Merge pull request #449 from github/update-v1-8bd2b351

Merge main into v1
github · Apr 19, 2021 · 9db4c57 · 9db4c57
2 parents af641b2 + 8bd2b35
commit 9db4c57
Show file tree

Hide file tree

Showing 10 changed files with 141 additions and 12 deletions.
diff --git a/lib/runner.js b/lib/runner.js
diff --git a/lib/runner.js.map b/lib/runner.js.map
diff --git a/lib/upload-lib.js b/lib/upload-lib.js
diff --git a/lib/upload-lib.js.map b/lib/upload-lib.js.map
diff --git a/lib/upload-lib.test.js b/lib/upload-lib.test.js
diff --git a/lib/upload-lib.test.js.map b/lib/upload-lib.test.js.map
diff --git a/src/runner.ts b/src/runner.ts
@@ -141,9 +141,14 @@ program
     "Checkout path. Default is the current working directory."
   )
   .option("--debug", "Print more verbose output", false)
-  // This prevents a message like: error: unknown option '--trace-process-level'
-  // Remove this if commander.js starts supporting hidden options.
-  .allowUnknownOption()
+  .option(
+    "--trace-process-name <string>",
+    "(Advanced, windows-only) Inject a windows tracer of this process into a process with the given process name."
+  )
+  .option(
+    "--trace-process-level <number>",
+    "(Advanced, windows-only) Inject a windows tracer of this process into a parent process <number> levels up."
+  )
   .action(async (cmd: InitArgs) => {
     const logger = getRunnerLogger(cmd.debug);
     try {

diff --git a/src/sarif_v2.1.0_schema.json b/src/sarif_v2.1.0_schema.json
@@ -2339,9 +2339,8 @@
           "description": "The language of the messages emitted into the log file during this run (expressed as an ISO 639-1 two-letter lowercase culture code) and an optional region (expressed as an ISO 3166-1 two-letter uppercase subculture code associated with a country or region). The casing is recommended but not required (in order for this data to conform to RFC5646).",
           "type": "string",
           "default": "en-US",
-          "pattern": "^[a-zA-Z]{2}|^[a-zA-Z]{2}-[a-zA-Z]{2}]?$"
+          "pattern": "^[a-zA-Z]{2}(-[a-zA-Z]{2})?$"
         },
-
         "versionControlProvenance": {
           "description": "Specifies the revision in version control of the artifacts that were scanned.",
           "type": "array",
@@ -3040,7 +3039,7 @@
           "description": "The language of the messages emitted into the log file during this run (expressed as an ISO 639-1 two-letter lowercase language code) and an optional region (expressed as an ISO 3166-1 two-letter uppercase subculture code associated with a country or region). The casing is recommended but not required (in order for this data to conform to RFC5646).",
           "type": "string",
           "default": "en-US",
-          "pattern": "^[a-zA-Z]{2}|^[a-zA-Z]{2}-[a-zA-Z]{2}]?$"
+          "pattern": "^[a-zA-Z]{2}(-[a-zA-Z]{2})?$"
         },
 
         "contents": {

diff --git a/src/upload-lib.test.ts b/src/upload-lib.test.ts
@@ -131,3 +131,46 @@ test("finding SARIF files", async (t) => {
     ]);
   });
 });
+
+test("populateRunAutomationDetails", (t) => {
+  let sarif = '{"runs": [{}]}';
+  const analysisKey = ".github/workflows/codeql-analysis.yml:analyze";
+
+  let expectedSarif =
+    '{"runs":[{"automationDetails":{"id":".github/workflows/codeql-analysis.yml:analyze/language:javascript/os:linux/"}}]}';
+
+  let modifiedSarif = uploadLib.populateRunAutomationDetails(
+    sarif,
+    analysisKey,
+    '{"language": "javascript", "os": "linux"}'
+  );
+  t.deepEqual(modifiedSarif, expectedSarif);
+
+  // check the environment sorting
+  modifiedSarif = uploadLib.populateRunAutomationDetails(
+    sarif,
+    analysisKey,
+    '{"os": "linux", "language": "javascript"}'
+  );
+  t.deepEqual(modifiedSarif, expectedSarif);
+
+  // check that an empty environment produces the right results
+  expectedSarif =
+    '{"runs":[{"automationDetails":{"id":".github/workflows/codeql-analysis.yml:analyze/"}}]}';
+  modifiedSarif = uploadLib.populateRunAutomationDetails(
+    sarif,
+    analysisKey,
+    "{}"
+  );
+  t.deepEqual(modifiedSarif, expectedSarif);
+
+  // check that an empty environment produces the right results
+  sarif = '{"runs":[{"automationDetails":{"id":"my_id"}}]}';
+  expectedSarif = '{"runs":[{"automationDetails":{"id":"my_id"}}]}';
+  modifiedSarif = uploadLib.populateRunAutomationDetails(
+    sarif,
+    analysisKey,
+    '{"os": "linux", "language": "javascript"}'
+  );
+  t.deepEqual(modifiedSarif, expectedSarif);
+});
diff --git a/src/upload-lib.ts b/src/upload-lib.ts
@@ -40,6 +40,38 @@ export function combineSarifFiles(sarifFiles: string[]): string {
   return JSON.stringify(combinedSarif);
 }
 
+// Populates the run.automationDetails.id field using the analysis_key and environment
+// and return an updated sarif file contents.
+export function populateRunAutomationDetails(
+  sarifContents: string,
+  analysis_key: string | undefined,
+  environment: string | undefined
+): string {
+  if (analysis_key === undefined) {
+    return sarifContents;
+  }
+  let automationID = `${analysis_key}/`;
+
+  // the id has to be deterministic so we sort the fields
+  if (environment !== undefined && environment !== "null") {
+    const environmentObject = JSON.parse(environment);
+    for (const entry of Object.entries(environmentObject).sort()) {
+      automationID += `${entry[0]}:${entry[1]}/`;
+    }
+  }
+
+  const sarif = JSON.parse(sarifContents);
+  for (const run of sarif.runs || []) {
+    if (run.automationDetails === undefined) {
+      run.automationDetails = {
+        id: automationID,
+      };
+    }
+  }
+
+  return JSON.stringify(sarif);
+}
+
 // Upload the given payload.
 // If the request fails then this will retry a small number of times.
 async function uploadPayload(
@@ -321,6 +353,11 @@ async function uploadFiles(
     checkoutPath,
     logger
   );
+  sarifPayload = populateRunAutomationDetails(
+    sarifPayload,
+    analysisKey,
+    environment
+  );
 
   const zippedSarif = zlib.gzipSync(sarifPayload).toString("base64");
   const checkoutURI = fileUrl(checkoutPath);