Merge branch 'main' into henrymercer/bump-minimum-codeql-version
This commit is contained in:
Henry Mercer
commit
fed45865ba
234 changed files with 26797 additions and 28982 deletions
78
lib/codeql.js
generated
78
lib/codeql.js
generated
|
|
@ -23,13 +23,15 @@ var __importStar = (this && this.__importStar) || function (mod) {
|
|||
return result;
|
||||
};
|
||||
Object.defineProperty(exports, "__esModule", { value: true });
|
||||
exports.getExtraOptions = exports.getCodeQLForCmd = exports.getCodeQLForTesting = exports.getCachedCodeQL = exports.setCodeQL = exports.getCodeQL = exports.setupCodeQL = exports.CODEQL_VERSION_INIT_WITH_QLCONFIG = exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = exports.CODEQL_VERSION_BETTER_RESOLVE_LANGUAGES = exports.CODEQL_VERSION_GHES_PACK_DOWNLOAD = exports.CommandInvocationError = void 0;
|
||||
exports.getExtraOptions = exports.getCodeQLForCmd = exports.getCodeQLForTesting = exports.getCachedCodeQL = exports.setCodeQL = exports.getCodeQL = exports.setupCodeQL = exports.CODEQL_VERSION_NEW_ANALYSIS_SUMMARY = exports.CODEQL_VERSION_BUNDLE_SEMANTICALLY_VERSIONED = exports.CODEQL_VERSION_RESOLVE_ENVIRONMENT = exports.CODEQL_VERSION_INIT_WITH_QLCONFIG = exports.CODEQL_VERSION_EXPORT_CODE_SCANNING_CONFIG = exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = exports.CODEQL_VERSION_BETTER_RESOLVE_LANGUAGES = exports.CODEQL_VERSION_GHES_PACK_DOWNLOAD = exports.CommandInvocationError = void 0;
|
||||
const fs = __importStar(require("fs"));
|
||||
const path = __importStar(require("path"));
|
||||
const core = __importStar(require("@actions/core"));
|
||||
const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
|
||||
const yaml = __importStar(require("js-yaml"));
|
||||
const actions_util_1 = require("./actions-util");
|
||||
const config_utils_1 = require("./config-utils");
|
||||
const environment_1 = require("./environment");
|
||||
const error_matcher_1 = require("./error-matcher");
|
||||
const feature_flags_1 = require("./feature-flags");
|
||||
const languages_1 = require("./languages");
|
||||
|
|
@ -61,6 +63,10 @@ let cachedCodeQL = undefined;
|
|||
* on versions newer than this.
|
||||
*/
|
||||
const CODEQL_MINIMUM_VERSION = "2.9.4";
|
||||
/**
|
||||
* This version will shortly become the oldest version of CodeQL that the Action will run with.
|
||||
*/
|
||||
const CODEQL_NEXT_MINIMUM_VERSION = "2.9.4";
|
||||
/**
|
||||
* Versions of CodeQL that version-flag certain functionality in the Action.
|
||||
* For convenience, please keep these in descending order. Once a version
|
||||
|
|
@ -76,13 +82,31 @@ const CODEQL_VERSION_FILE_BASELINE_INFORMATION = "2.11.3";
|
|||
*/
|
||||
exports.CODEQL_VERSION_BETTER_RESOLVE_LANGUAGES = "2.10.3";
|
||||
/**
|
||||
* Versions 2.11.1+ of the CodeQL Bundle include a `security-experimental` built-in query suite for each language.
|
||||
* Versions 2.11.1+ of the CodeQL Bundle include a `security-experimental` built-in query suite for
|
||||
* each language.
|
||||
*/
|
||||
exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = "2.12.1";
|
||||
/**
|
||||
* Versions 2.12.3+ of the CodeQL CLI support exporting configuration information from a code
|
||||
* scanning config file to SARIF.
|
||||
*/
|
||||
exports.CODEQL_VERSION_EXPORT_CODE_SCANNING_CONFIG = "2.12.3";
|
||||
/**
|
||||
* Versions 2.12.4+ of the CodeQL CLI support the `--qlconfig-file` flag in calls to `database init`.
|
||||
*/
|
||||
exports.CODEQL_VERSION_INIT_WITH_QLCONFIG = "2.12.4";
|
||||
/**
|
||||
* Versions 2.13.4+ of the CodeQL CLI support the `resolve build-environment` command.
|
||||
*/
|
||||
exports.CODEQL_VERSION_RESOLVE_ENVIRONMENT = "2.13.4";
|
||||
/**
|
||||
* Versions 2.13.4+ of the CodeQL CLI have an associated CodeQL Bundle release that is semantically versioned.
|
||||
*/
|
||||
exports.CODEQL_VERSION_BUNDLE_SEMANTICALLY_VERSIONED = "2.13.4";
|
||||
/**
|
||||
* Versions 2.14.0+ of the CodeQL CLI support new analysis summaries.
|
||||
*/
|
||||
exports.CODEQL_VERSION_NEW_ANALYSIS_SUMMARY = "2.14.0";
|
||||
/**
|
||||
* Set up CodeQL CLI access.
|
||||
*
|
||||
|
|
@ -159,6 +183,7 @@ function setCodeQL(partialCodeql) {
|
|||
resolveLanguages: resolveFunction(partialCodeql, "resolveLanguages"),
|
||||
betterResolveLanguages: resolveFunction(partialCodeql, "betterResolveLanguages"),
|
||||
resolveQueries: resolveFunction(partialCodeql, "resolveQueries"),
|
||||
resolveBuildEnvironment: resolveFunction(partialCodeql, "resolveBuildEnvironment"),
|
||||
packDownload: resolveFunction(partialCodeql, "packDownload"),
|
||||
databaseCleanup: resolveFunction(partialCodeql, "databaseCleanup"),
|
||||
databaseBundle: resolveFunction(partialCodeql, "databaseBundle"),
|
||||
|
|
@ -368,6 +393,24 @@ async function getCodeQLForCmd(cmd, checkVersion) {
|
|||
throw new Error(`Unexpected output from codeql resolve queries: ${e}`);
|
||||
}
|
||||
},
|
||||
async resolveBuildEnvironment(workingDir, language) {
|
||||
const codeqlArgs = [
|
||||
"resolve",
|
||||
"build-environment",
|
||||
`--language=${language}`,
|
||||
...getExtraOptionsFromEnv(["resolve", "build-environment"]),
|
||||
];
|
||||
if (workingDir !== undefined) {
|
||||
codeqlArgs.push("--working-dir", workingDir);
|
||||
}
|
||||
const output = await runTool(cmd, codeqlArgs);
|
||||
try {
|
||||
return JSON.parse(output);
|
||||
}
|
||||
catch (e) {
|
||||
throw new Error(`Unexpected output from codeql resolve build-environment: ${e} in\n${output}`);
|
||||
}
|
||||
},
|
||||
async databaseRunQueries(databasePath, extraSearchPath, querySuitePath, flags, optimizeForLastQueryRun) {
|
||||
const codeqlArgs = [
|
||||
"database",
|
||||
|
|
@ -409,7 +452,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
|
|||
"--print-metrics-summary",
|
||||
"--sarif-add-query-help",
|
||||
"--sarif-group-rules-by-pack",
|
||||
...(await getCodeScanningConfigExportArguments(config, this, features)),
|
||||
...(await getCodeScanningConfigExportArguments(config, this)),
|
||||
...getExtraOptionsFromEnv(["database", "interpret-results"]),
|
||||
];
|
||||
if (automationDetailsId !== undefined) {
|
||||
|
|
@ -424,6 +467,12 @@ async function getCodeQLForCmd(cmd, checkVersion) {
|
|||
else if (await util.codeQlVersionAbove(this, "2.12.4")) {
|
||||
codeqlArgs.push("--no-sarif-include-diagnostics");
|
||||
}
|
||||
if (await features.getValue(feature_flags_1.Feature.NewAnalysisSummaryEnabled, codeql)) {
|
||||
codeqlArgs.push("--new-analysis-summary");
|
||||
}
|
||||
else if (await util.codeQlVersionAbove(codeql, exports.CODEQL_VERSION_NEW_ANALYSIS_SUMMARY)) {
|
||||
codeqlArgs.push("--no-new-analysis-summary");
|
||||
}
|
||||
codeqlArgs.push(databasePath);
|
||||
if (querySuitePaths) {
|
||||
codeqlArgs.push(...querySuitePaths);
|
||||
|
|
@ -535,13 +584,13 @@ async function getCodeQLForCmd(cmd, checkVersion) {
|
|||
util.fixInvalidNotificationsInFile(codeqlOutputFile, sarifFile, logger);
|
||||
}
|
||||
},
|
||||
async diagnosticsExport(sarifFile, automationDetailsId, config, features) {
|
||||
async diagnosticsExport(sarifFile, automationDetailsId, config) {
|
||||
const args = [
|
||||
"diagnostics",
|
||||
"export",
|
||||
"--format=sarif-latest",
|
||||
`--output=${sarifFile}`,
|
||||
...(await getCodeScanningConfigExportArguments(config, this, features)),
|
||||
...(await getCodeScanningConfigExportArguments(config, this)),
|
||||
...getExtraOptionsFromEnv(["diagnostics", "export"]),
|
||||
];
|
||||
if (automationDetailsId !== undefined) {
|
||||
|
|
@ -585,6 +634,21 @@ async function getCodeQLForCmd(cmd, checkVersion) {
|
|||
!(await util.codeQlVersionAbove(codeql, CODEQL_MINIMUM_VERSION))) {
|
||||
throw new Error(`Expected a CodeQL CLI with version at least ${CODEQL_MINIMUM_VERSION} but got version ${await codeql.getVersion()}`);
|
||||
}
|
||||
else if (checkVersion &&
|
||||
process.env[environment_1.EnvVar.SUPPRESS_DEPRECATED_SOON_WARNING] !== "true" &&
|
||||
!(await util.codeQlVersionAbove(codeql, CODEQL_NEXT_MINIMUM_VERSION))) {
|
||||
core.warning(`CodeQL CLI version ${await codeql.getVersion()} was deprecated on 2023-06-20 alongside ` +
|
||||
"GitHub Enterprise Server 3.5 and will not be supported by the next release of the " +
|
||||
`CodeQL Action. Please update to CodeQL CLI version ${CODEQL_NEXT_MINIMUM_VERSION} or ` +
|
||||
"later. For instance, if you have specified a custom version of the CLI using the " +
|
||||
"'tools' input to the 'init' Action, you can remove this input to use the default " +
|
||||
"version.\n\n" +
|
||||
"Alternatively, if you want to continue using CodeQL CLI version " +
|
||||
`${await codeql.getVersion()}, you can replace 'github/codeql-action/*@v2' by ` +
|
||||
"'github/codeql-action/*@v2.20.4' in your code scanning workflow to ensure you continue " +
|
||||
"using this version of the CodeQL Action.");
|
||||
core.exportVariable(environment_1.EnvVar.SUPPRESS_DEPRECATED_SOON_WARNING, "true");
|
||||
}
|
||||
return codeql;
|
||||
}
|
||||
exports.getCodeQLForCmd = getCodeQLForCmd;
|
||||
|
|
@ -749,10 +813,10 @@ function cloneObject(obj) {
|
|||
*
|
||||
* Returns an empty list if a code scanning configuration file was not generated by the CLI.
|
||||
*/
|
||||
async function getCodeScanningConfigExportArguments(config, codeql, features) {
|
||||
async function getCodeScanningConfigExportArguments(config, codeql) {
|
||||
const codeScanningConfigPath = (0, config_utils_1.getGeneratedCodeScanningConfigPath)(config);
|
||||
if (fs.existsSync(codeScanningConfigPath) &&
|
||||
(await features.getValue(feature_flags_1.Feature.ExportCodeScanningConfigEnabled, codeql))) {
|
||||
(await util.codeQlVersionAbove(codeql, exports.CODEQL_VERSION_EXPORT_CODE_SCANNING_CONFIG))) {
|
||||
return ["--sarif-codescanning-config", codeScanningConfigPath];
|
||||
}
|
||||
return [];
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue