Add integration tests for query filters

2022-06-14 12:39:27 -07:00 · 2022-06-14 12:39:27 -07:00 · eec34d5f05
commit eec34d5f05
parent 06e27d3e3d
5 changed files with 163 additions and 2 deletions
--- a/.github/workflows/expected-queries-runs.yml
+++ b/.github/workflows/expected-queries-runs.yml
@ -1,6 +1,4 @@
 name: Expected queries runs
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 on:
  push:
--- a/.github/workflows/query-filters.yml
+++ b/.github/workflows/query-filters.yml
@ -0,0 +1,97 @@
 name: Query filters tests
 on:
  push:
    branches:
    - main
    - releases/v1
    - releases/v2
  pull_request:
    types:
    - opened
    - synchronize
    - reopened
    - ready_for_review
  workflow_dispatch: {}
 jobs:
  expected-queries:
    timeout-minutes: 45
    runs-on: ubuntu-latest
    steps:
    - name: Check out repository
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
      uses: ./.github/prepare-test
      with:
        version: latest
    # Test 1
    - uses: ./../action/init
      with:
        languages: javascript
        config-file: ./.github/codeql/codeql-config-query-filters1.yml
        tools: ${{ steps.prepare-test.outputs.tools-url }}
        db-location: ${{ runner.temp }}/test1
    - uses: ./../action/analyze
      with:
        output: ${{ runner.temp }}/results
        upload-database: false
        upload: false
      env:
        TEST_MODE: true
    - name: Check Sarif
      uses: ./../action/.github/check-sarif
      with:
        sarif-file:  ${{ runner.temp }}/results/javascript.sarif
        queries-run: js/zipslip
        queries-not-run: js/path-injection
    - name: Cleanup after test
      run: rm -rf "$RUNNER_TEMP/results"
    # Test 2
    - uses: ./../action/init
      with:
        languages: javascript
        config-file: ./.github/codeql/codeql-config-query-filters2.yml
        tools: ${{ steps.prepare-test.outputs.tools-url }}
        db-location: ${{ runner.temp }}/test2
    - uses: ./../action/analyze
      with:
        output: ${{ runner.temp }}/results
        upload-database: false
        upload: false
      env:
        TEST_MODE: true
    - name: Check Sarif
      uses: ./../action/.github/check-sarif
      with:
        sarif-file:  ${{ runner.temp }}/results/javascript.sarif
        queries-run: js/zipslip,javascript/example/empty-or-one-block
        queries-not-run: js/path-injection
    - name: Cleanup after test
      run: rm -rf "$RUNNER_TEMP/results"
    # Test 3
    - uses: ./../action/init
      with:
        languages: javascript
        config-file: ./.github/codeql/codeql-config-query-filters3.yml
        tools: ${{ steps.prepare-test.outputs.tools-url }}
        db-location: ${{ runner.temp }}/test3
    - uses: ./../action/analyze
      with:
        output: ${{ runner.temp }}/results
        upload-database: false
        upload: false
      env:
        TEST_MODE: true
    - name: Check Sarif
      uses: ./../action/.github/check-sarif
      with:
        sarif-file:  ${{ runner.temp }}/results/javascript.sarif
        queries-run: js/zipslip,javascript/example/empty-or-one-block,inrepo-javascript-querypack/show-ifs
        queries-not-run: js/path-injection,complex-python-querypack/show-ifs,complex-python-querypack/foo/bar/show-ifs
    - name: Cleanup after test
      run: rm -rf "$RUNNER_TEMP/results"
--- a/tests/multi-language-repo/.github/codeql/codeql-config-query-filters1.yml
+++ b/tests/multi-language-repo/.github/codeql/codeql-config-query-filters1.yml
@ -0,0 +1,10 @@
 name: "CodeQL config 1"
 query-filters:
 # This should run js/path-injection and js/zipslip
 - include:
    tags contain: external/cwe/cwe-022
 # Removes out js/path-injection
 - exclude:
    id: js/path-injection
--- a/tests/multi-language-repo/.github/codeql/codeql-config-query-filters2.yml
+++ b/tests/multi-language-repo/.github/codeql/codeql-config-query-filters2.yml
@ -0,0 +1,21 @@
 name: "CodeQL config 2"
 disable-default-queries: true
 packs:
  javascript:
    - codeql/javascript-queries
    - dsp-testing/codeql-pack1@1.0.0
 query-filters:
 # This should run js/path-injection and js/zipslip
 - include:
    tags contain: external/cwe/cwe-022
 # Removes out js/path-injection
 - exclude:
    id: js/path-injection
 # Query from extra pack
 - include:
    id: javascript/example/empty-or-one-block
--- a/tests/multi-language-repo/.github/codeql/codeql-config-query-filters3.yml
+++ b/tests/multi-language-repo/.github/codeql/codeql-config-query-filters3.yml
@ -0,0 +1,35 @@
 name: "CodeQL config 3"
 disable-default-queries: true
 queries:
 # Local query
  - name: Run an extra local query
    uses: ./codeql-qlpacks/javascript-qlpack/show_ifs.ql
 # These queries are ignored
  - name: Ignored queries
    uses: ./codeql-qlpacks/complex-python-qlpack/rootAndBar.qls
 packs:
  javascript:
    - codeql/javascript-queries
    - dsp-testing/codeql-pack1@1.0.0
 query-filters:
 # This should run js/path-injection and js/zipslip
 - include:
    tags contain: external/cwe/cwe-022
 # Removes out js/path-injection
 - exclude:
    id: js/path-injection
 # Query from extra pack
 - include:
    id: javascript/example/empty-or-one-block
 # Local query
 - include:
    id: inrepo-javascript-querypack/show-ifs