From 5c74b0f641d2a7814c866b545abdb60dcda04180 Mon Sep 17 00:00:00 2001 From: David Verdeguer Date: Wed, 29 Apr 2020 12:33:41 +0200 Subject: [PATCH 1/5] Parse ignoreDefaultQueries field --- lib/config-utils.js | 4 ++++ src/config-utils.ts | 5 +++++ 2 files changed, 9 insertions(+) diff --git a/lib/config-utils.js b/lib/config-utils.js index ae4414430..ce032a2da 100644 --- a/lib/config-utils.js +++ b/lib/config-utils.js @@ -23,6 +23,7 @@ exports.ExternalQuery = ExternalQuery; class Config { constructor() { this.name = ""; + this.ignoreDefaultQueries = false; this.additionalQueries = []; this.externalQueries = []; this.pathsIgnore = []; @@ -75,6 +76,9 @@ function initConfig() { if (parsedYAML.name && typeof parsedYAML.name === "string") { config.name = parsedYAML.name; } + if (parsedYAML['ignore-default-queries'] && typeof parsedYAML['ignore-default-queries'] === "boolean") { + config.ignoreDefaultQueries = parsedYAML['ignore-default-queries']; + } const queries = parsedYAML.queries; if (queries && queries instanceof Array) { queries.forEach(query => { diff --git a/src/config-utils.ts b/src/config-utils.ts index 5221e5906..71d5edc12 100644 --- a/src/config-utils.ts +++ b/src/config-utils.ts @@ -17,6 +17,7 @@ export class ExternalQuery { export class Config { public name = ""; + public ignoreDefaultQueries = false; public additionalQueries: string[] = []; public externalQueries: ExternalQuery[] = []; public pathsIgnore: string[] = []; @@ -81,6 +82,10 @@ function initConfig(): Config { config.name = parsedYAML.name; } + if (parsedYAML['ignore-default-queries'] && typeof parsedYAML['ignore-default-queries'] === "boolean") { + config.ignoreDefaultQueries = parsedYAML['ignore-default-queries']; + } + const queries = parsedYAML.queries; if (queries && queries instanceof Array) { queries.forEach(query => { From 8bd6c1e5f0c025009c9a5576eb0df7a5fcf481ba Mon Sep 17 00:00:00 2001 From: David Verdeguer Date: Wed, 29 Apr 2020 12:41:28 +0200 Subject: [PATCH 2/5] Ignore default queries --- lib/finalize-db.js | 9 ++++++--- src/finalize-db.ts | 10 +++++++--- 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/lib/finalize-db.js b/lib/finalize-db.js index 8679a7d0f..b2c607c5a 100644 --- a/lib/finalize-db.js +++ b/lib/finalize-db.js @@ -88,7 +88,11 @@ async function runQueries(codeqlCmd, databaseFolder, sarifFolder, config) { const queriesPerLanguage = await resolveQueryLanguages(codeqlCmd, config); for (let database of fs.readdirSync(databaseFolder)) { core.startGroup('Analyzing ' + database); - const additionalQueries = queriesPerLanguage[database] || []; + const queries = []; + if (!config.ignoreDefaultQueries) { + queries.push(database + '-code-scanning.qls'); + } + queries.push(...queriesPerLanguage[database]); const sarifFile = path.join(sarifFolder, database + '.sarif'); await exec.exec(codeqlCmd, [ 'database', @@ -97,8 +101,7 @@ async function runQueries(codeqlCmd, databaseFolder, sarifFolder, config) { '--format=sarif-latest', '--output=' + sarifFile, '--no-sarif-add-snippets', - database + '-code-scanning.qls', - ...additionalQueries, + ...queries ]); core.debug('SARIF results for database ' + database + ' created at "' + sarifFile + '"'); core.endGroup(); diff --git a/src/finalize-db.ts b/src/finalize-db.ts index a03e68a1b..e1cc1fc3e 100644 --- a/src/finalize-db.ts +++ b/src/finalize-db.ts @@ -102,7 +102,12 @@ async function runQueries(codeqlCmd: string, databaseFolder: string, sarifFolder for (let database of fs.readdirSync(databaseFolder)) { core.startGroup('Analyzing ' + database); - const additionalQueries = queriesPerLanguage[database] || []; + const queries: string[] = []; + if (!config.ignoreDefaultQueries) { + queries.push(database + '-code-scanning.qls'); + } + queries.push(...queriesPerLanguage[database]); + const sarifFile = path.join(sarifFolder, database + '.sarif'); await exec.exec(codeqlCmd, [ @@ -112,8 +117,7 @@ async function runQueries(codeqlCmd: string, databaseFolder: string, sarifFolder '--format=sarif-latest', '--output=' + sarifFile, '--no-sarif-add-snippets', - database + '-code-scanning.qls', - ...additionalQueries, + ...queries ]); core.debug('SARIF results for database ' + database + ' created at "' + sarifFile + '"'); From 32ced8c9013ff2ff6f9652ab98596f494ca4ac1a Mon Sep 17 00:00:00 2001 From: David Verdeguer Date: Wed, 29 Apr 2020 14:05:40 +0200 Subject: [PATCH 3/5] Update README --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 219864679..916cc8302 100644 --- a/README.md +++ b/README.md @@ -79,6 +79,8 @@ The CodeQL action should be run on `push` events, and on a `schedule`. `Push` ev ### Configuration You may optionally specify additional queries for CodeQL to execute by using a config file. The queries must belong to a [QL pack](https://help.semmle.com/codeql/codeql-cli/reference/qlpack-overview.html) and can be in your repository or any public repository. You can choose a single .ql file, a folder containing multiple .ql files, a .qls [query suite](https://help.semmle.com/codeql/codeql-cli/procedures/query-suites.html) file, or any combination of the above. To use queries from other repositories use the same syntax as when [using an action](https://help.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstepsuses). +You can disable the default queries using `ignore-default-queries: true`. + You can choose to ignore some files or folders from the analysis, or include additional files/folders for analysis. This *only* works for Javascript and Python analysis. Identifying potential files for extraction: - Scans each folder that's defined as `paths` in turn, traversing subfolders and looking for relevant files. @@ -98,6 +100,8 @@ A config file looks like this: ```yaml name: "My CodeQL config" +ignore-default-queries: true + queries: - name: In-repo queries (Runs the queries located in the my-queries folder of the repo) uses: ./my-queries From 2809bdc3eef2c19ad883621be3c456c79672db60 Mon Sep 17 00:00:00 2001 From: David Verdeguer Date: Thu, 30 Apr 2020 09:37:04 +0200 Subject: [PATCH 4/5] ignore-default-queries -> disable-default-queries --- README.md | 2 +- lib/config-utils.js | 6 +++--- lib/finalize-db.js | 2 +- src/config-utils.ts | 6 +++--- src/finalize-db.ts | 2 +- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 916cc8302..68030b5e1 100644 --- a/README.md +++ b/README.md @@ -79,7 +79,7 @@ The CodeQL action should be run on `push` events, and on a `schedule`. `Push` ev ### Configuration You may optionally specify additional queries for CodeQL to execute by using a config file. The queries must belong to a [QL pack](https://help.semmle.com/codeql/codeql-cli/reference/qlpack-overview.html) and can be in your repository or any public repository. You can choose a single .ql file, a folder containing multiple .ql files, a .qls [query suite](https://help.semmle.com/codeql/codeql-cli/procedures/query-suites.html) file, or any combination of the above. To use queries from other repositories use the same syntax as when [using an action](https://help.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstepsuses). -You can disable the default queries using `ignore-default-queries: true`. +You can disable the default queries using `disable-default-queries: true`. You can choose to ignore some files or folders from the analysis, or include additional files/folders for analysis. This *only* works for Javascript and Python analysis. Identifying potential files for extraction: diff --git a/lib/config-utils.js b/lib/config-utils.js index ce032a2da..df70c6283 100644 --- a/lib/config-utils.js +++ b/lib/config-utils.js @@ -23,7 +23,7 @@ exports.ExternalQuery = ExternalQuery; class Config { constructor() { this.name = ""; - this.ignoreDefaultQueries = false; + this.disableDefaultQueries = false; this.additionalQueries = []; this.externalQueries = []; this.pathsIgnore = []; @@ -76,8 +76,8 @@ function initConfig() { if (parsedYAML.name && typeof parsedYAML.name === "string") { config.name = parsedYAML.name; } - if (parsedYAML['ignore-default-queries'] && typeof parsedYAML['ignore-default-queries'] === "boolean") { - config.ignoreDefaultQueries = parsedYAML['ignore-default-queries']; + if (parsedYAML['disable-default-queries'] && typeof parsedYAML['disable-default-queries'] === "boolean") { + config.disableDefaultQueries = parsedYAML['disable-default-queries']; } const queries = parsedYAML.queries; if (queries && queries instanceof Array) { diff --git a/lib/finalize-db.js b/lib/finalize-db.js index b2c607c5a..b9a33f155 100644 --- a/lib/finalize-db.js +++ b/lib/finalize-db.js @@ -89,7 +89,7 @@ async function runQueries(codeqlCmd, databaseFolder, sarifFolder, config) { for (let database of fs.readdirSync(databaseFolder)) { core.startGroup('Analyzing ' + database); const queries = []; - if (!config.ignoreDefaultQueries) { + if (!config.disableDefaultQueries) { queries.push(database + '-code-scanning.qls'); } queries.push(...queriesPerLanguage[database]); diff --git a/src/config-utils.ts b/src/config-utils.ts index 71d5edc12..fb74c4228 100644 --- a/src/config-utils.ts +++ b/src/config-utils.ts @@ -17,7 +17,7 @@ export class ExternalQuery { export class Config { public name = ""; - public ignoreDefaultQueries = false; + public disableDefaultQueries = false; public additionalQueries: string[] = []; public externalQueries: ExternalQuery[] = []; public pathsIgnore: string[] = []; @@ -82,8 +82,8 @@ function initConfig(): Config { config.name = parsedYAML.name; } - if (parsedYAML['ignore-default-queries'] && typeof parsedYAML['ignore-default-queries'] === "boolean") { - config.ignoreDefaultQueries = parsedYAML['ignore-default-queries']; + if (parsedYAML['disable-default-queries'] && typeof parsedYAML['disable-default-queries'] === "boolean") { + config.disableDefaultQueries = parsedYAML['disable-default-queries']; } const queries = parsedYAML.queries; diff --git a/src/finalize-db.ts b/src/finalize-db.ts index e1cc1fc3e..f0f60e828 100644 --- a/src/finalize-db.ts +++ b/src/finalize-db.ts @@ -103,7 +103,7 @@ async function runQueries(codeqlCmd: string, databaseFolder: string, sarifFolder core.startGroup('Analyzing ' + database); const queries: string[] = []; - if (!config.ignoreDefaultQueries) { + if (!config.disableDefaultQueries) { queries.push(database + '-code-scanning.qls'); } queries.push(...queriesPerLanguage[database]); From 6997a2170d427e931505374441bd8b9a45f1d983 Mon Sep 17 00:00:00 2001 From: David Verdeguer Date: Thu, 30 Apr 2020 11:03:44 +0200 Subject: [PATCH 5/5] Address comments --- README.md | 2 +- lib/finalize-db.js | 2 +- src/finalize-db.ts | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 68030b5e1..dd5aa2dea 100644 --- a/README.md +++ b/README.md @@ -100,7 +100,7 @@ A config file looks like this: ```yaml name: "My CodeQL config" -ignore-default-queries: true +disable-default-queries: true queries: - name: In-repo queries (Runs the queries located in the my-queries folder of the repo) diff --git a/lib/finalize-db.js b/lib/finalize-db.js index b9a33f155..0082161f4 100644 --- a/lib/finalize-db.js +++ b/lib/finalize-db.js @@ -92,7 +92,7 @@ async function runQueries(codeqlCmd, databaseFolder, sarifFolder, config) { if (!config.disableDefaultQueries) { queries.push(database + '-code-scanning.qls'); } - queries.push(...queriesPerLanguage[database]); + queries.push(...(queriesPerLanguage[database] || [])); const sarifFile = path.join(sarifFolder, database + '.sarif'); await exec.exec(codeqlCmd, [ 'database', diff --git a/src/finalize-db.ts b/src/finalize-db.ts index f0f60e828..c897f95c8 100644 --- a/src/finalize-db.ts +++ b/src/finalize-db.ts @@ -106,7 +106,7 @@ async function runQueries(codeqlCmd: string, databaseFolder: string, sarifFolder if (!config.disableDefaultQueries) { queries.push(database + '-code-scanning.qls'); } - queries.push(...queriesPerLanguage[database]); + queries.push(...(queriesPerLanguage[database] || [])); const sarifFile = path.join(sarifFolder, database + '.sarif');