Merge branch 'main' into henrymercer/remove-legacy-tracing

2023-04-05 18:39:27 +01:00 · 2023-04-05 18:39:27 +01:00 · f7a67e4341
commit f7a67e4341
parent d838bacfbe f32426ba96
92 changed files with 401 additions and 220 deletions
--- a/src/codeql.ts
+++ b/src/codeql.ts
@ -287,6 +287,12 @@ export const CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = "2.12.1";
 */
 export const CODEQL_VERSION_INIT_WITH_QLCONFIG = "2.12.4";

+/**
+ * Versions 2.12.6+ of the CodeQL CLI fix a bug where duplicate notification objects could be produced,
+ * leading to an invalid SARIF output.
+ */
+export const CODEQL_VERSION_DUPLICATE_NOTIFICATIONS_FIXED = "2.12.6";
+
 /**
 * Set up CodeQL CLI access.
 *
@ -756,7 +762,13 @@ export async function getCodeQLForCmd(
        Feature.ExportDiagnosticsEnabled,
        this
      );
-      const codeqlOutputFile = shouldExportDiagnostics
+      const shouldWorkaroundInvalidNotifications =
+        shouldExportDiagnostics &&
+        !(await util.codeQlVersionAbove(
+          this,
+          CODEQL_VERSION_DUPLICATE_NOTIFICATIONS_FIXED
+        ));
+      const codeqlOutputFile = shouldWorkaroundInvalidNotifications
        ? path.join(config.tempDir, "codeql-intermediate-results.sarif")
        : sarifFile;
      const codeqlArgs = [
@ -788,6 +800,8 @@ export async function getCodeQLForCmd(
      }
      if (shouldExportDiagnostics) {
        codeqlArgs.push("--sarif-include-diagnostics");
+      } else if (await util.codeQlVersionAbove(this, "2.12.4")) {
+        codeqlArgs.push("--no-sarif-include-diagnostics");
      }
      codeqlArgs.push(databasePath);
      if (querySuitePaths) {
@ -800,7 +814,7 @@ export async function getCodeQLForCmd(
        errorMatchers
      );

-      if (shouldExportDiagnostics) {
+      if (shouldWorkaroundInvalidNotifications) {
        util.fixInvalidNotificationsInFile(codeqlOutputFile, sarifFile, logger);
      }

@ -903,17 +917,21 @@ export async function getCodeQLForCmd(
      tempDir: string,
      logger: Logger
    ): Promise<void> {
-      const intermediateSarifFile = path.join(
-        tempDir,
-        "codeql-intermediate-results.sarif"
-      );
+      const shouldWorkaroundInvalidNotifications =
+        !(await util.codeQlVersionAbove(
+          this,
+          CODEQL_VERSION_DUPLICATE_NOTIFICATIONS_FIXED
+        ));
+      const codeqlOutputFile = shouldWorkaroundInvalidNotifications
+        ? path.join(tempDir, "codeql-intermediate-results.sarif")
+        : sarifFile;
      const args = [
        "database",
        "export-diagnostics",
        `${databasePath}`,
        "--db-cluster", // Database is always a cluster for CodeQL versions that support diagnostics.
        "--format=sarif-latest",
-        `--output=${intermediateSarifFile}`,
+        `--output=${codeqlOutputFile}`,
        "--sarif-include-diagnostics", // ExportDiagnosticsEnabled is always true if this command is run.
        "-vvv",
        ...getExtraOptionsFromEnv(["diagnostics", "export"]),
@ -923,12 +941,10 @@ export async function getCodeQLForCmd(
      }
      await new toolrunner.ToolRunner(cmd, args).exec();

-      // Fix invalid notifications in the SARIF file output by CodeQL.
-      util.fixInvalidNotificationsInFile(
-        intermediateSarifFile,
-        sarifFile,
-        logger
-      );
+      if (shouldWorkaroundInvalidNotifications) {
+        // Fix invalid notifications in the SARIF file output by CodeQL.
+        util.fixInvalidNotificationsInFile(codeqlOutputFile, sarifFile, logger);
+      }
    },
    async diagnosticsExport(
      sarifFile: string,