,UAAkB,EAClB,SAAiB,EACjB,OAAe,EACf,QAAgB,EAChB,IAAe,EACf,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,oBAAoB,CAAC,CAAC;IACxC,MAAM,MAAM,GAAG,MAAM,oBAAW,CAC9B,SAAS,EACT,UAAU,EACV,SAAS,EACT,OAAO,EACP,QAAQ,EACR,IAAI,EACJ,MAAM,CAAC,CAAC;IACV,MAAM,MAAM,CAAC,YAAY,EAAE,CAAC;IAC5B,MAAM,CAAC,QAAQ,EAAE,CAAC;IAClB,OAAO,MAAM,CAAC;AAChB,CAAC;AArBD,gCAqBC;AAEM,KAAK,UAAU,UAAU,CAC9B,cAAkC,EAClC,YAAgC,EAChC,UAA8B,EAC9B,UAAyB,EACzB,OAAe,EACf,YAAoB,EACpB,MAAc,EACd,YAAoB,EACpB,UAAkB,EAClB,SAAiB,EACjB,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,6BAA6B,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,UAAU,CACzC,cAAc,EACd,YAAY,EACZ,UAAU,EACV,UAAU,EACV,OAAO,EACP,YAAY,EACZ,MAAM,EACN,YAAY,EACZ,UAAU,EACV,SAAS,EACT,MAAM,CAAC,CAAC;IACV,aAAa,CAAC,uBAAuB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACtD,MAAM,CAAC,QAAQ,EAAE,CAAC;IAClB,OAAO,MAAM,CAAC;AAChB,CAAC;AA7BD,gCA6BC;AAEM,KAAK,UAAU,OAAO,CAC3B,MAAc,EACd,MAA0B;IAE1B,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;IAElC,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAE9E,sEAAsE;IACtE,KAAK,IAAI,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;QACrC,yBAAyB;QACzB,MAAM,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;KACvG;IAED,OAAO,MAAM,uCAAuB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AACvD,CAAC;AAfD,0BAeC;AAED,sEAAsE;AACtE,4EAA4E;AAC5E,4EAA4E;AAC5E,6EAA6E;AAC7E,+CAA+C;AACxC,KAAK,UAAU,mBAAmB,CACvC,WAA+B,EAC/B,YAAgC,EAChC,MAA0B,EAC1B,MAAc,EACd,YAA0B;IAE1B,IAAI,MAAc,CAAC;IACnB,IAAI,WAAW,KAAK,SAAS,EAAE;QAC7B,MAAM,GAAG;;;;;;;;;;;;uCAY0B,WAAW;;8BAEpB,WAAW;;;;;;;;gDAQO,CAAC;KAC9C;SAAM;QACL,oEAAoE;QACpE,mFAAmF;QACnF,+EAA+E;QAC/E,kFAAkF;QAClF,6EAA6E;QAC7E,oFAAoF;QACpF,6CAA6C;QAC7C,YAAY,GAAG,YAAY,IAAI,CAAC,CAAC;QACjC,MAAM,GAAG;;;;;;;;4BAQe,YAAY;;;;;;;;;;;;;;;;;gDAiBQ,CAAC;KAC9C;IAED,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,mBAAmB,CAAC,CAAC;IACxE,EAAE,CAAC,aAAa,CAAC,gBAAgB,EAAE,MAAM,CAAC,CAAC;IAE3C,MAAM,IAAI,WAAW,CAAC,UAAU,CAC9B,YAAY,EACZ;QACE,kBAAkB,EAAE,QAAQ;QAC5B,OAAO,EAAE,gBAAgB;QACzB,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE,YAAY,CAAC;KAC7E,EACD,EAAE,GAAG,EAAE,EAAE,4BAA4B,EAAE,YAAY,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;AACzE,CAAC;AAhFD,kDAgFC"}

lib/runner.js

@@ -74,6 +74,25 @@ function parseRef(userInput) {
         return 'refs/heads/' + userInput;
     }
 }
+// Parses the --trace-process-name arg from process.argv, or returns undefined
+function parseTraceProcessName() {
+    for (let i = 0; i < process.argv.length - 1; i++) {
+        if (process.argv[i] === '--trace-process-name') {
+            return process.argv[i + 1];
+        }
+    }
+    return undefined;
+}
+// Parses the --trace-process-level arg from process.argv, or returns undefined
+function parseTraceProcessLevel() {
+    for (let i = 0; i < process.argv.length - 1; i++) {
+        if (process.argv[i] === '--trace-process-level') {
+            const v = parseInt(process.argv[i + 1], 10);
+            return isNaN(v) ? undefined : v;
+        }
+    }
+    return undefined;
+}
 program
     .command('init')
     .description('Initializes CodeQL')
@@ -88,6 +107,9 @@ program
     .option('--tools-dir <dir>', 'Directory to use for CodeQL tools and other files to store between runs. Default is a subdirectory of the home directory.')
     .option('--checkout-path <path>', 'Checkout path. Default is the current working directory.')
     .option('--debug', 'Print more verbose output', false)
+    // This prevents a message like: error: unknown option '--trace-process-level'
+    // Remove this if commander.js starts supporting hidden options.
+    .allowUnknownOption()
     .action(async (cmd) => {
     const logger = logging_1.getRunnerLogger(cmd.debug);
     try {
@@ -109,6 +131,9 @@ program
         if (tracerConfig === undefined) {
             return;
         }
+        if (process.platform === 'win32') {
+            await init_1.injectWindowsTracer(parseTraceProcessName(), parseTraceProcessLevel(), config, codeql, tracerConfig);
+        }
         // Always output a json file of the env that can be consumed programatically
         const jsonEnvFile = path.join(config.tempDir, codeqlEnvJsonFilename);
         fs.writeFileSync(jsonEnvFile, JSON.stringify(tracerConfig.env));
@@ -192,9 +217,10 @@ program
     .requiredOption('--github-url <url>', 'URL of GitHub instance. (Required)')
     .requiredOption('--github-auth <auth>', 'GitHub Apps token or personal access token. (Required)')
     .option('--checkout-path <path>', 'Checkout path. Default is the current working directory.')
-    .option('--no-upload', 'Do not upload results after analysis.', false)
+    .option('--no-upload', 'Do not upload results after analysis.')
     .option('--output-dir <dir>', 'Directory to output SARIF files to. Default is in the temp directory.')
     .option('--ram <ram>', 'Amount of memory to use when running queries. Default is to use all available memory.')
+    .option('--no-add-snippets', 'Specify whether to include code snippets in the sarif output.')
     .option('--threads <threads>', 'Number of threads to use when running queries. ' +
     'Default is to use all available cores.')
     .option('--temp-dir <dir>', 'Directory to use for temporary files. Default is "./codeql-runner".')
@@ -209,7 +235,7 @@ program
             throw new Error("Config file could not be found at expected location. " +
                 "Was the 'init' command run with the same '--temp-dir' argument as this command.");
         }
-        await analyze_1.runAnalyze(repository_1.parseRepositoryNwo(cmd.repository), cmd.commit, parseRef(cmd.ref), undefined, undefined, undefined, cmd.checkoutPath || process.cwd(), undefined, cmd.githubAuth, parseGithubUrl(cmd.githubUrl), cmd.upload, 'runner', outputDir, util_1.getMemoryFlag(cmd.ram), util_1.getThreadsFlag(cmd.threads, logger), config, logger);
+        await analyze_1.runAnalyze(repository_1.parseRepositoryNwo(cmd.repository), cmd.commit, parseRef(cmd.ref), undefined, undefined, undefined, cmd.checkoutPath || process.cwd(), undefined, cmd.githubAuth, parseGithubUrl(cmd.githubUrl), cmd.upload, 'runner', outputDir, util_1.getMemoryFlag(cmd.ram), util_1.getAddSnippetsFlag(cmd.addSnippets), util_1.getThreadsFlag(cmd.threads, logger), config, logger);
     }
     catch (e) {
         logger.error('Analyze failed');

lib/util.js

@@ -321,6 +321,19 @@ function getMemoryFlag(userInput) {
     return "--ram=" + Math.floor(memoryToUseMegaBytes);
 }
 exports.getMemoryFlag = getMemoryFlag;
+/**
+ * Get the codeql flag to specify whether to add code snippets to the sarif file.
+ *
+ * @returns string
+ */
+function getAddSnippetsFlag(userInput) {
+    if (typeof userInput === "string") {
+        // have to process specifically because any non-empty string is truthy
+        userInput = userInput.toLowerCase() === "true";
+    }
+    return userInput ? "--sarif-add-snippets" : "--no-sarif-add-snippets";
+}
+exports.getAddSnippetsFlag = getAddSnippetsFlag;
 /**
  * Get the codeql `--threads` value specified for the `threads` input.
  * If not value was specified, all available threads will be used.

lib/util.test.js

@@ -38,6 +38,14 @@ ava_1.default('getMemoryFlag() throws if the ram input is < 0 or NaN', t => {
         t.throws(() => util.getMemoryFlag(input));
     }
 });
+ava_1.default('getAddSnippetsFlag() should return the correct flag', t => {
+    t.deepEqual(util.getAddSnippetsFlag(true), "--sarif-add-snippets");
+    t.deepEqual(util.getAddSnippetsFlag("true"), "--sarif-add-snippets");
+    t.deepEqual(util.getAddSnippetsFlag(false), "--no-sarif-add-snippets");
+    t.deepEqual(util.getAddSnippetsFlag(undefined), "--no-sarif-add-snippets");
+    t.deepEqual(util.getAddSnippetsFlag("false"), "--no-sarif-add-snippets");
+    t.deepEqual(util.getAddSnippetsFlag("foo bar"), "--no-sarif-add-snippets");
+});
 ava_1.default('getThreadsFlag() should return the correct --threads flag', t => {
     const numCpus = os.cpus().length;
     const tests = {

lib/util.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"util.test.js","sourceRoot":"","sources":["../src/util.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,8CAAuB;AACvB,uCAAyB;AACzB,uCAAyB;AAEzB,uCAA4C;AAC5C,mDAA2C;AAC3C,6CAA+B;AAE/B,0BAAU,CAAC,aAAI,CAAC,CAAC;AAEjB,aAAI,CAAC,cAAc,EAAE,CAAC,CAAC,EAAE;IACvB,MAAM,KAAK,GAAG,EAAE,CAAC,YAAY,CAAC,SAAS,GAAG,mCAAmC,EAAE,MAAM,CAAC,CAAC;IACvF,MAAM,SAAS,GAAG,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;IAC3C,CAAC,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC,+BAA+B,EAAE,QAAQ,CAAC,CAAC,CAAC;AACtE,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,sDAAsD,EAAE,CAAC,CAAC,EAAE;IAE/D,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC;IAE3D,MAAM,KAAK,GAAG;QACZ,EAAE,EAAE,SAAS,QAAQ,GAAG,GAAG,EAAE;QAC7B,KAAK,EAAE,WAAW;KACnB,CAAC;IAEF,KAAK,MAAM,CAAC,KAAK,EAAE,YAAY,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;QACzD,MAAM,IAAI,GAAG,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;QACvC,CAAC,CAAC,SAAS,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;KACjC;AACH,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,uDAAuD,EAAE,CAAC,CAAC,EAAE;IAChE,KAAK,MAAM,KAAK,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,EAAE;QACpC,CAAC,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,CAAC;KAC3C;AACH,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,2DAA2D,EAAE,CAAC,CAAC,EAAE;IAEpE,MAAM,OAAO,GAAG,EAAE,CAAC,IAAI,EAAE,CAAC,MAAM,CAAC;IAEjC,MAAM,KAAK,GAAG;QACZ,GAAG,EAAE,aAAa;QAClB,GAAG,EAAE,aAAa;QAClB,CAAC,GAAG,OAAO,GAAG,CAAC,EAAE,CAAC,EAAE,aAAa,OAAO,EAAE;QAC1C,CAAC,GAAG,CAAC,OAAO,GAAG,CAAC,EAAE,CAAC,EAAE,aAAa,CAAC,OAAO,EAAE;KAC7C,CAAC;IAEF,KAAK,MAAM,CAAC,KAAK,EAAE,YAAY,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;QACzD,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,yBAAe,CAAC,IAAI,CAAC,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;KACjC;AACH,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,gEAAgE,EAAE,CAAC,CAAC,EAAE;IACzE,CAAC,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,cAAc,CAAC,QAAQ,EAAE,yBAAe,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACvE,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,qCAAqC,EAAE,CAAC,CAAC,EAAE;IAC9C,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,EAAE,CAAC;IAC/B,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AACxB,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,6BAA6B,EAAE,CAAC,CAAC,EAAE;IACtC,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC;IAElD,OAAO,CAAC,GAAG,CAAC,gBAAgB,GAAG,EAAE,CAAC;IAClC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC;IAE7B,OAAO,CAAC,GAAG,CAAC,gBAAgB,GAAG,OAAO,CAAC;IACvC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC;IAE7B,OAAO,CAAC,GAAG,CAAC,gBAAgB,GAAG,GAAG,CAAC;IACnC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC;IAE7B,OAAO,CAAC,GAAG,CAAC,gBAAgB,GAAG,MAAM,CAAC;IACtC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC;IAE5B,OAAO,CAAC,GAAG,CAAC,gBAAgB,GAAG,SAAS,CAAC;IACzC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC;IAE5B,OAAO,CAAC,GAAG,CAAC,gBAAgB,GAAG,YAAY,CAAC;AAC9C,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,uCAAuC,EAAE,CAAC,CAAC,EAAE;IAChD,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC;IAElD,OAAO,CAAC,GAAG,CAAC,gBAAgB,GAAG,OAAO,CAAC;IACvC,OAAO,CAAC,GAAG,CAAC,UAAU,GAAG,KAAK,CAAC;IAE/B,IAAI,CAAC,0BAA0B,EAAE,CAAC;IAElC,YAAY;IACZ,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;IAE3C,OAAO,CAAC,GAAG,CAAC,gBAAgB,GAAG,MAAM,CAAC;IAEtC,IAAI,CAAC,0BAA0B,EAAE,CAAC;IAElC,YAAY;IACZ,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;IAE3C,OAAO,CAAC,GAAG,CAAC,UAAU,GAAG,EAAE,CAAC;IAE5B,IAAI,CAAC,0BAA0B,EAAE,CAAC;IAElC,UAAU;IACV,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;IAEnD,OAAO,CAAC,GAAG,CAAC,gBAAgB,GAAG,YAAY,CAAC;AAC9C,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,iFAAiF,EAAE,CAAC,CAAC,EAAE;IAC1F,MAAM,gBAAgB,GAAG,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC;IAEjE,MAAM,OAAO,GAAG,EAAC,GAAG,EAAE,EAAE,EAAC,CAAC;IAE1B,OAAO,CAAC,GAAG,CAAC,2BAA2B,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;IAElE,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,uBAAuB,EAAE,EAAO,OAAO,CAAC,CAAC;IAE1D,OAAO,CAAC,GAAG,CAAC,2BAA2B,GAAG,gBAAgB,CAAC;AAC7D,CAAC,CAAC,CAAC;AAGH,aAAI,CAAC,qDAAqD,EAAE,CAAC,CAAC,EAAE;IAC9D,MAAM,gBAAgB,GAAG,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC;IAEjE,MAAM,OAAO,GAAG,EAAE,QAAQ,EAAE,EAAE,IAAI,EAAE,CAAC,SAAS,CAAC,EAAE,EAAE,CAAC;IACpD,OAAO,CAAC,GAAG,CAAC,2BAA2B;QACrC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;IAE1B,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,uBAAuB,EAAE,EAAE,OAAO,CAAC,CAAC;IAErD,OAAO,CAAC,GAAG,CAAC,2BAA2B,GAAG,gBAAgB,CAAC;AAC7D,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,iDAAiD,EAAE,CAAC,CAAC,EAAE;IAC1D,MAAM,gBAAgB,GAAG,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC;IAEjE,OAAO,CAAC,GAAG,CAAC,2BAA2B,GAAG,kBAAkB,CAAC;IAC7D,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;IAEvC,OAAO,CAAC,GAAG,CAAC,2BAA2B,GAAG,gBAAgB,CAAC;AAC7D,CAAC,CAAC,CAAC"}
+{"version":3,"file":"util.test.js","sourceRoot":"","sources":["../src/util.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,8CAAuB;AACvB,uCAAyB;AACzB,uCAAyB;AAEzB,uCAA4C;AAC5C,mDAA2C;AAC3C,6CAA+B;AAE/B,0BAAU,CAAC,aAAI,CAAC,CAAC;AAEjB,aAAI,CAAC,cAAc,EAAE,CAAC,CAAC,EAAE;IACvB,MAAM,KAAK,GAAG,EAAE,CAAC,YAAY,CAAC,SAAS,GAAG,mCAAmC,EAAE,MAAM,CAAC,CAAC;IACvF,MAAM,SAAS,GAAG,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;IAC3C,CAAC,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC,+BAA+B,EAAE,QAAQ,CAAC,CAAC,CAAC;AACtE,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,sDAAsD,EAAE,CAAC,CAAC,EAAE;IAE/D,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC;IAE3D,MAAM,KAAK,GAAG;QACZ,EAAE,EAAE,SAAS,QAAQ,GAAG,GAAG,EAAE;QAC7B,KAAK,EAAE,WAAW;KACnB,CAAC;IAEF,KAAK,MAAM,CAAC,KAAK,EAAE,YAAY,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;QACzD,MAAM,IAAI,GAAG,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;QACvC,CAAC,CAAC,SAAS,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;KACjC;AACH,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,uDAAuD,EAAE,CAAC,CAAC,EAAE;IAChE,KAAK,MAAM,KAAK,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,EAAE;QACpC,CAAC,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,CAAC;KAC3C;AACH,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,qDAAqD,EAAE,CAAC,CAAC,EAAE;IAE9D,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,EAAE,sBAAsB,CAAC,CAAC;IACnE,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,EAAE,sBAAsB,CAAC,CAAC;IAErE,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,kBAAkB,CAAC,KAAK,CAAC,EAAE,yBAAyB,CAAC,CAAC;IACvE,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,kBAAkB,CAAC,SAAS,CAAC,EAAE,yBAAyB,CAAC,CAAC;IAC3E,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,EAAE,yBAAyB,CAAC,CAAC;IACzE,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,kBAAkB,CAAC,SAAS,CAAC,EAAE,yBAAyB,CAAC,CAAC;AAE7E,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,2DAA2D,EAAE,CAAC,CAAC,EAAE;IAEpE,MAAM,OAAO,GAAG,EAAE,CAAC,IAAI,EAAE,CAAC,MAAM,CAAC;IAEjC,MAAM,KAAK,GAAG;QACZ,GAAG,EAAE,aAAa;QAClB,GAAG,EAAE,aAAa;QAClB,CAAC,GAAG,OAAO,GAAG,CAAC,EAAE,CAAC,EAAE,aAAa,OAAO,EAAE;QAC1C,CAAC,GAAG,CAAC,OAAO,GAAG,CAAC,EAAE,CAAC,EAAE,aAAa,CAAC,OAAO,EAAE;KAC7C,CAAC;IAEF,KAAK,MAAM,CAAC,KAAK,EAAE,YAAY,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;QACzD,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,yBAAe,CAAC,IAAI,CAAC,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;KACjC;AACH,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,gEAAgE,EAAE,CAAC,CAAC,EAAE;IACzE,CAAC,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,cAAc,CAAC,QAAQ,EAAE,yBAAe,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACvE,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,qCAAqC,EAAE,CAAC,CAAC,EAAE;IAC9C,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,EAAE,CAAC;IAC/B,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AACxB,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,6BAA6B,EAAE,CAAC,CAAC,EAAE;IACtC,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC;IAElD,OAAO,CAAC,GAAG,CAAC,gBAAgB,GAAG,EAAE,CAAC;IAClC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC;IAE7B,OAAO,CAAC,GAAG,CAAC,gBAAgB,GAAG,OAAO,CAAC;IACvC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC;IAE7B,OAAO,CAAC,GAAG,CAAC,gBAAgB,GAAG,GAAG,CAAC;IACnC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC;IAE7B,OAAO,CAAC,GAAG,CAAC,gBAAgB,GAAG,MAAM,CAAC;IACtC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC;IAE5B,OAAO,CAAC,GAAG,CAAC,gBAAgB,GAAG,SAAS,CAAC;IACzC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC;IAE5B,OAAO,CAAC,GAAG,CAAC,gBAAgB,GAAG,YAAY,CAAC;AAC9C,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,uCAAuC,EAAE,CAAC,CAAC,EAAE;IAChD,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC;IAElD,OAAO,CAAC,GAAG,CAAC,gBAAgB,GAAG,OAAO,CAAC;IACvC,OAAO,CAAC,GAAG,CAAC,UAAU,GAAG,KAAK,CAAC;IAE/B,IAAI,CAAC,0BAA0B,EAAE,CAAC;IAElC,YAAY;IACZ,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;IAE3C,OAAO,CAAC,GAAG,CAAC,gBAAgB,GAAG,MAAM,CAAC;IAEtC,IAAI,CAAC,0BAA0B,EAAE,CAAC;IAElC,YAAY;IACZ,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;IAE3C,OAAO,CAAC,GAAG,CAAC,UAAU,GAAG,EAAE,CAAC;IAE5B,IAAI,CAAC,0BAA0B,EAAE,CAAC;IAElC,UAAU;IACV,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;IAEnD,OAAO,CAAC,GAAG,CAAC,gBAAgB,GAAG,YAAY,CAAC;AAC9C,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,iFAAiF,EAAE,CAAC,CAAC,EAAE;IAC1F,MAAM,gBAAgB,GAAG,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC;IAEjE,MAAM,OAAO,GAAG,EAAC,GAAG,EAAE,EAAE,EAAC,CAAC;IAE1B,OAAO,CAAC,GAAG,CAAC,2BAA2B,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;IAElE,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,uBAAuB,EAAE,EAAO,OAAO,CAAC,CAAC;IAE1D,OAAO,CAAC,GAAG,CAAC,2BAA2B,GAAG,gBAAgB,CAAC;AAC7D,CAAC,CAAC,CAAC;AAGH,aAAI,CAAC,qDAAqD,EAAE,CAAC,CAAC,EAAE;IAC9D,MAAM,gBAAgB,GAAG,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC;IAEjE,MAAM,OAAO,GAAG,EAAE,QAAQ,EAAE,EAAE,IAAI,EAAE,CAAC,SAAS,CAAC,EAAE,EAAE,CAAC;IACpD,OAAO,CAAC,GAAG,CAAC,2BAA2B;QACrC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;IAE1B,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,uBAAuB,EAAE,EAAE,OAAO,CAAC,CAAC;IAErD,OAAO,CAAC,GAAG,CAAC,2BAA2B,GAAG,gBAAgB,CAAC;AAC7D,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,iDAAiD,EAAE,CAAC,CAAC,EAAE;IAC1D,MAAM,gBAAgB,GAAG,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC;IAEjE,OAAO,CAAC,GAAG,CAAC,2BAA2B,GAAG,kBAAkB,CAAC;IAC7D,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;IAEvC,OAAO,CAAC,GAAG,CAAC,2BAA2B,GAAG,gBAAgB,CAAC;AAC7D,CAAC,CAAC,CAAC"}

src/analyze-action.ts

@@ -50,6 +50,7 @@ async function run() {
       'actions',
       core.getInput('output'),
       util.getMemoryFlag(core.getInput('ram')),
+      util.getAddSnippetsFlag(core.getInput('add-snippets')),
       util.getThreadsFlag(core.getInput('threads'), logger),
       config,
       logger);

src/analyze.ts

@@ -78,6 +78,7 @@ async function finalizeDatabaseCreation(
 async function runQueries(
   sarifFolder: string,
   memoryFlag: string,
+  addSnippetsFlag: string,
   threadsFlag: string,
   config: configUtils.Config,
   logger: Logger): Promise<QueriesStatusReport> {
@@ -102,7 +103,7 @@ async function runQueries(
 
       const sarifFile = path.join(sarifFolder, language + '.sarif');
 
-      await codeql.databaseAnalyze(databasePath, sarifFile, querySuite, memoryFlag, threadsFlag);
+      await codeql.databaseAnalyze(databasePath, sarifFile, querySuite, memoryFlag, addSnippetsFlag, threadsFlag);
 
       logger.debug('SARIF results for database ' + language + ' created at "' + sarifFile + '"');
       logger.endGroup();
@@ -133,6 +134,7 @@ export async function runAnalyze(
   mode: util.Mode,
   outputDir: string,
   memoryFlag: string,
+  addSnippetsFlag: string,
   threadsFlag: string,
   config: configUtils.Config,
   logger: Logger): Promise<AnalysisStatusReport> {
@@ -146,7 +148,7 @@ export async function runAnalyze(
   await finalizeDatabaseCreation(config, logger);
 
   logger.info('Analyzing database');
-  const queriesStats = await runQueries(outputDir, memoryFlag, threadsFlag, config, logger);
+  const queriesStats = await runQueries(outputDir, memoryFlag, addSnippetsFlag, threadsFlag, config, logger);
 
   if (!doUpload) {
     logger.info('Not uploading results');

src/codeql.ts

@@ -81,6 +81,7 @@ export interface CodeQL {
     sarifFile: string,
     querySuite: string,
     memoryFlag: string,
+    addSnippetsFlag: string,
     threadsFlag: string): Promise<void>;
 }
 
@@ -474,6 +475,7 @@ function getCodeQLForCmd(cmd: string): CodeQL {
       sarifFile: string,
       querySuite: string,
       memoryFlag: string,
+      addSnippetsFlag: string,
       threadsFlag: string) {
 
       await new toolrunnner.ToolRunner(cmd, [
@@ -484,7 +486,7 @@ function getCodeQLForCmd(cmd: string): CodeQL {
         databasePath,
         '--format=sarif-latest',
         '--output=' + sarifFile,
-        '--no-sarif-add-snippets',
+        addSnippetsFlag,
         ...getExtraOptionsFromEnv(['database', 'analyze']),
         querySuite
       ]).exec();

src/config-utils.test.ts

@@ -14,6 +14,13 @@ import * as util from './util';
 
 setupTests(test);
 
+// Returns the filepath of the newly-created file
+function createConfigFile(inputFileContents: string, tmpDir: string): string {
+  const configFilePath = path.join(tmpDir, 'input');
+  fs.writeFileSync(configFilePath, inputFileContents, 'utf8');
+  return configFilePath;
+}
+
 type GetContentsResponse = { content?: string; } | {}[];
 
 function mockGetContents(content: GetContentsResponse): sinon.SinonStub<any, any> {
@@ -248,13 +255,12 @@ test("load non-empty input", async t => {
     };
 
     const languages = 'javascript';
-    const configFile = 'input';
-    fs.writeFileSync(path.join(tmpDir, configFile), inputFileContents, 'utf8');
+    const configFilePath = createConfigFile(inputFileContents, tmpDir);
 
     const actualConfig = await configUtils.initConfig(
       languages,
       undefined,
-      configFile,
+      configFilePath,
       { owner: 'github', repo: 'example '},
       tmpDir,
       tmpDir,
@@ -269,7 +275,7 @@ test("load non-empty input", async t => {
   });
 });
 
-test("default queries are used", async t => {
+test("Default queries are used", async t => {
   return await util.withTmpDir(async tmpDir => {
     // Check that the default behaviour is to add the default queries.
     // In this case if a config file is specified but does not include
@@ -303,13 +309,12 @@ test("default queries are used", async t => {
     fs.mkdirSync(path.join(tmpDir, 'foo'));
 
     const languages = 'javascript';
-    const configFile = 'input';
-    fs.writeFileSync(path.join(tmpDir, configFile), inputFileContents, 'utf8');
+    const configFilePath = createConfigFile(inputFileContents, tmpDir);
 
     await configUtils.initConfig(
       languages,
       undefined,
-      configFile,
+      configFilePath,
       { owner: 'github', repo: 'example '},
       tmpDir,
       tmpDir,
@@ -326,6 +331,23 @@ test("default queries are used", async t => {
   });
 });
 
+/**
+ * Returns the provided queries, just in the right format for a resolved query
+ * This way we can test by seeing which returned items are in the final
+ * configuration.
+ */
+function queriesToResolvedQueryForm(queries: string[]) {
+  const dummyResolvedQueries = {};
+  queries.forEach(q => { dummyResolvedQueries[q] = {}; });
+  return {
+    byLanguage: {
+      'javascript': dummyResolvedQueries,
+    },
+    noDeclaredLanguage: {},
+    multipleDeclaredLanguages: {},
+  };
+}
+
 test("Queries can be specified in config file", async t => {
   return await util.withTmpDir(async tmpDir => {
     const inputFileContents = `
@@ -333,8 +355,7 @@ test("Queries can be specified in config file", async t => {
       queries:
         - uses: ./foo`;
 
-    const configFile = path.join(tmpDir, 'input');
-    fs.writeFileSync(configFile, inputFileContents, 'utf8');
+    const configFilePath = createConfigFile(inputFileContents, tmpDir);
 
     fs.mkdirSync(path.join(tmpDir, 'foo'));
 
@@ -342,18 +363,7 @@ test("Queries can be specified in config file", async t => {
     const codeQL = setCodeQL({
       resolveQueries: async function(queries: string[], extraSearchPath: string | undefined) {
         resolveQueriesArgs.push({queries, extraSearchPath});
-        // Return what we're given, just in the right format for a resolved query
-        // This way we can test by seeing which returned items are in the final
-        // configuration.
-        const dummyResolvedQueries = {};
-        queries.forEach(q => { dummyResolvedQueries[q] = {}; });
-        return {
-          byLanguage: {
-            'javascript': dummyResolvedQueries,
-          },
-          noDeclaredLanguage: {},
-          multipleDeclaredLanguages: {},
-        };
+        return queriesToResolvedQueryForm(queries);
       },
     });
 
@@ -362,7 +372,7 @@ test("Queries can be specified in config file", async t => {
     const config = await configUtils.initConfig(
       languages,
       undefined,
-      configFile,
+      configFilePath,
       { owner: 'github', repo: 'example '},
       tmpDir,
       tmpDir,
@@ -393,8 +403,7 @@ test("Queries from config file can be overridden in workflow file", async t => {
       queries:
         - uses: ./foo`;
 
-    const configFile = path.join(tmpDir, 'input');
-    fs.writeFileSync(configFile, inputFileContents, 'utf8');
+    const configFilePath = createConfigFile(inputFileContents, tmpDir);
 
     // This config item should take precedence over the config file but shouldn't affect the default queries.
     const queries = './override';
@@ -406,18 +415,7 @@ test("Queries from config file can be overridden in workflow file", async t => {
     const codeQL = setCodeQL({
       resolveQueries: async function(queries: string[], extraSearchPath: string | undefined) {
         resolveQueriesArgs.push({queries, extraSearchPath});
-        // Return what we're given, just in the right format for a resolved query
-        // This way we can test overriding by seeing which returned items are in
-        // the final configuration.
-        const dummyResolvedQueries = {};
-        queries.forEach(q => { dummyResolvedQueries[q] = {}; });
-        return {
-          byLanguage: {
-            'javascript': dummyResolvedQueries,
-          },
-          noDeclaredLanguage: {},
-          multipleDeclaredLanguages: {},
-        };
+        return queriesToResolvedQueryForm(queries);
       },
     });
 
@@ -426,7 +424,7 @@ test("Queries from config file can be overridden in workflow file", async t => {
     const config = await configUtils.initConfig(
       languages,
       queries,
-      configFile,
+      configFilePath,
       { owner: 'github', repo: 'example '},
       tmpDir,
       tmpDir,
@@ -450,6 +448,55 @@ test("Queries from config file can be overridden in workflow file", async t => {
   });
 });
 
+test("Queries in workflow file can be used in tandem with the 'disable default queries' option", async t => {
+  return await util.withTmpDir(async tmpDir => {
+    process.env['RUNNER_TEMP'] = tmpDir;
+    process.env['GITHUB_WORKSPACE'] = tmpDir;
+
+    const inputFileContents = `
+      name: my config
+      disable-default-queries: true`;
+    const configFilePath = createConfigFile(inputFileContents, tmpDir);
+
+    const queries = './workflow-query';
+    fs.mkdirSync(path.join(tmpDir, 'workflow-query'));
+
+    const resolveQueriesArgs: {queries: string[], extraSearchPath: string | undefined}[] = [];
+    const codeQL = setCodeQL({
+      resolveQueries: async function(queries: string[], extraSearchPath: string | undefined) {
+        resolveQueriesArgs.push({queries, extraSearchPath});
+        return queriesToResolvedQueryForm(queries);
+      },
+    });
+
+    const languages = 'javascript';
+
+    const config = await configUtils.initConfig(
+      languages,
+      queries,
+      configFilePath,
+      { owner: 'github', repo: 'example '},
+      tmpDir,
+      tmpDir,
+      codeQL,
+      tmpDir,
+      'token',
+      'https://github.example.com',
+      getRunnerLogger(true));
+
+    // Check resolveQueries was called correctly
+    // It'll be called once for `./workflow-query`,
+    // but won't be called for the default one since that was disabled
+    t.deepEqual(resolveQueriesArgs.length, 1);
+    t.deepEqual(resolveQueriesArgs[0].queries.length, 1);
+    t.regex(resolveQueriesArgs[0].queries[0], /.*\/workflow-query$/);
+
+    // Now check that the end result contains only the workflow query, and not the default one
+    t.deepEqual(config.queries['javascript'].length, 1);
+    t.regex(config.queries['javascript'][0], /.*\/workflow-query$/);
+  });
+});
+
 test("Multiple queries can be specified in workflow file, no config file required", async t => {
   return await util.withTmpDir(async tmpDir => {
     fs.mkdirSync(path.join(tmpDir, 'override1'));
@@ -461,18 +508,7 @@ test("Multiple queries can be specified in workflow file, no config file require
     const codeQL = setCodeQL({
       resolveQueries: async function(queries: string[], extraSearchPath: string | undefined) {
         resolveQueriesArgs.push({queries, extraSearchPath});
-        // Return what we're given, just in the right format for a resolved query
-        // This way we can test overriding by seeing which returned items are in
-        // the final configuration.
-        const dummyResolvedQueries = {};
-        queries.forEach(q => { dummyResolvedQueries[q] = {}; });
-        return {
-          byLanguage: {
-            'javascript': dummyResolvedQueries,
-          },
-          noDeclaredLanguage: {},
-          multipleDeclaredLanguages: {},
-        };
+        return queriesToResolvedQueryForm(queries);
       },
     });
 
@@ -508,6 +544,68 @@ test("Multiple queries can be specified in workflow file, no config file require
   });
 });
 
+test("Queries in workflow file can be added to the set of queries without overriding config file", async t => {
+  return await util.withTmpDir(async tmpDir => {
+    process.env['RUNNER_TEMP'] = tmpDir;
+    process.env['GITHUB_WORKSPACE'] = tmpDir;
+
+    const inputFileContents = `
+      name: my config
+      queries:
+        - uses: ./foo`;
+    const configFilePath = createConfigFile(inputFileContents, tmpDir);
+
+    // These queries shouldn't override anything, because the value is prefixed with "+"
+    const queries = '+./additional1,./additional2';
+
+    fs.mkdirSync(path.join(tmpDir, 'foo'));
+    fs.mkdirSync(path.join(tmpDir, 'additional1'));
+    fs.mkdirSync(path.join(tmpDir, 'additional2'));
+
+    const resolveQueriesArgs: {queries: string[], extraSearchPath: string | undefined}[] = [];
+    const codeQL = setCodeQL({
+      resolveQueries: async function(queries: string[], extraSearchPath: string | undefined) {
+        resolveQueriesArgs.push({queries, extraSearchPath});
+        return queriesToResolvedQueryForm(queries);
+      },
+    });
+
+    const languages = 'javascript';
+
+    const config = await configUtils.initConfig(
+      languages,
+      queries,
+      configFilePath,
+      { owner: 'github', repo: 'example '},
+      tmpDir,
+      tmpDir,
+      codeQL,
+      tmpDir,
+      'token',
+      'https://github.example.com',
+      getRunnerLogger(true));
+
+    // Check resolveQueries was called correctly
+    // It'll be called once for the default queries,
+    // once for each of additional1 and additional2,
+    // and once for './foo' from the config file
+    t.deepEqual(resolveQueriesArgs.length, 4);
+    t.deepEqual(resolveQueriesArgs[1].queries.length, 1);
+    t.regex(resolveQueriesArgs[1].queries[0], /.*\/additional1$/);
+    t.deepEqual(resolveQueriesArgs[2].queries.length, 1);
+    t.regex(resolveQueriesArgs[2].queries[0], /.*\/additional2$/);
+    t.deepEqual(resolveQueriesArgs[3].queries.length, 1);
+    t.regex(resolveQueriesArgs[3].queries[0], /.*\/foo$/);
+
+    // Now check that the end result contains all the queries
+    t.deepEqual(config.queries['javascript'].length, 4);
+    t.regex(config.queries['javascript'][0], /javascript-code-scanning.qls$/);
+    t.regex(config.queries['javascript'][1], /.*\/additional1$/);
+    t.regex(config.queries['javascript'][2], /.*\/additional2$/);
+    t.regex(config.queries['javascript'][3], /.*\/foo$/);
+  });
+});
+
 test("Invalid queries in workflow file handled correctly", async t => {
   return await util.withTmpDir(async tmpDir => {
     const queries = 'foo/bar@v1@v3';

src/config-utils.ts

@@ -539,10 +539,6 @@ async function getLanguages(
   return parsedLanguages;
 }
 
-/**
- * Returns true if queries were provided in the workflow file
- * (and thus added), otherwise false
- */
 async function addQueriesFromWorkflow(
   codeQL: CodeQL,
   queriesInput: string,
@@ -553,6 +549,10 @@ async function addQueriesFromWorkflow(
   githubUrl: string,
   logger: Logger) {
 
+  queriesInput = queriesInput.trim();
+  // "+" means "don't override config file" - see shouldAddConfigFileQueries
+  queriesInput = queriesInput.replace(/^\+/, '');
+
   for (const query of queriesInput.split(',')) {
     await parseQueryUses(
       languages,
@@ -566,6 +566,18 @@ async function addQueriesFromWorkflow(
   }
 }
 
+// Returns true if either no queries were provided in the workflow.
+// or if the queries in the workflow were provided in "additive" mode,
+// indicating that they shouldn't override the config queries but
+// should instead be added in addition
+function shouldAddConfigFileQueries(queriesInput: string | undefined): boolean {
+  if (queriesInput) {
+    return queriesInput.trimStart().substr(0, 1) === '+';
+  }
+
+  return true;
+}
+
 /**
  * Get the default config for when the user has not supplied one.
  */
@@ -677,6 +689,8 @@ async function loadConfig(
 
   // If queries were provided using `with` in the action configuration,
   // they should take precedence over the queries in the config file
+  // unless they're prefixed with "+", in which case they supplement those
+  // in the config file.
   if (queriesInput) {
     await addQueriesFromWorkflow(
       codeQL,
@@ -687,7 +701,8 @@ async function loadConfig(
       checkoutPath,
       githubUrl,
       logger);
-  } else if (QUERIES_PROPERTY in parsedYAML) {
+  }
+  if (shouldAddConfigFileQueries(queriesInput) && QUERIES_PROPERTY in parsedYAML) {
     if (!(parsedYAML[QUERIES_PROPERTY] instanceof Array)) {
       throw new Error(getQueriesInvalid(configFile));
     }

src/external-queries.test.ts

@@ -1,3 +1,4 @@
+import * as toolrunnner from '@actions/exec/lib/toolrunner';
 import test from 'ava';
 import * as fs from "fs";
 import * as path from "path";
@@ -11,15 +12,86 @@ setupTests(test);
 
 test("checkoutExternalQueries", async t => {
   await util.withTmpDir(async tmpDir => {
-    const ref = "df4c6869212341b601005567381944ed90906b6b";
+    // Create a test repo in a subdir of the temp dir.
+    // It should have a default branch with two commits after the initial commit, where
+    // - the first commit contains files 'a' and 'b'
+    // - the second commit contains only 'a'
+    // Place the repo in a subdir because we're going to checkout a copy in tmpDir
+    const testRepoBaseDir = path.join(tmpDir, 'test-repo-dir');
+    const repoName = 'some/repo';
+    const repoPath = path.join(testRepoBaseDir, repoName);
+    const repoGitDir = path.join(repoPath, '.git');
+
+    // Run the given git command, and return the output.
+    // Passes --git-dir and --work-tree.
+    // Any stderr output is suppressed until the command fails.
+    const runGit = async function(command: string[]): Promise<string> {
+      let stdout = '';
+      let stderr = '';
+      command = [`--git-dir=${repoGitDir}`, `--work-tree=${repoPath}`, ...command];
+      console.log('Running: git ' + command.join(' '));
+      try {
+        await new toolrunnner.ToolRunner('git', command, {
+          silent: true,
+          listeners: {
+            stdout: (data) => { stdout += data.toString(); },
+            stderr: (data) => { stderr += data.toString(); },
+          }
+        }).exec();
+      } catch (e) {
+        console.log('Command failed: git ' + command.join(' '));
+        process.stderr.write(stderr);
+        throw e;
+      }
+      return stdout.trim();
+    };
+
+    fs.mkdirSync(repoPath, { recursive: true });
+    await runGit(['init', repoPath]);
+    await runGit(['config', 'user.email', 'test@github.com']);
+    await runGit(['config', 'user.name', 'Test Test']);
+
+    fs.writeFileSync(path.join(repoPath, 'a'), 'a content');
+    await runGit(['add', 'a']);
+    await runGit(['commit', '-m', 'commit1']);
+
+    fs.writeFileSync(path.join(repoPath, 'b'), 'b content');
+    await runGit(['add', 'b']);
+    await runGit(['commit', '-m', 'commit1']);
+    const commit1Sha = await runGit(['rev-parse', 'HEAD']);
+
+    fs.unlinkSync(path.join(repoPath, 'b'));
+    await runGit(['add', 'b']);
+    await runGit(['commit', '-m', 'commit2']);
+    const commit2Sha = await runGit(['rev-parse', 'HEAD']);
+
+
+
+    // Checkout the first commit, which should contain 'a' and 'b'
+    t.false(fs.existsSync(path.join(tmpDir, repoName)));
     await externalQueries.checkoutExternalRepository(
-      "github/codeql-go",
-      ref,
-      'https://github.com',
+      repoName,
+      commit1Sha,
+      `file://${testRepoBaseDir}`,
       tmpDir,
       getRunnerLogger(true));
+    t.true(fs.existsSync(path.join(tmpDir, repoName)));
+    t.true(fs.existsSync(path.join(tmpDir, repoName, commit1Sha)));
+    t.true(fs.existsSync(path.join(tmpDir, repoName, commit1Sha, 'a')));
+    t.true(fs.existsSync(path.join(tmpDir, repoName, commit1Sha, 'b')));
 
-    // COPYRIGHT file existed in df4c6869212341b601005567381944ed90906b6b but not in the default branch
-    t.true(fs.existsSync(path.join(tmpDir, "github", "codeql-go", ref, "COPYRIGHT")));
+
+
+    // Checkout the second commit as well, which should only contain 'a'
+    t.false(fs.existsSync(path.join(tmpDir, repoName, commit2Sha)));
+    await externalQueries.checkoutExternalRepository(
+      repoName,
+      commit2Sha,
+      `file://${testRepoBaseDir}`,
+      tmpDir,
+      getRunnerLogger(true));
+    t.true(fs.existsSync(path.join(tmpDir, repoName, commit2Sha)));
+    t.true(fs.existsSync(path.join(tmpDir, repoName, commit2Sha, 'a')));
+    t.false(fs.existsSync(path.join(tmpDir, repoName, commit2Sha, 'b')));
   });
 });

src/external-queries.ts

@@ -24,7 +24,7 @@ export async function checkoutExternalRepository(
   }
 
   if (!fs.existsSync(checkoutLocation)) {
-    const repoURL = githubUrl + '/' + repository + '.git';
+    const repoURL = githubUrl + '/' + repository;
     await new toolrunnner.ToolRunner('git', ['clone', repoURL, checkoutLocation]).exec();
     await new toolrunnner.ToolRunner('git', [
       '--work-tree=' + checkoutLocation,

src/fingerprints.test.ts

@@ -111,6 +111,20 @@ test('hash', (t: ava.Assertions) => {
       "cc97dc7b1d7d8f7b:1",
       "c129715d7a2bc9a3:1"
     ]);
+
+  testHash(
+    t,
+    "x = 2\nx = 1\nprint(x)\nx = 3\nprint(x)\nx = 4\nprint(x)\n",
+    [
+      "e54938cc54b302f1:1",
+      "bb609acbe9138d60:1",
+      "1131fd5871777f34:1",
+      "5c482a0f8b35ea28:1",
+      "54517377da7028d2:1",
+      "2c644846cb18d53e:1",
+      "f1b89f20de0d133:1",
+      "c129715d7a2bc9a3:1"
+    ]);
 });
 
 function testResolveUriToFile(uri: any, index: any, artifactsURIs: any[]) {

src/init-action.ts

@@ -2,7 +2,7 @@ import * as core from '@actions/core';
 
 import { CodeQL } from './codeql';
 import * as configUtils from './config-utils';
-import { initCodeQL, initConfig, runInit } from './init';
+import { initCodeQL, initConfig, injectWindowsTracer, runInit } from './init';
 import { getActionsLogger } from './logging';
 import { parseRepositoryNwo } from './repository';
 import * as util from './util';
@@ -102,6 +102,10 @@ async function run() {
     const tracerConfig = await runInit(codeql, config);
     if (tracerConfig !== undefined) {
       Object.entries(tracerConfig.env).forEach(([key, value]) => core.exportVariable(key, value));
+
+      if (process.platform === 'win32') {
+        await injectWindowsTracer('Runner.Worker.exe', undefined, config, codeql, tracerConfig);
+      }
     }
 
   } catch (error) {

src/init.ts

@@ -78,27 +78,92 @@ export async function runInit(
     await codeql.databaseInit(util.getCodeQLDatabasePath(config.tempDir, language), language, sourceRoot);
   }
 
-  const tracerConfig = await getCombinedTracerConfig(config, codeql);
-  if (tracerConfig !== undefined && process.platform === 'win32') {
-    const injectTracerPath = path.join(config.tempDir, 'inject-tracer.ps1');
-    fs.writeFileSync(injectTracerPath, `
+  return await getCombinedTracerConfig(config, codeql);
+}
+
+// Runs a powershell script to inject the tracer into a parent process
+// so it can tracer future processes, hopefully including the build process.
+// If processName is given then injects into the nearest parent process with
+// this name, otherwise uses the processLevel-th parent if defined, otherwise
+// defaults to the 3rd parent as a rough guess.
+export async function injectWindowsTracer(
+  processName: string | undefined,
+  processLevel: number | undefined,
+  config: configUtils.Config,
+  codeql: CodeQL,
+  tracerConfig: TracerConfig) {
+
+  let script: string;
+  if (processName !== undefined) {
+    script = `
       Param(
           [Parameter(Position=0)]
           [String]
           $tracer
       )
-      Get-Process -Name Runner.Worker
-      $process=Get-Process -Name Runner.Worker
-      $id=$process.Id
-      Invoke-Expression "&$tracer --inject=$id"`);
 
-    await new toolrunnner.ToolRunner(
-      'powershell',
-      [
-        injectTracerPath,
-        path.resolve(path.dirname(codeql.getPath()), 'tools', 'win64', 'tracer.exe'),
-      ],
-      { env: { 'ODASA_TRACER_CONFIGURATION': tracerConfig.spec } }).exec();
+      $id = $PID
+      while ($true) {
+        $p = Get-CimInstance -Class Win32_Process -Filter "ProcessId = $id"
+        Write-Host "Found process: $p"
+        if ($p -eq $null) {
+          throw "Could not determine ${processName} process"
+        }
+        if ($p[0].Name -eq "${processName}") {
+          Break
+        } else {
+          $id = $p[0].ParentProcessId
+        }
+      }
+      Write-Host "Final process: $p"
+
+      Invoke-Expression "&$tracer --inject=$id"`;
+  } else {
+    // If the level is not defined then guess at the 3rd parent process.
+    // This won't be correct in every setting but it should be enough in most settings,
+    // and overestimating is likely better in this situation so we definitely trace
+    // what we want, though this does run the risk of interfering with future CI jobs.
+    // Note that the default of 3 doesn't work on github actions, so we include a
+    // special case in the script that checks for Runner.Worker.exe so we can still work
+    // on actions if the runner is invoked there.
+    processLevel = processLevel || 3;
+    script = `
+      Param(
+          [Parameter(Position=0)]
+          [String]
+          $tracer
+      )
+
+      $id = $PID
+      for ($i = 0; $i -le ${processLevel}; $i++) {
+        $p = Get-CimInstance -Class Win32_Process -Filter "ProcessId = $id"
+        Write-Host "Parent process \${i}: $p"
+        if ($p -eq $null) {
+          throw "Process tree ended before reaching required level"
+        }
+        # Special case just in case the runner is used on actions
+        if ($p[0].Name -eq "Runner.Worker.exe") {
+          Write-Host "Found Runner.Worker.exe process which means we are running on GitHub Actions"
+          Write-Host "Aborting search early and using process: $p"
+          Break
+        } else {
+          $id = $p[0].ParentProcessId
+        }
+      }
+      Write-Host "Final process: $p"
+
+      Invoke-Expression "&$tracer --inject=$id"`;
   }
-  return tracerConfig;
+
+  const injectTracerPath = path.join(config.tempDir, 'inject-tracer.ps1');
+  fs.writeFileSync(injectTracerPath, script);
+
+  await new toolrunnner.ToolRunner(
+    'powershell',
+    [
+      '-ExecutionPolicy', 'Bypass',
+      '-file', injectTracerPath,
+      path.resolve(path.dirname(codeql.getPath()), 'tools', 'win64', 'tracer.exe'),
+    ],
+    { env: { 'ODASA_TRACER_CONFIGURATION': tracerConfig.spec } }).exec();
 }

src/runner.ts

@@ -7,12 +7,12 @@ import { runAnalyze } from './analyze';
 import { determineAutobuildLanguage, runAutobuild } from './autobuild';
 import { CodeQL, getCodeQL } from './codeql';
 import { Config, getConfig } from './config-utils';
-import { initCodeQL, initConfig, runInit } from './init';
+import { initCodeQL, initConfig, injectWindowsTracer, runInit } from './init';
 import { Language, parseLanguage } from './languages';
 import { getRunnerLogger } from './logging';
 import { parseRepositoryNwo } from './repository';
 import * as upload_lib from './upload-lib';
-import { getMemoryFlag, getThreadsFlag } from './util';
+import { getAddSnippetsFlag, getMemoryFlag, getThreadsFlag } from './util';
 
 const program = new Command();
 program.version('0.0.1');
@@ -76,6 +76,27 @@ function parseRef(userInput: string): string {
   }
 }
 
+// Parses the --trace-process-name arg from process.argv, or returns undefined
+function parseTraceProcessName(): string | undefined {
+  for (let i = 0; i < process.argv.length - 1; i++) {
+    if (process.argv[i] === '--trace-process-name') {
+      return process.argv[i + 1];
+    }
+  }
+  return undefined;
+}
+
+// Parses the --trace-process-level arg from process.argv, or returns undefined
+function parseTraceProcessLevel(): number | undefined {
+  for (let i = 0; i < process.argv.length - 1; i++) {
+    if (process.argv[i] === '--trace-process-level') {
+      const v = parseInt(process.argv[i + 1], 10);
+      return isNaN(v) ? undefined : v;
+    }
+  }
+  return undefined;
+}
+
 interface InitArgs {
   languages: string | undefined;
   queries: string | undefined;
@@ -104,6 +125,9 @@ program
   .option('--tools-dir <dir>', 'Directory to use for CodeQL tools and other files to store between runs. Default is a subdirectory of the home directory.')
   .option('--checkout-path <path>', 'Checkout path. Default is the current working directory.')
   .option('--debug', 'Print more verbose output', false)
+  // This prevents a message like: error: unknown option '--trace-process-level'
+  // Remove this if commander.js starts supporting hidden options.
+  .allowUnknownOption()
   .action(async (cmd: InitArgs) => {
     const logger = getRunnerLogger(cmd.debug);
     try {
@@ -147,6 +171,15 @@ program
         return;
       }
 
+      if (process.platform === 'win32') {
+        await injectWindowsTracer(
+          parseTraceProcessName(),
+          parseTraceProcessLevel(),
+          config,
+          codeql,
+          tracerConfig);
+      }
+
       // Always output a json file of the env that can be consumed programatically
       const jsonEnvFile = path.join(config.tempDir, codeqlEnvJsonFilename);
       fs.writeFileSync(jsonEnvFile, JSON.stringify(tracerConfig.env));
@@ -241,6 +274,7 @@ interface AnalyzeArgs {
   upload: boolean;
   outputDir: string | undefined;
   ram: string | undefined;
+  addSnippets: boolean;
   threads: string | undefined;
   tempDir: string | undefined;
   debug: boolean;
@@ -255,9 +289,10 @@ program
   .requiredOption('--github-url <url>', 'URL of GitHub instance. (Required)')
   .requiredOption('--github-auth <auth>', 'GitHub Apps token or personal access token. (Required)')
   .option('--checkout-path <path>', 'Checkout path. Default is the current working directory.')
-  .option('--no-upload', 'Do not upload results after analysis.', false)
+  .option('--no-upload', 'Do not upload results after analysis.')
   .option('--output-dir <dir>', 'Directory to output SARIF files to. Default is in the temp directory.')
   .option('--ram <ram>', 'Amount of memory to use when running queries. Default is to use all available memory.')
+  .option('--no-add-snippets', 'Specify whether to include code snippets in the sarif output.')
   .option('--threads <threads>', 'Number of threads to use when running queries. ' +
     'Default is to use all available cores.')
   .option('--temp-dir <dir>', 'Directory to use for temporary files. Default is "./codeql-runner".')
@@ -287,6 +322,7 @@ program
         'runner',
         outputDir,
         getMemoryFlag(cmd.ram),
+        getAddSnippetsFlag(cmd.addSnippets),
         getThreadsFlag(cmd.threads, logger),
         config,
         logger);

src/util.test.ts

@@ -35,6 +35,18 @@ test('getMemoryFlag() throws if the ram input is < 0 or NaN', t => {
   }
 });
 
+test('getAddSnippetsFlag() should return the correct flag', t => {
+
+  t.deepEqual(util.getAddSnippetsFlag(true), "--sarif-add-snippets");
+  t.deepEqual(util.getAddSnippetsFlag("true"), "--sarif-add-snippets");
+
+  t.deepEqual(util.getAddSnippetsFlag(false), "--no-sarif-add-snippets");
+  t.deepEqual(util.getAddSnippetsFlag(undefined), "--no-sarif-add-snippets");
+  t.deepEqual(util.getAddSnippetsFlag("false"), "--no-sarif-add-snippets");
+  t.deepEqual(util.getAddSnippetsFlag("foo bar"), "--no-sarif-add-snippets");
+
+});
+
 test('getThreadsFlag() should return the correct --threads flag', t => {
 
   const numCpus = os.cpus().length;

src/util.ts

@@ -386,6 +386,19 @@ export function getMemoryFlag(userInput: string | undefined): string {
   return "--ram=" + Math.floor(memoryToUseMegaBytes);
 }
 
+/**
+ * Get the codeql flag to specify whether to add code snippets to the sarif file.
+ *
+ * @returns string
+ */
+export function getAddSnippetsFlag(userInput: string | boolean | undefined): string {
+  if (typeof userInput === "string") {
+    // have to process specifically because any non-empty string is truthy
+    userInput = userInput.toLowerCase() === "true";
+  }
+  return userInput ?  "--sarif-add-snippets" : "--no-sarif-add-snippets";
+}
+
 /**
  * Get the codeql `--threads` value specified for the `threads` input.
  * If not value was specified, all available threads will be used.

tests/multi-language-repo/csharp.csproj

@@ -4,6 +4,7 @@
     <OutputType>Exe</OutputType>
     <TargetFramework>netcoreapp3.1</TargetFramework>
     <RootNamespace>multi_language_test</RootNamespace>
+    <DefaultItemExcludes>$(DefaultItemExcludes);codeql-runner/**</DefaultItemExcludes>
   </PropertyGroup>
 
 </Project>