github/codeql-action
0
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-05-29 09:54:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add threat-models as a property to config file and inputs

Browse Source 
There's a lot of changes here, but it's pretty formulaic. It follows the
approach used by the `queries` input and config property.
`threat-models` can appear as an input or in the config file. If it
appears in the input, then we need to either merge it with the
threat-models in the config (if prefixed with `+`) or overwrite it.

There's no danger if someone uses `threat-models` with an older CLI
since the CLI can handle configs with extra properties.
This commit is contained in:
Andrew Eisenberg
2023-04-19 15:01:02 -07:00
parent a8affb0639
commit 7a9b004c1f
44 changed files with 534 additions and 142 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lib/codeql.test.js
Generated
+59
View File
@@ -83,6 +83,7 @@ ava_1.default.beforeEach(() => {
debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
augmentationProperties: {
threatModelsInputCombines: false,
injectedMlQueries: false,
packsInputCombines: false,
queriesInputCombines: false,
@@ -447,6 +448,7 @@ for (const isBundleVersionInUrl of [true, false]) {
...stubConfig,
tempDir,
augmentationProperties: {
threatModelsInputCombines: false,
injectedMlQueries: false,
queriesInputCombines: false,
packsInputCombines: false,
@@ -491,11 +493,13 @@ const injectedConfigMacro = ava_1.default.macro({
injectedMlQueries: false,
queriesInputCombines: false,
packsInputCombines: false,
threatModelsInputCombines: false,
}, {}, {});
(0, ava_1.default)("injected ML queries", injectedConfigMacro, {
injectedMlQueries: true,
queriesInputCombines: false,
packsInputCombines: false,
threatModelsInputCombines: false,
}, {}, {
packs: ["codeql/javascript-experimental-atm-queries@~0.4.0"],
});
@@ -503,6 +507,7 @@ const injectedConfigMacro = ava_1.default.macro({
injectedMlQueries: true,
queriesInputCombines: false,
packsInputCombines: false,
threatModelsInputCombines: false,
}, {
originalUserInput: {
packs: { javascript: ["codeql/something-else"] },
@@ -519,6 +524,7 @@ const injectedConfigMacro = ava_1.default.macro({
injectedMlQueries: true,
queriesInputCombines: false,
packsInputCombines: false,
threatModelsInputCombines: false,
}, {
originalUserInput: {
packs: { cpp: ["codeql/something-else"] },
@@ -534,6 +540,7 @@ const injectedConfigMacro = ava_1.default.macro({
queriesInputCombines: false,
packsInputCombines: false,
packsInput: ["xxx", "yyy"],
threatModelsInputCombines: false,
}, {}, {
packs: ["xxx", "yyy"],
});
@@ -542,6 +549,7 @@ const injectedConfigMacro = ava_1.default.macro({
queriesInputCombines: false,
packsInputCombines: true,
packsInput: ["xxx", "yyy"],
threatModelsInputCombines: false,
}, {
originalUserInput: {
packs: {
@@ -558,6 +566,7 @@ const injectedConfigMacro = ava_1.default.macro({
queriesInputCombines: false,
packsInputCombines: false,
packsInput: ["xxx", "yyy"],
threatModelsInputCombines: false,
}, {
originalUserInput: {
packs: {
@@ -572,6 +581,7 @@ const injectedConfigMacro = ava_1.default.macro({
queriesInputCombines: false,
packsInputCombines: false,
packsInput: ["xxx", "yyy"],
threatModelsInputCombines: false,
}, {
originalUserInput: {
packs: {
@@ -586,6 +596,7 @@ const injectedConfigMacro = ava_1.default.macro({
injectedMlQueries: false,
queriesInputCombines: false,
packsInputCombines: false,
threatModelsInputCombines: false,
queriesInput: [{ uses: "xxx" }, { uses: "yyy" }],
}, {}, {
queries: [
@@ -601,6 +612,7 @@ const injectedConfigMacro = ava_1.default.macro({
injectedMlQueries: false,
queriesInputCombines: false,
packsInputCombines: false,
threatModelsInputCombines: false,
queriesInput: [{ uses: "xxx" }, { uses: "yyy" }],
}, {
originalUserInput: {
@@ -620,6 +632,7 @@ const injectedConfigMacro = ava_1.default.macro({
injectedMlQueries: false,
queriesInputCombines: true,
packsInputCombines: false,
threatModelsInputCombines: false,
queriesInput: [{ uses: "xxx" }, { uses: "yyy" }],
}, {
originalUserInput: {
@@ -642,6 +655,7 @@ const injectedConfigMacro = ava_1.default.macro({
injectedMlQueries: false,
queriesInputCombines: true,
packsInputCombines: true,
threatModelsInputCombines: false,
queriesInput: [{ uses: "xxx" }, { uses: "yyy" }],
}, {}, {
queries: [
@@ -657,6 +671,7 @@ const injectedConfigMacro = ava_1.default.macro({
injectedMlQueries: false,
queriesInputCombines: true,
packsInputCombines: true,
threatModelsInputCombines: false,
queriesInput: [],
packsInput: [],
}, {
@@ -665,6 +680,50 @@ const injectedConfigMacro = ava_1.default.macro({
queries: [],
},
}, {});
(0, ava_1.default)("threat model from config", injectedConfigMacro, {
injectedMlQueries: false,
queriesInputCombines: true,
packsInputCombines: true,
threatModelsInputCombines: false,
queriesInput: [],
packsInput: [],
}, {
originalUserInput: {
"threat-models": ["a", "b"],
},
}, {
"threat-models": ["a", "b"],
});
(0, ava_1.default)("threat model from input overrides config", injectedConfigMacro, {
injectedMlQueries: false,
queriesInputCombines: true,
packsInputCombines: true,
threatModelsInputCombines: false,
threatModelsInput: ["a", "b"],
queriesInput: [],
packsInput: [],
}, {
originalUserInput: {
"threat-models": ["c", "d"],
},
}, {
"threat-models": ["a", "b"],
});
(0, ava_1.default)("threat model from input combines with config", injectedConfigMacro, {
injectedMlQueries: false,
queriesInputCombines: true,
packsInputCombines: true,
threatModelsInputCombines: true,
threatModelsInput: ["a", "b"],
queriesInput: [],
packsInput: [],
}, {
originalUserInput: {
"threat-models": ["c", "d"],
},
}, {
"threat-models": ["c", "d", "a", "b"],
});
(0, ava_1.default)("does not pass a code scanning config or qlconfig file to the CLI when CLI config passing is disabled", async (t) => {
await util.withTmpDir(async (tempDir) => {
const runnerConstructorStub = stubToolRunnerConstructor();