From 595ce2dc3e2ce9f020f372ebc90628c40baa2b79 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Sun, 15 Feb 2026 18:04:48 +0000 Subject: [PATCH 1/2] Add `JavaNetworkDebugging` feature --- lib/analyze-action-post.js | 5 +++++ lib/analyze-action.js | 5 +++++ lib/autobuild-action.js | 5 +++++ lib/init-action-post.js | 5 +++++ lib/init-action.js | 5 +++++ lib/resolve-environment-action.js | 5 +++++ lib/setup-codeql-action.js | 5 +++++ lib/start-proxy-action-post.js | 5 +++++ lib/start-proxy-action.js | 5 +++++ lib/upload-lib.js | 5 +++++ lib/upload-sarif-action-post.js | 5 +++++ lib/upload-sarif-action.js | 5 +++++ src/feature-flags.ts | 6 ++++++ 13 files changed, 66 insertions(+) diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index 2920609e05..ad1493138f 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -161571,6 +161571,11 @@ var featureConfig = { envVar: "CODEQL_ACTION_IGNORE_GENERATED_FILES", minimumVersion: void 0 }, + ["java_network_debugging" /* JavaNetworkDebugging */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_JAVA_NETWORK_DEBUGGING", + minimumVersion: void 0 + }, ["overlay_analysis" /* OverlayAnalysis */]: { defaultValue: false, envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS", diff --git a/lib/analyze-action.js b/lib/analyze-action.js index 40348b31f5..0ac5c71526 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -107639,6 +107639,11 @@ var featureConfig = { envVar: "CODEQL_ACTION_IGNORE_GENERATED_FILES", minimumVersion: void 0 }, + ["java_network_debugging" /* JavaNetworkDebugging */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_JAVA_NETWORK_DEBUGGING", + minimumVersion: void 0 + }, ["overlay_analysis" /* OverlayAnalysis */]: { defaultValue: false, envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS", diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index 61525b980d..a68cc672b9 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -103976,6 +103976,11 @@ var featureConfig = { envVar: "CODEQL_ACTION_IGNORE_GENERATED_FILES", minimumVersion: void 0 }, + ["java_network_debugging" /* JavaNetworkDebugging */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_JAVA_NETWORK_DEBUGGING", + minimumVersion: void 0 + }, ["overlay_analysis" /* OverlayAnalysis */]: { defaultValue: false, envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS", diff --git a/lib/init-action-post.js b/lib/init-action-post.js index 2fb2de3518..7f54814656 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -164965,6 +164965,11 @@ var featureConfig = { envVar: "CODEQL_ACTION_IGNORE_GENERATED_FILES", minimumVersion: void 0 }, + ["java_network_debugging" /* JavaNetworkDebugging */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_JAVA_NETWORK_DEBUGGING", + minimumVersion: void 0 + }, ["overlay_analysis" /* OverlayAnalysis */]: { defaultValue: false, envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS", diff --git a/lib/init-action.js b/lib/init-action.js index 19a73d5c41..112e9600d6 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -105172,6 +105172,11 @@ var featureConfig = { envVar: "CODEQL_ACTION_IGNORE_GENERATED_FILES", minimumVersion: void 0 }, + ["java_network_debugging" /* JavaNetworkDebugging */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_JAVA_NETWORK_DEBUGGING", + minimumVersion: void 0 + }, ["overlay_analysis" /* OverlayAnalysis */]: { defaultValue: false, envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS", diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index 2e53715e63..34f0a81d4c 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -103963,6 +103963,11 @@ var featureConfig = { envVar: "CODEQL_ACTION_IGNORE_GENERATED_FILES", minimumVersion: void 0 }, + ["java_network_debugging" /* JavaNetworkDebugging */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_JAVA_NETWORK_DEBUGGING", + minimumVersion: void 0 + }, ["overlay_analysis" /* OverlayAnalysis */]: { defaultValue: false, envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS", diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js index 289d27e5c6..245aabb4c3 100644 --- a/lib/setup-codeql-action.js +++ b/lib/setup-codeql-action.js @@ -103877,6 +103877,11 @@ var featureConfig = { envVar: "CODEQL_ACTION_IGNORE_GENERATED_FILES", minimumVersion: void 0 }, + ["java_network_debugging" /* JavaNetworkDebugging */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_JAVA_NETWORK_DEBUGGING", + minimumVersion: void 0 + }, ["overlay_analysis" /* OverlayAnalysis */]: { defaultValue: false, envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS", diff --git a/lib/start-proxy-action-post.js b/lib/start-proxy-action-post.js index 0ba8bd6e7e..8f00f8f7dc 100644 --- a/lib/start-proxy-action-post.js +++ b/lib/start-proxy-action-post.js @@ -160977,6 +160977,11 @@ var featureConfig = { envVar: "CODEQL_ACTION_IGNORE_GENERATED_FILES", minimumVersion: void 0 }, + ["java_network_debugging" /* JavaNetworkDebugging */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_JAVA_NETWORK_DEBUGGING", + minimumVersion: void 0 + }, ["overlay_analysis" /* OverlayAnalysis */]: { defaultValue: false, envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS", diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index 2b16dae66c..4b2f9cf895 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -120670,6 +120670,11 @@ var featureConfig = { envVar: "CODEQL_ACTION_IGNORE_GENERATED_FILES", minimumVersion: void 0 }, + ["java_network_debugging" /* JavaNetworkDebugging */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_JAVA_NETWORK_DEBUGGING", + minimumVersion: void 0 + }, ["overlay_analysis" /* OverlayAnalysis */]: { defaultValue: false, envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS", diff --git a/lib/upload-lib.js b/lib/upload-lib.js index 730c460ab8..118d96b5e6 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -107032,6 +107032,11 @@ var featureConfig = { envVar: "CODEQL_ACTION_IGNORE_GENERATED_FILES", minimumVersion: void 0 }, + ["java_network_debugging" /* JavaNetworkDebugging */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_JAVA_NETWORK_DEBUGGING", + minimumVersion: void 0 + }, ["overlay_analysis" /* OverlayAnalysis */]: { defaultValue: false, envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS", diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js index 00f580c815..4be6881714 100644 --- a/lib/upload-sarif-action-post.js +++ b/lib/upload-sarif-action-post.js @@ -161139,6 +161139,11 @@ var featureConfig = { envVar: "CODEQL_ACTION_IGNORE_GENERATED_FILES", minimumVersion: void 0 }, + ["java_network_debugging" /* JavaNetworkDebugging */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_JAVA_NETWORK_DEBUGGING", + minimumVersion: void 0 + }, ["overlay_analysis" /* OverlayAnalysis */]: { defaultValue: false, envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS", diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index 15e29edd58..a59044de79 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -106827,6 +106827,11 @@ var featureConfig = { envVar: "CODEQL_ACTION_IGNORE_GENERATED_FILES", minimumVersion: void 0 }, + ["java_network_debugging" /* JavaNetworkDebugging */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_JAVA_NETWORK_DEBUGGING", + minimumVersion: void 0 + }, ["overlay_analysis" /* OverlayAnalysis */]: { defaultValue: false, envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS", diff --git a/src/feature-flags.ts b/src/feature-flags.ts index 04508089d9..5714b1281e 100644 --- a/src/feature-flags.ts +++ b/src/feature-flags.ts @@ -47,6 +47,7 @@ export enum Feature { DisableKotlinAnalysisEnabled = "disable_kotlin_analysis_enabled", ExportDiagnosticsEnabled = "export_diagnostics_enabled", IgnoreGeneratedFiles = "ignore_generated_files", + JavaNetworkDebugging = "java_network_debugging", OverlayAnalysis = "overlay_analysis", OverlayAnalysisActions = "overlay_analysis_actions", OverlayAnalysisCodeScanningActions = "overlay_analysis_code_scanning_actions", @@ -168,6 +169,11 @@ export const featureConfig = { envVar: "CODEQL_ACTION_IGNORE_GENERATED_FILES", minimumVersion: undefined, }, + [Feature.JavaNetworkDebugging]: { + defaultValue: false, + envVar: "CODEQL_ACTION_JAVA_NETWORK_DEBUGGING", + minimumVersion: undefined, + }, [Feature.OverlayAnalysis]: { defaultValue: false, envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS", From e21e4ca93f825386ea5a94897f57845eb783a295 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Sun, 15 Feb 2026 18:12:51 +0000 Subject: [PATCH 2/2] Add debugging options to `JAVA_TOOL_OPTIONS` when FF is enabled --- lib/init-action.js | 14 ++++++++++++++ src/init-action.ts | 14 ++++++++++++++ 2 files changed, 28 insertions(+) diff --git a/lib/init-action.js b/lib/init-action.js index 112e9600d6..695daec933 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -103372,6 +103372,13 @@ function getRequiredEnvParam(paramName) { } return value; } +function getOptionalEnvVar(paramName) { + const value = process.env[paramName]; + if (value?.trim().length === 0) { + return void 0; + } + return value; +} var HTTPError = class extends Error { status; constructor(message, status) { @@ -109469,6 +109476,13 @@ exec ${goBinaryPath} "$@"` core13.exportVariable(key, value); } } + if (await features.getValue("java_network_debugging" /* JavaNetworkDebugging */)) { + const existingJavaToolOptions = getOptionalEnvVar("JAVA_TOOL_OPTIONS") || ""; + core13.exportVariable( + "JAVA_TOOL_OPTIONS", + `${existingJavaToolOptions} -Djavax.net.debug=ssl,handshake,certpath` + ); + } flushDiagnostics(config); await saveConfig(config, logger); core13.setOutput("codeql-path", config.codeQLCmd); diff --git a/src/init-action.ts b/src/init-action.ts index 5d459acaec..bd331be2b5 100644 --- a/src/init-action.ts +++ b/src/init-action.ts @@ -95,6 +95,7 @@ import { BuildMode, GitHubVersion, Result, + getOptionalEnvVar, } from "./util"; import { checkWorkflow } from "./workflow"; @@ -753,6 +754,19 @@ async function run(startedAt: Date) { } } + // Enable Java network debugging if the FF is enabled. + if (await features.getValue(Feature.JavaNetworkDebugging)) { + // Get the existing value of `JAVA_OPTS`, if any. + const existingJavaToolOptions = + getOptionalEnvVar("JAVA_TOOL_OPTIONS") || ""; + + // Add the network debugging options. + core.exportVariable( + "JAVA_TOOL_OPTIONS", + `${existingJavaToolOptions} -Djavax.net.debug=ssl,handshake,certpath`, + ); + } + // Write diagnostics to the database that we previously stored in memory because the database // did not exist until now. flushDiagnostics(config);