codeql-action/lib/chunks/chunk-5ZRYQL45.js

import { createRequire as __codeqlCreateRequire } from "module";import { fileURLToPath as __codeqlFileURLToPath } from "url";import { dirname as __codeqlDirname } from "path";var require = __codeqlCreateRequire(import.meta.url);var __filename = __codeqlFileURLToPath(import.meta.url);var __dirname = __codeqlDirname(__filename);
import{b as Y}from"./chunk-U2JW7LOC.js";import{a as j,b as H}from"./chunk-HIJVM6IW.js";import{e as z}from"./chunk-LYJYPMC2.js";import{Bb as k,Db as U,Eb as q,G as b,H as Q,Lb as B,c as te,ea as A,fa as N,h as ne,hc as v,jc as G,n as x,nb as R,o as O,pb as F,ra as $,ta as M}from"./chunk-V6LGBXSF.js";var K=te(ne());import*as c from"fs";import*as p from"path";import{performance as D}from"perf_hooks";var T=class extends Error{constructor(t,a,r){super(a);this.queriesStatusReport=t;this.message=a;this.error=r;this.name="CodeQLAnalysisError"}queriesStatusReport;message;error};async function ae(n){let e=process.env.CODEQL_PYTHON;e===void 0||e.length===0||n.warning(`The CODEQL_PYTHON environment variable is no longer supported. Please remove it from your workflow. This environment variable was originally used to specify a Python executable that included the dependencies of your Python code, however Python analysis no longer uses these dependencies.
If you used CODEQL_PYTHON to force the version of Python to analyze as, please use CODEQL_EXTRACTOR_PYTHON_ANALYSIS_VERSION instead, such as 'CODEQL_EXTRACTOR_PYTHON_ANALYSIS_VERSION=2.7' or 'CODEQL_EXTRACTOR_PYTHON_ANALYSIS_VERSION=3.11'.`)}async function re(n,e,t,a){for(let r of t.languages){if(X(t,r,a)){a.debug(`Database for ${r} has already been finalized, skipping extraction.`);continue}await ie(n,t,r)&&(a.startGroup(`Extracting ${r}`),r==="python"&&await ae(a),t.buildMode?(r==="cpp"&&t.buildMode==="autobuild"&&await Y(n,a),r==="java"&&t.buildMode==="none"&&(process.env.CODEQL_EXTRACTOR_JAVA_OPTION_BUILDLESS_DEPENDENCY_DIR=j()),r==="csharp"&&t.buildMode==="none"&&await e.getValue("csharp_cache_bmn")&&(process.env.CODEQL_EXTRACTOR_CSHARP_OPTION_BUILDLESS_DEPENDENCY_DIR=H()),await n.extractUsingBuildMode(t,r)):await n.extractScannedLanguage(t,r),a.endGroup())}}async function ie(n,e,t){return e.buildMode==="none"||e.buildMode==="autobuild"&&process.env.CODEQL_ACTION_AUTOBUILD_DID_COMPLETE_SUCCESSFULLY!=="true"||!e.buildMode&&await n.isScannedLanguage(t)}function X(n,e,t){let a=b(n,e);try{return!("inProgress"in x(c.readFileSync(p.resolve(a,"codeql-database.yml"),"utf8")))}catch{return t.warning(`Could not check whether database for ${e} was finalized. Assuming it is not.`),!1}}async function se(n,e,t,a,r,o){let i=D.now();await re(n,e,t,o);let d=D.now()-i,_=D.now();for(let m of t.languages)X(t,m,o)?o.info(`There is already a finalized database for ${m} at the location where the CodeQL Action places databases, so we did not create one.`):(o.startGroup(`Finalizing ${m}`),await n.finalizeDatabase(b(t,m),a,r,t.debugMode),o.endGroup());let l=D.now()-_;return{scanned_language_extraction_duration_ms:Math.round(d),trap_import_duration_ms:Math.round(l)}}async function Me(n){return await k("Generating diff range extension pack",async()=>{let e=B(n);if(e===void 0){n.info("No precomputed diff ranges found; skipping diff-informed analysis stage.");return}let t=$("checkout_path"),a=ue(n,e,t);return n.info(`Successfully created diff range extension pack at ${a}.`),a})}function oe(n,e){let t=`
extensions:
  - addsTo:
      pack: codeql/util
      extensible: restrictAlertsTo
      checkPresence: false
    data:
`,a=n.map(r=>{let o=p.join(e,r.path).replaceAll(p.sep,"/");return`      - [${O(o,{forceQuotes:!0}).trim()}, ${r.startLine}, ${r.endLine}]
`}).join("");return a||(a=`      - ["", 0, 0]
`),t+a}function ue(n,e,t){e.length===0&&(e=[{path:"",startLine:0,endLine:0}]);let a=p.join(M(),"pr-diff-range");c.mkdirSync(a,{recursive:!0}),c.writeFileSync(p.join(a,"qlpack.yml"),`
name: codeql-action/pr-diff-range
version: 0.0.0
library: true
extensionTargets:
  codeql/util: '*'
dataExtensions:
  - pr-diff-range.yml
`);let r=oe(e,t),o=p.join(a,"pr-diff-range.yml");return c.writeFileSync(o,r),n.debug(`Wrote pr-diff-range extension pack to ${o}:
${r}`),a}var le=new Set(["security-experimental","security-extended","security-and-quality","code-quality","code-scanning"]);function V(n,e){return le.has(e)?`${n}-${e}.qls`:e}function de(n,e){return`${e}${n.sarifExtension}`}async function Fe(n,e,t,a,r,o,i,d,_){let l={},m=[e,t],L=[];i.overlayDatabaseMode!=="overlay-base"&&m.push("--expect-discarded-cache"),l.analysis_is_diff_informed=a!==void 0,a&&(m.push(`--additional-packs=${a}`),m.push("--extension-packs=codeql-action/pr-diff-range"),L.push("diff-informed")),l.analysis_is_overlay=i.overlayDatabaseMode==="overlay",l.analysis_builds_overlay_base_database=i.overlayDatabaseMode==="overlay-base",i.overlayDatabaseMode==="overlay"&&L.push("overlay");let J=L.length>0?`--sarif-run-property=incrementalMode=${L.join(",")}`:void 0,W=G(i);for(let s of i.languages)try{let u=[];if(i.analysisKinds.length>1&&(u.push(Q(i,s)),v(i)))for(let C of R)u.push(V(s,C));d.startGroup(`Running queries for ${s}`);let y=new Date().getTime(),h=b(i,s);await o.databaseRunQueries(h,m,u),d.debug(`Finished running queries for ${s}.`),l[`analyze_builtin_queries_${s}_duration_ms`]=new Date().getTime()-y;let g=new Date,{summary:f,sarifFile:I}=await S(W,s,void 0,i.debugMode),w;i.analysisKinds.length>1&&v(i)&&(w=(await S(F,s,R.map(E=>V(s,E)),i.debugMode)).summary);let P=new Date;if(l[`interpret_results_${s}_duration_ms`]=P.getTime()-g.getTime(),d.endGroup(),f.trim()&&d.info(f),w?.trim()&&d.info(w),i.enableFileCoverageInformation||d.info("To speed up pull request analysis, file coverage information is only enabled when analyzing the default branch and protected branches."),await _.getValue("qa_telemetry_enabled")){let C=ee(I),E={event:"codeql database interpret-results",started_at:g.toISOString(),completed_at:P.toISOString(),exit_status:"success",language:s,properties:{alertCounts:C}};l.event_reports===void 0&&(l.event_reports=[]),l.event_reports.push(E)}}catch(u){throw l.analyze_failure_language=s,new T(l,`Error running analysis for ${s}: ${N(u)}`,A(u))}return l;async function S(s,u,y,h){d.info(`Interpreting ${s.name} results for ${u}`);let g=s.fixCategory(d,r),f=p.join(n,de(s,u));return{summary:await Z(u,y,f,h,g),sarifFile:f}}async function Z(s,u,y,h,g){let f=b(i,s);return await o.databaseInterpretResults(f,u,y,t,h?"-vv":"-v",J,g,i,_)}function ee(s){let u=JSON.parse(c.readFileSync(s,"utf8")),y={};for(let h of u.runs)if(h.results)for(let g of h.results){let f=g.rule?.id||g.ruleId;f&&(y[f]=(y[f]||0)+1)}return y}}async function ke(n,e,t,a,r,o,i){try{await c.promises.rm(e,{force:!0,recursive:!0})}catch(_){if(_?.code!=="ENOENT")throw _}await c.promises.mkdir(e,{recursive:!0});let d=await se(r,n,o,t,a,i);return process.env.CODEQL_ACTION_AUTOBUILD_DID_COMPLETE_SUCCESSFULLY!=="true"&&await z(r,o,i),d}async function Ue(n,e){let t=process.env.CODEQL_ACTION_GO_BINARY;if(process.env.CODEQL_ACTION_DID_AUTOBUILD_GOLANG!=="true"&&t!==void 0){let a=await K.which("go",!0);t!==a&&(e.warning(`Expected \`which go\` to return ${t}, but got ${a}: please ensure that the correct version of Go is installed before the \`codeql-action/init\` Action is used.`),q(n,"go",U("go/workflow/go-installed-after-codeql-init","Go was installed after the `codeql-action/init` Action was run",{markdownMessage:"To avoid interfering with the CodeQL analysis, perform all installation steps before calling the `github/codeql-action/init` Action.",visibility:{statusPage:!0,telemetry:!0,cliSummaryTable:!0},severity:"warning"})))}}export{T as a,X as b,Me as c,Fe as d,ke as e,Ue as f};