Merge pull request #7 from github/disable-default-queries

Disable default queries
github · Apr 30, 2020 · 1cdde3e · 1cdde3e
2 parents 2927476 + d2a505d
commit 1cdde3e
Showing 5 changed files with 26 additions and 6 deletions.
diff --git a/README.md b/README.md
@@ -80,6 +80,8 @@ The CodeQL action should be run on `push` events, and on a `schedule`. `Push` ev
 
 You may optionally specify additional queries for CodeQL to execute by using a config file. The queries must belong to a [QL pack](https://help.semmle.com/codeql/codeql-cli/reference/qlpack-overview.html) and can be in your repository or any public repository. You can choose a single .ql file, a folder containing multiple .ql files, a .qls [query suite](https://help.semmle.com/codeql/codeql-cli/procedures/query-suites.html) file, or any combination of the above. To use queries from other repositories use the same syntax as when [using an action](https://help.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstepsuses).
 
+You can disable the default queries using `disable-default-queries: true`.
+
 You can choose to ignore some files or folders from the analysis, or include additional files/folders for analysis. This *only* works for Javascript and Python analysis.
 Identifying potential files for extraction:
 
@@ -100,6 +102,8 @@ A config file looks like this:
 ```yaml
 name: "My CodeQL config"
 
+disable-default-queries: true
+
 queries:
   - name: In-repo queries (Runs the queries located in the my-queries folder of the repo)
     uses: ./my-queries

diff --git a/lib/config-utils.js b/lib/config-utils.js
diff --git a/lib/finalize-db.js b/lib/finalize-db.js
diff --git a/src/config-utils.ts b/src/config-utils.ts
@@ -17,6 +17,7 @@ export class ExternalQuery {
 
 export class Config {
     public name = "";
+    public disableDefaultQueries = false;
     public additionalQueries: string[] = [];
     public externalQueries: ExternalQuery[] = [];
     public pathsIgnore: string[] = [];
@@ -81,6 +82,10 @@ function initConfig(): Config {
             config.name = parsedYAML.name;
         }
 
+        if (parsedYAML['disable-default-queries'] && typeof parsedYAML['disable-default-queries'] === "boolean") {
+            config.disableDefaultQueries = parsedYAML['disable-default-queries'];
+        }
+
         const queries = parsedYAML.queries;
         if (queries && queries instanceof Array) {
             queries.forEach(query => {

diff --git a/src/finalize-db.ts b/src/finalize-db.ts
@@ -102,7 +102,12 @@ async function runQueries(codeqlCmd: string, databaseFolder: string, sarifFolder
   for (let database of fs.readdirSync(databaseFolder)) {
     core.startGroup('Analyzing ' + database);
 
-    const additionalQueries = queriesPerLanguage[database] || [];
+    const queries: string[] = [];
+    if (!config.disableDefaultQueries) {
+      queries.push(database + '-code-scanning.qls');
+    }
+    queries.push(...(queriesPerLanguage[database] || []));
+
     const sarifFile = path.join(sarifFolder, database + '.sarif');
 
     await exec.exec(codeqlCmd, [
@@ -112,8 +117,7 @@ async function runQueries(codeqlCmd: string, databaseFolder: string, sarifFolder
       '--format=sarif-latest',
       '--output=' + sarifFile,
       '--no-sarif-add-snippets',
-      database + '-code-scanning.qls',
-      ...additionalQueries,
+      ...queries
     ]);
 
     core.debug('SARIF results for database ' + database + ' created at "' + sarifFile + '"');