Permalink
April 28, 2020 16:46
August 12, 2020 17:42
April 28, 2020 16:46
October 1, 2020 11:03
October 1, 2020 11:03
April 28, 2020 16:46
April 28, 2020 16:46
April 28, 2020 16:46
September 14, 2020 10:44
April 28, 2020 16:46
September 25, 2020 17:39
April 28, 2020 16:46
November 23, 2020 14:18
September 21, 2020 11:06
January 4, 2021 13:12
April 28, 2020 16:46
January 28, 2021 15:37
January 28, 2021 15:40
November 26, 2020 11:37
January 6, 2021 11:06
November 26, 2020 11:37
August 12, 2020 18:00
April 28, 2020 16:46
April 28, 2020 16:46
April 28, 2020 16:46
May 15, 2020 17:25
September 14, 2020 10:44
July 20, 2020 16:33
July 20, 2020 16:33
September 14, 2020 10:44
November 30, 2020 16:33
September 14, 2020 10:44
September 14, 2020 10:44
November 30, 2020 16:33
November 30, 2020 16:33
April 28, 2020 16:46
April 28, 2020 16:46
April 28, 2020 16:46
January 6, 2021 11:06
September 14, 2020 10:44
August 24, 2020 14:21
August 12, 2020 17:42
June 15, 2020 14:40
April 28, 2020 16:46
August 25, 2020 16:19
November 30, 2020 16:33
November 30, 2020 16:33
September 14, 2020 10:44
July 20, 2020 16:33
April 28, 2020 16:46
Newer
100644
224 lines (224 sloc)
10.4 KB
1
"use strict";
2
var __importStar = (this && this.__importStar) || function (mod) {
3
if (mod && mod.__esModule) return mod;
4
var result = {};
5
if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
6
result["default"] = mod;
7
return result;
8
};
9
var __importDefault = (this && this.__importDefault) || function (mod) {
10
return (mod && mod.__esModule) ? mod : { "default": mod };
11
};
12
Object.defineProperty(exports, "__esModule", { value: true });
13
const fs = __importStar(require("fs"));
14
const path = __importStar(require("path"));
15
const zlib_1 = __importDefault(require("zlib"));
16
const core = __importStar(require("@actions/core"));
17
const file_url_1 = __importDefault(require("file-url"));
18
const jsonschema = __importStar(require("jsonschema"));
21
const api = __importStar(require("./api-client"));
22
const fingerprints = __importStar(require("./fingerprints"));
25
const util = __importStar(require("./util"));
26
// Takes a list of paths to sarif files and combines them together,
27
// returning the contents of the combined sarif file.
28
function combineSarifFiles(sarifFiles) {
30
version: null,
32
};
33
for (const sarifFile of sarifFiles) {
34
const sarifObject = JSON.parse(fs.readFileSync(sarifFile, "utf8"));
35
// Check SARIF version
36
if (combinedSarif.version === null) {
37
combinedSarif.version = sarifObject.version;
38
}
39
else if (combinedSarif.version !== sarifObject.version) {
40
throw new Error(`Different SARIF versions encountered: ${combinedSarif.version} and ${sarifObject.version}`);
41
}
42
combinedSarif.runs.push(...sarifObject.runs);
43
}
44
return JSON.stringify(combinedSarif);
45
}
46
exports.combineSarifFiles = combineSarifFiles;
49
async function uploadPayload(payload, repositoryNwo, apiDetails, mode, logger) {
57
const reqURL = mode === "actions"
58
? "PUT /repos/:owner/:repo/code-scanning/analysis"
59
: "POST /repos/:owner/:repo/code-scanning/sarifs";
60
const response = await client.request(reqURL, {
61
owner: repositoryNwo.owner,
62
repo: repositoryNwo.repo,
63
data: payload,
64
});
65
logger.debug(`response status: ${response.status}`);
66
logger.info("Successfully uploaded results");
68
// Recursively walks a directory and returns all SARIF files it finds.
69
// Does not follow symlinks.
70
function findSarifFilesInDir(sarifPath) {
71
const sarifFiles = [];
72
const walkSarifFiles = (dir) => {
73
const entries = fs.readdirSync(dir, { withFileTypes: true });
74
for (const entry of entries) {
75
if (entry.isFile() && entry.name.endsWith(".sarif")) {
76
sarifFiles.push(path.resolve(dir, entry.name));
77
}
78
else if (entry.isDirectory()) {
79
walkSarifFiles(path.resolve(dir, entry.name));
80
}
81
}
82
};
83
walkSarifFiles(sarifPath);
84
return sarifFiles;
85
}
86
exports.findSarifFilesInDir = findSarifFilesInDir;
87
// Uploads a single sarif file or a directory of sarif files
88
// depending on what the path happens to refer to.
90
async function uploadFromActions(sarifPath, gitHubVersion, apiDetails, logger) {
91
return await uploadFiles(getSarifFilePaths(sarifPath), repository_1.parseRepositoryNwo(actionsUtil.getRequiredEnvParam("GITHUB_REPOSITORY")), await actionsUtil.getCommitOid(), await actionsUtil.getRef(), await actionsUtil.getAnalysisKey(), actionsUtil.getRequiredEnvParam("GITHUB_WORKFLOW"), actionsUtil.getWorkflowRunID(), actionsUtil.getRequiredInput("checkout_path"), actionsUtil.getRequiredInput("matrix"), gitHubVersion, apiDetails, "actions", logger);
92
}
93
exports.uploadFromActions = uploadFromActions;
94
// Uploads a single sarif file or a directory of sarif files
95
// depending on what the path happens to refer to.
96
// Returns true iff the upload occurred and succeeded
97
async function uploadFromRunner(sarifPath, repositoryNwo, commitOid, ref, checkoutPath, gitHubVersion, apiDetails, logger) {
98
return await uploadFiles(getSarifFilePaths(sarifPath), repositoryNwo, commitOid, ref, undefined, undefined, undefined, checkoutPath, undefined, gitHubVersion, apiDetails, "runner", logger);
99
}
100
exports.uploadFromRunner = uploadFromRunner;
101
function getSarifFilePaths(sarifPath) {
102
if (!fs.existsSync(sarifPath)) {
103
throw new Error(`Path does not exist: ${sarifPath}`);
104
}
111
}
112
else {
114
}
116
}
117
// Counts the number of results in the given SARIF file
118
function countResultsInSarif(sarif) {
119
let numResults = 0;
120
for (const run of JSON.parse(sarif).runs) {
121
numResults += run.results.length;
122
}
123
return numResults;
124
}
125
exports.countResultsInSarif = countResultsInSarif;
129
const sarif = JSON.parse(fs.readFileSync(sarifFilePath, "utf8"));
130
const schema = require("../src/sarif_v2.1.0_schema.json");
132
if (!result.valid) {
133
// Output the more verbose error messages in groups as these may be very large.
139
// Set the main error message to the stacks of all the errors.
140
// This should be of a manageable size and may even give enough to fix the error.
141
const sarifErrors = result.errors.map((e) => `- ${e.stack}`);
142
throw new Error(`Unable to upload "${sarifFilePath}" as it is not valid SARIF:\n${sarifErrors.join("\n")}`);
146
// buildPayload constructs a map ready to be uploaded to the API from the given
147
// parameters, respecting the current mode and target GitHub instance version.
148
function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, workflowRunID, checkoutURI, environment, toolNames, gitHubVersion, mode) {
151
commit_oid: commitOid,
152
ref,
153
analysis_key: analysisKey,
154
analysis_name: analysisName,
156
workflow_run_id: workflowRunID,
157
checkout_uri: checkoutURI,
158
environment,
159
started_at: process.env[sharedEnv.CODEQL_WORKFLOW_STARTED_AT],
160
tool_names: toolNames,
164
// This behaviour can be made the default when support for GHES 3.0 is discontinued.
166
semver.satisfies(gitHubVersion.version, `>=3.1`)) {
167
if (process.env.GITHUB_EVENT_NAME === "pull_request" &&
168
process.env.GITHUB_EVENT_PATH) {
169
const githubEvent = JSON.parse(fs.readFileSync(process.env.GITHUB_EVENT_PATH, "utf8"));
175
}
184
}
187
// Uploads the given set of sarif files.
189
async function uploadFiles(sarifFiles, repositoryNwo, commitOid, ref, analysisKey, analysisName, workflowRunID, checkoutPath, environment, gitHubVersion, apiDetails, mode, logger) {
190
logger.info(`Uploading sarif files: ${JSON.stringify(sarifFiles)}`);
191
if (mode === "actions") {
192
// This check only works on actions as env vars don't persist between calls to the runner
193
const sentinelEnvVar = "CODEQL_UPLOAD_SARIF";
194
if (process.env[sentinelEnvVar]) {
195
throw new Error("Aborting upload: only one run of the codeql/analyze or codeql/upload-sarif actions is allowed per job");
196
}
197
core.exportVariable(sentinelEnvVar, sentinelEnvVar);
198
}
199
// Validate that the files we were asked to upload are all valid SARIF files
200
for (const file of sarifFiles) {
202
}
204
sarifPayload = fingerprints.addFingerprints(sarifPayload, checkoutPath, logger);
205
const zippedSarif = zlib_1.default.gzipSync(sarifPayload).toString("base64");
208
const payload = buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, workflowRunID, checkoutURI, environment, toolNames, gitHubVersion, mode);
213
logger.debug(`Base64 zipped upload size: ${zippedUploadSizeBytes} bytes`);
218
return {
219
raw_upload_size_bytes: rawUploadSizeBytes,
220
zipped_upload_size_bytes: zippedUploadSizeBytes,
221
num_results_in_sarif: numResultInSarif,
222
};
223
}