Permalink
codeql-action/lib/init.js
Newer
100644
203 lines (199 sloc)
8.95 KB
2
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
3
if (k2 === undefined) k2 = k;
4
Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
5
}) : (function(o, m, k, k2) {
6
if (k2 === undefined) k2 = k;
7
o[k2] = m[k];
8
}));
9
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
10
Object.defineProperty(o, "default", { enumerable: true, value: v });
11
}) : function(o, v) {
12
o["default"] = v;
13
});
14
var __importStar = (this && this.__importStar) || function (mod) {
15
if (mod && mod.__esModule) return mod;
16
var result = {};
17
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
18
__setModuleDefault(result, mod);
19
return result;
20
};
21
Object.defineProperty(exports, "__esModule", { value: true });
22
exports.installPythonDeps = exports.injectWindowsTracer = exports.runInit = exports.initConfig = exports.initCodeQL = void 0;
23
const fs = __importStar(require("fs"));
24
const path = __importStar(require("path"));
25
const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
26
const safeWhich = __importStar(require("@chrisgavin/safe-which"));
27
const analysisPaths = __importStar(require("./analysis-paths"));
28
const codeql_1 = require("./codeql");
29
const configUtils = __importStar(require("./config-utils"));
30
const tracer_config_1 = require("./tracer-config");
31
const util = __importStar(require("./util"));
32
const util_1 = require("./util");
33
async function initCodeQL(codeqlURL, apiDetails, tempDir, toolCacheDir, variant, logger) {
34
logger.startGroup("Setup CodeQL tools");
35
const { codeql, toolsVersion } = await (0, codeql_1.setupCodeQL)(codeqlURL, apiDetails, tempDir, toolCacheDir, variant, logger, true);
36
await codeql.printVersion();
37
logger.endGroup();
38
return { codeql, toolsVersion };
41
async function initConfig(languagesInput, queriesInput, packsInput, configFile, dbLocation, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, toolCacheDir, codeQL, workspacePath, gitHubVersion, apiDetails, featureFlags, logger) {
42
logger.startGroup("Load language configuration");
43
const config = await configUtils.initConfig(languagesInput, queriesInput, packsInput, configFile, dbLocation, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, toolCacheDir, codeQL, workspacePath, gitHubVersion, apiDetails, featureFlags, logger);
44
analysisPaths.printPathFiltersWarning(config, logger);
45
logger.endGroup();
46
return config;
47
}
48
exports.initConfig = initConfig;
49
async function runInit(codeql, config, sourceRoot, processName, processLevel) {
51
fs.mkdirSync(config.dbLocation, { recursive: true });
52
try {
53
if (await (0, util_1.codeQlVersionAbove)(codeql, codeql_1.CODEQL_VERSION_NEW_TRACING)) {
54
// Init a database cluster
55
await codeql.databaseInitCluster(config, sourceRoot, processName, processLevel);
56
}
57
else {
58
for (const language of config.languages) {
59
// Init language database
60
await codeql.databaseInit(util.getCodeQLDatabasePath(config, language), language, sourceRoot);
61
}
62
}
63
}
64
catch (e) {
65
// Handle the situation where init is called twice
66
// for the same database in the same job.
67
if (e instanceof Error &&
68
((_a = e.message) === null || _a === void 0 ? void 0 : _a.includes("Refusing to create databases")) &&
69
e.message.includes("exists and is not an empty directory.")) {
70
throw new util.UserError(`Is the "init" action called twice in the same job? ${e.message}`);
71
}
72
else if (e instanceof Error &&
73
((_b = e.message) === null || _b === void 0 ? void 0 : _b.includes("is not compatible with this CodeQL CLI"))) {
74
throw new util.UserError(e.message);
75
}
76
else {
77
throw e;
78
}
80
return await (0, tracer_config_1.getCombinedTracerConfig)(config, codeql);
81
}
82
exports.runInit = runInit;
83
// Runs a powershell script to inject the tracer into a parent process
84
// so it can tracer future processes, hopefully including the build process.
85
// If processName is given then injects into the nearest parent process with
86
// this name, otherwise uses the processLevel-th parent if defined, otherwise
87
// defaults to the 3rd parent as a rough guess.
88
async function injectWindowsTracer(processName, processLevel, config, codeql, tracerConfig) {
89
let script;
90
if (processName !== undefined) {
91
script = `
92
Param(
93
[Parameter(Position=0)]
94
[String]
95
$tracer
96
)
97
98
$id = $PID
99
while ($true) {
100
$p = Get-CimInstance -Class Win32_Process -Filter "ProcessId = $id"
101
Write-Host "Found process: $p"
102
if ($p -eq $null) {
103
throw "Could not determine ${processName} process"
104
}
105
if ($p[0].Name -eq "${processName}") {
106
Break
107
} else {
108
$id = $p[0].ParentProcessId
109
}
110
}
111
Write-Host "Final process: $p"
112
113
Invoke-Expression "&$tracer --inject=$id"`;
114
}
115
else {
116
// If the level is not defined then guess at the 3rd parent process.
117
// This won't be correct in every setting but it should be enough in most settings,
118
// and overestimating is likely better in this situation so we definitely trace
119
// what we want, though this does run the risk of interfering with future CI jobs.
120
// Note that the default of 3 doesn't work on github actions, so we include a
121
// special case in the script that checks for Runner.Worker.exe so we can still work
122
// on actions if the runner is invoked there.
123
processLevel = processLevel || 3;
124
script = `
125
Param(
126
[Parameter(Position=0)]
127
[String]
128
$tracer
129
)
130
131
$id = $PID
132
for ($i = 0; $i -le ${processLevel}; $i++) {
133
$p = Get-CimInstance -Class Win32_Process -Filter "ProcessId = $id"
134
Write-Host "Parent process \${i}: $p"
135
if ($p -eq $null) {
136
throw "Process tree ended before reaching required level"
137
}
138
# Special case just in case the runner is used on actions
139
if ($p[0].Name -eq "Runner.Worker.exe") {
140
Write-Host "Found Runner.Worker.exe process which means we are running on GitHub Actions"
141
Write-Host "Aborting search early and using process: $p"
142
Break
143
} elseif ($p[0].Name -eq "Agent.Worker.exe") {
144
Write-Host "Found Agent.Worker.exe process which means we are running on Azure Pipelines"
145
Write-Host "Aborting search early and using process: $p"
146
Break
147
} else {
148
$id = $p[0].ParentProcessId
149
}
150
}
151
Write-Host "Final process: $p"
152
153
Invoke-Expression "&$tracer --inject=$id"`;
155
const injectTracerPath = path.join(config.tempDir, "inject-tracer.ps1");
156
fs.writeFileSync(injectTracerPath, script);
157
await new toolrunner.ToolRunner(await safeWhich.safeWhich("powershell"), [
158
"-ExecutionPolicy",
159
"Bypass",
160
"-file",
161
injectTracerPath,
162
path.resolve(path.dirname(codeql.getPath()), "tools", "win64", "tracer.exe"),
163
], { env: { ODASA_TRACER_CONFIGURATION: tracerConfig.spec } }).exec();
165
exports.injectWindowsTracer = injectWindowsTracer;
166
async function installPythonDeps(codeql, logger) {
167
logger.startGroup("Setup Python dependencies");
168
const scriptsFolder = path.resolve(__dirname, "../python-setup");
169
try {
170
if (process.platform === "win32") {
171
await new toolrunner.ToolRunner(await safeWhich.safeWhich("powershell"), [
172
path.join(scriptsFolder, "install_tools.ps1"),
173
]).exec();
174
}
175
else {
176
await new toolrunner.ToolRunner(path.join(scriptsFolder, "install_tools.sh")).exec();
177
}
178
const script = "auto_install_packages.py";
179
if (process.platform === "win32") {
180
await new toolrunner.ToolRunner(await safeWhich.safeWhich("py"), [
181
"-3",
182
path.join(scriptsFolder, script),
183
path.dirname(codeql.getPath()),
184
]).exec();
185
}
186
else {
187
await new toolrunner.ToolRunner(path.join(scriptsFolder, script), [
188
path.dirname(codeql.getPath()),
189
]).exec();
190
}
191
}
192
catch (e) {
193
logger.endGroup();
194
logger.warning(`An error occurred while trying to automatically install Python dependencies: ${e}\n` +
195
"Please make sure any necessary dependencies are installed before calling the codeql-action/analyze " +
196
"step, and add a 'setup-python-dependencies: false' argument to this step to disable our automatic " +
197
"dependency installation and avoid this warning.");
199
}
200
logger.endGroup();
201
}
202
exports.installPythonDeps = installPythonDeps;