github/codeql-action
0
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-05-08 06:40:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
954566eac225887f2abaff4c2b487daae8662501
codeql-action/lib/tracer-config.js
T
Angela P Wen 954566eac2 Unset DYLD_INSERT_BINARIES when unneeded 
Previously, the tracer environment variables were set for the
current process, and for future steps, in the init action. In
certain scenarios (such as on MacOS ARM runners with System
Integrity Protection disabled), these environment variables are
not unset by the system. In particular, the `DYLD_INSERT_BINARIES`
variable interferes with later system calls.

This change unsets the `DYLD_INSERT_BINARIES` variable for the
current process in init. It also unsets the variables either at the
beginning of autobuild, or analyze, if autobuild has not run.
2024-08-14 17:28:40 -07:00

115 lines
5.4 KiB
JavaScript
Generated
Raw Blame History

"use strict";
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
__setModuleDefault(result, mod);
return result;
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.shouldEnableIndirectTracing = shouldEnableIndirectTracing;
exports.endTracingForCluster = endTracingForCluster;
exports.getTracerConfigForCluster = getTracerConfigForCluster;
exports.getCombinedTracerConfig = getCombinedTracerConfig;
exports.unsetTracerEnvVarForCurrentProcess = unsetTracerEnvVarForCurrentProcess;
const fs = __importStar(require("fs"));
const path = __importStar(require("path"));
const environment_1 = require("./environment");
const languages_1 = require("./languages");
const tools_features_1 = require("./tools-features");
const util_1 = require("./util");
async function shouldEnableIndirectTracing(codeql, config) {
// We don't need to trace build mode none, or languages which unconditionally don't need tracing.
if (config.buildMode === util_1.BuildMode.None) {
return false;
}
// If the CLI supports `trace-command` with a `--build-mode`, we'll use direct tracing instead of
// indirect tracing.
if (config.buildMode === util_1.BuildMode.Autobuild &&
(await codeql.supportsFeature(tools_features_1.ToolsFeature.TraceCommandUseBuildMode))) {
return false;
}
// Otherwise, use direct tracing if any of the languages need to be traced.
return config.languages.some((l) => (0, languages_1.isTracedLanguage)(l));
}
/**
* Delete variables as specified by the end-tracing script
*
* WARNING: This does not _really_ end tracing, as the tracer will restore its
* critical environment variables and it'll still be active for all processes
* launched from this build step.
*
* However, it will stop tracing for all steps past the current build step.
*/
async function endTracingForCluster(codeql, config, logger) {
if (!(await shouldEnableIndirectTracing(codeql, config)))
return;
logger.info("Unsetting build tracing environment variables. Subsequent steps of this job will not be traced.");
const envVariablesFile = path.resolve(config.dbLocation, "temp/tracingEnvironment/end-tracing.json");
if (!fs.existsSync(envVariablesFile)) {
throw new Error(`Environment file for ending tracing not found: ${envVariablesFile}`);
}
try {
const endTracingEnvVariables = JSON.parse(fs.readFileSync(envVariablesFile, "utf8"));
for (const [key, value] of Object.entries(endTracingEnvVariables)) {
if (value !== null) {
process.env[key] = value;
}
else {
delete process.env[key];
}
}
}
catch (e) {
throw new Error(`Failed to parse file containing end tracing environment variables: ${e}`);
}
}
async function getTracerConfigForCluster(config) {
const tracingEnvVariables = JSON.parse(fs.readFileSync(path.resolve(config.dbLocation, "temp/tracingEnvironment/start-tracing.json"), "utf8"));
return {
env: tracingEnvVariables,
};
}
async function getCombinedTracerConfig(codeql, config) {
if (!(await shouldEnableIndirectTracing(codeql, config))) {
return undefined;
}
const mainTracerConfig = await getTracerConfigForCluster(config);
// If the CLI doesn't yet support setting the CODEQL_RUNNER environment variable to
// the runner executable path, we set it here in the Action.
if (!(await codeql.supportsFeature(tools_features_1.ToolsFeature.SetsCodeqlRunnerEnvVar))) {
// On MacOS when System Integrity Protection is enabled, it's necessary to prefix
// the build command with the runner executable for indirect tracing, so we expose
// it here via the CODEQL_RUNNER environment variable.
// The executable also exists and works for other platforms so we unconditionally
// set the environment variable.
const runnerExeName = process.platform === "win32" ? "runner.exe" : "runner";
mainTracerConfig.env["CODEQL_RUNNER"] = path.join(mainTracerConfig.env["CODEQL_DIST"], "tools", mainTracerConfig.env["CODEQL_PLATFORM"], runnerExeName);
}
return mainTracerConfig;
}
/**
* Unsets the DYLD_INSERT_BINARIES environment variable for the current process.
* This method is called to prevent the environment variable from interfering with
* later system calls in this process.
*/
function unsetTracerEnvVarForCurrentProcess() {
delete process.env[environment_1.EnvVar.DYLD_INSERT_BINARIES];
}
//# sourceMappingURL=tracer-config.js.map
Reference in New Issue View Git Blame Copy Permalink