github/codeql-action
0
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-05-07 22:30:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3090 from github/update-v3.30.2-d7a501da0

Browse Source 
Merge main into releases/v3
This commit is contained in:
Michael B. Gale
2025-09-09 11:33:45 +01:00
committed by GitHub
parent f1f6e5f6af 14bbb6a806
commit 7a5b0d8d52
36 changed files with 1440 additions and 830 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/__quality-queries.yml
Generated
+51 -3
View File
@@ -32,16 +32,58 @@ jobs:
include:
- os: ubuntu-latest
version: linked
analysis-kinds: code-scanning
- os: ubuntu-latest
version: linked
analysis-kinds: code-quality
- os: ubuntu-latest
version: linked
analysis-kinds: code-scanning,code-quality
- os: macos-latest
version: linked
analysis-kinds: code-scanning
- os: macos-latest
version: linked
analysis-kinds: code-quality
- os: macos-latest
version: linked
analysis-kinds: code-scanning,code-quality
- os: windows-latest
version: linked
analysis-kinds: code-scanning
- os: windows-latest
version: linked
analysis-kinds: code-quality
- os: windows-latest
version: linked
analysis-kinds: code-scanning,code-quality
- os: ubuntu-latest
version: nightly-latest
analysis-kinds: code-scanning
- os: ubuntu-latest
version: nightly-latest
analysis-kinds: code-quality
- os: ubuntu-latest
version: nightly-latest
analysis-kinds: code-scanning,code-quality
- os: macos-latest
version: nightly-latest
analysis-kinds: code-scanning
- os: macos-latest
version: nightly-latest
analysis-kinds: code-quality
- os: macos-latest
version: nightly-latest
analysis-kinds: code-scanning,code-quality
- os: windows-latest
version: nightly-latest
analysis-kinds: code-scanning
- os: windows-latest
version: nightly-latest
analysis-kinds: code-quality
- os: windows-latest
version: nightly-latest
analysis-kinds: code-scanning,code-quality
name: Quality queries input
permissions:
contents: read
@@ -61,25 +103,30 @@ jobs:
- uses: ./../action/init
with:
languages: javascript
quality-queries: code-quality
analysis-kinds: ${{ matrix.analysis-kinds }}
tools: ${{ steps.prepare-test.outputs.tools-url }}
- uses: ./../action/analyze
with:
output: ${{ runner.temp }}/results
upload-database: false
- name: Upload security SARIF
if: contains(matrix.analysis-kinds, 'code-scanning')
uses: actions/upload-artifact@v4
with:
name: quality-queries-${{ matrix.os }}-${{ matrix.version }}.sarif.json
name: |
quality-queries-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }}.sarif.json
path: ${{ runner.temp }}/results/javascript.sarif
retention-days: 7
- name: Upload quality SARIF
if: contains(matrix.analysis-kinds, 'code-quality')
uses: actions/upload-artifact@v4
with:
name: quality-queries-${{ matrix.os }}-${{ matrix.version }}.quality.sarif.json
name: |
quality-queries-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }}.quality.sarif.json
path: ${{ runner.temp }}/results/javascript.quality.sarif
retention-days: 7
- name: Check quality query does not appear in security SARIF
if: contains(matrix.analysis-kinds, 'code-scanning')
uses: actions/github-script@v7
env:
SARIF_PATH: ${{ runner.temp }}/results/javascript.sarif
@@ -87,6 +134,7 @@ jobs:
with:
script: ${{ env.CHECK_SCRIPT }}
- name: Check quality query appears in quality SARIF
if: contains(matrix.analysis-kinds, 'code-quality')
uses: actions/github-script@v7
env:
SARIF_PATH: ${{ runner.temp }}/results/javascript.quality.sarif
.github/workflows/__upload-quality-sarif.yml
Generated
+1 -1
View File
@@ -73,7 +73,7 @@ jobs:
languages: cpp,csharp,java,javascript,python
config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{
github.sha }}
quality-queries: code-quality
analysis-kinds: code-scanning,code-quality
- name: Build code
shell: bash
run: ./build.sh
.github/workflows/script/update-required-checks.sh
-1
View File
@@ -1,6 +1,5 @@
#!/usr/bin/env bash
# Update the required checks based on the current branch.
# Typically, this will be main.
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
REPO_DIR="$(dirname "$SCRIPT_DIR")"
CHANGELOG.md
+5
View File
@@ -2,6 +2,11 @@
See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs.
## 3.30.2 - 09 Sep 2025
- Fixed a bug which could cause language autodetection to fail. [#3084](https://github.com/github/codeql-action/pull/3084)
- Experimental: The `quality-queries` input that was added in `3.29.2` as part of an internal experiment is now deprecated and will be removed in an upcoming version of the CodeQL Action. It has been superseded by a new `analysis-kinds` input, which is part of the same internal experiment. Do not use this in production as it is subject to change at any time. [#3064](https://github.com/github/codeql-action/pull/3064)
## 3.30.1 - 05 Sep 2025
- Update default CodeQL bundle version to 2.23.0. [#3077](https://github.com/github/codeql-action/pull/3077)
CONTRIBUTING.md
+6 -5
View File
@@ -60,7 +60,7 @@ Here are a few things you can do that will increase the likelihood of your pull
You can start a release by triggering this workflow via [workflow dispatch](https://github.com/github/codeql-action/actions/workflows/update-release-branch.yml).
1. The workflow run will open a pull request titled "Merge main into releases/v3". Follow the steps on the checklist in the pull request. Once you've checked off all but the last two of these, approve the PR and automerge it.
1. When the "Merge main into releases/v3" pull request is merged into the `releases/v3` branch, a mergeback pull request to `main` will be automatically created. This mergeback pull request incorporates the changelog updates into `main`, tags the release using the merge commit of the "Merge main into releases/v3" pull request, and bumps the patch version of the CodeQL Action.
1. When the "Merge main into releases/v3" pull request is merged into the `releases/v3` branch, a mergeback pull request to `main` will be automatically created. This mergeback pull request incorporates the changelog updates into `main`, tags the release using the merge commit of the "Merge main into releases/v3" pull request, and bumps the patch version of the CodeQL Action.
1. If a backport to an older major version is required, a pull request targeting that version's branch will also be automatically created.
1. Approve the mergeback and backport pull request (if applicable) and automerge them.
@@ -68,11 +68,12 @@ Once the mergeback and backport pull request have been merged, the release is co
## Keeping the PR checks up to date (admin access required)
Since the `codeql-action` runs most of its testing through individual Actions workflows, there are over two hundred jobs that need to pass in order for a PR to turn green. You can regenerate the checks automatically by running the [update-required-checks.sh](.github/workflows/script/update-required-checks.sh) script:
Since the `codeql-action` runs most of its testing through individual Actions workflows, there are over two hundred required jobs that need to pass in order for a PR to turn green. It would be too tedious to maintain that list manually. You can regenerate the set of required checks automatically by running the [update-required-checks.sh](.github/workflows/script/update-required-checks.sh) script:
1. By default, this script retrieves the checks from the latest SHA on `main`, so make sure that your `main` branch is up to date.
2. Run the script. If there's a reason to, you can pass in a different SHA as a CLI argument.
3. After running, go to the [branch protection rules settings page](https://github.com/github/codeql-action/settings/branches) and validate that the rules for `main`, `v3`, and any other currently supported major versions have been updated.
- If you run the script without an argument, it will retrieve the set of workflows that ran for the latest commit on `main`. Make sure that your local `main` branch is up to date before running the script.
- You can specify a commit SHA as argument to retrieve the set of workflows for that commit instead. You will likely want to use this if you have a PR that removes or adds PR checks.
After running, go to the [branch protection rules settings page](https://github.com/github/codeql-action/settings/branches) and validate that the rules for `main`, `v3`, and any other currently supported major versions have been updated.
Note that any updates to checks on `main` need to be backported to all currently supported major version branches, in order to maintain the same set of names for required checks.
lib/analyze-action-post.js
Generated
+30 -30
View File
@@ -20288,7 +20288,7 @@ var require_dist_node2 = __commonJS({
return value;
}
}
function isDefined(value) {
function isDefined2(value) {
return value !== void 0 && value !== null;
}
function isKeyOperator(operator) {
@@ -20296,7 +20296,7 @@ var require_dist_node2 = __commonJS({
}
function getValues(context2, operator, key, modifier) {
var value = context2[key], result = [];
if (isDefined(value) && value !== "") {
if (isDefined2(value) && value !== "") {
if (typeof value === "string" || typeof value === "number" || typeof value === "boolean") {
value = value.toString();
if (modifier && modifier !== "*") {
@@ -20308,14 +20308,14 @@ var require_dist_node2 = __commonJS({
} else {
if (modifier === "*") {
if (Array.isArray(value)) {
value.filter(isDefined).forEach(function(value2) {
value.filter(isDefined2).forEach(function(value2) {
result.push(
encodeValue(operator, value2, isKeyOperator(operator) ? key : "")
);
});
} else {
Object.keys(value).forEach(function(k) {
if (isDefined(value[k])) {
if (isDefined2(value[k])) {
result.push(encodeValue(operator, value[k], k));
}
});
@@ -20323,12 +20323,12 @@ var require_dist_node2 = __commonJS({
} else {
const tmp = [];
if (Array.isArray(value)) {
value.filter(isDefined).forEach(function(value2) {
value.filter(isDefined2).forEach(function(value2) {
tmp.push(encodeValue(operator, value2));
});
} else {
Object.keys(value).forEach(function(k) {
if (isDefined(value[k])) {
if (isDefined2(value[k])) {
tmp.push(encodeUnreserved(k));
tmp.push(encodeValue(operator, value[k].toString()));
}
@@ -20343,7 +20343,7 @@ var require_dist_node2 = __commonJS({
}
} else {
if (operator === ";") {
if (isDefined(value)) {
if (isDefined2(value)) {
result.push(encodeUnreserved(key));
}
} else if (value === "" && (operator === "&" || operator === "?")) {
@@ -21028,7 +21028,7 @@ var require_dist_node6 = __commonJS({
return value;
}
}
function isDefined(value) {
function isDefined2(value) {
return value !== void 0 && value !== null;
}
function isKeyOperator(operator) {
@@ -21036,7 +21036,7 @@ var require_dist_node6 = __commonJS({
}
function getValues(context2, operator, key, modifier) {
var value = context2[key], result = [];
if (isDefined(value) && value !== "") {
if (isDefined2(value) && value !== "") {
if (typeof value === "string" || typeof value === "number" || typeof value === "boolean") {
value = value.toString();
if (modifier && modifier !== "*") {
@@ -21048,14 +21048,14 @@ var require_dist_node6 = __commonJS({
} else {
if (modifier === "*") {
if (Array.isArray(value)) {
value.filter(isDefined).forEach(function(value2) {
value.filter(isDefined2).forEach(function(value2) {
result.push(
encodeValue(operator, value2, isKeyOperator(operator) ? key : "")
);
});
} else {
Object.keys(value).forEach(function(k) {
if (isDefined(value[k])) {
if (isDefined2(value[k])) {
result.push(encodeValue(operator, value[k], k));
}
});
@@ -21063,12 +21063,12 @@ var require_dist_node6 = __commonJS({
} else {
const tmp = [];
if (Array.isArray(value)) {
value.filter(isDefined).forEach(function(value2) {
value.filter(isDefined2).forEach(function(value2) {
tmp.push(encodeValue(operator, value2));
});
} else {
Object.keys(value).forEach(function(k) {
if (isDefined(value[k])) {
if (isDefined2(value[k])) {
tmp.push(encodeUnreserved(k));
tmp.push(encodeValue(operator, value[k].toString()));
}
@@ -21083,7 +21083,7 @@ var require_dist_node6 = __commonJS({
}
} else {
if (operator === ";") {
if (isDefined(value)) {
if (isDefined2(value)) {
result.push(encodeUnreserved(key));
}
} else if (value === "" && (operator === "&" || operator === "?")) {
@@ -26438,7 +26438,7 @@ var require_package = __commonJS({
"package.json"(exports2, module2) {
module2.exports = {
name: "codeql",
version: "3.30.1",
version: "3.30.2",
private: true,
description: "CodeQL action",
scripts: {
@@ -26486,13 +26486,13 @@ var require_package = __commonJS({
"node-forge": "^1.3.1",
octokit: "^5.0.3",
semver: "^7.7.2",
uuid: "^11.1.0"
uuid: "^12.0.0"
},
devDependencies: {
"@ava/typescript": "6.0.0",
"@eslint/compat": "^1.3.2",
"@eslint/eslintrc": "^3.3.1",
"@eslint/js": "^9.34.0",
"@eslint/js": "^9.35.0",
"@microsoft/eslint-formatter-sarif": "^3.1.0",
"@octokit/types": "^14.1.0",
"@types/archiver": "^6.0.3",
@@ -26501,9 +26501,9 @@ var require_package = __commonJS({
"@types/js-yaml": "^4.0.9",
"@types/node": "20.19.9",
"@types/node-forge": "^1.3.14",
"@types/semver": "^7.7.0",
"@types/semver": "^7.7.1",
"@types/sinon": "^17.0.4",
"@typescript-eslint/eslint-plugin": "^8.41.0",
"@typescript-eslint/eslint-plugin": "^8.43.0",
"@typescript-eslint/parser": "^8.41.0",
ava: "^6.4.1",
esbuild: "^0.25.9",
@@ -31821,14 +31821,14 @@ var require_typeGuards = __commonJS({
"node_modules/@azure/core-util/dist/commonjs/typeGuards.js"(exports2) {
"use strict";
Object.defineProperty(exports2, "__esModule", { value: true });
exports2.isDefined = isDefined;
exports2.isDefined = isDefined2;
exports2.isObjectWithProperties = isObjectWithProperties;
exports2.objectHasProperty = objectHasProperty;
function isDefined(thing) {
function isDefined2(thing) {
return typeof thing !== "undefined" && thing !== null;
}
function isObjectWithProperties(thing, properties) {
if (!isDefined(thing) || typeof thing !== "object") {
if (!isDefined2(thing) || typeof thing !== "object") {
return false;
}
for (const property of properties) {
@@ -31839,7 +31839,7 @@ var require_typeGuards = __commonJS({
return true;
}
function objectHasProperty(thing, property) {
return isDefined(thing) && typeof thing === "object" && property in thing;
return isDefined2(thing) && typeof thing === "object" && property in thing;
}
}
});
@@ -102910,7 +102910,7 @@ var require_dist_node16 = __commonJS({
return value;
}
}
function isDefined(value) {
function isDefined2(value) {
return value !== void 0 && value !== null;
}
function isKeyOperator(operator) {
@@ -102918,7 +102918,7 @@ var require_dist_node16 = __commonJS({
}
function getValues(context2, operator, key, modifier) {
var value = context2[key], result = [];
if (isDefined(value) && value !== "") {
if (isDefined2(value) && value !== "") {
if (typeof value === "string" || typeof value === "number" || typeof value === "boolean") {
value = value.toString();
if (modifier && modifier !== "*") {
@@ -102928,12 +102928,12 @@ var require_dist_node16 = __commonJS({
} else {
if (modifier === "*") {
if (Array.isArray(value)) {
value.filter(isDefined).forEach(function(value2) {
value.filter(isDefined2).forEach(function(value2) {
result.push(encodeValue(operator, value2, isKeyOperator(operator) ? key : ""));
});
} else {
Object.keys(value).forEach(function(k) {
if (isDefined(value[k])) {
if (isDefined2(value[k])) {
result.push(encodeValue(operator, value[k], k));
}
});
@@ -102941,12 +102941,12 @@ var require_dist_node16 = __commonJS({
} else {
const tmp = [];
if (Array.isArray(value)) {
value.filter(isDefined).forEach(function(value2) {
value.filter(isDefined2).forEach(function(value2) {
tmp.push(encodeValue(operator, value2));
});
} else {
Object.keys(value).forEach(function(k) {
if (isDefined(value[k])) {
if (isDefined2(value[k])) {
tmp.push(encodeUnreserved(k));
tmp.push(encodeValue(operator, value[k].toString()));
}
@@ -102961,7 +102961,7 @@ var require_dist_node16 = __commonJS({
}
} else {
if (operator === ";") {
if (isDefined(value)) {
if (isDefined2(value)) {
result.push(encodeUnreserved(key));
}
} else if (value === "" && (operator === "&" || operator === "?")) {
lib/analyze-action.js
Generated
+180 -126
View File
@@ -184,7 +184,7 @@ var require_file_command = __commonJS({
};
Object.defineProperty(exports2, "__esModule", { value: true });
exports2.prepareKeyValueMessage = exports2.issueFileCommand = void 0;
var crypto = __importStar4(require("crypto"));
var crypto2 = __importStar4(require("crypto"));
var fs20 = __importStar4(require("fs"));
var os5 = __importStar4(require("os"));
var utils_1 = require_utils();
@@ -202,7 +202,7 @@ var require_file_command = __commonJS({
}
exports2.issueFileCommand = issueFileCommand;
function prepareKeyValueMessage(key, value) {
const delimiter = `ghadelimiter_${crypto.randomUUID()}`;
const delimiter = `ghadelimiter_${crypto2.randomUUID()}`;
const convertedValue = (0, utils_1.toCommandValue)(value);
if (key.includes(delimiter)) {
throw new Error(`Unexpected input: name should not contain the delimiter "${delimiter}"`);
@@ -3637,11 +3637,11 @@ var require_util2 = __commonJS({
var assert = require("assert");
var { isUint8Array } = require("util/types");
var supportedHashes = [];
var crypto;
var crypto2;
try {
crypto = require("crypto");
crypto2 = require("crypto");
const possibleRelevantHashes = ["sha256", "sha384", "sha512"];
supportedHashes = crypto.getHashes().filter((hash2) => possibleRelevantHashes.includes(hash2));
supportedHashes = crypto2.getHashes().filter((hash2) => possibleRelevantHashes.includes(hash2));
} catch {
}
function responseURL(response) {
@@ -3918,7 +3918,7 @@ var require_util2 = __commonJS({
}
}
function bytesMatch(bytes, metadataList) {
if (crypto === void 0) {
if (crypto2 === void 0) {
return true;
}
const parsedMetadata = parseMetadata(metadataList);
@@ -3933,7 +3933,7 @@ var require_util2 = __commonJS({
for (const item of metadata) {
const algorithm = item.algo;
const expectedValue = item.hash;
let actualValue = crypto.createHash(algorithm).update(bytes).digest("base64");
let actualValue = crypto2.createHash(algorithm).update(bytes).digest("base64");
if (actualValue[actualValue.length - 1] === "=") {
if (actualValue[actualValue.length - 2] === "=") {
actualValue = actualValue.slice(0, -2);
@@ -5279,8 +5279,8 @@ var require_body = __commonJS({
var { parseMIMEType, serializeAMimeType } = require_dataURL();
var random;
try {
const crypto = require("node:crypto");
random = (max) => crypto.randomInt(0, max);
const crypto2 = require("node:crypto");
random = (max) => crypto2.randomInt(0, max);
} catch {
random = (max) => Math.floor(Math.random(max));
}
@@ -16330,9 +16330,9 @@ var require_connection = __commonJS({
channels.open = diagnosticsChannel.channel("undici:websocket:open");
channels.close = diagnosticsChannel.channel("undici:websocket:close");
channels.socketError = diagnosticsChannel.channel("undici:websocket:socket_error");
var crypto;
var crypto2;
try {
crypto = require("crypto");
crypto2 = require("crypto");
} catch {
}
function establishWebSocketConnection(url2, protocols, ws, onEstablish, options) {
@@ -16351,7 +16351,7 @@ var require_connection = __commonJS({
const headersList = new Headers(options.headers)[kHeadersList];
request.headersList = headersList;
}
const keyValue = crypto.randomBytes(16).toString("base64");
const keyValue = crypto2.randomBytes(16).toString("base64");
request.headersList.append("sec-websocket-key", keyValue);
request.headersList.append("sec-websocket-version", "13");
for (const protocol of protocols) {
@@ -16380,7 +16380,7 @@ var require_connection = __commonJS({
return;
}
const secWSAccept = response.headersList.get("Sec-WebSocket-Accept");
const digest = crypto.createHash("sha1").update(keyValue + uid).digest("base64");
const digest = crypto2.createHash("sha1").update(keyValue + uid).digest("base64");
if (secWSAccept !== digest) {
failWebsocketConnection(ws, "Incorrect hash received in Sec-WebSocket-Accept header.");
return;
@@ -16460,9 +16460,9 @@ var require_frame = __commonJS({
"node_modules/undici/lib/websocket/frame.js"(exports2, module2) {
"use strict";
var { maxUnsigned16Bit } = require_constants5();
var crypto;
var crypto2;
try {
crypto = require("crypto");
crypto2 = require("crypto");
} catch {
}
var WebsocketFrameSend = class {
@@ -16471,7 +16471,7 @@ var require_frame = __commonJS({
*/
constructor(data) {
this.frameData = data;
this.maskKey = crypto.randomBytes(4);
this.maskKey = crypto2.randomBytes(4);
}
createFrame(opcode) {
const bodyLength = this.frameData?.byteLength ?? 0;
@@ -20288,7 +20288,7 @@ var require_dist_node2 = __commonJS({
return value;
}
}
function isDefined(value) {
function isDefined2(value) {
return value !== void 0 && value !== null;
}
function isKeyOperator(operator) {
@@ -20296,7 +20296,7 @@ var require_dist_node2 = __commonJS({
}
function getValues(context2, operator, key, modifier) {
var value = context2[key], result = [];
if (isDefined(value) && value !== "") {
if (isDefined2(value) && value !== "") {
if (typeof value === "string" || typeof value === "number" || typeof value === "boolean") {
value = value.toString();
if (modifier && modifier !== "*") {
@@ -20308,14 +20308,14 @@ var require_dist_node2 = __commonJS({
} else {
if (modifier === "*") {
if (Array.isArray(value)) {
value.filter(isDefined).forEach(function(value2) {
value.filter(isDefined2).forEach(function(value2) {
result.push(
encodeValue(operator, value2, isKeyOperator(operator) ? key : "")
);
});
} else {
Object.keys(value).forEach(function(k) {
if (isDefined(value[k])) {
if (isDefined2(value[k])) {
result.push(encodeValue(operator, value[k], k));
}
});
@@ -20323,12 +20323,12 @@ var require_dist_node2 = __commonJS({
} else {
const tmp = [];
if (Array.isArray(value)) {
value.filter(isDefined).forEach(function(value2) {
value.filter(isDefined2).forEach(function(value2) {
tmp.push(encodeValue(operator, value2));
});
} else {
Object.keys(value).forEach(function(k) {
if (isDefined(value[k])) {
if (isDefined2(value[k])) {
tmp.push(encodeUnreserved(k));
tmp.push(encodeValue(operator, value[k].toString()));
}
@@ -20343,7 +20343,7 @@ var require_dist_node2 = __commonJS({
}
} else {
if (operator === ";") {
if (isDefined(value)) {
if (isDefined2(value)) {
result.push(encodeUnreserved(key));
}
} else if (value === "" && (operator === "&" || operator === "?")) {
@@ -21028,7 +21028,7 @@ var require_dist_node6 = __commonJS({
return value;
}
}
function isDefined(value) {
function isDefined2(value) {
return value !== void 0 && value !== null;
}
function isKeyOperator(operator) {
@@ -21036,7 +21036,7 @@ var require_dist_node6 = __commonJS({
}
function getValues(context2, operator, key, modifier) {
var value = context2[key], result = [];
if (isDefined(value) && value !== "") {
if (isDefined2(value) && value !== "") {
if (typeof value === "string" || typeof value === "number" || typeof value === "boolean") {
value = value.toString();
if (modifier && modifier !== "*") {
@@ -21048,14 +21048,14 @@ var require_dist_node6 = __commonJS({
} else {
if (modifier === "*") {
if (Array.isArray(value)) {
value.filter(isDefined).forEach(function(value2) {
value.filter(isDefined2).forEach(function(value2) {
result.push(
encodeValue(operator, value2, isKeyOperator(operator) ? key : "")
);
});
} else {
Object.keys(value).forEach(function(k) {
if (isDefined(value[k])) {
if (isDefined2(value[k])) {
result.push(encodeValue(operator, value[k], k));
}
});
@@ -21063,12 +21063,12 @@ var require_dist_node6 = __commonJS({
} else {
const tmp = [];
if (Array.isArray(value)) {
value.filter(isDefined).forEach(function(value2) {
value.filter(isDefined2).forEach(function(value2) {
tmp.push(encodeValue(operator, value2));
});
} else {
Object.keys(value).forEach(function(k) {
if (isDefined(value[k])) {
if (isDefined2(value[k])) {
tmp.push(encodeUnreserved(k));
tmp.push(encodeValue(operator, value[k].toString()));
}
@@ -21083,7 +21083,7 @@ var require_dist_node6 = __commonJS({
}
} else {
if (operator === ";") {
if (isDefined(value)) {
if (isDefined2(value)) {
result.push(encodeUnreserved(key));
}
} else if (value === "" && (operator === "&" || operator === "?")) {
@@ -32287,7 +32287,7 @@ var require_package = __commonJS({
"package.json"(exports2, module2) {
module2.exports = {
name: "codeql",
version: "3.30.1",
version: "3.30.2",
private: true,
description: "CodeQL action",
scripts: {
@@ -32335,13 +32335,13 @@ var require_package = __commonJS({
"node-forge": "^1.3.1",
octokit: "^5.0.3",
semver: "^7.7.2",
uuid: "^11.1.0"
uuid: "^12.0.0"
},
devDependencies: {
"@ava/typescript": "6.0.0",
"@eslint/compat": "^1.3.2",
"@eslint/eslintrc": "^3.3.1",
"@eslint/js": "^9.34.0",
"@eslint/js": "^9.35.0",
"@microsoft/eslint-formatter-sarif": "^3.1.0",
"@octokit/types": "^14.1.0",
"@types/archiver": "^6.0.3",
@@ -32350,9 +32350,9 @@ var require_package = __commonJS({
"@types/js-yaml": "^4.0.9",
"@types/node": "20.19.9",
"@types/node-forge": "^1.3.14",
"@types/semver": "^7.7.0",
"@types/semver": "^7.7.1",
"@types/sinon": "^17.0.4",
"@typescript-eslint/eslint-plugin": "^8.41.0",
"@typescript-eslint/eslint-plugin": "^8.43.0",
"@typescript-eslint/parser": "^8.41.0",
ava: "^6.4.1",
esbuild: "^0.25.9",
@@ -36929,7 +36929,7 @@ var require_cacheUtils = __commonJS({
var exec2 = __importStar4(require_exec());
var glob2 = __importStar4(require_glob());
var io7 = __importStar4(require_io());
var crypto = __importStar4(require("crypto"));
var crypto2 = __importStar4(require("crypto"));
var fs20 = __importStar4(require("fs"));
var path20 = __importStar4(require("path"));
var semver8 = __importStar4(require_semver3());
@@ -36953,7 +36953,7 @@ var require_cacheUtils = __commonJS({
}
tempDirectory = path20.join(baseLocation, "actions", "temp");
}
const dest = path20.join(tempDirectory, crypto.randomUUID());
const dest = path20.join(tempDirectory, crypto2.randomUUID());
yield io7.mkdirP(dest);
return dest;
});
@@ -37069,7 +37069,7 @@ var require_cacheUtils = __commonJS({
components.push("windows-only");
}
components.push(versionSalt);
return crypto.createHash("sha256").update(components.join("|")).digest("hex");
return crypto2.createHash("sha256").update(components.join("|")).digest("hex");
}
exports2.getCacheVersion = getCacheVersion;
function getRuntimeToken() {
@@ -37670,14 +37670,14 @@ var require_typeGuards = __commonJS({
"node_modules/@azure/core-util/dist/commonjs/typeGuards.js"(exports2) {
"use strict";
Object.defineProperty(exports2, "__esModule", { value: true });
exports2.isDefined = isDefined;
exports2.isDefined = isDefined2;
exports2.isObjectWithProperties = isObjectWithProperties;
exports2.objectHasProperty = objectHasProperty;
function isDefined(thing) {
function isDefined2(thing) {
return typeof thing !== "undefined" && thing !== null;
}
function isObjectWithProperties(thing, properties) {
if (!isDefined(thing) || typeof thing !== "object") {
if (!isDefined2(thing) || typeof thing !== "object") {
return false;
}
for (const property of properties) {
@@ -37688,7 +37688,7 @@ var require_typeGuards = __commonJS({
return true;
}
function objectHasProperty(thing, property) {
return isDefined(thing) && typeof thing === "object" && property in thing;
return isDefined2(thing) && typeof thing === "object" && property in thing;
}
}
});
@@ -48813,7 +48813,7 @@ var require_dist7 = __commonJS({
var coreXml = require_commonjs9();
var logger$1 = require_dist();
var abortController = require_commonjs10();
var crypto = require("crypto");
var crypto2 = require("crypto");
var coreTracing = require_commonjs4();
var stream2 = require("stream");
var coreLro = require_dist6();
@@ -50321,7 +50321,7 @@ ${key}:${decodeURIComponent(lowercaseQueries[key])}`;
* @param stringToSign -
*/
computeHMACSHA256(stringToSign) {
return crypto.createHmac("sha256", this.accountKey).update(stringToSign, "utf8").digest("base64");
return crypto2.createHmac("sha256", this.accountKey).update(stringToSign, "utf8").digest("base64");
}
};
var AnonymousCredentialPolicy = class extends CredentialPolicy {
@@ -50519,7 +50519,7 @@ ${key}:${decodeURIComponent(lowercaseQueries[key])}`;
getHeaderValueToSign(request, HeaderConstants.IF_UNMODIFIED_SINCE),
getHeaderValueToSign(request, HeaderConstants.RANGE)
].join("\n") + "\n" + getCanonicalizedHeadersString(request) + getCanonicalizedResourceString(request);
const signature = crypto.createHmac("sha256", options.accountKey).update(stringToSign, "utf8").digest("base64");
const signature = crypto2.createHmac("sha256", options.accountKey).update(stringToSign, "utf8").digest("base64");
request.headers.set(HeaderConstants.AUTHORIZATION, `SharedKey ${options.accountName}:${signature}`);
}
function getHeaderValueToSign(request, headerName) {
@@ -64278,7 +64278,7 @@ ${key}:${decodeURIComponent(lowercaseQueries[key])}`;
* @param stringToSign -
*/
computeHMACSHA256(stringToSign) {
return crypto.createHmac("sha256", this.key).update(stringToSign, "utf8").digest("base64");
return crypto2.createHmac("sha256", this.key).update(stringToSign, "utf8").digest("base64");
}
};
function ipRangeToString(ipRange) {
@@ -79549,7 +79549,7 @@ var require_tool_cache = __commonJS({
exports2.evaluateVersions = exports2.isExplicitVersion = exports2.findFromManifest = exports2.getManifestFromRepo = exports2.findAllVersions = exports2.find = exports2.cacheFile = exports2.cacheDir = exports2.extractZip = exports2.extractXar = exports2.extractTar = exports2.extract7z = exports2.downloadTool = exports2.HTTPError = void 0;
var core15 = __importStar4(require_core());
var io7 = __importStar4(require_io());
var crypto = __importStar4(require("crypto"));
var crypto2 = __importStar4(require("crypto"));
var fs20 = __importStar4(require("fs"));
var mm = __importStar4(require_manifest());
var os5 = __importStar4(require("os"));
@@ -79574,7 +79574,7 @@ var require_tool_cache = __commonJS({
var userAgent = "actions/tool-cache";
function downloadTool2(url2, dest, auth, headers) {
return __awaiter4(this, void 0, void 0, function* () {
dest = dest || path20.join(_getTempDirectory(), crypto.randomUUID());
dest = dest || path20.join(_getTempDirectory(), crypto2.randomUUID());
yield io7.mkdirP(path20.dirname(dest));
core15.debug(`Downloading ${url2}`);
core15.debug(`Destination ${dest}`);
@@ -79955,7 +79955,7 @@ var require_tool_cache = __commonJS({
function _createExtractFolder(dest) {
return __awaiter4(this, void 0, void 0, function* () {
if (!dest) {
dest = path20.join(_getTempDirectory(), crypto.randomUUID());
dest = path20.join(_getTempDirectory(), crypto2.randomUUID());
}
yield io7.mkdirP(dest);
return dest;
@@ -81563,7 +81563,7 @@ var require_internal_hash_files = __commonJS({
};
Object.defineProperty(exports2, "__esModule", { value: true });
exports2.hashFiles = void 0;
var crypto = __importStar4(require("crypto"));
var crypto2 = __importStar4(require("crypto"));
var core15 = __importStar4(require_core());
var fs20 = __importStar4(require("fs"));
var stream2 = __importStar4(require("stream"));
@@ -81576,7 +81576,7 @@ var require_internal_hash_files = __commonJS({
const writeDelegate = verbose ? core15.info : core15.debug;
let hasMatch = false;
const githubWorkspace = currentWorkspace ? currentWorkspace : (_d = process.env["GITHUB_WORKSPACE"]) !== null && _d !== void 0 ? _d : process.cwd();
const result = crypto.createHash("sha256");
const result = crypto2.createHash("sha256");
let count = 0;
try {
for (var _e = true, _f = __asyncValues4(globber.globGenerator()), _g; _g = yield _f.next(), _a = _g.done, !_a; _e = true) {
@@ -81592,7 +81592,7 @@ var require_internal_hash_files = __commonJS({
writeDelegate(`Skip directory '${file}'.`);
continue;
}
const hash2 = crypto.createHash("sha256");
const hash2 = crypto2.createHash("sha256");
const pipeline = util.promisify(stream2.pipeline);
yield pipeline(fs20.createReadStream(file), hash2);
result.write(hash2.digest());
@@ -90113,12 +90113,6 @@ function fixCodeQualityCategory(logger, category) {
return category;
}
// src/analyze.ts
var fs15 = __toESM(require("fs"));
var path16 = __toESM(require("path"));
var import_perf_hooks2 = require("perf_hooks");
var io5 = __toESM(require_io());
// src/analyses.ts
var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => {
AnalysisKind2["CodeScanning"] = "code-scanning";
@@ -90127,6 +90121,28 @@ var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => {
})(AnalysisKind || {});
var supportedAnalysisKinds = new Set(Object.values(AnalysisKind));
var codeQualityQueries = ["code-quality"];
var CodeScanning = {
kind: "code-scanning" /* CodeScanning */,
name: "code scanning",
target: "PUT /repos/:owner/:repo/code-scanning/analysis" /* CODE_SCANNING */,
sarifExtension: ".sarif",
sarifPredicate: (name) => name.endsWith(CodeScanning.sarifExtension) && !CodeQuality.sarifPredicate(name),
sentinelPrefix: "CODEQL_UPLOAD_SARIF_"
};
var CodeQuality = {
kind: "code-quality" /* CodeQuality */,
name: "code quality",
target: "PUT /repos/:owner/:repo/code-quality/analysis" /* CODE_QUALITY */,
sarifExtension: ".quality.sarif",
sarifPredicate: (name) => name.endsWith(CodeQuality.sarifExtension),
sentinelPrefix: "CODEQL_UPLOAD_QUALITY_SARIF_"
};
// src/analyze.ts
var fs15 = __toESM(require("fs"));
var path16 = __toESM(require("path"));
var import_perf_hooks2 = require("perf_hooks");
var io5 = __toESM(require_io());
// src/api-client.ts
var core5 = __toESM(require_core());
@@ -90237,6 +90253,11 @@ async function getAnalysisKey() {
core5.exportVariable(analysisKeyEnvVar, analysisKey);
return analysisKey;
}
async function getAutomationID() {
const analysis_key = await getAnalysisKey();
const environment = getRequiredInput("matrix");
return computeAutomationID(analysis_key, environment);
}
function computeAutomationID(analysis_key, environment) {
let automationID = `${analysis_key}/`;
const matrix = parseMatrixInput(environment);
@@ -90561,6 +90582,7 @@ var bundleVersion = "codeql-bundle-v2.23.0";
var cliVersion = "2.23.0";
// src/overlay-database-utils.ts
var crypto = __toESM(require("crypto"));
var fs6 = __toESM(require("fs"));
var path7 = __toESM(require("path"));
var actionsCache = __toESM(require_cache3());
@@ -90908,14 +90930,18 @@ async function uploadOverlayBaseDatabaseToCache(codeql, config, logger) {
}
const codeQlVersion = (await codeql.getVersion()).version;
const checkoutPath = getRequiredInput("checkout_path");
const cacheKey3 = await generateCacheKey(config, codeQlVersion, checkoutPath);
const cacheSaveKey = await getCacheSaveKey(
config,
codeQlVersion,
checkoutPath
);
logger.info(
`Uploading overlay-base database to Actions cache with key ${cacheKey3}`
`Uploading overlay-base database to Actions cache with key ${cacheSaveKey}`
);
try {
const cacheId = await withTimeout(
MAX_CACHE_OPERATION_MS,
actionsCache.saveCache([dbLocation], cacheKey3),
actionsCache.saveCache([dbLocation], cacheSaveKey),
() => {
}
);
@@ -90932,13 +90958,26 @@ async function uploadOverlayBaseDatabaseToCache(codeql, config, logger) {
logger.info(`Successfully uploaded overlay-base database from ${dbLocation}`);
return true;
}
async function generateCacheKey(config, codeQlVersion, checkoutPath) {
async function getCacheSaveKey(config, codeQlVersion, checkoutPath) {
const sha = await getCommitOid(checkoutPath);
return `${getCacheRestoreKey(config, codeQlVersion)}${sha}`;
const restoreKeyPrefix = await getCacheRestoreKeyPrefix(
config,
codeQlVersion
);
return `${restoreKeyPrefix}${sha}`;
}
function getCacheRestoreKey(config, codeQlVersion) {
async function getCacheRestoreKeyPrefix(config, codeQlVersion) {
const languages = [...config.languages].sort().join("_");
return `${CACHE_PREFIX}-${CACHE_VERSION}-${languages}-${codeQlVersion}-`;
const cacheKeyComponents = {
automationID: await getAutomationID()
// Add more components here as needed in the future
};
const componentsHash = createCacheKeyHash(cacheKeyComponents);
return `${CACHE_PREFIX}-${CACHE_VERSION}-${componentsHash}-${languages}-${codeQlVersion}-`;
}
function createCacheKeyHash(components) {
const componentsJson = JSON.stringify(components);
return crypto.createHash("sha256").update(componentsJson).digest("hex").substring(0, 16);
}
// src/tools-features.ts
@@ -91601,9 +91640,18 @@ function appendExtraQueryExclusions(extraQueryExclusions, cliConfig) {
}
return augmentedConfig;
}
function isCodeScanningEnabled(config) {
return config.analysisKinds.includes("code-scanning" /* CodeScanning */);
}
function isCodeQualityEnabled(config) {
return config.analysisKinds.includes("code-quality" /* CodeQuality */);
}
function getPrimaryAnalysisKind(config) {
return isCodeScanningEnabled(config) ? "code-scanning" /* CodeScanning */ : "code-quality" /* CodeQuality */;
}
function getPrimaryAnalysisConfig(config) {
return getPrimaryAnalysisKind(config) === "code-scanning" /* CodeScanning */ ? CodeScanning : CodeQuality;
}
// src/setup-codeql.ts
var fs12 = __toESM(require("fs"));
@@ -91612,7 +91660,7 @@ var toolcache3 = __toESM(require_tool_cache());
var import_fast_deep_equal = __toESM(require_fast_deep_equal());
var semver7 = __toESM(require_semver2());
// node_modules/uuid/dist/esm/stringify.js
// node_modules/uuid/dist/stringify.js
var byteToHex = [];
for (let i = 0; i < 256; ++i) {
byteToHex.push((i + 256).toString(16).slice(1));
@@ -91621,27 +91669,24 @@ function unsafeStringify(arr, offset = 0) {
return (byteToHex[arr[offset + 0]] + byteToHex[arr[offset + 1]] + byteToHex[arr[offset + 2]] + byteToHex[arr[offset + 3]] + "-" + byteToHex[arr[offset + 4]] + byteToHex[arr[offset + 5]] + "-" + byteToHex[arr[offset + 6]] + byteToHex[arr[offset + 7]] + "-" + byteToHex[arr[offset + 8]] + byteToHex[arr[offset + 9]] + "-" + byteToHex[arr[offset + 10]] + byteToHex[arr[offset + 11]] + byteToHex[arr[offset + 12]] + byteToHex[arr[offset + 13]] + byteToHex[arr[offset + 14]] + byteToHex[arr[offset + 15]]).toLowerCase();
}
// node_modules/uuid/dist/esm/rng.js
var import_crypto = require("crypto");
// node_modules/uuid/dist/rng.js
var import_node_crypto = require("node:crypto");
var rnds8Pool = new Uint8Array(256);
var poolPtr = rnds8Pool.length;
function rng() {
if (poolPtr > rnds8Pool.length - 16) {
(0, import_crypto.randomFillSync)(rnds8Pool);
(0, import_node_crypto.randomFillSync)(rnds8Pool);
poolPtr = 0;
}
return rnds8Pool.slice(poolPtr, poolPtr += 16);
}
// node_modules/uuid/dist/esm/native.js
var import_crypto2 = require("crypto");
var native_default = { randomUUID: import_crypto2.randomUUID };
// node_modules/uuid/dist/native.js
var import_node_crypto2 = require("node:crypto");
var native_default = { randomUUID: import_node_crypto2.randomUUID };
// node_modules/uuid/dist/esm/v4.js
function v4(options, buf, offset) {
if (native_default.randomUUID && !buf && !options) {
return native_default.randomUUID();
}
// node_modules/uuid/dist/v4.js
function _v4(options, buf, offset) {
options = options || {};
const rnds = options.random ?? options.rng?.() ?? rng();
if (rnds.length < 16) {
@@ -91661,6 +91706,12 @@ function v4(options, buf, offset) {
}
return unsafeStringify(rnds);
}
function v4(options, buf, offset) {
if (native_default.randomUUID && !buf && !options) {
return native_default.randomUUID();
}
return _v4(options, buf, offset);
}
var v4_default = v4;
// src/tar.ts
@@ -93560,6 +93611,9 @@ function resolveQuerySuiteAlias(language, maybeSuite) {
}
return maybeSuite;
}
function addSarifExtension(analysis, base) {
return `${base}${analysis.sarifExtension}`;
}
async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag, diffRangePackDir, automationDetailsId, codeql, config, logger, features) {
const statusReport = {};
const queryFlags = [memoryFlag, threadsFlag];
@@ -93579,14 +93633,16 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
incrementalMode.push("overlay");
}
const sarifRunPropertyFlag = incrementalMode.length > 0 ? `--sarif-run-property=incrementalMode=${incrementalMode.join(",")}` : void 0;
const dbAnalysisConfig = getPrimaryAnalysisConfig(config);
for (const language of config.languages) {
try {
const sarifFile = path16.join(sarifFolder, `${language}.sarif`);
const queries = [];
if (isCodeQualityEnabled(config)) {
if (config.analysisKinds.length > 1) {
queries.push(getGeneratedSuitePath(config, language));
for (const qualityQuery of codeQualityQueries) {
queries.push(resolveQuerySuiteAlias(language, qualityQuery));
if (isCodeQualityEnabled(config)) {
for (const qualityQuery of codeQualityQueries) {
queries.push(resolveQuerySuiteAlias(language, qualityQuery));
}
}
}
logger.startGroup(`Running queries for ${language}`);
@@ -93595,35 +93651,24 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
await codeql.databaseRunQueries(databasePath, queryFlags, queries);
logger.debug(`Finished running queries for ${language}.`);
statusReport[`analyze_builtin_queries_${language}_duration_ms`] = (/* @__PURE__ */ new Date()).getTime() - startTimeRunQueries;
logger.startGroup(`Interpreting results for ${language}`);
const startTimeInterpretResults = /* @__PURE__ */ new Date();
const analysisSummary = await runInterpretResults(
const { summary: analysisSummary, sarifFile } = await runInterpretResultsFor(
dbAnalysisConfig,
language,
void 0,
sarifFile,
config.debugMode,
automationDetailsId
config.debugMode
);
let qualityAnalysisSummary;
if (isCodeQualityEnabled(config)) {
logger.info(`Interpreting quality results for ${language}`);
const qualityCategory = fixCodeQualityCategory(
logger,
automationDetailsId
);
const qualitySarifFile = path16.join(
sarifFolder,
`${language}.quality.sarif`
);
qualityAnalysisSummary = await runInterpretResults(
if (config.analysisKinds.length > 1 && isCodeQualityEnabled(config)) {
const qualityResult = await runInterpretResultsFor(
CodeQuality,
language,
codeQualityQueries.map(
(i) => resolveQuerySuiteAlias(language, i)
),
qualitySarifFile,
config.debugMode,
qualityCategory
config.debugMode
);
qualityAnalysisSummary = qualityResult.summary;
}
const endTimeInterpretResults = /* @__PURE__ */ new Date();
statusReport[`interpret_results_${language}_duration_ms`] = endTimeInterpretResults.getTime() - startTimeInterpretResults.getTime();
@@ -93659,6 +93704,25 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
}
}
return statusReport;
async function runInterpretResultsFor(analysis, language, queries, enableDebugLogging) {
logger.info(`Interpreting ${analysis.name} results for ${language}`);
let category = automationDetailsId;
if (dbAnalysisConfig.kind === "code-quality" /* CodeQuality */) {
category = fixCodeQualityCategory(logger, automationDetailsId);
}
const sarifFile = path16.join(
sarifFolder,
addSarifExtension(analysis, language)
);
const summary = await runInterpretResults(
language,
queries,
sarifFile,
enableDebugLogging,
category
);
return { summary, sarifFile };
}
async function runInterpretResults(language, queries, sarifFile, enableDebugLogging, category) {
const databasePath = getCodeQLDatabasePath(config, language);
return await codeql.databaseInterpretResults(
@@ -95307,7 +95371,7 @@ async function combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, lo
return JSON.parse(fs18.readFileSync(outputFile, "utf8"));
}
function populateRunAutomationDetails(sarif, category, analysis_key, environment) {
const automationID = getAutomationID(category, analysis_key, environment);
const automationID = getAutomationID2(category, analysis_key, environment);
if (automationID !== void 0) {
for (const run2 of sarif.runs || []) {
if (run2.automationDetails === void 0) {
@@ -95320,7 +95384,7 @@ function populateRunAutomationDetails(sarif, category, analysis_key, environment
}
return sarif;
}
function getAutomationID(category, analysis_key, environment) {
function getAutomationID2(category, analysis_key, environment) {
if (category !== void 0) {
let automationID = category;
if (!automationID.endsWith("/")) {
@@ -95498,18 +95562,6 @@ function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, wo
}
return payloadObj;
}
var CodeScanningTarget = {
name: "code scanning",
target: "PUT /repos/:owner/:repo/code-scanning/analysis" /* CODE_SCANNING */,
sarifPredicate: (name) => name.endsWith(".sarif") && !CodeQualityTarget.sarifPredicate(name),
sentinelPrefix: "CODEQL_UPLOAD_SARIF_"
};
var CodeQualityTarget = {
name: "code quality",
target: "PUT /repos/:owner/:repo/code-quality/analysis" /* CODE_QUALITY */,
sarifPredicate: (name) => name.endsWith(".quality.sarif"),
sentinelPrefix: "CODEQL_UPLOAD_QUALITY_SARIF_"
};
async function uploadFiles(inputSarifPath, checkoutPath, category, features, logger, uploadTarget) {
const sarifPaths = getSarifFilePaths(
inputSarifPath,
@@ -95524,7 +95576,7 @@ async function uploadFiles(inputSarifPath, checkoutPath, category, features, log
uploadTarget
);
}
async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features, logger, uploadTarget = CodeScanningTarget) {
async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features, logger, uploadTarget) {
logger.startGroup(`Uploading ${uploadTarget.name} results`);
logger.info(`Processing sarif files: ${JSON.stringify(sarifPaths)}`);
const gitHubVersion = await getGitHubVersion();
@@ -95695,7 +95747,7 @@ function handleProcessingResultForUnsuccessfulExecution(response, status, logger
assertNever(status);
}
}
function validateUniqueCategory(sarif, sentinelPrefix = CodeScanningTarget.sentinelPrefix) {
function validateUniqueCategory(sarif, sentinelPrefix) {
const categories = {};
for (const run2 of sarif.runs) {
const id = run2?.automationDetails?.id;
@@ -95945,15 +95997,17 @@ async function run() {
core14.setOutput("sarif-output", import_path4.default.resolve(outputDir));
const uploadInput = getOptionalInput("upload");
if (runStats && getUploadValue(uploadInput) === "always") {
uploadResult = await uploadFiles(
outputDir,
getRequiredInput("checkout_path"),
getOptionalInput("category"),
features,
logger,
CodeScanningTarget
);
core14.setOutput("sarif-id", uploadResult.sarifID);
if (isCodeScanningEnabled(config)) {
uploadResult = await uploadFiles(
outputDir,
getRequiredInput("checkout_path"),
getOptionalInput("category"),
features,
logger,
CodeScanning
);
core14.setOutput("sarif-id", uploadResult.sarifID);
}
if (isCodeQualityEnabled(config)) {
const qualityUploadResult = await uploadFiles(
outputDir,
@@ -95964,7 +96018,7 @@ async function run() {
),
features,
logger,
CodeQualityTarget
CodeQuality
);
core14.setOutput("quality-sarif-id", qualityUploadResult.sarifID);
}
lib/autobuild-action.js
Generated
+23 -23
View File
@@ -20288,7 +20288,7 @@ var require_dist_node2 = __commonJS({
return value;
}
}
function isDefined(value) {
function isDefined2(value) {
return value !== void 0 && value !== null;
}
function isKeyOperator(operator) {
@@ -20296,7 +20296,7 @@ var require_dist_node2 = __commonJS({
}
function getValues(context2, operator, key, modifier) {
var value = context2[key], result = [];
if (isDefined(value) && value !== "") {
if (isDefined2(value) && value !== "") {
if (typeof value === "string" || typeof value === "number" || typeof value === "boolean") {
value = value.toString();
if (modifier && modifier !== "*") {
@@ -20308,14 +20308,14 @@ var require_dist_node2 = __commonJS({
} else {
if (modifier === "*") {
if (Array.isArray(value)) {
value.filter(isDefined).forEach(function(value2) {
value.filter(isDefined2).forEach(function(value2) {
result.push(
encodeValue(operator, value2, isKeyOperator(operator) ? key : "")
);
});
} else {
Object.keys(value).forEach(function(k) {
if (isDefined(value[k])) {
if (isDefined2(value[k])) {
result.push(encodeValue(operator, value[k], k));
}
});
@@ -20323,12 +20323,12 @@ var require_dist_node2 = __commonJS({
} else {
const tmp = [];
if (Array.isArray(value)) {
value.filter(isDefined).forEach(function(value2) {
value.filter(isDefined2).forEach(function(value2) {
tmp.push(encodeValue(operator, value2));
});
} else {
Object.keys(value).forEach(function(k) {
if (isDefined(value[k])) {
if (isDefined2(value[k])) {
tmp.push(encodeUnreserved(k));
tmp.push(encodeValue(operator, value[k].toString()));
}
@@ -20343,7 +20343,7 @@ var require_dist_node2 = __commonJS({
}
} else {
if (operator === ";") {
if (isDefined(value)) {
if (isDefined2(value)) {
result.push(encodeUnreserved(key));
}
} else if (value === "" && (operator === "&" || operator === "?")) {
@@ -21028,7 +21028,7 @@ var require_dist_node6 = __commonJS({
return value;
}
}
function isDefined(value) {
function isDefined2(value) {
return value !== void 0 && value !== null;
}
function isKeyOperator(operator) {
@@ -21036,7 +21036,7 @@ var require_dist_node6 = __commonJS({
}
function getValues(context2, operator, key, modifier) {
var value = context2[key], result = [];
if (isDefined(value) && value !== "") {
if (isDefined2(value) && value !== "") {
if (typeof value === "string" || typeof value === "number" || typeof value === "boolean") {
value = value.toString();
if (modifier && modifier !== "*") {
@@ -21048,14 +21048,14 @@ var require_dist_node6 = __commonJS({
} else {
if (modifier === "*") {
if (Array.isArray(value)) {
value.filter(isDefined).forEach(function(value2) {
value.filter(isDefined2).forEach(function(value2) {
result.push(
encodeValue(operator, value2, isKeyOperator(operator) ? key : "")
);
});
} else {
Object.keys(value).forEach(function(k) {
if (isDefined(value[k])) {
if (isDefined2(value[k])) {
result.push(encodeValue(operator, value[k], k));
}
});
@@ -21063,12 +21063,12 @@ var require_dist_node6 = __commonJS({
} else {
const tmp = [];
if (Array.isArray(value)) {
value.filter(isDefined).forEach(function(value2) {
value.filter(isDefined2).forEach(function(value2) {
tmp.push(encodeValue(operator, value2));
});
} else {
Object.keys(value).forEach(function(k) {
if (isDefined(value[k])) {
if (isDefined2(value[k])) {
tmp.push(encodeUnreserved(k));
tmp.push(encodeValue(operator, value[k].toString()));
}
@@ -21083,7 +21083,7 @@ var require_dist_node6 = __commonJS({
}
} else {
if (operator === ";") {
if (isDefined(value)) {
if (isDefined2(value)) {
result.push(encodeUnreserved(key));
}
} else if (value === "" && (operator === "&" || operator === "?")) {
@@ -26438,7 +26438,7 @@ var require_package = __commonJS({
"package.json"(exports2, module2) {
module2.exports = {
name: "codeql",
version: "3.30.1",
version: "3.30.2",
private: true,
description: "CodeQL action",
scripts: {
@@ -26486,13 +26486,13 @@ var require_package = __commonJS({
"node-forge": "^1.3.1",
octokit: "^5.0.3",
semver: "^7.7.2",
uuid: "^11.1.0"
uuid: "^12.0.0"
},
devDependencies: {
"@ava/typescript": "6.0.0",
"@eslint/compat": "^1.3.2",
"@eslint/eslintrc": "^3.3.1",
"@eslint/js": "^9.34.0",
"@eslint/js": "^9.35.0",
"@microsoft/eslint-formatter-sarif": "^3.1.0",
"@octokit/types": "^14.1.0",
"@types/archiver": "^6.0.3",
@@ -26501,9 +26501,9 @@ var require_package = __commonJS({
"@types/js-yaml": "^4.0.9",
"@types/node": "20.19.9",
"@types/node-forge": "^1.3.14",
"@types/semver": "^7.7.0",
"@types/semver": "^7.7.1",
"@types/sinon": "^17.0.4",
"@typescript-eslint/eslint-plugin": "^8.41.0",
"@typescript-eslint/eslint-plugin": "^8.43.0",
"@typescript-eslint/parser": "^8.41.0",
ava: "^6.4.1",
esbuild: "^0.25.9",
@@ -31821,14 +31821,14 @@ var require_typeGuards = __commonJS({
"node_modules/@azure/core-util/dist/commonjs/typeGuards.js"(exports2) {
"use strict";
Object.defineProperty(exports2, "__esModule", { value: true });
exports2.isDefined = isDefined;
exports2.isDefined = isDefined2;
exports2.isObjectWithProperties = isObjectWithProperties;
exports2.objectHasProperty = objectHasProperty;
function isDefined(thing) {
function isDefined2(thing) {
return typeof thing !== "undefined" && thing !== null;
}
function isObjectWithProperties(thing, properties) {
if (!isDefined(thing) || typeof thing !== "object") {
if (!isDefined2(thing) || typeof thing !== "object") {
return false;
}
for (const property of properties) {
@@ -31839,7 +31839,7 @@ var require_typeGuards = __commonJS({
return true;
}
function objectHasProperty(thing, property) {
return isDefined(thing) && typeof thing === "object" && property in thing;
return isDefined2(thing) && typeof thing === "object" && property in thing;
}
}
});
lib/init-action-post.js
Generated
+66 -59
View File
@@ -20288,7 +20288,7 @@ var require_dist_node2 = __commonJS({
return value;
}
}
function isDefined(value) {
function isDefined2(value) {
return value !== void 0 && value !== null;
}
function isKeyOperator(operator) {
@@ -20296,7 +20296,7 @@ var require_dist_node2 = __commonJS({
}
function getValues(context3, operator, key, modifier) {
var value = context3[key], result = [];
if (isDefined(value) && value !== "") {
if (isDefined2(value) && value !== "") {
if (typeof value === "string" || typeof value === "number" || typeof value === "boolean") {
value = value.toString();
if (modifier && modifier !== "*") {
@@ -20308,14 +20308,14 @@ var require_dist_node2 = __commonJS({
} else {
if (modifier === "*") {
if (Array.isArray(value)) {
value.filter(isDefined).forEach(function(value2) {
value.filter(isDefined2).forEach(function(value2) {
result.push(
encodeValue(operator, value2, isKeyOperator(operator) ? key : "")
);
});
} else {
Object.keys(value).forEach(function(k) {
if (isDefined(value[k])) {
if (isDefined2(value[k])) {
result.push(encodeValue(operator, value[k], k));
}
});
@@ -20323,12 +20323,12 @@ var require_dist_node2 = __commonJS({
} else {
const tmp = [];
if (Array.isArray(value)) {
value.filter(isDefined).forEach(function(value2) {
value.filter(isDefined2).forEach(function(value2) {
tmp.push(encodeValue(operator, value2));
});
} else {
Object.keys(value).forEach(function(k) {
if (isDefined(value[k])) {
if (isDefined2(value[k])) {
tmp.push(encodeUnreserved(k));
tmp.push(encodeValue(operator, value[k].toString()));
}
@@ -20343,7 +20343,7 @@ var require_dist_node2 = __commonJS({
}
} else {
if (operator === ";") {
if (isDefined(value)) {
if (isDefined2(value)) {
result.push(encodeUnreserved(key));
}
} else if (value === "" && (operator === "&" || operator === "?")) {
@@ -21028,7 +21028,7 @@ var require_dist_node6 = __commonJS({
return value;
}
}
function isDefined(value) {
function isDefined2(value) {
return value !== void 0 && value !== null;
}
function isKeyOperator(operator) {
@@ -21036,7 +21036,7 @@ var require_dist_node6 = __commonJS({
}
function getValues(context3, operator, key, modifier) {
var value = context3[key], result = [];
if (isDefined(value) && value !== "") {
if (isDefined2(value) && value !== "") {
if (typeof value === "string" || typeof value === "number" || typeof value === "boolean") {
value = value.toString();
if (modifier && modifier !== "*") {
@@ -21048,14 +21048,14 @@ var require_dist_node6 = __commonJS({
} else {
if (modifier === "*") {
if (Array.isArray(value)) {
value.filter(isDefined).forEach(function(value2) {
value.filter(isDefined2).forEach(function(value2) {
result.push(
encodeValue(operator, value2, isKeyOperator(operator) ? key : "")
);
});
} else {
Object.keys(value).forEach(function(k) {
if (isDefined(value[k])) {
if (isDefined2(value[k])) {
result.push(encodeValue(operator, value[k], k));
}
});
@@ -21063,12 +21063,12 @@ var require_dist_node6 = __commonJS({
} else {
const tmp = [];
if (Array.isArray(value)) {
value.filter(isDefined).forEach(function(value2) {
value.filter(isDefined2).forEach(function(value2) {
tmp.push(encodeValue(operator, value2));
});
} else {
Object.keys(value).forEach(function(k) {
if (isDefined(value[k])) {
if (isDefined2(value[k])) {
tmp.push(encodeUnreserved(k));
tmp.push(encodeValue(operator, value[k].toString()));
}
@@ -21083,7 +21083,7 @@ var require_dist_node6 = __commonJS({
}
} else {
if (operator === ";") {
if (isDefined(value)) {
if (isDefined2(value)) {
result.push(encodeUnreserved(key));
}
} else if (value === "" && (operator === "&" || operator === "?")) {
@@ -32287,7 +32287,7 @@ var require_package = __commonJS({
"package.json"(exports2, module2) {
module2.exports = {
name: "codeql",
version: "3.30.1",
version: "3.30.2",
private: true,
description: "CodeQL action",
scripts: {
@@ -32335,13 +32335,13 @@ var require_package = __commonJS({
"node-forge": "^1.3.1",
octokit: "^5.0.3",
semver: "^7.7.2",
uuid: "^11.1.0"
uuid: "^12.0.0"
},
devDependencies: {
"@ava/typescript": "6.0.0",
"@eslint/compat": "^1.3.2",
"@eslint/eslintrc": "^3.3.1",
"@eslint/js": "^9.34.0",
"@eslint/js": "^9.35.0",
"@microsoft/eslint-formatter-sarif": "^3.1.0",
"@octokit/types": "^14.1.0",
"@types/archiver": "^6.0.3",
@@ -32350,9 +32350,9 @@ var require_package = __commonJS({
"@types/js-yaml": "^4.0.9",
"@types/node": "20.19.9",
"@types/node-forge": "^1.3.14",
"@types/semver": "^7.7.0",
"@types/semver": "^7.7.1",
"@types/sinon": "^17.0.4",
"@typescript-eslint/eslint-plugin": "^8.41.0",
"@typescript-eslint/eslint-plugin": "^8.43.0",
"@typescript-eslint/parser": "^8.41.0",
ava: "^6.4.1",
esbuild: "^0.25.9",
@@ -37670,14 +37670,14 @@ var require_typeGuards = __commonJS({
"node_modules/@azure/core-util/dist/commonjs/typeGuards.js"(exports2) {
"use strict";
Object.defineProperty(exports2, "__esModule", { value: true });
exports2.isDefined = isDefined;
exports2.isDefined = isDefined2;
exports2.isObjectWithProperties = isObjectWithProperties;
exports2.objectHasProperty = objectHasProperty;
function isDefined(thing) {
function isDefined2(thing) {
return typeof thing !== "undefined" && thing !== null;
}
function isObjectWithProperties(thing, properties) {
if (!isDefined(thing) || typeof thing !== "object") {
if (!isDefined2(thing) || typeof thing !== "object") {
return false;
}
for (const property of properties) {
@@ -37688,7 +37688,7 @@ var require_typeGuards = __commonJS({
return true;
}
function objectHasProperty(thing, property) {
return isDefined(thing) && typeof thing === "object" && property in thing;
return isDefined2(thing) && typeof thing === "object" && property in thing;
}
}
});
@@ -108759,7 +108759,7 @@ var require_dist_node16 = __commonJS({
return value;
}
}
function isDefined(value) {
function isDefined2(value) {
return value !== void 0 && value !== null;
}
function isKeyOperator(operator) {
@@ -108767,7 +108767,7 @@ var require_dist_node16 = __commonJS({
}
function getValues(context3, operator, key, modifier) {
var value = context3[key], result = [];
if (isDefined(value) && value !== "") {
if (isDefined2(value) && value !== "") {
if (typeof value === "string" || typeof value === "number" || typeof value === "boolean") {
value = value.toString();
if (modifier && modifier !== "*") {
@@ -108777,12 +108777,12 @@ var require_dist_node16 = __commonJS({
} else {
if (modifier === "*") {
if (Array.isArray(value)) {
value.filter(isDefined).forEach(function(value2) {
value.filter(isDefined2).forEach(function(value2) {
result.push(encodeValue(operator, value2, isKeyOperator(operator) ? key : ""));
});
} else {
Object.keys(value).forEach(function(k) {
if (isDefined(value[k])) {
if (isDefined2(value[k])) {
result.push(encodeValue(operator, value[k], k));
}
});
@@ -108790,12 +108790,12 @@ var require_dist_node16 = __commonJS({
} else {
const tmp = [];
if (Array.isArray(value)) {
value.filter(isDefined).forEach(function(value2) {
value.filter(isDefined2).forEach(function(value2) {
tmp.push(encodeValue(operator, value2));
});
} else {
Object.keys(value).forEach(function(k) {
if (isDefined(value[k])) {
if (isDefined2(value[k])) {
tmp.push(encodeUnreserved(k));
tmp.push(encodeValue(operator, value[k].toString()));
}
@@ -108810,7 +108810,7 @@ var require_dist_node16 = __commonJS({
}
} else {
if (operator === ";") {
if (isDefined(value)) {
if (isDefined2(value)) {
result.push(encodeUnreserved(key));
}
} else if (value === "" && (operator === "&" || operator === "?")) {
@@ -128754,6 +128754,22 @@ var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => {
return AnalysisKind2;
})(AnalysisKind || {});
var supportedAnalysisKinds = new Set(Object.values(AnalysisKind));
var CodeScanning = {
kind: "code-scanning" /* CodeScanning */,
name: "code scanning",
target: "PUT /repos/:owner/:repo/code-scanning/analysis" /* CODE_SCANNING */,
sarifExtension: ".sarif",
sarifPredicate: (name) => name.endsWith(CodeScanning.sarifExtension) && !CodeQuality.sarifPredicate(name),
sentinelPrefix: "CODEQL_UPLOAD_SARIF_"
};
var CodeQuality = {
kind: "code-quality" /* CodeQuality */,
name: "code quality",
target: "PUT /repos/:owner/:repo/code-quality/analysis" /* CODE_QUALITY */,
sarifExtension: ".quality.sarif",
sarifPredicate: (name) => name.endsWith(CodeQuality.sarifExtension),
sentinelPrefix: "CODEQL_UPLOAD_QUALITY_SARIF_"
};
// src/caching-utils.ts
var core6 = __toESM(require_core());
@@ -129587,7 +129603,7 @@ var toolcache3 = __toESM(require_tool_cache());
var import_fast_deep_equal = __toESM(require_fast_deep_equal());
var semver7 = __toESM(require_semver2());
// node_modules/uuid/dist/esm/stringify.js
// node_modules/uuid/dist/stringify.js
var byteToHex = [];
for (let i = 0; i < 256; ++i) {
byteToHex.push((i + 256).toString(16).slice(1));
@@ -129596,27 +129612,24 @@ function unsafeStringify(arr, offset = 0) {
return (byteToHex[arr[offset + 0]] + byteToHex[arr[offset + 1]] + byteToHex[arr[offset + 2]] + byteToHex[arr[offset + 3]] + "-" + byteToHex[arr[offset + 4]] + byteToHex[arr[offset + 5]] + "-" + byteToHex[arr[offset + 6]] + byteToHex[arr[offset + 7]] + "-" + byteToHex[arr[offset + 8]] + byteToHex[arr[offset + 9]] + "-" + byteToHex[arr[offset + 10]] + byteToHex[arr[offset + 11]] + byteToHex[arr[offset + 12]] + byteToHex[arr[offset + 13]] + byteToHex[arr[offset + 14]] + byteToHex[arr[offset + 15]]).toLowerCase();
}
// node_modules/uuid/dist/esm/rng.js
var import_crypto = require("crypto");
// node_modules/uuid/dist/rng.js
var import_node_crypto = require("node:crypto");
var rnds8Pool = new Uint8Array(256);
var poolPtr = rnds8Pool.length;
function rng() {
if (poolPtr > rnds8Pool.length - 16) {
(0, import_crypto.randomFillSync)(rnds8Pool);
(0, import_node_crypto.randomFillSync)(rnds8Pool);
poolPtr = 0;
}
return rnds8Pool.slice(poolPtr, poolPtr += 16);
}
// node_modules/uuid/dist/esm/native.js
var import_crypto2 = require("crypto");
var native_default = { randomUUID: import_crypto2.randomUUID };
// node_modules/uuid/dist/native.js
var import_node_crypto2 = require("node:crypto");
var native_default = { randomUUID: import_node_crypto2.randomUUID };
// node_modules/uuid/dist/esm/v4.js
function v4(options, buf, offset) {
if (native_default.randomUUID && !buf && !options) {
return native_default.randomUUID();
}
// node_modules/uuid/dist/v4.js
function _v4(options, buf, offset) {
options = options || {};
const rnds = options.random ?? options.rng?.() ?? rng();
if (rnds.length < 16) {
@@ -129636,6 +129649,12 @@ function v4(options, buf, offset) {
}
return unsafeStringify(rnds);
}
function v4(options, buf, offset) {
if (native_default.randomUUID && !buf && !options) {
return native_default.randomUUID();
}
return _v4(options, buf, offset);
}
var v4_default = v4;
// src/tar.ts
@@ -132789,7 +132808,7 @@ async function combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, lo
return JSON.parse(fs17.readFileSync(outputFile, "utf8"));
}
function populateRunAutomationDetails(sarif, category, analysis_key, environment) {
const automationID = getAutomationID(category, analysis_key, environment);
const automationID = getAutomationID2(category, analysis_key, environment);
if (automationID !== void 0) {
for (const run2 of sarif.runs || []) {
if (run2.automationDetails === void 0) {
@@ -132802,7 +132821,7 @@ function populateRunAutomationDetails(sarif, category, analysis_key, environment
}
return sarif;
}
function getAutomationID(category, analysis_key, environment) {
function getAutomationID2(category, analysis_key, environment) {
if (category !== void 0) {
let automationID = category;
if (!automationID.endsWith("/")) {
@@ -132980,18 +132999,6 @@ function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, wo
}
return payloadObj;
}
var CodeScanningTarget = {
name: "code scanning",
target: "PUT /repos/:owner/:repo/code-scanning/analysis" /* CODE_SCANNING */,
sarifPredicate: (name) => name.endsWith(".sarif") && !CodeQualityTarget.sarifPredicate(name),
sentinelPrefix: "CODEQL_UPLOAD_SARIF_"
};
var CodeQualityTarget = {
name: "code quality",
target: "PUT /repos/:owner/:repo/code-quality/analysis" /* CODE_QUALITY */,
sarifPredicate: (name) => name.endsWith(".quality.sarif"),
sentinelPrefix: "CODEQL_UPLOAD_QUALITY_SARIF_"
};
async function uploadFiles(inputSarifPath, checkoutPath, category, features, logger, uploadTarget) {
const sarifPaths = getSarifFilePaths(
inputSarifPath,
@@ -133006,7 +133013,7 @@ async function uploadFiles(inputSarifPath, checkoutPath, category, features, log
uploadTarget
);
}
async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features, logger, uploadTarget = CodeScanningTarget) {
async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features, logger, uploadTarget) {
logger.startGroup(`Uploading ${uploadTarget.name} results`);
logger.info(`Processing sarif files: ${JSON.stringify(sarifPaths)}`);
const gitHubVersion = await getGitHubVersion();
@@ -133177,7 +133184,7 @@ function handleProcessingResultForUnsuccessfulExecution(response, status, logger
assertNever(status);
}
}
function validateUniqueCategory(sarif, sentinelPrefix = CodeScanningTarget.sentinelPrefix) {
function validateUniqueCategory(sarif, sentinelPrefix) {
const categories = {};
for (const run2 of sarif.runs) {
const id = run2?.automationDetails?.id;
@@ -133402,7 +133409,7 @@ async function maybeUploadFailedSarif(config, repositoryNwo, features, logger) {
category,
features,
logger,
CodeScanningTarget
CodeScanning
);
await waitForProcessing(
repositoryNwo,
lib/init-action.js
Generated
+132 -70
View File
@@ -184,7 +184,7 @@ var require_file_command = __commonJS({
};
Object.defineProperty(exports2, "__esModule", { value: true });
exports2.prepareKeyValueMessage = exports2.issueFileCommand = void 0;
var crypto = __importStar4(require("crypto"));
var crypto2 = __importStar4(require("crypto"));
var fs18 = __importStar4(require("fs"));
var os5 = __importStar4(require("os"));
var utils_1 = require_utils();
@@ -202,7 +202,7 @@ var require_file_command = __commonJS({
}
exports2.issueFileCommand = issueFileCommand;
function prepareKeyValueMessage(key, value) {
const delimiter = `ghadelimiter_${crypto.randomUUID()}`;
const delimiter = `ghadelimiter_${crypto2.randomUUID()}`;
const convertedValue = (0, utils_1.toCommandValue)(value);
if (key.includes(delimiter)) {
throw new Error(`Unexpected input: name should not contain the delimiter "${delimiter}"`);
@@ -3637,11 +3637,11 @@ var require_util2 = __commonJS({
var assert = require("assert");
var { isUint8Array } = require("util/types");
var supportedHashes = [];
var crypto;
var crypto2;
try {
crypto = require("crypto");
crypto2 = require("crypto");
const possibleRelevantHashes = ["sha256", "sha384", "sha512"];
supportedHashes = crypto.getHashes().filter((hash) => possibleRelevantHashes.includes(hash));
supportedHashes = crypto2.getHashes().filter((hash) => possibleRelevantHashes.includes(hash));
} catch {
}
function responseURL(response) {
@@ -3918,7 +3918,7 @@ var require_util2 = __commonJS({
}
}
function bytesMatch(bytes, metadataList) {
if (crypto === void 0) {
if (crypto2 === void 0) {
return true;
}
const parsedMetadata = parseMetadata(metadataList);
@@ -3933,7 +3933,7 @@ var require_util2 = __commonJS({
for (const item of metadata) {
const algorithm = item.algo;
const expectedValue = item.hash;
let actualValue = crypto.createHash(algorithm).update(bytes).digest("base64");
let actualValue = crypto2.createHash(algorithm).update(bytes).digest("base64");
if (actualValue[actualValue.length - 1] === "=") {
if (actualValue[actualValue.length - 2] === "=") {
actualValue = actualValue.slice(0, -2);
@@ -5279,8 +5279,8 @@ var require_body = __commonJS({
var { parseMIMEType, serializeAMimeType } = require_dataURL();
var random;
try {
const crypto = require("node:crypto");
random = (max) => crypto.randomInt(0, max);
const crypto2 = require("node:crypto");
random = (max) => crypto2.randomInt(0, max);
} catch {
random = (max) => Math.floor(Math.random(max));
}
@@ -16330,9 +16330,9 @@ var require_connection = __commonJS({
channels.open = diagnosticsChannel.channel("undici:websocket:open");
channels.close = diagnosticsChannel.channel("undici:websocket:close");
channels.socketError = diagnosticsChannel.channel("undici:websocket:socket_error");
var crypto;
var crypto2;
try {
crypto = require("crypto");
crypto2 = require("crypto");
} catch {
}
function establishWebSocketConnection(url, protocols, ws, onEstablish, options) {
@@ -16351,7 +16351,7 @@ var require_connection = __commonJS({
const headersList = new Headers(options.headers)[kHeadersList];
request.headersList = headersList;
}
const keyValue = crypto.randomBytes(16).toString("base64");
const keyValue = crypto2.randomBytes(16).toString("base64");
request.headersList.append("sec-websocket-key", keyValue);
request.headersList.append("sec-websocket-version", "13");
for (const protocol of protocols) {
@@ -16380,7 +16380,7 @@ var require_connection = __commonJS({
return;
}
const secWSAccept = response.headersList.get("Sec-WebSocket-Accept");
const digest = crypto.createHash("sha1").update(keyValue + uid).digest("base64");
const digest = crypto2.createHash("sha1").update(keyValue + uid).digest("base64");
if (secWSAccept !== digest) {
failWebsocketConnection(ws, "Incorrect hash received in Sec-WebSocket-Accept header.");
return;
@@ -16460,9 +16460,9 @@ var require_frame = __commonJS({
"node_modules/undici/lib/websocket/frame.js"(exports2, module2) {
"use strict";
var { maxUnsigned16Bit } = require_constants5();
var crypto;
var crypto2;
try {
crypto = require("crypto");
crypto2 = require("crypto");
} catch {
}
var WebsocketFrameSend = class {
@@ -16471,7 +16471,7 @@ var require_frame = __commonJS({
*/
constructor(data) {
this.frameData = data;
this.maskKey = crypto.randomBytes(4);
this.maskKey = crypto2.randomBytes(4);
}
createFrame(opcode) {
const bodyLength = this.frameData?.byteLength ?? 0;
@@ -22196,7 +22196,7 @@ var require_dist_node2 = __commonJS({
return value;
}
}
function isDefined(value) {
function isDefined2(value) {
return value !== void 0 && value !== null;
}
function isKeyOperator(operator) {
@@ -22204,7 +22204,7 @@ var require_dist_node2 = __commonJS({
}
function getValues(context2, operator, key, modifier) {
var value = context2[key], result = [];
if (isDefined(value) && value !== "") {
if (isDefined2(value) && value !== "") {
if (typeof value === "string" || typeof value === "number" || typeof value === "boolean") {
value = value.toString();
if (modifier && modifier !== "*") {
@@ -22216,14 +22216,14 @@ var require_dist_node2 = __commonJS({
} else {
if (modifier === "*") {
if (Array.isArray(value)) {
value.filter(isDefined).forEach(function(value2) {
value.filter(isDefined2).forEach(function(value2) {
result.push(
encodeValue(operator, value2, isKeyOperator(operator) ? key : "")
);
});
} else {
Object.keys(value).forEach(function(k) {
if (isDefined(value[k])) {
if (isDefined2(value[k])) {
result.push(encodeValue(operator, value[k], k));
}
});
@@ -22231,12 +22231,12 @@ var require_dist_node2 = __commonJS({
} else {
const tmp = [];
if (Array.isArray(value)) {
value.filter(isDefined).forEach(function(value2) {
value.filter(isDefined2).forEach(function(value2) {
tmp.push(encodeValue(operator, value2));
});
} else {
Object.keys(value).forEach(function(k) {
if (isDefined(value[k])) {
if (isDefined2(value[k])) {
tmp.push(encodeUnreserved(k));
tmp.push(encodeValue(operator, value[k].toString()));
}
@@ -22251,7 +22251,7 @@ var require_dist_node2 = __commonJS({
}
} else {
if (operator === ";") {
if (isDefined(value)) {
if (isDefined2(value)) {
result.push(encodeUnreserved(key));
}
} else if (value === "" && (operator === "&" || operator === "?")) {
@@ -22936,7 +22936,7 @@ var require_dist_node6 = __commonJS({
return value;
}
}
function isDefined(value) {
function isDefined2(value) {
return value !== void 0 && value !== null;
}
function isKeyOperator(operator) {
@@ -22944,7 +22944,7 @@ var require_dist_node6 = __commonJS({
}
function getValues(context2, operator, key, modifier) {
var value = context2[key], result = [];
if (isDefined(value) && value !== "") {
if (isDefined2(value) && value !== "") {
if (typeof value === "string" || typeof value === "number" || typeof value === "boolean") {
value = value.toString();
if (modifier && modifier !== "*") {
@@ -22956,14 +22956,14 @@ var require_dist_node6 = __commonJS({
} else {
if (modifier === "*") {
if (Array.isArray(value)) {
value.filter(isDefined).forEach(function(value2) {
value.filter(isDefined2).forEach(function(value2) {
result.push(
encodeValue(operator, value2, isKeyOperator(operator) ? key : "")
);
});
} else {
Object.keys(value).forEach(function(k) {
if (isDefined(value[k])) {
if (isDefined2(value[k])) {
result.push(encodeValue(operator, value[k], k));
}
});
@@ -22971,12 +22971,12 @@ var require_dist_node6 = __commonJS({
} else {
const tmp = [];
if (Array.isArray(value)) {
value.filter(isDefined).forEach(function(value2) {
value.filter(isDefined2).forEach(function(value2) {
tmp.push(encodeValue(operator, value2));
});
} else {
Object.keys(value).forEach(function(k) {
if (isDefined(value[k])) {
if (isDefined2(value[k])) {
tmp.push(encodeUnreserved(k));
tmp.push(encodeValue(operator, value[k].toString()));
}
@@ -22991,7 +22991,7 @@ var require_dist_node6 = __commonJS({
}
} else {
if (operator === ";") {
if (isDefined(value)) {
if (isDefined2(value)) {
result.push(encodeUnreserved(key));
}
} else if (value === "" && (operator === "&" || operator === "?")) {
@@ -32287,7 +32287,7 @@ var require_package = __commonJS({
"package.json"(exports2, module2) {
module2.exports = {
name: "codeql",
version: "3.30.1",
version: "3.30.2",
private: true,
description: "CodeQL action",
scripts: {
@@ -32335,13 +32335,13 @@ var require_package = __commonJS({
"node-forge": "^1.3.1",
octokit: "^5.0.3",
semver: "^7.7.2",
uuid: "^11.1.0"
uuid: "^12.0.0"
},
devDependencies: {
"@ava/typescript": "6.0.0",
"@eslint/compat": "^1.3.2",
"@eslint/eslintrc": "^3.3.1",
"@eslint/js": "^9.34.0",
"@eslint/js": "^9.35.0",
"@microsoft/eslint-formatter-sarif": "^3.1.0",
"@octokit/types": "^14.1.0",
"@types/archiver": "^6.0.3",
@@ -32350,9 +32350,9 @@ var require_package = __commonJS({
"@types/js-yaml": "^4.0.9",
"@types/node": "20.19.9",
"@types/node-forge": "^1.3.14",
"@types/semver": "^7.7.0",
"@types/semver": "^7.7.1",
"@types/sinon": "^17.0.4",
"@typescript-eslint/eslint-plugin": "^8.41.0",
"@typescript-eslint/eslint-plugin": "^8.43.0",
"@typescript-eslint/parser": "^8.41.0",
ava: "^6.4.1",
esbuild: "^0.25.9",
@@ -36929,7 +36929,7 @@ var require_cacheUtils = __commonJS({
var exec2 = __importStar4(require_exec());
var glob2 = __importStar4(require_glob());
var io7 = __importStar4(require_io());
var crypto = __importStar4(require("crypto"));
var crypto2 = __importStar4(require("crypto"));
var fs18 = __importStar4(require("fs"));
var path19 = __importStar4(require("path"));
var semver9 = __importStar4(require_semver3());
@@ -36953,7 +36953,7 @@ var require_cacheUtils = __commonJS({
}
tempDirectory = path19.join(baseLocation, "actions", "temp");
}
const dest = path19.join(tempDirectory, crypto.randomUUID());
const dest = path19.join(tempDirectory, crypto2.randomUUID());
yield io7.mkdirP(dest);
return dest;
});
@@ -37069,7 +37069,7 @@ var require_cacheUtils = __commonJS({
components.push("windows-only");
}
components.push(versionSalt);
return crypto.createHash("sha256").update(components.join("|")).digest("hex");
return crypto2.createHash("sha256").update(components.join("|")).digest("hex");
}
exports2.getCacheVersion = getCacheVersion;
function getRuntimeToken() {
@@ -37670,14 +37670,14 @@ var require_typeGuards = __commonJS({
"node_modules/@azure/core-util/dist/commonjs/typeGuards.js"(exports2) {
"use strict";
Object.defineProperty(exports2, "__esModule", { value: true });
exports2.isDefined = isDefined;
exports2.isDefined = isDefined2;
exports2.isObjectWithProperties = isObjectWithProperties;
exports2.objectHasProperty = objectHasProperty;
function isDefined(thing) {
function isDefined2(thing) {
return typeof thing !== "undefined" && thing !== null;
}
function isObjectWithProperties(thing, properties) {
if (!isDefined(thing) || typeof thing !== "object") {
if (!isDefined2(thing) || typeof thing !== "object") {
return false;
}
for (const property of properties) {
@@ -37688,7 +37688,7 @@ var require_typeGuards = __commonJS({
return true;
}
function objectHasProperty(thing, property) {
return isDefined(thing) && typeof thing === "object" && property in thing;
return isDefined2(thing) && typeof thing === "object" && property in thing;
}
}
});
@@ -48813,7 +48813,7 @@ var require_dist7 = __commonJS({
var coreXml = require_commonjs9();
var logger$1 = require_dist();
var abortController = require_commonjs10();
var crypto = require("crypto");
var crypto2 = require("crypto");
var coreTracing = require_commonjs4();
var stream2 = require("stream");
var coreLro = require_dist6();
@@ -50321,7 +50321,7 @@ ${key}:${decodeURIComponent(lowercaseQueries[key])}`;
* @param stringToSign -
*/
computeHMACSHA256(stringToSign) {
return crypto.createHmac("sha256", this.accountKey).update(stringToSign, "utf8").digest("base64");
return crypto2.createHmac("sha256", this.accountKey).update(stringToSign, "utf8").digest("base64");
}
};
var AnonymousCredentialPolicy = class extends CredentialPolicy {
@@ -50519,7 +50519,7 @@ ${key}:${decodeURIComponent(lowercaseQueries[key])}`;
getHeaderValueToSign(request, HeaderConstants.IF_UNMODIFIED_SINCE),
getHeaderValueToSign(request, HeaderConstants.RANGE)
].join("\n") + "\n" + getCanonicalizedHeadersString(request) + getCanonicalizedResourceString(request);
const signature = crypto.createHmac("sha256", options.accountKey).update(stringToSign, "utf8").digest("base64");
const signature = crypto2.createHmac("sha256", options.accountKey).update(stringToSign, "utf8").digest("base64");
request.headers.set(HeaderConstants.AUTHORIZATION, `SharedKey ${options.accountName}:${signature}`);
}
function getHeaderValueToSign(request, headerName) {
@@ -64278,7 +64278,7 @@ ${key}:${decodeURIComponent(lowercaseQueries[key])}`;
* @param stringToSign -
*/
computeHMACSHA256(stringToSign) {
return crypto.createHmac("sha256", this.key).update(stringToSign, "utf8").digest("base64");
return crypto2.createHmac("sha256", this.key).update(stringToSign, "utf8").digest("base64");
}
};
function ipRangeToString(ipRange) {
@@ -80223,7 +80223,7 @@ var require_internal_hash_files = __commonJS({
};
Object.defineProperty(exports2, "__esModule", { value: true });
exports2.hashFiles = void 0;
var crypto = __importStar4(require("crypto"));
var crypto2 = __importStar4(require("crypto"));
var core14 = __importStar4(require_core());
var fs18 = __importStar4(require("fs"));
var stream2 = __importStar4(require("stream"));
@@ -80236,7 +80236,7 @@ var require_internal_hash_files = __commonJS({
const writeDelegate = verbose ? core14.info : core14.debug;
let hasMatch = false;
const githubWorkspace = currentWorkspace ? currentWorkspace : (_d = process.env["GITHUB_WORKSPACE"]) !== null && _d !== void 0 ? _d : process.cwd();
const result = crypto.createHash("sha256");
const result = crypto2.createHash("sha256");
let count = 0;
try {
for (var _e = true, _f = __asyncValues4(globber.globGenerator()), _g; _g = yield _f.next(), _a = _g.done, !_a; _e = true) {
@@ -80252,7 +80252,7 @@ var require_internal_hash_files = __commonJS({
writeDelegate(`Skip directory '${file}'.`);
continue;
}
const hash = crypto.createHash("sha256");
const hash = crypto2.createHash("sha256");
const pipeline = util.promisify(stream2.pipeline);
yield pipeline(fs18.createReadStream(file), hash);
result.write(hash.digest());
@@ -80646,7 +80646,7 @@ var require_tool_cache = __commonJS({
exports2.evaluateVersions = exports2.isExplicitVersion = exports2.findFromManifest = exports2.getManifestFromRepo = exports2.findAllVersions = exports2.find = exports2.cacheFile = exports2.cacheDir = exports2.extractZip = exports2.extractXar = exports2.extractTar = exports2.extract7z = exports2.downloadTool = exports2.HTTPError = void 0;
var core14 = __importStar4(require_core());
var io7 = __importStar4(require_io());
var crypto = __importStar4(require("crypto"));
var crypto2 = __importStar4(require("crypto"));
var fs18 = __importStar4(require("fs"));
var mm = __importStar4(require_manifest());
var os5 = __importStar4(require("os"));
@@ -80671,7 +80671,7 @@ var require_tool_cache = __commonJS({
var userAgent = "actions/tool-cache";
function downloadTool2(url, dest, auth, headers) {
return __awaiter4(this, void 0, void 0, function* () {
dest = dest || path19.join(_getTempDirectory(), crypto.randomUUID());
dest = dest || path19.join(_getTempDirectory(), crypto2.randomUUID());
yield io7.mkdirP(path19.dirname(dest));
core14.debug(`Downloading ${url}`);
core14.debug(`Destination ${dest}`);
@@ -81052,7 +81052,7 @@ var require_tool_cache = __commonJS({
function _createExtractFolder(dest) {
return __awaiter4(this, void 0, void 0, function* () {
if (!dest) {
dest = path19.join(_getTempDirectory(), crypto.randomUUID());
dest = path19.join(_getTempDirectory(), crypto2.randomUUID());
}
yield io7.mkdirP(dest);
return dest;
@@ -81686,7 +81686,7 @@ var core13 = __toESM(require_core());
var io6 = __toESM(require_io());
var semver8 = __toESM(require_semver2());
// node_modules/uuid/dist/esm/stringify.js
// node_modules/uuid/dist/stringify.js
var byteToHex = [];
for (let i = 0; i < 256; ++i) {
byteToHex.push((i + 256).toString(16).slice(1));
@@ -81695,27 +81695,24 @@ function unsafeStringify(arr, offset = 0) {
return (byteToHex[arr[offset + 0]] + byteToHex[arr[offset + 1]] + byteToHex[arr[offset + 2]] + byteToHex[arr[offset + 3]] + "-" + byteToHex[arr[offset + 4]] + byteToHex[arr[offset + 5]] + "-" + byteToHex[arr[offset + 6]] + byteToHex[arr[offset + 7]] + "-" + byteToHex[arr[offset + 8]] + byteToHex[arr[offset + 9]] + "-" + byteToHex[arr[offset + 10]] + byteToHex[arr[offset + 11]] + byteToHex[arr[offset + 12]] + byteToHex[arr[offset + 13]] + byteToHex[arr[offset + 14]] + byteToHex[arr[offset + 15]]).toLowerCase();
}
// node_modules/uuid/dist/esm/rng.js
var import_crypto = require("crypto");
// node_modules/uuid/dist/rng.js
var import_node_crypto = require("node:crypto");
var rnds8Pool = new Uint8Array(256);
var poolPtr = rnds8Pool.length;
function rng() {
if (poolPtr > rnds8Pool.length - 16) {
(0, import_crypto.randomFillSync)(rnds8Pool);
(0, import_node_crypto.randomFillSync)(rnds8Pool);
poolPtr = 0;
}
return rnds8Pool.slice(poolPtr, poolPtr += 16);
}
// node_modules/uuid/dist/esm/native.js
var import_crypto2 = require("crypto");
var native_default = { randomUUID: import_crypto2.randomUUID };
// node_modules/uuid/dist/native.js
var import_node_crypto2 = require("node:crypto");
var native_default = { randomUUID: import_node_crypto2.randomUUID };
// node_modules/uuid/dist/esm/v4.js
function v4(options, buf, offset) {
if (native_default.randomUUID && !buf && !options) {
return native_default.randomUUID();
}
// node_modules/uuid/dist/v4.js
function _v4(options, buf, offset) {
options = options || {};
const rnds = options.random ?? options.rng?.() ?? rng();
if (rnds.length < 16) {
@@ -81735,6 +81732,12 @@ function v4(options, buf, offset) {
}
return unsafeStringify(rnds);
}
function v4(options, buf, offset) {
if (native_default.randomUUID && !buf && !options) {
return native_default.randomUUID();
}
return _v4(options, buf, offset);
}
var v4_default = v4;
// src/actions-util.ts
@@ -85649,6 +85652,12 @@ function isHostedRunner() {
process.env["RUNNER_TOOL_CACHE"]?.includes("hostedtoolcache")
);
}
function parseMatrixInput(matrixInput) {
if (matrixInput === void 0 || matrixInput === "null") {
return void 0;
}
return JSON.parse(matrixInput);
}
function wrapError(error2) {
return error2 instanceof Error ? error2 : new Error(String(error2));
}
@@ -85778,6 +85787,9 @@ async function asyncSome(array, predicate) {
const results = await Promise.all(array.map(predicate));
return results.some((result) => result);
}
function isDefined(value) {
return value !== void 0 && value !== null;
}
// src/actions-util.ts
var pkg = require_package();
@@ -86096,6 +86108,25 @@ async function getAnalysisKey() {
core5.exportVariable(analysisKeyEnvVar, analysisKey);
return analysisKey;
}
async function getAutomationID() {
const analysis_key = await getAnalysisKey();
const environment = getRequiredInput("matrix");
return computeAutomationID(analysis_key, environment);
}
function computeAutomationID(analysis_key, environment) {
let automationID = `${analysis_key}/`;
const matrix = parseMatrixInput(environment);
if (matrix !== void 0) {
for (const entry of Object.entries(matrix).sort()) {
if (typeof entry[1] === "string") {
automationID += `${entry[0]}:${entry[1]}/`;
} else {
automationID += `${entry[0]}:/`;
}
}
}
return automationID;
}
// src/caching-utils.ts
var core6 = __toESM(require_core());
@@ -86167,6 +86198,7 @@ async function parseAnalysisKinds(input) {
new Set(components.map((component) => component))
);
}
var codeQualityQueries = ["code-quality"];
// src/feature-flags.ts
var fs7 = __toESM(require("fs"));
@@ -86178,6 +86210,7 @@ var bundleVersion = "codeql-bundle-v2.23.0";
var cliVersion = "2.23.0";
// src/overlay-database-utils.ts
var crypto = __toESM(require("crypto"));
var fs6 = __toESM(require("fs"));
var path7 = __toESM(require("path"));
var actionsCache = __toESM(require_cache3());
@@ -86477,16 +86510,19 @@ async function downloadOverlayBaseDatabaseFromCache(codeql, config, logger) {
}
const dbLocation = config.dbLocation;
const codeQlVersion = (await codeql.getVersion()).version;
const restoreKey = getCacheRestoreKey(config, codeQlVersion);
const cacheRestoreKeyPrefix = await getCacheRestoreKeyPrefix(
config,
codeQlVersion
);
logger.info(
`Looking in Actions cache for overlay-base database with restore key ${restoreKey}`
`Looking in Actions cache for overlay-base database with restore key ${cacheRestoreKeyPrefix}`
);
let databaseDownloadDurationMs = 0;
try {
const databaseDownloadStart = performance.now();
const foundKey = await withTimeout(
MAX_CACHE_OPERATION_MS,
actionsCache.restoreCache([dbLocation], restoreKey),
actionsCache.restoreCache([dbLocation], cacheRestoreKeyPrefix),
() => {
logger.info("Timed out downloading overlay-base database from cache");
}
@@ -86529,9 +86565,18 @@ async function downloadOverlayBaseDatabaseFromCache(codeql, config, logger) {
databaseDownloadDurationMs
};
}
function getCacheRestoreKey(config, codeQlVersion) {
async function getCacheRestoreKeyPrefix(config, codeQlVersion) {
const languages = [...config.languages].sort().join("_");
return `${CACHE_PREFIX}-${CACHE_VERSION}-${languages}-${codeQlVersion}-`;
const cacheKeyComponents = {
automationID: await getAutomationID()
// Add more components here as needed in the future
};
const componentsHash = createCacheKeyHash(cacheKeyComponents);
return `${CACHE_PREFIX}-${CACHE_VERSION}-${componentsHash}-${languages}-${codeQlVersion}-`;
}
function createCacheKeyHash(components) {
const componentsJson = JSON.stringify(components);
return crypto.createHash("sha256").update(componentsJson).digest("hex").substring(0, 16);
}
// src/tools-features.ts
@@ -87169,7 +87214,7 @@ async function getSupportedLanguageMap(codeql) {
var baseWorkflowsPath = ".github/workflows";
function hasActionsWorkflows(sourceRoot) {
const workflowsPath = path10.resolve(sourceRoot, baseWorkflowsPath);
const stats = fs9.lstatSync(workflowsPath);
const stats = fs9.lstatSync(workflowsPath, { throwIfNoEntry: false });
return stats !== void 0 && stats.isDirectory() && fs9.readdirSync(workflowsPath).length > 0;
}
async function getRawLanguagesInRepo(repository, sourceRoot, logger) {
@@ -87578,6 +87623,9 @@ function dbLocationOrDefault(dbLocation, tempDir) {
function userConfigFromActionPath(tempDir) {
return path10.resolve(tempDir, "user-config-from-action.yml");
}
function hasQueryCustomisation(userConfig) {
return isDefined(userConfig["disable-default-queries"]) || isDefined(userConfig.queries) || isDefined(userConfig["query-filters"]);
}
async function initConfig(inputs) {
const { logger, tempDir } = inputs;
if (inputs.configInput) {
@@ -87603,6 +87651,17 @@ async function initConfig(inputs) {
);
}
const config = await initActionState(inputs, userConfig);
if (config.analysisKinds.length === 1 && isCodeQualityEnabled(config)) {
if (hasQueryCustomisation(config.computedConfig)) {
throw new ConfigurationError(
"Query customizations are unsupported, because only `code-quality` analysis is enabled."
);
}
const queries = codeQualityQueries.map((v) => ({ uses: v }));
config.computedConfig["disable-default-queries"] = true;
config.computedConfig.queries = queries;
config.computedConfig["query-filters"] = [];
}
const { overlayDatabaseMode, useOverlayDatabaseCaching } = await getOverlayDatabaseMode(
inputs.codeql,
inputs.repository,
@@ -87836,6 +87895,9 @@ function appendExtraQueryExclusions(extraQueryExclusions, cliConfig) {
}
return augmentedConfig;
}
function isCodeQualityEnabled(config) {
return config.analysisKinds.includes("code-quality" /* CodeQuality */);
}
// src/dependency-caching.ts
var os2 = __toESM(require("os"));
lib/resolve-environment-action.js
Generated
+23 -23
View File
@@ -20288,7 +20288,7 @@ var require_dist_node2 = __commonJS({
return value;
}
}
function isDefined(value) {
function isDefined2(value) {
return value !== void 0 && value !== null;
}
function isKeyOperator(operator) {
@@ -20296,7 +20296,7 @@ var require_dist_node2 = __commonJS({
}
function getValues(context2, operator, key, modifier) {
var value = context2[key], result = [];
if (isDefined(value) && value !== "") {
if (isDefined2(value) && value !== "") {
if (typeof value === "string" || typeof value === "number" || typeof value === "boolean") {
value = value.toString();
if (modifier && modifier !== "*") {
@@ -20308,14 +20308,14 @@ var require_dist_node2 = __commonJS({
} else {
if (modifier === "*") {
if (Array.isArray(value)) {
value.filter(isDefined).forEach(function(value2) {
value.filter(isDefined2).forEach(function(value2) {
result.push(
encodeValue(operator, value2, isKeyOperator(operator) ? key : "")
);
});
} else {
Object.keys(value).forEach(function(k) {
if (isDefined(value[k])) {
if (isDefined2(value[k])) {
result.push(encodeValue(operator, value[k], k));
}
});
@@ -20323,12 +20323,12 @@ var require_dist_node2 = __commonJS({
} else {
const tmp = [];
if (Array.isArray(value)) {
value.filter(isDefined).forEach(function(value2) {
value.filter(isDefined2).forEach(function(value2) {
tmp.push(encodeValue(operator, value2));
});
} else {
Object.keys(value).forEach(function(k) {
if (isDefined(value[k])) {
if (isDefined2(value[k])) {
tmp.push(encodeUnreserved(k));
tmp.push(encodeValue(operator, value[k].toString()));
}
@@ -20343,7 +20343,7 @@ var require_dist_node2 = __commonJS({
}
} else {
if (operator === ";") {
if (isDefined(value)) {
if (isDefined2(value)) {
result.push(encodeUnreserved(key));
}
} else if (value === "" && (operator === "&" || operator === "?")) {
@@ -21028,7 +21028,7 @@ var require_dist_node6 = __commonJS({
return value;
}
}
function isDefined(value) {
function isDefined2(value) {
return value !== void 0 && value !== null;
}
function isKeyOperator(operator) {
@@ -21036,7 +21036,7 @@ var require_dist_node6 = __commonJS({
}
function getValues(context2, operator, key, modifier) {
var value = context2[key], result = [];
if (isDefined(value) && value !== "") {
if (isDefined2(value) && value !== "") {
if (typeof value === "string" || typeof value === "number" || typeof value === "boolean") {
value = value.toString();
if (modifier && modifier !== "*") {
@@ -21048,14 +21048,14 @@ var require_dist_node6 = __commonJS({
} else {
if (modifier === "*") {
if (Array.isArray(value)) {
value.filter(isDefined).forEach(function(value2) {
value.filter(isDefined2).forEach(function(value2) {
result.push(
encodeValue(operator, value2, isKeyOperator(operator) ? key : "")
);
});
} else {
Object.keys(value).forEach(function(k) {
if (isDefined(value[k])) {
if (isDefined2(value[k])) {
result.push(encodeValue(operator, value[k], k));
}
});
@@ -21063,12 +21063,12 @@ var require_dist_node6 = __commonJS({
} else {
const tmp = [];
if (Array.isArray(value)) {
value.filter(isDefined).forEach(function(value2) {
value.filter(isDefined2).forEach(function(value2) {
tmp.push(encodeValue(operator, value2));
});
} else {
Object.keys(value).forEach(function(k) {
if (isDefined(value[k])) {
if (isDefined2(value[k])) {
tmp.push(encodeUnreserved(k));
tmp.push(encodeValue(operator, value[k].toString()));
}
@@ -21083,7 +21083,7 @@ var require_dist_node6 = __commonJS({
}
} else {
if (operator === ";") {
if (isDefined(value)) {
if (isDefined2(value)) {
result.push(encodeUnreserved(key));
}
} else if (value === "" && (operator === "&" || operator === "?")) {
@@ -26438,7 +26438,7 @@ var require_package = __commonJS({
"package.json"(exports2, module2) {
module2.exports = {
name: "codeql",
version: "3.30.1",
version: "3.30.2",
private: true,
description: "CodeQL action",
scripts: {
@@ -26486,13 +26486,13 @@ var require_package = __commonJS({
"node-forge": "^1.3.1",
octokit: "^5.0.3",
semver: "^7.7.2",
uuid: "^11.1.0"
uuid: "^12.0.0"
},
devDependencies: {
"@ava/typescript": "6.0.0",
"@eslint/compat": "^1.3.2",
"@eslint/eslintrc": "^3.3.1",
"@eslint/js": "^9.34.0",
"@eslint/js": "^9.35.0",
"@microsoft/eslint-formatter-sarif": "^3.1.0",
"@octokit/types": "^14.1.0",
"@types/archiver": "^6.0.3",
@@ -26501,9 +26501,9 @@ var require_package = __commonJS({
"@types/js-yaml": "^4.0.9",
"@types/node": "20.19.9",
"@types/node-forge": "^1.3.14",
"@types/semver": "^7.7.0",
"@types/semver": "^7.7.1",
"@types/sinon": "^17.0.4",
"@typescript-eslint/eslint-plugin": "^8.41.0",
"@typescript-eslint/eslint-plugin": "^8.43.0",
"@typescript-eslint/parser": "^8.41.0",
ava: "^6.4.1",
esbuild: "^0.25.9",
@@ -31821,14 +31821,14 @@ var require_typeGuards = __commonJS({
"node_modules/@azure/core-util/dist/commonjs/typeGuards.js"(exports2) {
"use strict";
Object.defineProperty(exports2, "__esModule", { value: true });
exports2.isDefined = isDefined;
exports2.isDefined = isDefined2;
exports2.isObjectWithProperties = isObjectWithProperties;
exports2.objectHasProperty = objectHasProperty;
function isDefined(thing) {
function isDefined2(thing) {
return typeof thing !== "undefined" && thing !== null;
}
function isObjectWithProperties(thing, properties) {
if (!isDefined(thing) || typeof thing !== "object") {
if (!isDefined2(thing) || typeof thing !== "object") {
return false;
}
for (const property of properties) {
@@ -31839,7 +31839,7 @@ var require_typeGuards = __commonJS({
return true;
}
function objectHasProperty(thing, property) {
return isDefined(thing) && typeof thing === "object" && property in thing;
return isDefined2(thing) && typeof thing === "object" && property in thing;
}
}
});
lib/start-proxy-action-post.js
Generated
+30 -30
View File
@@ -20288,7 +20288,7 @@ var require_dist_node2 = __commonJS({
return value;
}
}
function isDefined(value) {
function isDefined2(value) {
return value !== void 0 && value !== null;
}
function isKeyOperator(operator) {
@@ -20296,7 +20296,7 @@ var require_dist_node2 = __commonJS({
}
function getValues(context2, operator, key, modifier) {
var value = context2[key], result = [];
if (isDefined(value) && value !== "") {
if (isDefined2(value) && value !== "") {
if (typeof value === "string" || typeof value === "number" || typeof value === "boolean") {
value = value.toString();
if (modifier && modifier !== "*") {
@@ -20308,14 +20308,14 @@ var require_dist_node2 = __commonJS({
} else {
if (modifier === "*") {
if (Array.isArray(value)) {
value.filter(isDefined).forEach(function(value2) {
value.filter(isDefined2).forEach(function(value2) {
result.push(
encodeValue(operator, value2, isKeyOperator(operator) ? key : "")
);
});
} else {
Object.keys(value).forEach(function(k) {
if (isDefined(value[k])) {
if (isDefined2(value[k])) {
result.push(encodeValue(operator, value[k], k));
}
});
@@ -20323,12 +20323,12 @@ var require_dist_node2 = __commonJS({
} else {
const tmp = [];
if (Array.isArray(value)) {
value.filter(isDefined).forEach(function(value2) {
value.filter(isDefined2).forEach(function(value2) {
tmp.push(encodeValue(operator, value2));
});
} else {
Object.keys(value).forEach(function(k) {
if (isDefined(value[k])) {
if (isDefined2(value[k])) {
tmp.push(encodeUnreserved(k));
tmp.push(encodeValue(operator, value[k].toString()));
}
@@ -20343,7 +20343,7 @@ var require_dist_node2 = __commonJS({
}
} else {
if (operator === ";") {
if (isDefined(value)) {
if (isDefined2(value)) {
result.push(encodeUnreserved(key));
}
} else if (value === "" && (operator === "&" || operator === "?")) {
@@ -21028,7 +21028,7 @@ var require_dist_node6 = __commonJS({
return value;
}
}
function isDefined(value) {
function isDefined2(value) {
return value !== void 0 && value !== null;
}
function isKeyOperator(operator) {
@@ -21036,7 +21036,7 @@ var require_dist_node6 = __commonJS({
}
function getValues(context2, operator, key, modifier) {
var value = context2[key], result = [];
if (isDefined(value) && value !== "") {
if (isDefined2(value) && value !== "") {
if (typeof value === "string" || typeof value === "number" || typeof value === "boolean") {
value = value.toString();
if (modifier && modifier !== "*") {
@@ -21048,14 +21048,14 @@ var require_dist_node6 = __commonJS({
} else {
if (modifier === "*") {
if (Array.isArray(value)) {
value.filter(isDefined).forEach(function(value2) {
value.filter(isDefined2).forEach(function(value2) {
result.push(
encodeValue(operator, value2, isKeyOperator(operator) ? key : "")
);
});
} else {
Object.keys(value).forEach(function(k) {
if (isDefined(value[k])) {
if (isDefined2(value[k])) {
result.push(encodeValue(operator, value[k], k));
}
});
@@ -21063,12 +21063,12 @@ var require_dist_node6 = __commonJS({
} else {
const tmp = [];
if (Array.isArray(value)) {
value.filter(isDefined).forEach(function(value2) {
value.filter(isDefined2).forEach(function(value2) {
tmp.push(encodeValue(operator, value2));
});
} else {
Object.keys(value).forEach(function(k) {
if (isDefined(value[k])) {
if (isDefined2(value[k])) {
tmp.push(encodeUnreserved(k));
tmp.push(encodeValue(operator, value[k].toString()));
}
@@ -21083,7 +21083,7 @@ var require_dist_node6 = __commonJS({
}
} else {
if (operator === ";") {
if (isDefined(value)) {
if (isDefined2(value)) {
result.push(encodeUnreserved(key));
}
} else if (value === "" && (operator === "&" || operator === "?")) {
@@ -26438,7 +26438,7 @@ var require_package = __commonJS({
"package.json"(exports2, module2) {
module2.exports = {
name: "codeql",
version: "3.30.1",
version: "3.30.2",
private: true,
description: "CodeQL action",
scripts: {
@@ -26486,13 +26486,13 @@ var require_package = __commonJS({
"node-forge": "^1.3.1",
octokit: "^5.0.3",
semver: "^7.7.2",
uuid: "^11.1.0"
uuid: "^12.0.0"
},
devDependencies: {
"@ava/typescript": "6.0.0",
"@eslint/compat": "^1.3.2",
"@eslint/eslintrc": "^3.3.1",
"@eslint/js": "^9.34.0",
"@eslint/js": "^9.35.0",
"@microsoft/eslint-formatter-sarif": "^3.1.0",
"@octokit/types": "^14.1.0",
"@types/archiver": "^6.0.3",
@@ -26501,9 +26501,9 @@ var require_package = __commonJS({
"@types/js-yaml": "^4.0.9",
"@types/node": "20.19.9",
"@types/node-forge": "^1.3.14",
"@types/semver": "^7.7.0",
"@types/semver": "^7.7.1",
"@types/sinon": "^17.0.4",
"@typescript-eslint/eslint-plugin": "^8.41.0",
"@typescript-eslint/eslint-plugin": "^8.43.0",
"@typescript-eslint/parser": "^8.41.0",
ava: "^6.4.1",
esbuild: "^0.25.9",
@@ -31821,14 +31821,14 @@ var require_typeGuards = __commonJS({
"node_modules/@azure/core-util/dist/commonjs/typeGuards.js"(exports2) {
"use strict";
Object.defineProperty(exports2, "__esModule", { value: true });
exports2.isDefined = isDefined;
exports2.isDefined = isDefined2;
exports2.isObjectWithProperties = isObjectWithProperties;
exports2.objectHasProperty = objectHasProperty;
function isDefined(thing) {
function isDefined2(thing) {
return typeof thing !== "undefined" && thing !== null;
}
function isObjectWithProperties(thing, properties) {
if (!isDefined(thing) || typeof thing !== "object") {
if (!isDefined2(thing) || typeof thing !== "object") {
return false;
}
for (const property of properties) {
@@ -31839,7 +31839,7 @@ var require_typeGuards = __commonJS({
return true;
}
function objectHasProperty(thing, property) {
return isDefined(thing) && typeof thing === "object" && property in thing;
return isDefined2(thing) && typeof thing === "object" && property in thing;
}
}
});
@@ -101570,7 +101570,7 @@ var require_dist_node16 = __commonJS({
return value;
}
}
function isDefined(value) {
function isDefined2(value) {
return value !== void 0 && value !== null;
}
function isKeyOperator(operator) {
@@ -101578,7 +101578,7 @@ var require_dist_node16 = __commonJS({
}
function getValues(context2, operator, key, modifier) {
var value = context2[key], result = [];
if (isDefined(value) && value !== "") {
if (isDefined2(value) && value !== "") {
if (typeof value === "string" || typeof value === "number" || typeof value === "boolean") {
value = value.toString();
if (modifier && modifier !== "*") {
@@ -101588,12 +101588,12 @@ var require_dist_node16 = __commonJS({
} else {
if (modifier === "*") {
if (Array.isArray(value)) {
value.filter(isDefined).forEach(function(value2) {
value.filter(isDefined2).forEach(function(value2) {
result.push(encodeValue(operator, value2, isKeyOperator(operator) ? key : ""));
});
} else {
Object.keys(value).forEach(function(k) {
if (isDefined(value[k])) {
if (isDefined2(value[k])) {
result.push(encodeValue(operator, value[k], k));
}
});
@@ -101601,12 +101601,12 @@ var require_dist_node16 = __commonJS({
} else {
const tmp = [];
if (Array.isArray(value)) {
value.filter(isDefined).forEach(function(value2) {
value.filter(isDefined2).forEach(function(value2) {
tmp.push(encodeValue(operator, value2));
});
} else {
Object.keys(value).forEach(function(k) {
if (isDefined(value[k])) {
if (isDefined2(value[k])) {
tmp.push(encodeUnreserved(k));
tmp.push(encodeValue(operator, value[k].toString()));
}
@@ -101621,7 +101621,7 @@ var require_dist_node16 = __commonJS({
}
} else {
if (operator === ";") {
if (isDefined(value)) {
if (isDefined2(value)) {
result.push(encodeUnreserved(key));
}
} else if (value === "" && (operator === "&" || operator === "?")) {
lib/start-proxy-action.js
Generated
+8 -8
View File
@@ -44966,7 +44966,7 @@ var require_package = __commonJS({
"package.json"(exports2, module2) {
module2.exports = {
name: "codeql",
version: "3.30.1",
version: "3.30.2",
private: true,
description: "CodeQL action",
scripts: {
@@ -45014,13 +45014,13 @@ var require_package = __commonJS({
"node-forge": "^1.3.1",
octokit: "^5.0.3",
semver: "^7.7.2",
uuid: "^11.1.0"
uuid: "^12.0.0"
},
devDependencies: {
"@ava/typescript": "6.0.0",
"@eslint/compat": "^1.3.2",
"@eslint/eslintrc": "^3.3.1",
"@eslint/js": "^9.34.0",
"@eslint/js": "^9.35.0",
"@microsoft/eslint-formatter-sarif": "^3.1.0",
"@octokit/types": "^14.1.0",
"@types/archiver": "^6.0.3",
@@ -45029,9 +45029,9 @@ var require_package = __commonJS({
"@types/js-yaml": "^4.0.9",
"@types/node": "20.19.9",
"@types/node-forge": "^1.3.14",
"@types/semver": "^7.7.0",
"@types/semver": "^7.7.1",
"@types/sinon": "^17.0.4",
"@typescript-eslint/eslint-plugin": "^8.41.0",
"@typescript-eslint/eslint-plugin": "^8.43.0",
"@typescript-eslint/parser": "^8.41.0",
ava: "^6.4.1",
esbuild: "^0.25.9",
@@ -47753,6 +47753,9 @@ async function delay(milliseconds, opts) {
function getErrorMessage(error2) {
return error2 instanceof Error ? error2.message : String(error2);
}
function isDefined(value) {
return value !== void 0 && value !== null;
}
// src/actions-util.ts
var pkg = require_package();
@@ -47825,9 +47828,6 @@ var LANGUAGE_TO_REGISTRY_TYPE = {
rust: ["cargo_registry"],
go: ["goproxy_server", "git_source"]
};
function isDefined(value) {
return value !== void 0 && value !== null;
}
function getCredentials(logger, registrySecrets, registriesCredentials, languageString) {
const language = languageString ? parseLanguage(languageString) : void 0;
const registryTypeForLanguage = language ? LANGUAGE_TO_REGISTRY_TYPE[language] : void 0;
lib/upload-lib.js
Generated
+42 -62
View File
@@ -21585,7 +21585,7 @@ var require_dist_node2 = __commonJS({
return value;
}
}
function isDefined(value) {
function isDefined2(value) {
return value !== void 0 && value !== null;
}
function isKeyOperator(operator) {
@@ -21593,7 +21593,7 @@ var require_dist_node2 = __commonJS({
}
function getValues(context2, operator, key, modifier) {
var value = context2[key], result = [];
if (isDefined(value) && value !== "") {
if (isDefined2(value) && value !== "") {
if (typeof value === "string" || typeof value === "number" || typeof value === "boolean") {
value = value.toString();
if (modifier && modifier !== "*") {
@@ -21605,14 +21605,14 @@ var require_dist_node2 = __commonJS({
} else {
if (modifier === "*") {
if (Array.isArray(value)) {
value.filter(isDefined).forEach(function(value2) {
value.filter(isDefined2).forEach(function(value2) {
result.push(
encodeValue(operator, value2, isKeyOperator(operator) ? key : "")
);
});
} else {
Object.keys(value).forEach(function(k) {
if (isDefined(value[k])) {
if (isDefined2(value[k])) {
result.push(encodeValue(operator, value[k], k));
}
});
@@ -21620,12 +21620,12 @@ var require_dist_node2 = __commonJS({
} else {
const tmp = [];
if (Array.isArray(value)) {
value.filter(isDefined).forEach(function(value2) {
value.filter(isDefined2).forEach(function(value2) {
tmp.push(encodeValue(operator, value2));
});
} else {
Object.keys(value).forEach(function(k) {
if (isDefined(value[k])) {
if (isDefined2(value[k])) {
tmp.push(encodeUnreserved(k));
tmp.push(encodeValue(operator, value[k].toString()));
}
@@ -21640,7 +21640,7 @@ var require_dist_node2 = __commonJS({
}
} else {
if (operator === ";") {
if (isDefined(value)) {
if (isDefined2(value)) {
result.push(encodeUnreserved(key));
}
} else if (value === "" && (operator === "&" || operator === "?")) {
@@ -22325,7 +22325,7 @@ var require_dist_node6 = __commonJS({
return value;
}
}
function isDefined(value) {
function isDefined2(value) {
return value !== void 0 && value !== null;
}
function isKeyOperator(operator) {
@@ -22333,7 +22333,7 @@ var require_dist_node6 = __commonJS({
}
function getValues(context2, operator, key, modifier) {
var value = context2[key], result = [];
if (isDefined(value) && value !== "") {
if (isDefined2(value) && value !== "") {
if (typeof value === "string" || typeof value === "number" || typeof value === "boolean") {
value = value.toString();
if (modifier && modifier !== "*") {
@@ -22345,14 +22345,14 @@ var require_dist_node6 = __commonJS({
} else {
if (modifier === "*") {
if (Array.isArray(value)) {
value.filter(isDefined).forEach(function(value2) {
value.filter(isDefined2).forEach(function(value2) {
result.push(
encodeValue(operator, value2, isKeyOperator(operator) ? key : "")
);
});
} else {
Object.keys(value).forEach(function(k) {
if (isDefined(value[k])) {
if (isDefined2(value[k])) {
result.push(encodeValue(operator, value[k], k));
}
});
@@ -22360,12 +22360,12 @@ var require_dist_node6 = __commonJS({
} else {
const tmp = [];
if (Array.isArray(value)) {
value.filter(isDefined).forEach(function(value2) {
value.filter(isDefined2).forEach(function(value2) {
tmp.push(encodeValue(operator, value2));
});
} else {
Object.keys(value).forEach(function(k) {
if (isDefined(value[k])) {
if (isDefined2(value[k])) {
tmp.push(encodeUnreserved(k));
tmp.push(encodeValue(operator, value[k].toString()));
}
@@ -22380,7 +22380,7 @@ var require_dist_node6 = __commonJS({
}
} else {
if (operator === ";") {
if (isDefined(value)) {
if (isDefined2(value)) {
result.push(encodeUnreserved(key));
}
} else if (value === "" && (operator === "&" || operator === "?")) {
@@ -33584,7 +33584,7 @@ var require_package = __commonJS({
"package.json"(exports2, module2) {
module2.exports = {
name: "codeql",
version: "3.30.1",
version: "3.30.2",
private: true,
description: "CodeQL action",
scripts: {
@@ -33632,13 +33632,13 @@ var require_package = __commonJS({
"node-forge": "^1.3.1",
octokit: "^5.0.3",
semver: "^7.7.2",
uuid: "^11.1.0"
uuid: "^12.0.0"
},
devDependencies: {
"@ava/typescript": "6.0.0",
"@eslint/compat": "^1.3.2",
"@eslint/eslintrc": "^3.3.1",
"@eslint/js": "^9.34.0",
"@eslint/js": "^9.35.0",
"@microsoft/eslint-formatter-sarif": "^3.1.0",
"@octokit/types": "^14.1.0",
"@types/archiver": "^6.0.3",
@@ -33647,9 +33647,9 @@ var require_package = __commonJS({
"@types/js-yaml": "^4.0.9",
"@types/node": "20.19.9",
"@types/node-forge": "^1.3.14",
"@types/semver": "^7.7.0",
"@types/semver": "^7.7.1",
"@types/sinon": "^17.0.4",
"@typescript-eslint/eslint-plugin": "^8.41.0",
"@typescript-eslint/eslint-plugin": "^8.43.0",
"@typescript-eslint/parser": "^8.41.0",
ava: "^6.4.1",
esbuild: "^0.25.9",
@@ -38967,14 +38967,14 @@ var require_typeGuards = __commonJS({
"node_modules/@azure/core-util/dist/commonjs/typeGuards.js"(exports2) {
"use strict";
Object.defineProperty(exports2, "__esModule", { value: true });
exports2.isDefined = isDefined;
exports2.isDefined = isDefined2;
exports2.isObjectWithProperties = isObjectWithProperties;
exports2.objectHasProperty = objectHasProperty;
function isDefined(thing) {
function isDefined2(thing) {
return typeof thing !== "undefined" && thing !== null;
}
function isObjectWithProperties(thing, properties) {
if (!isDefined(thing) || typeof thing !== "object") {
if (!isDefined2(thing) || typeof thing !== "object") {
return false;
}
for (const property of properties) {
@@ -38985,7 +38985,7 @@ var require_typeGuards = __commonJS({
return true;
}
function objectHasProperty(thing, property) {
return isDefined(thing) && typeof thing === "object" && property in thing;
return isDefined2(thing) && typeof thing === "object" && property in thing;
}
}
});
@@ -84778,10 +84778,7 @@ var require_sarif_schema_2_1_0 = __commonJS({
// src/upload-lib.ts
var upload_lib_exports = {};
__export(upload_lib_exports, {
CodeQualityTarget: () => CodeQualityTarget,
CodeScanningTarget: () => CodeScanningTarget,
InvalidSarifUploadError: () => InvalidSarifUploadError,
SARIF_UPLOAD_ENDPOINT: () => SARIF_UPLOAD_ENDPOINT,
buildPayload: () => buildPayload,
findSarifFilesInDir: () => findSarifFilesInDir,
getSarifFilePaths: () => getSarifFilePaths,
@@ -89434,7 +89431,7 @@ var toolcache3 = __toESM(require_tool_cache());
var import_fast_deep_equal = __toESM(require_fast_deep_equal());
var semver7 = __toESM(require_semver2());
// node_modules/uuid/dist/esm/stringify.js
// node_modules/uuid/dist/stringify.js
var byteToHex = [];
for (let i = 0; i < 256; ++i) {
byteToHex.push((i + 256).toString(16).slice(1));
@@ -89443,27 +89440,24 @@ function unsafeStringify(arr, offset = 0) {
return (byteToHex[arr[offset + 0]] + byteToHex[arr[offset + 1]] + byteToHex[arr[offset + 2]] + byteToHex[arr[offset + 3]] + "-" + byteToHex[arr[offset + 4]] + byteToHex[arr[offset + 5]] + "-" + byteToHex[arr[offset + 6]] + byteToHex[arr[offset + 7]] + "-" + byteToHex[arr[offset + 8]] + byteToHex[arr[offset + 9]] + "-" + byteToHex[arr[offset + 10]] + byteToHex[arr[offset + 11]] + byteToHex[arr[offset + 12]] + byteToHex[arr[offset + 13]] + byteToHex[arr[offset + 14]] + byteToHex[arr[offset + 15]]).toLowerCase();
}
// node_modules/uuid/dist/esm/rng.js
var import_crypto = require("crypto");
// node_modules/uuid/dist/rng.js
var import_node_crypto = require("node:crypto");
var rnds8Pool = new Uint8Array(256);
var poolPtr = rnds8Pool.length;
function rng() {
if (poolPtr > rnds8Pool.length - 16) {
(0, import_crypto.randomFillSync)(rnds8Pool);
(0, import_node_crypto.randomFillSync)(rnds8Pool);
poolPtr = 0;
}
return rnds8Pool.slice(poolPtr, poolPtr += 16);
}
// node_modules/uuid/dist/esm/native.js
var import_crypto2 = require("crypto");
var native_default = { randomUUID: import_crypto2.randomUUID };
// node_modules/uuid/dist/native.js
var import_node_crypto2 = require("node:crypto");
var native_default = { randomUUID: import_node_crypto2.randomUUID };
// node_modules/uuid/dist/esm/v4.js
function v4(options, buf, offset) {
if (native_default.randomUUID && !buf && !options) {
return native_default.randomUUID();
}
// node_modules/uuid/dist/v4.js
function _v4(options, buf, offset) {
options = options || {};
const rnds = options.random ?? options.rng?.() ?? rng();
if (rnds.length < 16) {
@@ -89483,6 +89477,12 @@ function v4(options, buf, offset) {
}
return unsafeStringify(rnds);
}
function v4(options, buf, offset) {
if (native_default.randomUUID && !buf && !options) {
return native_default.randomUUID();
}
return _v4(options, buf, offset);
}
var v4_default = v4;
// src/tar.ts
@@ -92180,7 +92180,7 @@ async function combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, lo
return JSON.parse(fs13.readFileSync(outputFile, "utf8"));
}
function populateRunAutomationDetails(sarif, category, analysis_key, environment) {
const automationID = getAutomationID(category, analysis_key, environment);
const automationID = getAutomationID2(category, analysis_key, environment);
if (automationID !== void 0) {
for (const run of sarif.runs || []) {
if (run.automationDetails === void 0) {
@@ -92193,7 +92193,7 @@ function populateRunAutomationDetails(sarif, category, analysis_key, environment
}
return sarif;
}
function getAutomationID(category, analysis_key, environment) {
function getAutomationID2(category, analysis_key, environment) {
if (category !== void 0) {
let automationID = category;
if (!automationID.endsWith("/")) {
@@ -92203,11 +92203,6 @@ function getAutomationID(category, analysis_key, environment) {
}
return computeAutomationID(analysis_key, environment);
}
var SARIF_UPLOAD_ENDPOINT = /* @__PURE__ */ ((SARIF_UPLOAD_ENDPOINT2) => {
SARIF_UPLOAD_ENDPOINT2["CODE_SCANNING"] = "PUT /repos/:owner/:repo/code-scanning/analysis";
SARIF_UPLOAD_ENDPOINT2["CODE_QUALITY"] = "PUT /repos/:owner/:repo/code-quality/analysis";
return SARIF_UPLOAD_ENDPOINT2;
})(SARIF_UPLOAD_ENDPOINT || {});
async function uploadPayload(payload, repositoryNwo, logger, target) {
logger.info("Uploading results");
if (isInTestMode()) {
@@ -92376,18 +92371,6 @@ function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, wo
}
return payloadObj;
}
var CodeScanningTarget = {
name: "code scanning",
target: "PUT /repos/:owner/:repo/code-scanning/analysis" /* CODE_SCANNING */,
sarifPredicate: (name) => name.endsWith(".sarif") && !CodeQualityTarget.sarifPredicate(name),
sentinelPrefix: "CODEQL_UPLOAD_SARIF_"
};
var CodeQualityTarget = {
name: "code quality",
target: "PUT /repos/:owner/:repo/code-quality/analysis" /* CODE_QUALITY */,
sarifPredicate: (name) => name.endsWith(".quality.sarif"),
sentinelPrefix: "CODEQL_UPLOAD_QUALITY_SARIF_"
};
async function uploadFiles(inputSarifPath, checkoutPath, category, features, logger, uploadTarget) {
const sarifPaths = getSarifFilePaths(
inputSarifPath,
@@ -92402,7 +92385,7 @@ async function uploadFiles(inputSarifPath, checkoutPath, category, features, log
uploadTarget
);
}
async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features, logger, uploadTarget = CodeScanningTarget) {
async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features, logger, uploadTarget) {
logger.startGroup(`Uploading ${uploadTarget.name} results`);
logger.info(`Processing sarif files: ${JSON.stringify(sarifPaths)}`);
const gitHubVersion = await getGitHubVersion();
@@ -92573,7 +92556,7 @@ function handleProcessingResultForUnsuccessfulExecution(response, status, logger
assertNever(status);
}
}
function validateUniqueCategory(sarif, sentinelPrefix = CodeScanningTarget.sentinelPrefix) {
function validateUniqueCategory(sarif, sentinelPrefix) {
const categories = {};
for (const run of sarif.runs) {
const id = run?.automationDetails?.id;
@@ -92630,10 +92613,7 @@ function filterAlertsByDiffRange(logger, sarif) {
}
// Annotate the CommonJS export names for ESM import in node:
0 && (module.exports = {
CodeQualityTarget,
CodeScanningTarget,
InvalidSarifUploadError,
SARIF_UPLOAD_ENDPOINT,
buildPayload,
findSarifFilesInDir,
getSarifFilePaths,
lib/upload-sarif-action-post.js
Generated
+30 -30
View File
@@ -20288,7 +20288,7 @@ var require_dist_node2 = __commonJS({
return value;
}
}
function isDefined(value) {
function isDefined2(value) {
return value !== void 0 && value !== null;
}
function isKeyOperator(operator) {
@@ -20296,7 +20296,7 @@ var require_dist_node2 = __commonJS({
}
function getValues(context2, operator, key, modifier) {
var value = context2[key], result = [];
if (isDefined(value) && value !== "") {
if (isDefined2(value) && value !== "") {
if (typeof value === "string" || typeof value === "number" || typeof value === "boolean") {
value = value.toString();
if (modifier && modifier !== "*") {
@@ -20308,14 +20308,14 @@ var require_dist_node2 = __commonJS({
} else {
if (modifier === "*") {
if (Array.isArray(value)) {
value.filter(isDefined).forEach(function(value2) {
value.filter(isDefined2).forEach(function(value2) {
result.push(
encodeValue(operator, value2, isKeyOperator(operator) ? key : "")
);
});
} else {
Object.keys(value).forEach(function(k) {
if (isDefined(value[k])) {
if (isDefined2(value[k])) {
result.push(encodeValue(operator, value[k], k));
}
});
@@ -20323,12 +20323,12 @@ var require_dist_node2 = __commonJS({
} else {
const tmp = [];
if (Array.isArray(value)) {
value.filter(isDefined).forEach(function(value2) {
value.filter(isDefined2).forEach(function(value2) {
tmp.push(encodeValue(operator, value2));
});
} else {
Object.keys(value).forEach(function(k) {
if (isDefined(value[k])) {
if (isDefined2(value[k])) {
tmp.push(encodeUnreserved(k));
tmp.push(encodeValue(operator, value[k].toString()));
}
@@ -20343,7 +20343,7 @@ var require_dist_node2 = __commonJS({
}
} else {
if (operator === ";") {
if (isDefined(value)) {
if (isDefined2(value)) {
result.push(encodeUnreserved(key));
}
} else if (value === "" && (operator === "&" || operator === "?")) {
@@ -21028,7 +21028,7 @@ var require_dist_node6 = __commonJS({
return value;
}
}
function isDefined(value) {
function isDefined2(value) {
return value !== void 0 && value !== null;
}
function isKeyOperator(operator) {
@@ -21036,7 +21036,7 @@ var require_dist_node6 = __commonJS({
}
function getValues(context2, operator, key, modifier) {
var value = context2[key], result = [];
if (isDefined(value) && value !== "") {
if (isDefined2(value) && value !== "") {
if (typeof value === "string" || typeof value === "number" || typeof value === "boolean") {
value = value.toString();
if (modifier && modifier !== "*") {
@@ -21048,14 +21048,14 @@ var require_dist_node6 = __commonJS({
} else {
if (modifier === "*") {
if (Array.isArray(value)) {
value.filter(isDefined).forEach(function(value2) {
value.filter(isDefined2).forEach(function(value2) {
result.push(
encodeValue(operator, value2, isKeyOperator(operator) ? key : "")
);
});
} else {
Object.keys(value).forEach(function(k) {
if (isDefined(value[k])) {
if (isDefined2(value[k])) {
result.push(encodeValue(operator, value[k], k));
}
});
@@ -21063,12 +21063,12 @@ var require_dist_node6 = __commonJS({
} else {
const tmp = [];
if (Array.isArray(value)) {
value.filter(isDefined).forEach(function(value2) {
value.filter(isDefined2).forEach(function(value2) {
tmp.push(encodeValue(operator, value2));
});
} else {
Object.keys(value).forEach(function(k) {
if (isDefined(value[k])) {
if (isDefined2(value[k])) {
tmp.push(encodeUnreserved(k));
tmp.push(encodeValue(operator, value[k].toString()));
}
@@ -21083,7 +21083,7 @@ var require_dist_node6 = __commonJS({
}
} else {
if (operator === ";") {
if (isDefined(value)) {
if (isDefined2(value)) {
result.push(encodeUnreserved(key));
}
} else if (value === "" && (operator === "&" || operator === "?")) {
@@ -26438,7 +26438,7 @@ var require_package = __commonJS({
"package.json"(exports2, module2) {
module2.exports = {
name: "codeql",
version: "3.30.1",
version: "3.30.2",
private: true,
description: "CodeQL action",
scripts: {
@@ -26486,13 +26486,13 @@ var require_package = __commonJS({
"node-forge": "^1.3.1",
octokit: "^5.0.3",
semver: "^7.7.2",
uuid: "^11.1.0"
uuid: "^12.0.0"
},
devDependencies: {
"@ava/typescript": "6.0.0",
"@eslint/compat": "^1.3.2",
"@eslint/eslintrc": "^3.3.1",
"@eslint/js": "^9.34.0",
"@eslint/js": "^9.35.0",
"@microsoft/eslint-formatter-sarif": "^3.1.0",
"@octokit/types": "^14.1.0",
"@types/archiver": "^6.0.3",
@@ -26501,9 +26501,9 @@ var require_package = __commonJS({
"@types/js-yaml": "^4.0.9",
"@types/node": "20.19.9",
"@types/node-forge": "^1.3.14",
"@types/semver": "^7.7.0",
"@types/semver": "^7.7.1",
"@types/sinon": "^17.0.4",
"@typescript-eslint/eslint-plugin": "^8.41.0",
"@typescript-eslint/eslint-plugin": "^8.43.0",
"@typescript-eslint/parser": "^8.41.0",
ava: "^6.4.1",
esbuild: "^0.25.9",
@@ -35658,14 +35658,14 @@ var require_typeGuards = __commonJS({
"node_modules/@azure/core-util/dist/commonjs/typeGuards.js"(exports2) {
"use strict";
Object.defineProperty(exports2, "__esModule", { value: true });
exports2.isDefined = isDefined;
exports2.isDefined = isDefined2;
exports2.isObjectWithProperties = isObjectWithProperties;
exports2.objectHasProperty = objectHasProperty;
function isDefined(thing) {
function isDefined2(thing) {
return typeof thing !== "undefined" && thing !== null;
}
function isObjectWithProperties(thing, properties) {
if (!isDefined(thing) || typeof thing !== "object") {
if (!isDefined2(thing) || typeof thing !== "object") {
return false;
}
for (const property of properties) {
@@ -35676,7 +35676,7 @@ var require_typeGuards = __commonJS({
return true;
}
function objectHasProperty(thing, property) {
return isDefined(thing) && typeof thing === "object" && property in thing;
return isDefined2(thing) && typeof thing === "object" && property in thing;
}
}
});
@@ -95692,7 +95692,7 @@ var require_dist_node16 = __commonJS({
return value;
}
}
function isDefined(value) {
function isDefined2(value) {
return value !== void 0 && value !== null;
}
function isKeyOperator(operator) {
@@ -95700,7 +95700,7 @@ var require_dist_node16 = __commonJS({
}
function getValues(context2, operator, key, modifier) {
var value = context2[key], result = [];
if (isDefined(value) && value !== "") {
if (isDefined2(value) && value !== "") {
if (typeof value === "string" || typeof value === "number" || typeof value === "boolean") {
value = value.toString();
if (modifier && modifier !== "*") {
@@ -95710,12 +95710,12 @@ var require_dist_node16 = __commonJS({
} else {
if (modifier === "*") {
if (Array.isArray(value)) {
value.filter(isDefined).forEach(function(value2) {
value.filter(isDefined2).forEach(function(value2) {
result.push(encodeValue(operator, value2, isKeyOperator(operator) ? key : ""));
});
} else {
Object.keys(value).forEach(function(k) {
if (isDefined(value[k])) {
if (isDefined2(value[k])) {
result.push(encodeValue(operator, value[k], k));
}
});
@@ -95723,12 +95723,12 @@ var require_dist_node16 = __commonJS({
} else {
const tmp = [];
if (Array.isArray(value)) {
value.filter(isDefined).forEach(function(value2) {
value.filter(isDefined2).forEach(function(value2) {
tmp.push(encodeValue(operator, value2));
});
} else {
Object.keys(value).forEach(function(k) {
if (isDefined(value[k])) {
if (isDefined2(value[k])) {
tmp.push(encodeUnreserved(k));
tmp.push(encodeValue(operator, value[k].toString()));
}
@@ -95743,7 +95743,7 @@ var require_dist_node16 = __commonJS({
}
} else {
if (operator === ";") {
if (isDefined(value)) {
if (isDefined2(value)) {
result.push(encodeUnreserved(key));
}
} else if (value === "" && (operator === "&" || operator === "?")) {
lib/upload-sarif-action.js
Generated
+69 -62
View File
@@ -20288,7 +20288,7 @@ var require_dist_node2 = __commonJS({
return value;
}
}
function isDefined(value) {
function isDefined2(value) {
return value !== void 0 && value !== null;
}
function isKeyOperator(operator) {
@@ -20296,7 +20296,7 @@ var require_dist_node2 = __commonJS({
}
function getValues(context2, operator, key, modifier) {
var value = context2[key], result = [];
if (isDefined(value) && value !== "") {
if (isDefined2(value) && value !== "") {
if (typeof value === "string" || typeof value === "number" || typeof value === "boolean") {
value = value.toString();
if (modifier && modifier !== "*") {
@@ -20308,14 +20308,14 @@ var require_dist_node2 = __commonJS({
} else {
if (modifier === "*") {
if (Array.isArray(value)) {
value.filter(isDefined).forEach(function(value2) {
value.filter(isDefined2).forEach(function(value2) {
result.push(
encodeValue(operator, value2, isKeyOperator(operator) ? key : "")
);
});
} else {
Object.keys(value).forEach(function(k) {
if (isDefined(value[k])) {
if (isDefined2(value[k])) {
result.push(encodeValue(operator, value[k], k));
}
});
@@ -20323,12 +20323,12 @@ var require_dist_node2 = __commonJS({
} else {
const tmp = [];
if (Array.isArray(value)) {
value.filter(isDefined).forEach(function(value2) {
value.filter(isDefined2).forEach(function(value2) {
tmp.push(encodeValue(operator, value2));
});
} else {
Object.keys(value).forEach(function(k) {
if (isDefined(value[k])) {
if (isDefined2(value[k])) {
tmp.push(encodeUnreserved(k));
tmp.push(encodeValue(operator, value[k].toString()));
}
@@ -20343,7 +20343,7 @@ var require_dist_node2 = __commonJS({
}
} else {
if (operator === ";") {
if (isDefined(value)) {
if (isDefined2(value)) {
result.push(encodeUnreserved(key));
}
} else if (value === "" && (operator === "&" || operator === "?")) {
@@ -21028,7 +21028,7 @@ var require_dist_node6 = __commonJS({
return value;
}
}
function isDefined(value) {
function isDefined2(value) {
return value !== void 0 && value !== null;
}
function isKeyOperator(operator) {
@@ -21036,7 +21036,7 @@ var require_dist_node6 = __commonJS({
}
function getValues(context2, operator, key, modifier) {
var value = context2[key], result = [];
if (isDefined(value) && value !== "") {
if (isDefined2(value) && value !== "") {
if (typeof value === "string" || typeof value === "number" || typeof value === "boolean") {
value = value.toString();
if (modifier && modifier !== "*") {
@@ -21048,14 +21048,14 @@ var require_dist_node6 = __commonJS({
} else {
if (modifier === "*") {
if (Array.isArray(value)) {
value.filter(isDefined).forEach(function(value2) {
value.filter(isDefined2).forEach(function(value2) {
result.push(
encodeValue(operator, value2, isKeyOperator(operator) ? key : "")
);
});
} else {
Object.keys(value).forEach(function(k) {
if (isDefined(value[k])) {
if (isDefined2(value[k])) {
result.push(encodeValue(operator, value[k], k));
}
});
@@ -21063,12 +21063,12 @@ var require_dist_node6 = __commonJS({
} else {
const tmp = [];
if (Array.isArray(value)) {
value.filter(isDefined).forEach(function(value2) {
value.filter(isDefined2).forEach(function(value2) {
tmp.push(encodeValue(operator, value2));
});
} else {
Object.keys(value).forEach(function(k) {
if (isDefined(value[k])) {
if (isDefined2(value[k])) {
tmp.push(encodeUnreserved(k));
tmp.push(encodeValue(operator, value[k].toString()));
}
@@ -21083,7 +21083,7 @@ var require_dist_node6 = __commonJS({
}
} else {
if (operator === ";") {
if (isDefined(value)) {
if (isDefined2(value)) {
result.push(encodeUnreserved(key));
}
} else if (value === "" && (operator === "&" || operator === "?")) {
@@ -32287,7 +32287,7 @@ var require_package = __commonJS({
"package.json"(exports2, module2) {
module2.exports = {
name: "codeql",
version: "3.30.1",
version: "3.30.2",
private: true,
description: "CodeQL action",
scripts: {
@@ -32335,13 +32335,13 @@ var require_package = __commonJS({
"node-forge": "^1.3.1",
octokit: "^5.0.3",
semver: "^7.7.2",
uuid: "^11.1.0"
uuid: "^12.0.0"
},
devDependencies: {
"@ava/typescript": "6.0.0",
"@eslint/compat": "^1.3.2",
"@eslint/eslintrc": "^3.3.1",
"@eslint/js": "^9.34.0",
"@eslint/js": "^9.35.0",
"@microsoft/eslint-formatter-sarif": "^3.1.0",
"@octokit/types": "^14.1.0",
"@types/archiver": "^6.0.3",
@@ -32350,9 +32350,9 @@ var require_package = __commonJS({
"@types/js-yaml": "^4.0.9",
"@types/node": "20.19.9",
"@types/node-forge": "^1.3.14",
"@types/semver": "^7.7.0",
"@types/semver": "^7.7.1",
"@types/sinon": "^17.0.4",
"@typescript-eslint/eslint-plugin": "^8.41.0",
"@typescript-eslint/eslint-plugin": "^8.43.0",
"@typescript-eslint/parser": "^8.41.0",
ava: "^6.4.1",
esbuild: "^0.25.9",
@@ -37670,14 +37670,14 @@ var require_typeGuards = __commonJS({
"node_modules/@azure/core-util/dist/commonjs/typeGuards.js"(exports2) {
"use strict";
Object.defineProperty(exports2, "__esModule", { value: true });
exports2.isDefined = isDefined;
exports2.isDefined = isDefined2;
exports2.isObjectWithProperties = isObjectWithProperties;
exports2.objectHasProperty = objectHasProperty;
function isDefined(thing) {
function isDefined2(thing) {
return typeof thing !== "undefined" && thing !== null;
}
function isObjectWithProperties(thing, properties) {
if (!isDefined(thing) || typeof thing !== "object") {
if (!isDefined2(thing) || typeof thing !== "object") {
return false;
}
for (const property of properties) {
@@ -37688,7 +37688,7 @@ var require_typeGuards = __commonJS({
return true;
}
function objectHasProperty(thing, property) {
return isDefined(thing) && typeof thing === "object" && property in thing;
return isDefined2(thing) && typeof thing === "object" && property in thing;
}
}
});
@@ -88718,6 +88718,30 @@ function fixCodeQualityCategory(logger, category) {
return category;
}
// src/analyses.ts
var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => {
AnalysisKind2["CodeScanning"] = "code-scanning";
AnalysisKind2["CodeQuality"] = "code-quality";
return AnalysisKind2;
})(AnalysisKind || {});
var supportedAnalysisKinds = new Set(Object.values(AnalysisKind));
var CodeScanning = {
kind: "code-scanning" /* CodeScanning */,
name: "code scanning",
target: "PUT /repos/:owner/:repo/code-scanning/analysis" /* CODE_SCANNING */,
sarifExtension: ".sarif",
sarifPredicate: (name) => name.endsWith(CodeScanning.sarifExtension) && !CodeQuality.sarifPredicate(name),
sentinelPrefix: "CODEQL_UPLOAD_SARIF_"
};
var CodeQuality = {
kind: "code-quality" /* CodeQuality */,
name: "code quality",
target: "PUT /repos/:owner/:repo/code-quality/analysis" /* CODE_QUALITY */,
sarifExtension: ".quality.sarif",
sarifPredicate: (name) => name.endsWith(CodeQuality.sarifExtension),
sentinelPrefix: "CODEQL_UPLOAD_QUALITY_SARIF_"
};
// src/api-client.ts
var core5 = __toESM(require_core());
var githubUtils = __toESM(require_utils4());
@@ -89585,14 +89609,6 @@ var fs8 = __toESM(require("fs"));
var path10 = __toESM(require("path"));
var semver4 = __toESM(require_semver2());
// src/analyses.ts
var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => {
AnalysisKind2["CodeScanning"] = "code-scanning";
AnalysisKind2["CodeQuality"] = "code-quality";
return AnalysisKind2;
})(AnalysisKind || {});
var supportedAnalysisKinds = new Set(Object.values(AnalysisKind));
// src/caching-utils.ts
var core8 = __toESM(require_core());
@@ -90116,7 +90132,7 @@ var toolcache3 = __toESM(require_tool_cache());
var import_fast_deep_equal = __toESM(require_fast_deep_equal());
var semver7 = __toESM(require_semver2());
// node_modules/uuid/dist/esm/stringify.js
// node_modules/uuid/dist/stringify.js
var byteToHex = [];
for (let i = 0; i < 256; ++i) {
byteToHex.push((i + 256).toString(16).slice(1));
@@ -90125,27 +90141,24 @@ function unsafeStringify(arr, offset = 0) {
return (byteToHex[arr[offset + 0]] + byteToHex[arr[offset + 1]] + byteToHex[arr[offset + 2]] + byteToHex[arr[offset + 3]] + "-" + byteToHex[arr[offset + 4]] + byteToHex[arr[offset + 5]] + "-" + byteToHex[arr[offset + 6]] + byteToHex[arr[offset + 7]] + "-" + byteToHex[arr[offset + 8]] + byteToHex[arr[offset + 9]] + "-" + byteToHex[arr[offset + 10]] + byteToHex[arr[offset + 11]] + byteToHex[arr[offset + 12]] + byteToHex[arr[offset + 13]] + byteToHex[arr[offset + 14]] + byteToHex[arr[offset + 15]]).toLowerCase();
}
// node_modules/uuid/dist/esm/rng.js
var import_crypto = require("crypto");
// node_modules/uuid/dist/rng.js
var import_node_crypto = require("node:crypto");
var rnds8Pool = new Uint8Array(256);
var poolPtr = rnds8Pool.length;
function rng() {
if (poolPtr > rnds8Pool.length - 16) {
(0, import_crypto.randomFillSync)(rnds8Pool);
(0, import_node_crypto.randomFillSync)(rnds8Pool);
poolPtr = 0;
}
return rnds8Pool.slice(poolPtr, poolPtr += 16);
}
// node_modules/uuid/dist/esm/native.js
var import_crypto2 = require("crypto");
var native_default = { randomUUID: import_crypto2.randomUUID };
// node_modules/uuid/dist/native.js
var import_node_crypto2 = require("node:crypto");
var native_default = { randomUUID: import_node_crypto2.randomUUID };
// node_modules/uuid/dist/esm/v4.js
function v4(options, buf, offset) {
if (native_default.randomUUID && !buf && !options) {
return native_default.randomUUID();
}
// node_modules/uuid/dist/v4.js
function _v4(options, buf, offset) {
options = options || {};
const rnds = options.random ?? options.rng?.() ?? rng();
if (rnds.length < 16) {
@@ -90165,6 +90178,12 @@ function v4(options, buf, offset) {
}
return unsafeStringify(rnds);
}
function v4(options, buf, offset) {
if (native_default.randomUUID && !buf && !options) {
return native_default.randomUUID();
}
return _v4(options, buf, offset);
}
var v4_default = v4;
// src/tar.ts
@@ -92862,7 +92881,7 @@ async function combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, lo
return JSON.parse(fs14.readFileSync(outputFile, "utf8"));
}
function populateRunAutomationDetails(sarif, category, analysis_key, environment) {
const automationID = getAutomationID(category, analysis_key, environment);
const automationID = getAutomationID2(category, analysis_key, environment);
if (automationID !== void 0) {
for (const run2 of sarif.runs || []) {
if (run2.automationDetails === void 0) {
@@ -92875,7 +92894,7 @@ function populateRunAutomationDetails(sarif, category, analysis_key, environment
}
return sarif;
}
function getAutomationID(category, analysis_key, environment) {
function getAutomationID2(category, analysis_key, environment) {
if (category !== void 0) {
let automationID = category;
if (!automationID.endsWith("/")) {
@@ -93053,18 +93072,6 @@ function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, wo
}
return payloadObj;
}
var CodeScanningTarget = {
name: "code scanning",
target: "PUT /repos/:owner/:repo/code-scanning/analysis" /* CODE_SCANNING */,
sarifPredicate: (name) => name.endsWith(".sarif") && !CodeQualityTarget.sarifPredicate(name),
sentinelPrefix: "CODEQL_UPLOAD_SARIF_"
};
var CodeQualityTarget = {
name: "code quality",
target: "PUT /repos/:owner/:repo/code-quality/analysis" /* CODE_QUALITY */,
sarifPredicate: (name) => name.endsWith(".quality.sarif"),
sentinelPrefix: "CODEQL_UPLOAD_QUALITY_SARIF_"
};
async function uploadFiles(inputSarifPath, checkoutPath, category, features, logger, uploadTarget) {
const sarifPaths = getSarifFilePaths(
inputSarifPath,
@@ -93079,7 +93086,7 @@ async function uploadFiles(inputSarifPath, checkoutPath, category, features, log
uploadTarget
);
}
async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features, logger, uploadTarget = CodeScanningTarget) {
async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features, logger, uploadTarget) {
logger.startGroup(`Uploading ${uploadTarget.name} results`);
logger.info(`Processing sarif files: ${JSON.stringify(sarifPaths)}`);
const gitHubVersion = await getGitHubVersion();
@@ -93250,7 +93257,7 @@ function handleProcessingResultForUnsuccessfulExecution(response, status, logger
assertNever(status);
}
}
function validateUniqueCategory(sarif, sentinelPrefix = CodeScanningTarget.sentinelPrefix) {
function validateUniqueCategory(sarif, sentinelPrefix) {
const categories = {};
for (const run2 of sarif.runs) {
const id = run2?.automationDetails?.id;
@@ -93359,13 +93366,13 @@ async function run() {
category,
features,
logger,
CodeScanningTarget
CodeScanning
);
core13.setOutput("sarif-id", uploadResult.sarifID);
if (fs15.lstatSync(sarifPath).isDirectory()) {
const qualitySarifFiles = findSarifFilesInDir(
sarifPath,
CodeQualityTarget.sarifPredicate
CodeQuality.sarifPredicate
);
if (qualitySarifFiles.length !== 0) {
await uploadSpecifiedFiles(
@@ -93374,7 +93381,7 @@ async function run() {
fixCodeQualityCategory(logger, category),
features,
logger,
CodeQualityTarget
CodeQuality
);
}
}
package-lock.json
Generated
+119 -135
View File
@@ -1,12 +1,12 @@
{
"name": "codeql",
"version": "3.30.1",
"version": "3.30.2",
"lockfileVersion": 3,
"requires": true,
"packages": {
"": {
"name": "codeql",
"version": "3.30.1",
"version": "3.30.2",
"license": "MIT",
"dependencies": {
"@actions/artifact": "^2.3.1",
@@ -34,26 +34,24 @@
"node-forge": "^1.3.1",
"octokit": "^5.0.3",
"semver": "^7.7.2",
"uuid": "^11.1.0"
"uuid": "^12.0.0"
},
"devDependencies": {
"@ava/typescript": "6.0.0",
"@eslint/compat": "^1.3.2",
"@eslint/eslintrc": "^3.3.1",
"@eslint/js": "^9.34.0",
"@eslint/js": "^9.35.0",
"@microsoft/eslint-formatter-sarif": "^3.1.0",
"@octokit/types": "^14.1.0",
"@types/archiver": "^6.0.3",
"@types/console-log-level": "^1.4.5",
"@types/follow-redirects": "^1.14.4",
"@types/get-folder-size": "^3.0.4",
"@types/js-yaml": "^4.0.9",
"@types/node": "20.19.9",
"@types/node-forge": "^1.3.14",
"@types/semver": "^7.7.0",
"@types/semver": "^7.7.1",
"@types/sinon": "^17.0.4",
"@types/uuid": "^10.0.0",
"@typescript-eslint/eslint-plugin": "^8.41.0",
"@typescript-eslint/eslint-plugin": "^8.43.0",
"@typescript-eslint/parser": "^8.41.0",
"ava": "^6.4.1",
"esbuild": "^0.25.9",
@@ -1332,9 +1330,9 @@
}
},
"node_modules/@eslint/js": {
"version": "9.34.0",
"resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.34.0.tgz",
"integrity": "sha512-EoyvqQnBNsV1CWaEJ559rxXL4c8V92gxirbawSmVUOWXlsRxxQXl6LmCpdUblgxgSkDIqKnhzba2SjRTI/A5Rw==",
"version": "9.35.0",
"resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.35.0.tgz",
"integrity": "sha512-30iXE9whjlILfWobBkNerJo+TXYsgVM5ERQwMcMKCHckHflCmf7wXDAHlARoWnh0s1U72WqlbeyE7iAcCzuCPw==",
"dev": true,
"license": "MIT",
"engines": {
@@ -2459,16 +2457,6 @@
"@types/node": "*"
}
},
"node_modules/@types/get-folder-size": {
"version": "3.0.4",
"resolved": "https://registry.npmjs.org/@types/get-folder-size/-/get-folder-size-3.0.4.tgz",
"integrity": "sha512-tSf/k7Undx6jKRwpChR9tl+0ZPf0BVwkjBRtJ5qSnz6iWm2ZRYMAS2MktC2u7YaTAFHmxpL/LBxI85M7ioJCSg==",
"dev": true,
"license": "MIT",
"dependencies": {
"@types/node": "*"
}
},
"node_modules/@types/js-yaml": {
"version": "4.0.9",
"dev": true,
@@ -2510,10 +2498,11 @@
}
},
"node_modules/@types/semver": {
"version": "7.7.0",
"resolved": "https://registry.npmjs.org/@types/semver/-/semver-7.7.0.tgz",
"integrity": "sha512-k107IF4+Xr7UHjwDc7Cfd6PRQfbdkiRabXGRjo07b4WyPahFBZCZ1sE+BNxYIJPPg73UkfOsVOLwqVc/6ETrIA==",
"dev": true
"version": "7.7.1",
"resolved": "https://registry.npmjs.org/@types/semver/-/semver-7.7.1.tgz",
"integrity": "sha512-FmgJfu+MOcQ370SD0ev7EI8TlCAfKYU+B4m5T3yXc1CiRN94g/SZPtsCkk506aUDtlMnFZvasDwHHUcZUEaYuA==",
"dev": true,
"license": "MIT"
},
"node_modules/@types/sinon": {
"version": "17.0.4",
@@ -2530,23 +2519,18 @@
"dev": true,
"license": "MIT"
},
"node_modules/@types/uuid": {
"version": "10.0.0",
"dev": true,
"license": "MIT"
},
"node_modules/@typescript-eslint/eslint-plugin": {
"version": "8.41.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.41.0.tgz",
"integrity": "sha512-8fz6oa6wEKZrhXWro/S3n2eRJqlRcIa6SlDh59FXJ5Wp5XRZ8B9ixpJDcjadHq47hMx0u+HW6SNa6LjJQ6NLtw==",
"version": "8.43.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.43.0.tgz",
"integrity": "sha512-8tg+gt7ENL7KewsKMKDHXR1vm8tt9eMxjJBYINf6swonlWgkYn5NwyIgXpbbDxTNU5DgpDFfj95prcTq2clIQQ==",
"dev": true,
"license": "MIT",
"dependencies": {
"@eslint-community/regexpp": "^4.10.0",
"@typescript-eslint/scope-manager": "8.41.0",
"@typescript-eslint/type-utils": "8.41.0",
"@typescript-eslint/utils": "8.41.0",
"@typescript-eslint/visitor-keys": "8.41.0",
"@typescript-eslint/scope-manager": "8.43.0",
"@typescript-eslint/type-utils": "8.43.0",
"@typescript-eslint/utils": "8.43.0",
"@typescript-eslint/visitor-keys": "8.43.0",
"graphemer": "^1.4.0",
"ignore": "^7.0.0",
"natural-compare": "^1.4.0",
@@ -2560,20 +2544,20 @@
"url": "https://opencollective.com/typescript-eslint"
},
"peerDependencies": {
"@typescript-eslint/parser": "^8.41.0",
"@typescript-eslint/parser": "^8.43.0",
"eslint": "^8.57.0 || ^9.0.0",
"typescript": ">=4.8.4 <6.0.0"
}
},
"node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/scope-manager": {
"version": "8.41.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.41.0.tgz",
"integrity": "sha512-n6m05bXn/Cd6DZDGyrpXrELCPVaTnLdPToyhBoFkLIMznRUQUEQdSp96s/pcWSQdqOhrgR1mzJ+yItK7T+WPMQ==",
"version": "8.43.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.43.0.tgz",
"integrity": "sha512-daSWlQ87ZhsjrbMLvpuuMAt3y4ba57AuvadcR7f3nl8eS3BjRc8L9VLxFLk92RL5xdXOg6IQ+qKjjqNEimGuAg==",
"dev": true,
"license": "MIT",
"dependencies": {
"@typescript-eslint/types": "8.41.0",
"@typescript-eslint/visitor-keys": "8.41.0"
"@typescript-eslint/types": "8.43.0",
"@typescript-eslint/visitor-keys": "8.43.0"
},
"engines": {
"node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -2584,9 +2568,9 @@
}
},
"node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/types": {
"version": "8.41.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.41.0.tgz",
"integrity": "sha512-9EwxsWdVqh42afLbHP90n2VdHaWU/oWgbH2P0CfcNfdKL7CuKpwMQGjwev56vWu9cSKU7FWSu6r9zck6CVfnag==",
"version": "8.43.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.43.0.tgz",
"integrity": "sha512-vQ2FZaxJpydjSZJKiSW/LJsabFFvV7KgLC5DiLhkBcykhQj8iK9BOaDmQt74nnKdLvceM5xmhaTF+pLekrxEkw==",
"dev": true,
"license": "MIT",
"engines": {
@@ -2598,16 +2582,16 @@
}
},
"node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/typescript-estree": {
"version": "8.41.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.41.0.tgz",
"integrity": "sha512-D43UwUYJmGhuwHfY7MtNKRZMmfd8+p/eNSfFe6tH5mbVDto+VQCayeAt35rOx3Cs6wxD16DQtIKw/YXxt5E0UQ==",
"version": "8.43.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.43.0.tgz",
"integrity": "sha512-7Vv6zlAhPb+cvEpP06WXXy/ZByph9iL6BQRBDj4kmBsW98AqEeQHlj/13X+sZOrKSo9/rNKH4Ul4f6EICREFdw==",
"dev": true,
"license": "MIT",
"dependencies": {
"@typescript-eslint/project-service": "8.41.0",
"@typescript-eslint/tsconfig-utils": "8.41.0",
"@typescript-eslint/types": "8.41.0",
"@typescript-eslint/visitor-keys": "8.41.0",
"@typescript-eslint/project-service": "8.43.0",
"@typescript-eslint/tsconfig-utils": "8.43.0",
"@typescript-eslint/types": "8.43.0",
"@typescript-eslint/visitor-keys": "8.43.0",
"debug": "^4.3.4",
"fast-glob": "^3.3.2",
"is-glob": "^4.0.3",
@@ -2627,16 +2611,16 @@
}
},
"node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/utils": {
"version": "8.41.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.41.0.tgz",
"integrity": "sha512-udbCVstxZ5jiPIXrdH+BZWnPatjlYwJuJkDA4Tbo3WyYLh8NvB+h/bKeSZHDOFKfphsZYJQqaFtLeXEqurQn1A==",
"version": "8.43.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.43.0.tgz",
"integrity": "sha512-S1/tEmkUeeswxd0GGcnwuVQPFWo8NzZTOMxCvw8BX7OMxnNae+i8Tm7REQen/SwUIPoPqfKn7EaZ+YLpiB3k9g==",
"dev": true,
"license": "MIT",
"dependencies": {
"@eslint-community/eslint-utils": "^4.7.0",
"@typescript-eslint/scope-manager": "8.41.0",
"@typescript-eslint/types": "8.41.0",
"@typescript-eslint/typescript-estree": "8.41.0"
"@typescript-eslint/scope-manager": "8.43.0",
"@typescript-eslint/types": "8.43.0",
"@typescript-eslint/typescript-estree": "8.43.0"
},
"engines": {
"node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -2651,13 +2635,13 @@
}
},
"node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/visitor-keys": {
"version": "8.41.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.41.0.tgz",
"integrity": "sha512-+GeGMebMCy0elMNg67LRNoVnUFPIm37iu5CmHESVx56/9Jsfdpsvbv605DQ81Pi/x11IdKUsS5nzgTYbCQU9fg==",
"version": "8.43.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.43.0.tgz",
"integrity": "sha512-T+S1KqRD4sg/bHfLwrpF/K3gQLBM1n7Rp7OjjikjTEssI2YJzQpi5WXoynOaQ93ERIuq3O8RBTOUYDKszUCEHw==",
"dev": true,
"license": "MIT",
"dependencies": {
"@typescript-eslint/types": "8.41.0",
"@typescript-eslint/types": "8.43.0",
"eslint-visitor-keys": "^4.2.1"
},
"engines": {
@@ -2730,16 +2714,16 @@
}
},
"node_modules/@typescript-eslint/parser": {
"version": "8.41.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.41.0.tgz",
"integrity": "sha512-gTtSdWX9xiMPA/7MV9STjJOOYtWwIJIYxkQxnSV1U3xcE+mnJSH3f6zI0RYP+ew66WSlZ5ed+h0VCxsvdC1jJg==",
"version": "8.43.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.43.0.tgz",
"integrity": "sha512-B7RIQiTsCBBmY+yW4+ILd6mF5h1FUwJsVvpqkrgpszYifetQ2Ke+Z4u6aZh0CblkUGIdR59iYVyXqqZGkZ3aBw==",
"dev": true,
"license": "MIT",
"dependencies": {
"@typescript-eslint/scope-manager": "8.41.0",
"@typescript-eslint/types": "8.41.0",
"@typescript-eslint/typescript-estree": "8.41.0",
"@typescript-eslint/visitor-keys": "8.41.0",
"@typescript-eslint/scope-manager": "8.43.0",
"@typescript-eslint/types": "8.43.0",
"@typescript-eslint/typescript-estree": "8.43.0",
"@typescript-eslint/visitor-keys": "8.43.0",
"debug": "^4.3.4"
},
"engines": {
@@ -2755,14 +2739,14 @@
}
},
"node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager": {
"version": "8.41.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.41.0.tgz",
"integrity": "sha512-n6m05bXn/Cd6DZDGyrpXrELCPVaTnLdPToyhBoFkLIMznRUQUEQdSp96s/pcWSQdqOhrgR1mzJ+yItK7T+WPMQ==",
"version": "8.43.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.43.0.tgz",
"integrity": "sha512-daSWlQ87ZhsjrbMLvpuuMAt3y4ba57AuvadcR7f3nl8eS3BjRc8L9VLxFLk92RL5xdXOg6IQ+qKjjqNEimGuAg==",
"dev": true,
"license": "MIT",
"dependencies": {
"@typescript-eslint/types": "8.41.0",
"@typescript-eslint/visitor-keys": "8.41.0"
"@typescript-eslint/types": "8.43.0",
"@typescript-eslint/visitor-keys": "8.43.0"
},
"engines": {
"node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -2773,9 +2757,9 @@
}
},
"node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/types": {
"version": "8.41.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.41.0.tgz",
"integrity": "sha512-9EwxsWdVqh42afLbHP90n2VdHaWU/oWgbH2P0CfcNfdKL7CuKpwMQGjwev56vWu9cSKU7FWSu6r9zck6CVfnag==",
"version": "8.43.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.43.0.tgz",
"integrity": "sha512-vQ2FZaxJpydjSZJKiSW/LJsabFFvV7KgLC5DiLhkBcykhQj8iK9BOaDmQt74nnKdLvceM5xmhaTF+pLekrxEkw==",
"dev": true,
"license": "MIT",
"engines": {
@@ -2787,16 +2771,16 @@
}
},
"node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/typescript-estree": {
"version": "8.41.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.41.0.tgz",
"integrity": "sha512-D43UwUYJmGhuwHfY7MtNKRZMmfd8+p/eNSfFe6tH5mbVDto+VQCayeAt35rOx3Cs6wxD16DQtIKw/YXxt5E0UQ==",
"version": "8.43.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.43.0.tgz",
"integrity": "sha512-7Vv6zlAhPb+cvEpP06WXXy/ZByph9iL6BQRBDj4kmBsW98AqEeQHlj/13X+sZOrKSo9/rNKH4Ul4f6EICREFdw==",
"dev": true,
"license": "MIT",
"dependencies": {
"@typescript-eslint/project-service": "8.41.0",
"@typescript-eslint/tsconfig-utils": "8.41.0",
"@typescript-eslint/types": "8.41.0",
"@typescript-eslint/visitor-keys": "8.41.0",
"@typescript-eslint/project-service": "8.43.0",
"@typescript-eslint/tsconfig-utils": "8.43.0",
"@typescript-eslint/types": "8.43.0",
"@typescript-eslint/visitor-keys": "8.43.0",
"debug": "^4.3.4",
"fast-glob": "^3.3.2",
"is-glob": "^4.0.3",
@@ -2816,13 +2800,13 @@
}
},
"node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/visitor-keys": {
"version": "8.41.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.41.0.tgz",
"integrity": "sha512-+GeGMebMCy0elMNg67LRNoVnUFPIm37iu5CmHESVx56/9Jsfdpsvbv605DQ81Pi/x11IdKUsS5nzgTYbCQU9fg==",
"version": "8.43.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.43.0.tgz",
"integrity": "sha512-T+S1KqRD4sg/bHfLwrpF/K3gQLBM1n7Rp7OjjikjTEssI2YJzQpi5WXoynOaQ93ERIuq3O8RBTOUYDKszUCEHw==",
"dev": true,
"license": "MIT",
"dependencies": {
"@typescript-eslint/types": "8.41.0",
"@typescript-eslint/types": "8.43.0",
"eslint-visitor-keys": "^4.2.1"
},
"engines": {
@@ -2886,14 +2870,14 @@
}
},
"node_modules/@typescript-eslint/project-service": {
"version": "8.41.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.41.0.tgz",
"integrity": "sha512-b8V9SdGBQzQdjJ/IO3eDifGpDBJfvrNTp2QD9P2BeqWTGrRibgfgIlBSw6z3b6R7dPzg752tOs4u/7yCLxksSQ==",
"version": "8.43.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.43.0.tgz",
"integrity": "sha512-htB/+D/BIGoNTQYffZw4uM4NzzuolCoaA/BusuSIcC8YjmBYQioew5VUZAYdAETPjeed0hqCaW7EHg+Robq8uw==",
"dev": true,
"license": "MIT",
"dependencies": {
"@typescript-eslint/tsconfig-utils": "^8.41.0",
"@typescript-eslint/types": "^8.41.0",
"@typescript-eslint/tsconfig-utils": "^8.43.0",
"@typescript-eslint/types": "^8.43.0",
"debug": "^4.3.4"
},
"engines": {
@@ -2908,9 +2892,9 @@
}
},
"node_modules/@typescript-eslint/project-service/node_modules/@typescript-eslint/types": {
"version": "8.41.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.41.0.tgz",
"integrity": "sha512-9EwxsWdVqh42afLbHP90n2VdHaWU/oWgbH2P0CfcNfdKL7CuKpwMQGjwev56vWu9cSKU7FWSu6r9zck6CVfnag==",
"version": "8.43.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.43.0.tgz",
"integrity": "sha512-vQ2FZaxJpydjSZJKiSW/LJsabFFvV7KgLC5DiLhkBcykhQj8iK9BOaDmQt74nnKdLvceM5xmhaTF+pLekrxEkw==",
"dev": true,
"license": "MIT",
"engines": {
@@ -2940,9 +2924,9 @@
}
},
"node_modules/@typescript-eslint/tsconfig-utils": {
"version": "8.41.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.41.0.tgz",
"integrity": "sha512-TDhxYFPUYRFxFhuU5hTIJk+auzM/wKvWgoNYOPcOf6i4ReYlOoYN8q1dV5kOTjNQNJgzWN3TUUQMtlLOcUgdUw==",
"version": "8.43.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.43.0.tgz",
"integrity": "sha512-ALC2prjZcj2YqqL5X/bwWQmHA2em6/94GcbB/KKu5SX3EBDOsqztmmX1kMkvAJHzxk7TazKzJfFiEIagNV3qEA==",
"dev": true,
"license": "MIT",
"engines": {
@@ -2957,15 +2941,15 @@
}
},
"node_modules/@typescript-eslint/type-utils": {
"version": "8.41.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.41.0.tgz",
"integrity": "sha512-63qt1h91vg3KsjVVonFJWjgSK7pZHSQFKH6uwqxAH9bBrsyRhO6ONoKyXxyVBzG1lJnFAJcKAcxLS54N1ee1OQ==",
"version": "8.43.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.43.0.tgz",
"integrity": "sha512-qaH1uLBpBuBBuRf8c1mLJ6swOfzCXryhKND04Igr4pckzSEW9JX5Aw9AgW00kwfjWJF0kk0ps9ExKTfvXfw4Qg==",
"dev": true,
"license": "MIT",
"dependencies": {
"@typescript-eslint/types": "8.41.0",
"@typescript-eslint/typescript-estree": "8.41.0",
"@typescript-eslint/utils": "8.41.0",
"@typescript-eslint/types": "8.43.0",
"@typescript-eslint/typescript-estree": "8.43.0",
"@typescript-eslint/utils": "8.43.0",
"debug": "^4.3.4",
"ts-api-utils": "^2.1.0"
},
@@ -2982,14 +2966,14 @@
}
},
"node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/scope-manager": {
"version": "8.41.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.41.0.tgz",
"integrity": "sha512-n6m05bXn/Cd6DZDGyrpXrELCPVaTnLdPToyhBoFkLIMznRUQUEQdSp96s/pcWSQdqOhrgR1mzJ+yItK7T+WPMQ==",
"version": "8.43.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.43.0.tgz",
"integrity": "sha512-daSWlQ87ZhsjrbMLvpuuMAt3y4ba57AuvadcR7f3nl8eS3BjRc8L9VLxFLk92RL5xdXOg6IQ+qKjjqNEimGuAg==",
"dev": true,
"license": "MIT",
"dependencies": {
"@typescript-eslint/types": "8.41.0",
"@typescript-eslint/visitor-keys": "8.41.0"
"@typescript-eslint/types": "8.43.0",
"@typescript-eslint/visitor-keys": "8.43.0"
},
"engines": {
"node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -3000,9 +2984,9 @@
}
},
"node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/types": {
"version": "8.41.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.41.0.tgz",
"integrity": "sha512-9EwxsWdVqh42afLbHP90n2VdHaWU/oWgbH2P0CfcNfdKL7CuKpwMQGjwev56vWu9cSKU7FWSu6r9zck6CVfnag==",
"version": "8.43.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.43.0.tgz",
"integrity": "sha512-vQ2FZaxJpydjSZJKiSW/LJsabFFvV7KgLC5DiLhkBcykhQj8iK9BOaDmQt74nnKdLvceM5xmhaTF+pLekrxEkw==",
"dev": true,
"license": "MIT",
"engines": {
@@ -3014,16 +2998,16 @@
}
},
"node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/typescript-estree": {
"version": "8.41.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.41.0.tgz",
"integrity": "sha512-D43UwUYJmGhuwHfY7MtNKRZMmfd8+p/eNSfFe6tH5mbVDto+VQCayeAt35rOx3Cs6wxD16DQtIKw/YXxt5E0UQ==",
"version": "8.43.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.43.0.tgz",
"integrity": "sha512-7Vv6zlAhPb+cvEpP06WXXy/ZByph9iL6BQRBDj4kmBsW98AqEeQHlj/13X+sZOrKSo9/rNKH4Ul4f6EICREFdw==",
"dev": true,
"license": "MIT",
"dependencies": {
"@typescript-eslint/project-service": "8.41.0",
"@typescript-eslint/tsconfig-utils": "8.41.0",
"@typescript-eslint/types": "8.41.0",
"@typescript-eslint/visitor-keys": "8.41.0",
"@typescript-eslint/project-service": "8.43.0",
"@typescript-eslint/tsconfig-utils": "8.43.0",
"@typescript-eslint/types": "8.43.0",
"@typescript-eslint/visitor-keys": "8.43.0",
"debug": "^4.3.4",
"fast-glob": "^3.3.2",
"is-glob": "^4.0.3",
@@ -3043,16 +3027,16 @@
}
},
"node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/utils": {
"version": "8.41.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.41.0.tgz",
"integrity": "sha512-udbCVstxZ5jiPIXrdH+BZWnPatjlYwJuJkDA4Tbo3WyYLh8NvB+h/bKeSZHDOFKfphsZYJQqaFtLeXEqurQn1A==",
"version": "8.43.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.43.0.tgz",
"integrity": "sha512-S1/tEmkUeeswxd0GGcnwuVQPFWo8NzZTOMxCvw8BX7OMxnNae+i8Tm7REQen/SwUIPoPqfKn7EaZ+YLpiB3k9g==",
"dev": true,
"license": "MIT",
"dependencies": {
"@eslint-community/eslint-utils": "^4.7.0",
"@typescript-eslint/scope-manager": "8.41.0",
"@typescript-eslint/types": "8.41.0",
"@typescript-eslint/typescript-estree": "8.41.0"
"@typescript-eslint/scope-manager": "8.43.0",
"@typescript-eslint/types": "8.43.0",
"@typescript-eslint/typescript-estree": "8.43.0"
},
"engines": {
"node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -3067,13 +3051,13 @@
}
},
"node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/visitor-keys": {
"version": "8.41.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.41.0.tgz",
"integrity": "sha512-+GeGMebMCy0elMNg67LRNoVnUFPIm37iu5CmHESVx56/9Jsfdpsvbv605DQ81Pi/x11IdKUsS5nzgTYbCQU9fg==",
"version": "8.43.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.43.0.tgz",
"integrity": "sha512-T+S1KqRD4sg/bHfLwrpF/K3gQLBM1n7Rp7OjjikjTEssI2YJzQpi5WXoynOaQ93ERIuq3O8RBTOUYDKszUCEHw==",
"dev": true,
"license": "MIT",
"dependencies": {
"@typescript-eslint/types": "8.41.0",
"@typescript-eslint/types": "8.43.0",
"eslint-visitor-keys": "^4.2.1"
},
"engines": {
@@ -9092,16 +9076,16 @@
"license": "MIT"
},
"node_modules/uuid": {
"version": "11.1.0",
"resolved": "https://registry.npmjs.org/uuid/-/uuid-11.1.0.tgz",
"integrity": "sha512-0/A9rDy9P7cJ+8w1c9WD9V//9Wj15Ce2MPz8Ri6032usz+NfePxx5AcN3bN+r6ZL6jEo066/yNYB3tn4pQEx+A==",
"version": "12.0.0",
"resolved": "https://registry.npmjs.org/uuid/-/uuid-12.0.0.tgz",
"integrity": "sha512-USe1zesMYh4fjCA8ZH5+X5WIVD0J4V1Jksm1bFTVBX2F/cwSXt0RO5w/3UXbdLKmZX65MiWV+hwhSS8p6oBTGA==",
"funding": [
"https://github.com/sponsors/broofa",
"https://github.com/sponsors/ctavan"
],
"license": "MIT",
"bin": {
"uuid": "dist/esm/bin/uuid"
"uuid": "dist/bin/uuid"
}
},
"node_modules/webidl-conversions": {
package.json
+5 -5
View File
@@ -1,6 +1,6 @@
{
"name": "codeql",
"version": "3.30.1",
"version": "3.30.2",
"private": true,
"description": "CodeQL action",
"scripts": {
@@ -48,13 +48,13 @@
"node-forge": "^1.3.1",
"octokit": "^5.0.3",
"semver": "^7.7.2",
"uuid": "^11.1.0"
"uuid": "^12.0.0"
},
"devDependencies": {
"@ava/typescript": "6.0.0",
"@eslint/compat": "^1.3.2",
"@eslint/eslintrc": "^3.3.1",
"@eslint/js": "^9.34.0",
"@eslint/js": "^9.35.0",
"@microsoft/eslint-formatter-sarif": "^3.1.0",
"@octokit/types": "^14.1.0",
"@types/archiver": "^6.0.3",
@@ -63,9 +63,9 @@
"@types/js-yaml": "^4.0.9",
"@types/node": "20.19.9",
"@types/node-forge": "^1.3.14",
"@types/semver": "^7.7.0",
"@types/semver": "^7.7.1",
"@types/sinon": "^17.0.4",
"@typescript-eslint/eslint-plugin": "^8.41.0",
"@typescript-eslint/eslint-plugin": "^8.43.0",
"@typescript-eslint/parser": "^8.41.0",
"ava": "^6.4.1",
"esbuild": "^0.25.9",
pr-checks/checks/quality-queries.yml
+10 -3
View File
@@ -1,6 +1,7 @@
name: "Quality queries input"
description: "Tests that queries specified in the quality-queries input are used."
versions: ["linked", "nightly-latest"]
analysisKinds: ["code-scanning", "code-quality", "code-scanning,code-quality"]
env:
CHECK_SCRIPT: |
const fs = require('fs');
@@ -29,25 +30,30 @@ steps:
- uses: ./../action/init
with:
languages: javascript
quality-queries: code-quality
analysis-kinds: ${{ matrix.analysis-kinds }}
tools: ${{ steps.prepare-test.outputs.tools-url }}
- uses: ./../action/analyze
with:
output: "${{ runner.temp }}/results"
upload-database: false
- name: Upload security SARIF
if: contains(matrix.analysis-kinds, 'code-scanning')
uses: actions/upload-artifact@v4
with:
name: quality-queries-${{ matrix.os }}-${{ matrix.version }}.sarif.json
name: |
quality-queries-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }}.sarif.json
path: "${{ runner.temp }}/results/javascript.sarif"
retention-days: 7
- name: Upload quality SARIF
if: contains(matrix.analysis-kinds, 'code-quality')
uses: actions/upload-artifact@v4
with:
name: quality-queries-${{ matrix.os }}-${{ matrix.version }}.quality.sarif.json
name: |
quality-queries-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }}.quality.sarif.json
path: "${{ runner.temp }}/results/javascript.quality.sarif"
retention-days: 7
- name: Check quality query does not appear in security SARIF
if: contains(matrix.analysis-kinds, 'code-scanning')
uses: actions/github-script@v7
env:
SARIF_PATH: "${{ runner.temp }}/results/javascript.sarif"
@@ -55,6 +61,7 @@ steps:
with:
script: ${{ env.CHECK_SCRIPT }}
- name: Check quality query appears in quality SARIF
if: contains(matrix.analysis-kinds, 'code-quality')
uses: actions/github-script@v7
env:
SARIF_PATH: "${{ runner.temp }}/results/javascript.quality.sarif"
pr-checks/checks/upload-quality-sarif.yml
+1 -1
View File
@@ -8,7 +8,7 @@ steps:
tools: ${{ steps.prepare-test.outputs.tools-url }}
languages: cpp,csharp,java,javascript,python
config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ github.sha }}
quality-queries: code-quality
analysis-kinds: code-scanning,code-quality
- name: Build code
shell: bash
run: ./build.sh
pr-checks/sync.py
+12
View File
@@ -102,6 +102,18 @@ for file in sorted((this_dir / 'checks').glob('*.yml')):
if checkSpecification.get('useAllPlatformBundle'):
useAllPlatformBundle = checkSpecification['useAllPlatformBundle']
if 'analysisKinds' in checkSpecification:
newMatrix = []
for matrixInclude in matrix:
for analysisKind in checkSpecification.get('analysisKinds'):
newMatrix.append(
matrixInclude |
{ 'analysis-kinds': analysisKind }
)
matrix = newMatrix
# Construct the workflow steps needed for this check.
steps = [
{
'name': 'Check out repository',
src/analyses.ts
+45
View File
@@ -41,3 +41,48 @@ export async function parseAnalysisKinds(
/** The queries to use for Code Quality analyses. */
export const codeQualityQueries: string[] = ["code-quality"];
// Enumerates API endpoints that accept SARIF files.
export enum SARIF_UPLOAD_ENDPOINT {
CODE_SCANNING = "PUT /repos/:owner/:repo/code-scanning/analysis",
CODE_QUALITY = "PUT /repos/:owner/:repo/code-quality/analysis",
}
// Represents configurations for different analysis kinds.
export interface AnalysisConfig {
/** The analysis kind the configuration is for. */
kind: AnalysisKind;
/** A display friendly name for logs. */
name: string;
/** The API endpoint to upload SARIF files to. */
target: SARIF_UPLOAD_ENDPOINT;
/** The file extension for SARIF files generated by this kind of analysis. */
sarifExtension: string;
/** A predicate on filenames to decide whether a SARIF file
* belongs to this kind of analysis. */
sarifPredicate: (name: string) => boolean;
/** A prefix for environment variables used to track the uniqueness of SARIF uploads. */
sentinelPrefix: string;
}
// Represents the Code Scanning analysis configuration.
export const CodeScanning: AnalysisConfig = {
kind: AnalysisKind.CodeScanning,
name: "code scanning",
target: SARIF_UPLOAD_ENDPOINT.CODE_SCANNING,
sarifExtension: ".sarif",
sarifPredicate: (name) =>
name.endsWith(CodeScanning.sarifExtension) &&
!CodeQuality.sarifPredicate(name),
sentinelPrefix: "CODEQL_UPLOAD_SARIF_",
};
// Represents the Code Quality analysis configuration.
export const CodeQuality: AnalysisConfig = {
kind: AnalysisKind.CodeQuality,
name: "code quality",
target: SARIF_UPLOAD_ENDPOINT.CODE_QUALITY,
sarifExtension: ".quality.sarif",
sarifPredicate: (name) => name.endsWith(CodeQuality.sarifExtension),
sentinelPrefix: "CODEQL_UPLOAD_QUALITY_SARIF_",
};
src/analyze-action.ts
+19 -11
View File
@@ -5,6 +5,7 @@ import { performance } from "perf_hooks";
import * as core from "@actions/core";
import * as actionsUtil from "./actions-util";
import * as analyses from "./analyses";
import {
CodeQLAnalysisError,
dbIsFinalized,
@@ -18,7 +19,12 @@ import { getApiDetails, getGitHubVersion } from "./api-client";
import { runAutobuild } from "./autobuild";
import { getTotalCacheSize, shouldStoreCache } from "./caching-utils";
import { getCodeQL } from "./codeql";
import { Config, getConfig, isCodeQualityEnabled } from "./config-utils";
import {
Config,
getConfig,
isCodeQualityEnabled,
isCodeScanningEnabled,
} from "./config-utils";
import { uploadDatabases } from "./database-upload";
import { uploadDependencyCaches } from "./dependency-caching";
import { getDiffInformedAnalysisBranches } from "./diff-informed-analysis-utils";
@@ -326,15 +332,17 @@ async function run() {
core.setOutput("sarif-output", path.resolve(outputDir));
const uploadInput = actionsUtil.getOptionalInput("upload");
if (runStats && actionsUtil.getUploadValue(uploadInput) === "always") {
uploadResult = await uploadLib.uploadFiles(
outputDir,
actionsUtil.getRequiredInput("checkout_path"),
actionsUtil.getOptionalInput("category"),
features,
logger,
uploadLib.CodeScanningTarget,
);
core.setOutput("sarif-id", uploadResult.sarifID);
if (isCodeScanningEnabled(config)) {
uploadResult = await uploadLib.uploadFiles(
outputDir,
actionsUtil.getRequiredInput("checkout_path"),
actionsUtil.getOptionalInput("category"),
features,
logger,
analyses.CodeScanning,
);
core.setOutput("sarif-id", uploadResult.sarifID);
}
if (isCodeQualityEnabled(config)) {
const qualityUploadResult = await uploadLib.uploadFiles(
@@ -346,7 +354,7 @@ async function run() {
),
features,
logger,
uploadLib.CodeQualityTarget,
analyses.CodeQuality,
);
core.setOutput("quality-sarif-id", qualityUploadResult.sarifID);
}
src/analyze.test.ts
+12
View File
@@ -5,11 +5,13 @@ import test from "ava";
import * as sinon from "sinon";
import * as actionsUtil from "./actions-util";
import { CodeQuality, CodeScanning } from "./analyses";
import {
exportedForTesting,
runQueries,
defaultSuites,
resolveQuerySuiteAlias,
addSarifExtension,
} from "./analyze";
import { createStubCodeQL } from "./codeql";
import { Feature } from "./feature-flags";
@@ -348,3 +350,13 @@ test("resolveQuerySuiteAlias", (t) => {
t.deepEqual(resolveQuerySuiteAlias(KnownLanguage.go, name), name);
}
});
test("addSarifExtension", (t) => {
for (const language of Object.values(KnownLanguage)) {
t.deepEqual(addSarifExtension(CodeScanning, language), `${language}.sarif`);
t.deepEqual(
addSarifExtension(CodeQuality, language),
`${language}.quality.sarif`,
);
}
});
src/analyze.ts
+79 -27
View File
@@ -608,6 +608,16 @@ export function resolveQuerySuiteAlias(
return maybeSuite;
}
/**
* Adds the appropriate file extension for the given analysis configuration to the given base filename.
*/
export function addSarifExtension(
analysis: analyses.AnalysisConfig,
base: string,
): string {
return `${base}${analysis.sarifExtension}`;
}
// Runs queries and creates sarif files in the given folder
export async function runQueries(
sarifFolder: string,
@@ -650,15 +660,25 @@ export async function runQueries(
? `--sarif-run-property=incrementalMode=${incrementalMode.join(",")}`
: undefined;
const dbAnalysisConfig = configUtils.getPrimaryAnalysisConfig(config);
for (const language of config.languages) {
try {
const sarifFile = path.join(sarifFolder, `${language}.sarif`);
// This should be empty to run only the query suite that was generated when
// the database was initialised.
const queries: string[] = [];
if (configUtils.isCodeQualityEnabled(config)) {
// If multiple analysis kinds are enabled, the database is initialised for Code Scanning.
// To avoid duplicate work, we want to run queries for all analyses at the same time.
// To do this, we invoke `run-queries` once with the generated query suite that was created
// when the database was initialised + the queries for other analysis kinds.
if (config.analysisKinds.length > 1) {
queries.push(util.getGeneratedSuitePath(config, language));
for (const qualityQuery of analyses.codeQualityQueries) {
queries.push(resolveQuerySuiteAlias(language, qualityQuery));
if (configUtils.isCodeQualityEnabled(config)) {
for (const qualityQuery of analyses.codeQualityQueries) {
queries.push(resolveQuerySuiteAlias(language, qualityQuery));
}
}
}
@@ -676,48 +696,49 @@ export async function runQueries(
statusReport[`analyze_builtin_queries_${language}_duration_ms`] =
new Date().getTime() - startTimeRunQueries;
logger.startGroup(`Interpreting results for ${language}`);
// There is always at least one analysis kind enabled. Running `interpret-results`
// produces the SARIF file for the analysis kind that the database was initialised with.
const startTimeInterpretResults = new Date();
const analysisSummary = await runInterpretResults(
language,
undefined,
sarifFile,
config.debugMode,
automationDetailsId,
);
const { summary: analysisSummary, sarifFile } =
await runInterpretResultsFor(
dbAnalysisConfig,
language,
undefined,
config.debugMode,
);
// This case is only needed if Code Quality is not the sole analysis kind.
// In this case, we will have run queries for all analysis kinds. The previous call to
// `interpret-results` will have produced a SARIF file for Code Scanning and we now
// need to produce an additional SARIF file for Code Quality.
let qualityAnalysisSummary: string | undefined;
if (configUtils.isCodeQualityEnabled(config)) {
logger.info(`Interpreting quality results for ${language}`);
const qualityCategory = fixCodeQualityCategory(
logger,
automationDetailsId,
);
const qualitySarifFile = path.join(
sarifFolder,
`${language}.quality.sarif`,
);
qualityAnalysisSummary = await runInterpretResults(
if (
config.analysisKinds.length > 1 &&
configUtils.isCodeQualityEnabled(config)
) {
const qualityResult = await runInterpretResultsFor(
analyses.CodeQuality,
language,
analyses.codeQualityQueries.map((i) =>
resolveQuerySuiteAlias(language, i),
),
qualitySarifFile,
config.debugMode,
qualityCategory,
);
qualityAnalysisSummary = qualityResult.summary;
}
const endTimeInterpretResults = new Date();
statusReport[`interpret_results_${language}_duration_ms`] =
endTimeInterpretResults.getTime() - startTimeInterpretResults.getTime();
logger.endGroup();
logger.info(analysisSummary);
logger.info(analysisSummary);
if (qualityAnalysisSummary) {
logger.info(qualityAnalysisSummary);
}
if (await features.getValue(Feature.QaTelemetryEnabled)) {
// Note: QA adds the `code-quality` query suite to the `queries` input,
// so this is fine since there is no `.quality.sarif`.
const perQueryAlertCounts = getPerQueryAlertCounts(sarifFile);
const perQueryAlertCountEventReport: EventReport = {
@@ -748,6 +769,37 @@ export async function runQueries(
return statusReport;
async function runInterpretResultsFor(
analysis: analyses.AnalysisConfig,
language: Language,
queries: string[] | undefined,
enableDebugLogging: boolean,
): Promise<{ summary: string; sarifFile: string }> {
logger.info(`Interpreting ${analysis.name} results for ${language}`);
// If this is a Code Quality analysis, correct the category to one
// accepted by the Code Quality backend.
let category = automationDetailsId;
if (dbAnalysisConfig.kind === analyses.AnalysisKind.CodeQuality) {
category = fixCodeQualityCategory(logger, automationDetailsId);
}
const sarifFile = path.join(
sarifFolder,
addSarifExtension(analysis, language),
);
const summary = await runInterpretResults(
language,
queries,
sarifFile,
enableDebugLogging,
category,
);
return { summary, sarifFile };
}
async function runInterpretResults(
language: Language,
queries: string[] | undefined,
src/config-utils.test.ts
+63
View File
@@ -171,6 +171,63 @@ test("load empty config", async (t) => {
});
});
test("load code quality config", async (t) => {
return await withTmpDir(async (tempDir) => {
const logger = getRunnerLogger(true);
const languages = "actions";
const codeql = createStubCodeQL({
async betterResolveLanguages() {
return {
extractors: {
actions: [{ extractor_root: "" }],
},
};
},
});
const config = await configUtils.initConfig(
createTestInitConfigInputs({
analysisKindsInput: "code-quality",
languagesInput: languages,
repository: { owner: "github", repo: "example" },
tempDir,
codeql,
logger,
}),
);
// And the config we expect it to result in
const expectedConfig: configUtils.Config = {
analysisKinds: [AnalysisKind.CodeQuality],
languages: [KnownLanguage.actions],
buildMode: undefined,
originalUserInput: {},
// This gets set because we only have `AnalysisKind.CodeQuality`
computedConfig: {
"disable-default-queries": true,
queries: [{ uses: "code-quality" }],
"query-filters": [],
},
tempDir,
codeQLCmd: codeql.getPath(),
gitHubVersion: githubVersion,
dbLocation: path.resolve(tempDir, "codeql_databases"),
debugMode: false,
debugArtifactName: "",
debugDatabaseName: "",
trapCaches: {},
trapCacheDownloadTime: 0,
dependencyCachingEnabled: CachingKind.None,
extraQueryExclusions: [],
overlayDatabaseMode: OverlayDatabaseMode.None,
useOverlayDatabaseCaching: false,
};
t.deepEqual(config, expectedConfig);
});
});
test("loading config saves config", async (t) => {
return await withTmpDir(async (tempDir) => {
const logger = getRunnerLogger(true);
@@ -1755,3 +1812,9 @@ for (const language in KnownLanguage) {
},
);
}
test("hasActionsWorkflows doesn't throw if workflows folder doesn't exist", async (t) => {
return withTmpDir(async (tmpDir) => {
t.notThrows(() => configUtils.hasActionsWorkflows(tmpDir));
});
});
src/config-utils.ts
+74 -2
View File
@@ -6,7 +6,14 @@ import * as yaml from "js-yaml";
import * as semver from "semver";
import { isAnalyzingPullRequest } from "./actions-util";
import { AnalysisKind, parseAnalysisKinds } from "./analyses";
import {
AnalysisConfig,
AnalysisKind,
CodeQuality,
codeQualityQueries,
CodeScanning,
parseAnalysisKinds,
} from "./analyses";
import * as api from "./api-client";
import { CachingKind, getCachingKind } from "./caching-utils";
import { type CodeQL } from "./codeql";
@@ -28,6 +35,7 @@ import {
BuildMode,
codeQlVersionAtLeast,
cloneObject,
isDefined,
} from "./util";
// Property names from the user-supplied config file.
@@ -341,7 +349,7 @@ const baseWorkflowsPath = ".github/workflows";
*/
export function hasActionsWorkflows(sourceRoot: string): boolean {
const workflowsPath = path.resolve(sourceRoot, baseWorkflowsPath);
const stats = fs.lstatSync(workflowsPath);
const stats = fs.lstatSync(workflowsPath, { throwIfNoEntry: false });
return (
stats !== undefined &&
stats.isDirectory() &&
@@ -1074,6 +1082,19 @@ function userConfigFromActionPath(tempDir: string): string {
return path.resolve(tempDir, "user-config-from-action.yml");
}
/**
* Checks whether the given `UserConfig` contains any query customisations.
*
* @returns Returns `true` if the `UserConfig` customises which queries are run.
*/
function hasQueryCustomisation(userConfig: UserConfig): boolean {
return (
isDefined(userConfig["disable-default-queries"]) ||
isDefined(userConfig.queries) ||
isDefined(userConfig["query-filters"])
);
}
/**
* Load and return the config.
*
@@ -1110,6 +1131,25 @@ export async function initConfig(inputs: InitConfigInputs): Promise<Config> {
const config = await initActionState(inputs, userConfig);
// If Code Quality analysis is the only enabled analysis kind, then we will initialise
// the database for Code Quality. That entails disabling the default queries and only
// running quality queries. We do not currently support query customisations in that case.
if (config.analysisKinds.length === 1 && isCodeQualityEnabled(config)) {
// Warn if any query customisations are present in the computed configuration.
if (hasQueryCustomisation(config.computedConfig)) {
throw new ConfigurationError(
"Query customizations are unsupported, because only `code-quality` analysis is enabled.",
);
}
const queries = codeQualityQueries.map((v) => ({ uses: v }));
// Set the query customisation options for Code Quality only analysis.
config.computedConfig["disable-default-queries"] = true;
config.computedConfig.queries = queries;
config.computedConfig["query-filters"] = [];
}
// The choice of overlay database mode depends on the selection of languages
// and queries, which in turn depends on the user config and the augmentation
// properties. So we need to calculate the overlay database mode after the
@@ -1509,9 +1549,41 @@ export function appendExtraQueryExclusions(
return augmentedConfig;
}
/**
* Returns `true` if Code Scanning analysis is enabled, or `false` if not.
*/
export function isCodeScanningEnabled(config: Config): boolean {
return config.analysisKinds.includes(AnalysisKind.CodeScanning);
}
/**
* Returns `true` if Code Quality analysis is enabled, or `false` if not.
*/
export function isCodeQualityEnabled(config: Config): boolean {
return config.analysisKinds.includes(AnalysisKind.CodeQuality);
}
/**
* Returns the primary analysis kind that the Action is initialised with. This is
* always `AnalysisKind.CodeScanning` unless `AnalysisKind.CodeScanning` is not enabled.
*
* @returns Returns `AnalysisKind.CodeScanning` if `AnalysisKind.CodeScanning` is enabled;
* otherwise `AnalysisKind.CodeQuality`.
*/
export function getPrimaryAnalysisKind(config: Config): AnalysisKind {
return isCodeScanningEnabled(config)
? AnalysisKind.CodeScanning
: AnalysisKind.CodeQuality;
}
/**
* Returns the primary analysis configuration that the Action is initialised with. This is
* always `CodeScanning` unless `CodeScanning` is not enabled.
*
* @returns Returns `CodeScanning` if `AnalysisKind.CodeScanning` is enabled; otherwise `CodeQuality`.
*/
export function getPrimaryAnalysisConfig(config: Config): AnalysisConfig {
return getPrimaryAnalysisKind(config) === AnalysisKind.CodeScanning
? CodeScanning
: CodeQuality;
}
src/init-action-post-helper.ts
+2 -1
View File
@@ -4,6 +4,7 @@ import * as core from "@actions/core";
import * as github from "@actions/github";
import * as actionsUtil from "./actions-util";
import { CodeScanning } from "./analyses";
import { getApiClient } from "./api-client";
import { CodeQL, getCodeQL } from "./codeql";
import { Config } from "./config-utils";
@@ -104,7 +105,7 @@ async function maybeUploadFailedSarif(
category,
features,
logger,
uploadLib.CodeScanningTarget,
CodeScanning,
);
await uploadLib.waitForProcessing(
repositoryNwo,
src/overlay-database-utils.test.ts
+6
View File
@@ -6,6 +6,7 @@ import test from "ava";
import * as sinon from "sinon";
import * as actionsUtil from "./actions-util";
import * as apiClient from "./api-client";
import * as gitUtils from "./git-utils";
import { getRunnerLogger } from "./logging";
import {
@@ -133,6 +134,11 @@ const testDownloadOverlayBaseDatabaseFromCache = test.macro({
const stubs: sinon.SinonStub[] = [];
const getAutomationIDStub = sinon
.stub(apiClient, "getAutomationID")
.resolves("test-automation-id/");
stubs.push(getAutomationIDStub);
const isInTestModeStub = sinon
.stub(utils, "isInTestMode")
.returns(testCase.isInTestMode);
src/overlay-database-utils.ts
+91 -19
View File
@@ -1,9 +1,11 @@
import * as crypto from "crypto";
import * as fs from "fs";
import * as path from "path";
import * as actionsCache from "@actions/cache";
import { getRequiredInput, getTemporaryDirectory } from "./actions-util";
import { getAutomationID } from "./api-client";
import { type CodeQL } from "./codeql";
import { type Config } from "./config-utils";
import { getCommitOid, getFileOidsUnderPath } from "./git-utils";
@@ -251,15 +253,19 @@ export async function uploadOverlayBaseDatabaseToCache(
const codeQlVersion = (await codeql.getVersion()).version;
const checkoutPath = getRequiredInput("checkout_path");
const cacheKey = await generateCacheKey(config, codeQlVersion, checkoutPath);
const cacheSaveKey = await getCacheSaveKey(
config,
codeQlVersion,
checkoutPath,
);
logger.info(
`Uploading overlay-base database to Actions cache with key ${cacheKey}`,
`Uploading overlay-base database to Actions cache with key ${cacheSaveKey}`,
);
try {
const cacheId = await withTimeout(
MAX_CACHE_OPERATION_MS,
actionsCache.saveCache([dbLocation], cacheKey),
actionsCache.saveCache([dbLocation], cacheSaveKey),
() => {},
);
if (cacheId === undefined) {
@@ -322,10 +328,14 @@ export async function downloadOverlayBaseDatabaseFromCache(
const dbLocation = config.dbLocation;
const codeQlVersion = (await codeql.getVersion()).version;
const restoreKey = getCacheRestoreKey(config, codeQlVersion);
const cacheRestoreKeyPrefix = await getCacheRestoreKeyPrefix(
config,
codeQlVersion,
);
logger.info(
`Looking in Actions cache for overlay-base database with restore key ${restoreKey}`,
"Looking in Actions cache for overlay-base database with " +
`restore key ${cacheRestoreKeyPrefix}`,
);
let databaseDownloadDurationMs = 0;
@@ -333,7 +343,7 @@ export async function downloadOverlayBaseDatabaseFromCache(
const databaseDownloadStart = performance.now();
const foundKey = await withTimeout(
MAX_CACHE_OPERATION_MS,
actionsCache.restoreCache([dbLocation], restoreKey),
actionsCache.restoreCache([dbLocation], cacheRestoreKeyPrefix),
() => {
logger.info("Timed out downloading overlay-base database from cache");
},
@@ -387,25 +397,87 @@ export async function downloadOverlayBaseDatabaseFromCache(
};
}
async function generateCacheKey(
/**
* Computes the cache key for saving the overlay-base database to the GitHub
* Actions cache.
*
* The key consists of the restore key prefix (which does not include the
* commit SHA) and the commit SHA of the current checkout.
*/
async function getCacheSaveKey(
config: Config,
codeQlVersion: string,
checkoutPath: string,
): Promise<string> {
const sha = await getCommitOid(checkoutPath);
return `${getCacheRestoreKey(config, codeQlVersion)}${sha}`;
const restoreKeyPrefix = await getCacheRestoreKeyPrefix(
config,
codeQlVersion,
);
return `${restoreKeyPrefix}${sha}`;
}
function getCacheRestoreKey(config: Config, codeQlVersion: string): string {
// The restore key (prefix) specifies which cached overlay-base databases are
// compatible with the current analysis: the cached database must have the
// same cache version and the same CodeQL bundle version.
//
// Actions cache supports using multiple restore keys to indicate preference.
// Technically we prefer a cached overlay-base database with the same SHA as
// we are analyzing. However, since overlay-base databases are built from the
// default branch and used in PR analysis, it is exceedingly unlikely that
// the commit SHA will ever be the same, so we can just leave it out.
/**
* Computes the cache key prefix for restoring the overlay-base database from
* the GitHub Actions cache.
*
* Actions cache supports using multiple restore keys to indicate preference,
* and this function could in principle take advantage of that feature by
* returning a list of restore key prefixes. However, since overlay-base
* databases are built from the default branch and used in PR analysis, it is
* exceedingly unlikely that the commit SHA will ever be the same.
*
* Therefore, this function returns only a single restore key prefix, which does
* not include the commit SHA. This allows us to restore the most recent
* compatible overlay-base database.
*/
async function getCacheRestoreKeyPrefix(
config: Config,
codeQlVersion: string,
): Promise<string> {
const languages = [...config.languages].sort().join("_");
return `${CACHE_PREFIX}-${CACHE_VERSION}-${languages}-${codeQlVersion}-`;
const cacheKeyComponents = {
automationID: await getAutomationID(),
// Add more components here as needed in the future
};
const componentsHash = createCacheKeyHash(cacheKeyComponents);
// For a cached overlay-base database to be considered compatible for overlay
// analysis, all components in the cache restore key must match:
//
// CACHE_PREFIX: distinguishes overlay-base databases from other cache objects
// CACHE_VERSION: cache format version
// componentsHash: hash of additional components (see above for details)
// languages: the languages included in the overlay-base database
// codeQlVersion: CodeQL bundle version
//
// Technically we can also include languages and codeQlVersion in the
// componentsHash, but including them explicitly in the cache key makes it
// easier to debug and understand the cache key structure.
return `${CACHE_PREFIX}-${CACHE_VERSION}-${componentsHash}-${languages}-${codeQlVersion}-`;
}
/**
* Creates a SHA-256 hash of the cache key components to ensure uniqueness
* while keeping the cache key length manageable.
*
* @param components Object containing all components that should influence cache key uniqueness
* @returns A short SHA-256 hash (first 16 characters) of the components
*/
function createCacheKeyHash(components: Record<string, any>): string {
// From https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/JSON/stringify
//
// "Properties are visited using the same algorithm as Object.keys(), which
// has a well-defined order and is stable across implementations. For example,
// JSON.stringify on the same object will always produce the same string, and
// JSON.parse(JSON.stringify(obj)) would produce an object with the same key
// ordering as the original (assuming the object is completely
// JSON-serializable)."
const componentsJson = JSON.stringify(components);
return crypto
.createHash("sha256")
.update(componentsJson)
.digest("hex")
.substring(0, 16);
}
src/start-proxy.ts
+1 -10
View File
@@ -2,7 +2,7 @@ import * as core from "@actions/core";
import { KnownLanguage } from "./languages";
import { Logger } from "./logging";
import { ConfigurationError } from "./util";
import { ConfigurationError, isDefined } from "./util";
export type Credential = {
type: string;
@@ -65,15 +65,6 @@ const LANGUAGE_TO_REGISTRY_TYPE: Partial<Record<KnownLanguage, string[]>> = {
go: ["goproxy_server", "git_source"],
} as const;
/**
* Checks that `value` is neither `undefined` nor `null`.
* @param value The value to test.
* @returns Narrows the type of `value` to exclude `undefined` and `null`.
*/
function isDefined<T>(value: T | null | undefined): value is T {
return value !== undefined && value !== null;
}
// getCredentials returns registry credentials from action inputs.
// It prefers `registries_credentials` over `registry_secrets`.
// If neither is set, it returns an empty array.
src/upload-lib.test.ts
+185 -45
View File
@@ -3,6 +3,7 @@ import * as path from "path";
import test from "ava";
import { CodeQuality, CodeScanning } from "./analyses";
import { getRunnerLogger, Logger } from "./logging";
import { setupTests } from "./testing-utils";
import * as uploadLib from "./upload-lib";
@@ -128,7 +129,7 @@ test("finding SARIF files", async (t) => {
const sarifFiles = uploadLib.findSarifFilesInDir(
tmpDir,
uploadLib.CodeScanningTarget.sarifPredicate,
CodeScanning.sarifPredicate,
);
t.deepEqual(sarifFiles, [
@@ -140,7 +141,7 @@ test("finding SARIF files", async (t) => {
const qualitySarifFiles = uploadLib.findSarifFilesInDir(
tmpDir,
uploadLib.CodeQualityTarget.sarifPredicate,
CodeQuality.sarifPredicate,
);
t.deepEqual(qualitySarifFiles, [
@@ -211,109 +212,237 @@ test("populateRunAutomationDetails", (t) => {
});
test("validateUniqueCategory when empty", (t) => {
t.notThrows(() => uploadLib.validateUniqueCategory(createMockSarif()));
t.throws(() => uploadLib.validateUniqueCategory(createMockSarif()));
t.notThrows(() =>
uploadLib.validateUniqueCategory(
createMockSarif(),
CodeScanning.sentinelPrefix,
),
);
t.throws(() =>
uploadLib.validateUniqueCategory(
createMockSarif(),
CodeScanning.sentinelPrefix,
),
);
});
test("validateUniqueCategory for automation details id", (t) => {
t.notThrows(() => uploadLib.validateUniqueCategory(createMockSarif("abc")));
t.throws(() => uploadLib.validateUniqueCategory(createMockSarif("abc")));
t.throws(() => uploadLib.validateUniqueCategory(createMockSarif("AbC")));
t.notThrows(() =>
uploadLib.validateUniqueCategory(
createMockSarif("abc"),
CodeScanning.sentinelPrefix,
),
);
t.throws(() =>
uploadLib.validateUniqueCategory(
createMockSarif("abc"),
CodeScanning.sentinelPrefix,
),
);
t.throws(() =>
uploadLib.validateUniqueCategory(
createMockSarif("AbC"),
CodeScanning.sentinelPrefix,
),
);
t.notThrows(() => uploadLib.validateUniqueCategory(createMockSarif("def")));
t.throws(() => uploadLib.validateUniqueCategory(createMockSarif("def")));
t.notThrows(() =>
uploadLib.validateUniqueCategory(
createMockSarif("def"),
CodeScanning.sentinelPrefix,
),
);
t.throws(() =>
uploadLib.validateUniqueCategory(
createMockSarif("def"),
CodeScanning.sentinelPrefix,
),
);
// Our category sanitization is not perfect. Here are some examples
// of where we see false clashes
t.notThrows(() =>
uploadLib.validateUniqueCategory(createMockSarif("abc/def")),
uploadLib.validateUniqueCategory(
createMockSarif("abc/def"),
CodeScanning.sentinelPrefix,
),
);
t.throws(() =>
uploadLib.validateUniqueCategory(
createMockSarif("abc@def"),
CodeScanning.sentinelPrefix,
),
);
t.throws(() =>
uploadLib.validateUniqueCategory(
createMockSarif("abc_def"),
CodeScanning.sentinelPrefix,
),
);
t.throws(() =>
uploadLib.validateUniqueCategory(
createMockSarif("abc def"),
CodeScanning.sentinelPrefix,
),
);
t.throws(() => uploadLib.validateUniqueCategory(createMockSarif("abc@def")));
t.throws(() => uploadLib.validateUniqueCategory(createMockSarif("abc_def")));
t.throws(() => uploadLib.validateUniqueCategory(createMockSarif("abc def")));
// this one is fine
t.notThrows(() =>
uploadLib.validateUniqueCategory(createMockSarif("abc_ def")),
uploadLib.validateUniqueCategory(
createMockSarif("abc_ def"),
CodeScanning.sentinelPrefix,
),
);
});
test("validateUniqueCategory for tool name", (t) => {
t.notThrows(() =>
uploadLib.validateUniqueCategory(createMockSarif(undefined, "abc")),
uploadLib.validateUniqueCategory(
createMockSarif(undefined, "abc"),
CodeScanning.sentinelPrefix,
),
);
t.throws(() =>
uploadLib.validateUniqueCategory(createMockSarif(undefined, "abc")),
uploadLib.validateUniqueCategory(
createMockSarif(undefined, "abc"),
CodeScanning.sentinelPrefix,
),
);
t.throws(() =>
uploadLib.validateUniqueCategory(createMockSarif(undefined, "AbC")),
uploadLib.validateUniqueCategory(
createMockSarif(undefined, "AbC"),
CodeScanning.sentinelPrefix,
),
);
t.notThrows(() =>
uploadLib.validateUniqueCategory(createMockSarif(undefined, "def")),
uploadLib.validateUniqueCategory(
createMockSarif(undefined, "def"),
CodeScanning.sentinelPrefix,
),
);
t.throws(() =>
uploadLib.validateUniqueCategory(createMockSarif(undefined, "def")),
uploadLib.validateUniqueCategory(
createMockSarif(undefined, "def"),
CodeScanning.sentinelPrefix,
),
);
// Our category sanitization is not perfect. Here are some examples
// of where we see false clashes
t.notThrows(() =>
uploadLib.validateUniqueCategory(createMockSarif(undefined, "abc/def")),
uploadLib.validateUniqueCategory(
createMockSarif(undefined, "abc/def"),
CodeScanning.sentinelPrefix,
),
);
t.throws(() =>
uploadLib.validateUniqueCategory(createMockSarif(undefined, "abc@def")),
uploadLib.validateUniqueCategory(
createMockSarif(undefined, "abc@def"),
CodeScanning.sentinelPrefix,
),
);
t.throws(() =>
uploadLib.validateUniqueCategory(createMockSarif(undefined, "abc_def")),
uploadLib.validateUniqueCategory(
createMockSarif(undefined, "abc_def"),
CodeScanning.sentinelPrefix,
),
);
t.throws(() =>
uploadLib.validateUniqueCategory(createMockSarif(undefined, "abc def")),
uploadLib.validateUniqueCategory(
createMockSarif(undefined, "abc def"),
CodeScanning.sentinelPrefix,
),
);
// this one is fine
t.notThrows(() =>
uploadLib.validateUniqueCategory(createMockSarif("abc_ def")),
uploadLib.validateUniqueCategory(
createMockSarif("abc_ def"),
CodeScanning.sentinelPrefix,
),
);
});
test("validateUniqueCategory for automation details id and tool name", (t) => {
t.notThrows(() =>
uploadLib.validateUniqueCategory(createMockSarif("abc", "abc")),
uploadLib.validateUniqueCategory(
createMockSarif("abc", "abc"),
CodeScanning.sentinelPrefix,
),
);
t.throws(() =>
uploadLib.validateUniqueCategory(createMockSarif("abc", "abc")),
uploadLib.validateUniqueCategory(
createMockSarif("abc", "abc"),
CodeScanning.sentinelPrefix,
),
);
t.notThrows(() =>
uploadLib.validateUniqueCategory(createMockSarif("abc_", "def")),
uploadLib.validateUniqueCategory(
createMockSarif("abc_", "def"),
CodeScanning.sentinelPrefix,
),
);
t.throws(() =>
uploadLib.validateUniqueCategory(createMockSarif("abc_", "def")),
uploadLib.validateUniqueCategory(
createMockSarif("abc_", "def"),
CodeScanning.sentinelPrefix,
),
);
t.notThrows(() =>
uploadLib.validateUniqueCategory(createMockSarif("ghi", "_jkl")),
uploadLib.validateUniqueCategory(
createMockSarif("ghi", "_jkl"),
CodeScanning.sentinelPrefix,
),
);
t.throws(() =>
uploadLib.validateUniqueCategory(createMockSarif("ghi", "_jkl")),
uploadLib.validateUniqueCategory(
createMockSarif("ghi", "_jkl"),
CodeScanning.sentinelPrefix,
),
);
// Our category sanitization is not perfect. Here are some examples
// of where we see false clashes
t.notThrows(() => uploadLib.validateUniqueCategory(createMockSarif("abc")));
t.throws(() => uploadLib.validateUniqueCategory(createMockSarif("abc", "_")));
t.notThrows(() =>
uploadLib.validateUniqueCategory(createMockSarif("abc", "def__")),
);
t.throws(() => uploadLib.validateUniqueCategory(createMockSarif("abc_def")));
t.notThrows(() =>
uploadLib.validateUniqueCategory(createMockSarif("mno_", "pqr")),
uploadLib.validateUniqueCategory(
createMockSarif("abc"),
CodeScanning.sentinelPrefix,
),
);
t.throws(() =>
uploadLib.validateUniqueCategory(createMockSarif("mno", "_pqr")),
uploadLib.validateUniqueCategory(
createMockSarif("abc", "_"),
CodeScanning.sentinelPrefix,
),
);
t.notThrows(() =>
uploadLib.validateUniqueCategory(
createMockSarif("abc", "def__"),
CodeScanning.sentinelPrefix,
),
);
t.throws(() =>
uploadLib.validateUniqueCategory(
createMockSarif("abc_def"),
CodeScanning.sentinelPrefix,
),
);
t.notThrows(() =>
uploadLib.validateUniqueCategory(
createMockSarif("mno_", "pqr"),
CodeScanning.sentinelPrefix,
),
);
t.throws(() =>
uploadLib.validateUniqueCategory(
createMockSarif("mno", "_pqr"),
CodeScanning.sentinelPrefix,
),
);
});
@@ -323,19 +452,30 @@ test("validateUniqueCategory for multiple runs", (t) => {
// duplicate categories are allowed within the same sarif file
const multiSarif = { runs: [sarif1.runs[0], sarif1.runs[0], sarif2.runs[0]] };
t.notThrows(() => uploadLib.validateUniqueCategory(multiSarif));
t.notThrows(() =>
uploadLib.validateUniqueCategory(multiSarif, CodeScanning.sentinelPrefix),
);
// should throw if there are duplicate categories in separate validations
t.throws(() => uploadLib.validateUniqueCategory(sarif1));
t.throws(() => uploadLib.validateUniqueCategory(sarif2));
t.throws(() =>
uploadLib.validateUniqueCategory(sarif1, CodeScanning.sentinelPrefix),
);
t.throws(() =>
uploadLib.validateUniqueCategory(sarif2, CodeScanning.sentinelPrefix),
);
});
test("validateUniqueCategory with different prefixes", (t) => {
t.notThrows(() => uploadLib.validateUniqueCategory(createMockSarif()));
t.notThrows(() =>
uploadLib.validateUniqueCategory(
createMockSarif(),
uploadLib.CodeQualityTarget.sentinelPrefix,
CodeScanning.sentinelPrefix,
),
);
t.notThrows(() =>
uploadLib.validateUniqueCategory(
createMockSarif(),
CodeQuality.sentinelPrefix,
),
);
});
src/upload-lib.ts
+5 -35
View File
@@ -8,6 +8,7 @@ import { OctokitResponse } from "@octokit/types";
import * as jsonschema from "jsonschema";
import * as actionsUtil from "./actions-util";
import * as analyses from "./analyses";
import * as api from "./api-client";
import { getGitHubVersion, wrapApiConfigurationError } from "./api-client";
import { CodeQL, getCodeQL } from "./codeql";
@@ -345,19 +346,13 @@ function getAutomationID(
return api.computeAutomationID(analysis_key, environment);
}
// Enumerates API endpoints that accept SARIF files.
export enum SARIF_UPLOAD_ENDPOINT {
CODE_SCANNING = "PUT /repos/:owner/:repo/code-scanning/analysis",
CODE_QUALITY = "PUT /repos/:owner/:repo/code-quality/analysis",
}
// Upload the given payload.
// If the request fails then this will retry a small number of times.
async function uploadPayload(
payload: any,
repositoryNwo: RepositoryNwo,
logger: Logger,
target: SARIF_UPLOAD_ENDPOINT,
target: analyses.SARIF_UPLOAD_ENDPOINT,
): Promise<string> {
logger.info("Uploading results");
@@ -616,31 +611,6 @@ export function buildPayload(
return payloadObj;
}
// Represents configurations for different services that we can upload SARIF to.
export interface UploadTarget {
name: string;
target: SARIF_UPLOAD_ENDPOINT;
sarifPredicate: (name: string) => boolean;
sentinelPrefix: string;
}
// Represents the Code Scanning upload target.
export const CodeScanningTarget: UploadTarget = {
name: "code scanning",
target: SARIF_UPLOAD_ENDPOINT.CODE_SCANNING,
sarifPredicate: (name) =>
name.endsWith(".sarif") && !CodeQualityTarget.sarifPredicate(name),
sentinelPrefix: "CODEQL_UPLOAD_SARIF_",
};
// Represents the Code Quality upload target.
export const CodeQualityTarget: UploadTarget = {
name: "code quality",
target: SARIF_UPLOAD_ENDPOINT.CODE_QUALITY,
sarifPredicate: (name) => name.endsWith(".quality.sarif"),
sentinelPrefix: "CODEQL_UPLOAD_QUALITY_SARIF_",
};
/**
* Uploads a single SARIF file or a directory of SARIF files depending on what `inputSarifPath` refers
* to.
@@ -651,7 +621,7 @@ export async function uploadFiles(
category: string | undefined,
features: FeatureEnablement,
logger: Logger,
uploadTarget: UploadTarget,
uploadTarget: analyses.AnalysisConfig,
): Promise<UploadResult> {
const sarifPaths = getSarifFilePaths(
inputSarifPath,
@@ -677,7 +647,7 @@ export async function uploadSpecifiedFiles(
category: string | undefined,
features: FeatureEnablement,
logger: Logger,
uploadTarget: UploadTarget = CodeScanningTarget,
uploadTarget: analyses.AnalysisConfig,
): Promise<UploadResult> {
logger.startGroup(`Uploading ${uploadTarget.name} results`);
logger.info(`Processing sarif files: ${JSON.stringify(sarifPaths)}`);
@@ -943,7 +913,7 @@ function handleProcessingResultForUnsuccessfulExecution(
export function validateUniqueCategory(
sarif: SarifFile,
sentinelPrefix: string = CodeScanningTarget.sentinelPrefix,
sentinelPrefix: string,
): void {
// duplicate categories are allowed in the same sarif file
// but not across multiple sarif files
src/upload-sarif-action.ts
+4 -3
View File
@@ -4,6 +4,7 @@ import * as core from "@actions/core";
import * as actionsUtil from "./actions-util";
import { getActionVersion, getTemporaryDirectory } from "./actions-util";
import * as analyses from "./analyses";
import { getGitHubVersion } from "./api-client";
import { Features } from "./feature-flags";
import { Logger, getActionsLogger } from "./logging";
@@ -95,7 +96,7 @@ async function run() {
category,
features,
logger,
upload_lib.CodeScanningTarget,
analyses.CodeScanning,
);
core.setOutput("sarif-id", uploadResult.sarifID);
@@ -105,7 +106,7 @@ async function run() {
if (fs.lstatSync(sarifPath).isDirectory()) {
const qualitySarifFiles = upload_lib.findSarifFilesInDir(
sarifPath,
upload_lib.CodeQualityTarget.sarifPredicate,
analyses.CodeQuality.sarifPredicate,
);
if (qualitySarifFiles.length !== 0) {
@@ -115,7 +116,7 @@ async function run() {
actionsUtil.fixCodeQualityCategory(logger, category),
features,
logger,
upload_lib.CodeQualityTarget,
analyses.CodeQuality,
);
}
}
src/util.ts
+9
View File
@@ -1278,3 +1278,12 @@ export async function asyncSome<T>(
const results = await Promise.all(array.map(predicate));
return results.some((result) => result);
}
/**
* Checks that `value` is neither `undefined` nor `null`.
* @param value The value to test.
* @returns Narrows the type of `value` to exclude `undefined` and `null`.
*/
export function isDefined<T>(value: T | null | undefined): value is T {
return value !== undefined && value !== null;
}
tests/multi-language-repo/.gitignore
+2
View File
@@ -1,9 +1,11 @@
.DS_Store
/.build
/Packages
/obj
/*.xcodeproj
xcuserdata/
DerivedData/
.swiftpm/config/registries.json
.swiftpm/xcode/package.xcworkspace/contents.xcworkspacedata
.netrc
multi-language-repo.sln