Merge pull request #1564 from github/aeisenberg/qlconfig-file

Fix --qlconfig-file option

lib/codeql.js

@@ -99,7 +99,7 @@ exports.CODEQL_VERSION_BETTER_RESOLVE_LANGUAGES = "2.10.3";
  */
 exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = "2.12.1";
 /**
- * Versions 2.12.4+ of the CodeQL CLI support the `--qlconfig` flag in calls to `database init`.
+ * Versions 2.12.4+ of the CodeQL CLI support the `--qlconfig-file` flag in calls to `database init`.
  */
 exports.CODEQL_VERSION_INIT_WITH_QLCONFIG = "2.12.4";
 /**
@@ -335,8 +335,9 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                     extraArgs.push("--external-repository-token-stdin");
                 }
             }
-            if (await util.codeQlVersionAbove(this, exports.CODEQL_VERSION_INIT_WITH_QLCONFIG)) {
-                extraArgs.push(`--qlconfig=${qlconfigFile}`);
+            if (qlconfigFile !== undefined &&
+                (await util.codeQlVersionAbove(this, exports.CODEQL_VERSION_INIT_WITH_QLCONFIG))) {
+                extraArgs.push(`--qlconfig-file=${qlconfigFile}`);
             }
             await runTool(cmd, [
                 "database",

lib/codeql.test.js

@@ -666,46 +666,66 @@ const injectedConfigMacro = ava_1.default.macro({
     },
 }, {});
 (0, ava_1.default)("does not pass a code scanning config or qlconfig file to the CLI when CLI config passing is disabled", async (t) => {
-    const runnerConstructorStub = stubToolRunnerConstructor();
-    const codeqlObject = await codeql.getCodeQLForTesting();
-    // stubbed version doesn't matter. It just needs to be valid semver.
-    sinon.stub(codeqlObject, "getVersion").resolves("0.0.0");
-    await codeqlObject.databaseInitCluster(stubConfig, "", undefined, (0, testing_utils_1.createFeatures)([]), "/path/to/qlconfig.yml", (0, logging_1.getRunnerLogger)(true));
-    const args = runnerConstructorStub.firstCall.args[1];
-    // should not have used a config file
-    const hasConfigArg = args.some((arg) => arg.startsWith("--codescanning-config="));
-    t.false(hasConfigArg, "Should NOT have injected a codescanning config");
-    // should not have passed a qlconfig file
-    const hasQlconfigArg = args.some((arg) => arg.startsWith("--qlconfig="));
-    t.false(hasQlconfigArg, "Should NOT have passed a qlconfig file");
+    await util.withTmpDir(async (tempDir) => {
+        const runnerConstructorStub = stubToolRunnerConstructor();
+        const codeqlObject = await codeql.getCodeQLForTesting();
+        // stubbed version doesn't matter. It just needs to be valid semver.
+        sinon.stub(codeqlObject, "getVersion").resolves("0.0.0");
+        await codeqlObject.databaseInitCluster({ ...stubConfig, tempDir }, "", undefined, (0, testing_utils_1.createFeatures)([]), "/path/to/qlconfig.yml", (0, logging_1.getRunnerLogger)(true));
+        const args = runnerConstructorStub.firstCall.args[1];
+        // should not have used a config file
+        const hasConfigArg = args.some((arg) => arg.startsWith("--codescanning-config="));
+        t.false(hasConfigArg, "Should NOT have injected a codescanning config");
+        // should not have passed a qlconfig file
+        const hasQlconfigArg = args.some((arg) => arg.startsWith("--qlconfig-file="));
+        t.false(hasQlconfigArg, "Should NOT have passed a qlconfig file");
+    });
 });
 (0, ava_1.default)("passes a code scanning config AND qlconfig to the CLI when CLI config passing is enabled", async (t) => {
-    const runnerConstructorStub = stubToolRunnerConstructor();
-    const codeqlObject = await codeql.getCodeQLForTesting();
-    sinon
-        .stub(codeqlObject, "getVersion")
-        .resolves(codeql.CODEQL_VERSION_INIT_WITH_QLCONFIG);
-    await codeqlObject.databaseInitCluster(stubConfig, "", undefined, (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.CliConfigFileEnabled]), "/path/to/qlconfig.yml", (0, logging_1.getRunnerLogger)(true));
-    const args = runnerConstructorStub.firstCall.args[1];
-    // should have used a config file
-    const hasCodeScanningConfigArg = args.some((arg) => arg.startsWith("--codescanning-config="));
-    t.true(hasCodeScanningConfigArg, "Should have injected a qlconfig");
-    // should have passed a qlconfig file
-    const hasQlconfigArg = args.some((arg) => arg.startsWith("--qlconfig="));
-    t.truthy(hasQlconfigArg, "Should have injected a codescanning config");
+    await util.withTmpDir(async (tempDir) => {
+        const runnerConstructorStub = stubToolRunnerConstructor();
+        const codeqlObject = await codeql.getCodeQLForTesting();
+        sinon
+            .stub(codeqlObject, "getVersion")
+            .resolves(codeql.CODEQL_VERSION_INIT_WITH_QLCONFIG);
+        await codeqlObject.databaseInitCluster({ ...stubConfig, tempDir }, "", undefined, (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.CliConfigFileEnabled]), "/path/to/qlconfig.yml", (0, logging_1.getRunnerLogger)(true));
+        const args = runnerConstructorStub.firstCall.args[1];
+        // should have used a config file
+        const hasCodeScanningConfigArg = args.some((arg) => arg.startsWith("--codescanning-config="));
+        t.true(hasCodeScanningConfigArg, "Should have injected a qlconfig");
+        // should have passed a qlconfig file
+        const hasQlconfigArg = args.some((arg) => arg.startsWith("--qlconfig-file="));
+        t.truthy(hasQlconfigArg, "Should have injected a codescanning config");
+    });
 });
 (0, ava_1.default)("passes a code scanning config BUT NOT a qlconfig to the CLI when CLI config passing is enabled", async (t) => {
-    const runnerConstructorStub = stubToolRunnerConstructor();
-    const codeqlObject = await codeql.getCodeQLForTesting();
-    sinon.stub(codeqlObject, "getVersion").resolves("2.12.2");
-    await codeqlObject.databaseInitCluster(stubConfig, "", undefined, (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.CliConfigFileEnabled]), "/path/to/qlconfig.yml", (0, logging_1.getRunnerLogger)(true));
-    const args = runnerConstructorStub.firstCall.args[1];
-    // should have used a config file
-    const hasCodeScanningConfigArg = args.some((arg) => arg.startsWith("--codescanning-config="));
-    t.true(hasCodeScanningConfigArg, "Should NOT have injected a qlconfig");
-    // should have passed a qlconfig file
-    const hasQlconfigArg = args.some((arg) => arg.startsWith("--qlconfig="));
-    t.false(hasQlconfigArg, "Should have injected a codescanning config");
+    await util.withTmpDir(async (tempDir) => {
+        const runnerConstructorStub = stubToolRunnerConstructor();
+        const codeqlObject = await codeql.getCodeQLForTesting();
+        sinon.stub(codeqlObject, "getVersion").resolves("2.12.2");
+        await codeqlObject.databaseInitCluster({ ...stubConfig, tempDir }, "", undefined, (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.CliConfigFileEnabled]), "/path/to/qlconfig.yml", (0, logging_1.getRunnerLogger)(true));
+        const args = runnerConstructorStub.firstCall.args[1];
+        // should have used a config file
+        const hasCodeScanningConfigArg = args.some((arg) => arg.startsWith("--codescanning-config="));
+        t.true(hasCodeScanningConfigArg, "Should have injected a codescanning config");
+        // should not have passed a qlconfig file
+        const hasQlconfigArg = args.some((arg) => arg.startsWith("--qlconfig-file="));
+        t.false(hasQlconfigArg, "should NOT have injected a qlconfig");
+    });
+});
+(0, ava_1.default)("does not pass a qlconfig to the CLI when it is undefined", async (t) => {
+    await util.withTmpDir(async (tempDir) => {
+        const runnerConstructorStub = stubToolRunnerConstructor();
+        const codeqlObject = await codeql.getCodeQLForTesting();
+        sinon
+            .stub(codeqlObject, "getVersion")
+            .resolves(codeql.CODEQL_VERSION_INIT_WITH_QLCONFIG);
+        await codeqlObject.databaseInitCluster({ ...stubConfig, tempDir }, "", undefined, (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.CliConfigFileEnabled]), undefined, // undefined qlconfigFile
+        (0, logging_1.getRunnerLogger)(true));
+        const args = runnerConstructorStub.firstCall.args[1];
+        const hasQlconfigArg = args.some((arg) => arg.startsWith("--qlconfig-file="));
+        t.false(hasQlconfigArg, "should NOT have injected a qlconfig");
+    });
 });
 (0, ava_1.default)("databaseInterpretResults() sets --sarif-add-baseline-file-info for 2.11.3", async (t) => {
     const runnerConstructorStub = stubToolRunnerConstructor();

src/codeql.test.ts

@@ -1003,89 +1003,124 @@ test(
 );
 
 test("does not pass a code scanning config or qlconfig file to the CLI when CLI config passing is disabled", async (t: ExecutionContext<unknown>) => {
-  const runnerConstructorStub = stubToolRunnerConstructor();
-  const codeqlObject = await codeql.getCodeQLForTesting();
-  // stubbed version doesn't matter. It just needs to be valid semver.
-  sinon.stub(codeqlObject, "getVersion").resolves("0.0.0");
+  await util.withTmpDir(async (tempDir) => {
+    const runnerConstructorStub = stubToolRunnerConstructor();
+    const codeqlObject = await codeql.getCodeQLForTesting();
+    // stubbed version doesn't matter. It just needs to be valid semver.
+    sinon.stub(codeqlObject, "getVersion").resolves("0.0.0");
 
-  await codeqlObject.databaseInitCluster(
-    stubConfig,
-    "",
-    undefined,
-    createFeatures([]),
-    "/path/to/qlconfig.yml",
-    getRunnerLogger(true)
-  );
+    await codeqlObject.databaseInitCluster(
+      { ...stubConfig, tempDir },
+      "",
+      undefined,
+      createFeatures([]),
+      "/path/to/qlconfig.yml",
+      getRunnerLogger(true)
+    );
 
-  const args = runnerConstructorStub.firstCall.args[1];
-  // should not have used a config file
-  const hasConfigArg = args.some((arg: string) =>
-    arg.startsWith("--codescanning-config=")
-  );
-  t.false(hasConfigArg, "Should NOT have injected a codescanning config");
+    const args = runnerConstructorStub.firstCall.args[1];
+    // should not have used a config file
+    const hasConfigArg = args.some((arg: string) =>
+      arg.startsWith("--codescanning-config=")
+    );
+    t.false(hasConfigArg, "Should NOT have injected a codescanning config");
 
-  // should not have passed a qlconfig file
-  const hasQlconfigArg = args.some((arg: string) =>
-    arg.startsWith("--qlconfig=")
-  );
-  t.false(hasQlconfigArg, "Should NOT have passed a qlconfig file");
+    // should not have passed a qlconfig file
+    const hasQlconfigArg = args.some((arg: string) =>
+      arg.startsWith("--qlconfig-file=")
+    );
+    t.false(hasQlconfigArg, "Should NOT have passed a qlconfig file");
+  });
 });
 
 test("passes a code scanning config AND qlconfig to the CLI when CLI config passing is enabled", async (t: ExecutionContext<unknown>) => {
-  const runnerConstructorStub = stubToolRunnerConstructor();
-  const codeqlObject = await codeql.getCodeQLForTesting();
-  sinon
-    .stub(codeqlObject, "getVersion")
-    .resolves(codeql.CODEQL_VERSION_INIT_WITH_QLCONFIG);
+  await util.withTmpDir(async (tempDir) => {
+    const runnerConstructorStub = stubToolRunnerConstructor();
+    const codeqlObject = await codeql.getCodeQLForTesting();
+    sinon
+      .stub(codeqlObject, "getVersion")
+      .resolves(codeql.CODEQL_VERSION_INIT_WITH_QLCONFIG);
 
-  await codeqlObject.databaseInitCluster(
-    stubConfig,
-    "",
-    undefined,
-    createFeatures([Feature.CliConfigFileEnabled]),
-    "/path/to/qlconfig.yml",
-    getRunnerLogger(true)
-  );
+    await codeqlObject.databaseInitCluster(
+      { ...stubConfig, tempDir },
+      "",
+      undefined,
+      createFeatures([Feature.CliConfigFileEnabled]),
+      "/path/to/qlconfig.yml",
+      getRunnerLogger(true)
+    );
 
-  const args = runnerConstructorStub.firstCall.args[1];
-  // should have used a config file
-  const hasCodeScanningConfigArg = args.some((arg: string) =>
-    arg.startsWith("--codescanning-config=")
-  );
-  t.true(hasCodeScanningConfigArg, "Should have injected a qlconfig");
+    const args = runnerConstructorStub.firstCall.args[1];
+    // should have used a config file
+    const hasCodeScanningConfigArg = args.some((arg: string) =>
+      arg.startsWith("--codescanning-config=")
+    );
+    t.true(hasCodeScanningConfigArg, "Should have injected a qlconfig");
 
-  // should have passed a qlconfig file
-  const hasQlconfigArg = args.some((arg: string) =>
-    arg.startsWith("--qlconfig=")
-  );
-  t.truthy(hasQlconfigArg, "Should have injected a codescanning config");
+    // should have passed a qlconfig file
+    const hasQlconfigArg = args.some((arg: string) =>
+      arg.startsWith("--qlconfig-file=")
+    );
+    t.truthy(hasQlconfigArg, "Should have injected a codescanning config");
+  });
 });
+
 test("passes a code scanning config BUT NOT a qlconfig to the CLI when CLI config passing is enabled", async (t: ExecutionContext<unknown>) => {
-  const runnerConstructorStub = stubToolRunnerConstructor();
-  const codeqlObject = await codeql.getCodeQLForTesting();
-  sinon.stub(codeqlObject, "getVersion").resolves("2.12.2");
+  await util.withTmpDir(async (tempDir) => {
+    const runnerConstructorStub = stubToolRunnerConstructor();
+    const codeqlObject = await codeql.getCodeQLForTesting();
+    sinon.stub(codeqlObject, "getVersion").resolves("2.12.2");
 
-  await codeqlObject.databaseInitCluster(
-    stubConfig,
-    "",
-    undefined,
-    createFeatures([Feature.CliConfigFileEnabled]),
-    "/path/to/qlconfig.yml",
-    getRunnerLogger(true)
-  );
+    await codeqlObject.databaseInitCluster(
+      { ...stubConfig, tempDir },
+      "",
+      undefined,
+      createFeatures([Feature.CliConfigFileEnabled]),
+      "/path/to/qlconfig.yml",
+      getRunnerLogger(true)
+    );
 
-  const args = runnerConstructorStub.firstCall.args[1] as any[];
-  // should have used a config file
-  const hasCodeScanningConfigArg = args.some((arg: string) =>
-    arg.startsWith("--codescanning-config=")
-  );
-  t.true(hasCodeScanningConfigArg, "Should NOT have injected a qlconfig");
+    const args = runnerConstructorStub.firstCall.args[1] as any[];
+    // should have used a config file
+    const hasCodeScanningConfigArg = args.some((arg: string) =>
+      arg.startsWith("--codescanning-config=")
+    );
+    t.true(
+      hasCodeScanningConfigArg,
+      "Should have injected a codescanning config"
+    );
 
-  // should have passed a qlconfig file
-  const hasQlconfigArg = args.some((arg: string) =>
-    arg.startsWith("--qlconfig=")
-  );
-  t.false(hasQlconfigArg, "Should have injected a codescanning config");
+    // should not have passed a qlconfig file
+    const hasQlconfigArg = args.some((arg: string) =>
+      arg.startsWith("--qlconfig-file=")
+    );
+    t.false(hasQlconfigArg, "should NOT have injected a qlconfig");
+  });
+});
+
+test("does not pass a qlconfig to the CLI when it is undefined", async (t: ExecutionContext<unknown>) => {
+  await util.withTmpDir(async (tempDir) => {
+    const runnerConstructorStub = stubToolRunnerConstructor();
+    const codeqlObject = await codeql.getCodeQLForTesting();
+    sinon
+      .stub(codeqlObject, "getVersion")
+      .resolves(codeql.CODEQL_VERSION_INIT_WITH_QLCONFIG);
+
+    await codeqlObject.databaseInitCluster(
+      { ...stubConfig, tempDir },
+      "",
+      undefined,
+      createFeatures([Feature.CliConfigFileEnabled]),
+      undefined, // undefined qlconfigFile
+      getRunnerLogger(true)
+    );
+
+    const args = runnerConstructorStub.firstCall.args[1] as any[];
+    const hasQlconfigArg = args.some((arg: string) =>
+      arg.startsWith("--qlconfig-file=")
+    );
+    t.false(hasQlconfigArg, "should NOT have injected a qlconfig");
+  });
 });
 
 test("databaseInterpretResults() sets --sarif-add-baseline-file-info for 2.11.3", async (t) => {

src/codeql.ts

@@ -291,7 +291,7 @@ export const CODEQL_VERSION_BETTER_RESOLVE_LANGUAGES = "2.10.3";
 export const CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = "2.12.1";
 
 /**
- * Versions 2.12.4+ of the CodeQL CLI support the `--qlconfig` flag in calls to `database init`.
+ * Versions 2.12.4+ of the CodeQL CLI support the `--qlconfig-file` flag in calls to `database init`.
  */
 export const CODEQL_VERSION_INIT_WITH_QLCONFIG = "2.12.4";
 
@@ -619,9 +619,10 @@ export async function getCodeQLForCmd(
       }
 
       if (
-        await util.codeQlVersionAbove(this, CODEQL_VERSION_INIT_WITH_QLCONFIG)
+        qlconfigFile !== undefined &&
+        (await util.codeQlVersionAbove(this, CODEQL_VERSION_INIT_WITH_QLCONFIG))
       ) {
-        extraArgs.push(`--qlconfig=${qlconfigFile}`);
+        extraArgs.push(`--qlconfig-file=${qlconfigFile}`);
       }
       await runTool(
         cmd,