Merge remote-tracking branch 'origin/releases/v3' into backport-v2.24.9-1b1aada46

2026-05-08 23:00:26 +00:00 · 2024-03-22 10:37:20 +00:00
parent 72d46cb780 1b1aada464
commit 763babe7ac
448 changed files with 3855 additions and 1977 deletions
@@ -98,7 +98,24 @@ async function runExtraction(codeql, config, logger, features) {
                    config.buildMode === config_utils_1.BuildMode.Autobuild) {
                    await (0, autobuild_1.setupCppAutobuild)(codeql, logger);
                }
-                await codeql.extractUsingBuildMode(config, language);
+                try {
+                    await codeql.extractUsingBuildMode(config, language);
+                }
+                catch (e) {
+                    if (config.buildMode === config_utils_1.BuildMode.Autobuild) {
+                        const prefix = "We were unable to automatically build your code. " +
+                            "Please change the build mode for this language to manual and specify build steps " +
+                            "for your project. For more information, see " +
+                            "https://docs.github.com/en/code-security/code-scanning/troubleshooting-code-scanning/automatic-build-failed.";
+                        const ErrorConstructor = e instanceof util.ConfigurationError
+                            ? util.ConfigurationError
+                            : Error;
+                        throw new ErrorConstructor(`${prefix} ${util.wrapError(e).message}`);
+                    }
+                    else {
+                        throw e;
+                    }
+                }
            }
            else {
                await codeql.extractScannedLanguage(config, language);
@@ -297,24 +297,16 @@ async function getCodeQLForCmd(cmd, checkVersion) {
            else if (await util.codeQlVersionAbove(this, exports.CODEQL_VERSION_SUBLANGUAGE_FILE_COVERAGE)) {
                extraArgs.push("--no-sublanguage-file-coverage");
            }
-            try {
-                await runTool(cmd, [
-                    "database",
-                    "init",
-                    "--db-cluster",
-                    config.dbLocation,
-                    `--source-root=${sourceRoot}`,
-                    ...(await getLanguageAliasingArguments(this)),
-                    ...extraArgs,
-                    ...getExtraOptionsFromEnv(["database", "init"]),
-                ], { stdin: externalRepositoryToken });
-            }
-            catch (e) {
-                if (e instanceof Error) {
-                    throw (0, cli_errors_1.wrapCliConfigurationError)(e);
-                }
-                throw e;
-            }
+            await runTool(cmd, [
+                "database",
+                "init",
+                "--db-cluster",
+                config.dbLocation,
+                `--source-root=${sourceRoot}`,
+                ...(await getLanguageAliasingArguments(this)),
+                ...extraArgs,
+                ...getExtraOptionsFromEnv(["database", "init"]),
+            ], { stdin: externalRepositoryToken });
        },
        async runAutobuild(language, enableDebugLogging) {
            const autobuildCmd = path.join(await this.resolveExtractor(language), "tools", process.platform === "win32" ? "autobuild.cmd" : "autobuild.sh");
@@ -347,15 +339,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
            // When `DYLD_INSERT_LIBRARIES` is set in the environment for a step,
            // the Actions runtime introduces its own workaround for SIP
            // (https://github.com/actions/runner/pull/416).
-            try {
-                await runTool(autobuildCmd);
-            }
-            catch (e) {
-                if (e instanceof Error) {
-                    throw (0, cli_errors_1.wrapCliConfigurationError)(e);
-                }
-                throw e;
-            }
+            await runTool(autobuildCmd);
        },
        async extractScannedLanguage(config, language) {
            await runTool(cmd, [
@@ -390,15 +374,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                ...getExtraOptionsFromEnv(["database", "finalize"]),
                databasePath,
            ];
-            try {
-                await runTool(cmd, args);
-            }
-            catch (e) {
-                if (e instanceof Error) {
-                    throw (0, cli_errors_1.wrapCliConfigurationError)(e);
-                }
-                throw e;
-            }
+            await runTool(cmd, args);
        },
        async resolveLanguages() {
            const codeqlArgs = [
@@ -776,14 +752,14 @@ exports.getExtraOptions = getExtraOptions;
 */
 const maxErrorSize = 20_000;
 async function runTool(cmd, args = [], opts = {}) {
-    let output = "";
-    let error = "";
+    let stdout = "";
+    let stderr = "";
    process.stdout.write(`[command]${cmd} ${args.join(" ")}\n`);
    const exitCode = await new toolrunner.ToolRunner(cmd, args, {
        ignoreReturnCode: true,
        listeners: {
            stdout: (data) => {
-                output += data.toString("utf8");
+                stdout += data.toString("utf8");
                if (!opts.noStreamStdout) {
                    process.stdout.write(data);
                }
@@ -795,7 +771,7 @@ async function runTool(cmd, args = [], opts = {}) {
                    // Eg: if we have 20,000 the start index should be 2.
                    readStartIndex = data.length - maxErrorSize + 1;
                }
-                error += data.toString("utf8", readStartIndex);
+                stderr += data.toString("utf8", readStartIndex);
                // Mimic the standard behavior of the toolrunner by writing stderr to stdout
                process.stdout.write(data);
            },
@@ -804,9 +780,10 @@ async function runTool(cmd, args = [], opts = {}) {
        ...(opts.stdin ? { input: Buffer.from(opts.stdin || "") } : {}),
    }).exec();
    if (exitCode !== 0) {
-        throw new cli_errors_1.CommandInvocationError(cmd, args, exitCode, error, output);
+        const e = new cli_errors_1.CommandInvocationError(cmd, args, exitCode, stderr, stdout);
+        throw (0, cli_errors_1.wrapCliConfigurationError)(e);
    }
-    return output;
+    return stdout;
 }
 /**
 * Generates a code scanning configuration that is to be used for a scan.
@@ -1,6 +1,6 @@
 {
-    "bundleVersion": "codeql-bundle-v2.16.4",
-    "cliVersion": "2.16.4",
-    "priorBundleVersion": "codeql-bundle-v2.16.3",
-    "priorCliVersion": "2.16.3"
+    "bundleVersion": "codeql-bundle-v2.16.5",
+    "cliVersion": "2.16.5",
+    "priorBundleVersion": "codeql-bundle-v2.16.4",
+    "priorCliVersion": "2.16.4"
 }
@@ -383,8 +383,9 @@ function shouldConsiderConfigurationError(processingErrors) {
 * Returns whether the provided processing errors are the result of an invalid SARIF upload request.
 */
 function shouldConsiderInvalidRequest(processingErrors) {
-    return (processingErrors.length === 1 &&
-        processingErrors[0].startsWith("rejecting SARIF,"));
+    return processingErrors.every((error) => error.startsWith("rejecting SARIF") ||
+        error.startsWith("could not convert rules: invalid security severity value, is not a number") ||
+        /^SARIF URI scheme [^\s]* did not match the checkout URI scheme [^\s]*/.test(error));
 }
 /**
 * Checks the processing result for an unsuccessful execution. Throws if the