robojerk/codeql-action

fix alerts

Browse source
This commit is contained in:
Robert Brignull 2020-08-17 12:42:23 +01:00
parent f92a68048c
commit d49b8673bb
9 changed files with 39 additions and 37 deletions
Download patch file Download diff file Expand all files Collapse all files

25
lib/fingerprints.js generated
View file

@ -10,7 +10,6 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod }; return (mod && mod.__esModule) ? mod : { "default": mod };
}; };
Object.defineProperty(exports, "__esModule", { value: true }); Object.defineProperty(exports, "__esModule", { value: true });
const core = __importStar(require("@actions/core"));
const fs = __importStar(require("fs")); const fs = __importStar(require("fs"));
const long_1 = __importDefault(require("long")); const long_1 = __importDefault(require("long"));
const tab = '\t'.charCodeAt(0); const tab = '\t'.charCodeAt(0);
@ -122,7 +121,7 @@ function hash(callback, input) {
exports.hash = hash; exports.hash = hash;
// Generate a hash callback function that updates the given result in-place // Generate a hash callback function that updates the given result in-place
// when it recieves a hash for the correct line number. Ignores hashes for other lines. // when it recieves a hash for the correct line number. Ignores hashes for other lines.
function locationUpdateCallback(result, location) { function locationUpdateCallback(result, location, logger) {
var _a, _b; var _a, _b;
let locationStartLine = (_b = (_a = location.physicalLocation) === null || _a === void 0 ? void 0 : _a.region) === null || _b === void 0 ? void 0 : _b.startLine; let locationStartLine = (_b = (_a = location.physicalLocation) === null || _a === void 0 ? void 0 : _a.region) === null || _b === void 0 ? void 0 : _b.startLine;
if (locationStartLine === undefined) { if (locationStartLine === undefined) {
@ -146,7 +145,7 @@ function locationUpdateCallback(result, location) {
result.partialFingerprints.primaryLocationLineHash = hash; result.partialFingerprints.primaryLocationLineHash = hash;
} }
else if (existingFingerprint !== hash) { else if (existingFingerprint !== hash) {
core.warning('Calculated fingerprint of ' + hash + logger.warning('Calculated fingerprint of ' + hash +
' for file ' + location.physicalLocation.artifactLocation.uri + ' for file ' + location.physicalLocation.artifactLocation.uri +
' line ' + lineNumber + ' line ' + lineNumber +
', but found existing inconsistent fingerprint value ' + existingFingerprint); ', but found existing inconsistent fingerprint value ' + existingFingerprint);
@ -157,21 +156,21 @@ function locationUpdateCallback(result, location) {
// the source file so we can hash it. // the source file so we can hash it.
// If possible returns a absolute file path for the source file, // If possible returns a absolute file path for the source file,
// or if not possible then returns undefined. // or if not possible then returns undefined.
function resolveUriToFile(location, artifacts) { function resolveUriToFile(location, artifacts, logger) {
// This may be referencing an artifact // This may be referencing an artifact
if (!location.uri && location.index !== undefined) { if (!location.uri && location.index !== undefined) {
if (typeof location.index !== 'number' || if (typeof location.index !== 'number' ||
location.index < 0 || location.index < 0 ||
location.index >= artifacts.length || location.index >= artifacts.length ||
typeof artifacts[location.index].location !== 'object') { typeof artifacts[location.index].location !== 'object') {
core.debug(`Ignoring location as URI "${location.index}" is invalid`); logger.debug(`Ignoring location as URI "${location.index}" is invalid`);
return undefined; return undefined;
} }
location = artifacts[location.index].location; location = artifacts[location.index].location;
} }
// Get the URI and decode // Get the URI and decode
if (typeof location.uri !== 'string') { if (typeof location.uri !== 'string') {
core.debug(`Ignoring location as index "${location.uri}" is invalid`); logger.debug(`Ignoring location as index "${location.uri}" is invalid`);
return undefined; return undefined;
} }
let uri = decodeURIComponent(location.uri); let uri = decodeURIComponent(location.uri);
@ -181,13 +180,13 @@ function resolveUriToFile(location, artifacts) {
uri = uri.substring(fileUriPrefix.length); uri = uri.substring(fileUriPrefix.length);
} }
if (uri.indexOf('://') !== -1) { if (uri.indexOf('://') !== -1) {
core.debug(`Ignoring location URI "${uri}" as the scheme is not recognised`); logger.debug(`Ignoring location URI "${uri}" as the scheme is not recognised`);
return undefined; return undefined;
} }
// Discard any absolute paths that aren't in the src root // Discard any absolute paths that aren't in the src root
const srcRootPrefix = process.env['GITHUB_WORKSPACE'] + '/'; const srcRootPrefix = process.env['GITHUB_WORKSPACE'] + '/';
if (uri.startsWith('/') && !uri.startsWith(srcRootPrefix)) { if (uri.startsWith('/') && !uri.startsWith(srcRootPrefix)) {
core.debug(`Ignoring location URI "${uri}" as it is outside of the src root`); logger.debug(`Ignoring location URI "${uri}" as it is outside of the src root`);
return undefined; return undefined;
} }
// Just assume a relative path is relative to the src root. // Just assume a relative path is relative to the src root.
@ -198,7 +197,7 @@ function resolveUriToFile(location, artifacts) {
} }
// Check the file exists // Check the file exists
if (!fs.existsSync(uri)) { if (!fs.existsSync(uri)) {
core.debug(`Unable to compute fingerprint for non-existent file: ${uri}`); logger.debug(`Unable to compute fingerprint for non-existent file: ${uri}`);
return undefined; return undefined;
} }
return uri; return uri;
@ -206,7 +205,7 @@ function resolveUriToFile(location, artifacts) {
exports.resolveUriToFile = resolveUriToFile; exports.resolveUriToFile = resolveUriToFile;
// Compute fingerprints for results in the given sarif file // Compute fingerprints for results in the given sarif file
// and return an updated sarif file contents. // and return an updated sarif file contents.
function addFingerprints(sarifContents) { function addFingerprints(sarifContents, logger) {
var _a, _b; var _a, _b;
let sarif = JSON.parse(sarifContents); let sarif = JSON.parse(sarifContents);
// Gather together results for the same file and construct // Gather together results for the same file and construct
@ -219,17 +218,17 @@ function addFingerprints(sarifContents) {
// Check the primary location is defined correctly and is in the src root // Check the primary location is defined correctly and is in the src root
const primaryLocation = (result.locations || [])[0]; const primaryLocation = (result.locations || [])[0];
if (!((_b = (_a = primaryLocation) === null || _a === void 0 ? void 0 : _a.physicalLocation) === null || _b === void 0 ? void 0 : _b.artifactLocation)) { if (!((_b = (_a = primaryLocation) === null || _a === void 0 ? void 0 : _a.physicalLocation) === null || _b === void 0 ? void 0 : _b.artifactLocation)) {
core.debug(`Unable to compute fingerprint for invalid location: ${JSON.stringify(primaryLocation)}`); logger.debug(`Unable to compute fingerprint for invalid location: ${JSON.stringify(primaryLocation)}`);
continue; continue;
} }
const filepath = resolveUriToFile(primaryLocation.physicalLocation.artifactLocation, artifacts); const filepath = resolveUriToFile(primaryLocation.physicalLocation.artifactLocation, artifacts, logger);
if (!filepath) { if (!filepath) {
continue; continue;
} }
if (!callbacksByFile[filepath]) { if (!callbacksByFile[filepath]) {
callbacksByFile[filepath] = []; callbacksByFile[filepath] = [];
} }
callbacksByFile[filepath].push(locationUpdateCallback(result, primaryLocation)); callbacksByFile[filepath].push(locationUpdateCallback(result, primaryLocation, logger));
} }
} }
// Now hash each file that was found // Now hash each file that was found

2
lib/fingerprints.js.map
View file

File diff suppressed because one or more lines are too long

7
lib/fingerprints.test.js generated
View file

@ -14,6 +14,7 @@ const ava_1 = __importDefault(require("ava"));
const fs = __importStar(require("fs")); const fs = __importStar(require("fs"));
const path = __importStar(require("path")); const path = __importStar(require("path"));
const fingerprints = __importStar(require("./fingerprints")); const fingerprints = __importStar(require("./fingerprints"));
const logging_1 = require("./logging");
const testing_utils_1 = require("./testing-utils"); const testing_utils_1 = require("./testing-utils");
testing_utils_1.setupTests(ava_1.default); testing_utils_1.setupTests(ava_1.default);
function testHash(t, input, expectedHashes) { function testHash(t, input, expectedHashes) {
@ -98,7 +99,7 @@ ava_1.default('hash', (t) => {
function testResolveUriToFile(uri, index, artifactsURIs) { function testResolveUriToFile(uri, index, artifactsURIs) {
const location = { "uri": uri, "index": index }; const location = { "uri": uri, "index": index };
const artifacts = artifactsURIs.map(uri => ({ "location": { "uri": uri } })); const artifacts = artifactsURIs.map(uri => ({ "location": { "uri": uri } }));
return fingerprints.resolveUriToFile(location, artifacts); return fingerprints.resolveUriToFile(location, artifacts, logging_1.getCLILogger());
} }
ava_1.default('resolveUriToFile', t => { ava_1.default('resolveUriToFile', t => {
// The resolveUriToFile method checks that the file exists and is in the right directory // The resolveUriToFile method checks that the file exists and is in the right directory
@ -143,7 +144,7 @@ ava_1.default('addFingerprints', t => {
expected = JSON.stringify(JSON.parse(expected)); expected = JSON.stringify(JSON.parse(expected));
// The URIs in the SARIF files resolve to files in the testdata directory // The URIs in the SARIF files resolve to files in the testdata directory
process.env['GITHUB_WORKSPACE'] = path.normalize(__dirname + '/../src/testdata'); process.env['GITHUB_WORKSPACE'] = path.normalize(__dirname + '/../src/testdata');
t.deepEqual(fingerprints.addFingerprints(input), expected); t.deepEqual(fingerprints.addFingerprints(input, logging_1.getCLILogger()), expected);
}); });
ava_1.default('missingRegions', t => { ava_1.default('missingRegions', t => {
// Run an end-to-end test on a test file // Run an end-to-end test on a test file
@ -154,6 +155,6 @@ ava_1.default('missingRegions', t => {
expected = JSON.stringify(JSON.parse(expected)); expected = JSON.stringify(JSON.parse(expected));
// The URIs in the SARIF files resolve to files in the testdata directory // The URIs in the SARIF files resolve to files in the testdata directory
process.env['GITHUB_WORKSPACE'] = path.normalize(__dirname + '/../src/testdata'); process.env['GITHUB_WORKSPACE'] = path.normalize(__dirname + '/../src/testdata');
t.deepEqual(fingerprints.addFingerprints(input), expected); t.deepEqual(fingerprints.addFingerprints(input, logging_1.getCLILogger()), expected);
}); });
//# sourceMappingURL=fingerprints.test.js.map //# sourceMappingURL=fingerprints.test.js.map

2
lib/fingerprints.test.js.map
View file

File diff suppressed because one or more lines are too long

2
lib/upload-lib.js generated
View file

@ -166,7 +166,7 @@ async function uploadFiles(sarifFiles, repositoryNwo, commitOid, ref, analysisKe
validateSarifFileSchema(file, logger); validateSarifFileSchema(file, logger);
} }
let sarifPayload = combineSarifFiles(sarifFiles); let sarifPayload = combineSarifFiles(sarifFiles);
sarifPayload = fingerprints.addFingerprints(sarifPayload); sarifPayload = fingerprints.addFingerprints(sarifPayload, logger);
const zipped_sarif = zlib_1.default.gzipSync(sarifPayload).toString('base64'); const zipped_sarif = zlib_1.default.gzipSync(sarifPayload).toString('base64');
let checkoutURI = file_url_1.default(checkoutPath); let checkoutURI = file_url_1.default(checkoutPath);
const toolNames = util.getToolNames(sarifPayload); const toolNames = util.getToolNames(sarifPayload);

2
lib/upload-lib.js.map
View file

File diff suppressed because one or more lines are too long

7
src/fingerprints.test.ts
View file

@ -4,6 +4,7 @@ import * as fs from 'fs';
import * as path from 'path'; import * as path from 'path';
import * as fingerprints from './fingerprints'; import * as fingerprints from './fingerprints';
import { getCLILogger } from './logging';
import {setupTests} from './testing-utils'; import {setupTests} from './testing-utils';
setupTests(test); setupTests(test);
@ -115,7 +116,7 @@ test('hash', (t: ava.Assertions) => {
function testResolveUriToFile(uri: any, index: any, artifactsURIs: any[]) { function testResolveUriToFile(uri: any, index: any, artifactsURIs: any[]) {
const location = { "uri": uri, "index": index }; const location = { "uri": uri, "index": index };
const artifacts = artifactsURIs.map(uri => ({ "location": { "uri": uri } })); const artifacts = artifactsURIs.map(uri => ({ "location": { "uri": uri } }));
return fingerprints.resolveUriToFile(location, artifacts); return fingerprints.resolveUriToFile(location, artifacts, getCLILogger());
} }
test('resolveUriToFile', t => { test('resolveUriToFile', t => {
@ -174,7 +175,7 @@ test('addFingerprints', t => {
// The URIs in the SARIF files resolve to files in the testdata directory // The URIs in the SARIF files resolve to files in the testdata directory
process.env['GITHUB_WORKSPACE'] = path.normalize(__dirname + '/../src/testdata'); process.env['GITHUB_WORKSPACE'] = path.normalize(__dirname + '/../src/testdata');
t.deepEqual(fingerprints.addFingerprints(input), expected); t.deepEqual(fingerprints.addFingerprints(input, getCLILogger()), expected);
}); });
test('missingRegions', t => { test('missingRegions', t => {
@ -189,5 +190,5 @@ test('missingRegions', t => {
// The URIs in the SARIF files resolve to files in the testdata directory // The URIs in the SARIF files resolve to files in the testdata directory
process.env['GITHUB_WORKSPACE'] = path.normalize(__dirname + '/../src/testdata'); process.env['GITHUB_WORKSPACE'] = path.normalize(__dirname + '/../src/testdata');
t.deepEqual(fingerprints.addFingerprints(input), expected); t.deepEqual(fingerprints.addFingerprints(input, getCLILogger()), expected);
}); });

27
src/fingerprints.ts
View file

@ -1,7 +1,8 @@
import * as core from '@actions/core';
import * as fs from 'fs'; import * as fs from 'fs';
import Long from 'long'; import Long from 'long';
import { Logger } from './logging';
const tab = '\t'.charCodeAt(0); const tab = '\t'.charCodeAt(0);
const space = ' '.charCodeAt(0); const space = ' '.charCodeAt(0);
const lf = '\n'.charCodeAt(0); const lf = '\n'.charCodeAt(0);
@ -124,7 +125,7 @@ export function hash(callback: hashCallback, input: string) {
// Generate a hash callback function that updates the given result in-place // Generate a hash callback function that updates the given result in-place
// when it recieves a hash for the correct line number. Ignores hashes for other lines. // when it recieves a hash for the correct line number. Ignores hashes for other lines.
function locationUpdateCallback(result: any, location: any): hashCallback { function locationUpdateCallback(result: any, location: any, logger: Logger): hashCallback {
let locationStartLine = location.physicalLocation?.region?.startLine; let locationStartLine = location.physicalLocation?.region?.startLine;
if (locationStartLine === undefined) { if (locationStartLine === undefined) {
// We expect the region section to be present, but it can be absent if the // We expect the region section to be present, but it can be absent if the
@ -148,7 +149,7 @@ function locationUpdateCallback(result: any, location: any): hashCallback {
if (!existingFingerprint) { if (!existingFingerprint) {
result.partialFingerprints.primaryLocationLineHash = hash; result.partialFingerprints.primaryLocationLineHash = hash;
} else if (existingFingerprint !== hash) { } else if (existingFingerprint !== hash) {
core.warning('Calculated fingerprint of ' + hash + logger.warning('Calculated fingerprint of ' + hash +
' for file ' + location.physicalLocation.artifactLocation.uri + ' for file ' + location.physicalLocation.artifactLocation.uri +
' line ' + lineNumber + ' line ' + lineNumber +
', but found existing inconsistent fingerprint value ' + existingFingerprint); ', but found existing inconsistent fingerprint value ' + existingFingerprint);
@ -160,14 +161,14 @@ function locationUpdateCallback(result: any, location: any): hashCallback {
// the source file so we can hash it. // the source file so we can hash it.
// If possible returns a absolute file path for the source file, // If possible returns a absolute file path for the source file,
// or if not possible then returns undefined. // or if not possible then returns undefined.
export function resolveUriToFile(location: any, artifacts: any[]): string | undefined { export function resolveUriToFile(location: any, artifacts: any[], logger: Logger): string | undefined {
// This may be referencing an artifact // This may be referencing an artifact
if (!location.uri && location.index !== undefined) { if (!location.uri && location.index !== undefined) {
if (typeof location.index !== 'number' || if (typeof location.index !== 'number' ||
location.index < 0 || location.index < 0 ||
location.index >= artifacts.length || location.index >= artifacts.length ||
typeof artifacts[location.index].location !== 'object') { typeof artifacts[location.index].location !== 'object') {
core.debug(`Ignoring location as URI "${location.index}" is invalid`); logger.debug(`Ignoring location as URI "${location.index}" is invalid`);
return undefined; return undefined;
} }
location = artifacts[location.index].location; location = artifacts[location.index].location;
@ -175,7 +176,7 @@ export function resolveUriToFile(location: any, artifacts: any[]): string | unde
// Get the URI and decode // Get the URI and decode
if (typeof location.uri !== 'string') { if (typeof location.uri !== 'string') {
core.debug(`Ignoring location as index "${location.uri}" is invalid`); logger.debug(`Ignoring location as index "${location.uri}" is invalid`);
return undefined; return undefined;
} }
let uri = decodeURIComponent(location.uri); let uri = decodeURIComponent(location.uri);
@ -186,14 +187,14 @@ export function resolveUriToFile(location: any, artifacts: any[]): string | unde
uri = uri.substring(fileUriPrefix.length); uri = uri.substring(fileUriPrefix.length);
} }
if (uri.indexOf('://') !== -1) { if (uri.indexOf('://') !== -1) {
core.debug(`Ignoring location URI "${uri}" as the scheme is not recognised`); logger.debug(`Ignoring location URI "${uri}" as the scheme is not recognised`);
return undefined; return undefined;
} }
// Discard any absolute paths that aren't in the src root // Discard any absolute paths that aren't in the src root
const srcRootPrefix = process.env['GITHUB_WORKSPACE'] + '/'; const srcRootPrefix = process.env['GITHUB_WORKSPACE'] + '/';
if (uri.startsWith('/') && !uri.startsWith(srcRootPrefix)) { if (uri.startsWith('/') && !uri.startsWith(srcRootPrefix)) {
core.debug(`Ignoring location URI "${uri}" as it is outside of the src root`); logger.debug(`Ignoring location URI "${uri}" as it is outside of the src root`);
return undefined; return undefined;
} }
@ -206,7 +207,7 @@ export function resolveUriToFile(location: any, artifacts: any[]): string | unde
// Check the file exists // Check the file exists
if (!fs.existsSync(uri)) { if (!fs.existsSync(uri)) {
core.debug(`Unable to compute fingerprint for non-existent file: ${uri}`); logger.debug(`Unable to compute fingerprint for non-existent file: ${uri}`);
return undefined; return undefined;
} }
@ -215,7 +216,7 @@ export function resolveUriToFile(location: any, artifacts: any[]): string | unde
// Compute fingerprints for results in the given sarif file // Compute fingerprints for results in the given sarif file
// and return an updated sarif file contents. // and return an updated sarif file contents.
export function addFingerprints(sarifContents: string): string { export function addFingerprints(sarifContents: string, logger: Logger): string {
let sarif = JSON.parse(sarifContents); let sarif = JSON.parse(sarifContents);
// Gather together results for the same file and construct // Gather together results for the same file and construct
@ -229,18 +230,18 @@ export function addFingerprints(sarifContents: string): string {
// Check the primary location is defined correctly and is in the src root // Check the primary location is defined correctly and is in the src root
const primaryLocation = (result.locations || [])[0]; const primaryLocation = (result.locations || [])[0];
if (!primaryLocation?.physicalLocation?.artifactLocation) { if (!primaryLocation?.physicalLocation?.artifactLocation) {
core.debug(`Unable to compute fingerprint for invalid location: ${JSON.stringify(primaryLocation)}`); logger.debug(`Unable to compute fingerprint for invalid location: ${JSON.stringify(primaryLocation)}`);
continue; continue;
} }
const filepath = resolveUriToFile(primaryLocation.physicalLocation.artifactLocation, artifacts); const filepath = resolveUriToFile(primaryLocation.physicalLocation.artifactLocation, artifacts, logger);
if (!filepath) { if (!filepath) {
continue; continue;
} }
if (!callbacksByFile[filepath]) { if (!callbacksByFile[filepath]) {
callbacksByFile[filepath] = []; callbacksByFile[filepath] = [];
} }
callbacksByFile[filepath].push(locationUpdateCallback(result, primaryLocation)); callbacksByFile[filepath].push(locationUpdateCallback(result, primaryLocation, logger));
} }
} }

2
src/upload-lib.ts
View file

@ -235,7 +235,7 @@ async function uploadFiles(
} }
let sarifPayload = combineSarifFiles(sarifFiles); let sarifPayload = combineSarifFiles(sarifFiles);
sarifPayload = fingerprints.addFingerprints(sarifPayload); sarifPayload = fingerprints.addFingerprints(sarifPayload, logger);
const zipped_sarif = zlib.gzipSync(sarifPayload).toString('base64'); const zipped_sarif = zlib.gzipSync(sarifPayload).toString('base64');
let checkoutURI = fileUrl(checkoutPath); let checkoutURI = fileUrl(checkoutPath);