From 1721ce7afd720aed7911df9c4bcc7900f3ad9ad2 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Tue, 3 Mar 2026 11:05:37 +0000 Subject: [PATCH] Address minor review comments --- lib/analyze-action.js | 258 ++++++++++++++++++------------------ lib/init-action-post.js | 262 ++++++++++++++++++------------------- lib/upload-lib.js | 204 ++++++++++++++--------------- lib/upload-sarif-action.js | 168 ++++++++++++------------ src/sarif/index.ts | 18 ++- src/upload-lib.test.ts | 6 +- src/upload-lib.ts | 16 ++- src/upload-sarif-action.ts | 2 +- src/util.ts | 2 - 9 files changed, 461 insertions(+), 475 deletions(-) diff --git a/lib/analyze-action.js b/lib/analyze-action.js index 5ddb1b882..1b881eb18 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -103239,7 +103239,7 @@ var import_perf_hooks3 = require("perf_hooks"); var core14 = __toESM(require_core()); // src/actions-util.ts -var fs3 = __toESM(require("fs")); +var fs2 = __toESM(require("fs")); var path2 = __toESM(require("path")); var core4 = __toESM(require_core()); var toolrunner = __toESM(require_toolrunner()); @@ -103247,7 +103247,7 @@ var github = __toESM(require_github()); var io2 = __toESM(require_io()); // src/util.ts -var fs2 = __toESM(require("fs")); +var fs = __toESM(require("fs")); var fsPromises = __toESM(require("fs/promises")); var os = __toESM(require("os")); var path = __toESM(require("path")); @@ -105897,77 +105897,6 @@ var safeDump = renamed("safeDump", "dump"); // src/util.ts var semver = __toESM(require_semver2()); - -// src/sarif/index.ts -var fs = __toESM(require("fs")); -var InvalidSarifUploadError = class extends Error { -}; -function getToolNames(sarifFile) { - const toolNames = {}; - for (const run2 of sarifFile.runs || []) { - const tool = run2.tool || {}; - const driver = tool.driver || {}; - if (typeof driver.name === "string" && driver.name.length > 0) { - toolNames[driver.name] = true; - } - } - return Object.keys(toolNames); -} -function readSarifFile(sarifFilePath) { - return JSON.parse(fs.readFileSync(sarifFilePath, "utf8")); -} -function combineSarifFiles(sarifFiles, logger) { - logger.info(`Loading SARIF file(s)`); - const combinedSarif = { - version: "2.1.0", - runs: [] - }; - for (const sarifFile of sarifFiles) { - logger.debug(`Loading SARIF file: ${sarifFile}`); - const sarifObject = readSarifFile(sarifFile); - if (combinedSarif.version === null) { - combinedSarif.version = sarifObject.version; - } else if (combinedSarif.version !== sarifObject.version) { - throw new InvalidSarifUploadError( - `Different SARIF versions encountered: ${combinedSarif.version} and ${sarifObject.version}` - ); - } - combinedSarif.runs.push(...sarifObject.runs); - } - return combinedSarif; -} -function areAllRunsProducedByCodeQL(sarifObjects) { - return sarifObjects.every((sarifObject) => { - return sarifObject.runs?.every( - (run2) => run2.tool?.driver?.name === "CodeQL" - ); - }); -} -function createRunKey(run2) { - return { - name: run2.tool?.driver?.name, - fullName: run2.tool?.driver?.fullName, - version: run2.tool?.driver?.version, - semanticVersion: run2.tool?.driver?.semanticVersion, - guid: run2.tool?.driver?.guid, - automationId: run2.automationDetails?.id - }; -} -function areAllRunsUnique(sarifObjects) { - const keys = /* @__PURE__ */ new Set(); - for (const sarifObject of sarifObjects) { - for (const run2 of sarifObject.runs) { - const key = JSON.stringify(createRunKey(run2)); - if (keys.has(key)) { - return false; - } - keys.add(key); - } - } - return true; -} - -// src/util.ts var BASE_DATABASE_OIDS_FILE_NAME = "base-database-oids.json"; var BROKEN_VERSIONS = ["0.0.0-20211207"]; var GITHUB_DOTCOM_URL = "https://github.com"; @@ -106039,13 +105968,13 @@ function getTotalMemoryBytes(logger) { return limit; } function getCgroupMemoryLimitBytes(limitFile, logger) { - if (!fs2.existsSync(limitFile)) { + if (!fs.existsSync(limitFile)) { logger.debug( `While resolving RAM, did not find a cgroup memory limit at ${limitFile}.` ); return void 0; } - const limit = Number(fs2.readFileSync(limitFile, "utf8")); + const limit = Number(fs.readFileSync(limitFile, "utf8")); if (!Number.isInteger(limit)) { logger.debug( `While resolving RAM, ignored the file ${limitFile} that may contain a cgroup memory limit as this file did not contain an integer.` @@ -106119,13 +106048,13 @@ function getThreadsFlagValue(userInput, logger) { return numThreads; } function getCgroupCpuCountFromCpuMax(cpuMaxFile, logger) { - if (!fs2.existsSync(cpuMaxFile)) { + if (!fs.existsSync(cpuMaxFile)) { logger.debug( `While resolving threads, did not find a cgroup CPU file at ${cpuMaxFile}.` ); return void 0; } - const cpuMaxString = fs2.readFileSync(cpuMaxFile, "utf-8"); + const cpuMaxString = fs.readFileSync(cpuMaxFile, "utf-8"); const cpuMaxStringSplit = cpuMaxString.split(" "); if (cpuMaxStringSplit.length !== 2) { logger.debug( @@ -106145,14 +106074,14 @@ function getCgroupCpuCountFromCpuMax(cpuMaxFile, logger) { return cpuCount; } function getCgroupCpuCountFromCpus(cpusFile, logger) { - if (!fs2.existsSync(cpusFile)) { + if (!fs.existsSync(cpusFile)) { logger.debug( `While resolving threads, did not find a cgroup CPUs file at ${cpusFile}.` ); return void 0; } let cpuCount = 0; - const cpusString = fs2.readFileSync(cpusFile, "utf-8").trim(); + const cpusString = fs.readFileSync(cpusFile, "utf-8").trim(); if (cpusString.length === 0) { return void 0; } @@ -106282,12 +106211,12 @@ function getBaseDatabaseOidsFilePath(config) { async function bundleDb(config, language, codeql, dbName, { includeDiagnostics }) { const databasePath = getCodeQLDatabasePath(config, language); const databaseBundlePath = path.resolve(config.dbLocation, `${dbName}.zip`); - if (fs2.existsSync(databaseBundlePath)) { - await fs2.promises.rm(databaseBundlePath, { force: true }); + if (fs.existsSync(databaseBundlePath)) { + await fs.promises.rm(databaseBundlePath, { force: true }); } const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); const additionalFiles = []; - if (fs2.existsSync(baseDatabaseOidsFilePath)) { + if (fs.existsSync(baseDatabaseOidsFilePath)) { await fsPromises.copyFile( baseDatabaseOidsFilePath, path.join(databasePath, BASE_DATABASE_OIDS_FILE_NAME) @@ -106435,7 +106364,7 @@ function cloneObject(obj) { async function cleanUpPath(file, name, logger) { logger.debug(`Cleaning up ${name}.`); try { - await fs2.promises.rm(file, { + await fs.promises.rm(file, { force: true, recursive: true }); @@ -106498,7 +106427,7 @@ function getRelativeScriptPath() { function getWorkflowEvent() { const eventJsonFile = getRequiredEnvParam("GITHUB_EVENT_PATH"); try { - return JSON.parse(fs3.readFileSync(eventJsonFile, "utf-8")); + return JSON.parse(fs2.readFileSync(eventJsonFile, "utf-8")); } catch (e) { throw new Error( `Unable to read workflow event JSON from ${eventJsonFile}: ${e}` @@ -106744,7 +106673,7 @@ var SarifScanOrder = [ ]; // src/analyze.ts -var fs13 = __toESM(require("fs")); +var fs12 = __toESM(require("fs")); var path12 = __toESM(require("path")); var import_perf_hooks2 = require("perf_hooks"); var io5 = __toESM(require_io()); @@ -107026,7 +106955,7 @@ function wrapApiConfigurationError(e) { } // src/codeql.ts -var fs12 = __toESM(require("fs")); +var fs11 = __toESM(require("fs")); var path11 = __toESM(require("path")); var core10 = __toESM(require_core()); var toolrunner3 = __toESM(require_toolrunner()); @@ -107274,7 +107203,7 @@ function wrapCliConfigurationError(cliError) { } // src/config-utils.ts -var fs7 = __toESM(require("fs")); +var fs6 = __toESM(require("fs")); var path7 = __toESM(require("path")); // src/caching-utils.ts @@ -107412,11 +107341,11 @@ function writeDiagnostic(config, language, diagnostic) { } // src/diff-informed-analysis-utils.ts -var fs6 = __toESM(require("fs")); +var fs5 = __toESM(require("fs")); var path6 = __toESM(require("path")); // src/feature-flags.ts -var fs5 = __toESM(require("fs")); +var fs4 = __toESM(require("fs")); var path5 = __toESM(require("path")); var semver5 = __toESM(require_semver2()); @@ -107425,7 +107354,7 @@ var bundleVersion = "codeql-bundle-v2.24.2"; var cliVersion = "2.24.2"; // src/overlay/index.ts -var fs4 = __toESM(require("fs")); +var fs3 = __toESM(require("fs")); var path4 = __toESM(require("path")); var actionsCache = __toESM(require_cache5()); @@ -107636,12 +107565,12 @@ async function writeBaseDatabaseOidsFile(config, sourceRoot) { const gitFileOids = await getFileOidsUnderPath(sourceRoot); const gitFileOidsJson = JSON.stringify(gitFileOids); const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); - await fs4.promises.writeFile(baseDatabaseOidsFilePath, gitFileOidsJson); + await fs3.promises.writeFile(baseDatabaseOidsFilePath, gitFileOidsJson); } async function readBaseDatabaseOidsFile(config, logger) { const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); try { - const contents = await fs4.promises.readFile( + const contents = await fs3.promises.readFile( baseDatabaseOidsFilePath, "utf-8" ); @@ -107668,7 +107597,7 @@ async function writeOverlayChangesFile(config, sourceRoot, logger) { logger.debug( `Writing overlay changed files to ${overlayChangesFile}: ${changedFilesJson}` ); - await fs4.promises.writeFile(overlayChangesFile, changedFilesJson); + await fs3.promises.writeFile(overlayChangesFile, changedFilesJson); return overlayChangesFile; } function computeChangedFiles(baseFileOids, overlayFileOids) { @@ -107690,7 +107619,7 @@ var CACHE_PREFIX = "codeql-overlay-base-database"; var MAX_CACHE_OPERATION_MS = 6e5; async function checkOverlayBaseDatabase(codeql, config, logger, warningPrefix) { const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); - if (!fs4.existsSync(baseDatabaseOidsFilePath)) { + if (!fs3.existsSync(baseDatabaseOidsFilePath)) { logger.warning( `${warningPrefix}: ${baseDatabaseOidsFilePath} does not exist` ); @@ -108305,12 +108234,12 @@ var GitHubFeatureFlags = class { } async readLocalFlags() { try { - if (fs5.existsSync(this.featureFlagsFile)) { + if (fs4.existsSync(this.featureFlagsFile)) { this.logger.debug( `Loading feature flags from ${this.featureFlagsFile}` ); return JSON.parse( - fs5.readFileSync(this.featureFlagsFile, "utf8") + fs4.readFileSync(this.featureFlagsFile, "utf8") ); } } catch (e) { @@ -108323,7 +108252,7 @@ var GitHubFeatureFlags = class { async writeLocalFlags(flags) { try { this.logger.debug(`Writing feature flags to ${this.featureFlagsFile}`); - fs5.writeFileSync(this.featureFlagsFile, JSON.stringify(flags)); + fs4.writeFileSync(this.featureFlagsFile, JSON.stringify(flags)); } catch (e) { this.logger.warning( `Error writing cached feature flags file ${this.featureFlagsFile}: ${e}.` @@ -108416,7 +108345,7 @@ function getDiffRangesJsonFilePath() { function writeDiffRangesJsonFile(logger, ranges) { const jsonContents = JSON.stringify(ranges, null, 2); const jsonFilePath = getDiffRangesJsonFilePath(); - fs6.writeFileSync(jsonFilePath, jsonContents); + fs5.writeFileSync(jsonFilePath, jsonContents); logger.debug( `Wrote pr-diff-range JSON file to ${jsonFilePath}: ${jsonContents}` @@ -108424,11 +108353,11 @@ ${jsonContents}` } function readDiffRangesJsonFile(logger) { const jsonFilePath = getDiffRangesJsonFilePath(); - if (!fs6.existsSync(jsonFilePath)) { + if (!fs5.existsSync(jsonFilePath)) { logger.debug(`Diff ranges JSON file does not exist at ${jsonFilePath}`); return void 0; } - const jsonContents = fs6.readFileSync(jsonFilePath, "utf8"); + const jsonContents = fs5.readFileSync(jsonFilePath, "utf8"); logger.debug( `Read pr-diff-range JSON file from ${jsonFilePath}: ${jsonContents}` @@ -108707,10 +108636,10 @@ function getPathToParsedConfigFile(tempDir) { } async function getConfig(tempDir, logger) { const configFile = getPathToParsedConfigFile(tempDir); - if (!fs7.existsSync(configFile)) { + if (!fs6.existsSync(configFile)) { return void 0; } - const configString = fs7.readFileSync(configFile, "utf8"); + const configString = fs6.readFileSync(configFile, "utf8"); logger.debug("Loaded config:"); logger.debug(configString); const config = JSON.parse(configString); @@ -108761,7 +108690,7 @@ function getPrimaryAnalysisConfig(config) { } // src/setup-codeql.ts -var fs10 = __toESM(require("fs")); +var fs9 = __toESM(require("fs")); var path9 = __toESM(require("path")); var toolcache3 = __toESM(require_tool_cache()); var import_fast_deep_equal = __toESM(require_fast_deep_equal()); @@ -108823,7 +108752,7 @@ var v4_default = v4; // src/tar.ts var import_child_process = require("child_process"); -var fs8 = __toESM(require("fs")); +var fs7 = __toESM(require("fs")); var stream = __toESM(require("stream")); var import_toolrunner = __toESM(require_toolrunner()); var io4 = __toESM(require_io()); @@ -108896,7 +108825,7 @@ async function isZstdAvailable(logger) { } } async function extract(tarPath, dest, compressionMethod, tarVersion, logger) { - fs8.mkdirSync(dest, { recursive: true }); + fs7.mkdirSync(dest, { recursive: true }); switch (compressionMethod) { case "gzip": return await toolcache.extractTar(tarPath, dest); @@ -108980,7 +108909,7 @@ function inferCompressionMethod(tarPath) { } // src/tools-download.ts -var fs9 = __toESM(require("fs")); +var fs8 = __toESM(require("fs")); var os2 = __toESM(require("os")); var path8 = __toESM(require("path")); var import_perf_hooks = require("perf_hooks"); @@ -109087,7 +109016,7 @@ async function downloadAndExtract(codeqlURL, compressionMethod, dest, authorizat }; } async function downloadAndExtractZstdWithStreaming(codeqlURL, dest, authorization, headers, tarVersion, logger) { - fs9.mkdirSync(dest, { recursive: true }); + fs8.mkdirSync(dest, { recursive: true }); const agent = new import_http_client.HttpClient().getAgent(codeqlURL); headers = Object.assign( { "User-Agent": "CodeQL Action" }, @@ -109124,7 +109053,7 @@ function getToolcacheDirectory(version) { } function writeToolcacheMarkerFile(extractedPath, logger) { const markerFilePath = `${extractedPath}.complete`; - fs9.writeFileSync(markerFilePath, ""); + fs8.writeFileSync(markerFilePath, ""); logger.info(`Created toolcache marker file ${markerFilePath}`); } function sanitizeUrlForStatusReport(url2) { @@ -109259,7 +109188,7 @@ async function findOverridingToolsInCache(humanReadableVersion, logger) { const candidates = toolcache3.findAllVersions("CodeQL").filter(isGoodVersion).map((version) => ({ folder: toolcache3.find("CodeQL", version), version - })).filter(({ folder }) => fs10.existsSync(path9.join(folder, "pinned-version"))); + })).filter(({ folder }) => fs9.existsSync(path9.join(folder, "pinned-version"))); if (candidates.length === 1) { const candidate = candidates[0]; logger.debug( @@ -109706,7 +109635,7 @@ function isReservedToolsValue(tools) { } // src/tracer-config.ts -var fs11 = __toESM(require("fs")); +var fs10 = __toESM(require("fs")); var path10 = __toESM(require("path")); async function shouldEnableIndirectTracing(codeql, config) { if (config.buildMode === "none" /* None */) { @@ -109726,14 +109655,14 @@ async function endTracingForCluster(codeql, config, logger) { config.dbLocation, "temp/tracingEnvironment/end-tracing.json" ); - if (!fs11.existsSync(envVariablesFile)) { + if (!fs10.existsSync(envVariablesFile)) { throw new Error( `Environment file for ending tracing not found: ${envVariablesFile}` ); } try { const endTracingEnvVariables = JSON.parse( - fs11.readFileSync(envVariablesFile, "utf8") + fs10.readFileSync(envVariablesFile, "utf8") ); for (const [key, value] of Object.entries(endTracingEnvVariables)) { if (value !== null) { @@ -109846,7 +109775,7 @@ async function getCodeQLForCmd(cmd, checkVersion) { "tools", "tracing-config.lua" ); - return fs12.existsSync(tracingConfigPath); + return fs11.existsSync(tracingConfigPath); }, async isScannedLanguage(language) { return !await this.isTracedLanguage(language); @@ -110326,7 +110255,7 @@ async function writeCodeScanningConfigFile(config, logger) { logger.startGroup("Augmented user configuration file contents"); logger.info(dump(augmentedConfig)); logger.endGroup(); - fs12.writeFileSync(codeScanningConfigFile, dump(augmentedConfig)); + fs11.writeFileSync(codeScanningConfigFile, dump(augmentedConfig)); return codeScanningConfigFile; } var TRAP_CACHE_SIZE_MB = 1024; @@ -110673,7 +110602,7 @@ function dbIsFinalized(config, language, logger) { const dbPath = getCodeQLDatabasePath(config, language); try { const dbInfo = load( - fs13.readFileSync(path12.resolve(dbPath, "codeql-database.yml"), "utf8") + fs12.readFileSync(path12.resolve(dbPath, "codeql-database.yml"), "utf8") ); return !("inProgress" in dbInfo); } catch { @@ -110740,8 +110669,8 @@ function writeDiffRangeDataExtensionPack(logger, ranges) { ranges = [{ path: "", startLine: 0, endLine: 0 }]; } const diffRangeDir = path12.join(getTemporaryDirectory(), "pr-diff-range"); - fs13.mkdirSync(diffRangeDir, { recursive: true }); - fs13.writeFileSync( + fs12.mkdirSync(diffRangeDir, { recursive: true }); + fs12.writeFileSync( path12.join(diffRangeDir, "qlpack.yml"), ` name: codeql-action/pr-diff-range @@ -110775,7 +110704,7 @@ extensions: } const extensionContents = header + data; const extensionFilePath = path12.join(diffRangeDir, "pr-diff-range.yml"); - fs13.writeFileSync(extensionFilePath, extensionContents); + fs12.writeFileSync(extensionFilePath, extensionContents); logger.debug( `Wrote pr-diff-range extension pack to ${extensionFilePath}: ${extensionContents}` @@ -110928,7 +110857,7 @@ async function runQueries(sarifFolder, memoryFlag, threadsFlag, diffRangePackDir } function getPerQueryAlertCounts(sarifPath) { const sarifObject = JSON.parse( - fs13.readFileSync(sarifPath, "utf8") + fs12.readFileSync(sarifPath, "utf8") ); const perQueryAlertCounts = {}; for (const sarifRun of sarifObject.runs) { @@ -110946,13 +110875,13 @@ async function runQueries(sarifFolder, memoryFlag, threadsFlag, diffRangePackDir } async function runFinalize(features, outputDir, threadsFlag, memoryFlag, codeql, config, logger) { try { - await fs13.promises.rm(outputDir, { force: true, recursive: true }); + await fs12.promises.rm(outputDir, { force: true, recursive: true }); } catch (error3) { if (error3?.code !== "ENOENT") { throw error3; } } - await fs13.promises.mkdir(outputDir, { recursive: true }); + await fs12.promises.mkdir(outputDir, { recursive: true }); const timings = await finalizeDatabaseCreation( codeql, features, @@ -110996,7 +110925,7 @@ async function warnIfGoInstalledAfterInit(config, logger) { } // src/database-upload.ts -var fs14 = __toESM(require("fs")); +var fs13 = __toESM(require("fs")); async function cleanupAndUploadDatabases(repositoryNwo, codeql, config, apiDetails, features, logger) { if (getRequiredInput("upload-database") !== "true") { logger.debug("Database upload disabled in workflow. Skipping upload."); @@ -111039,8 +110968,8 @@ async function cleanupAndUploadDatabases(repositoryNwo, codeql, config, apiDetai const bundledDb = await bundleDb(config, language, codeql, language, { includeDiagnostics: false }); - bundledDbSize = fs14.statSync(bundledDb).size; - const bundledDbReadStream = fs14.createReadStream(bundledDb); + bundledDbSize = fs13.statSync(bundledDb).size; + const bundledDbReadStream = fs13.createReadStream(bundledDb); const commitOid = await getCommitOid( getRequiredInput("checkout_path") ); @@ -111304,7 +111233,7 @@ var core13 = __toESM(require_core()); var jsonschema2 = __toESM(require_lib2()); // src/fingerprints.ts -var fs15 = __toESM(require("fs")); +var fs14 = __toESM(require("fs")); var import_path3 = __toESM(require("path")); // node_modules/long/index.js @@ -112292,7 +112221,7 @@ async function hash(callback, filepath) { } updateHash(current); }; - const readStream = fs15.createReadStream(filepath, "utf8"); + const readStream = fs14.createReadStream(filepath, "utf8"); for await (const data of readStream) { for (let i = 0; i < data.length; ++i) { processCharacter(data.charCodeAt(i)); @@ -112367,11 +112296,11 @@ function resolveUriToFile(location, artifacts, sourceRoot, logger) { if (!import_path3.default.isAbsolute(uri)) { uri = srcRootPrefix + uri; } - if (!fs15.existsSync(uri)) { + if (!fs14.existsSync(uri)) { logger.debug(`Unable to compute fingerprint for non-existent file: ${uri}`); return void 0; } - if (fs15.statSync(uri).isDirectory()) { + if (fs14.statSync(uri).isDirectory()) { logger.debug(`Unable to compute fingerprint for directory: ${uri}`); return void 0; } @@ -112457,6 +112386,73 @@ async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVe }; } +// src/sarif/index.ts +var fs15 = __toESM(require("fs")); +var InvalidSarifUploadError = class extends Error { +}; +function getToolNames(sarifFile) { + const toolNames = {}; + for (const run2 of sarifFile.runs || []) { + const tool = run2.tool || {}; + const driver = tool.driver || {}; + if (typeof driver.name === "string" && driver.name.length > 0) { + toolNames[driver.name] = true; + } + } + return Object.keys(toolNames); +} +function readSarifFile(sarifFilePath) { + return JSON.parse(fs15.readFileSync(sarifFilePath, "utf8")); +} +function combineSarifFiles(sarifFiles, logger) { + logger.info(`Loading SARIF file(s)`); + const combinedSarif = { + version: "2.1.0", + runs: [] + }; + for (const sarifFile of sarifFiles) { + logger.debug(`Loading SARIF file: ${sarifFile}`); + const sarifObject = readSarifFile(sarifFile); + if (combinedSarif.version === null) { + combinedSarif.version = sarifObject.version; + } else if (combinedSarif.version !== sarifObject.version) { + throw new InvalidSarifUploadError( + `Different SARIF versions encountered: ${combinedSarif.version} and ${sarifObject.version}` + ); + } + combinedSarif.runs.push(...sarifObject.runs); + } + return combinedSarif; +} +function areAllRunsProducedByCodeQL(sarifLogs) { + return sarifLogs.every((sarifLog) => { + return sarifLog.runs?.every((run2) => run2.tool?.driver?.name === "CodeQL"); + }); +} +function createRunKey(run2) { + return { + name: run2.tool?.driver?.name, + fullName: run2.tool?.driver?.fullName, + version: run2.tool?.driver?.version, + semanticVersion: run2.tool?.driver?.semanticVersion, + guid: run2.tool?.driver?.guid, + automationId: run2.automationDetails?.id + }; +} +function areAllRunsUnique(sarifLogs) { + const keys = /* @__PURE__ */ new Set(); + for (const sarifLog of sarifLogs) { + for (const run2 of sarifLog.runs) { + const key = JSON.stringify(createRunKey(run2)); + if (keys.has(key)) { + return false; + } + keys.add(key); + } + } + return true; +} + // src/upload-lib.ts var GENERIC_403_MSG = "The repo on which this action is running has not opted-in to CodeQL code scanning."; var GENERIC_404_MSG = "The CodeQL code scanning feature is forbidden on this repository."; @@ -112694,7 +112690,7 @@ function countResultsInSarif(sarifLog) { } return numResults; } -function readSarifFile2(sarifFilePath) { +function readSarifFileOrThrow(sarifFilePath) { try { return readSarifFile(sarifFilePath); } catch (e) { @@ -112780,7 +112776,7 @@ async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths, category = analysis.fixCategory(logger, category); if (sarifPaths.length > 1) { for (const sarifPath of sarifPaths) { - const parsedSarif = readSarifFile2(sarifPath); + const parsedSarif = readSarifFileOrThrow(sarifPath); validateSarifFileSchema(parsedSarif, sarifPath, logger); } sarifLog = await combineSarifFilesUsingCLI( @@ -112791,7 +112787,7 @@ async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths, ); } else { const sarifPath = sarifPaths[0]; - sarifLog = readSarifFile2(sarifPath); + sarifLog = readSarifFileOrThrow(sarifPath); validateSarifFileSchema(sarifLog, sarifPath, logger); await throwIfCombineSarifFilesDisabled([sarifLog], gitHubVersion); } diff --git a/lib/init-action-post.js b/lib/init-action-post.js index a58d1ed6e..f1fb6991e 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -161339,7 +161339,7 @@ var require_sarif_schema_2_1_0 = __commonJS({ var core16 = __toESM(require_core()); // src/actions-util.ts -var fs3 = __toESM(require("fs")); +var fs2 = __toESM(require("fs")); var path2 = __toESM(require("path")); var core4 = __toESM(require_core()); var toolrunner = __toESM(require_toolrunner()); @@ -161347,7 +161347,7 @@ var github = __toESM(require_github()); var io2 = __toESM(require_io()); // src/util.ts -var fs2 = __toESM(require("fs")); +var fs = __toESM(require("fs")); var fsPromises = __toESM(require("fs/promises")); var path = __toESM(require("path")); var core3 = __toESM(require_core()); @@ -164001,75 +164001,6 @@ var semver = __toESM(require_semver2()); var maximumVersion = "3.20"; var minimumVersion = "3.14"; -// src/sarif/index.ts -var fs = __toESM(require("fs")); -var InvalidSarifUploadError = class extends Error { -}; -function getToolNames(sarifFile) { - const toolNames = {}; - for (const run3 of sarifFile.runs || []) { - const tool = run3.tool || {}; - const driver = tool.driver || {}; - if (typeof driver.name === "string" && driver.name.length > 0) { - toolNames[driver.name] = true; - } - } - return Object.keys(toolNames); -} -function readSarifFile(sarifFilePath) { - return JSON.parse(fs.readFileSync(sarifFilePath, "utf8")); -} -function combineSarifFiles(sarifFiles, logger) { - logger.info(`Loading SARIF file(s)`); - const combinedSarif = { - version: "2.1.0", - runs: [] - }; - for (const sarifFile of sarifFiles) { - logger.debug(`Loading SARIF file: ${sarifFile}`); - const sarifObject = readSarifFile(sarifFile); - if (combinedSarif.version === null) { - combinedSarif.version = sarifObject.version; - } else if (combinedSarif.version !== sarifObject.version) { - throw new InvalidSarifUploadError( - `Different SARIF versions encountered: ${combinedSarif.version} and ${sarifObject.version}` - ); - } - combinedSarif.runs.push(...sarifObject.runs); - } - return combinedSarif; -} -function areAllRunsProducedByCodeQL(sarifObjects) { - return sarifObjects.every((sarifObject) => { - return sarifObject.runs?.every( - (run3) => run3.tool?.driver?.name === "CodeQL" - ); - }); -} -function createRunKey(run3) { - return { - name: run3.tool?.driver?.name, - fullName: run3.tool?.driver?.fullName, - version: run3.tool?.driver?.version, - semanticVersion: run3.tool?.driver?.semanticVersion, - guid: run3.tool?.driver?.guid, - automationId: run3.automationDetails?.id - }; -} -function areAllRunsUnique(sarifObjects) { - const keys = /* @__PURE__ */ new Set(); - for (const sarifObject of sarifObjects) { - for (const run3 of sarifObject.runs) { - const key = JSON.stringify(createRunKey(run3)); - if (keys.has(key)) { - return false; - } - keys.add(key); - } - } - return true; -} - // src/util.ts var BASE_DATABASE_OIDS_FILE_NAME = "base-database-oids.json"; var BROKEN_VERSIONS = ["0.0.0-20211207"]; @@ -164210,12 +164141,12 @@ function getBaseDatabaseOidsFilePath(config) { async function bundleDb(config, language, codeql, dbName, { includeDiagnostics }) { const databasePath = getCodeQLDatabasePath(config, language); const databaseBundlePath = path.resolve(config.dbLocation, `${dbName}.zip`); - if (fs2.existsSync(databaseBundlePath)) { - await fs2.promises.rm(databaseBundlePath, { force: true }); + if (fs.existsSync(databaseBundlePath)) { + await fs.promises.rm(databaseBundlePath, { force: true }); } const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); const additionalFiles = []; - if (fs2.existsSync(baseDatabaseOidsFilePath)) { + if (fs.existsSync(baseDatabaseOidsFilePath)) { await fsPromises.copyFile( baseDatabaseOidsFilePath, path.join(databasePath, BASE_DATABASE_OIDS_FILE_NAME) @@ -164258,7 +164189,7 @@ function getTestingEnvironment() { } function doesDirectoryExist(dirPath) { try { - const stats = fs2.lstatSync(dirPath); + const stats = fs.lstatSync(dirPath); return stats.isDirectory(); } catch { return false; @@ -164268,7 +164199,7 @@ function listFolder(dir) { if (!doesDirectoryExist(dir)) { return []; } - const entries = fs2.readdirSync(dir, { withFileTypes: true }); + const entries = fs.readdirSync(dir, { withFileTypes: true }); let files = []; for (const entry of entries) { if (entry.isFile()) { @@ -164351,7 +164282,7 @@ function cloneObject(obj) { async function cleanUpPath(file, name, logger) { logger.debug(`Cleaning up ${name}.`); try { - await fs2.promises.rm(file, { + await fs.promises.rm(file, { force: true, recursive: true }); @@ -164409,7 +164340,7 @@ function getRelativeScriptPath() { function getWorkflowEvent() { const eventJsonFile = getRequiredEnvParam("GITHUB_EVENT_PATH"); try { - return JSON.parse(fs3.readFileSync(eventJsonFile, "utf-8")); + return JSON.parse(fs2.readFileSync(eventJsonFile, "utf-8")); } catch (e) { throw new Error( `Unable to read workflow event JSON from ${eventJsonFile}: ${e}` @@ -164425,7 +164356,7 @@ async function printDebugLogs(config) { continue; } const walkLogFiles = (dir) => { - const entries = fs3.readdirSync(dir, { withFileTypes: true }); + const entries = fs2.readdirSync(dir, { withFileTypes: true }); if (entries.length === 0) { core4.info(`No debug logs found at directory ${logsDirectory}.`); } @@ -164435,7 +164366,7 @@ async function printDebugLogs(config) { core4.startGroup( `CodeQL Debug Logs - ${language} - ${entry.name} from file at path ${absolutePath}` ); - process.stdout.write(fs3.readFileSync(absolutePath)); + process.stdout.write(fs2.readFileSync(absolutePath)); core4.endGroup(); } else if (entry.isDirectory()) { walkLogFiles(path2.resolve(dir, entry.name)); @@ -164856,7 +164787,7 @@ function wrapApiConfigurationError(e) { var core6 = __toESM(require_core()); // src/codeql.ts -var fs12 = __toESM(require("fs")); +var fs11 = __toESM(require("fs")); var path11 = __toESM(require("path")); var core10 = __toESM(require_core()); var toolrunner3 = __toESM(require_toolrunner()); @@ -165104,7 +165035,7 @@ function wrapCliConfigurationError(cliError) { } // src/config-utils.ts -var fs8 = __toESM(require("fs")); +var fs7 = __toESM(require("fs")); var path8 = __toESM(require("path")); // src/analyses.ts @@ -165278,11 +165209,11 @@ function writeDiagnostic(config, language, diagnostic) { } // src/diff-informed-analysis-utils.ts -var fs6 = __toESM(require("fs")); +var fs5 = __toESM(require("fs")); var path6 = __toESM(require("path")); // src/feature-flags.ts -var fs5 = __toESM(require("fs")); +var fs4 = __toESM(require("fs")); var path5 = __toESM(require("path")); var semver5 = __toESM(require_semver2()); @@ -165291,7 +165222,7 @@ var bundleVersion = "codeql-bundle-v2.24.2"; var cliVersion = "2.24.2"; // src/overlay/index.ts -var fs4 = __toESM(require("fs")); +var fs3 = __toESM(require("fs")); var path4 = __toESM(require("path")); var actionsCache = __toESM(require_cache5()); @@ -165502,12 +165433,12 @@ async function writeBaseDatabaseOidsFile(config, sourceRoot) { const gitFileOids = await getFileOidsUnderPath(sourceRoot); const gitFileOidsJson = JSON.stringify(gitFileOids); const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); - await fs4.promises.writeFile(baseDatabaseOidsFilePath, gitFileOidsJson); + await fs3.promises.writeFile(baseDatabaseOidsFilePath, gitFileOidsJson); } async function readBaseDatabaseOidsFile(config, logger) { const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); try { - const contents = await fs4.promises.readFile( + const contents = await fs3.promises.readFile( baseDatabaseOidsFilePath, "utf-8" ); @@ -165534,7 +165465,7 @@ async function writeOverlayChangesFile(config, sourceRoot, logger) { logger.debug( `Writing overlay changed files to ${overlayChangesFile}: ${changedFilesJson}` ); - await fs4.promises.writeFile(overlayChangesFile, changedFilesJson); + await fs3.promises.writeFile(overlayChangesFile, changedFilesJson); return overlayChangesFile; } function computeChangedFiles(baseFileOids, overlayFileOids) { @@ -166040,12 +165971,12 @@ var GitHubFeatureFlags = class { } async readLocalFlags() { try { - if (fs5.existsSync(this.featureFlagsFile)) { + if (fs4.existsSync(this.featureFlagsFile)) { this.logger.debug( `Loading feature flags from ${this.featureFlagsFile}` ); return JSON.parse( - fs5.readFileSync(this.featureFlagsFile, "utf8") + fs4.readFileSync(this.featureFlagsFile, "utf8") ); } } catch (e) { @@ -166058,7 +165989,7 @@ var GitHubFeatureFlags = class { async writeLocalFlags(flags) { try { this.logger.debug(`Writing feature flags to ${this.featureFlagsFile}`); - fs5.writeFileSync(this.featureFlagsFile, JSON.stringify(flags)); + fs4.writeFileSync(this.featureFlagsFile, JSON.stringify(flags)); } catch (e) { this.logger.warning( `Error writing cached feature flags file ${this.featureFlagsFile}: ${e}.` @@ -166134,11 +166065,11 @@ function getDiffRangesJsonFilePath() { } function readDiffRangesJsonFile(logger) { const jsonFilePath = getDiffRangesJsonFilePath(); - if (!fs6.existsSync(jsonFilePath)) { + if (!fs5.existsSync(jsonFilePath)) { logger.debug(`Diff ranges JSON file does not exist at ${jsonFilePath}`); return void 0; } - const jsonContents = fs6.readFileSync(jsonFilePath, "utf8"); + const jsonContents = fs5.readFileSync(jsonFilePath, "utf8"); logger.debug( `Read pr-diff-range JSON file from ${jsonFilePath}: ${jsonContents}` @@ -166147,7 +166078,7 @@ ${jsonContents}` } // src/overlay/status.ts -var fs7 = __toESM(require("fs")); +var fs6 = __toESM(require("fs")); var path7 = __toESM(require("path")); var actionsCache2 = __toESM(require_cache5()); var MAX_CACHE_OPERATION_MS = 3e4; @@ -166164,8 +166095,8 @@ async function saveOverlayStatus(codeql, languages, diskUsage, status, logger) { const cacheKey = await getCacheKey(codeql, languages, diskUsage); const statusFile = getStatusFilePath(languages); try { - await fs7.promises.mkdir(path7.dirname(statusFile), { recursive: true }); - await fs7.promises.writeFile(statusFile, JSON.stringify(status)); + await fs6.promises.mkdir(path7.dirname(statusFile), { recursive: true }); + await fs6.promises.writeFile(statusFile, JSON.stringify(status)); const cacheId = await waitForResultWithTimeLimit( MAX_CACHE_OPERATION_MS, actionsCache2.saveCache([statusFile], cacheKey), @@ -166228,10 +166159,10 @@ function getPathToParsedConfigFile(tempDir) { } async function getConfig(tempDir, logger) { const configFile = getPathToParsedConfigFile(tempDir); - if (!fs8.existsSync(configFile)) { + if (!fs7.existsSync(configFile)) { return void 0; } - const configString = fs8.readFileSync(configFile, "utf8"); + const configString = fs7.readFileSync(configFile, "utf8"); logger.debug("Loaded config:"); logger.debug(configString); const config = JSON.parse(configString); @@ -166270,7 +166201,7 @@ function isCodeScanningEnabled(config) { } // src/setup-codeql.ts -var fs11 = __toESM(require("fs")); +var fs10 = __toESM(require("fs")); var path10 = __toESM(require("path")); var toolcache3 = __toESM(require_tool_cache()); var import_fast_deep_equal = __toESM(require_fast_deep_equal()); @@ -166332,7 +166263,7 @@ var v4_default = v4; // src/tar.ts var import_child_process = require("child_process"); -var fs9 = __toESM(require("fs")); +var fs8 = __toESM(require("fs")); var stream = __toESM(require("stream")); var import_toolrunner = __toESM(require_toolrunner()); var io4 = __toESM(require_io()); @@ -166405,7 +166336,7 @@ async function isZstdAvailable(logger) { } } async function extract(tarPath, dest, compressionMethod, tarVersion, logger) { - fs9.mkdirSync(dest, { recursive: true }); + fs8.mkdirSync(dest, { recursive: true }); switch (compressionMethod) { case "gzip": return await toolcache.extractTar(tarPath, dest); @@ -166489,7 +166420,7 @@ function inferCompressionMethod(tarPath) { } // src/tools-download.ts -var fs10 = __toESM(require("fs")); +var fs9 = __toESM(require("fs")); var os = __toESM(require("os")); var path9 = __toESM(require("path")); var import_perf_hooks = require("perf_hooks"); @@ -166596,7 +166527,7 @@ async function downloadAndExtract(codeqlURL, compressionMethod, dest, authorizat }; } async function downloadAndExtractZstdWithStreaming(codeqlURL, dest, authorization, headers, tarVersion, logger) { - fs10.mkdirSync(dest, { recursive: true }); + fs9.mkdirSync(dest, { recursive: true }); const agent = new import_http_client.HttpClient().getAgent(codeqlURL); headers = Object.assign( { "User-Agent": "CodeQL Action" }, @@ -166633,7 +166564,7 @@ function getToolcacheDirectory(version) { } function writeToolcacheMarkerFile(extractedPath, logger) { const markerFilePath = `${extractedPath}.complete`; - fs10.writeFileSync(markerFilePath, ""); + fs9.writeFileSync(markerFilePath, ""); logger.info(`Created toolcache marker file ${markerFilePath}`); } function sanitizeUrlForStatusReport(url2) { @@ -166768,7 +166699,7 @@ async function findOverridingToolsInCache(humanReadableVersion, logger) { const candidates = toolcache3.findAllVersions("CodeQL").filter(isGoodVersion).map((version) => ({ folder: toolcache3.find("CodeQL", version), version - })).filter(({ folder }) => fs11.existsSync(path10.join(folder, "pinned-version"))); + })).filter(({ folder }) => fs10.existsSync(path10.join(folder, "pinned-version"))); if (candidates.length === 1) { const candidate = candidates[0]; logger.debug( @@ -167322,7 +167253,7 @@ async function getCodeQLForCmd(cmd, checkVersion) { "tools", "tracing-config.lua" ); - return fs12.existsSync(tracingConfigPath); + return fs11.existsSync(tracingConfigPath); }, async isScannedLanguage(language) { return !await this.isTracedLanguage(language); @@ -167802,7 +167733,7 @@ async function writeCodeScanningConfigFile(config, logger) { logger.startGroup("Augmented user configuration file contents"); logger.info(dump(augmentedConfig)); logger.endGroup(); - fs12.writeFileSync(codeScanningConfigFile, dump(augmentedConfig)); + fs11.writeFileSync(codeScanningConfigFile, dump(augmentedConfig)); return codeScanningConfigFile; } var TRAP_CACHE_SIZE_MB = 1024; @@ -167846,7 +167777,7 @@ async function getJobRunUuidSarifOptions(codeql) { } // src/debug-artifacts.ts -var fs15 = __toESM(require("fs")); +var fs14 = __toESM(require("fs")); var path14 = __toESM(require("path")); var artifact = __toESM(require_artifact2()); var artifactLegacy = __toESM(require_artifact_client2()); @@ -167854,7 +167785,7 @@ var core12 = __toESM(require_core()); var import_archiver = __toESM(require_archiver()); // src/analyze.ts -var fs13 = __toESM(require("fs")); +var fs12 = __toESM(require("fs")); var path12 = __toESM(require("path")); var io5 = __toESM(require_io()); @@ -167886,7 +167817,7 @@ function dbIsFinalized(config, language, logger) { const dbPath = getCodeQLDatabasePath(config, language); try { const dbInfo = load( - fs13.readFileSync(path12.resolve(dbPath, "codeql-database.yml"), "utf8") + fs12.readFileSync(path12.resolve(dbPath, "codeql-database.yml"), "utf8") ); return !("inProgress" in dbInfo); } catch { @@ -167898,7 +167829,7 @@ function dbIsFinalized(config, language, logger) { } // src/artifact-scanner.ts -var fs14 = __toESM(require("fs")); +var fs13 = __toESM(require("fs")); var os2 = __toESM(require("os")); var path13 = __toESM(require("path")); var exec = __toESM(require_exec()); @@ -167937,7 +167868,7 @@ var GITHUB_TOKEN_PATTERNS = [ function scanFileForTokens(filePath, relativePath, logger) { const findings = []; try { - const content = fs14.readFileSync(filePath, "utf8"); + const content = fs13.readFileSync(filePath, "utf8"); for (const { type: type2, pattern } of GITHUB_TOKEN_PATTERNS) { const matches = content.match(pattern); if (matches) { @@ -167967,7 +167898,7 @@ async function scanArchiveFile(archivePath, relativeArchivePath, extractDir, log findings: [] }; try { - const tempExtractDir = fs14.mkdtempSync( + const tempExtractDir = fs13.mkdtempSync( path13.join(extractDir, `extract-${depth}-`) ); const fileName = path13.basename(archivePath).toLowerCase(); @@ -168001,7 +167932,7 @@ async function scanArchiveFile(archivePath, relativeArchivePath, extractDir, log path13.basename(archivePath, ".gz") ); await exec.exec("gunzip", ["-c", archivePath], { - outStream: fs14.createWriteStream(outputFile), + outStream: fs13.createWriteStream(outputFile), silent: true }); } else if (fileName.endsWith(".zip")) { @@ -168022,7 +167953,7 @@ async function scanArchiveFile(archivePath, relativeArchivePath, extractDir, log ); result.scannedFiles += scanResult.scannedFiles; result.findings.push(...scanResult.findings); - fs14.rmSync(tempExtractDir, { recursive: true, force: true }); + fs13.rmSync(tempExtractDir, { recursive: true, force: true }); } catch (e) { logger.debug( `Could not extract or scan archive file ${archivePath}: ${getErrorMessage(e)}` @@ -168057,7 +167988,7 @@ async function scanDirectory(dirPath, baseRelativePath, logger, depth = 0) { scannedFiles: 0, findings: [] }; - const entries = fs14.readdirSync(dirPath, { withFileTypes: true }); + const entries = fs13.readdirSync(dirPath, { withFileTypes: true }); for (const entry of entries) { const fullPath = path13.join(dirPath, entry.name); const relativePath = path13.join(baseRelativePath, entry.name); @@ -168092,10 +168023,10 @@ async function scanArtifactsForTokens(filesToScan, logger) { scannedFiles: 0, findings: [] }; - const tempScanDir = fs14.mkdtempSync(path13.join(os2.tmpdir(), "artifact-scan-")); + const tempScanDir = fs13.mkdtempSync(path13.join(os2.tmpdir(), "artifact-scan-")); try { for (const filePath of filesToScan) { - const stats = fs14.statSync(filePath); + const stats = fs13.statSync(filePath); const fileName = path13.basename(filePath); if (stats.isDirectory()) { const dirResult = await scanDirectory(filePath, fileName, logger); @@ -168133,7 +168064,7 @@ async function scanArtifactsForTokens(filesToScan, logger) { } } finally { try { - fs14.rmSync(tempScanDir, { recursive: true, force: true }); + fs13.rmSync(tempScanDir, { recursive: true, force: true }); } catch (e) { logger.debug( `Could not clean up temporary scan directory: ${getErrorMessage(e)}` @@ -168149,17 +168080,17 @@ function sanitizeArtifactName(name) { function tryPrepareSarifDebugArtifact(config, language, logger) { try { const analyzeActionOutputDir = process.env["CODEQL_ACTION_SARIF_RESULTS_OUTPUT_DIR" /* SARIF_RESULTS_OUTPUT_DIR */]; - if (analyzeActionOutputDir !== void 0 && fs15.existsSync(analyzeActionOutputDir) && fs15.lstatSync(analyzeActionOutputDir).isDirectory()) { + if (analyzeActionOutputDir !== void 0 && fs14.existsSync(analyzeActionOutputDir) && fs14.lstatSync(analyzeActionOutputDir).isDirectory()) { const sarifFile = path14.resolve( analyzeActionOutputDir, `${language}.sarif` ); - if (fs15.existsSync(sarifFile)) { + if (fs14.existsSync(sarifFile)) { const sarifInDbLocation = path14.resolve( config.dbLocation, `${language}.sarif` ); - fs15.copyFileSync(sarifFile, sarifInDbLocation); + fs14.copyFileSync(sarifFile, sarifInDbLocation); return sarifInDbLocation; } } @@ -168338,10 +168269,10 @@ async function createPartialDatabaseBundle(config, language) { core12.info( `${config.debugDatabaseName}-${language} is not finalized. Uploading partial database bundle at ${databaseBundlePath}...` ); - if (fs15.existsSync(databaseBundlePath)) { - await fs15.promises.rm(databaseBundlePath, { force: true }); + if (fs14.existsSync(databaseBundlePath)) { + await fs14.promises.rm(databaseBundlePath, { force: true }); } - const output = fs15.createWriteStream(databaseBundlePath); + const output = fs14.createWriteStream(databaseBundlePath); const zip = (0, import_archiver.default)("zip"); zip.on("error", (err) => { throw err; @@ -168380,7 +168311,7 @@ var core13 = __toESM(require_core()); var jsonschema2 = __toESM(require_lib2()); // src/fingerprints.ts -var fs16 = __toESM(require("fs")); +var fs15 = __toESM(require("fs")); var import_path2 = __toESM(require("path")); // node_modules/long/index.js @@ -169368,7 +169299,7 @@ async function hash(callback, filepath) { } updateHash(current); }; - const readStream = fs16.createReadStream(filepath, "utf8"); + const readStream = fs15.createReadStream(filepath, "utf8"); for await (const data of readStream) { for (let i = 0; i < data.length; ++i) { processCharacter(data.charCodeAt(i)); @@ -169443,11 +169374,11 @@ function resolveUriToFile(location, artifacts, sourceRoot, logger) { if (!import_path2.default.isAbsolute(uri)) { uri = srcRootPrefix + uri; } - if (!fs16.existsSync(uri)) { + if (!fs15.existsSync(uri)) { logger.debug(`Unable to compute fingerprint for non-existent file: ${uri}`); return void 0; } - if (fs16.statSync(uri).isDirectory()) { + if (fs15.statSync(uri).isDirectory()) { logger.debug(`Unable to compute fingerprint for directory: ${uri}`); return void 0; } @@ -169533,6 +169464,73 @@ async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVe }; } +// src/sarif/index.ts +var fs16 = __toESM(require("fs")); +var InvalidSarifUploadError = class extends Error { +}; +function getToolNames(sarifFile) { + const toolNames = {}; + for (const run3 of sarifFile.runs || []) { + const tool = run3.tool || {}; + const driver = tool.driver || {}; + if (typeof driver.name === "string" && driver.name.length > 0) { + toolNames[driver.name] = true; + } + } + return Object.keys(toolNames); +} +function readSarifFile(sarifFilePath) { + return JSON.parse(fs16.readFileSync(sarifFilePath, "utf8")); +} +function combineSarifFiles(sarifFiles, logger) { + logger.info(`Loading SARIF file(s)`); + const combinedSarif = { + version: "2.1.0", + runs: [] + }; + for (const sarifFile of sarifFiles) { + logger.debug(`Loading SARIF file: ${sarifFile}`); + const sarifObject = readSarifFile(sarifFile); + if (combinedSarif.version === null) { + combinedSarif.version = sarifObject.version; + } else if (combinedSarif.version !== sarifObject.version) { + throw new InvalidSarifUploadError( + `Different SARIF versions encountered: ${combinedSarif.version} and ${sarifObject.version}` + ); + } + combinedSarif.runs.push(...sarifObject.runs); + } + return combinedSarif; +} +function areAllRunsProducedByCodeQL(sarifLogs) { + return sarifLogs.every((sarifLog) => { + return sarifLog.runs?.every((run3) => run3.tool?.driver?.name === "CodeQL"); + }); +} +function createRunKey(run3) { + return { + name: run3.tool?.driver?.name, + fullName: run3.tool?.driver?.fullName, + version: run3.tool?.driver?.version, + semanticVersion: run3.tool?.driver?.semanticVersion, + guid: run3.tool?.driver?.guid, + automationId: run3.automationDetails?.id + }; +} +function areAllRunsUnique(sarifLogs) { + const keys = /* @__PURE__ */ new Set(); + for (const sarifLog of sarifLogs) { + for (const run3 of sarifLog.runs) { + const key = JSON.stringify(createRunKey(run3)); + if (keys.has(key)) { + return false; + } + keys.add(key); + } + } + return true; +} + // src/upload-lib.ts var GENERIC_403_MSG = "The repo on which this action is running has not opted-in to CodeQL code scanning."; var GENERIC_404_MSG = "The CodeQL code scanning feature is forbidden on this repository."; @@ -169739,7 +169737,7 @@ function countResultsInSarif(sarifLog) { } return numResults; } -function readSarifFile2(sarifFilePath) { +function readSarifFileOrThrow(sarifFilePath) { try { return readSarifFile(sarifFilePath); } catch (e) { @@ -169825,7 +169823,7 @@ async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths, category = analysis.fixCategory(logger, category); if (sarifPaths.length > 1) { for (const sarifPath of sarifPaths) { - const parsedSarif = readSarifFile2(sarifPath); + const parsedSarif = readSarifFileOrThrow(sarifPath); validateSarifFileSchema(parsedSarif, sarifPath, logger); } sarifLog = await combineSarifFilesUsingCLI( @@ -169836,7 +169834,7 @@ async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths, ); } else { const sarifPath = sarifPaths[0]; - sarifLog = readSarifFile2(sarifPath); + sarifLog = readSarifFileOrThrow(sarifPath); validateSarifFileSchema(sarifLog, sarifPath, logger); await throwIfCombineSarifFilesDisabled([sarifLog], gitHubVersion); } diff --git a/lib/upload-lib.js b/lib/upload-lib.js index 4faf8586f..edd885103 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -103235,7 +103235,7 @@ __export(upload_lib_exports, { getGroupedSarifFilePaths: () => getGroupedSarifFilePaths, populateRunAutomationDetails: () => populateRunAutomationDetails, postProcessSarifFiles: () => postProcessSarifFiles, - readSarifFile: () => readSarifFile2, + readSarifFileOrThrow: () => readSarifFileOrThrow, shouldConsiderConfigurationError: () => shouldConsiderConfigurationError, shouldConsiderInvalidRequest: () => shouldConsiderInvalidRequest, shouldShowCombineSarifFilesDeprecationWarning: () => shouldShowCombineSarifFilesDeprecationWarning, @@ -103257,7 +103257,7 @@ var core11 = __toESM(require_core()); var jsonschema2 = __toESM(require_lib2()); // src/actions-util.ts -var fs3 = __toESM(require("fs")); +var fs2 = __toESM(require("fs")); var path2 = __toESM(require("path")); var core4 = __toESM(require_core()); var toolrunner = __toESM(require_toolrunner()); @@ -103265,7 +103265,7 @@ var github = __toESM(require_github()); var io2 = __toESM(require_io()); // src/util.ts -var fs2 = __toESM(require("fs")); +var fs = __toESM(require("fs")); var path = __toESM(require("path")); var core3 = __toESM(require_core()); var io = __toESM(require_io()); @@ -105913,77 +105913,6 @@ var safeDump = renamed("safeDump", "dump"); // src/util.ts var semver = __toESM(require_semver2()); - -// src/sarif/index.ts -var fs = __toESM(require("fs")); -var InvalidSarifUploadError = class extends Error { -}; -function getToolNames(sarifFile) { - const toolNames = {}; - for (const run of sarifFile.runs || []) { - const tool = run.tool || {}; - const driver = tool.driver || {}; - if (typeof driver.name === "string" && driver.name.length > 0) { - toolNames[driver.name] = true; - } - } - return Object.keys(toolNames); -} -function readSarifFile(sarifFilePath) { - return JSON.parse(fs.readFileSync(sarifFilePath, "utf8")); -} -function combineSarifFiles(sarifFiles, logger) { - logger.info(`Loading SARIF file(s)`); - const combinedSarif = { - version: "2.1.0", - runs: [] - }; - for (const sarifFile of sarifFiles) { - logger.debug(`Loading SARIF file: ${sarifFile}`); - const sarifObject = readSarifFile(sarifFile); - if (combinedSarif.version === null) { - combinedSarif.version = sarifObject.version; - } else if (combinedSarif.version !== sarifObject.version) { - throw new InvalidSarifUploadError( - `Different SARIF versions encountered: ${combinedSarif.version} and ${sarifObject.version}` - ); - } - combinedSarif.runs.push(...sarifObject.runs); - } - return combinedSarif; -} -function areAllRunsProducedByCodeQL(sarifObjects) { - return sarifObjects.every((sarifObject) => { - return sarifObject.runs?.every( - (run) => run.tool?.driver?.name === "CodeQL" - ); - }); -} -function createRunKey(run) { - return { - name: run.tool?.driver?.name, - fullName: run.tool?.driver?.fullName, - version: run.tool?.driver?.version, - semanticVersion: run.tool?.driver?.semanticVersion, - guid: run.tool?.driver?.guid, - automationId: run.automationDetails?.id - }; -} -function areAllRunsUnique(sarifObjects) { - const keys = /* @__PURE__ */ new Set(); - for (const sarifObject of sarifObjects) { - for (const run of sarifObject.runs) { - const key = JSON.stringify(createRunKey(run)); - if (keys.has(key)) { - return false; - } - keys.add(key); - } - } - return true; -} - -// src/util.ts var BASE_DATABASE_OIDS_FILE_NAME = "base-database-oids.json"; var BROKEN_VERSIONS = ["0.0.0-20211207"]; var GITHUB_DOTCOM_URL = "https://github.com"; @@ -106145,7 +106074,7 @@ function cloneObject(obj) { async function cleanUpPath(file, name, logger) { logger.debug(`Cleaning up ${name}.`); try { - await fs2.promises.rm(file, { + await fs.promises.rm(file, { force: true, recursive: true }); @@ -106203,7 +106132,7 @@ function getRelativeScriptPath() { function getWorkflowEvent() { const eventJsonFile = getRequiredEnvParam("GITHUB_EVENT_PATH"); try { - return JSON.parse(fs3.readFileSync(eventJsonFile, "utf-8")); + return JSON.parse(fs2.readFileSync(eventJsonFile, "utf-8")); } catch (e) { throw new Error( `Unable to read workflow event JSON from ${eventJsonFile}: ${e}` @@ -106635,7 +106564,7 @@ function wrapApiConfigurationError(e) { } // src/codeql.ts -var fs10 = __toESM(require("fs")); +var fs9 = __toESM(require("fs")); var path9 = __toESM(require("path")); var core10 = __toESM(require_core()); var toolrunner3 = __toESM(require_toolrunner()); @@ -106883,7 +106812,7 @@ function wrapCliConfigurationError(cliError) { } // src/config-utils.ts -var fs6 = __toESM(require("fs")); +var fs5 = __toESM(require("fs")); var path6 = __toESM(require("path")); // src/caching-utils.ts @@ -106998,7 +106927,7 @@ function writeDiagnostic(config, language, diagnostic) { } // src/diff-informed-analysis-utils.ts -var fs5 = __toESM(require("fs")); +var fs4 = __toESM(require("fs")); var path5 = __toESM(require("path")); // src/feature-flags.ts @@ -107009,7 +106938,7 @@ var bundleVersion = "codeql-bundle-v2.24.2"; var cliVersion = "2.24.2"; // src/overlay/index.ts -var fs4 = __toESM(require("fs")); +var fs3 = __toESM(require("fs")); var path4 = __toESM(require("path")); var actionsCache = __toESM(require_cache5()); @@ -107220,12 +107149,12 @@ async function writeBaseDatabaseOidsFile(config, sourceRoot) { const gitFileOids = await getFileOidsUnderPath(sourceRoot); const gitFileOidsJson = JSON.stringify(gitFileOids); const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); - await fs4.promises.writeFile(baseDatabaseOidsFilePath, gitFileOidsJson); + await fs3.promises.writeFile(baseDatabaseOidsFilePath, gitFileOidsJson); } async function readBaseDatabaseOidsFile(config, logger) { const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); try { - const contents = await fs4.promises.readFile( + const contents = await fs3.promises.readFile( baseDatabaseOidsFilePath, "utf-8" ); @@ -107252,7 +107181,7 @@ async function writeOverlayChangesFile(config, sourceRoot, logger) { logger.debug( `Writing overlay changed files to ${overlayChangesFile}: ${changedFilesJson}` ); - await fs4.promises.writeFile(overlayChangesFile, changedFilesJson); + await fs3.promises.writeFile(overlayChangesFile, changedFilesJson); return overlayChangesFile; } function computeChangedFiles(baseFileOids, overlayFileOids) { @@ -107523,11 +107452,11 @@ function getDiffRangesJsonFilePath() { } function readDiffRangesJsonFile(logger) { const jsonFilePath = getDiffRangesJsonFilePath(); - if (!fs5.existsSync(jsonFilePath)) { + if (!fs4.existsSync(jsonFilePath)) { logger.debug(`Diff ranges JSON file does not exist at ${jsonFilePath}`); return void 0; } - const jsonContents = fs5.readFileSync(jsonFilePath, "utf8"); + const jsonContents = fs4.readFileSync(jsonFilePath, "utf8"); logger.debug( `Read pr-diff-range JSON file from ${jsonFilePath}: ${jsonContents}` @@ -107576,10 +107505,10 @@ function getPathToParsedConfigFile(tempDir) { } async function getConfig(tempDir, logger) { const configFile = getPathToParsedConfigFile(tempDir); - if (!fs6.existsSync(configFile)) { + if (!fs5.existsSync(configFile)) { return void 0; } - const configString = fs6.readFileSync(configFile, "utf8"); + const configString = fs5.readFileSync(configFile, "utf8"); logger.debug("Loaded config:"); logger.debug(configString); const config = JSON.parse(configString); @@ -107615,7 +107544,7 @@ function appendExtraQueryExclusions(extraQueryExclusions, cliConfig) { } // src/setup-codeql.ts -var fs9 = __toESM(require("fs")); +var fs8 = __toESM(require("fs")); var path8 = __toESM(require("path")); var toolcache3 = __toESM(require_tool_cache()); var import_fast_deep_equal = __toESM(require_fast_deep_equal()); @@ -107677,7 +107606,7 @@ var v4_default = v4; // src/tar.ts var import_child_process = require("child_process"); -var fs7 = __toESM(require("fs")); +var fs6 = __toESM(require("fs")); var stream = __toESM(require("stream")); var import_toolrunner = __toESM(require_toolrunner()); var io4 = __toESM(require_io()); @@ -107750,7 +107679,7 @@ async function isZstdAvailable(logger) { } } async function extract(tarPath, dest, compressionMethod, tarVersion, logger) { - fs7.mkdirSync(dest, { recursive: true }); + fs6.mkdirSync(dest, { recursive: true }); switch (compressionMethod) { case "gzip": return await toolcache.extractTar(tarPath, dest); @@ -107834,7 +107763,7 @@ function inferCompressionMethod(tarPath) { } // src/tools-download.ts -var fs8 = __toESM(require("fs")); +var fs7 = __toESM(require("fs")); var os = __toESM(require("os")); var path7 = __toESM(require("path")); var import_perf_hooks = require("perf_hooks"); @@ -107941,7 +107870,7 @@ async function downloadAndExtract(codeqlURL, compressionMethod, dest, authorizat }; } async function downloadAndExtractZstdWithStreaming(codeqlURL, dest, authorization, headers, tarVersion, logger) { - fs8.mkdirSync(dest, { recursive: true }); + fs7.mkdirSync(dest, { recursive: true }); const agent = new import_http_client.HttpClient().getAgent(codeqlURL); headers = Object.assign( { "User-Agent": "CodeQL Action" }, @@ -107978,7 +107907,7 @@ function getToolcacheDirectory(version) { } function writeToolcacheMarkerFile(extractedPath, logger) { const markerFilePath = `${extractedPath}.complete`; - fs8.writeFileSync(markerFilePath, ""); + fs7.writeFileSync(markerFilePath, ""); logger.info(`Created toolcache marker file ${markerFilePath}`); } function sanitizeUrlForStatusReport(url2) { @@ -108113,7 +108042,7 @@ async function findOverridingToolsInCache(humanReadableVersion, logger) { const candidates = toolcache3.findAllVersions("CodeQL").filter(isGoodVersion).map((version) => ({ folder: toolcache3.find("CodeQL", version), version - })).filter(({ folder }) => fs9.existsSync(path8.join(folder, "pinned-version"))); + })).filter(({ folder }) => fs8.existsSync(path8.join(folder, "pinned-version"))); if (candidates.length === 1) { const candidate = candidates[0]; logger.debug( @@ -108667,7 +108596,7 @@ async function getCodeQLForCmd(cmd, checkVersion) { "tools", "tracing-config.lua" ); - return fs10.existsSync(tracingConfigPath); + return fs9.existsSync(tracingConfigPath); }, async isScannedLanguage(language) { return !await this.isTracedLanguage(language); @@ -109147,7 +109076,7 @@ async function writeCodeScanningConfigFile(config, logger) { logger.startGroup("Augmented user configuration file contents"); logger.info(dump(augmentedConfig)); logger.endGroup(); - fs10.writeFileSync(codeScanningConfigFile, dump(augmentedConfig)); + fs9.writeFileSync(codeScanningConfigFile, dump(augmentedConfig)); return codeScanningConfigFile; } var TRAP_CACHE_SIZE_MB = 1024; @@ -109191,7 +109120,7 @@ async function getJobRunUuidSarifOptions(codeql) { } // src/fingerprints.ts -var fs11 = __toESM(require("fs")); +var fs10 = __toESM(require("fs")); var import_path2 = __toESM(require("path")); // node_modules/long/index.js @@ -110179,7 +110108,7 @@ async function hash(callback, filepath) { } updateHash(current); }; - const readStream = fs11.createReadStream(filepath, "utf8"); + const readStream = fs10.createReadStream(filepath, "utf8"); for await (const data of readStream) { for (let i = 0; i < data.length; ++i) { processCharacter(data.charCodeAt(i)); @@ -110254,11 +110183,11 @@ function resolveUriToFile(location, artifacts, sourceRoot, logger) { if (!import_path2.default.isAbsolute(uri)) { uri = srcRootPrefix + uri; } - if (!fs11.existsSync(uri)) { + if (!fs10.existsSync(uri)) { logger.debug(`Unable to compute fingerprint for non-existent file: ${uri}`); return void 0; } - if (fs11.statSync(uri).isDirectory()) { + if (fs10.statSync(uri).isDirectory()) { logger.debug(`Unable to compute fingerprint for directory: ${uri}`); return void 0; } @@ -110344,6 +110273,73 @@ async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVe }; } +// src/sarif/index.ts +var fs11 = __toESM(require("fs")); +var InvalidSarifUploadError = class extends Error { +}; +function getToolNames(sarifFile) { + const toolNames = {}; + for (const run of sarifFile.runs || []) { + const tool = run.tool || {}; + const driver = tool.driver || {}; + if (typeof driver.name === "string" && driver.name.length > 0) { + toolNames[driver.name] = true; + } + } + return Object.keys(toolNames); +} +function readSarifFile(sarifFilePath) { + return JSON.parse(fs11.readFileSync(sarifFilePath, "utf8")); +} +function combineSarifFiles(sarifFiles, logger) { + logger.info(`Loading SARIF file(s)`); + const combinedSarif = { + version: "2.1.0", + runs: [] + }; + for (const sarifFile of sarifFiles) { + logger.debug(`Loading SARIF file: ${sarifFile}`); + const sarifObject = readSarifFile(sarifFile); + if (combinedSarif.version === null) { + combinedSarif.version = sarifObject.version; + } else if (combinedSarif.version !== sarifObject.version) { + throw new InvalidSarifUploadError( + `Different SARIF versions encountered: ${combinedSarif.version} and ${sarifObject.version}` + ); + } + combinedSarif.runs.push(...sarifObject.runs); + } + return combinedSarif; +} +function areAllRunsProducedByCodeQL(sarifLogs) { + return sarifLogs.every((sarifLog) => { + return sarifLog.runs?.every((run) => run.tool?.driver?.name === "CodeQL"); + }); +} +function createRunKey(run) { + return { + name: run.tool?.driver?.name, + fullName: run.tool?.driver?.fullName, + version: run.tool?.driver?.version, + semanticVersion: run.tool?.driver?.semanticVersion, + guid: run.tool?.driver?.guid, + automationId: run.automationDetails?.id + }; +} +function areAllRunsUnique(sarifLogs) { + const keys = /* @__PURE__ */ new Set(); + for (const sarifLog of sarifLogs) { + for (const run of sarifLog.runs) { + const key = JSON.stringify(createRunKey(run)); + if (keys.has(key)) { + return false; + } + keys.add(key); + } + } + return true; +} + // src/upload-lib.ts var GENERIC_403_MSG = "The repo on which this action is running has not opted-in to CodeQL code scanning."; var GENERIC_404_MSG = "The CodeQL code scanning feature is forbidden on this repository."; @@ -110598,7 +110594,7 @@ function countResultsInSarif(sarifLog) { } return numResults; } -function readSarifFile2(sarifFilePath) { +function readSarifFileOrThrow(sarifFilePath) { try { return readSarifFile(sarifFilePath); } catch (e) { @@ -110684,7 +110680,7 @@ async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths, category = analysis.fixCategory(logger, category); if (sarifPaths.length > 1) { for (const sarifPath of sarifPaths) { - const parsedSarif = readSarifFile2(sarifPath); + const parsedSarif = readSarifFileOrThrow(sarifPath); validateSarifFileSchema(parsedSarif, sarifPath, logger); } sarifLog = await combineSarifFilesUsingCLI( @@ -110695,7 +110691,7 @@ async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths, ); } else { const sarifPath = sarifPaths[0]; - sarifLog = readSarifFile2(sarifPath); + sarifLog = readSarifFileOrThrow(sarifPath); validateSarifFileSchema(sarifLog, sarifPath, logger); await throwIfCombineSarifFilesDisabled([sarifLog], gitHubVersion); } @@ -110970,7 +110966,7 @@ function filterAlertsByDiffRange(logger, sarifLog) { getGroupedSarifFilePaths, populateRunAutomationDetails, postProcessSarifFiles, - readSarifFile, + readSarifFileOrThrow, shouldConsiderConfigurationError, shouldConsiderInvalidRequest, shouldShowCombineSarifFilesDeprecationWarning, diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index 00c563e74..4aa79da84 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -103231,7 +103231,7 @@ var require_sarif_schema_2_1_0 = __commonJS({ var core13 = __toESM(require_core()); // src/actions-util.ts -var fs3 = __toESM(require("fs")); +var fs2 = __toESM(require("fs")); var path2 = __toESM(require("path")); var core4 = __toESM(require_core()); var toolrunner = __toESM(require_toolrunner()); @@ -103239,7 +103239,7 @@ var github = __toESM(require_github()); var io2 = __toESM(require_io()); // src/util.ts -var fs2 = __toESM(require("fs")); +var fs = __toESM(require("fs")); var fsPromises = __toESM(require("fs/promises")); var path = __toESM(require("path")); var core3 = __toESM(require_core()); @@ -105888,77 +105888,6 @@ var safeDump = renamed("safeDump", "dump"); // src/util.ts var semver = __toESM(require_semver2()); - -// src/sarif/index.ts -var fs = __toESM(require("fs")); -var InvalidSarifUploadError = class extends Error { -}; -function getToolNames(sarifFile) { - const toolNames = {}; - for (const run2 of sarifFile.runs || []) { - const tool = run2.tool || {}; - const driver = tool.driver || {}; - if (typeof driver.name === "string" && driver.name.length > 0) { - toolNames[driver.name] = true; - } - } - return Object.keys(toolNames); -} -function readSarifFile(sarifFilePath) { - return JSON.parse(fs.readFileSync(sarifFilePath, "utf8")); -} -function combineSarifFiles(sarifFiles, logger) { - logger.info(`Loading SARIF file(s)`); - const combinedSarif = { - version: "2.1.0", - runs: [] - }; - for (const sarifFile of sarifFiles) { - logger.debug(`Loading SARIF file: ${sarifFile}`); - const sarifObject = readSarifFile(sarifFile); - if (combinedSarif.version === null) { - combinedSarif.version = sarifObject.version; - } else if (combinedSarif.version !== sarifObject.version) { - throw new InvalidSarifUploadError( - `Different SARIF versions encountered: ${combinedSarif.version} and ${sarifObject.version}` - ); - } - combinedSarif.runs.push(...sarifObject.runs); - } - return combinedSarif; -} -function areAllRunsProducedByCodeQL(sarifObjects) { - return sarifObjects.every((sarifObject) => { - return sarifObject.runs?.every( - (run2) => run2.tool?.driver?.name === "CodeQL" - ); - }); -} -function createRunKey(run2) { - return { - name: run2.tool?.driver?.name, - fullName: run2.tool?.driver?.fullName, - version: run2.tool?.driver?.version, - semanticVersion: run2.tool?.driver?.semanticVersion, - guid: run2.tool?.driver?.guid, - automationId: run2.automationDetails?.id - }; -} -function areAllRunsUnique(sarifObjects) { - const keys = /* @__PURE__ */ new Set(); - for (const sarifObject of sarifObjects) { - for (const run2 of sarifObject.runs) { - const key = JSON.stringify(createRunKey(run2)); - if (keys.has(key)) { - return false; - } - keys.add(key); - } - } - return true; -} - -// src/util.ts var BASE_DATABASE_OIDS_FILE_NAME = "base-database-oids.json"; var BROKEN_VERSIONS = ["0.0.0-20211207"]; var GITHUB_DOTCOM_URL = "https://github.com"; @@ -106169,7 +106098,7 @@ function cloneObject(obj) { async function cleanUpPath(file, name, logger) { logger.debug(`Cleaning up ${name}.`); try { - await fs2.promises.rm(file, { + await fs.promises.rm(file, { force: true, recursive: true }); @@ -106232,7 +106161,7 @@ function getRelativeScriptPath() { function getWorkflowEvent() { const eventJsonFile = getRequiredEnvParam("GITHUB_EVENT_PATH"); try { - return JSON.parse(fs3.readFileSync(eventJsonFile, "utf-8")); + return JSON.parse(fs2.readFileSync(eventJsonFile, "utf-8")); } catch (e) { throw new Error( `Unable to read workflow event JSON from ${eventJsonFile}: ${e}` @@ -106684,7 +106613,7 @@ function wrapApiConfigurationError(e) { } // src/feature-flags.ts -var fs5 = __toESM(require("fs")); +var fs4 = __toESM(require("fs")); var path4 = __toESM(require("path")); var semver4 = __toESM(require_semver2()); @@ -106693,7 +106622,7 @@ var bundleVersion = "codeql-bundle-v2.24.2"; var cliVersion = "2.24.2"; // src/overlay/index.ts -var fs4 = __toESM(require("fs")); +var fs3 = __toESM(require("fs")); var path3 = __toESM(require("path")); var actionsCache = __toESM(require_cache5()); @@ -106932,12 +106861,12 @@ async function writeBaseDatabaseOidsFile(config, sourceRoot) { const gitFileOids = await getFileOidsUnderPath(sourceRoot); const gitFileOidsJson = JSON.stringify(gitFileOids); const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); - await fs4.promises.writeFile(baseDatabaseOidsFilePath, gitFileOidsJson); + await fs3.promises.writeFile(baseDatabaseOidsFilePath, gitFileOidsJson); } async function readBaseDatabaseOidsFile(config, logger) { const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); try { - const contents = await fs4.promises.readFile( + const contents = await fs3.promises.readFile( baseDatabaseOidsFilePath, "utf-8" ); @@ -106964,7 +106893,7 @@ async function writeOverlayChangesFile(config, sourceRoot, logger) { logger.debug( `Writing overlay changed files to ${overlayChangesFile}: ${changedFilesJson}` ); - await fs4.promises.writeFile(overlayChangesFile, changedFilesJson); + await fs3.promises.writeFile(overlayChangesFile, changedFilesJson); return overlayChangesFile; } function computeChangedFiles(baseFileOids, overlayFileOids) { @@ -107466,12 +107395,12 @@ var GitHubFeatureFlags = class { } async readLocalFlags() { try { - if (fs5.existsSync(this.featureFlagsFile)) { + if (fs4.existsSync(this.featureFlagsFile)) { this.logger.debug( `Loading feature flags from ${this.featureFlagsFile}` ); return JSON.parse( - fs5.readFileSync(this.featureFlagsFile, "utf8") + fs4.readFileSync(this.featureFlagsFile, "utf8") ); } } catch (e) { @@ -107484,7 +107413,7 @@ var GitHubFeatureFlags = class { async writeLocalFlags(flags) { try { this.logger.debug(`Writing feature flags to ${this.featureFlagsFile}`); - fs5.writeFileSync(this.featureFlagsFile, JSON.stringify(flags)); + fs4.writeFileSync(this.featureFlagsFile, JSON.stringify(flags)); } catch (e) { this.logger.warning( `Error writing cached feature flags file ${this.featureFlagsFile}: ${e}.` @@ -107554,6 +107483,73 @@ function initFeatures(gitHubVersion, repositoryNwo, tempDir, logger) { } } +// src/sarif/index.ts +var fs5 = __toESM(require("fs")); +var InvalidSarifUploadError = class extends Error { +}; +function getToolNames(sarifFile) { + const toolNames = {}; + for (const run2 of sarifFile.runs || []) { + const tool = run2.tool || {}; + const driver = tool.driver || {}; + if (typeof driver.name === "string" && driver.name.length > 0) { + toolNames[driver.name] = true; + } + } + return Object.keys(toolNames); +} +function readSarifFile(sarifFilePath) { + return JSON.parse(fs5.readFileSync(sarifFilePath, "utf8")); +} +function combineSarifFiles(sarifFiles, logger) { + logger.info(`Loading SARIF file(s)`); + const combinedSarif = { + version: "2.1.0", + runs: [] + }; + for (const sarifFile of sarifFiles) { + logger.debug(`Loading SARIF file: ${sarifFile}`); + const sarifObject = readSarifFile(sarifFile); + if (combinedSarif.version === null) { + combinedSarif.version = sarifObject.version; + } else if (combinedSarif.version !== sarifObject.version) { + throw new InvalidSarifUploadError( + `Different SARIF versions encountered: ${combinedSarif.version} and ${sarifObject.version}` + ); + } + combinedSarif.runs.push(...sarifObject.runs); + } + return combinedSarif; +} +function areAllRunsProducedByCodeQL(sarifLogs) { + return sarifLogs.every((sarifLog) => { + return sarifLog.runs?.every((run2) => run2.tool?.driver?.name === "CodeQL"); + }); +} +function createRunKey(run2) { + return { + name: run2.tool?.driver?.name, + fullName: run2.tool?.driver?.fullName, + version: run2.tool?.driver?.version, + semanticVersion: run2.tool?.driver?.semanticVersion, + guid: run2.tool?.driver?.guid, + automationId: run2.automationDetails?.id + }; +} +function areAllRunsUnique(sarifLogs) { + const keys = /* @__PURE__ */ new Set(); + for (const sarifLog of sarifLogs) { + for (const run2 of sarifLog.runs) { + const key = JSON.stringify(createRunKey(run2)); + if (keys.has(key)) { + return false; + } + keys.add(key); + } + } + return true; +} + // src/status-report.ts var os = __toESM(require("os")); var core9 = __toESM(require_core()); @@ -111173,7 +111169,7 @@ function countResultsInSarif(sarifLog) { } return numResults; } -function readSarifFile2(sarifFilePath) { +function readSarifFileOrThrow(sarifFilePath) { try { return readSarifFile(sarifFilePath); } catch (e) { @@ -111259,7 +111255,7 @@ async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths, category = analysis.fixCategory(logger, category); if (sarifPaths.length > 1) { for (const sarifPath of sarifPaths) { - const parsedSarif = readSarifFile2(sarifPath); + const parsedSarif = readSarifFileOrThrow(sarifPath); validateSarifFileSchema(parsedSarif, sarifPath, logger); } sarifLog = await combineSarifFilesUsingCLI( @@ -111270,7 +111266,7 @@ async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths, ); } else { const sarifPath = sarifPaths[0]; - sarifLog = readSarifFile2(sarifPath); + sarifLog = readSarifFileOrThrow(sarifPath); validateSarifFileSchema(sarifLog, sarifPath, logger); await throwIfCombineSarifFilesDisabled([sarifLog], gitHubVersion); } diff --git a/src/sarif/index.ts b/src/sarif/index.ts index 628c77226..645ca62fe 100644 --- a/src/sarif/index.ts +++ b/src/sarif/index.ts @@ -71,13 +71,11 @@ export function combineSarifFiles( /** * Checks whether all the runs in the given SARIF files were produced by CodeQL. - * @param sarifObjects The list of SARIF objects to check. + * @param sarifLogs The list of SARIF objects to check. */ -export function areAllRunsProducedByCodeQL(sarifObjects: sarif.Log[]): boolean { - return sarifObjects.every((sarifObject) => { - return sarifObject.runs?.every( - (run) => run.tool?.driver?.name === "CodeQL", - ); +export function areAllRunsProducedByCodeQL(sarifLogs: sarif.Log[]): boolean { + return sarifLogs.every((sarifLog: sarif.Log) => { + return sarifLog.runs?.every((run) => run.tool?.driver?.name === "CodeQL"); }); } @@ -95,13 +93,13 @@ function createRunKey(run: sarif.Run): RunKey { /** * Checks whether all runs in the given SARIF files are unique (based on the * criteria used by Code Scanning to determine analysis categories). - * @param sarifObjects The list of SARIF objects to check. + * @param sarifLogs The list of SARIF objects to check. */ -export function areAllRunsUnique(sarifObjects: sarif.Log[]): boolean { +export function areAllRunsUnique(sarifLogs: sarif.Log[]): boolean { const keys = new Set(); - for (const sarifObject of sarifObjects) { - for (const run of sarifObject.runs) { + for (const sarifLog of sarifLogs) { + for (const run of sarifLog.runs) { const key = JSON.stringify(createRunKey(run)); // If the key already exists, the runs are not unique. diff --git a/src/upload-lib.test.ts b/src/upload-lib.test.ts index 9926fed5b..973ee8190 100644 --- a/src/upload-lib.test.ts +++ b/src/upload-lib.test.ts @@ -26,7 +26,7 @@ test("validateSarifFileSchema - valid", (t) => { const inputFile = `${__dirname}/../src/testdata/valid-sarif.sarif`; t.notThrows(() => uploadLib.validateSarifFileSchema( - uploadLib.readSarifFile(inputFile), + uploadLib.readSarifFileOrThrow(inputFile), inputFile, getRunnerLogger(true), ), @@ -37,7 +37,7 @@ test("validateSarifFileSchema - invalid", (t) => { const inputFile = `${__dirname}/../src/testdata/invalid-sarif.sarif`; t.throws(() => uploadLib.validateSarifFileSchema( - uploadLib.readSarifFile(inputFile), + uploadLib.readSarifFileOrThrow(inputFile), inputFile, getRunnerLogger(true), ), @@ -608,7 +608,7 @@ test("accept results with invalid artifactLocation.uri value", (t) => { const sarifFile = `${__dirname}/../src/testdata/with-invalid-uri.sarif`; uploadLib.validateSarifFileSchema( - uploadLib.readSarifFile(sarifFile), + uploadLib.readSarifFileOrThrow(sarifFile), sarifFile, mockLogger, ); diff --git a/src/upload-lib.ts b/src/upload-lib.ts index dcda04361..b15278be5 100644 --- a/src/upload-lib.ts +++ b/src/upload-lib.ts @@ -115,7 +115,7 @@ async function combineSarifFilesUsingCLI( ): Promise { logger.info("Combining SARIF files using the CodeQL CLI"); - const sarifObjects = sarifFiles.map(util.readSarifFile); + const sarifObjects = sarifFiles.map(sarif.readSarifFile); const deprecationWarningMessage = gitHubVersion.type === GitHubVariant.GHES @@ -197,7 +197,7 @@ async function combineSarifFilesUsingCLI( mergeRunsFromEqualCategory: true, }); - return util.readSarifFile(outputFile); + return sarif.readSarifFile(outputFile); } // Populates the run.automationDetails.id field using the analysis_key and environment @@ -447,7 +447,11 @@ function countResultsInSarif(sarifLog: string): number { return numResults; } -export function readSarifFile(sarifFilePath: string): sarif.Log { +/** A thin wrapper around `readSarifFile` which wraps exceptions in `InvalidSarifUploadError`. + * + * @throws InvalidSarifUploadError If parsing the SARIF file as JSON failed. + */ +export function readSarifFileOrThrow(sarifFilePath: string): sarif.Log { try { return sarif.readSarifFile(sarifFilePath); } catch (e) { @@ -617,7 +621,7 @@ export async function postProcessSarifFiles( if (sarifPaths.length > 1) { // Validate that the files we were asked to upload are all valid SARIF files for (const sarifPath of sarifPaths) { - const parsedSarif = readSarifFile(sarifPath); + const parsedSarif = readSarifFileOrThrow(sarifPath); validateSarifFileSchema(parsedSarif, sarifPath, logger); } @@ -629,7 +633,7 @@ export async function postProcessSarifFiles( ); } else { const sarifPath = sarifPaths[0]; - sarifLog = readSarifFile(sarifPath); + sarifLog = readSarifFileOrThrow(sarifPath); validateSarifFileSchema(sarifLog, sarifPath, logger); // Validate that there are no runs for the same category @@ -755,7 +759,7 @@ export async function uploadPostProcessedFiles( logger.startGroup(`Uploading ${uploadTarget.name} results`); const sarifLog = postProcessingResults.sarif; - const toolNames = util.getToolNames(sarifLog); + const toolNames = sarif.getToolNames(sarifLog); logger.debug(`Validating that each SARIF run has a unique category`); validateUniqueCategory(sarifLog, uploadTarget.sentinelPrefix); diff --git a/src/upload-sarif-action.ts b/src/upload-sarif-action.ts index b09821924..896c14458 100644 --- a/src/upload-sarif-action.ts +++ b/src/upload-sarif-action.ts @@ -7,6 +7,7 @@ import { getGitHubVersion } from "./api-client"; import { initFeatures } from "./feature-flags"; import { Logger, getActionsLogger } from "./logging"; import { getRepositoryNwo } from "./repository"; +import { InvalidSarifUploadError } from "./sarif"; import { createStatusReportBase, sendStatusReport, @@ -20,7 +21,6 @@ import * as upload_lib from "./upload-lib"; import { postProcessAndUploadSarif } from "./upload-sarif"; import { ConfigurationError, - InvalidSarifUploadError, checkActionVersion, checkDiskUsage, getErrorMessage, diff --git a/src/util.ts b/src/util.ts index 60def1d82..6db56e722 100644 --- a/src/util.ts +++ b/src/util.ts @@ -17,8 +17,6 @@ import { EnvVar } from "./environment"; import { Language } from "./languages"; import { Logger } from "./logging"; -export * from "./sarif"; - /** * The name of the file containing the base database OIDs, as stored in the * root of the database location.