robojerk/codeql-action

add example regex match for stdout/err string

Browse source
This commit is contained in:
Nick Fyson 2020-08-24 20:49:58 +01:00
parent 45e00a8e6a
commit cd22abcda8
7 changed files with 231 additions and 161 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/cli.yml vendored
View file

@ -1,6 +1,6 @@
name: "CodeScanning CLI"
on: [push, pull_request]
on: [pull_request]
jobs:
build:

2
.github/workflows/codeql.yml vendored
View file

@ -1,6 +1,6 @@
name: "CodeQL action"
on: [push, pull_request]
on: [pull_request]
jobs:
build:

323
.github/workflows/integration-testing.yml vendored
View file

@ -3,150 +3,191 @@ name: "Integration Testing"
on: [push, pull_request]
jobs:
multi-language-repo_test-autodetect-languages:
# multi-language-repo_test-autodetect-languages:
# runs-on: ubuntu-latest
# steps:
# - uses: actions/checkout@v2
# - name: Move codeql-action
# shell: bash
# run: |
# mkdir ../action
# mv * .github ../action/
# mv ../action/tests/multi-language-repo/{*,.github} .
# - uses: ./../action/init
# - name: Build code
# shell: bash
# run: ./build.sh
# - uses: ./../action/analyze
# env:
# TEST_MODE: true
# - run: |
# cd "$RUNNER_TEMP/codeql_databases"
# # List all directories as there will be precisely one directory per database
# # but there may be other files in this directory such as query suites.
# if [ "$(ls -d */ | wc -l)" != 6 ] || \
# [[ ! -d cpp ]] || \
# [[ ! -d csharp ]] || \
# [[ ! -d go ]] || \
# [[ ! -d java ]] || \
# [[ ! -d javascript ]] || \
# [[ ! -d python ]]; then
# echo "Did not find expected number of databases. Database dir contains: $(ls)"
# exit 1
# fi
# multi-language-repo_test-custom-queries-and-remote-config:
# strategy:
# fail-fast: false
# matrix:
# os: [ubuntu-latest, windows-latest, macos-latest]
# runs-on: ${{ matrix.os }}
# steps:
# - uses: actions/checkout@v2
# - name: Move codeql-action
# shell: bash
# run: |
# mkdir ../action
# mv * .github ../action/
# mv ../action/tests/multi-language-repo/{*,.github} .
# - uses: ./../action/init
# with:
# languages: cpp,csharp,java,javascript,python
# config-file: github/codeql-action/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ github.sha }}
# - name: Build code
# shell: bash
# run: ./build.sh
# - uses: ./../action/analyze
# env:
# TEST_MODE: true
# # Currently is not possible to analyze Go in conjunction with other languages in macos
# multi-language-repo_test-go-custom-queries:
# strategy:
# fail-fast: false
# matrix:
# os: [ubuntu-latest, windows-latest, macos-latest]
# runs-on: ${{ matrix.os }}
# steps:
# - uses: actions/setup-go@v2
# if: ${{ matrix.os == 'macos-latest' }}
# with:
# go-version: '^1.13.1'
# - uses: actions/checkout@v2
# - name: Move codeql-action
# shell: bash
# run: |
# mkdir ../action
# mv * .github ../action/
# mv ../action/tests/multi-language-repo/{*,.github} .
# - uses: ./../action/init
# with:
# languages: go
# config-file: ./.github/codeql/custom-queries.yml
# - name: Build code
# shell: bash
# run: ./build.sh
# - uses: ./../action/analyze
# env:
# TEST_MODE: true
# multi-language-repo_rubocop:
# runs-on: ubuntu-latest
# steps:
# - uses: actions/checkout@v2
# - name: Move codeql-action
# shell: bash
# run: |
# mkdir ../action
# mv * .github ../action/
# mv ../action/tests/multi-language-repo/{*,.github} .
# - name: Set up Ruby
# uses: ruby/setup-ruby@v1
# with:
# ruby-version: 2.6
# - name: Install Code Scanning integration
# run: bundle add code-scanning-rubocop --version 0.3.0 --skip-install
# - name: Install dependencies
# run: bundle install
# - name: Rubocop run
# run: |
# bash -c "
# bundle exec rubocop --require code_scanning --format CodeScanning::SarifFormatter -o rubocop.sarif
# [[ $? -ne 2 ]]
# "
# - uses: ./../action/upload-sarif
# with:
# sarif_file: rubocop.sarif
# env:
# TEST_MODE: true
# test-proxy:
# runs-on: ubuntu-latest
# container:
# image: ubuntu:18.04
# options: --dns 127.0.0.1
# services:
# squid-proxy:
# image: datadog/squid:latest
# ports:
# - 3128:3128
# env:
# https_proxy: http://squid-proxy:3128
# steps:
# - uses: actions/checkout@v2
# - name: Move codeql-action
# shell: bash
# run: |
# mkdir ../action
# mv * .github ../action/
# mv ../action/tests/multi-language-repo/{*,.github} .
# - uses: ./../action/init
# with:
# languages: javascript
# - uses: ./../action/analyze
# env:
# TEST_MODE: true
# Test the behaviour when asked to scan a compiled language but no code is compiled
java:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Move codeql-action
shell: bash
run: |
mkdir ../action
mv * .github ../action/
mv ../action/tests/multi-language-repo/{*,.github} .
- uses: ./../action/init
- name: Build code
shell: bash
run: ./build.sh
- uses: ./../action/analyze
env:
TEST_MODE: true
- run: |
cd "$RUNNER_TEMP/codeql_databases"
# List all directories as there will be precisely one directory per database
# but there may be other files in this directory such as query suites.
if [ "$(ls -d */ | wc -l)" != 6 ] || \
[[ ! -d cpp ]] || \
[[ ! -d csharp ]] || \
[[ ! -d go ]] || \
[[ ! -d java ]] || \
[[ ! -d javascript ]] || \
[[ ! -d python ]]; then
echo "Did not find expected number of databases. Database dir contains: $(ls)"
exit 1
fi
multi-language-repo_test-custom-queries-and-remote-config:
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, windows-latest, macos-latest]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v2
- name: Move codeql-action
shell: bash
run: |
mkdir ../action
mv * .github ../action/
mv ../action/tests/multi-language-repo/{*,.github} .
- uses: ./../action/init
with:
languages: cpp,csharp,java,javascript,python
config-file: github/codeql-action/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ github.sha }}
- name: Build code
shell: bash
run: ./build.sh
- uses: ./../action/analyze
env:
TEST_MODE: true
# Currently is not possible to analyze Go in conjunction with other languages in macos
multi-language-repo_test-go-custom-queries:
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, windows-latest, macos-latest]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/setup-go@v2
if: ${{ matrix.os == 'macos-latest' }}
with:
go-version: '^1.13.1'
- uses: actions/checkout@v2
- name: Move codeql-action
shell: bash
run: |
mkdir ../action
mv * .github ../action/
mv ../action/tests/multi-language-repo/{*,.github} .
- uses: ./../action/init
with:
languages: go
config-file: ./.github/codeql/custom-queries.yml
- name: Build code
shell: bash
run: ./build.sh
- uses: ./../action/analyze
env:
TEST_MODE: true
multi-language-repo_rubocop:
- uses: actions/checkout@v2
- name: Move codeql-action
shell: bash
run: |
mkdir ../action
shopt -s dotglob
mv * ../action/
# Do not copy anything back, so there's nothing left to scan
- uses: ./../action/init
with:
languages: java
- uses: ./../action/analyze
env:
TEST_MODE: true
# Test the behaviour when asked to scan a non-compiled language but there is no code to scan
javascript:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Move codeql-action
shell: bash
run: |
mkdir ../action
mv * .github ../action/
mv ../action/tests/multi-language-repo/{*,.github} .
- name: Set up Ruby
uses: ruby/setup-ruby@v1
with:
ruby-version: 2.6
- name: Install Code Scanning integration
run: bundle add code-scanning-rubocop --version 0.3.0 --skip-install
- name: Install dependencies
run: bundle install
- name: Rubocop run
run: |
bash -c "
bundle exec rubocop --require code_scanning --format CodeScanning::SarifFormatter -o rubocop.sarif
[[ $? -ne 2 ]]
"
- uses: ./../action/upload-sarif
with:
sarif_file: rubocop.sarif
env:
TEST_MODE: true
test-proxy:
runs-on: ubuntu-latest
container:
image: ubuntu:18.04
options: --dns 127.0.0.1
services:
squid-proxy:
image: datadog/squid:latest
ports:
- 3128:3128
env:
https_proxy: http://squid-proxy:3128
steps:
- uses: actions/checkout@v2
- name: Move codeql-action
shell: bash
run: |
mkdir ../action
mv * .github ../action/
mv ../action/tests/multi-language-repo/{*,.github} .
- uses: ./../action/init
with:
languages: javascript
- uses: ./../action/analyze
env:
TEST_MODE: true
- uses: actions/checkout@v2
- name: Move codeql-action
shell: bash
run: |
mkdir ../action
shopt -s dotglob
mv * ../action/
# Do not copy anything back, so there's nothing left to scan
- uses: ./../action/init
with:
languages: javascript
- uses: ./../action/analyze
env:
TEST_MODE: true

2
.github/workflows/pr-checks.yml vendored
View file

@ -1,6 +1,6 @@
name: "PR checks"
on: [push, pull_request]
on: [pull_request]
jobs:
tslint:

27
lib/exec_wrapper.js generated
View file

@ -37,12 +37,27 @@ async function exec_wrapper(commandLine, args, options) {
}
}
};
const returnCode = await exec.exec(commandLine, args, {
listeners: listeners,
...options
});
if (stderr === stdout) {
console.log('foo bar');
let returnCode;
try {
returnCode = await exec.exec(commandLine, args, {
listeners: listeners,
...options
});
}
catch (e) {
returnCode = 1;
}
if (returnCode === 0) {
throw new Error('The exit code was ' + returnCode + '?!');
}
const regex = new RegExp("(No source code was seen during the build\\.|No JavaScript or TypeScript code found\\.)");
if (regex.test(stderr) || regex.test(stdout)) {
throw new Error(`No source code was found. This can occur if the specified build commands failed to compile or process any code.
- Confirm that there is some source code for the specified language in the project.
- For codebases written in Go, JavaScript, TypeScript, and Python, do not specify
an explicit --command.
- For other languages, the --command must specify a "clean" build which compiles
https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning`);
}
return returnCode;
}

2
lib/exec_wrapper.js.map
View file

@ -1 +1 @@
{"version":3,"file":"exec_wrapper.js","sourceRoot":"","sources":["../src/exec_wrapper.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AAG/B,KAAK,UAAU,YAAY,CAAC,WAAmB,EAAE,IAAe,EAAE,OAAwB;;IAE/F,MAAM,gBAAgB,SAAG,OAAO,0CAAE,SAAS,CAAC;IAE5C,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,IAAI,MAAM,GAAG,EAAE,CAAC;IAEhB,IAAI,SAAS,GAAG;QACd,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;;YACvB,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC1B,IAAI,OAAA,gBAAgB,0CAAE,MAAM,MAAK,SAAS,EAAE;gBAC1C,gBAAgB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;aAC/B;iBAAM;gBACL,iFAAiF;gBACjF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;aAC5B;QAEH,CAAC;QACD,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;;YACvB,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC1B,IAAI,OAAA,gBAAgB,0CAAE,MAAM,MAAK,SAAS,EAAE;gBAC1C,gBAAgB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;aAC/B;iBAAM;gBACL,iFAAiF;gBACjF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;aAC5B;QACH,CAAC;KACF,CAAC;IAEF,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,IAAI,CAChC,WAAW,EACX,IAAI,EACJ;QACE,SAAS,EAAE,SAAS;QACpB,GAAG,OAAO;KACX,CAAC,CAAC;IAEL,IAAI,MAAM,KAAK,MAAM,EAAG;QACtB,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;KACxB;IAED,OAAO,UAAU,CAAC;AAEpB,CAAC;AA3CD,oCA2CC"}
{"version":3,"file":"exec_wrapper.js","sourceRoot":"","sources":["../src/exec_wrapper.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AAG/B,KAAK,UAAU,YAAY,CAAC,WAAmB,EAAE,IAAe,EAAE,OAAwB;;IAE/F,MAAM,gBAAgB,SAAG,OAAO,0CAAE,SAAS,CAAC;IAE5C,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,IAAI,MAAM,GAAG,EAAE,CAAC;IAEhB,IAAI,SAAS,GAAG;QACd,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;;YACvB,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC1B,IAAI,OAAA,gBAAgB,0CAAE,MAAM,MAAK,SAAS,EAAE;gBAC1C,gBAAgB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;aAC/B;iBAAM;gBACL,iFAAiF;gBACjF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;aAC5B;QAEH,CAAC;QACD,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;;YACvB,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC1B,IAAI,OAAA,gBAAgB,0CAAE,MAAM,MAAK,SAAS,EAAE;gBAC1C,gBAAgB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;aAC/B;iBAAM;gBACL,iFAAiF;gBACjF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;aAC5B;QACH,CAAC;KACF,CAAC;IAEF,IAAI,UAAkB,CAAC;IACvB,IAAI;QACF,UAAU,GAAG,MAAM,IAAI,CAAC,IAAI,CAC1B,WAAW,EACX,IAAI,EACJ;YACE,SAAS,EAAE,SAAS;YACpB,GAAG,OAAO;SACX,CAAC,CAAC;KACN;IAAC,OAAO,CAAC,EAAE;QACV,UAAU,GAAG,CAAC,CAAC;KAChB;IACD,IAAI,UAAU,KAAK,CAAC,EAAE;QACpB,MAAM,IAAI,KAAK,CAAC,oBAAoB,GAAG,UAAU,GAAG,IAAI,CAAC,CAAC;KAC3D;IAED,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,yFAAyF,CAAC,CAAC;IAEpH,IAAI,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,EAAG;QAC7C,MAAM,IAAI,KAAK,CAAC;;;;;yHAKqG,CAAC,CAAC;KACxH;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AAzDD,oCAyDC"}

34
src/exec_wrapper.ts
View file

@ -30,18 +30,32 @@ export async function exec_wrapper(commandLine: string, args?: string[], options
}
};
const returnCode = await exec.exec(
commandLine,
args,
{
listeners: listeners,
...options
});
let returnCode: number;
try {
returnCode = await exec.exec(
commandLine,
args,
{
listeners: listeners,
...options
});
} catch (e) {
returnCode = 1;
}
if (returnCode === 0) {
throw new Error('The exit code was ' + returnCode + '?!');
}
if (stderr === stdout ) {
console.log('foo bar');
const regex = new RegExp("(No source code was seen during the build\\.|No JavaScript or TypeScript code found\\.)");
if (regex.test(stderr) || regex.test(stdout) ) {
throw new Error(`No source code was found. This can occur if the specified build commands failed to compile or process any code.
- Confirm that there is some source code for the specified language in the project.
- For codebases written in Go, JavaScript, TypeScript, and Python, do not specify
an explicit --command.
- For other languages, the --command must specify a "clean" build which compiles
https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning`);
}
return returnCode;
}