Export configuration information for red runs
This commit is contained in:
Henry Mercer
parent
e4b846c482
commit
d98eadb536
12 changed files with 92 additions and 19 deletions
27
lib/codeql.js
generated
27
lib/codeql.js
generated
|
|
@ -23,12 +23,13 @@ var __importStar = (this && this.__importStar) || function (mod) {
|
|||
return result;
|
||||
};
|
||||
Object.defineProperty(exports, "__esModule", { value: true });
|
||||
exports.getExtraOptions = exports.getCodeQLForCmd = exports.getCodeQLForTesting = exports.getCachedCodeQL = exports.setCodeQL = exports.getCodeQL = exports.setupCodeQL = exports.CODEQL_VERSION_INIT_WITH_QLCONFIG = exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = exports.CODEQL_VERSION_BETTER_RESOLVE_LANGUAGES = exports.CODEQL_VERSION_ML_POWERED_QUERIES_WINDOWS = exports.CODEQL_VERSION_TRACING_GLIBC_2_34 = exports.CODEQL_VERSION_NEW_TRACING = exports.CODEQL_VERSION_GHES_PACK_DOWNLOAD = exports.CommandInvocationError = void 0;
|
||||
exports.getExtraOptions = exports.getCodeQLForCmd = exports.getCodeQLForTesting = exports.getCachedCodeQL = exports.setCodeQL = exports.getCodeQL = exports.setupCodeQL = exports.CODEQL_VERSION_INIT_WITH_QLCONFIG = exports.CODEQL_VERSION_EXPORT_CODE_SCANNING_CONFIG = exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = exports.CODEQL_VERSION_BETTER_RESOLVE_LANGUAGES = exports.CODEQL_VERSION_ML_POWERED_QUERIES_WINDOWS = exports.CODEQL_VERSION_TRACING_GLIBC_2_34 = exports.CODEQL_VERSION_NEW_TRACING = exports.CODEQL_VERSION_GHES_PACK_DOWNLOAD = exports.CommandInvocationError = void 0;
|
||||
const fs = __importStar(require("fs"));
|
||||
const path = __importStar(require("path"));
|
||||
const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
|
||||
const yaml = __importStar(require("js-yaml"));
|
||||
const actions_util_1 = require("./actions-util");
|
||||
const config_utils_1 = require("./config-utils");
|
||||
const error_matcher_1 = require("./error-matcher");
|
||||
const languages_1 = require("./languages");
|
||||
const setupCodeql = __importStar(require("./setup-codeql"));
|
||||
|
|
@ -98,6 +99,11 @@ exports.CODEQL_VERSION_BETTER_RESOLVE_LANGUAGES = "2.10.3";
|
|||
* Versions 2.11.1+ of the CodeQL Bundle include a `security-experimental` built-in query suite for each language.
|
||||
*/
|
||||
exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = "2.12.1";
|
||||
/**
|
||||
* Versions 2.12.3+ of the CodeQL CLI support exporting information in the code scanning
|
||||
* configuration file to SARIF.
|
||||
*/
|
||||
exports.CODEQL_VERSION_EXPORT_CODE_SCANNING_CONFIG = "2.12.3";
|
||||
/**
|
||||
* Versions 2.12.4+ of the CodeQL CLI support the `--qlconfig-file` flag in calls to `database init`.
|
||||
*/
|
||||
|
|
@ -606,12 +612,13 @@ async function getCodeQLForCmd(cmd, checkVersion) {
|
|||
];
|
||||
await new toolrunner.ToolRunner(cmd, args).exec();
|
||||
},
|
||||
async diagnosticsExport(sarifFile, automationDetailsId) {
|
||||
async diagnosticsExport(sarifFile, automationDetailsId, config) {
|
||||
const args = [
|
||||
"diagnostics",
|
||||
"export",
|
||||
"--format=sarif-latest",
|
||||
`--output=${sarifFile}`,
|
||||
...(await getCodeScanningConfigExportArguments(config, this)),
|
||||
...getExtraOptionsFromEnv(["diagnostics", "export"]),
|
||||
];
|
||||
if (automationDetailsId !== undefined) {
|
||||
|
|
@ -726,7 +733,7 @@ async function generateCodeScanningConfig(codeql, config, featureEnablement, log
|
|||
if (!(await util.useCodeScanningConfigInCli(codeql, featureEnablement))) {
|
||||
return;
|
||||
}
|
||||
const codeScanningConfigFile = path.resolve(config.tempDir, "user-config.yaml");
|
||||
const codeScanningConfigFile = (0, config_utils_1.getGeneratedCodeScanningConfigPath)(config);
|
||||
// make a copy so we can modify it
|
||||
const augmentedConfig = cloneObject(config.originalUserInput);
|
||||
// Inject the queries from the input
|
||||
|
|
@ -790,4 +797,18 @@ async function generateCodeScanningConfig(codeql, config, featureEnablement, log
|
|||
function cloneObject(obj) {
|
||||
return JSON.parse(JSON.stringify(obj));
|
||||
}
|
||||
/**
|
||||
* Gets arguments for passing the code scanning configuration file to interpretation commands like
|
||||
* `codeql database interpret-results` and `codeql database export-diagnostics`.
|
||||
*
|
||||
* Returns an empty list if a code scanning configuration file was not generated by the CLI.
|
||||
*/
|
||||
async function getCodeScanningConfigExportArguments(config, codeql) {
|
||||
const codeScanningConfigPath = (0, config_utils_1.getGeneratedCodeScanningConfigPath)(config);
|
||||
if (fs.existsSync(codeScanningConfigPath) &&
|
||||
(await util.codeQlVersionAbove(codeql, exports.CODEQL_VERSION_EXPORT_CODE_SCANNING_CONFIG))) {
|
||||
return ["--sarif-codescanning-config", codeScanningConfigPath];
|
||||
}
|
||||
return [];
|
||||
}
|
||||
//# sourceMappingURL=codeql.js.map
|
||||
Loading…
Add table
Add a link
Reference in a new issue