github/codeql-action
0
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-05-07 14:20:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

First stab at only generating security alerts in main SARIF

Browse Source
This commit is contained in:
Michael B. Gale
2025-06-23 18:35:06 +01:00
parent 86f47e8b74
commit 45b87be46b
3 changed files with 37 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lib/analyze.js
Generated
+14 -1
View File
@@ -408,6 +408,19 @@ function resolveQuerySuiteAlias(language, query) {
}
return query;
}
function defaultQueries(language) {
return `codeql/${language}-queries`;
}
function securityQueries(config, language) {
const results = [];
if (!config.originalUserInput["disable-default-queries"]) {
results.push(defaultQueries(language));
}
if (config.originalUserInput["queries"]) {
results.push(...config.originalUserInput["queries"].map((q) => q.uses));
}
return results;
}
// Runs queries and creates sarif files in the given folder
async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag, cleanupLevel, diffRangePackDir, automationDetailsId, config, logger, features) {
const statusReport = {};
@@ -442,7 +455,7 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
new Date().getTime() - startTimeRunQueries;
logger.startGroup(`Interpreting results for ${language}`);
const startTimeInterpretResults = new Date();
const analysisSummary = await runInterpretResults(language, undefined, sarifFile, config.debugMode);
const analysisSummary = await runInterpretResults(language, securityQueries(config, language), sarifFile, config.debugMode);
if (config.augmentationProperties.qualityQueriesInput !== undefined) {
logger.info(`Interpreting quality results for ${language}`);
const qualitySarifFile = path.join(sarifFolder, `${language}.quality.sarif`);
lib/analyze.js.map
+1 -1
View File
File diff suppressed because one or more lines are too long
src/analyze.ts
+22 -1
View File
@@ -589,6 +589,27 @@ export function resolveQuerySuiteAlias(
return query;
}
function defaultQueries(language: Language): string {
return `codeql/${language}-queries`;
}
function securityQueries(
config: configUtils.Config,
language: Language,
): string[] {
const results: string[] = [];
if (!config.originalUserInput["disable-default-queries"]) {
results.push(defaultQueries(language));
}
if (config.originalUserInput["queries"]) {
results.push(...config.originalUserInput["queries"].map((q) => q.uses));
}
return results;
}
// Runs queries and creates sarif files in the given folder
export async function runQueries(
sarifFolder: string,
@@ -642,7 +663,7 @@ export async function runQueries(
const startTimeInterpretResults = new Date();
const analysisSummary = await runInterpretResults(
language,
undefined,
securityQueries(config, language),
sarifFile,
config.debugMode,
);