hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-28 06:36:33 +01:00
Code Issues Packages Projects Releases Wiki Activity

feat(actions): use published actions packs

Browse Source
This commit is contained in:
Alvaro Muñoz
2024-02-16 15:34:20 +01:00
parent 8e59fb7558
commit 76f245b337
6 changed files with 26 additions and 214 deletions
Download Patch File Download Diff File Expand all files Collapse all files

119
.github/action/dist/index.js vendored
View File

@@ -28596,7 +28596,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
return result;
};
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.codeqlDatabaseAnalyze = exports.codeqlDatabaseCreate = exports.installPack = exports.downloadPack = exports.runCommandJson = exports.runCommand = exports.newCodeQL = void 0;
exports.codeqlDatabaseAnalyze = exports.codeqlDatabaseCreate = exports.downloadPack = exports.runCommandJson = exports.runCommand = exports.newCodeQL = void 0;
const fs = __importStar(__nccwpck_require__(7147));
const path = __importStar(__nccwpck_require__(1017));
const core = __importStar(__nccwpck_require__(2186));
@@ -28675,18 +28675,6 @@ async function downloadPack(codeql) {
return false;
}
exports.downloadPack = downloadPack;
async function installPack(codeql, dir) {
try {
await runCommand(codeql, ["pack", "install"], path.join(dir, "/ql/lib"));
await runCommand(codeql, ["pack", "install"], path.join(dir, "/ql/src"));
return true;
}
catch (error) {
core.warning("Failed to install local packs ...");
}
return false;
}
exports.installPack = installPack;
async function codeqlDatabaseCreate(codeql) {
// get runner temp directory for database
var temp = process.env["RUNNER_TEMP"];
@@ -28734,84 +28722,6 @@ async function codeqlDatabaseAnalyze(codeql, database_path) {
exports.codeqlDatabaseAnalyze = codeqlDatabaseAnalyze;
/***/ }),
/***/ 1772:
/***/ (function(__unused_webpack_module, exports, __nccwpck_require__) {
"use strict";
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
__setModuleDefault(result, mod);
return result;
};
Object.defineProperty(exports, "__esModule", ({ value: true }));
exports.clonePackRepo = exports.runCommandJson = exports.runCommand = exports.newGHConfig = void 0;
const path = __importStar(__nccwpck_require__(1017));
const core = __importStar(__nccwpck_require__(2186));
const toolrunner = __importStar(__nccwpck_require__(8159));
async function newGHConfig() {
return {
path: "/usr/bin/",
};
}
exports.newGHConfig = newGHConfig;
async function runCommand(config, args) {
var bin = path.join(config.path, "gh");
let output = "";
var options = {
listeners: {
stdout: (data) => {
output += data.toString();
},
},
};
await new toolrunner.ToolRunner(bin, args, options).exec();
core.debug(`Finished running command :: ${bin} ${args.join(" ")}`);
return output.trim();
}
exports.runCommand = runCommand;
async function runCommandJson(config, args) {
return JSON.parse(await runCommand(config, args));
}
exports.runCommandJson = runCommandJson;
async function clonePackRepo(gh, path) {
try {
await runCommand(gh, [
"repo",
"clone",
"GitHubSecurityLab/codeql-actions",
path,
]);
return true;
}
catch (error) {
core.warning("Failed to clone pack from GitHub...");
}
return false;
}
exports.clonePackRepo = clonePackRepo;
/***/ }),
/***/ 6144:
@@ -28847,17 +28757,12 @@ exports.run = void 0;
const path = __importStar(__nccwpck_require__(1017));
const core = __importStar(__nccwpck_require__(2186));
const cql = __importStar(__nccwpck_require__(950));
const gh = __importStar(__nccwpck_require__(1772));
/**
* The main function for the action.
* @returns {Promise<void>} Resolves when the action is complete.
*/
async function run() {
try {
// set up gh
var ghc = await gh.newGHConfig();
core.debug(`GH CLI found at '${ghc.path}'`);
await gh.runCommand(ghc, ["version"]);
// set up codeql
var codeql = await cql.newCodeQL();
core.debug(`CodeQL CLI found at '${codeql.path}'`);
@@ -28873,21 +28778,17 @@ async function run() {
core.setFailed("CodeQL Yaml extractor not installed");
throw new Error("CodeQL Yaml extractor not installed");
}
core.info(`Cloning CodeQL Actions pack into '${codeql.pack}'`);
let pack_path = "/tmp/codeql-actions";
var pack_cloned = await gh.clonePackRepo(ghc, pack_path);
core.info(`Cloned CodeQL Actions pack into '${pack_path}'`);
if (pack_cloned === false) {
throw new Error("Could not clone the actions ql pack");
// download pack
core.info(`Downloading CodeQL IaC pack '${codeql.pack}'`);
var pack_downloaded = await cql.downloadPack(codeql);
if (pack_downloaded === false) {
var action_path = path.resolve(path.join(__dirname, "..", "..", ".."));
codeql.pack = path.join(action_path, "ql", "src");
core.info(`Pack defaulting back to local pack: '${codeql.pack}'`);
}
core.info(`Installing CodeQL Actions packs from '${pack_path}'`);
var pack_installed = await cql.installPack(codeql, pack_path);
if (pack_installed === false) {
throw new Error("Could not install the actions ql packs");
else {
core.info(`Pack downloaded '${codeql.pack}'`);
}
core.info(`Pack path: '${pack_path}'`);
codeql.pack = path.join(pack_path, "ql", "src");
core.info(`Codeql Queries pack path: '${codeql.pack}'`);
core.info("Creating CodeQL database...");
var database_path = await cql.codeqlDatabaseCreate(codeql);
core.info("Running CodeQL analysis...");

14
.github/action/src/codeql.ts vendored
View File

@@ -106,20 +106,6 @@ export async function downloadPack(codeql: CodeQLConfig): Promise<boolean> {
return false;
}
export async function installPack(
codeql: CodeQLConfig,
dir: string,
): Promise<boolean> {
try {
await runCommand(codeql, ["pack", "install"], path.join(dir, "/ql/lib"));
await runCommand(codeql, ["pack", "install"], path.join(dir, "/ql/src"));
return true;
} catch (error) {
core.warning("Failed to install local packs ...");
}
return false;
}
export async function codeqlDatabaseCreate(
codeql: CodeQLConfig,
): Promise<string> {

59
.github/action/src/gh.ts vendored
View File

@@ -1,59 +0,0 @@
import * as path from "path";
import * as core from "@actions/core";
import * as toolrunner from "@actions/exec/lib/toolrunner";
export interface GHConfig {
// The path to the codeql bundle.
path: string;
}
export async function newGHConfig(): Promise<GHConfig> {
return {
path: "/usr/bin/",
};
}
export async function runCommand(
config: GHConfig,
args: string[],
): Promise<any> {
var bin = path.join(config.path, "gh");
let output = "";
var options = {
listeners: {
stdout: (data: Buffer) => {
output += data.toString();
},
},
};
await new toolrunner.ToolRunner(bin, args, options).exec();
core.debug(`Finished running command :: ${bin} ${args.join(" ")}`);
return output.trim();
}
export async function runCommandJson(
config: GHConfig,
args: string[],
): Promise<object> {
return JSON.parse(await runCommand(config, args));
}
export async function clonePackRepo(
gh: GHConfig,
path: string,
): Promise<boolean> {
try {
await runCommand(gh, [
"repo",
"clone",
"GitHubSecurityLab/codeql-actions",
path,
]);
return true;
} catch (error) {
core.warning("Failed to clone pack from GitHub...");
}
return false;
}

35
.github/action/src/index.ts vendored
View File

@@ -1,7 +1,6 @@
import * as path from "path";
import * as core from "@actions/core";
import * as cql from "./codeql";
import * as gh from "./gh";
/**
* The main function for the action.
@@ -9,13 +8,6 @@ import * as gh from "./gh";
*/
export async function run(): Promise<void> {
try {
// set up gh
var ghc = await gh.newGHConfig();
core.debug(`GH CLI found at '${ghc.path}'`);
await gh.runCommand(ghc, ["version"]);
// set up codeql
var codeql = await cql.newCodeQL();
@@ -36,26 +28,19 @@ export async function run(): Promise<void> {
throw new Error("CodeQL Yaml extractor not installed");
}
core.info(`Cloning CodeQL Actions pack into '${codeql.pack}'`);
let pack_path = "/tmp/codeql-actions";
var pack_cloned = await gh.clonePackRepo(ghc, pack_path);
core.info(`Cloned CodeQL Actions pack into '${pack_path}'`);
// download pack
core.info(`Downloading CodeQL IaC pack '${codeql.pack}'`);
var pack_downloaded = await cql.downloadPack(codeql);
if (pack_cloned === false) {
throw new Error("Could not clone the actions ql pack");
if (pack_downloaded === false) {
var action_path = path.resolve(path.join(__dirname, "..", "..", ".."));
codeql.pack = path.join(action_path, "ql", "src");
core.info(`Pack defaulting back to local pack: '${codeql.pack}'`);
} else {
core.info(`Pack downloaded '${codeql.pack}'`);
}
core.info(`Installing CodeQL Actions packs from '${pack_path}'`);
var pack_installed = await cql.installPack(codeql, pack_path);
if (pack_installed === false) {
throw new Error("Could not install the actions ql packs");
}
core.info(`Pack path: '${pack_path}'`);
codeql.pack = path.join(pack_path, "ql", "src");
core.info(`Codeql Queries pack path: '${codeql.pack}'`);
core.info("Creating CodeQL database...");
var database_path = await cql.codeqlDatabaseCreate(codeql);

4
.github/workflows/build.yml vendored
View File

@@ -15,7 +15,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50
- uses: dorny/paths-filter@v3
id: changes
with:
filters: |
@@ -26,5 +26,3 @@ jobs:
- name: Run action
if: steps.changes.outputs.src == 'true'
uses: ./
with:
extractor-version: latest

9
ql/lib/codeql/actions/DataFlow.qll
View File

@@ -7,12 +7,13 @@ module DataFlow {
private import codeql.actions.dataflow.internal.DataFlowImplSpecific
import DataFlowMake<ActionsDataFlow>
import codeql.actions.dataflow.internal.DataFlowPublic
/** debug */
// debug
private import codeql.actions.dataflow.internal.TaintTrackingImplSpecific
import codeql.dataflow.internal.DataFlowImplConsistency as DFIC
module ActionsConsistency implements DFIC::InputSig<ActionsDataFlow> { }
module Consistency {
import DFIC::MakeConsistency<ActionsDataFlow, ActionsTaintTracking, ActionsConsistency>
}
import DFIC::MakeConsistency<ActionsDataFlow, ActionsTaintTracking, ActionsConsistency>
}
}