robojerk/codeql-action

Merge pull request #1910 from github/henrymercer/remove-ml-powered-queries

Browse source 
Remove ML-powered queries
This commit is contained in:
Aditya Sharad 2023-10-02 14:40:55 -07:00 committed by GitHub
commit ed2a90b161
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
36 changed files with 62 additions and 1045 deletions
Download patch file Download diff file Expand all files Collapse all files

153
.github/workflows/__ml-powered-queries.yml generated vendored
View file

@ -1,153 +0,0 @@
# Warning: This file is generated automatically, and should not be modified.
# Instead, please modify the template in the pr-checks directory and run:
# (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
# to regenerate this file.
name: PR Check - ML-powered queries
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GO111MODULE: auto
CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
on:
push:
branches:
- main
- releases/v2
pull_request:
types:
- opened
- synchronize
- reopened
- ready_for_review
workflow_dispatch: {}
jobs:
ml-powered-queries:
strategy:
matrix:
include:
- os: ubuntu-latest
version: stable-20220908
- os: macos-latest
version: stable-20220908
- os: windows-latest
version: stable-20220908
- os: ubuntu-latest
version: stable-20221211
- os: macos-latest
version: stable-20221211
- os: windows-latest
version: stable-20221211
- os: ubuntu-latest
version: stable-20230418
- os: macos-latest
version: stable-20230418
- os: windows-latest
version: stable-20230418
- os: ubuntu-latest
version: stable-v2.13.5
- os: macos-latest
version: stable-v2.13.5
- os: windows-latest
version: stable-v2.13.5
- os: ubuntu-latest
version: stable-v2.14.6
- os: macos-latest
version: stable-v2.14.6
- os: windows-latest
version: stable-v2.14.6
- os: ubuntu-latest
version: default
- os: macos-latest
version: default
- os: windows-latest
version: default
- os: ubuntu-latest
version: latest
- os: macos-latest
version: latest
- os: windows-latest
version: latest
- os: ubuntu-latest
version: nightly-latest
- os: macos-latest
version: nightly-latest
- os: windows-latest
version: nightly-latest
name: ML-powered queries
permissions:
contents: read
security-events: write
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Check out repository
uses: actions/checkout@v4
- name: Prepare test
id: prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement
if: >-
runner.os != 'Windows' && (
matrix.version == '20220908' ||
matrix.version == '20221211'
)
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init
with:
languages: javascript
queries: security-extended
source-root: ./../action/tests/ml-powered-queries-repo
tools: ${{ steps.prepare-test.outputs.tools-url }}
- uses: ./../action/analyze
with:
output: ${{ runner.temp }}/results
upload-database: false
- name: Upload SARIF
uses: actions/upload-artifact@v3
with:
name: ml-powered-queries-${{ matrix.os }}-${{ matrix.version }}.sarif.json
path: ${{ runner.temp }}/results/javascript.sarif
retention-days: 7
- name: Check sarif
uses: ./../action/.github/actions/check-sarif
with:
sarif-file: ${{ runner.temp }}/results/javascript.sarif
queries-run:
js/ml-powered/nosql-injection,js/ml-powered/path-injection,js/ml-powered/sql-injection,js/ml-powered/xss
queries-not-run: foo,bar
- name: Check results
shell: bash
run: |
cd "$RUNNER_TEMP/results"
# We should run at least the ML-powered queries in `expected_rules`.
expected_rules="js/ml-powered/nosql-injection js/ml-powered/path-injection js/ml-powered/sql-injection js/ml-powered/xss"
for rule in ${expected_rules}; do
found_rule=$(jq --arg rule "${rule}" '[.runs[0].tool.extensions[].rules | select(. != null) |
flatten | .[].id] | any(. == $rule)' javascript.sarif)
echo "Did find rule '${rule}': ${found_rule}"
if [[ "${found_rule}" != "true" ]]; then
echo "Expected SARIF output to contain rule '${rule}', but found no such rule."
exit 1
fi
done
# We should have at least one alert from an ML-powered query.
num_alerts=$(jq '[.runs[0].results[] |
select(.properties.score != null and (.rule.id | startswith("js/ml-powered/")))] | length' \
javascript.sarif)
echo "Found ${num_alerts} alerts from ML-powered queries.";
if [[ "${num_alerts}" -eq 0 ]]; then
echo "Expected to find at least one alert from an ML-powered query but found ${num_alerts}."
exit 1
fi
env:
CODEQL_ACTION_TEST_MODE: true

1
CHANGELOG.md
View file

@ -5,6 +5,7 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th
## [UNRELEASED]
- The CodeQL Action now requires CodeQL version 2.10.5 or later. For more information, see the corresponding changelog entry for CodeQL Action version 2.21.8. [#1907](https://github.com/github/codeql-action/pull/1907)
- The CodeQL Action no longer runs ML-powered queries. For more information, including details on our investment in AI-powered security technology, see ["CodeQL code scanning deprecates ML-powered alerts."](https://github.blog/changelog/2023-09-29-codeql-code-scanning-deprecates-ml-powered-alerts/) [#1910](https://github.com/github/codeql-action/pull/1910)
## 2.21.9 - 27 Sep 2023

5
lib/analyze-action.js generated
View file

@ -54,11 +54,6 @@ async function sendStatusReport(startedAt, config, stats, error, trapCacheUpload
const statusReportBase = await (0, status_report_1.createStatusReportBase)("finish", status, startedAt, await util.checkDiskUsage(), error?.message, error?.stack);
const report = {
...statusReportBase,
...(config
? {
ml_powered_javascript_queries: (0, config_utils_1.getMlPoweredJsQueriesStatus)(config),
}
: {}),
...(stats || {}),
...(dbCreationTimings || {}),
};

2
lib/analyze-action.js.map
View file

File diff suppressed because one or more lines are too long

2
lib/analyze.test.js generated
View file

@ -122,7 +122,6 @@ const util = __importStar(require("./util"));
debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
augmentationProperties: {
injectedMlQueries: false,
packsInputCombines: false,
queriesInputCombines: false,
},
@ -239,7 +238,6 @@ function createBaseConfig(tmpDir) {
debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
augmentationProperties: {
injectedMlQueries: false,
packsInputCombines: false,
queriesInputCombines: false,
},

2
lib/analyze.test.js.map
View file

File diff suppressed because one or more lines are too long

15
lib/codeql.js generated
View file

@ -884,21 +884,6 @@ async function generateCodeScanningConfig(codeql, config, features, logger) {
if (Array.isArray(augmentedConfig.packs) && !augmentedConfig.packs.length) {
delete augmentedConfig.packs;
}
if (config.augmentationProperties.injectedMlQueries) {
// We need to inject the ML queries into the original user input before
// we pass this on to the CLI, to make sure these get run.
const packString = await util.getMlPoweredJsQueriesPack(codeql);
if (augmentedConfig.packs === undefined)
augmentedConfig.packs = [];
if (Array.isArray(augmentedConfig.packs)) {
augmentedConfig.packs.push(packString);
}
else {
if (!augmentedConfig.packs.javascript)
augmentedConfig.packs["javascript"] = [];
augmentedConfig.packs["javascript"].push(packString);
}
}
logger.info(`Writing augmented user configuration file to ${codeScanningConfigFile}`);
logger.startGroup("Augmented user configuration file contents");
logger.info(yaml.dump(augmentedConfig));

2
lib/codeql.js.map
View file

File diff suppressed because one or more lines are too long

62
lib/codeql.test.js generated
View file

@ -73,7 +73,6 @@ ava_1.default.beforeEach(() => {
debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
augmentationProperties: {
injectedMlQueries: false,
packsInputCombines: false,
queriesInputCombines: false,
},
@ -385,7 +384,6 @@ for (const isBundleVersionInUrl of [true, false]) {
...stubConfig,
tempDir,
augmentationProperties: {
injectedMlQueries: false,
queriesInputCombines: false,
packsInputCombines: false,
},
@ -426,49 +424,10 @@ const injectedConfigMacro = ava_1.default.macro({
title: (providedTitle = "") => `databaseInitCluster() injected config: ${providedTitle}`,
});
(0, ava_1.default)("basic", injectedConfigMacro, {
injectedMlQueries: false,
queriesInputCombines: false,
packsInputCombines: false,
}, {}, {});
(0, ava_1.default)("injected ML queries", injectedConfigMacro, {
injectedMlQueries: true,
queriesInputCombines: false,
packsInputCombines: false,
}, {}, {
packs: ["codeql/javascript-experimental-atm-queries@~0.4.0"],
});
(0, ava_1.default)("injected ML queries with existing packs", injectedConfigMacro, {
injectedMlQueries: true,
queriesInputCombines: false,
packsInputCombines: false,
}, {
originalUserInput: {
packs: { javascript: ["codeql/something-else"] },
},
}, {
packs: {
javascript: [
"codeql/something-else",
"codeql/javascript-experimental-atm-queries@~0.4.0",
],
},
});
(0, ava_1.default)("injected ML queries with existing packs of different language", injectedConfigMacro, {
injectedMlQueries: true,
queriesInputCombines: false,
packsInputCombines: false,
}, {
originalUserInput: {
packs: { cpp: ["codeql/something-else"] },
},
}, {
packs: {
cpp: ["codeql/something-else"],
javascript: ["codeql/javascript-experimental-atm-queries@~0.4.0"],
},
});
(0, ava_1.default)("injected packs from input", injectedConfigMacro, {
injectedMlQueries: false,
queriesInputCombines: false,
packsInputCombines: false,
packsInput: ["xxx", "yyy"],
@ -476,7 +435,6 @@ const injectedConfigMacro = ava_1.default.macro({
packs: ["xxx", "yyy"],
});
(0, ava_1.default)("injected packs from input with existing packs combines", injectedConfigMacro, {
injectedMlQueries: false,
queriesInputCombines: false,
packsInputCombines: true,
packsInput: ["xxx", "yyy"],
@ -492,7 +450,6 @@ const injectedConfigMacro = ava_1.default.macro({
},
});
(0, ava_1.default)("injected packs from input with existing packs overrides", injectedConfigMacro, {
injectedMlQueries: false,
queriesInputCombines: false,
packsInputCombines: false,
packsInput: ["xxx", "yyy"],
@ -505,23 +462,8 @@ const injectedConfigMacro = ava_1.default.macro({
}, {
packs: ["xxx", "yyy"],
});
(0, ava_1.default)("injected packs from input with existing packs overrides and ML model inject", injectedConfigMacro, {
injectedMlQueries: true,
queriesInputCombines: false,
packsInputCombines: false,
packsInput: ["xxx", "yyy"],
}, {
originalUserInput: {
packs: {
cpp: ["codeql/something-else"],
},
},
}, {
packs: ["xxx", "yyy", "codeql/javascript-experimental-atm-queries@~0.4.0"],
});
// similar, but with queries
(0, ava_1.default)("injected queries from input", injectedConfigMacro, {
injectedMlQueries: false,
queriesInputCombines: false,
packsInputCombines: false,
queriesInput: [{ uses: "xxx" }, { uses: "yyy" }],
@ -536,7 +478,6 @@ const injectedConfigMacro = ava_1.default.macro({
],
});
(0, ava_1.default)("injected queries from input overrides", injectedConfigMacro, {
injectedMlQueries: false,
queriesInputCombines: false,
packsInputCombines: false,
queriesInput: [{ uses: "xxx" }, { uses: "yyy" }],
@ -555,7 +496,6 @@ const injectedConfigMacro = ava_1.default.macro({
],
});
(0, ava_1.default)("injected queries from input combines", injectedConfigMacro, {
injectedMlQueries: false,
queriesInputCombines: true,
packsInputCombines: false,
queriesInput: [{ uses: "xxx" }, { uses: "yyy" }],
@ -577,7 +517,6 @@ const injectedConfigMacro = ava_1.default.macro({
],
});
(0, ava_1.default)("injected queries from input combines 2", injectedConfigMacro, {
injectedMlQueries: false,
queriesInputCombines: true,
packsInputCombines: true,
queriesInput: [{ uses: "xxx" }, { uses: "yyy" }],
@ -592,7 +531,6 @@ const injectedConfigMacro = ava_1.default.macro({
],
});
(0, ava_1.default)("injected queries and packs, but empty", injectedConfigMacro, {
injectedMlQueries: false,
queriesInputCombines: true,
packsInputCombines: true,
queriesInput: [],

2
lib/codeql.test.js.map
View file

File diff suppressed because one or more lines are too long

97
lib/config-utils.js generated
View file

@ -23,7 +23,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
return result;
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.wrapEnvironment = exports.generateRegistries = exports.downloadPacks = exports.getConfig = exports.getPathToParsedConfigFile = exports.initConfig = exports.getMlPoweredJsQueriesStatus = exports.parsePacks = exports.validatePackSpecification = exports.parsePacksSpecification = exports.parsePacksFromConfig = exports.calculateAugmentation = exports.getDefaultConfig = exports.getRawLanguages = exports.getLanguageAliases = exports.getLanguages = exports.getLanguagesInRepo = exports.getUnknownLanguagesError = exports.getNoLanguagesError = exports.getConfigFileDirectoryGivenMessage = exports.getConfigFileFormatInvalidMessage = exports.getConfigFileRepoFormatInvalidMessage = exports.getConfigFileDoesNotExistErrorMessage = exports.getConfigFileOutsideWorkspaceErrorMessage = exports.getLocalPathDoesNotExist = exports.getLocalPathOutsideOfRepository = exports.getPacksStrInvalid = exports.getPacksInvalid = exports.getPacksInvalidSplit = exports.getPathsInvalid = exports.getPathsIgnoreInvalid = exports.getQueryUsesInvalid = exports.getQueriesMissingUses = exports.getQueriesInvalid = exports.getDisableDefaultQueriesInvalid = exports.getNameInvalid = exports.validateAndSanitisePath = exports.defaultAugmentationProperties = void 0;
exports.wrapEnvironment = exports.generateRegistries = exports.downloadPacks = exports.getConfig = exports.getPathToParsedConfigFile = exports.initConfig = exports.parsePacks = exports.validatePackSpecification = exports.parsePacksSpecification = exports.parsePacksFromConfig = exports.calculateAugmentation = exports.getDefaultConfig = exports.getRawLanguages = exports.getLanguageAliases = exports.getLanguages = exports.getLanguagesInRepo = exports.getUnknownLanguagesError = exports.getNoLanguagesError = exports.getConfigFileDirectoryGivenMessage = exports.getConfigFileFormatInvalidMessage = exports.getConfigFileRepoFormatInvalidMessage = exports.getConfigFileDoesNotExistErrorMessage = exports.getConfigFileOutsideWorkspaceErrorMessage = exports.getLocalPathDoesNotExist = exports.getLocalPathOutsideOfRepository = exports.getPacksStrInvalid = exports.getPacksInvalid = exports.getPacksInvalidSplit = exports.getPathsInvalid = exports.getPathsIgnoreInvalid = exports.getQueryUsesInvalid = exports.getQueriesMissingUses = exports.getQueriesInvalid = exports.getDisableDefaultQueriesInvalid = exports.getNameInvalid = exports.validateAndSanitisePath = exports.defaultAugmentationProperties = void 0;
const fs = __importStar(require("fs"));
const path = __importStar(require("path"));
const perf_hooks_1 = require("perf_hooks");
@ -45,13 +45,12 @@ const PATHS_IGNORE_PROPERTY = "paths-ignore";
const PATHS_PROPERTY = "paths";
const PACKS_PROPERTY = "packs";
/**
* The default, empty augmentation properties. This is most useeful
* The default, empty augmentation properties. This is most useful
* for tests.
*/
exports.defaultAugmentationProperties = {
queriesInputCombines: false,
packsInputCombines: false,
injectedMlQueries: false,
packsInput: undefined,
queriesInput: undefined,
};
@ -139,10 +138,8 @@ const builtinSuites = [
/**
* Determine the set of queries associated with suiteName's suites and add them to resultMap.
* Throws an error if suiteName is not a valid builtin suite.
* May inject ML queries, and the return value will declare if this was done.
*/
async function addBuiltinSuiteQueries(languages, codeQL, resultMap, packs, suiteName, features, configFile) {
let injectedMlQueries = false;
async function addBuiltinSuiteQueries(languages, codeQL, resultMap, suiteName, configFile) {
const found = builtinSuites.find((suite) => suite === suiteName);
if (!found) {
throw new util_1.UserError(getQueryUsesInvalid(configFile, suiteName));
@ -153,27 +150,8 @@ async function addBuiltinSuiteQueries(languages, codeQL, resultMap, packs, suite
${codeql_1.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE}. Please upgrade to CodeQL CLI version
${codeql_1.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE} or later.`);
}
// If we're running the JavaScript security-extended analysis (or a superset of it), the repo is
// opted into the ML-powered queries beta, and a user hasn't already added the ML-powered query
// pack, then add the ML-powered query pack so that we run ML-powered queries.
if (languages.includes("javascript") &&
(found === "security-experimental" ||
found === "security-extended" ||
found === "security-and-quality") &&
!packs.javascript?.some(isMlPoweredJsQueriesPack) &&
(await features.getValue(feature_flags_1.Feature.MlPoweredQueriesEnabled, codeQL))) {
if (!packs.javascript) {
packs.javascript = [];
}
packs.javascript.push(await (0, util_1.getMlPoweredJsQueriesPack)(codeQL));
injectedMlQueries = true;
}
const suites = languages.map((l) => `${l}-${suiteName}.qls`);
await runResolveQueries(codeQL, resultMap, suites, undefined);
return injectedMlQueries;
}
function isMlPoweredJsQueriesPack(pack) {
return parsePacksSpecification(pack).name === util_1.ML_POWERED_JS_QUERIES_PACK_NAME;
}
/**
* Retrieve the set of queries at localQueryPath and add them to resultMap.
@ -230,13 +208,8 @@ async function addRemoteQueries(codeQL, resultMap, queryUses, tempDir, apiDetail
* parsing the 'uses' actions in the workflow file. So it can handle
* local paths starting with './', or references to remote repos, or
* a finite set of hardcoded terms for builtin suites.
*
* This may inject ML queries into the packs to use, and the return value will
* declare if this was done.
*
* @returns whether or not we injected ML queries into the packs
*/
async function parseQueryUses(languages, codeQL, resultMap, packs, queryUses, tempDir, workspacePath, apiDetails, features, logger, configFile) {
async function parseQueryUses(languages, codeQL, resultMap, queryUses, tempDir, workspacePath, apiDetails, features, logger, configFile) {
queryUses = queryUses.trim();
if (queryUses === "") {
throw new util_1.UserError(getQueryUsesInvalid(configFile));
@ -244,11 +217,12 @@ async function parseQueryUses(languages, codeQL, resultMap, packs, queryUses, te
// Check for the local path case before we start trying to parse the repository name
if (queryUses.startsWith("./")) {
await addLocalQueries(codeQL, resultMap, queryUses.slice(2), workspacePath, configFile);
return false;
return;
}
// Check for one of the builtin suites
if (queryUses.indexOf("/") === -1 && queryUses.indexOf("@") === -1) {
return await addBuiltinSuiteQueries(languages, codeQL, resultMap, packs, queryUses, features, configFile);
await addBuiltinSuiteQueries(languages, codeQL, resultMap, queryUses, configFile);
return;
}
// Otherwise, must be a reference to another repo.
// If config parsing is handled in CLI, then this repo will be downloaded
@ -256,7 +230,6 @@ async function parseQueryUses(languages, codeQL, resultMap, packs, queryUses, te
if (!(await (0, feature_flags_1.useCodeScanningConfigInCli)(codeQL, features))) {
await addRemoteQueries(codeQL, resultMap, queryUses, tempDir, apiDetails, logger, configFile);
}
return false;
}
// Regex validating stars in paths or paths-ignore entries.
// The intention is to only allow ** to appear when immediately
@ -516,16 +489,13 @@ async function getRawLanguages(languagesInput, repository, logger) {
return { rawLanguages, autodetected };
}
exports.getRawLanguages = getRawLanguages;
async function addQueriesAndPacksFromWorkflow(codeQL, queriesInput, languages, resultMap, packs, tempDir, workspacePath, apiDetails, features, logger) {
let injectedMlQueries = false;
async function addQueriesFromWorkflow(codeQL, queriesInput, languages, resultMap, tempDir, workspacePath, apiDetails, features, logger) {
queriesInput = queriesInput.trim();
// "+" means "don't override config file" - see shouldAddConfigFileQueries
queriesInput = queriesInput.replace(/^\+/, "");
for (const query of queriesInput.split(",")) {
const didInject = await parseQueryUses(languages, codeQL, resultMap, packs, query, tempDir, workspacePath, apiDetails, features, logger);
injectedMlQueries = injectedMlQueries || didInject;
await parseQueryUses(languages, codeQL, resultMap, query, tempDir, workspacePath, apiDetails, features, logger);
}
return injectedMlQueries;
}
// Returns true if either no queries were provided in the workflow.
// or if the queries in the workflow were provided in "additive" mode,
@ -557,8 +527,7 @@ async function getDefaultConfig(languagesInput, rawQueriesInput, rawPacksInput,
}
: {};
if (rawQueriesInput) {
augmentationProperties.injectedMlQueries =
await addQueriesAndPacksFromWorkflow(codeQL, rawQueriesInput, languages, queries, packs, tempDir, workspacePath, apiDetails, features, logger);
await addQueriesFromWorkflow(codeQL, rawQueriesInput, languages, queries, tempDir, workspacePath, apiDetails, features, logger);
}
const { trapCaches, trapCacheDownloadTime } = await downloadCacheWithTime(trapCachingEnabled, codeQL, languages, logger);
return {
@ -641,8 +610,7 @@ async function loadConfig(languagesInput, rawQueriesInput, rawPacksInput, config
// unless they're prefixed with "+", in which case they supplement those
// in the config file.
if (rawQueriesInput) {
augmentationProperties.injectedMlQueries =
await addQueriesAndPacksFromWorkflow(codeQL, rawQueriesInput, languages, queries, packs, tempDir, workspacePath, apiDetails, features, logger);
await addQueriesFromWorkflow(codeQL, rawQueriesInput, languages, queries, tempDir, workspacePath, apiDetails, features, logger);
}
if (shouldAddConfigFileQueries(rawQueriesInput) &&
QUERIES_PROPERTY in parsedYAML) {
@ -654,7 +622,7 @@ async function loadConfig(languagesInput, rawQueriesInput, rawPacksInput, config
if (typeof query[QUERIES_USES_PROPERTY] !== "string") {
throw new util_1.UserError(getQueriesMissingUses(configFile));
}
await parseQueryUses(languages, codeQL, queries, packs, query[QUERIES_USES_PROPERTY], tempDir, workspacePath, apiDetails, features, logger, configFile);
await parseQueryUses(languages, codeQL, queries, query[QUERIES_USES_PROPERTY], tempDir, workspacePath, apiDetails, features, logger, configFile);
}
}
if (PATHS_IGNORE_PROPERTY in parsedYAML) {
@ -724,7 +692,6 @@ function calculateAugmentation(rawPacksInput, rawQueriesInput, languages) {
const queriesInputCombines = shouldCombine(rawQueriesInput);
const queriesInput = parseQueriesFromInput(rawQueriesInput, queriesInputCombines);
return {
injectedMlQueries: false,
packsInputCombines,
packsInput: packsInput?.[languages[0]],
queriesInput,
@ -932,46 +899,6 @@ function combinePacks(packs1, packs2) {
}
return packs;
}
/**
* Get information about ML-powered JS queries to populate status reports with.
*
* This will be:
*
* - The version string if the analysis is using a single version of the ML-powered query pack.
* - "latest" if the version string of the ML-powered query pack is undefined. This is unlikely to
* occur in practice (see comment below).
* - "false" if the analysis won't run any ML-powered JS queries.
* - "other" in all other cases.
*
* Our goal of the status report here is to allow us to compare the occurrence of timeouts and other
* errors with ML-powered queries turned on and off. We also want to be able to compare minor
* version bumps caused by us bumping the version range of `ML_POWERED_JS_QUERIES_PACK` in a new
* version of the CodeQL Action. For instance, we might want to compare the `~0.1.0` and `~0.0.2`
* version strings.
*
* This function lives here rather than in `init-action.ts` so it's easier to test, since tests for
* `init-action.ts` would each need to live in their own file. See `analyze-action-env.ts` for an
* explanation as to why this is.
*/
function getMlPoweredJsQueriesStatus(config) {
const mlPoweredJsQueryPacks = (config.packs.javascript || [])
.map((p) => parsePacksSpecification(p))
.filter((pack) => pack.name === util_1.ML_POWERED_JS_QUERIES_PACK_NAME && !pack.path);
switch (mlPoweredJsQueryPacks.length) {
case 1:
// We should always specify an explicit version string in `getMlPoweredJsQueriesPack`,
// otherwise we won't be able to make changes to the pack unless those changes are compatible
// with each version of the CodeQL Action. Therefore in practice we should only hit the
// `latest` case here when customers have explicitly added the ML-powered query pack to their
// CodeQL config.
return mlPoweredJsQueryPacks[0].version || "latest";
case 0:
return "false";
default:
return "other";
}
}
exports.getMlPoweredJsQueriesStatus = getMlPoweredJsQueriesStatus;
function dbLocationOrDefault(dbLocation, tempDir) {
return dbLocation || path.resolve(tempDir, "codeql_databases");
}

2
lib/config-utils.js.map
View file

File diff suppressed because one or more lines are too long

126
lib/config-utils.test.js generated
View file

@ -35,7 +35,6 @@ const sinon = __importStar(require("sinon"));
const api = __importStar(require("./api-client"));
const codeql_1 = require("./codeql");
const configUtils = __importStar(require("./config-utils"));
const feature_flags_1 = require("./feature-flags");
const languages_1 = require("./languages");
const logging_1 = require("./logging");
const repository_1 = require("./repository");
@ -1062,66 +1061,6 @@ parseInputAndConfigErrorMacro.title = (providedTitle) => `Parse Packs input and
(0, ava_1.default)("input with two languages", parseInputAndConfigErrorMacro, {}, "c/d", [languages_1.Language.cpp, languages_1.Language.csharp], false, /multi-language analysis/);
(0, ava_1.default)("input with + only", parseInputAndConfigErrorMacro, {}, " + ", [languages_1.Language.cpp], true, /remove the '\+'/);
(0, ava_1.default)("input with invalid pack name", parseInputAndConfigErrorMacro, {}, " xxx", [languages_1.Language.cpp], false, /"xxx" is not a valid pack/);
const mlPoweredQueriesMacro = ava_1.default.macro({
exec: async (t, codeQLVersion, isMlPoweredQueriesEnabled, packsInput, queriesInput, expectedVersionString) => {
return await (0, util_1.withTmpDir)(async (tmpDir) => {
const codeQL = (0, codeql_1.setCodeQL)({
async getVersion() {
return codeQLVersion;
},
async resolveQueries() {
return {
byLanguage: {
javascript: { "fake-query.ql": {} },
},
noDeclaredLanguage: {},
multipleDeclaredLanguages: {},
};
},
async packDownload() {
return { packs: [] };
},
});
const { packs } = await configUtils.initConfig("javascript", queriesInput, packsInput, undefined, undefined, undefined, undefined, false, false, "", "", { owner: "github", repo: "example" }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)(isMlPoweredQueriesEnabled ? [feature_flags_1.Feature.MlPoweredQueriesEnabled] : []), (0, logging_1.getRunnerLogger)(true));
if (expectedVersionString !== undefined) {
t.deepEqual(packs, {
[languages_1.Language.javascript]: [
`codeql/javascript-experimental-atm-queries@${expectedVersionString}`,
],
});
}
else {
t.deepEqual(packs, {});
}
});
},
title: (_providedTitle, codeQLVersion, isMlPoweredQueriesEnabled, packsInput, queriesInput, expectedVersionString) => `ML-powered queries ${expectedVersionString !== undefined
? `${expectedVersionString} are`
: "aren't"} loaded for packs: ${packsInput}, queries: ${queriesInput} using CLI v${codeQLVersion} when feature is ${isMlPoweredQueriesEnabled ? "enabled" : "disabled"}`,
});
// macro, codeQLVersion, isMlPoweredQueriesEnabled, packsInput, queriesInput, expectedVersionString
// Test that ML-powered queries aren't run when the feature is off.
(0, ava_1.default)(mlPoweredQueriesMacro, "2.12.3", false, undefined, "security-extended", undefined);
// Test that ML-powered queries aren't run when the user hasn't specified that we should run the
// `security-extended`, `security-and-quality`, or `security-experimental` query suite.
(0, ava_1.default)(mlPoweredQueriesMacro, "2.12.3", true, undefined, undefined, undefined);
// Test that we don't inject an ML-powered query pack if the user has already specified one.
(0, ava_1.default)(mlPoweredQueriesMacro, "2.12.3", true, "codeql/javascript-experimental-atm-queries@0.0.1", "security-and-quality", "0.0.1");
// Test that ML-powered queries ~0.3.0 are run on all platforms running `security-extended` on
// CodeQL CLI 2.10.5+.
(0, ava_1.default)(mlPoweredQueriesMacro, "2.10.5", true, undefined, "security-extended", "~0.3.0");
// Test that ML-powered queries ~0.3.0 are run on all platforms running `security-and-quality` on
// CodeQL CLI 2.10.5+.
(0, ava_1.default)(mlPoweredQueriesMacro, "2.10.5", true, undefined, "security-and-quality", "~0.3.0");
// Test that ML-powered queries ~0.4.0 are run on all platforms running `security-extended` on
// CodeQL CLI 2.11.3+.
(0, ava_1.default)(mlPoweredQueriesMacro, "2.11.3", true, undefined, "security-extended", "~0.4.0");
// Test that ML-powered queries ~0.4.0 are run on all platforms running `security-and-quality` on
// CodeQL CLI 2.11.3+.
(0, ava_1.default)(mlPoweredQueriesMacro, "2.11.3", true, undefined, "security-and-quality", "~0.4.0");
// Test that ML-powered queries are run on all platforms running `security-experimental` on CodeQL
// CLI 2.12.1+.
(0, ava_1.default)(mlPoweredQueriesMacro, "2.12.1", true, undefined, "security-experimental", "~0.4.0");
const calculateAugmentationMacro = ava_1.default.macro({
exec: async (t, _title, rawPacksInput, rawQueriesInput, languages, expectedAugmentationProperties) => {
const actualAugmentationProperties = configUtils.calculateAugmentation(rawPacksInput, rawQueriesInput, languages);
@ -1134,35 +1073,30 @@ const calculateAugmentationMacro = ava_1.default.macro({
queriesInput: undefined,
packsInputCombines: false,
packsInput: undefined,
injectedMlQueries: false,
});
(0, ava_1.default)(calculateAugmentationMacro, "With queries", undefined, " a, b , c, d", [languages_1.Language.javascript], {
queriesInputCombines: false,
queriesInput: [{ uses: "a" }, { uses: "b" }, { uses: "c" }, { uses: "d" }],
packsInputCombines: false,
packsInput: undefined,
injectedMlQueries: false,
});
(0, ava_1.default)(calculateAugmentationMacro, "With queries combining", undefined, " + a, b , c, d ", [languages_1.Language.javascript], {
queriesInputCombines: true,
queriesInput: [{ uses: "a" }, { uses: "b" }, { uses: "c" }, { uses: "d" }],
packsInputCombines: false,
packsInput: undefined,
injectedMlQueries: false,
});
(0, ava_1.default)(calculateAugmentationMacro, "With packs", " codeql/a , codeql/b , codeql/c , codeql/d ", undefined, [languages_1.Language.javascript], {
queriesInputCombines: false,
queriesInput: undefined,
packsInputCombines: false,
packsInput: ["codeql/a", "codeql/b", "codeql/c", "codeql/d"],
injectedMlQueries: false,
});
(0, ava_1.default)(calculateAugmentationMacro, "With packs combining", " + codeql/a, codeql/b, codeql/c, codeql/d", undefined, [languages_1.Language.javascript], {
queriesInputCombines: false,
queriesInput: undefined,
packsInputCombines: true,
packsInput: ["codeql/a", "codeql/b", "codeql/c", "codeql/d"],
injectedMlQueries: false,
});
const calculateAugmentationErrorMacro = ava_1.default.macro({
exec: async (t, _title, rawPacksInput, rawQueriesInput, languages, expectedError) => {
@ -1401,64 +1335,4 @@ const mockRepositoryNwo = (0, repository_1.parseRepositoryNwo)("owner/repo");
t.deepEqual(mockRequest.called, args.expectedApiCall);
});
});
const ML_POWERED_JS_STATUS_TESTS = [
// If no packs are loaded, status is false.
[[], "false"],
// If another pack is loaded but not the ML-powered query pack, status is false.
[["some-other/pack"], "false"],
// If the ML-powered query pack is loaded with a specific version, status is that version.
[[`${util_1.ML_POWERED_JS_QUERIES_PACK_NAME}@~0.1.0`], "~0.1.0"],
// If the ML-powered query pack is loaded with a specific version and another pack is loaded, the
// status is the version of the ML-powered query pack.
[["some-other/pack", `${util_1.ML_POWERED_JS_QUERIES_PACK_NAME}@~0.1.0`], "~0.1.0"],
// If the ML-powered query pack is loaded without a version, the status is "latest".
[[util_1.ML_POWERED_JS_QUERIES_PACK_NAME], "latest"],
// If the ML-powered query pack is loaded with two different versions, the status is "other".
[
[
`${util_1.ML_POWERED_JS_QUERIES_PACK_NAME}@~0.0.1`,
`${util_1.ML_POWERED_JS_QUERIES_PACK_NAME}@~0.0.2`,
],
"other",
],
// If the ML-powered query pack is loaded with no specific version, and another pack is loaded,
// the status is "latest".
[["some-other/pack", util_1.ML_POWERED_JS_QUERIES_PACK_NAME], "latest"],
];
for (const [packs, expectedStatus] of ML_POWERED_JS_STATUS_TESTS) {
const packDescriptions = `[${packs
.map((pack) => JSON.stringify(pack))
.join(", ")}]`;
(0, ava_1.default)(`ML-powered JS queries status report is "${expectedStatus}" for packs = ${packDescriptions}`, (t) => {
return (0, util_1.withTmpDir)(async (tmpDir) => {
const config = {
languages: [],
queries: {},
paths: [],
pathsIgnore: [],
originalUserInput: {},
tempDir: tmpDir,
codeQLCmd: "",
gitHubVersion: {
type: util_1.GitHubVariant.DOTCOM,
},
dbLocation: "",
packs: {
javascript: packs,
},
debugMode: false,
debugArtifactName: util_1.DEFAULT_DEBUG_ARTIFACT_NAME,
debugDatabaseName: util_1.DEFAULT_DEBUG_DATABASE_NAME,
augmentationProperties: {
injectedMlQueries: false,
packsInputCombines: false,
queriesInputCombines: false,
},
trapCaches: {},
trapCacheDownloadTime: 0,
};
t.is(configUtils.getMlPoweredJsQueriesStatus(config), expectedStatus);
});
});
}
//# sourceMappingURL=config-utils.test.js.map

2
lib/config-utils.test.js.map
View file

File diff suppressed because one or more lines are too long

6
lib/feature-flags.js generated
View file

@ -64,7 +64,6 @@ var Feature;
Feature["DisablePythonDependencyInstallationEnabled"] = "disable_python_dependency_installation_enabled";
Feature["EvaluatorIntraLayerParallelismEnabled"] = "evaluator_intra_layer_parallelism_enabled";
Feature["ExportDiagnosticsEnabled"] = "export_diagnostics_enabled";
Feature["MlPoweredQueriesEnabled"] = "ml_powered_queries_enabled";
Feature["QaTelemetryEnabled"] = "qa_telemetry_enabled";
Feature["SublanguageFileCoverageEnabled"] = "sublanguage_file_coverage_enabled";
Feature["UploadFailedSarifEnabled"] = "upload_failed_sarif_enabled";
@ -105,11 +104,6 @@ exports.featureConfig = {
minimumVersion: "2.12.4",
defaultValue: true,
},
[Feature.MlPoweredQueriesEnabled]: {
envVar: "CODEQL_ML_POWERED_QUERIES",
minimumVersion: undefined,
defaultValue: false,
},
[Feature.QaTelemetryEnabled]: {
envVar: "CODEQL_ACTION_QA_TELEMETRY",
minimumVersion: undefined,

2
lib/feature-flags.js.map
View file

File diff suppressed because one or more lines are too long

3
lib/feature-flags.test.js generated
View file

@ -89,7 +89,8 @@ for (const variant of ALL_FEATURES_DISABLED_VARIANTS) {
await (0, util_1.withTmpDir)(async (tmpDir) => {
const features = setUpFeatureFlagTests(tmpDir);
(0, testing_utils_1.mockFeatureFlagApiEndpoint)(500, {});
await t.throwsAsync(async () => features.getValue(feature_flags_1.Feature.MlPoweredQueriesEnabled, includeCodeQlIfRequired(feature_flags_1.Feature.MlPoweredQueriesEnabled)), {
const someFeature = Object.values(feature_flags_1.Feature)[0];
await t.throwsAsync(async () => features.getValue(someFeature, includeCodeQlIfRequired(someFeature)), {
message: "Encountered an error while trying to determine feature enablement: Error: some error message",
});
});

2
lib/feature-flags.test.js.map
View file

File diff suppressed because one or more lines are too long

2
lib/init-action.js generated
View file

@ -28,7 +28,6 @@ const core = __importStar(require("@actions/core"));
const uuid_1 = require("uuid");
const actions_util_1 = require("./actions-util");
const api_client_1 = require("./api-client");
const config_utils_1 = require("./config-utils");
const environment_1 = require("./environment");
const feature_flags_1 = require("./feature-flags");
const init_1 = require("./init");
@ -81,7 +80,6 @@ async function sendCompletedStatusReport(startedAt, config, toolsDownloadDuratio
...initStatusReport,
disable_default_queries: disableDefaultQueries,
languages,
ml_powered_javascript_queries: (0, config_utils_1.getMlPoweredJsQueriesStatus)(config),
paths,
paths_ignore: pathsIgnore,
queries: queries.join(","),

2
lib/init-action.js.map
View file

File diff suppressed because one or more lines are too long

2
lib/trap-caching.test.js generated
View file

@ -95,7 +95,6 @@ const testConfigWithoutTmpDir = {
debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
augmentationProperties: {
injectedMlQueries: false,
packsInputCombines: false,
queriesInputCombines: false,
},
@ -120,7 +119,6 @@ function getTestConfigWithTempDir(tmpDir) {
debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
augmentationProperties: {
injectedMlQueries: false,
packsInputCombines: false,
queriesInputCombines: false,
},

2
lib/trap-caching.test.js.map
View file

File diff suppressed because one or more lines are too long

21
lib/util.js generated
View file

@ -26,7 +26,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.checkDiskUsage = exports.prettyPrintPack = exports.getMlPoweredJsQueriesPack = exports.ML_POWERED_JS_QUERIES_PACK_NAME = exports.wrapError = exports.fixInvalidNotificationsInFile = exports.fixInvalidNotifications = exports.parseMatrixInput = exports.isHostedRunner = exports.checkForTimeout = exports.withTimeout = exports.tryGetFolderBytes = exports.listFolder = exports.doesDirectoryExist = exports.isInTestMode = exports.supportExpectDiscardedCache = exports.isGoodVersion = exports.delay = exports.bundleDb = exports.codeQlVersionAbove = exports.getCachedCodeQlVersion = exports.cacheCodeQlVersion = exports.isHTTPError = exports.UserError = exports.HTTPError = exports.getRequiredEnvParam = exports.initializeEnvironment = exports.assertNever = exports.apiVersionInRange = exports.DisallowedAPIVersionReason = exports.checkGitHubVersionInRange = exports.GitHubVariant = exports.parseGitHubUrl = exports.getCodeQLDatabasePath = exports.getThreadsFlag = exports.getThreadsFlagValue = exports.getAddSnippetsFlag = exports.getMemoryFlag = exports.getMemoryFlagValue = exports.getMemoryFlagValueForPlatform = exports.withTmpDir = exports.getToolNames = exports.getExtraOptionsEnvParam = exports.DEFAULT_DEBUG_DATABASE_NAME = exports.DEFAULT_DEBUG_ARTIFACT_NAME = exports.GITHUB_DOTCOM_URL = void 0;
exports.checkDiskUsage = exports.prettyPrintPack = exports.wrapError = exports.fixInvalidNotificationsInFile = exports.fixInvalidNotifications = exports.parseMatrixInput = exports.isHostedRunner = exports.checkForTimeout = exports.withTimeout = exports.tryGetFolderBytes = exports.listFolder = exports.doesDirectoryExist = exports.isInTestMode = exports.supportExpectDiscardedCache = exports.isGoodVersion = exports.delay = exports.bundleDb = exports.codeQlVersionAbove = exports.getCachedCodeQlVersion = exports.cacheCodeQlVersion = exports.isHTTPError = exports.UserError = exports.HTTPError = exports.getRequiredEnvParam = exports.initializeEnvironment = exports.assertNever = exports.apiVersionInRange = exports.DisallowedAPIVersionReason = exports.checkGitHubVersionInRange = exports.GitHubVariant = exports.parseGitHubUrl = exports.getCodeQLDatabasePath = exports.getThreadsFlag = exports.getThreadsFlagValue = exports.getAddSnippetsFlag = exports.getMemoryFlag = exports.getMemoryFlagValue = exports.getMemoryFlagValueForPlatform = exports.withTmpDir = exports.getToolNames = exports.getExtraOptionsEnvParam = exports.DEFAULT_DEBUG_DATABASE_NAME = exports.DEFAULT_DEBUG_ARTIFACT_NAME = exports.GITHUB_DOTCOM_URL = void 0;
const fs = __importStar(require("fs"));
const os = __importStar(require("os"));
const path = __importStar(require("path"));
@ -719,25 +719,6 @@ function wrapError(error) {
return error instanceof Error ? error : new Error(String(error));
}
exports.wrapError = wrapError;
exports.ML_POWERED_JS_QUERIES_PACK_NAME = "codeql/javascript-experimental-atm-queries";
/**
* Gets the ML-powered JS query pack to add to the analysis if a repo is opted into the ML-powered
* queries beta.
*/
async function getMlPoweredJsQueriesPack(codeQL) {
let version;
if (await codeQlVersionAbove(codeQL, "2.11.3")) {
version = "~0.4.0";
}
else {
version = `~0.3.0`;
}
return prettyPrintPack({
name: exports.ML_POWERED_JS_QUERIES_PACK_NAME,
version,
});
}
exports.getMlPoweredJsQueriesPack = getMlPoweredJsQueriesPack;
function prettyPrintPack(pack) {
return `${pack.name}${pack.version ? `@${pack.version}` : ""}${pack.path ? `:${pack.path}` : ""}`;
}

2
lib/util.js.map
View file

File diff suppressed because one or more lines are too long

55
pr-checks/checks/ml-powered-queries.yml
View file

@ -1,55 +0,0 @@
name: "ML-powered queries"
description: "Tests that ML-powered queries are run with the security-extended suite and that they produce alerts on a test DB"
steps:
- uses: ./../action/init
with:
languages: javascript
queries: security-extended
source-root: ./../action/tests/ml-powered-queries-repo
tools: ${{ steps.prepare-test.outputs.tools-url }}
- uses: ./../action/analyze
with:
output: "${{ runner.temp }}/results"
upload-database: false
- name: Upload SARIF
uses: actions/upload-artifact@v3
with:
name: ml-powered-queries-${{ matrix.os }}-${{ matrix.version }}.sarif.json
path: "${{ runner.temp }}/results/javascript.sarif"
retention-days: 7
- name: Check sarif
uses: ./../action/.github/actions/check-sarif
with:
sarif-file: ${{ runner.temp }}/results/javascript.sarif
queries-run: js/ml-powered/nosql-injection,js/ml-powered/path-injection,js/ml-powered/sql-injection,js/ml-powered/xss
queries-not-run: foo,bar
- name: Check results
shell: bash
run: |
cd "$RUNNER_TEMP/results"
# We should run at least the ML-powered queries in `expected_rules`.
expected_rules="js/ml-powered/nosql-injection js/ml-powered/path-injection js/ml-powered/sql-injection js/ml-powered/xss"
for rule in ${expected_rules}; do
found_rule=$(jq --arg rule "${rule}" '[.runs[0].tool.extensions[].rules | select(. != null) |
flatten | .[].id] | any(. == $rule)' javascript.sarif)
echo "Did find rule '${rule}': ${found_rule}"
if [[ "${found_rule}" != "true" ]]; then
echo "Expected SARIF output to contain rule '${rule}', but found no such rule."
exit 1
fi
done
# We should have at least one alert from an ML-powered query.
num_alerts=$(jq '[.runs[0].results[] |
select(.properties.score != null and (.rule.id | startswith("js/ml-powered/")))] | length' \
javascript.sarif)
echo "Found ${num_alerts} alerts from ML-powered queries.";
if [[ "${num_alerts}" -eq 0 ]]; then
echo "Expected to find at least one alert from an ML-powered query but found ${num_alerts}."
exit 1
fi

7
src/analyze-action.ts
View file

@ -16,7 +16,7 @@ import {
import { getApiDetails, getGitHubVersion } from "./api-client";
import { runAutobuild } from "./autobuild";
import { getCodeQL } from "./codeql";
import { Config, getConfig, getMlPoweredJsQueriesStatus } from "./config-utils";
import { Config, getConfig } from "./config-utils";
import { uploadDatabases } from "./database-upload";
import { EnvVar } from "./environment";
import { Features } from "./feature-flags";
@ -73,11 +73,6 @@ async function sendStatusReport(
);
const report: FinishStatusReport = {
...statusReportBase,
...(config
? {
ml_powered_javascript_queries: getMlPoweredJsQueriesStatus(config),
}
: {}),
...(stats || {}),
...(dbCreationTimings || {}),
};

2
src/analyze.test.ts
View file

@ -119,7 +119,6 @@ test("status report fields and search path setting", async (t) => {
debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
augmentationProperties: {
injectedMlQueries: false,
packsInputCombines: false,
queriesInputCombines: false,
},
@ -283,7 +282,6 @@ function createBaseConfig(tmpDir: string): Config {
debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
augmentationProperties: {
injectedMlQueries: false,
packsInputCombines: false,
queriesInputCombines: false,
},

90
src/codeql.test.ts
View file

@ -61,7 +61,6 @@ test.beforeEach(() => {
debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
augmentationProperties: {
injectedMlQueries: false,
packsInputCombines: false,
queriesInputCombines: false,
},
@ -572,7 +571,6 @@ test("databaseInitCluster() without injected codescanning config", async (t) =>
...stubConfig,
tempDir,
augmentationProperties: {
injectedMlQueries: false,
queriesInputCombines: false,
packsInputCombines: false,
},
@ -649,7 +647,6 @@ test(
"basic",
injectedConfigMacro,
{
injectedMlQueries: false,
queriesInputCombines: false,
packsInputCombines: false,
},
@ -657,69 +654,10 @@ test(
{},
);
test(
"injected ML queries",
injectedConfigMacro,
{
injectedMlQueries: true,
queriesInputCombines: false,
packsInputCombines: false,
},
{},
{
packs: ["codeql/javascript-experimental-atm-queries@~0.4.0"],
},
);
test(
"injected ML queries with existing packs",
injectedConfigMacro,
{
injectedMlQueries: true,
queriesInputCombines: false,
packsInputCombines: false,
},
{
originalUserInput: {
packs: { javascript: ["codeql/something-else"] },
},
},
{
packs: {
javascript: [
"codeql/something-else",
"codeql/javascript-experimental-atm-queries@~0.4.0",
],
},
},
);
test(
"injected ML queries with existing packs of different language",
injectedConfigMacro,
{
injectedMlQueries: true,
queriesInputCombines: false,
packsInputCombines: false,
},
{
originalUserInput: {
packs: { cpp: ["codeql/something-else"] },
},
},
{
packs: {
cpp: ["codeql/something-else"],
javascript: ["codeql/javascript-experimental-atm-queries@~0.4.0"],
},
},
);
test(
"injected packs from input",
injectedConfigMacro,
{
injectedMlQueries: false,
queriesInputCombines: false,
packsInputCombines: false,
packsInput: ["xxx", "yyy"],
@ -734,7 +672,6 @@ test(
"injected packs from input with existing packs combines",
injectedConfigMacro,
{
injectedMlQueries: false,
queriesInputCombines: false,
packsInputCombines: true,
packsInput: ["xxx", "yyy"],
@ -757,7 +694,6 @@ test(
"injected packs from input with existing packs overrides",
injectedConfigMacro,
{
injectedMlQueries: false,
queriesInputCombines: false,
packsInputCombines: false,
packsInput: ["xxx", "yyy"],
@ -774,33 +710,11 @@ test(
},
);
test(
"injected packs from input with existing packs overrides and ML model inject",
injectedConfigMacro,
{
injectedMlQueries: true,
queriesInputCombines: false,
packsInputCombines: false,
packsInput: ["xxx", "yyy"],
},
{
originalUserInput: {
packs: {
cpp: ["codeql/something-else"],
},
},
},
{
packs: ["xxx", "yyy", "codeql/javascript-experimental-atm-queries@~0.4.0"],
},
);
// similar, but with queries
test(
"injected queries from input",
injectedConfigMacro,
{
injectedMlQueries: false,
queriesInputCombines: false,
packsInputCombines: false,
queriesInput: [{ uses: "xxx" }, { uses: "yyy" }],
@ -822,7 +736,6 @@ test(
"injected queries from input overrides",
injectedConfigMacro,
{
injectedMlQueries: false,
queriesInputCombines: false,
packsInputCombines: false,
queriesInput: [{ uses: "xxx" }, { uses: "yyy" }],
@ -848,7 +761,6 @@ test(
"injected queries from input combines",
injectedConfigMacro,
{
injectedMlQueries: false,
queriesInputCombines: true,
packsInputCombines: false,
queriesInput: [{ uses: "xxx" }, { uses: "yyy" }],
@ -877,7 +789,6 @@ test(
"injected queries from input combines 2",
injectedConfigMacro,
{
injectedMlQueries: false,
queriesInputCombines: true,
packsInputCombines: true,
queriesInput: [{ uses: "xxx" }, { uses: "yyy" }],
@ -899,7 +810,6 @@ test(
"injected queries and packs, but empty",
injectedConfigMacro,
{
injectedMlQueries: false,
queriesInputCombines: true,
packsInputCombines: true,
queriesInput: [],

14
src/codeql.ts
View file

@ -1353,20 +1353,6 @@ async function generateCodeScanningConfig(
if (Array.isArray(augmentedConfig.packs) && !augmentedConfig.packs.length) {
delete augmentedConfig.packs;
}
if (config.augmentationProperties.injectedMlQueries) {
// We need to inject the ML queries into the original user input before
// we pass this on to the CLI, to make sure these get run.
const packString = await util.getMlPoweredJsQueriesPack(codeql);
if (augmentedConfig.packs === undefined) augmentedConfig.packs = [];
if (Array.isArray(augmentedConfig.packs)) {
augmentedConfig.packs.push(packString);
} else {
if (!augmentedConfig.packs.javascript)
augmentedConfig.packs["javascript"] = [];
augmentedConfig.packs["javascript"].push(packString);
}
}
logger.info(
`Writing augmented user configuration file to ${codeScanningConfigFile}`,
);

224
src/config-utils.test.ts
View file

@ -9,7 +9,6 @@ import * as sinon from "sinon";
import * as api from "./api-client";
import { getCachedCodeQL, PackDownloadOutput, setCodeQL } from "./codeql";
import * as configUtils from "./config-utils";
import { Feature } from "./feature-flags";
import { Language } from "./languages";
import { getRunnerLogger, Logger } from "./logging";
import { parseRepositoryNwo } from "./repository";
@ -19,9 +18,6 @@ import {
mockLanguagesInRepo as mockLanguagesInRepo,
} from "./testing-utils";
import {
DEFAULT_DEBUG_ARTIFACT_NAME,
DEFAULT_DEBUG_DATABASE_NAME,
ML_POWERED_JS_QUERIES_PACK_NAME,
GitHubVariant,
GitHubVersion,
prettyPrintPack,
@ -2110,158 +2106,6 @@ test(
/"xxx" is not a valid pack/,
);
const mlPoweredQueriesMacro = test.macro({
exec: async (
t: ExecutionContext,
codeQLVersion: string,
isMlPoweredQueriesEnabled: boolean,
packsInput: string | undefined,
queriesInput: string | undefined,
expectedVersionString: string | undefined,
) => {
return await withTmpDir(async (tmpDir) => {
const codeQL = setCodeQL({
async getVersion() {
return codeQLVersion;
},
async resolveQueries() {
return {
byLanguage: {
javascript: { "fake-query.ql": {} },
},
noDeclaredLanguage: {},
multipleDeclaredLanguages: {},
};
},
async packDownload(): Promise<PackDownloadOutput> {
return { packs: [] };
},
});
const { packs } = await configUtils.initConfig(
"javascript",
queriesInput,
packsInput,
undefined,
undefined,
undefined,
undefined,
false,
false,
"",
"",
{ owner: "github", repo: "example" },
tmpDir,
codeQL,
tmpDir,
gitHubVersion,
sampleApiDetails,
createFeatures(
isMlPoweredQueriesEnabled ? [Feature.MlPoweredQueriesEnabled] : [],
),
getRunnerLogger(true),
);
if (expectedVersionString !== undefined) {
t.deepEqual(packs as unknown, {
[Language.javascript]: [
`codeql/javascript-experimental-atm-queries@${expectedVersionString}`,
],
});
} else {
t.deepEqual(packs as unknown, {});
}
});
},
title: (
_providedTitle: string | undefined,
codeQLVersion: string,
isMlPoweredQueriesEnabled: boolean,
packsInput: string | undefined,
queriesInput: string | undefined,
expectedVersionString: string | undefined,
) =>
`ML-powered queries ${
expectedVersionString !== undefined
? `${expectedVersionString} are`
: "aren't"
} loaded for packs: ${packsInput}, queries: ${queriesInput} using CLI v${codeQLVersion} when feature is ${
isMlPoweredQueriesEnabled ? "enabled" : "disabled"
}`,
});
// macro, codeQLVersion, isMlPoweredQueriesEnabled, packsInput, queriesInput, expectedVersionString
// Test that ML-powered queries aren't run when the feature is off.
test(
mlPoweredQueriesMacro,
"2.12.3",
false,
undefined,
"security-extended",
undefined,
);
// Test that ML-powered queries aren't run when the user hasn't specified that we should run the
// `security-extended`, `security-and-quality`, or `security-experimental` query suite.
test(mlPoweredQueriesMacro, "2.12.3", true, undefined, undefined, undefined);
// Test that we don't inject an ML-powered query pack if the user has already specified one.
test(
mlPoweredQueriesMacro,
"2.12.3",
true,
"codeql/javascript-experimental-atm-queries@0.0.1",
"security-and-quality",
"0.0.1",
);
// Test that ML-powered queries ~0.3.0 are run on all platforms running `security-extended` on
// CodeQL CLI 2.10.5+.
test(
mlPoweredQueriesMacro,
"2.10.5",
true,
undefined,
"security-extended",
"~0.3.0",
);
// Test that ML-powered queries ~0.3.0 are run on all platforms running `security-and-quality` on
// CodeQL CLI 2.10.5+.
test(
mlPoweredQueriesMacro,
"2.10.5",
true,
undefined,
"security-and-quality",
"~0.3.0",
);
// Test that ML-powered queries ~0.4.0 are run on all platforms running `security-extended` on
// CodeQL CLI 2.11.3+.
test(
mlPoweredQueriesMacro,
"2.11.3",
true,
undefined,
"security-extended",
"~0.4.0",
);
// Test that ML-powered queries ~0.4.0 are run on all platforms running `security-and-quality` on
// CodeQL CLI 2.11.3+.
test(
mlPoweredQueriesMacro,
"2.11.3",
true,
undefined,
"security-and-quality",
"~0.4.0",
);
// Test that ML-powered queries are run on all platforms running `security-experimental` on CodeQL
// CLI 2.12.1+.
test(
mlPoweredQueriesMacro,
"2.12.1",
true,
undefined,
"security-experimental",
"~0.4.0",
);
const calculateAugmentationMacro = test.macro({
exec: async (
t: ExecutionContext,
@ -2292,7 +2136,6 @@ test(
queriesInput: undefined,
packsInputCombines: false,
packsInput: undefined,
injectedMlQueries: false,
} as configUtils.AugmentationProperties,
);
@ -2307,7 +2150,6 @@ test(
queriesInput: [{ uses: "a" }, { uses: "b" }, { uses: "c" }, { uses: "d" }],
packsInputCombines: false,
packsInput: undefined,
injectedMlQueries: false,
} as configUtils.AugmentationProperties,
);
@ -2322,7 +2164,6 @@ test(
queriesInput: [{ uses: "a" }, { uses: "b" }, { uses: "c" }, { uses: "d" }],
packsInputCombines: false,
packsInput: undefined,
injectedMlQueries: false,
} as configUtils.AugmentationProperties,
);
@ -2337,7 +2178,6 @@ test(
queriesInput: undefined,
packsInputCombines: false,
packsInput: ["codeql/a", "codeql/b", "codeql/c", "codeql/d"],
injectedMlQueries: false,
} as configUtils.AugmentationProperties,
);
@ -2352,7 +2192,6 @@ test(
queriesInput: undefined,
packsInputCombines: true,
packsInput: ["codeql/a", "codeql/b", "codeql/c", "codeql/d"],
injectedMlQueries: false,
} as configUtils.AugmentationProperties,
);
@ -2723,66 +2562,3 @@ const mockRepositoryNwo = parseRepositoryNwo("owner/repo");
t.deepEqual(mockRequest.called, args.expectedApiCall);
});
});
const ML_POWERED_JS_STATUS_TESTS: Array<[string[], string]> = [
// If no packs are loaded, status is false.
[[], "false"],
// If another pack is loaded but not the ML-powered query pack, status is false.
[["some-other/pack"], "false"],
// If the ML-powered query pack is loaded with a specific version, status is that version.
[[`${ML_POWERED_JS_QUERIES_PACK_NAME}@~0.1.0`], "~0.1.0"],
// If the ML-powered query pack is loaded with a specific version and another pack is loaded, the
// status is the version of the ML-powered query pack.
[["some-other/pack", `${ML_POWERED_JS_QUERIES_PACK_NAME}@~0.1.0`], "~0.1.0"],
// If the ML-powered query pack is loaded without a version, the status is "latest".
[[ML_POWERED_JS_QUERIES_PACK_NAME], "latest"],
// If the ML-powered query pack is loaded with two different versions, the status is "other".
[
[
`${ML_POWERED_JS_QUERIES_PACK_NAME}@~0.0.1`,
`${ML_POWERED_JS_QUERIES_PACK_NAME}@~0.0.2`,
],
"other",
],
// If the ML-powered query pack is loaded with no specific version, and another pack is loaded,
// the status is "latest".
[["some-other/pack", ML_POWERED_JS_QUERIES_PACK_NAME], "latest"],
];
for (const [packs, expectedStatus] of ML_POWERED_JS_STATUS_TESTS) {
const packDescriptions = `[${packs
.map((pack) => JSON.stringify(pack))
.join(", ")}]`;
test(`ML-powered JS queries status report is "${expectedStatus}" for packs = ${packDescriptions}`, (t) => {
return withTmpDir(async (tmpDir) => {
const config: configUtils.Config = {
languages: [],
queries: {},
paths: [],
pathsIgnore: [],
originalUserInput: {},
tempDir: tmpDir,
codeQLCmd: "",
gitHubVersion: {
type: GitHubVariant.DOTCOM,
} as GitHubVersion,
dbLocation: "",
packs: {
javascript: packs,
},
debugMode: false,
debugArtifactName: DEFAULT_DEBUG_ARTIFACT_NAME,
debugDatabaseName: DEFAULT_DEBUG_DATABASE_NAME,
augmentationProperties: {
injectedMlQueries: false,
packsInputCombines: false,
queriesInputCombines: false,
},
trapCaches: {},
trapCacheDownloadTime: 0,
};
t.is(configUtils.getMlPoweredJsQueriesStatus(config), expectedStatus);
});
});
}

159
src/config-utils.ts
View file

@ -14,7 +14,6 @@ import {
} from "./codeql";
import * as externalQueries from "./external-queries";
import {
Feature,
FeatureEnablement,
logCodeScanningConfigInCli,
useCodeScanningConfigInCli,
@ -25,9 +24,7 @@ import { RepositoryNwo } from "./repository";
import { downloadTrapCaches } from "./trap-caching";
import {
codeQlVersionAbove,
getMlPoweredJsQueriesPack,
GitHubVersion,
ML_POWERED_JS_QUERIES_PACK_NAME,
prettyPrintPack,
UserError,
} from "./util";
@ -244,20 +241,15 @@ export interface AugmentationProperties {
* The packs input from the `with` block of the action declaration
*/
packsInput?: string[];
/**
* Whether we injected ML queries into this configuration.
*/
injectedMlQueries: boolean;
}
/**
* The default, empty augmentation properties. This is most useeful
* The default, empty augmentation properties. This is most useful
* for tests.
*/
export const defaultAugmentationProperties: AugmentationProperties = {
queriesInputCombines: false,
packsInputCombines: false,
injectedMlQueries: false,
packsInput: undefined,
queriesInput: undefined,
};
@ -389,18 +381,14 @@ const builtinSuites = [
/**
* Determine the set of queries associated with suiteName's suites and add them to resultMap.
* Throws an error if suiteName is not a valid builtin suite.
* May inject ML queries, and the return value will declare if this was done.
*/
async function addBuiltinSuiteQueries(
languages: string[],
codeQL: CodeQL,
resultMap: Queries,
packs: Packs,
suiteName: string,
features: FeatureEnablement,
configFile?: string,
): Promise<boolean> {
let injectedMlQueries = false;
): Promise<void> {
const found = builtinSuites.find((suite) => suite === suiteName);
if (!found) {
throw new UserError(getQueryUsesInvalid(configFile, suiteName));
@ -419,31 +407,8 @@ async function addBuiltinSuiteQueries(
);
}
// If we're running the JavaScript security-extended analysis (or a superset of it), the repo is
// opted into the ML-powered queries beta, and a user hasn't already added the ML-powered query
// pack, then add the ML-powered query pack so that we run ML-powered queries.
if (
languages.includes("javascript") &&
(found === "security-experimental" ||
found === "security-extended" ||
found === "security-and-quality") &&
!packs.javascript?.some(isMlPoweredJsQueriesPack) &&
(await features.getValue(Feature.MlPoweredQueriesEnabled, codeQL))
) {
if (!packs.javascript) {
packs.javascript = [];
}
packs.javascript.push(await getMlPoweredJsQueriesPack(codeQL));
injectedMlQueries = true;
}
const suites = languages.map((l) => `${l}-${suiteName}.qls`);
await runResolveQueries(codeQL, resultMap, suites, undefined);
return injectedMlQueries;
}
function isMlPoweredJsQueriesPack(pack: string) {
return parsePacksSpecification(pack).name === ML_POWERED_JS_QUERIES_PACK_NAME;
}
/**
@ -545,17 +510,11 @@ async function addRemoteQueries(
* parsing the 'uses' actions in the workflow file. So it can handle
* local paths starting with './', or references to remote repos, or
* a finite set of hardcoded terms for builtin suites.
*
* This may inject ML queries into the packs to use, and the return value will
* declare if this was done.
*
* @returns whether or not we injected ML queries into the packs
*/
async function parseQueryUses(
languages: string[],
codeQL: CodeQL,
resultMap: Queries,
packs: Packs,
queryUses: string,
tempDir: string,
workspacePath: string,
@ -563,7 +522,7 @@ async function parseQueryUses(
features: FeatureEnablement,
logger: Logger,
configFile?: string,
): Promise<boolean> {
): Promise<void> {
queryUses = queryUses.trim();
if (queryUses === "") {
throw new UserError(getQueryUsesInvalid(configFile));
@ -578,20 +537,19 @@ async function parseQueryUses(
workspacePath,
configFile,
);
return false;
return;
}
// Check for one of the builtin suites
if (queryUses.indexOf("/") === -1 && queryUses.indexOf("@") === -1) {
return await addBuiltinSuiteQueries(
await addBuiltinSuiteQueries(
languages,
codeQL,
resultMap,
packs,
queryUses,
features,
configFile,
);
return;
}
// Otherwise, must be a reference to another repo.
@ -608,7 +566,6 @@ async function parseQueryUses(
configFile,
);
}
return false;
}
// Regex validating stars in paths or paths-ignore entries.
@ -1016,29 +973,26 @@ export async function getRawLanguages(
return { rawLanguages, autodetected };
}
async function addQueriesAndPacksFromWorkflow(
async function addQueriesFromWorkflow(
codeQL: CodeQL,
queriesInput: string,
languages: string[],
resultMap: Queries,
packs: Packs,
tempDir: string,
workspacePath: string,
apiDetails: api.GitHubApiExternalRepoDetails,
features: FeatureEnablement,
logger: Logger,
): Promise<boolean> {
let injectedMlQueries = false;
): Promise<void> {
queriesInput = queriesInput.trim();
// "+" means "don't override config file" - see shouldAddConfigFileQueries
queriesInput = queriesInput.replace(/^\+/, "");
for (const query of queriesInput.split(",")) {
const didInject = await parseQueryUses(
await parseQueryUses(
languages,
codeQL,
resultMap,
packs,
query,
tempDir,
workspacePath,
@ -1046,10 +1000,7 @@ async function addQueriesAndPacksFromWorkflow(
features,
logger,
);
injectedMlQueries = injectedMlQueries || didInject;
}
return injectedMlQueries;
}
// Returns true if either no queries were provided in the workflow.
@ -1110,19 +1061,17 @@ export async function getDefaultConfig(
}
: {};
if (rawQueriesInput) {
augmentationProperties.injectedMlQueries =
await addQueriesAndPacksFromWorkflow(
codeQL,
rawQueriesInput,
languages,
queries,
packs,
tempDir,
workspacePath,
apiDetails,
features,
logger,
);
await addQueriesFromWorkflow(
codeQL,
rawQueriesInput,
languages,
queries,
tempDir,
workspacePath,
apiDetails,
features,
logger,
);
}
const { trapCaches, trapCacheDownloadTime } = await downloadCacheWithTime(
@ -1260,19 +1209,17 @@ async function loadConfig(
// unless they're prefixed with "+", in which case they supplement those
// in the config file.
if (rawQueriesInput) {
augmentationProperties.injectedMlQueries =
await addQueriesAndPacksFromWorkflow(
codeQL,
rawQueriesInput,
languages,
queries,
packs,
tempDir,
workspacePath,
apiDetails,
features,
logger,
);
await addQueriesFromWorkflow(
codeQL,
rawQueriesInput,
languages,
queries,
tempDir,
workspacePath,
apiDetails,
features,
logger,
);
}
if (
shouldAddConfigFileQueries(rawQueriesInput) &&
@ -1290,7 +1237,6 @@ async function loadConfig(
languages,
codeQL,
queries,
packs,
query[QUERIES_USES_PROPERTY],
tempDir,
workspacePath,
@ -1404,7 +1350,6 @@ export function calculateAugmentation(
);
return {
injectedMlQueries: false, // filled in later
packsInputCombines,
packsInput: packsInput?.[languages[0]],
queriesInput,
@ -1685,48 +1630,6 @@ function combinePacks(packs1: Packs, packs2: Packs): Packs {
return packs;
}
/**
* Get information about ML-powered JS queries to populate status reports with.
*
* This will be:
*
* - The version string if the analysis is using a single version of the ML-powered query pack.
* - "latest" if the version string of the ML-powered query pack is undefined. This is unlikely to
* occur in practice (see comment below).
* - "false" if the analysis won't run any ML-powered JS queries.
* - "other" in all other cases.
*
* Our goal of the status report here is to allow us to compare the occurrence of timeouts and other
* errors with ML-powered queries turned on and off. We also want to be able to compare minor
* version bumps caused by us bumping the version range of `ML_POWERED_JS_QUERIES_PACK` in a new
* version of the CodeQL Action. For instance, we might want to compare the `~0.1.0` and `~0.0.2`
* version strings.
*
* This function lives here rather than in `init-action.ts` so it's easier to test, since tests for
* `init-action.ts` would each need to live in their own file. See `analyze-action-env.ts` for an
* explanation as to why this is.
*/
export function getMlPoweredJsQueriesStatus(config: Config): string {
const mlPoweredJsQueryPacks = (config.packs.javascript || [])
.map((p) => parsePacksSpecification(p))
.filter(
(pack) => pack.name === ML_POWERED_JS_QUERIES_PACK_NAME && !pack.path,
);
switch (mlPoweredJsQueryPacks.length) {
case 1:
// We should always specify an explicit version string in `getMlPoweredJsQueriesPack`,
// otherwise we won't be able to make changes to the pack unless those changes are compatible
// with each version of the CodeQL Action. Therefore in practice we should only hit the
// `latest` case here when customers have explicitly added the ML-powered query pack to their
// CodeQL config.
return mlPoweredJsQueryPacks[0].version || "latest";
case 0:
return "false";
default:
return "other";
}
}
function dbLocationOrDefault(
dbLocation: string | undefined,
tempDir: string,

7
src/feature-flags.test.ts
View file

@ -119,12 +119,11 @@ test("Feature flags exception is propagated if the API request errors", async (t
mockFeatureFlagApiEndpoint(500, {});
const someFeature = Object.values(Feature)[0];
await t.throwsAsync(
async () =>
features.getValue(
Feature.MlPoweredQueriesEnabled,
includeCodeQlIfRequired(Feature.MlPoweredQueriesEnabled),
),
features.getValue(someFeature, includeCodeQlIfRequired(someFeature)),
{
message:
"Encountered an error while trying to determine feature enablement: Error: some error message",

6
src/feature-flags.ts
View file

@ -62,7 +62,6 @@ export enum Feature {
DisablePythonDependencyInstallationEnabled = "disable_python_dependency_installation_enabled",
EvaluatorIntraLayerParallelismEnabled = "evaluator_intra_layer_parallelism_enabled",
ExportDiagnosticsEnabled = "export_diagnostics_enabled",
MlPoweredQueriesEnabled = "ml_powered_queries_enabled",
QaTelemetryEnabled = "qa_telemetry_enabled",
SublanguageFileCoverageEnabled = "sublanguage_file_coverage_enabled",
UploadFailedSarifEnabled = "upload_failed_sarif_enabled",
@ -107,11 +106,6 @@ export const featureConfig: Record<
minimumVersion: "2.12.4",
defaultValue: true,
},
[Feature.MlPoweredQueriesEnabled]: {
envVar: "CODEQL_ML_POWERED_QUERIES",
minimumVersion: undefined,
defaultValue: false,
},
[Feature.QaTelemetryEnabled]: {
envVar: "CODEQL_ACTION_QA_TELEMETRY",
minimumVersion: undefined,

2
src/init-action.ts
View file

@ -12,7 +12,6 @@ import {
import { getGitHubVersion } from "./api-client";
import { CodeQL } from "./codeql";
import * as configUtils from "./config-utils";
import { getMlPoweredJsQueriesStatus } from "./config-utils";
import { EnvVar } from "./environment";
import { Feature, Features } from "./feature-flags";
import { initCodeQL, initConfig, installPythonDeps, runInit } from "./init";
@ -160,7 +159,6 @@ async function sendCompletedStatusReport(
...initStatusReport,
disable_default_queries: disableDefaultQueries,
languages,
ml_powered_javascript_queries: getMlPoweredJsQueriesStatus(config),
paths,
paths_ignore: pathsIgnore,
queries: queries.join(","),

2
src/trap-caching.test.ts
View file

@ -82,7 +82,6 @@ const testConfigWithoutTmpDir: Config = {
debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
augmentationProperties: {
injectedMlQueries: false,
packsInputCombines: false,
queriesInputCombines: false,
},
@ -108,7 +107,6 @@ function getTestConfigWithTempDir(tmpDir: string): configUtils.Config {
debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
augmentationProperties: {
injectedMlQueries: false,
packsInputCombines: false,
queriesInputCombines: false,
},

22
src/util.ts
View file

@ -909,28 +909,6 @@ export function wrapError(error: unknown): Error {
return error instanceof Error ? error : new Error(String(error));
}
export const ML_POWERED_JS_QUERIES_PACK_NAME =
"codeql/javascript-experimental-atm-queries";
/**
* Gets the ML-powered JS query pack to add to the analysis if a repo is opted into the ML-powered
* queries beta.
*/
export async function getMlPoweredJsQueriesPack(
codeQL: CodeQL,
): Promise<string> {
let version;
if (await codeQlVersionAbove(codeQL, "2.11.3")) {
version = "~0.4.0";
} else {
version = `~0.3.0`;
}
return prettyPrintPack({
name: ML_POWERED_JS_QUERIES_PACK_NAME,
version,
});
}
export function prettyPrintPack(pack: Pack) {
return `${pack.name}${pack.version ? `@${pack.version}` : ""}${
pack.path ? `:${pack.path}` : ""