From a2ed07ec3525a4fc032f0d17a3ab9ed093bb01aa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alvaro=20Mu=C3=B1oz?= <pwntester@github.com>
Date: Tue, 23 Apr 2024 12:43:23 +0200
Subject: [PATCH] Update scan action

---
 .github/action/dist/index.js     | 11 ++++++++++-
 .github/action/package-lock.json | 14 +++++++-------
 .github/action/package.json      |  2 +-
 .github/action/src/codeql.ts     |  7 ++++++-
 action.yml                       | 15 +++------------
 5 files changed, 27 insertions(+), 22 deletions(-)

diff --git a/.github/action/dist/index.js b/.github/action/dist/index.js
index 4c98f1d6301..6f4a57b10fb 100644
--- a/.github/action/dist/index.js
+++ b/.github/action/dist/index.js
@@ -28606,7 +28606,7 @@ async function newCodeQL() {
     return {
         language: "yaml",
         path: await findCodeQL(),
-        pack: "githubsecuritylab/actions-queries",
+        pack: "githubsecuritylab/actions-all",
         suite: `codeql-suites/${core.getInput("suite") || "actions-code-scanning"}.qls`,
         source_root: core.getInput("source-root"),
         output: core.getInput("sarif"),
@@ -28706,6 +28706,15 @@ async function codeqlDatabaseAnalyze(codeql, database_path) {
         "--output",
         codeql_output,
     ];
+    const extPackPath = process.env["EXTPACK_PATH"];
+    const extPackName = process.env["EXTPACK_NAME"];
+    if (extPackPath !== undefined &&
+        extPackName !== undefined &&
+        extPackPath !== "" &&
+        extPackName !== "") {
+        cmd.push("--additional-packs", extPackPath);
+        cmd.push("--extension-packs", extPackName);
+    }
     // remote pack or local pack
     if (codeql.pack.startsWith("githubsecuritylab/")) {
         var suite = codeql.pack + ":" + codeql.suite;
diff --git a/.github/action/package-lock.json b/.github/action/package-lock.json
index eef94f4b5cd..9cacb7f9af9 100644
--- a/.github/action/package-lock.json
+++ b/.github/action/package-lock.json
@@ -15,7 +15,7 @@
         "@actions/tool-cache": "^2.0.1"
       },
       "devDependencies": {
-        "@types/node": "^20.6.0",
+        "@types/node": "^20.12.7",
         "@vercel/ncc": "^0.38.0",
         "prettier": "^3.0.3",
         "typescript": "^5.2.2"
@@ -195,9 +195,9 @@
       }
     },
     "node_modules/@types/node": {
-      "version": "20.11.19",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-20.11.19.tgz",
-      "integrity": "sha512-7xMnVEcZFu0DikYjWOlRq7NTPETrm7teqUT2WkQjrTIkEgUyyGdWsj/Zg8bEJt5TNklzbPD1X3fqfsHw3SpapQ==",
+      "version": "20.12.7",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-20.12.7.tgz",
+      "integrity": "sha512-wq0cICSkRLVaf3UGLMGItu/PtdY7oaXaI/RVU+xliKVOtRna3PRY57ZDfztpDL0n11vfymMUnXv8QwYCO7L1wg==",
       "dev": true,
       "dependencies": {
         "undici-types": "~5.26.4"
@@ -520,9 +520,9 @@
       }
     },
     "@types/node": {
-      "version": "20.11.19",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-20.11.19.tgz",
-      "integrity": "sha512-7xMnVEcZFu0DikYjWOlRq7NTPETrm7teqUT2WkQjrTIkEgUyyGdWsj/Zg8bEJt5TNklzbPD1X3fqfsHw3SpapQ==",
+      "version": "20.12.7",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-20.12.7.tgz",
+      "integrity": "sha512-wq0cICSkRLVaf3UGLMGItu/PtdY7oaXaI/RVU+xliKVOtRna3PRY57ZDfztpDL0n11vfymMUnXv8QwYCO7L1wg==",
       "dev": true,
       "requires": {
         "undici-types": "~5.26.4"
diff --git a/.github/action/package.json b/.github/action/package.json
index 90512a3163c..cd9021d20c5 100644
--- a/.github/action/package.json
+++ b/.github/action/package.json
@@ -40,7 +40,7 @@
     "@actions/tool-cache": "^2.0.1"
   },
   "devDependencies": {
-    "@types/node": "^20.6.0",
+    "@types/node": "^20.12.7",
     "@vercel/ncc": "^0.38.0",
     "prettier": "^3.0.3",
     "typescript": "^5.2.2"
diff --git a/.github/action/src/codeql.ts b/.github/action/src/codeql.ts
index e845ec9fd4f..b318cb1b3e2 100644
--- a/.github/action/src/codeql.ts
+++ b/.github/action/src/codeql.ts
@@ -149,7 +149,12 @@ export async function codeqlDatabaseAnalyze(
 
   const extPackPath = process.env["EXTPACK_PATH"];
   const extPackName = process.env["EXTPACK_NAME"];
-  if (extPackPath !== undefined && extPackName !== undefined) {
+  if (
+    extPackPath !== undefined &&
+    extPackName !== undefined &&
+    extPackPath !== "" &&
+    extPackName !== ""
+  ) {
     cmd.push("--additional-packs", extPackPath);
     cmd.push("--extension-packs", extPackName);
   }
diff --git a/action.yml b/action.yml
index 9580cff83e8..addc5588b8d 100644
--- a/action.yml
+++ b/action.yml
@@ -33,18 +33,9 @@ runs:
         mkdir workflow-extpack
         cd workflow-extpack
 
-        # Store the extension pack file
-        cat > models.json << 'EOF'
-        ${{ inputs.workflow-models }}
-        EOF
-
         # Store the extension pack file
         cat > models.yml << 'EOF'
-        extensions:
-          - addsTo:
-              pack: githubsecuritylab/actions-all
-              extensible: workflowDataModel
-            data: []
+        ${{ inputs.workflow-models }}
         EOF
 
         # Create QLPack
@@ -69,7 +60,7 @@ runs:
         INPUT_SOURCE-ROOT: ${{ inputs.source-root }}
         INPUT_SARIF-OUTPUT: ${{ inputs.sarif-output }}
         INPUT_SUITE: ${{ inputs.suite }}
-        EXTPACK_PATH: ${{ inputs.extpack-path }}
-        EXTPACK_NAME: ${{ inputs.extpack-name }}
+        EXTPACK_PATH: ${{ env.EXTPACK_PATH }}
+        EXTPACK_NAME: ${{ env.EXTPACK_NAME }}
       run: |
         node ${{ github.action_path }}/.github/action/dist/index.js