From d7cfd19fb824f2778a05b6a0eb35b042a1ec0d92 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Tue, 24 Feb 2026 13:21:16 +0000 Subject: [PATCH 01/11] Move SARIF types out of `util.ts` --- lib/analyze-action.js | 26 +++--- lib/init-action-post.js | 24 +++--- lib/upload-lib.js | 26 +++--- lib/upload-sarif-action.js | 26 +++--- src/sarif/index.test.ts | 88 +++++++++++++++++++ src/sarif/index.ts | 168 +++++++++++++++++++++++++++++++++++++ src/util.test.ts | 72 +--------------- src/util.ts | 167 +----------------------------------- 8 files changed, 317 insertions(+), 280 deletions(-) create mode 100644 src/sarif/index.test.ts create mode 100644 src/sarif/index.ts diff --git a/lib/analyze-action.js b/lib/analyze-action.js index cf0eef7f64..685b285139 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -105896,6 +105896,21 @@ var safeDump = renamed("safeDump", "dump"); // src/util.ts var semver = __toESM(require_semver2()); + +// src/sarif/index.ts +function getToolNames(sarif) { + const toolNames = {}; + for (const run2 of sarif.runs || []) { + const tool = run2.tool || {}; + const driver = tool.driver || {}; + if (typeof driver.name === "string" && driver.name.length > 0) { + toolNames[driver.name] = true; + } + } + return Object.keys(toolNames); +} + +// src/util.ts var BASE_DATABASE_OIDS_FILE_NAME = "base-database-oids.json"; var BROKEN_VERSIONS = ["0.0.0-20211207"]; var GITHUB_DOTCOM_URL = "https://github.com"; @@ -105916,17 +105931,6 @@ function getExtraOptionsEnvParam() { ); } } -function getToolNames(sarif) { - const toolNames = {}; - for (const run2 of sarif.runs || []) { - const tool = run2.tool || {}; - const driver = tool.driver || {}; - if (typeof driver.name === "string" && driver.name.length > 0) { - toolNames[driver.name] = true; - } - } - return Object.keys(toolNames); -} function getSystemReservedMemoryMegaBytes(totalMemoryMegaBytes, platform2) { const fixedAmount = 1024 * (platform2 === "win32" ? 1.5 : 1); const scaledAmount = getReservedRamScaleFactor() * Math.max(totalMemoryMegaBytes - 8 * 1024, 0); diff --git a/lib/init-action-post.js b/lib/init-action-post.js index 000e55c0a5..f0bd4ddd02 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -164000,6 +164000,19 @@ var semver = __toESM(require_semver2()); var maximumVersion = "3.20"; var minimumVersion = "3.14"; +// src/sarif/index.ts +function getToolNames(sarif) { + const toolNames = {}; + for (const run3 of sarif.runs || []) { + const tool = run3.tool || {}; + const driver = tool.driver || {}; + if (typeof driver.name === "string" && driver.name.length > 0) { + toolNames[driver.name] = true; + } + } + return Object.keys(toolNames); +} + // src/util.ts var BASE_DATABASE_OIDS_FILE_NAME = "base-database-oids.json"; var BROKEN_VERSIONS = ["0.0.0-20211207"]; @@ -164020,17 +164033,6 @@ function getExtraOptionsEnvParam() { ); } } -function getToolNames(sarif) { - const toolNames = {}; - for (const run3 of sarif.runs || []) { - const tool = run3.tool || {}; - const driver = tool.driver || {}; - if (typeof driver.name === "string" && driver.name.length > 0) { - toolNames[driver.name] = true; - } - } - return Object.keys(toolNames); -} function getCodeQLDatabasePath(config, language) { return path.resolve(config.dbLocation, language); } diff --git a/lib/upload-lib.js b/lib/upload-lib.js index eadfa50638..711e287446 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -105913,6 +105913,21 @@ var safeDump = renamed("safeDump", "dump"); // src/util.ts var semver = __toESM(require_semver2()); + +// src/sarif/index.ts +function getToolNames(sarif) { + const toolNames = {}; + for (const run of sarif.runs || []) { + const tool = run.tool || {}; + const driver = tool.driver || {}; + if (typeof driver.name === "string" && driver.name.length > 0) { + toolNames[driver.name] = true; + } + } + return Object.keys(toolNames); +} + +// src/util.ts var BASE_DATABASE_OIDS_FILE_NAME = "base-database-oids.json"; var BROKEN_VERSIONS = ["0.0.0-20211207"]; var GITHUB_DOTCOM_URL = "https://github.com"; @@ -105932,17 +105947,6 @@ function getExtraOptionsEnvParam() { ); } } -function getToolNames(sarif) { - const toolNames = {}; - for (const run of sarif.runs || []) { - const tool = run.tool || {}; - const driver = tool.driver || {}; - if (typeof driver.name === "string" && driver.name.length > 0) { - toolNames[driver.name] = true; - } - } - return Object.keys(toolNames); -} function getCodeQLDatabasePath(config, language) { return path.resolve(config.dbLocation, language); } diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index 91ddb60d51..b46e3b6b32 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -105887,6 +105887,21 @@ var safeDump = renamed("safeDump", "dump"); // src/util.ts var semver = __toESM(require_semver2()); + +// src/sarif/index.ts +function getToolNames(sarif) { + const toolNames = {}; + for (const run2 of sarif.runs || []) { + const tool = run2.tool || {}; + const driver = tool.driver || {}; + if (typeof driver.name === "string" && driver.name.length > 0) { + toolNames[driver.name] = true; + } + } + return Object.keys(toolNames); +} + +// src/util.ts var BASE_DATABASE_OIDS_FILE_NAME = "base-database-oids.json"; var BROKEN_VERSIONS = ["0.0.0-20211207"]; var GITHUB_DOTCOM_URL = "https://github.com"; @@ -105906,17 +105921,6 @@ function getExtraOptionsEnvParam() { ); } } -function getToolNames(sarif) { - const toolNames = {}; - for (const run2 of sarif.runs || []) { - const tool = run2.tool || {}; - const driver = tool.driver || {}; - if (typeof driver.name === "string" && driver.name.length > 0) { - toolNames[driver.name] = true; - } - } - return Object.keys(toolNames); -} function getCodeQLDatabasePath(config, language) { return path.resolve(config.dbLocation, language); } diff --git a/src/sarif/index.test.ts b/src/sarif/index.test.ts new file mode 100644 index 0000000000..3d41f848b2 --- /dev/null +++ b/src/sarif/index.test.ts @@ -0,0 +1,88 @@ +import * as fs from "fs"; + +import test from "ava"; + +import { + getRecordingLogger, + LoggedMessage, + setupTests, +} from "../testing-utils"; + +import { + fixInvalidNotifications, + getToolNames, + SarifLocation, + type SarifFile, +} from "."; + +setupTests(test); + +test("getToolNames", (t) => { + const input = fs.readFileSync( + `${__dirname}/../../src/testdata/tool-names.sarif`, + "utf8", + ); + const toolNames = getToolNames(JSON.parse(input) as SarifFile); + t.deepEqual(toolNames, ["CodeQL command-line toolchain", "ESLint"]); +}); + +function createMockSarifWithNotification( + locations: SarifLocation[], +): SarifFile { + return { + runs: [ + { + tool: { + driver: { + name: "CodeQL", + }, + }, + invocations: [ + { + toolExecutionNotifications: [ + { + locations, + }, + ], + }, + ], + }, + ], + }; +} + +const stubLocation: SarifLocation = { + physicalLocation: { + artifactLocation: { + uri: "file1", + }, + }, +}; + +test("fixInvalidNotifications leaves notifications with unique locations alone", (t) => { + const messages: LoggedMessage[] = []; + const result = fixInvalidNotifications( + createMockSarifWithNotification([stubLocation]), + getRecordingLogger(messages), + ); + t.deepEqual(result, createMockSarifWithNotification([stubLocation])); + t.is(messages.length, 1); + t.deepEqual(messages[0], { + type: "debug", + message: "No duplicate locations found in SARIF notification objects.", + }); +}); + +test("fixInvalidNotifications removes duplicate locations", (t) => { + const messages: LoggedMessage[] = []; + const result = fixInvalidNotifications( + createMockSarifWithNotification([stubLocation, stubLocation]), + getRecordingLogger(messages), + ); + t.deepEqual(result, createMockSarifWithNotification([stubLocation])); + t.is(messages.length, 1); + t.deepEqual(messages[0], { + type: "info", + message: "Removed 1 duplicate locations from SARIF notification objects.", + }); +}); diff --git a/src/sarif/index.ts b/src/sarif/index.ts new file mode 100644 index 0000000000..6dab843914 --- /dev/null +++ b/src/sarif/index.ts @@ -0,0 +1,168 @@ +import { Logger } from "../logging"; + +export interface SarifLocation { + physicalLocation?: { + artifactLocation?: { + uri?: string; + }; + }; +} + +export interface SarifNotification { + locations?: SarifLocation[]; +} + +export interface SarifInvocation { + toolExecutionNotifications?: SarifNotification[]; +} + +export interface SarifResult { + ruleId?: string; + rule?: { + id?: string; + }; + message?: { + text?: string; + }; + locations: Array<{ + physicalLocation: { + artifactLocation: { + uri: string; + }; + region?: { + startLine?: number; + }; + }; + }>; + relatedLocations?: Array<{ + physicalLocation: { + artifactLocation: { + uri: string; + }; + region?: { + startLine?: number; + }; + }; + }>; + partialFingerprints: { + primaryLocationLineHash?: string; + }; +} + +export interface SarifRun { + tool?: { + driver?: { + guid?: string; + name?: string; + fullName?: string; + semanticVersion?: string; + version?: string; + }; + }; + automationDetails?: { + id?: string; + }; + artifacts?: string[]; + invocations?: SarifInvocation[]; + results?: SarifResult[]; +} + +export interface SarifFile { + version?: string | null; + runs: SarifRun[]; +} + +/** + * Get the array of all the tool names contained in the given sarif contents. + * + * Returns an array of unique string tool names. + */ +export function getToolNames(sarif: SarifFile): string[] { + const toolNames = {}; + + for (const run of sarif.runs || []) { + const tool = run.tool || {}; + const driver = tool.driver || {}; + if (typeof driver.name === "string" && driver.name.length > 0) { + toolNames[driver.name] = true; + } + } + + return Object.keys(toolNames); +} + +export function removeDuplicateLocations( + locations: SarifLocation[], +): SarifLocation[] { + const newJsonLocations = new Set(); + return locations.filter((location) => { + const jsonLocation = JSON.stringify(location); + if (!newJsonLocations.has(jsonLocation)) { + newJsonLocations.add(jsonLocation); + return true; + } + return false; + }); +} + +export function fixInvalidNotifications( + sarif: SarifFile, + logger: Logger, +): SarifFile { + if (!Array.isArray(sarif.runs)) { + return sarif; + } + + // Ensure that the array of locations for each SARIF notification contains unique locations. + // This is a workaround for a bug in the CodeQL CLI that causes duplicate locations to be + // emitted in some cases. + let numDuplicateLocationsRemoved = 0; + + const newSarif = { + ...sarif, + runs: sarif.runs.map((run) => { + if ( + run.tool?.driver?.name !== "CodeQL" || + !Array.isArray(run.invocations) + ) { + return run; + } + return { + ...run, + invocations: run.invocations.map((invocation) => { + if (!Array.isArray(invocation.toolExecutionNotifications)) { + return invocation; + } + return { + ...invocation, + toolExecutionNotifications: + invocation.toolExecutionNotifications.map((notification) => { + if (!Array.isArray(notification.locations)) { + return notification; + } + const newLocations = removeDuplicateLocations( + notification.locations, + ); + numDuplicateLocationsRemoved += + notification.locations.length - newLocations.length; + return { + ...notification, + locations: newLocations, + }; + }), + }; + }), + }; + }), + }; + + if (numDuplicateLocationsRemoved > 0) { + logger.info( + `Removed ${numDuplicateLocationsRemoved} duplicate locations from SARIF notification ` + + "objects.", + ); + } else { + logger.debug("No duplicate locations found in SARIF notification objects."); + } + return newSarif; +} diff --git a/src/util.test.ts b/src/util.test.ts index 7b68500180..a7e49d470b 100644 --- a/src/util.test.ts +++ b/src/util.test.ts @@ -10,20 +10,11 @@ import * as sinon from "sinon"; import * as api from "./api-client"; import { EnvVar } from "./environment"; import { getRunnerLogger } from "./logging"; -import { getRecordingLogger, LoggedMessage, setupTests } from "./testing-utils"; +import { setupTests } from "./testing-utils"; import * as util from "./util"; setupTests(test); -test("getToolNames", (t) => { - const input = fs.readFileSync( - `${__dirname}/../src/testdata/tool-names.sarif`, - "utf8", - ); - const toolNames = util.getToolNames(JSON.parse(input) as util.SarifFile); - t.deepEqual(toolNames, ["CodeQL command-line toolchain", "ESLint"]); -}); - const GET_MEMORY_FLAG_TESTS = [ { input: undefined, @@ -368,67 +359,6 @@ test("waitForResultWithTimeLimit doesn't call callback if promise resolves", asy t.deepEqual(result, 99); }); -function createMockSarifWithNotification( - locations: util.SarifLocation[], -): util.SarifFile { - return { - runs: [ - { - tool: { - driver: { - name: "CodeQL", - }, - }, - invocations: [ - { - toolExecutionNotifications: [ - { - locations, - }, - ], - }, - ], - }, - ], - }; -} - -const stubLocation: util.SarifLocation = { - physicalLocation: { - artifactLocation: { - uri: "file1", - }, - }, -}; - -test("fixInvalidNotifications leaves notifications with unique locations alone", (t) => { - const messages: LoggedMessage[] = []; - const result = util.fixInvalidNotifications( - createMockSarifWithNotification([stubLocation]), - getRecordingLogger(messages), - ); - t.deepEqual(result, createMockSarifWithNotification([stubLocation])); - t.is(messages.length, 1); - t.deepEqual(messages[0], { - type: "debug", - message: "No duplicate locations found in SARIF notification objects.", - }); -}); - -test("fixInvalidNotifications removes duplicate locations", (t) => { - const messages: LoggedMessage[] = []; - const result = util.fixInvalidNotifications( - createMockSarifWithNotification([stubLocation, stubLocation]), - getRecordingLogger(messages), - ); - t.deepEqual(result, createMockSarifWithNotification([stubLocation])); - t.is(messages.length, 1); - t.deepEqual(messages[0], { - type: "info", - message: "Removed 1 duplicate locations from SARIF notification objects.", - }); -}); - function formatGitHubVersion(version: util.GitHubVersion): string { switch (version.type) { case util.GitHubVariant.DOTCOM: diff --git a/src/util.ts b/src/util.ts index 823291a0a6..60def1d82c 100644 --- a/src/util.ts +++ b/src/util.ts @@ -17,6 +17,8 @@ import { EnvVar } from "./environment"; import { Language } from "./languages"; import { Logger } from "./logging"; +export * from "./sarif"; + /** * The name of the file containing the base database OIDs, as stored in the * root of the database location. @@ -55,78 +57,6 @@ const DEFAULT_RESERVED_RAM_SCALING_FACTOR = 0.05; */ const MINIMUM_CGROUP_MEMORY_LIMIT_BYTES = 1024 * 1024; -export interface SarifFile { - version?: string | null; - runs: SarifRun[]; -} - -export interface SarifRun { - tool?: { - driver?: { - guid?: string; - name?: string; - fullName?: string; - semanticVersion?: string; - version?: string; - }; - }; - automationDetails?: { - id?: string; - }; - artifacts?: string[]; - invocations?: SarifInvocation[]; - results?: SarifResult[]; -} - -export interface SarifInvocation { - toolExecutionNotifications?: SarifNotification[]; -} - -export interface SarifResult { - ruleId?: string; - rule?: { - id?: string; - }; - message?: { - text?: string; - }; - locations: Array<{ - physicalLocation: { - artifactLocation: { - uri: string; - }; - region?: { - startLine?: number; - }; - }; - }>; - relatedLocations?: Array<{ - physicalLocation: { - artifactLocation: { - uri: string; - }; - region?: { - startLine?: number; - }; - }; - }>; - partialFingerprints: { - primaryLocationLineHash?: string; - }; -} - -export interface SarifNotification { - locations?: SarifLocation[]; -} - -export interface SarifLocation { - physicalLocation?: { - artifactLocation?: { - uri?: string; - }; - }; -} - /** * Get the extra options for the codeql commands. */ @@ -146,25 +76,6 @@ export function getExtraOptionsEnvParam(): object { } } -/** - * Get the array of all the tool names contained in the given sarif contents. - * - * Returns an array of unique string tool names. - */ -export function getToolNames(sarif: SarifFile): string[] { - const toolNames = {}; - - for (const run of sarif.runs || []) { - const tool = run.tool || {}; - const driver = tool.driver || {}; - if (typeof driver.name === "string" && driver.name.length > 0) { - toolNames[driver.name] = true; - } - } - - return Object.keys(toolNames); -} - // Creates a random temporary directory, runs the given body, and then deletes the directory. // Mostly intended for use within tests. export async function withTmpDir( @@ -984,80 +895,6 @@ export function parseMatrixInput( return JSON.parse(matrixInput) as { [key: string]: string }; } -function removeDuplicateLocations(locations: SarifLocation[]): SarifLocation[] { - const newJsonLocations = new Set(); - return locations.filter((location) => { - const jsonLocation = JSON.stringify(location); - if (!newJsonLocations.has(jsonLocation)) { - newJsonLocations.add(jsonLocation); - return true; - } - return false; - }); -} - -export function fixInvalidNotifications( - sarif: SarifFile, - logger: Logger, -): SarifFile { - if (!Array.isArray(sarif.runs)) { - return sarif; - } - - // Ensure that the array of locations for each SARIF notification contains unique locations. - // This is a workaround for a bug in the CodeQL CLI that causes duplicate locations to be - // emitted in some cases. - let numDuplicateLocationsRemoved = 0; - - const newSarif = { - ...sarif, - runs: sarif.runs.map((run) => { - if ( - run.tool?.driver?.name !== "CodeQL" || - !Array.isArray(run.invocations) - ) { - return run; - } - return { - ...run, - invocations: run.invocations.map((invocation) => { - if (!Array.isArray(invocation.toolExecutionNotifications)) { - return invocation; - } - return { - ...invocation, - toolExecutionNotifications: - invocation.toolExecutionNotifications.map((notification) => { - if (!Array.isArray(notification.locations)) { - return notification; - } - const newLocations = removeDuplicateLocations( - notification.locations, - ); - numDuplicateLocationsRemoved += - notification.locations.length - newLocations.length; - return { - ...notification, - locations: newLocations, - }; - }), - }; - }), - }; - }), - }; - - if (numDuplicateLocationsRemoved > 0) { - logger.info( - `Removed ${numDuplicateLocationsRemoved} duplicate locations from SARIF notification ` + - "objects.", - ); - } else { - logger.debug("No duplicate locations found in SARIF notification objects."); - } - return newSarif; -} - export function wrapError(error: unknown): Error { return error instanceof Error ? error : new Error(String(error)); } From 2fce45b8e664dda01897006323626859e2ac7d9b Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Sun, 1 Mar 2026 13:52:45 +0000 Subject: [PATCH 02/11] Add wrapper around `JSON.parse` to `sarif` module --- lib/analyze-action.js | 260 +++++++------- lib/init-action-post.js | 676 ++++++++++++++++++------------------- lib/upload-lib.js | 204 +++++------ lib/upload-sarif-action.js | 206 +++++------ src/sarif/index.ts | 6 + src/upload-lib.ts | 15 +- 6 files changed, 684 insertions(+), 683 deletions(-) diff --git a/lib/analyze-action.js b/lib/analyze-action.js index 685b285139..72dc91b047 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -204,7 +204,7 @@ var require_file_command = __commonJS({ exports2.issueFileCommand = issueFileCommand; exports2.prepareKeyValueMessage = prepareKeyValueMessage; var crypto3 = __importStar2(require("crypto")); - var fs17 = __importStar2(require("fs")); + var fs18 = __importStar2(require("fs")); var os5 = __importStar2(require("os")); var utils_1 = require_utils(); function issueFileCommand(command, message) { @@ -212,10 +212,10 @@ var require_file_command = __commonJS({ if (!filePath) { throw new Error(`Unable to find environment variable for file command ${command}`); } - if (!fs17.existsSync(filePath)) { + if (!fs18.existsSync(filePath)) { throw new Error(`Missing file at path: ${filePath}`); } - fs17.appendFileSync(filePath, `${(0, utils_1.toCommandValue)(message)}${os5.EOL}`, { + fs18.appendFileSync(filePath, `${(0, utils_1.toCommandValue)(message)}${os5.EOL}`, { encoding: "utf8" }); } @@ -20123,13 +20123,13 @@ var require_io_util = __commonJS({ exports2.isRooted = isRooted; exports2.tryGetExecutablePath = tryGetExecutablePath; exports2.getCmdPath = getCmdPath; - var fs17 = __importStar2(require("fs")); + var fs18 = __importStar2(require("fs")); var path16 = __importStar2(require("path")); - _a = fs17.promises, exports2.chmod = _a.chmod, exports2.copyFile = _a.copyFile, exports2.lstat = _a.lstat, exports2.mkdir = _a.mkdir, exports2.open = _a.open, exports2.readdir = _a.readdir, exports2.rename = _a.rename, exports2.rm = _a.rm, exports2.rmdir = _a.rmdir, exports2.stat = _a.stat, exports2.symlink = _a.symlink, exports2.unlink = _a.unlink; + _a = fs18.promises, exports2.chmod = _a.chmod, exports2.copyFile = _a.copyFile, exports2.lstat = _a.lstat, exports2.mkdir = _a.mkdir, exports2.open = _a.open, exports2.readdir = _a.readdir, exports2.rename = _a.rename, exports2.rm = _a.rm, exports2.rmdir = _a.rmdir, exports2.stat = _a.stat, exports2.symlink = _a.symlink, exports2.unlink = _a.unlink; exports2.IS_WINDOWS = process.platform === "win32"; function readlink(fsPath) { return __awaiter2(this, void 0, void 0, function* () { - const result = yield fs17.promises.readlink(fsPath); + const result = yield fs18.promises.readlink(fsPath); if (exports2.IS_WINDOWS && !result.endsWith("\\")) { return `${result}\\`; } @@ -20137,7 +20137,7 @@ var require_io_util = __commonJS({ }); } exports2.UV_FS_O_EXLOCK = 268435456; - exports2.READONLY = fs17.constants.O_RDONLY; + exports2.READONLY = fs18.constants.O_RDONLY; function exists(fsPath) { return __awaiter2(this, void 0, void 0, function* () { try { @@ -50403,7 +50403,7 @@ var require_internal_globber = __commonJS({ Object.defineProperty(exports2, "__esModule", { value: true }); exports2.DefaultGlobber = void 0; var core15 = __importStar2(require_core()); - var fs17 = __importStar2(require("fs")); + var fs18 = __importStar2(require("fs")); var globOptionsHelper = __importStar2(require_internal_glob_options_helper()); var path16 = __importStar2(require("path")); var patternHelper = __importStar2(require_internal_pattern_helper()); @@ -50457,7 +50457,7 @@ var require_internal_globber = __commonJS({ for (const searchPath of patternHelper.getSearchPaths(patterns)) { core15.debug(`Search path '${searchPath}'`); try { - yield __await2(fs17.promises.lstat(searchPath)); + yield __await2(fs18.promises.lstat(searchPath)); } catch (err) { if (err.code === "ENOENT") { continue; @@ -50491,7 +50491,7 @@ var require_internal_globber = __commonJS({ continue; } const childLevel = item.level + 1; - const childItems = (yield __await2(fs17.promises.readdir(item.path))).map((x) => new internal_search_state_1.SearchState(path16.join(item.path, x), childLevel)); + const childItems = (yield __await2(fs18.promises.readdir(item.path))).map((x) => new internal_search_state_1.SearchState(path16.join(item.path, x), childLevel)); stack.push(...childItems.reverse()); } else if (match & internal_match_kind_1.MatchKind.File) { yield yield __await2(item.path); @@ -50526,7 +50526,7 @@ var require_internal_globber = __commonJS({ let stats; if (options.followSymbolicLinks) { try { - stats = yield fs17.promises.stat(item.path); + stats = yield fs18.promises.stat(item.path); } catch (err) { if (err.code === "ENOENT") { if (options.omitBrokenSymbolicLinks) { @@ -50538,10 +50538,10 @@ var require_internal_globber = __commonJS({ throw err; } } else { - stats = yield fs17.promises.lstat(item.path); + stats = yield fs18.promises.lstat(item.path); } if (stats.isDirectory() && options.followSymbolicLinks) { - const realPath = yield fs17.promises.realpath(item.path); + const realPath = yield fs18.promises.realpath(item.path); while (traversalChain.length >= item.level) { traversalChain.pop(); } @@ -50650,7 +50650,7 @@ var require_internal_hash_files = __commonJS({ exports2.hashFiles = hashFiles2; var crypto3 = __importStar2(require("crypto")); var core15 = __importStar2(require_core()); - var fs17 = __importStar2(require("fs")); + var fs18 = __importStar2(require("fs")); var stream2 = __importStar2(require("stream")); var util = __importStar2(require("util")); var path16 = __importStar2(require("path")); @@ -50673,13 +50673,13 @@ var require_internal_hash_files = __commonJS({ writeDelegate(`Ignore '${file}' since it is not under GITHUB_WORKSPACE.`); continue; } - if (fs17.statSync(file).isDirectory()) { + if (fs18.statSync(file).isDirectory()) { writeDelegate(`Skip directory '${file}'.`); continue; } const hash2 = crypto3.createHash("sha256"); const pipeline = util.promisify(stream2.pipeline); - yield pipeline(fs17.createReadStream(file), hash2); + yield pipeline(fs18.createReadStream(file), hash2); result.write(hash2.digest()); count++; if (!hasMatch) { @@ -52054,7 +52054,7 @@ var require_cacheUtils = __commonJS({ var glob2 = __importStar2(require_glob()); var io7 = __importStar2(require_io()); var crypto3 = __importStar2(require("crypto")); - var fs17 = __importStar2(require("fs")); + var fs18 = __importStar2(require("fs")); var path16 = __importStar2(require("path")); var semver9 = __importStar2(require_semver3()); var util = __importStar2(require("util")); @@ -52083,7 +52083,7 @@ var require_cacheUtils = __commonJS({ }); } function getArchiveFileSizeInBytes(filePath) { - return fs17.statSync(filePath).size; + return fs18.statSync(filePath).size; } function resolvePaths(patterns) { return __awaiter2(this, void 0, void 0, function* () { @@ -52121,7 +52121,7 @@ var require_cacheUtils = __commonJS({ } function unlinkFile(filePath) { return __awaiter2(this, void 0, void 0, function* () { - return util.promisify(fs17.unlink)(filePath); + return util.promisify(fs18.unlink)(filePath); }); } function getVersion(app_1) { @@ -52163,7 +52163,7 @@ var require_cacheUtils = __commonJS({ } function getGnuTarPathOnWindows() { return __awaiter2(this, void 0, void 0, function* () { - if (fs17.existsSync(constants_1.GnuTarPathOnWindows)) { + if (fs18.existsSync(constants_1.GnuTarPathOnWindows)) { return constants_1.GnuTarPathOnWindows; } const versionOutput = yield getVersion("tar"); @@ -92320,7 +92320,7 @@ var require_downloadUtils = __commonJS({ var http_client_1 = require_lib(); var storage_blob_1 = require_commonjs15(); var buffer = __importStar2(require("buffer")); - var fs17 = __importStar2(require("fs")); + var fs18 = __importStar2(require("fs")); var stream2 = __importStar2(require("stream")); var util = __importStar2(require("util")); var utils = __importStar2(require_cacheUtils()); @@ -92431,7 +92431,7 @@ var require_downloadUtils = __commonJS({ exports2.DownloadProgress = DownloadProgress; function downloadCacheHttpClient(archiveLocation, archivePath) { return __awaiter2(this, void 0, void 0, function* () { - const writeStream = fs17.createWriteStream(archivePath); + const writeStream = fs18.createWriteStream(archivePath); const httpClient = new http_client_1.HttpClient("actions/cache"); const downloadResponse = yield (0, requestUtils_1.retryHttpClientResponse)("downloadCache", () => __awaiter2(this, void 0, void 0, function* () { return httpClient.get(archiveLocation); @@ -92456,7 +92456,7 @@ var require_downloadUtils = __commonJS({ function downloadCacheHttpClientConcurrent(archiveLocation, archivePath, options) { return __awaiter2(this, void 0, void 0, function* () { var _a; - const archiveDescriptor = yield fs17.promises.open(archivePath, "w"); + const archiveDescriptor = yield fs18.promises.open(archivePath, "w"); const httpClient = new http_client_1.HttpClient("actions/cache", void 0, { socketTimeout: options.timeoutInMs, keepAlive: true @@ -92572,7 +92572,7 @@ var require_downloadUtils = __commonJS({ } else { const maxSegmentSize = Math.min(134217728, buffer.constants.MAX_LENGTH); const downloadProgress = new DownloadProgress(contentLength); - const fd = fs17.openSync(archivePath, "w"); + const fd = fs18.openSync(archivePath, "w"); try { downloadProgress.startDisplayTimer(); const controller = new abort_controller_1.AbortController(); @@ -92590,12 +92590,12 @@ var require_downloadUtils = __commonJS({ controller.abort(); throw new Error("Aborting cache download as the download time exceeded the timeout."); } else if (Buffer.isBuffer(result)) { - fs17.writeFileSync(fd, result); + fs18.writeFileSync(fd, result); } } } finally { downloadProgress.stopDisplayTimer(); - fs17.closeSync(fd); + fs18.closeSync(fd); } } }); @@ -92917,7 +92917,7 @@ var require_cacheHttpClient = __commonJS({ var core15 = __importStar2(require_core()); var http_client_1 = require_lib(); var auth_1 = require_auth(); - var fs17 = __importStar2(require("fs")); + var fs18 = __importStar2(require("fs")); var url_1 = require("url"); var utils = __importStar2(require_cacheUtils()); var uploadUtils_1 = require_uploadUtils(); @@ -93052,7 +93052,7 @@ Other caches with similar key:`); return __awaiter2(this, void 0, void 0, function* () { const fileSize = utils.getArchiveFileSizeInBytes(archivePath); const resourceUrl = getCacheApiUrl(`caches/${cacheId.toString()}`); - const fd = fs17.openSync(archivePath, "r"); + const fd = fs18.openSync(archivePath, "r"); const uploadOptions = (0, options_1.getUploadOptions)(options); const concurrency = utils.assertDefined("uploadConcurrency", uploadOptions.uploadConcurrency); const maxChunkSize = utils.assertDefined("uploadChunkSize", uploadOptions.uploadChunkSize); @@ -93066,7 +93066,7 @@ Other caches with similar key:`); const start = offset; const end = offset + chunkSize - 1; offset += maxChunkSize; - yield uploadChunk(httpClient, resourceUrl, () => fs17.createReadStream(archivePath, { + yield uploadChunk(httpClient, resourceUrl, () => fs18.createReadStream(archivePath, { fd, start, end, @@ -93077,7 +93077,7 @@ Other caches with similar key:`); } }))); } finally { - fs17.closeSync(fd); + fs18.closeSync(fd); } return; }); @@ -99033,7 +99033,7 @@ var require_manifest = __commonJS({ var core_1 = require_core(); var os5 = require("os"); var cp = require("child_process"); - var fs17 = require("fs"); + var fs18 = require("fs"); function _findMatch(versionSpec, stable, candidates, archFilter) { return __awaiter2(this, void 0, void 0, function* () { const platFilter = os5.platform(); @@ -99095,10 +99095,10 @@ var require_manifest = __commonJS({ const lsbReleaseFile = "/etc/lsb-release"; const osReleaseFile = "/etc/os-release"; let contents = ""; - if (fs17.existsSync(lsbReleaseFile)) { - contents = fs17.readFileSync(lsbReleaseFile).toString(); - } else if (fs17.existsSync(osReleaseFile)) { - contents = fs17.readFileSync(osReleaseFile).toString(); + if (fs18.existsSync(lsbReleaseFile)) { + contents = fs18.readFileSync(lsbReleaseFile).toString(); + } else if (fs18.existsSync(osReleaseFile)) { + contents = fs18.readFileSync(osReleaseFile).toString(); } return contents; } @@ -99307,7 +99307,7 @@ var require_tool_cache = __commonJS({ var core15 = __importStar2(require_core()); var io7 = __importStar2(require_io()); var crypto3 = __importStar2(require("crypto")); - var fs17 = __importStar2(require("fs")); + var fs18 = __importStar2(require("fs")); var mm = __importStar2(require_manifest()); var os5 = __importStar2(require("os")); var path16 = __importStar2(require("path")); @@ -99353,7 +99353,7 @@ var require_tool_cache = __commonJS({ } function downloadToolAttempt(url2, dest, auth2, headers) { return __awaiter2(this, void 0, void 0, function* () { - if (fs17.existsSync(dest)) { + if (fs18.existsSync(dest)) { throw new Error(`Destination file path ${dest} already exists`); } const http = new httpm.HttpClient(userAgent2, [], { @@ -99377,7 +99377,7 @@ var require_tool_cache = __commonJS({ const readStream = responseMessageFactory(); let succeeded = false; try { - yield pipeline(readStream, fs17.createWriteStream(dest)); + yield pipeline(readStream, fs18.createWriteStream(dest)); core15.debug("download complete"); succeeded = true; return dest; @@ -99589,11 +99589,11 @@ var require_tool_cache = __commonJS({ arch2 = arch2 || os5.arch(); core15.debug(`Caching tool ${tool} ${version} ${arch2}`); core15.debug(`source dir: ${sourceDir}`); - if (!fs17.statSync(sourceDir).isDirectory()) { + if (!fs18.statSync(sourceDir).isDirectory()) { throw new Error("sourceDir is not a directory"); } const destPath = yield _createToolPath(tool, version, arch2); - for (const itemName of fs17.readdirSync(sourceDir)) { + for (const itemName of fs18.readdirSync(sourceDir)) { const s = path16.join(sourceDir, itemName); yield io7.cp(s, destPath, { recursive: true }); } @@ -99607,7 +99607,7 @@ var require_tool_cache = __commonJS({ arch2 = arch2 || os5.arch(); core15.debug(`Caching tool ${tool} ${version} ${arch2}`); core15.debug(`source file: ${sourceFile}`); - if (!fs17.statSync(sourceFile).isFile()) { + if (!fs18.statSync(sourceFile).isFile()) { throw new Error("sourceFile is not a file"); } const destFolder = yield _createToolPath(tool, version, arch2); @@ -99636,7 +99636,7 @@ var require_tool_cache = __commonJS({ versionSpec = semver9.clean(versionSpec) || ""; const cachePath = path16.join(_getCacheDirectory(), toolName, versionSpec, arch2); core15.debug(`checking cache: ${cachePath}`); - if (fs17.existsSync(cachePath) && fs17.existsSync(`${cachePath}.complete`)) { + if (fs18.existsSync(cachePath) && fs18.existsSync(`${cachePath}.complete`)) { core15.debug(`Found tool in cache ${toolName} ${versionSpec} ${arch2}`); toolPath = cachePath; } else { @@ -99649,12 +99649,12 @@ var require_tool_cache = __commonJS({ const versions = []; arch2 = arch2 || os5.arch(); const toolPath = path16.join(_getCacheDirectory(), toolName); - if (fs17.existsSync(toolPath)) { - const children = fs17.readdirSync(toolPath); + if (fs18.existsSync(toolPath)) { + const children = fs18.readdirSync(toolPath); for (const child of children) { if (isExplicitVersion(child)) { const fullPath = path16.join(toolPath, child, arch2 || ""); - if (fs17.existsSync(fullPath) && fs17.existsSync(`${fullPath}.complete`)) { + if (fs18.existsSync(fullPath) && fs18.existsSync(`${fullPath}.complete`)) { versions.push(child); } } @@ -99725,7 +99725,7 @@ var require_tool_cache = __commonJS({ function _completeToolPath(tool, version, arch2) { const folderPath = path16.join(_getCacheDirectory(), tool, semver9.clean(version) || version, arch2 || ""); const markerPath = `${folderPath}.complete`; - fs17.writeFileSync(markerPath, ""); + fs18.writeFileSync(markerPath, ""); core15.debug("finished caching tool"); } function isExplicitVersion(versionSpec) { @@ -103232,13 +103232,13 @@ __export(analyze_action_exports, { runPromise: () => runPromise }); module.exports = __toCommonJS(analyze_action_exports); -var fs16 = __toESM(require("fs")); +var fs17 = __toESM(require("fs")); var import_path4 = __toESM(require("path")); var import_perf_hooks3 = require("perf_hooks"); var core14 = __toESM(require_core()); // src/actions-util.ts -var fs2 = __toESM(require("fs")); +var fs3 = __toESM(require("fs")); var path2 = __toESM(require("path")); var core4 = __toESM(require_core()); var toolrunner = __toESM(require_toolrunner()); @@ -103246,7 +103246,7 @@ var github = __toESM(require_github()); var io2 = __toESM(require_io()); // src/util.ts -var fs = __toESM(require("fs")); +var fs2 = __toESM(require("fs")); var fsPromises = __toESM(require("fs/promises")); var os = __toESM(require("os")); var path = __toESM(require("path")); @@ -103261,21 +103261,21 @@ async function getFolderSize(itemPath, options) { getFolderSize.loose = async (itemPath, options) => await core(itemPath, options); getFolderSize.strict = async (itemPath, options) => await core(itemPath, options, { strict: true }); async function core(rootItemPath, options = {}, returnType = {}) { - const fs17 = options.fs || await import("node:fs/promises"); + const fs18 = options.fs || await import("node:fs/promises"); let folderSize = 0n; const foundInos = /* @__PURE__ */ new Set(); const errors = []; await processItem(rootItemPath); async function processItem(itemPath) { if (options.ignore?.test(itemPath)) return; - const stats = returnType.strict ? await fs17.lstat(itemPath, { bigint: true }) : await fs17.lstat(itemPath, { bigint: true }).catch((error3) => errors.push(error3)); + const stats = returnType.strict ? await fs18.lstat(itemPath, { bigint: true }) : await fs18.lstat(itemPath, { bigint: true }).catch((error3) => errors.push(error3)); if (typeof stats !== "object") return; if (!foundInos.has(stats.ino)) { foundInos.add(stats.ino); folderSize += stats.size; } if (stats.isDirectory()) { - const directoryItems = returnType.strict ? await fs17.readdir(itemPath) : await fs17.readdir(itemPath).catch((error3) => errors.push(error3)); + const directoryItems = returnType.strict ? await fs18.readdir(itemPath) : await fs18.readdir(itemPath).catch((error3) => errors.push(error3)); if (typeof directoryItems !== "object") return; await Promise.all( directoryItems.map( @@ -105898,6 +105898,7 @@ var safeDump = renamed("safeDump", "dump"); var semver = __toESM(require_semver2()); // src/sarif/index.ts +var fs = __toESM(require("fs")); function getToolNames(sarif) { const toolNames = {}; for (const run2 of sarif.runs || []) { @@ -105909,6 +105910,9 @@ function getToolNames(sarif) { } return Object.keys(toolNames); } +function readSarifFile(sarifFilePath) { + return JSON.parse(fs.readFileSync(sarifFilePath, "utf8")); +} // src/util.ts var BASE_DATABASE_OIDS_FILE_NAME = "base-database-oids.json"; @@ -105982,13 +105986,13 @@ function getTotalMemoryBytes(logger) { return limit; } function getCgroupMemoryLimitBytes(limitFile, logger) { - if (!fs.existsSync(limitFile)) { + if (!fs2.existsSync(limitFile)) { logger.debug( `While resolving RAM, did not find a cgroup memory limit at ${limitFile}.` ); return void 0; } - const limit = Number(fs.readFileSync(limitFile, "utf8")); + const limit = Number(fs2.readFileSync(limitFile, "utf8")); if (!Number.isInteger(limit)) { logger.debug( `While resolving RAM, ignored the file ${limitFile} that may contain a cgroup memory limit as this file did not contain an integer.` @@ -106062,13 +106066,13 @@ function getThreadsFlagValue(userInput, logger) { return numThreads; } function getCgroupCpuCountFromCpuMax(cpuMaxFile, logger) { - if (!fs.existsSync(cpuMaxFile)) { + if (!fs2.existsSync(cpuMaxFile)) { logger.debug( `While resolving threads, did not find a cgroup CPU file at ${cpuMaxFile}.` ); return void 0; } - const cpuMaxString = fs.readFileSync(cpuMaxFile, "utf-8"); + const cpuMaxString = fs2.readFileSync(cpuMaxFile, "utf-8"); const cpuMaxStringSplit = cpuMaxString.split(" "); if (cpuMaxStringSplit.length !== 2) { logger.debug( @@ -106088,14 +106092,14 @@ function getCgroupCpuCountFromCpuMax(cpuMaxFile, logger) { return cpuCount; } function getCgroupCpuCountFromCpus(cpusFile, logger) { - if (!fs.existsSync(cpusFile)) { + if (!fs2.existsSync(cpusFile)) { logger.debug( `While resolving threads, did not find a cgroup CPUs file at ${cpusFile}.` ); return void 0; } let cpuCount = 0; - const cpusString = fs.readFileSync(cpusFile, "utf-8").trim(); + const cpusString = fs2.readFileSync(cpusFile, "utf-8").trim(); if (cpusString.length === 0) { return void 0; } @@ -106225,12 +106229,12 @@ function getBaseDatabaseOidsFilePath(config) { async function bundleDb(config, language, codeql, dbName, { includeDiagnostics }) { const databasePath = getCodeQLDatabasePath(config, language); const databaseBundlePath = path.resolve(config.dbLocation, `${dbName}.zip`); - if (fs.existsSync(databaseBundlePath)) { - await fs.promises.rm(databaseBundlePath, { force: true }); + if (fs2.existsSync(databaseBundlePath)) { + await fs2.promises.rm(databaseBundlePath, { force: true }); } const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); const additionalFiles = []; - if (fs.existsSync(baseDatabaseOidsFilePath)) { + if (fs2.existsSync(baseDatabaseOidsFilePath)) { await fsPromises.copyFile( baseDatabaseOidsFilePath, path.join(databasePath, BASE_DATABASE_OIDS_FILE_NAME) @@ -106378,7 +106382,7 @@ function cloneObject(obj) { async function cleanUpPath(file, name, logger) { logger.debug(`Cleaning up ${name}.`); try { - await fs.promises.rm(file, { + await fs2.promises.rm(file, { force: true, recursive: true }); @@ -106441,7 +106445,7 @@ function getRelativeScriptPath() { function getWorkflowEvent() { const eventJsonFile = getRequiredEnvParam("GITHUB_EVENT_PATH"); try { - return JSON.parse(fs2.readFileSync(eventJsonFile, "utf-8")); + return JSON.parse(fs3.readFileSync(eventJsonFile, "utf-8")); } catch (e) { throw new Error( `Unable to read workflow event JSON from ${eventJsonFile}: ${e}` @@ -106687,7 +106691,7 @@ var SarifScanOrder = [ ]; // src/analyze.ts -var fs12 = __toESM(require("fs")); +var fs13 = __toESM(require("fs")); var path12 = __toESM(require("path")); var import_perf_hooks2 = require("perf_hooks"); var io5 = __toESM(require_io()); @@ -106969,7 +106973,7 @@ function wrapApiConfigurationError(e) { } // src/codeql.ts -var fs11 = __toESM(require("fs")); +var fs12 = __toESM(require("fs")); var path11 = __toESM(require("path")); var core10 = __toESM(require_core()); var toolrunner3 = __toESM(require_toolrunner()); @@ -107217,7 +107221,7 @@ function wrapCliConfigurationError(cliError) { } // src/config-utils.ts -var fs6 = __toESM(require("fs")); +var fs7 = __toESM(require("fs")); var path7 = __toESM(require("path")); // src/caching-utils.ts @@ -107355,11 +107359,11 @@ function writeDiagnostic(config, language, diagnostic) { } // src/diff-informed-analysis-utils.ts -var fs5 = __toESM(require("fs")); +var fs6 = __toESM(require("fs")); var path6 = __toESM(require("path")); // src/feature-flags.ts -var fs4 = __toESM(require("fs")); +var fs5 = __toESM(require("fs")); var path5 = __toESM(require("path")); var semver5 = __toESM(require_semver2()); @@ -107368,7 +107372,7 @@ var bundleVersion = "codeql-bundle-v2.24.2"; var cliVersion = "2.24.2"; // src/overlay/index.ts -var fs3 = __toESM(require("fs")); +var fs4 = __toESM(require("fs")); var path4 = __toESM(require("path")); var actionsCache = __toESM(require_cache5()); @@ -107579,12 +107583,12 @@ async function writeBaseDatabaseOidsFile(config, sourceRoot) { const gitFileOids = await getFileOidsUnderPath(sourceRoot); const gitFileOidsJson = JSON.stringify(gitFileOids); const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); - await fs3.promises.writeFile(baseDatabaseOidsFilePath, gitFileOidsJson); + await fs4.promises.writeFile(baseDatabaseOidsFilePath, gitFileOidsJson); } async function readBaseDatabaseOidsFile(config, logger) { const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); try { - const contents = await fs3.promises.readFile( + const contents = await fs4.promises.readFile( baseDatabaseOidsFilePath, "utf-8" ); @@ -107611,7 +107615,7 @@ async function writeOverlayChangesFile(config, sourceRoot, logger) { logger.debug( `Writing overlay changed files to ${overlayChangesFile}: ${changedFilesJson}` ); - await fs3.promises.writeFile(overlayChangesFile, changedFilesJson); + await fs4.promises.writeFile(overlayChangesFile, changedFilesJson); return overlayChangesFile; } function computeChangedFiles(baseFileOids, overlayFileOids) { @@ -107633,7 +107637,7 @@ var CACHE_PREFIX = "codeql-overlay-base-database"; var MAX_CACHE_OPERATION_MS = 6e5; async function checkOverlayBaseDatabase(codeql, config, logger, warningPrefix) { const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); - if (!fs3.existsSync(baseDatabaseOidsFilePath)) { + if (!fs4.existsSync(baseDatabaseOidsFilePath)) { logger.warning( `${warningPrefix}: ${baseDatabaseOidsFilePath} does not exist` ); @@ -108248,12 +108252,12 @@ var GitHubFeatureFlags = class { } async readLocalFlags() { try { - if (fs4.existsSync(this.featureFlagsFile)) { + if (fs5.existsSync(this.featureFlagsFile)) { this.logger.debug( `Loading feature flags from ${this.featureFlagsFile}` ); return JSON.parse( - fs4.readFileSync(this.featureFlagsFile, "utf8") + fs5.readFileSync(this.featureFlagsFile, "utf8") ); } } catch (e) { @@ -108266,7 +108270,7 @@ var GitHubFeatureFlags = class { async writeLocalFlags(flags) { try { this.logger.debug(`Writing feature flags to ${this.featureFlagsFile}`); - fs4.writeFileSync(this.featureFlagsFile, JSON.stringify(flags)); + fs5.writeFileSync(this.featureFlagsFile, JSON.stringify(flags)); } catch (e) { this.logger.warning( `Error writing cached feature flags file ${this.featureFlagsFile}: ${e}.` @@ -108359,7 +108363,7 @@ function getDiffRangesJsonFilePath() { function writeDiffRangesJsonFile(logger, ranges) { const jsonContents = JSON.stringify(ranges, null, 2); const jsonFilePath = getDiffRangesJsonFilePath(); - fs5.writeFileSync(jsonFilePath, jsonContents); + fs6.writeFileSync(jsonFilePath, jsonContents); logger.debug( `Wrote pr-diff-range JSON file to ${jsonFilePath}: ${jsonContents}` @@ -108367,11 +108371,11 @@ ${jsonContents}` } function readDiffRangesJsonFile(logger) { const jsonFilePath = getDiffRangesJsonFilePath(); - if (!fs5.existsSync(jsonFilePath)) { + if (!fs6.existsSync(jsonFilePath)) { logger.debug(`Diff ranges JSON file does not exist at ${jsonFilePath}`); return void 0; } - const jsonContents = fs5.readFileSync(jsonFilePath, "utf8"); + const jsonContents = fs6.readFileSync(jsonFilePath, "utf8"); logger.debug( `Read pr-diff-range JSON file from ${jsonFilePath}: ${jsonContents}` @@ -108650,10 +108654,10 @@ function getPathToParsedConfigFile(tempDir) { } async function getConfig(tempDir, logger) { const configFile = getPathToParsedConfigFile(tempDir); - if (!fs6.existsSync(configFile)) { + if (!fs7.existsSync(configFile)) { return void 0; } - const configString = fs6.readFileSync(configFile, "utf8"); + const configString = fs7.readFileSync(configFile, "utf8"); logger.debug("Loaded config:"); logger.debug(configString); const config = JSON.parse(configString); @@ -108704,7 +108708,7 @@ function getPrimaryAnalysisConfig(config) { } // src/setup-codeql.ts -var fs9 = __toESM(require("fs")); +var fs10 = __toESM(require("fs")); var path9 = __toESM(require("path")); var toolcache3 = __toESM(require_tool_cache()); var import_fast_deep_equal = __toESM(require_fast_deep_equal()); @@ -108766,7 +108770,7 @@ var v4_default = v4; // src/tar.ts var import_child_process = require("child_process"); -var fs7 = __toESM(require("fs")); +var fs8 = __toESM(require("fs")); var stream = __toESM(require("stream")); var import_toolrunner = __toESM(require_toolrunner()); var io4 = __toESM(require_io()); @@ -108839,7 +108843,7 @@ async function isZstdAvailable(logger) { } } async function extract(tarPath, dest, compressionMethod, tarVersion, logger) { - fs7.mkdirSync(dest, { recursive: true }); + fs8.mkdirSync(dest, { recursive: true }); switch (compressionMethod) { case "gzip": return await toolcache.extractTar(tarPath, dest); @@ -108923,7 +108927,7 @@ function inferCompressionMethod(tarPath) { } // src/tools-download.ts -var fs8 = __toESM(require("fs")); +var fs9 = __toESM(require("fs")); var os2 = __toESM(require("os")); var path8 = __toESM(require("path")); var import_perf_hooks = require("perf_hooks"); @@ -109030,7 +109034,7 @@ async function downloadAndExtract(codeqlURL, compressionMethod, dest, authorizat }; } async function downloadAndExtractZstdWithStreaming(codeqlURL, dest, authorization, headers, tarVersion, logger) { - fs8.mkdirSync(dest, { recursive: true }); + fs9.mkdirSync(dest, { recursive: true }); const agent = new import_http_client.HttpClient().getAgent(codeqlURL); headers = Object.assign( { "User-Agent": "CodeQL Action" }, @@ -109067,7 +109071,7 @@ function getToolcacheDirectory(version) { } function writeToolcacheMarkerFile(extractedPath, logger) { const markerFilePath = `${extractedPath}.complete`; - fs8.writeFileSync(markerFilePath, ""); + fs9.writeFileSync(markerFilePath, ""); logger.info(`Created toolcache marker file ${markerFilePath}`); } function sanitizeUrlForStatusReport(url2) { @@ -109202,7 +109206,7 @@ async function findOverridingToolsInCache(humanReadableVersion, logger) { const candidates = toolcache3.findAllVersions("CodeQL").filter(isGoodVersion).map((version) => ({ folder: toolcache3.find("CodeQL", version), version - })).filter(({ folder }) => fs9.existsSync(path9.join(folder, "pinned-version"))); + })).filter(({ folder }) => fs10.existsSync(path9.join(folder, "pinned-version"))); if (candidates.length === 1) { const candidate = candidates[0]; logger.debug( @@ -109649,7 +109653,7 @@ function isReservedToolsValue(tools) { } // src/tracer-config.ts -var fs10 = __toESM(require("fs")); +var fs11 = __toESM(require("fs")); var path10 = __toESM(require("path")); async function shouldEnableIndirectTracing(codeql, config) { if (config.buildMode === "none" /* None */) { @@ -109669,14 +109673,14 @@ async function endTracingForCluster(codeql, config, logger) { config.dbLocation, "temp/tracingEnvironment/end-tracing.json" ); - if (!fs10.existsSync(envVariablesFile)) { + if (!fs11.existsSync(envVariablesFile)) { throw new Error( `Environment file for ending tracing not found: ${envVariablesFile}` ); } try { const endTracingEnvVariables = JSON.parse( - fs10.readFileSync(envVariablesFile, "utf8") + fs11.readFileSync(envVariablesFile, "utf8") ); for (const [key, value] of Object.entries(endTracingEnvVariables)) { if (value !== null) { @@ -109789,7 +109793,7 @@ async function getCodeQLForCmd(cmd, checkVersion) { "tools", "tracing-config.lua" ); - return fs11.existsSync(tracingConfigPath); + return fs12.existsSync(tracingConfigPath); }, async isScannedLanguage(language) { return !await this.isTracedLanguage(language); @@ -110269,7 +110273,7 @@ async function writeCodeScanningConfigFile(config, logger) { logger.startGroup("Augmented user configuration file contents"); logger.info(dump(augmentedConfig)); logger.endGroup(); - fs11.writeFileSync(codeScanningConfigFile, dump(augmentedConfig)); + fs12.writeFileSync(codeScanningConfigFile, dump(augmentedConfig)); return codeScanningConfigFile; } var TRAP_CACHE_SIZE_MB = 1024; @@ -110616,7 +110620,7 @@ function dbIsFinalized(config, language, logger) { const dbPath = getCodeQLDatabasePath(config, language); try { const dbInfo = load( - fs12.readFileSync(path12.resolve(dbPath, "codeql-database.yml"), "utf8") + fs13.readFileSync(path12.resolve(dbPath, "codeql-database.yml"), "utf8") ); return !("inProgress" in dbInfo); } catch { @@ -110683,8 +110687,8 @@ function writeDiffRangeDataExtensionPack(logger, ranges) { ranges = [{ path: "", startLine: 0, endLine: 0 }]; } const diffRangeDir = path12.join(getTemporaryDirectory(), "pr-diff-range"); - fs12.mkdirSync(diffRangeDir, { recursive: true }); - fs12.writeFileSync( + fs13.mkdirSync(diffRangeDir, { recursive: true }); + fs13.writeFileSync( path12.join(diffRangeDir, "qlpack.yml"), ` name: codeql-action/pr-diff-range @@ -110718,7 +110722,7 @@ extensions: } const extensionContents = header + data; const extensionFilePath = path12.join(diffRangeDir, "pr-diff-range.yml"); - fs12.writeFileSync(extensionFilePath, extensionContents); + fs13.writeFileSync(extensionFilePath, extensionContents); logger.debug( `Wrote pr-diff-range extension pack to ${extensionFilePath}: ${extensionContents}` @@ -110871,7 +110875,7 @@ async function runQueries(sarifFolder, memoryFlag, threadsFlag, diffRangePackDir } function getPerQueryAlertCounts(sarifPath) { const sarifObject = JSON.parse( - fs12.readFileSync(sarifPath, "utf8") + fs13.readFileSync(sarifPath, "utf8") ); const perQueryAlertCounts = {}; for (const sarifRun of sarifObject.runs) { @@ -110889,13 +110893,13 @@ async function runQueries(sarifFolder, memoryFlag, threadsFlag, diffRangePackDir } async function runFinalize(features, outputDir, threadsFlag, memoryFlag, codeql, config, logger) { try { - await fs12.promises.rm(outputDir, { force: true, recursive: true }); + await fs13.promises.rm(outputDir, { force: true, recursive: true }); } catch (error3) { if (error3?.code !== "ENOENT") { throw error3; } } - await fs12.promises.mkdir(outputDir, { recursive: true }); + await fs13.promises.mkdir(outputDir, { recursive: true }); const timings = await finalizeDatabaseCreation( codeql, features, @@ -110939,7 +110943,7 @@ async function warnIfGoInstalledAfterInit(config, logger) { } // src/database-upload.ts -var fs13 = __toESM(require("fs")); +var fs14 = __toESM(require("fs")); async function cleanupAndUploadDatabases(repositoryNwo, codeql, config, apiDetails, features, logger) { if (getRequiredInput("upload-database") !== "true") { logger.debug("Database upload disabled in workflow. Skipping upload."); @@ -110982,8 +110986,8 @@ async function cleanupAndUploadDatabases(repositoryNwo, codeql, config, apiDetai const bundledDb = await bundleDb(config, language, codeql, language, { includeDiagnostics: false }); - bundledDbSize = fs13.statSync(bundledDb).size; - const bundledDbReadStream = fs13.createReadStream(bundledDb); + bundledDbSize = fs14.statSync(bundledDb).size; + const bundledDbReadStream = fs14.createReadStream(bundledDb); const commitOid = await getCommitOid( getRequiredInput("checkout_path") ); @@ -111239,7 +111243,7 @@ async function sendUnhandledErrorStatusReport(actionName, actionStartedAt, error } // src/upload-lib.ts -var fs15 = __toESM(require("fs")); +var fs16 = __toESM(require("fs")); var path14 = __toESM(require("path")); var url = __toESM(require("url")); var import_zlib = __toESM(require("zlib")); @@ -111247,7 +111251,7 @@ var core13 = __toESM(require_core()); var jsonschema2 = __toESM(require_lib2()); // src/fingerprints.ts -var fs14 = __toESM(require("fs")); +var fs15 = __toESM(require("fs")); var import_path3 = __toESM(require("path")); // node_modules/long/index.js @@ -112235,7 +112239,7 @@ async function hash(callback, filepath) { } updateHash(current); }; - const readStream = fs14.createReadStream(filepath, "utf8"); + const readStream = fs15.createReadStream(filepath, "utf8"); for await (const data of readStream) { for (let i = 0; i < data.length; ++i) { processCharacter(data.charCodeAt(i)); @@ -112310,11 +112314,11 @@ function resolveUriToFile(location, artifacts, sourceRoot, logger) { if (!import_path3.default.isAbsolute(uri)) { uri = srcRootPrefix + uri; } - if (!fs14.existsSync(uri)) { + if (!fs15.existsSync(uri)) { logger.debug(`Unable to compute fingerprint for non-existent file: ${uri}`); return void 0; } - if (fs14.statSync(uri).isDirectory()) { + if (fs15.statSync(uri).isDirectory()) { logger.debug(`Unable to compute fingerprint for directory: ${uri}`); return void 0; } @@ -112411,9 +112415,7 @@ function combineSarifFiles(sarifFiles, logger) { }; for (const sarifFile of sarifFiles) { logger.debug(`Loading SARIF file: ${sarifFile}`); - const sarifObject = JSON.parse( - fs15.readFileSync(sarifFile, "utf8") - ); + const sarifObject = readSarifFile(sarifFile); if (combinedSarif.version === null) { combinedSarif.version = sarifObject.version; } else if (combinedSarif.version !== sarifObject.version) { @@ -112483,9 +112485,7 @@ async function shouldDisableCombineSarifFiles(sarifObjects, githubVersion) { } async function combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, logger) { logger.info("Combining SARIF files using the CodeQL CLI"); - const sarifObjects = sarifFiles.map((sarifFile) => { - return JSON.parse(fs15.readFileSync(sarifFile, "utf8")); - }); + const sarifObjects = sarifFiles.map(readSarifFile); const deprecationWarningMessage = gitHubVersion.type === "GitHub Enterprise Server" /* GHES */ ? "and will be removed in GitHub Enterprise Server 3.18" : "and will be removed in July 2025"; const deprecationMoreInformationMessage = "For more information, see https://github.blog/changelog/2024-05-06-code-scanning-will-stop-combining-runs-from-a-single-upload"; if (!areAllRunsProducedByCodeQL(sarifObjects)) { @@ -112538,13 +112538,13 @@ async function combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, lo codeQL = initCodeQLResult.codeql; } const baseTempDir = path14.resolve(tempDir, "combined-sarif"); - fs15.mkdirSync(baseTempDir, { recursive: true }); - const outputDirectory = fs15.mkdtempSync(path14.resolve(baseTempDir, "output-")); + fs16.mkdirSync(baseTempDir, { recursive: true }); + const outputDirectory = fs16.mkdtempSync(path14.resolve(baseTempDir, "output-")); const outputFile = path14.resolve(outputDirectory, "combined-sarif.sarif"); await codeQL.mergeResults(sarifFiles, outputFile, { mergeRunsFromEqualCategory: true }); - return JSON.parse(fs15.readFileSync(outputFile, "utf8")); + return readSarifFile(outputFile); } function populateRunAutomationDetails(sarif, category, analysis_key, environment) { const automationID = getAutomationID2(category, analysis_key, environment); @@ -112581,7 +112581,7 @@ async function uploadPayload(payload, repositoryNwo, logger, analysis) { `SARIF upload disabled by an environment variable. Saving to ${payloadSaveFile}` ); logger.info(`Payload: ${JSON.stringify(payload, null, 2)}`); - fs15.writeFileSync(payloadSaveFile, JSON.stringify(payload, null, 2)); + fs16.writeFileSync(payloadSaveFile, JSON.stringify(payload, null, 2)); return "dummy-sarif-id"; } const client = getApiClient(); @@ -112615,7 +112615,7 @@ async function uploadPayload(payload, repositoryNwo, logger, analysis) { function findSarifFilesInDir(sarifPath, isSarif) { const sarifFiles = []; const walkSarifFiles = (dir) => { - const entries = fs15.readdirSync(dir, { withFileTypes: true }); + const entries = fs16.readdirSync(dir, { withFileTypes: true }); for (const entry of entries) { if (entry.isFile() && isSarif(entry.name)) { sarifFiles.push(path14.resolve(dir, entry.name)); @@ -112628,7 +112628,7 @@ function findSarifFilesInDir(sarifPath, isSarif) { return sarifFiles; } async function getGroupedSarifFilePaths(logger, sarifPath) { - const stats = fs15.statSync(sarifPath, { throwIfNoEntry: false }); + const stats = fs16.statSync(sarifPath, { throwIfNoEntry: false }); if (stats === void 0) { throw new ConfigurationError(`Path does not exist: ${sarifPath}`); } @@ -112691,9 +112691,9 @@ function countResultsInSarif(sarif) { } return numResults; } -function readSarifFile(sarifFilePath) { +function readSarifFile2(sarifFilePath) { try { - return JSON.parse(fs15.readFileSync(sarifFilePath, "utf8")); + return readSarifFile(sarifFilePath); } catch (e) { throw new InvalidSarifUploadError( `Invalid SARIF. JSON syntax error: ${getErrorMessage(e)}` @@ -112762,7 +112762,7 @@ function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, wo payloadObj.base_sha = mergeBaseCommitOid; } else if (process.env.GITHUB_EVENT_PATH) { const githubEvent = JSON.parse( - fs15.readFileSync(process.env.GITHUB_EVENT_PATH, "utf8") + fs16.readFileSync(process.env.GITHUB_EVENT_PATH, "utf8") ); payloadObj.base_ref = `refs/heads/${githubEvent.pull_request.base.ref}`; payloadObj.base_sha = githubEvent.pull_request.base.sha; @@ -112777,7 +112777,7 @@ async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths, category = analysis.fixCategory(logger, category); if (sarifPaths.length > 1) { for (const sarifPath of sarifPaths) { - const parsedSarif = readSarifFile(sarifPath); + const parsedSarif = readSarifFile2(sarifPath); validateSarifFileSchema(parsedSarif, sarifPath, logger); } sarif = await combineSarifFilesUsingCLI( @@ -112788,7 +112788,7 @@ async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths, ); } else { const sarifPath = sarifPaths[0]; - sarif = readSarifFile(sarifPath); + sarif = readSarifFile2(sarifPath); validateSarifFileSchema(sarif, sarifPath, logger); await throwIfCombineSarifFilesDisabled([sarif], gitHubVersion); } @@ -112866,9 +112866,9 @@ async function uploadPostProcessedFiles(logger, checkoutPath, uploadTarget, post }; } function dumpSarifFile(sarifPayload, outputDir, logger, uploadTarget) { - if (!fs15.existsSync(outputDir)) { - fs15.mkdirSync(outputDir, { recursive: true }); - } else if (!fs15.lstatSync(outputDir).isDirectory()) { + if (!fs16.existsSync(outputDir)) { + fs16.mkdirSync(outputDir, { recursive: true }); + } else if (!fs16.lstatSync(outputDir).isDirectory()) { throw new ConfigurationError( `The path that processed SARIF files should be written to exists, but is not a directory: ${outputDir}` ); @@ -112878,7 +112878,7 @@ function dumpSarifFile(sarifPayload, outputDir, logger, uploadTarget) { `upload${uploadTarget.sarifExtension}` ); logger.info(`Writing processed SARIF file to ${outputFile}`); - fs15.writeFileSync(outputFile, sarifPayload); + fs16.writeFileSync(outputFile, sarifPayload); } var STATUS_CHECK_FREQUENCY_MILLISECONDS = 5 * 1e3; var STATUS_CHECK_TIMEOUT_MILLISECONDS = 2 * 60 * 1e3; @@ -113111,7 +113111,7 @@ function doesGoExtractionOutputExist(config) { "go" /* go */ ); const trapDirectory = import_path4.default.join(golangDbDirectory, "trap", "go" /* go */); - return fs16.existsSync(trapDirectory) && fs16.readdirSync(trapDirectory).some( + return fs17.existsSync(trapDirectory) && fs17.readdirSync(trapDirectory).some( (fileName) => [ ".trap", ".trap.gz", diff --git a/lib/init-action-post.js b/lib/init-action-post.js index f0bd4ddd02..c6d485ab64 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -204,7 +204,7 @@ var require_file_command = __commonJS({ exports2.issueFileCommand = issueFileCommand; exports2.prepareKeyValueMessage = prepareKeyValueMessage; var crypto2 = __importStar2(require("crypto")); - var fs19 = __importStar2(require("fs")); + var fs20 = __importStar2(require("fs")); var os4 = __importStar2(require("os")); var utils_1 = require_utils(); function issueFileCommand(command, message) { @@ -212,10 +212,10 @@ var require_file_command = __commonJS({ if (!filePath) { throw new Error(`Unable to find environment variable for file command ${command}`); } - if (!fs19.existsSync(filePath)) { + if (!fs20.existsSync(filePath)) { throw new Error(`Missing file at path: ${filePath}`); } - fs19.appendFileSync(filePath, `${(0, utils_1.toCommandValue)(message)}${os4.EOL}`, { + fs20.appendFileSync(filePath, `${(0, utils_1.toCommandValue)(message)}${os4.EOL}`, { encoding: "utf8" }); } @@ -20123,13 +20123,13 @@ var require_io_util = __commonJS({ exports2.isRooted = isRooted; exports2.tryGetExecutablePath = tryGetExecutablePath; exports2.getCmdPath = getCmdPath; - var fs19 = __importStar2(require("fs")); + var fs20 = __importStar2(require("fs")); var path18 = __importStar2(require("path")); - _a = fs19.promises, exports2.chmod = _a.chmod, exports2.copyFile = _a.copyFile, exports2.lstat = _a.lstat, exports2.mkdir = _a.mkdir, exports2.open = _a.open, exports2.readdir = _a.readdir, exports2.rename = _a.rename, exports2.rm = _a.rm, exports2.rmdir = _a.rmdir, exports2.stat = _a.stat, exports2.symlink = _a.symlink, exports2.unlink = _a.unlink; + _a = fs20.promises, exports2.chmod = _a.chmod, exports2.copyFile = _a.copyFile, exports2.lstat = _a.lstat, exports2.mkdir = _a.mkdir, exports2.open = _a.open, exports2.readdir = _a.readdir, exports2.rename = _a.rename, exports2.rm = _a.rm, exports2.rmdir = _a.rmdir, exports2.stat = _a.stat, exports2.symlink = _a.symlink, exports2.unlink = _a.unlink; exports2.IS_WINDOWS = process.platform === "win32"; function readlink(fsPath) { return __awaiter2(this, void 0, void 0, function* () { - const result = yield fs19.promises.readlink(fsPath); + const result = yield fs20.promises.readlink(fsPath); if (exports2.IS_WINDOWS && !result.endsWith("\\")) { return `${result}\\`; } @@ -20137,7 +20137,7 @@ var require_io_util = __commonJS({ }); } exports2.UV_FS_O_EXLOCK = 268435456; - exports2.READONLY = fs19.constants.O_RDONLY; + exports2.READONLY = fs20.constants.O_RDONLY; function exists(fsPath) { return __awaiter2(this, void 0, void 0, function* () { try { @@ -50403,7 +50403,7 @@ var require_internal_globber = __commonJS({ Object.defineProperty(exports2, "__esModule", { value: true }); exports2.DefaultGlobber = void 0; var core17 = __importStar2(require_core()); - var fs19 = __importStar2(require("fs")); + var fs20 = __importStar2(require("fs")); var globOptionsHelper = __importStar2(require_internal_glob_options_helper()); var path18 = __importStar2(require("path")); var patternHelper = __importStar2(require_internal_pattern_helper()); @@ -50457,7 +50457,7 @@ var require_internal_globber = __commonJS({ for (const searchPath of patternHelper.getSearchPaths(patterns)) { core17.debug(`Search path '${searchPath}'`); try { - yield __await2(fs19.promises.lstat(searchPath)); + yield __await2(fs20.promises.lstat(searchPath)); } catch (err) { if (err.code === "ENOENT") { continue; @@ -50491,7 +50491,7 @@ var require_internal_globber = __commonJS({ continue; } const childLevel = item.level + 1; - const childItems = (yield __await2(fs19.promises.readdir(item.path))).map((x) => new internal_search_state_1.SearchState(path18.join(item.path, x), childLevel)); + const childItems = (yield __await2(fs20.promises.readdir(item.path))).map((x) => new internal_search_state_1.SearchState(path18.join(item.path, x), childLevel)); stack.push(...childItems.reverse()); } else if (match & internal_match_kind_1.MatchKind.File) { yield yield __await2(item.path); @@ -50526,7 +50526,7 @@ var require_internal_globber = __commonJS({ let stats; if (options.followSymbolicLinks) { try { - stats = yield fs19.promises.stat(item.path); + stats = yield fs20.promises.stat(item.path); } catch (err) { if (err.code === "ENOENT") { if (options.omitBrokenSymbolicLinks) { @@ -50538,10 +50538,10 @@ var require_internal_globber = __commonJS({ throw err; } } else { - stats = yield fs19.promises.lstat(item.path); + stats = yield fs20.promises.lstat(item.path); } if (stats.isDirectory() && options.followSymbolicLinks) { - const realPath = yield fs19.promises.realpath(item.path); + const realPath = yield fs20.promises.realpath(item.path); while (traversalChain.length >= item.level) { traversalChain.pop(); } @@ -50650,7 +50650,7 @@ var require_internal_hash_files = __commonJS({ exports2.hashFiles = hashFiles2; var crypto2 = __importStar2(require("crypto")); var core17 = __importStar2(require_core()); - var fs19 = __importStar2(require("fs")); + var fs20 = __importStar2(require("fs")); var stream2 = __importStar2(require("stream")); var util = __importStar2(require("util")); var path18 = __importStar2(require("path")); @@ -50673,13 +50673,13 @@ var require_internal_hash_files = __commonJS({ writeDelegate(`Ignore '${file}' since it is not under GITHUB_WORKSPACE.`); continue; } - if (fs19.statSync(file).isDirectory()) { + if (fs20.statSync(file).isDirectory()) { writeDelegate(`Skip directory '${file}'.`); continue; } const hash2 = crypto2.createHash("sha256"); const pipeline = util.promisify(stream2.pipeline); - yield pipeline(fs19.createReadStream(file), hash2); + yield pipeline(fs20.createReadStream(file), hash2); result.write(hash2.digest()); count++; if (!hasMatch) { @@ -52054,7 +52054,7 @@ var require_cacheUtils = __commonJS({ var glob2 = __importStar2(require_glob()); var io7 = __importStar2(require_io()); var crypto2 = __importStar2(require("crypto")); - var fs19 = __importStar2(require("fs")); + var fs20 = __importStar2(require("fs")); var path18 = __importStar2(require("path")); var semver9 = __importStar2(require_semver3()); var util = __importStar2(require("util")); @@ -52083,7 +52083,7 @@ var require_cacheUtils = __commonJS({ }); } function getArchiveFileSizeInBytes(filePath) { - return fs19.statSync(filePath).size; + return fs20.statSync(filePath).size; } function resolvePaths(patterns) { return __awaiter2(this, void 0, void 0, function* () { @@ -52121,7 +52121,7 @@ var require_cacheUtils = __commonJS({ } function unlinkFile(filePath) { return __awaiter2(this, void 0, void 0, function* () { - return util.promisify(fs19.unlink)(filePath); + return util.promisify(fs20.unlink)(filePath); }); } function getVersion(app_1) { @@ -52163,7 +52163,7 @@ var require_cacheUtils = __commonJS({ } function getGnuTarPathOnWindows() { return __awaiter2(this, void 0, void 0, function* () { - if (fs19.existsSync(constants_1.GnuTarPathOnWindows)) { + if (fs20.existsSync(constants_1.GnuTarPathOnWindows)) { return constants_1.GnuTarPathOnWindows; } const versionOutput = yield getVersion("tar"); @@ -92320,7 +92320,7 @@ var require_downloadUtils = __commonJS({ var http_client_1 = require_lib(); var storage_blob_1 = require_commonjs15(); var buffer = __importStar2(require("buffer")); - var fs19 = __importStar2(require("fs")); + var fs20 = __importStar2(require("fs")); var stream2 = __importStar2(require("stream")); var util = __importStar2(require("util")); var utils = __importStar2(require_cacheUtils()); @@ -92431,7 +92431,7 @@ var require_downloadUtils = __commonJS({ exports2.DownloadProgress = DownloadProgress; function downloadCacheHttpClient(archiveLocation, archivePath) { return __awaiter2(this, void 0, void 0, function* () { - const writeStream = fs19.createWriteStream(archivePath); + const writeStream = fs20.createWriteStream(archivePath); const httpClient = new http_client_1.HttpClient("actions/cache"); const downloadResponse = yield (0, requestUtils_1.retryHttpClientResponse)("downloadCache", () => __awaiter2(this, void 0, void 0, function* () { return httpClient.get(archiveLocation); @@ -92456,7 +92456,7 @@ var require_downloadUtils = __commonJS({ function downloadCacheHttpClientConcurrent(archiveLocation, archivePath, options) { return __awaiter2(this, void 0, void 0, function* () { var _a; - const archiveDescriptor = yield fs19.promises.open(archivePath, "w"); + const archiveDescriptor = yield fs20.promises.open(archivePath, "w"); const httpClient = new http_client_1.HttpClient("actions/cache", void 0, { socketTimeout: options.timeoutInMs, keepAlive: true @@ -92572,7 +92572,7 @@ var require_downloadUtils = __commonJS({ } else { const maxSegmentSize = Math.min(134217728, buffer.constants.MAX_LENGTH); const downloadProgress = new DownloadProgress(contentLength); - const fd = fs19.openSync(archivePath, "w"); + const fd = fs20.openSync(archivePath, "w"); try { downloadProgress.startDisplayTimer(); const controller = new abort_controller_1.AbortController(); @@ -92590,12 +92590,12 @@ var require_downloadUtils = __commonJS({ controller.abort(); throw new Error("Aborting cache download as the download time exceeded the timeout."); } else if (Buffer.isBuffer(result)) { - fs19.writeFileSync(fd, result); + fs20.writeFileSync(fd, result); } } } finally { downloadProgress.stopDisplayTimer(); - fs19.closeSync(fd); + fs20.closeSync(fd); } } }); @@ -92917,7 +92917,7 @@ var require_cacheHttpClient = __commonJS({ var core17 = __importStar2(require_core()); var http_client_1 = require_lib(); var auth_1 = require_auth(); - var fs19 = __importStar2(require("fs")); + var fs20 = __importStar2(require("fs")); var url_1 = require("url"); var utils = __importStar2(require_cacheUtils()); var uploadUtils_1 = require_uploadUtils(); @@ -93052,7 +93052,7 @@ Other caches with similar key:`); return __awaiter2(this, void 0, void 0, function* () { const fileSize = utils.getArchiveFileSizeInBytes(archivePath); const resourceUrl = getCacheApiUrl(`caches/${cacheId.toString()}`); - const fd = fs19.openSync(archivePath, "r"); + const fd = fs20.openSync(archivePath, "r"); const uploadOptions = (0, options_1.getUploadOptions)(options); const concurrency = utils.assertDefined("uploadConcurrency", uploadOptions.uploadConcurrency); const maxChunkSize = utils.assertDefined("uploadChunkSize", uploadOptions.uploadChunkSize); @@ -93066,7 +93066,7 @@ Other caches with similar key:`); const start = offset; const end = offset + chunkSize - 1; offset += maxChunkSize; - yield uploadChunk(httpClient, resourceUrl, () => fs19.createReadStream(archivePath, { + yield uploadChunk(httpClient, resourceUrl, () => fs20.createReadStream(archivePath, { fd, start, end, @@ -93077,7 +93077,7 @@ Other caches with similar key:`); } }))); } finally { - fs19.closeSync(fd); + fs20.closeSync(fd); } return; }); @@ -99033,7 +99033,7 @@ var require_manifest = __commonJS({ var core_1 = require_core(); var os4 = require("os"); var cp = require("child_process"); - var fs19 = require("fs"); + var fs20 = require("fs"); function _findMatch(versionSpec, stable, candidates, archFilter) { return __awaiter2(this, void 0, void 0, function* () { const platFilter = os4.platform(); @@ -99095,10 +99095,10 @@ var require_manifest = __commonJS({ const lsbReleaseFile = "/etc/lsb-release"; const osReleaseFile = "/etc/os-release"; let contents = ""; - if (fs19.existsSync(lsbReleaseFile)) { - contents = fs19.readFileSync(lsbReleaseFile).toString(); - } else if (fs19.existsSync(osReleaseFile)) { - contents = fs19.readFileSync(osReleaseFile).toString(); + if (fs20.existsSync(lsbReleaseFile)) { + contents = fs20.readFileSync(lsbReleaseFile).toString(); + } else if (fs20.existsSync(osReleaseFile)) { + contents = fs20.readFileSync(osReleaseFile).toString(); } return contents; } @@ -99307,7 +99307,7 @@ var require_tool_cache = __commonJS({ var core17 = __importStar2(require_core()); var io7 = __importStar2(require_io()); var crypto2 = __importStar2(require("crypto")); - var fs19 = __importStar2(require("fs")); + var fs20 = __importStar2(require("fs")); var mm = __importStar2(require_manifest()); var os4 = __importStar2(require("os")); var path18 = __importStar2(require("path")); @@ -99353,7 +99353,7 @@ var require_tool_cache = __commonJS({ } function downloadToolAttempt(url2, dest, auth2, headers) { return __awaiter2(this, void 0, void 0, function* () { - if (fs19.existsSync(dest)) { + if (fs20.existsSync(dest)) { throw new Error(`Destination file path ${dest} already exists`); } const http = new httpm.HttpClient(userAgent2, [], { @@ -99377,7 +99377,7 @@ var require_tool_cache = __commonJS({ const readStream = responseMessageFactory(); let succeeded = false; try { - yield pipeline(readStream, fs19.createWriteStream(dest)); + yield pipeline(readStream, fs20.createWriteStream(dest)); core17.debug("download complete"); succeeded = true; return dest; @@ -99589,11 +99589,11 @@ var require_tool_cache = __commonJS({ arch2 = arch2 || os4.arch(); core17.debug(`Caching tool ${tool} ${version} ${arch2}`); core17.debug(`source dir: ${sourceDir}`); - if (!fs19.statSync(sourceDir).isDirectory()) { + if (!fs20.statSync(sourceDir).isDirectory()) { throw new Error("sourceDir is not a directory"); } const destPath = yield _createToolPath(tool, version, arch2); - for (const itemName of fs19.readdirSync(sourceDir)) { + for (const itemName of fs20.readdirSync(sourceDir)) { const s = path18.join(sourceDir, itemName); yield io7.cp(s, destPath, { recursive: true }); } @@ -99607,7 +99607,7 @@ var require_tool_cache = __commonJS({ arch2 = arch2 || os4.arch(); core17.debug(`Caching tool ${tool} ${version} ${arch2}`); core17.debug(`source file: ${sourceFile}`); - if (!fs19.statSync(sourceFile).isFile()) { + if (!fs20.statSync(sourceFile).isFile()) { throw new Error("sourceFile is not a file"); } const destFolder = yield _createToolPath(tool, version, arch2); @@ -99636,7 +99636,7 @@ var require_tool_cache = __commonJS({ versionSpec = semver9.clean(versionSpec) || ""; const cachePath = path18.join(_getCacheDirectory(), toolName, versionSpec, arch2); core17.debug(`checking cache: ${cachePath}`); - if (fs19.existsSync(cachePath) && fs19.existsSync(`${cachePath}.complete`)) { + if (fs20.existsSync(cachePath) && fs20.existsSync(`${cachePath}.complete`)) { core17.debug(`Found tool in cache ${toolName} ${versionSpec} ${arch2}`); toolPath = cachePath; } else { @@ -99649,12 +99649,12 @@ var require_tool_cache = __commonJS({ const versions = []; arch2 = arch2 || os4.arch(); const toolPath = path18.join(_getCacheDirectory(), toolName); - if (fs19.existsSync(toolPath)) { - const children = fs19.readdirSync(toolPath); + if (fs20.existsSync(toolPath)) { + const children = fs20.readdirSync(toolPath); for (const child of children) { if (isExplicitVersion(child)) { const fullPath = path18.join(toolPath, child, arch2 || ""); - if (fs19.existsSync(fullPath) && fs19.existsSync(`${fullPath}.complete`)) { + if (fs20.existsSync(fullPath) && fs20.existsSync(`${fullPath}.complete`)) { versions.push(child); } } @@ -99725,7 +99725,7 @@ var require_tool_cache = __commonJS({ function _completeToolPath(tool, version, arch2) { const folderPath = path18.join(_getCacheDirectory(), tool, semver9.clean(version) || version, arch2 || ""); const markerPath = `${folderPath}.complete`; - fs19.writeFileSync(markerPath, ""); + fs20.writeFileSync(markerPath, ""); core17.debug("finished caching tool"); } function isExplicitVersion(versionSpec) { @@ -103056,15 +103056,15 @@ var require_upload_zip_specification = __commonJS({ }; Object.defineProperty(exports2, "__esModule", { value: true }); exports2.getUploadZipSpecification = exports2.validateRootDirectory = void 0; - var fs19 = __importStar2(require("fs")); + var fs20 = __importStar2(require("fs")); var core_1 = require_core(); var path_1 = require("path"); var path_and_artifact_name_validation_1 = require_path_and_artifact_name_validation(); function validateRootDirectory(rootDirectory) { - if (!fs19.existsSync(rootDirectory)) { + if (!fs20.existsSync(rootDirectory)) { throw new Error(`The provided rootDirectory ${rootDirectory} does not exist`); } - if (!fs19.statSync(rootDirectory).isDirectory()) { + if (!fs20.statSync(rootDirectory).isDirectory()) { throw new Error(`The provided rootDirectory ${rootDirectory} is not a valid directory`); } (0, core_1.info)(`Root directory input is valid!`); @@ -103075,7 +103075,7 @@ var require_upload_zip_specification = __commonJS({ rootDirectory = (0, path_1.normalize)(rootDirectory); rootDirectory = (0, path_1.resolve)(rootDirectory); for (let file of filesToZip) { - const stats = fs19.lstatSync(file, { throwIfNoEntry: false }); + const stats = fs20.lstatSync(file, { throwIfNoEntry: false }); if (!stats) { throw new Error(`File ${file} does not exist`); } @@ -104058,13 +104058,13 @@ var require_minimatch2 = __commonJS({ var require_readdir_glob = __commonJS({ "node_modules/readdir-glob/index.js"(exports2, module2) { module2.exports = readdirGlob; - var fs19 = require("fs"); + var fs20 = require("fs"); var { EventEmitter } = require("events"); var { Minimatch } = require_minimatch2(); var { resolve: resolve8 } = require("path"); function readdir(dir, strict) { return new Promise((resolve9, reject) => { - fs19.readdir(dir, { withFileTypes: true }, (err, files) => { + fs20.readdir(dir, { withFileTypes: true }, (err, files) => { if (err) { switch (err.code) { case "ENOTDIR": @@ -104097,7 +104097,7 @@ var require_readdir_glob = __commonJS({ } function stat(file, followSymlinks) { return new Promise((resolve9, reject) => { - const statFunc = followSymlinks ? fs19.stat : fs19.lstat; + const statFunc = followSymlinks ? fs20.stat : fs20.lstat; statFunc(file, (err, stats) => { if (err) { switch (err.code) { @@ -106162,54 +106162,54 @@ var require_polyfills = __commonJS({ } var chdir; module2.exports = patch; - function patch(fs19) { + function patch(fs20) { if (constants.hasOwnProperty("O_SYMLINK") && process.version.match(/^v0\.6\.[0-2]|^v0\.5\./)) { - patchLchmod(fs19); - } - if (!fs19.lutimes) { - patchLutimes(fs19); - } - fs19.chown = chownFix(fs19.chown); - fs19.fchown = chownFix(fs19.fchown); - fs19.lchown = chownFix(fs19.lchown); - fs19.chmod = chmodFix(fs19.chmod); - fs19.fchmod = chmodFix(fs19.fchmod); - fs19.lchmod = chmodFix(fs19.lchmod); - fs19.chownSync = chownFixSync(fs19.chownSync); - fs19.fchownSync = chownFixSync(fs19.fchownSync); - fs19.lchownSync = chownFixSync(fs19.lchownSync); - fs19.chmodSync = chmodFixSync(fs19.chmodSync); - fs19.fchmodSync = chmodFixSync(fs19.fchmodSync); - fs19.lchmodSync = chmodFixSync(fs19.lchmodSync); - fs19.stat = statFix(fs19.stat); - fs19.fstat = statFix(fs19.fstat); - fs19.lstat = statFix(fs19.lstat); - fs19.statSync = statFixSync(fs19.statSync); - fs19.fstatSync = statFixSync(fs19.fstatSync); - fs19.lstatSync = statFixSync(fs19.lstatSync); - if (fs19.chmod && !fs19.lchmod) { - fs19.lchmod = function(path18, mode, cb) { + patchLchmod(fs20); + } + if (!fs20.lutimes) { + patchLutimes(fs20); + } + fs20.chown = chownFix(fs20.chown); + fs20.fchown = chownFix(fs20.fchown); + fs20.lchown = chownFix(fs20.lchown); + fs20.chmod = chmodFix(fs20.chmod); + fs20.fchmod = chmodFix(fs20.fchmod); + fs20.lchmod = chmodFix(fs20.lchmod); + fs20.chownSync = chownFixSync(fs20.chownSync); + fs20.fchownSync = chownFixSync(fs20.fchownSync); + fs20.lchownSync = chownFixSync(fs20.lchownSync); + fs20.chmodSync = chmodFixSync(fs20.chmodSync); + fs20.fchmodSync = chmodFixSync(fs20.fchmodSync); + fs20.lchmodSync = chmodFixSync(fs20.lchmodSync); + fs20.stat = statFix(fs20.stat); + fs20.fstat = statFix(fs20.fstat); + fs20.lstat = statFix(fs20.lstat); + fs20.statSync = statFixSync(fs20.statSync); + fs20.fstatSync = statFixSync(fs20.fstatSync); + fs20.lstatSync = statFixSync(fs20.lstatSync); + if (fs20.chmod && !fs20.lchmod) { + fs20.lchmod = function(path18, mode, cb) { if (cb) process.nextTick(cb); }; - fs19.lchmodSync = function() { + fs20.lchmodSync = function() { }; } - if (fs19.chown && !fs19.lchown) { - fs19.lchown = function(path18, uid, gid, cb) { + if (fs20.chown && !fs20.lchown) { + fs20.lchown = function(path18, uid, gid, cb) { if (cb) process.nextTick(cb); }; - fs19.lchownSync = function() { + fs20.lchownSync = function() { }; } if (platform === "win32") { - fs19.rename = typeof fs19.rename !== "function" ? fs19.rename : (function(fs$rename) { + fs20.rename = typeof fs20.rename !== "function" ? fs20.rename : (function(fs$rename) { function rename(from, to, cb) { var start = Date.now(); var backoff = 0; fs$rename(from, to, function CB(er) { if (er && (er.code === "EACCES" || er.code === "EPERM") && Date.now() - start < 6e4) { setTimeout(function() { - fs19.stat(to, function(stater, st) { + fs20.stat(to, function(stater, st) { if (stater && stater.code === "ENOENT") fs$rename(from, to, CB); else @@ -106225,9 +106225,9 @@ var require_polyfills = __commonJS({ } if (Object.setPrototypeOf) Object.setPrototypeOf(rename, fs$rename); return rename; - })(fs19.rename); + })(fs20.rename); } - fs19.read = typeof fs19.read !== "function" ? fs19.read : (function(fs$read) { + fs20.read = typeof fs20.read !== "function" ? fs20.read : (function(fs$read) { function read(fd, buffer, offset, length, position, callback_) { var callback; if (callback_ && typeof callback_ === "function") { @@ -106235,22 +106235,22 @@ var require_polyfills = __commonJS({ callback = function(er, _2, __) { if (er && er.code === "EAGAIN" && eagCounter < 10) { eagCounter++; - return fs$read.call(fs19, fd, buffer, offset, length, position, callback); + return fs$read.call(fs20, fd, buffer, offset, length, position, callback); } callback_.apply(this, arguments); }; } - return fs$read.call(fs19, fd, buffer, offset, length, position, callback); + return fs$read.call(fs20, fd, buffer, offset, length, position, callback); } if (Object.setPrototypeOf) Object.setPrototypeOf(read, fs$read); return read; - })(fs19.read); - fs19.readSync = typeof fs19.readSync !== "function" ? fs19.readSync : /* @__PURE__ */ (function(fs$readSync) { + })(fs20.read); + fs20.readSync = typeof fs20.readSync !== "function" ? fs20.readSync : /* @__PURE__ */ (function(fs$readSync) { return function(fd, buffer, offset, length, position) { var eagCounter = 0; while (true) { try { - return fs$readSync.call(fs19, fd, buffer, offset, length, position); + return fs$readSync.call(fs20, fd, buffer, offset, length, position); } catch (er) { if (er.code === "EAGAIN" && eagCounter < 10) { eagCounter++; @@ -106260,10 +106260,10 @@ var require_polyfills = __commonJS({ } } }; - })(fs19.readSync); - function patchLchmod(fs20) { - fs20.lchmod = function(path18, mode, callback) { - fs20.open( + })(fs20.readSync); + function patchLchmod(fs21) { + fs21.lchmod = function(path18, mode, callback) { + fs21.open( path18, constants.O_WRONLY | constants.O_SYMLINK, mode, @@ -106272,80 +106272,80 @@ var require_polyfills = __commonJS({ if (callback) callback(err); return; } - fs20.fchmod(fd, mode, function(err2) { - fs20.close(fd, function(err22) { + fs21.fchmod(fd, mode, function(err2) { + fs21.close(fd, function(err22) { if (callback) callback(err2 || err22); }); }); } ); }; - fs20.lchmodSync = function(path18, mode) { - var fd = fs20.openSync(path18, constants.O_WRONLY | constants.O_SYMLINK, mode); + fs21.lchmodSync = function(path18, mode) { + var fd = fs21.openSync(path18, constants.O_WRONLY | constants.O_SYMLINK, mode); var threw = true; var ret; try { - ret = fs20.fchmodSync(fd, mode); + ret = fs21.fchmodSync(fd, mode); threw = false; } finally { if (threw) { try { - fs20.closeSync(fd); + fs21.closeSync(fd); } catch (er) { } } else { - fs20.closeSync(fd); + fs21.closeSync(fd); } } return ret; }; } - function patchLutimes(fs20) { - if (constants.hasOwnProperty("O_SYMLINK") && fs20.futimes) { - fs20.lutimes = function(path18, at, mt, cb) { - fs20.open(path18, constants.O_SYMLINK, function(er, fd) { + function patchLutimes(fs21) { + if (constants.hasOwnProperty("O_SYMLINK") && fs21.futimes) { + fs21.lutimes = function(path18, at, mt, cb) { + fs21.open(path18, constants.O_SYMLINK, function(er, fd) { if (er) { if (cb) cb(er); return; } - fs20.futimes(fd, at, mt, function(er2) { - fs20.close(fd, function(er22) { + fs21.futimes(fd, at, mt, function(er2) { + fs21.close(fd, function(er22) { if (cb) cb(er2 || er22); }); }); }); }; - fs20.lutimesSync = function(path18, at, mt) { - var fd = fs20.openSync(path18, constants.O_SYMLINK); + fs21.lutimesSync = function(path18, at, mt) { + var fd = fs21.openSync(path18, constants.O_SYMLINK); var ret; var threw = true; try { - ret = fs20.futimesSync(fd, at, mt); + ret = fs21.futimesSync(fd, at, mt); threw = false; } finally { if (threw) { try { - fs20.closeSync(fd); + fs21.closeSync(fd); } catch (er) { } } else { - fs20.closeSync(fd); + fs21.closeSync(fd); } } return ret; }; - } else if (fs20.futimes) { - fs20.lutimes = function(_a, _b, _c, cb) { + } else if (fs21.futimes) { + fs21.lutimes = function(_a, _b, _c, cb) { if (cb) process.nextTick(cb); }; - fs20.lutimesSync = function() { + fs21.lutimesSync = function() { }; } } function chmodFix(orig) { if (!orig) return orig; return function(target, mode, cb) { - return orig.call(fs19, target, mode, function(er) { + return orig.call(fs20, target, mode, function(er) { if (chownErOk(er)) er = null; if (cb) cb.apply(this, arguments); }); @@ -106355,7 +106355,7 @@ var require_polyfills = __commonJS({ if (!orig) return orig; return function(target, mode) { try { - return orig.call(fs19, target, mode); + return orig.call(fs20, target, mode); } catch (er) { if (!chownErOk(er)) throw er; } @@ -106364,7 +106364,7 @@ var require_polyfills = __commonJS({ function chownFix(orig) { if (!orig) return orig; return function(target, uid, gid, cb) { - return orig.call(fs19, target, uid, gid, function(er) { + return orig.call(fs20, target, uid, gid, function(er) { if (chownErOk(er)) er = null; if (cb) cb.apply(this, arguments); }); @@ -106374,7 +106374,7 @@ var require_polyfills = __commonJS({ if (!orig) return orig; return function(target, uid, gid) { try { - return orig.call(fs19, target, uid, gid); + return orig.call(fs20, target, uid, gid); } catch (er) { if (!chownErOk(er)) throw er; } @@ -106394,13 +106394,13 @@ var require_polyfills = __commonJS({ } if (cb) cb.apply(this, arguments); } - return options ? orig.call(fs19, target, options, callback) : orig.call(fs19, target, callback); + return options ? orig.call(fs20, target, options, callback) : orig.call(fs20, target, callback); }; } function statFixSync(orig) { if (!orig) return orig; return function(target, options) { - var stats = options ? orig.call(fs19, target, options) : orig.call(fs19, target); + var stats = options ? orig.call(fs20, target, options) : orig.call(fs20, target); if (stats) { if (stats.uid < 0) stats.uid += 4294967296; if (stats.gid < 0) stats.gid += 4294967296; @@ -106429,7 +106429,7 @@ var require_legacy_streams = __commonJS({ "node_modules/graceful-fs/legacy-streams.js"(exports2, module2) { var Stream = require("stream").Stream; module2.exports = legacy; - function legacy(fs19) { + function legacy(fs20) { return { ReadStream, WriteStream @@ -106472,7 +106472,7 @@ var require_legacy_streams = __commonJS({ }); return; } - fs19.open(this.path, this.flags, this.mode, function(err, fd) { + fs20.open(this.path, this.flags, this.mode, function(err, fd) { if (err) { self2.emit("error", err); self2.readable = false; @@ -106511,7 +106511,7 @@ var require_legacy_streams = __commonJS({ this.busy = false; this._queue = []; if (this.fd === null) { - this._open = fs19.open; + this._open = fs20.open; this._queue.push([this._open, this.path, this.flags, this.mode, void 0]); this.flush(); } @@ -106546,7 +106546,7 @@ var require_clone = __commonJS({ // node_modules/graceful-fs/graceful-fs.js var require_graceful_fs = __commonJS({ "node_modules/graceful-fs/graceful-fs.js"(exports2, module2) { - var fs19 = require("fs"); + var fs20 = require("fs"); var polyfills = require_polyfills(); var legacy = require_legacy_streams(); var clone = require_clone(); @@ -106578,12 +106578,12 @@ var require_graceful_fs = __commonJS({ m = "GFS4: " + m.split(/\n/).join("\nGFS4: "); console.error(m); }; - if (!fs19[gracefulQueue]) { + if (!fs20[gracefulQueue]) { queue = global[gracefulQueue] || []; - publishQueue(fs19, queue); - fs19.close = (function(fs$close) { + publishQueue(fs20, queue); + fs20.close = (function(fs$close) { function close(fd, cb) { - return fs$close.call(fs19, fd, function(err) { + return fs$close.call(fs20, fd, function(err) { if (!err) { resetQueue(); } @@ -106595,40 +106595,40 @@ var require_graceful_fs = __commonJS({ value: fs$close }); return close; - })(fs19.close); - fs19.closeSync = (function(fs$closeSync) { + })(fs20.close); + fs20.closeSync = (function(fs$closeSync) { function closeSync(fd) { - fs$closeSync.apply(fs19, arguments); + fs$closeSync.apply(fs20, arguments); resetQueue(); } Object.defineProperty(closeSync, previousSymbol, { value: fs$closeSync }); return closeSync; - })(fs19.closeSync); + })(fs20.closeSync); if (/\bgfs4\b/i.test(process.env.NODE_DEBUG || "")) { process.on("exit", function() { - debug5(fs19[gracefulQueue]); - require("assert").equal(fs19[gracefulQueue].length, 0); + debug5(fs20[gracefulQueue]); + require("assert").equal(fs20[gracefulQueue].length, 0); }); } } var queue; if (!global[gracefulQueue]) { - publishQueue(global, fs19[gracefulQueue]); - } - module2.exports = patch(clone(fs19)); - if (process.env.TEST_GRACEFUL_FS_GLOBAL_PATCH && !fs19.__patched) { - module2.exports = patch(fs19); - fs19.__patched = true; - } - function patch(fs20) { - polyfills(fs20); - fs20.gracefulify = patch; - fs20.createReadStream = createReadStream2; - fs20.createWriteStream = createWriteStream3; - var fs$readFile = fs20.readFile; - fs20.readFile = readFile; + publishQueue(global, fs20[gracefulQueue]); + } + module2.exports = patch(clone(fs20)); + if (process.env.TEST_GRACEFUL_FS_GLOBAL_PATCH && !fs20.__patched) { + module2.exports = patch(fs20); + fs20.__patched = true; + } + function patch(fs21) { + polyfills(fs21); + fs21.gracefulify = patch; + fs21.createReadStream = createReadStream2; + fs21.createWriteStream = createWriteStream3; + var fs$readFile = fs21.readFile; + fs21.readFile = readFile; function readFile(path18, options, cb) { if (typeof options === "function") cb = options, options = null; @@ -106644,8 +106644,8 @@ var require_graceful_fs = __commonJS({ }); } } - var fs$writeFile = fs20.writeFile; - fs20.writeFile = writeFile; + var fs$writeFile = fs21.writeFile; + fs21.writeFile = writeFile; function writeFile(path18, data, options, cb) { if (typeof options === "function") cb = options, options = null; @@ -106661,9 +106661,9 @@ var require_graceful_fs = __commonJS({ }); } } - var fs$appendFile = fs20.appendFile; + var fs$appendFile = fs21.appendFile; if (fs$appendFile) - fs20.appendFile = appendFile; + fs21.appendFile = appendFile; function appendFile(path18, data, options, cb) { if (typeof options === "function") cb = options, options = null; @@ -106679,9 +106679,9 @@ var require_graceful_fs = __commonJS({ }); } } - var fs$copyFile = fs20.copyFile; + var fs$copyFile = fs21.copyFile; if (fs$copyFile) - fs20.copyFile = copyFile2; + fs21.copyFile = copyFile2; function copyFile2(src, dest, flags, cb) { if (typeof flags === "function") { cb = flags; @@ -106699,8 +106699,8 @@ var require_graceful_fs = __commonJS({ }); } } - var fs$readdir = fs20.readdir; - fs20.readdir = readdir; + var fs$readdir = fs21.readdir; + fs21.readdir = readdir; var noReaddirOptionVersions = /^v[0-5]\./; function readdir(path18, options, cb) { if (typeof options === "function") @@ -106741,21 +106741,21 @@ var require_graceful_fs = __commonJS({ } } if (process.version.substr(0, 4) === "v0.8") { - var legStreams = legacy(fs20); + var legStreams = legacy(fs21); ReadStream = legStreams.ReadStream; WriteStream = legStreams.WriteStream; } - var fs$ReadStream = fs20.ReadStream; + var fs$ReadStream = fs21.ReadStream; if (fs$ReadStream) { ReadStream.prototype = Object.create(fs$ReadStream.prototype); ReadStream.prototype.open = ReadStream$open; } - var fs$WriteStream = fs20.WriteStream; + var fs$WriteStream = fs21.WriteStream; if (fs$WriteStream) { WriteStream.prototype = Object.create(fs$WriteStream.prototype); WriteStream.prototype.open = WriteStream$open; } - Object.defineProperty(fs20, "ReadStream", { + Object.defineProperty(fs21, "ReadStream", { get: function() { return ReadStream; }, @@ -106765,7 +106765,7 @@ var require_graceful_fs = __commonJS({ enumerable: true, configurable: true }); - Object.defineProperty(fs20, "WriteStream", { + Object.defineProperty(fs21, "WriteStream", { get: function() { return WriteStream; }, @@ -106776,7 +106776,7 @@ var require_graceful_fs = __commonJS({ configurable: true }); var FileReadStream = ReadStream; - Object.defineProperty(fs20, "FileReadStream", { + Object.defineProperty(fs21, "FileReadStream", { get: function() { return FileReadStream; }, @@ -106787,7 +106787,7 @@ var require_graceful_fs = __commonJS({ configurable: true }); var FileWriteStream = WriteStream; - Object.defineProperty(fs20, "FileWriteStream", { + Object.defineProperty(fs21, "FileWriteStream", { get: function() { return FileWriteStream; }, @@ -106836,13 +106836,13 @@ var require_graceful_fs = __commonJS({ }); } function createReadStream2(path18, options) { - return new fs20.ReadStream(path18, options); + return new fs21.ReadStream(path18, options); } function createWriteStream3(path18, options) { - return new fs20.WriteStream(path18, options); + return new fs21.WriteStream(path18, options); } - var fs$open = fs20.open; - fs20.open = open; + var fs$open = fs21.open; + fs21.open = open; function open(path18, flags, mode, cb) { if (typeof mode === "function") cb = mode, mode = null; @@ -106858,20 +106858,20 @@ var require_graceful_fs = __commonJS({ }); } } - return fs20; + return fs21; } function enqueue(elem) { debug5("ENQUEUE", elem[0].name, elem[1]); - fs19[gracefulQueue].push(elem); + fs20[gracefulQueue].push(elem); retry2(); } var retryTimer; function resetQueue() { var now = Date.now(); - for (var i = 0; i < fs19[gracefulQueue].length; ++i) { - if (fs19[gracefulQueue][i].length > 2) { - fs19[gracefulQueue][i][3] = now; - fs19[gracefulQueue][i][4] = now; + for (var i = 0; i < fs20[gracefulQueue].length; ++i) { + if (fs20[gracefulQueue][i].length > 2) { + fs20[gracefulQueue][i][3] = now; + fs20[gracefulQueue][i][4] = now; } } retry2(); @@ -106879,9 +106879,9 @@ var require_graceful_fs = __commonJS({ function retry2() { clearTimeout(retryTimer); retryTimer = void 0; - if (fs19[gracefulQueue].length === 0) + if (fs20[gracefulQueue].length === 0) return; - var elem = fs19[gracefulQueue].shift(); + var elem = fs20[gracefulQueue].shift(); var fn = elem[0]; var args = elem[1]; var err = elem[2]; @@ -106903,7 +106903,7 @@ var require_graceful_fs = __commonJS({ debug5("RETRY", fn.name, args); fn.apply(null, args.concat([startTime])); } else { - fs19[gracefulQueue].push(elem); + fs20[gracefulQueue].push(elem); } } if (retryTimer === void 0) { @@ -121976,8 +121976,8 @@ var require_commonjs23 = __commonJS({ * * @internal */ - constructor(cwd = process.cwd(), pathImpl, sep5, { nocase, childrenCacheSize = 16 * 1024, fs: fs19 = defaultFS } = {}) { - this.#fs = fsFromOption(fs19); + constructor(cwd = process.cwd(), pathImpl, sep5, { nocase, childrenCacheSize = 16 * 1024, fs: fs20 = defaultFS } = {}) { + this.#fs = fsFromOption(fs20); if (cwd instanceof URL || cwd.startsWith("file://")) { cwd = (0, node_url_1.fileURLToPath)(cwd); } @@ -122536,8 +122536,8 @@ var require_commonjs23 = __commonJS({ /** * @internal */ - newRoot(fs19) { - return new PathWin32(this.rootPath, IFDIR, void 0, this.roots, this.nocase, this.childrenCache(), { fs: fs19 }); + newRoot(fs20) { + return new PathWin32(this.rootPath, IFDIR, void 0, this.roots, this.nocase, this.childrenCache(), { fs: fs20 }); } /** * Return true if the provided path string is an absolute path @@ -122566,8 +122566,8 @@ var require_commonjs23 = __commonJS({ /** * @internal */ - newRoot(fs19) { - return new PathPosix(this.rootPath, IFDIR, void 0, this.roots, this.nocase, this.childrenCache(), { fs: fs19 }); + newRoot(fs20) { + return new PathPosix(this.rootPath, IFDIR, void 0, this.roots, this.nocase, this.childrenCache(), { fs: fs20 }); } /** * Return true if the provided path string is an absolute path @@ -123752,7 +123752,7 @@ var require_commonjs24 = __commonJS({ // node_modules/archiver-utils/file.js var require_file4 = __commonJS({ "node_modules/archiver-utils/file.js"(exports2, module2) { - var fs19 = require_graceful_fs(); + var fs20 = require_graceful_fs(); var path18 = require("path"); var flatten = require_flatten(); var difference = require_difference(); @@ -123779,7 +123779,7 @@ var require_file4 = __commonJS({ }; file.exists = function() { var filepath = path18.join.apply(path18, arguments); - return fs19.existsSync(filepath); + return fs20.existsSync(filepath); }; file.expand = function(...args) { var options = isPlainObject3(args[0]) ? args.shift() : {}; @@ -123797,7 +123797,7 @@ var require_file4 = __commonJS({ if (typeof options.filter === "function") { return options.filter(filepath); } else { - return fs19.statSync(filepath)[options.filter](); + return fs20.statSync(filepath)[options.filter](); } } catch (e) { return false; @@ -123905,7 +123905,7 @@ var require_file4 = __commonJS({ // node_modules/archiver-utils/index.js var require_archiver_utils = __commonJS({ "node_modules/archiver-utils/index.js"(exports2, module2) { - var fs19 = require_graceful_fs(); + var fs20 = require_graceful_fs(); var path18 = require("path"); var isStream = require_is_stream(); var lazystream = require_lazystream(); @@ -123954,7 +123954,7 @@ var require_archiver_utils = __commonJS({ }; utils.lazyReadStream = function(filepath) { return new lazystream.Readable(function() { - return fs19.createReadStream(filepath); + return fs20.createReadStream(filepath); }); }; utils.normalizeInputSource = function(source) { @@ -123982,7 +123982,7 @@ var require_archiver_utils = __commonJS({ callback = base; base = dirpath; } - fs19.readdir(dirpath, function(err, list) { + fs20.readdir(dirpath, function(err, list) { var i = 0; var file; var filepath; @@ -123995,7 +123995,7 @@ var require_archiver_utils = __commonJS({ return callback(null, results); } filepath = path18.join(dirpath, file); - fs19.stat(filepath, function(err2, stats) { + fs20.stat(filepath, function(err2, stats) { results.push({ path: filepath, relative: path18.relative(base, filepath).replace(/\\/g, "/"), @@ -124057,7 +124057,7 @@ var require_error3 = __commonJS({ // node_modules/archiver/lib/core.js var require_core2 = __commonJS({ "node_modules/archiver/lib/core.js"(exports2, module2) { - var fs19 = require("fs"); + var fs20 = require("fs"); var glob2 = require_readdir_glob(); var async = require_async(); var path18 = require("path"); @@ -124121,7 +124121,7 @@ var require_core2 = __commonJS({ data.sourcePath = filepath; task.data = data; this._entriesCount++; - if (data.stats && data.stats instanceof fs19.Stats) { + if (data.stats && data.stats instanceof fs20.Stats) { task = this._updateQueueTaskWithStats(task, data.stats); if (task) { if (data.stats.size) { @@ -124292,7 +124292,7 @@ var require_core2 = __commonJS({ callback(); return; } - fs19.lstat(task.filepath, function(err, stats) { + fs20.lstat(task.filepath, function(err, stats) { if (this._state.aborted) { setImmediate(callback); return; @@ -124335,7 +124335,7 @@ var require_core2 = __commonJS({ task.data.sourceType = "buffer"; task.source = Buffer.concat([]); } else if (stats.isSymbolicLink() && this._moduleSupports("symlink")) { - var linkPath = fs19.readlinkSync(task.filepath); + var linkPath = fs20.readlinkSync(task.filepath); var dirName = path18.dirname(task.filepath); task.data.type = "symlink"; task.data.linkname = path18.relative(dirName, path18.resolve(dirName, linkPath)); @@ -151994,7 +151994,7 @@ var require_parser_stream = __commonJS({ var require_mkdirp = __commonJS({ "node_modules/mkdirp/index.js"(exports2, module2) { var path18 = require("path"); - var fs19 = require("fs"); + var fs20 = require("fs"); var _0777 = parseInt("0777", 8); module2.exports = mkdirP.mkdirp = mkdirP.mkdirP = mkdirP; function mkdirP(p, opts, f, made) { @@ -152005,7 +152005,7 @@ var require_mkdirp = __commonJS({ opts = { mode: opts }; } var mode = opts.mode; - var xfs = opts.fs || fs19; + var xfs = opts.fs || fs20; if (mode === void 0) { mode = _0777; } @@ -152044,7 +152044,7 @@ var require_mkdirp = __commonJS({ opts = { mode: opts }; } var mode = opts.mode; - var xfs = opts.fs || fs19; + var xfs = opts.fs || fs20; if (mode === void 0) { mode = _0777; } @@ -152081,7 +152081,7 @@ var require_mkdirp = __commonJS({ // node_modules/unzip-stream/lib/extract.js var require_extract2 = __commonJS({ "node_modules/unzip-stream/lib/extract.js"(exports2, module2) { - var fs19 = require("fs"); + var fs20 = require("fs"); var path18 = require("path"); var util = require("util"); var mkdirp = require_mkdirp(); @@ -152128,7 +152128,7 @@ var require_extract2 = __commonJS({ var directory = entry.isDirectory ? destPath : path18.dirname(destPath); this.unfinishedEntries++; var writeFileFn = function() { - var pipedStream = fs19.createWriteStream(destPath); + var pipedStream = fs20.createWriteStream(destPath); pipedStream.on("close", function() { self2.unfinishedEntries--; self2._notifyAwaiter(); @@ -153326,7 +153326,7 @@ var require_file_command2 = __commonJS({ Object.defineProperty(exports2, "__esModule", { value: true }); exports2.prepareKeyValueMessage = exports2.issueFileCommand = void 0; var crypto2 = __importStar2(require("crypto")); - var fs19 = __importStar2(require("fs")); + var fs20 = __importStar2(require("fs")); var os4 = __importStar2(require("os")); var utils_1 = require_utils12(); function issueFileCommand(command, message) { @@ -153334,10 +153334,10 @@ var require_file_command2 = __commonJS({ if (!filePath) { throw new Error(`Unable to find environment variable for file command ${command}`); } - if (!fs19.existsSync(filePath)) { + if (!fs20.existsSync(filePath)) { throw new Error(`Missing file at path: ${filePath}`); } - fs19.appendFileSync(filePath, `${(0, utils_1.toCommandValue)(message)}${os4.EOL}`, { + fs20.appendFileSync(filePath, `${(0, utils_1.toCommandValue)(message)}${os4.EOL}`, { encoding: "utf8" }); } @@ -154660,12 +154660,12 @@ var require_io_util2 = __commonJS({ var _a; Object.defineProperty(exports2, "__esModule", { value: true }); exports2.getCmdPath = exports2.tryGetExecutablePath = exports2.isRooted = exports2.isDirectory = exports2.exists = exports2.READONLY = exports2.UV_FS_O_EXLOCK = exports2.IS_WINDOWS = exports2.unlink = exports2.symlink = exports2.stat = exports2.rmdir = exports2.rm = exports2.rename = exports2.readlink = exports2.readdir = exports2.open = exports2.mkdir = exports2.lstat = exports2.copyFile = exports2.chmod = void 0; - var fs19 = __importStar2(require("fs")); + var fs20 = __importStar2(require("fs")); var path18 = __importStar2(require("path")); - _a = fs19.promises, exports2.chmod = _a.chmod, exports2.copyFile = _a.copyFile, exports2.lstat = _a.lstat, exports2.mkdir = _a.mkdir, exports2.open = _a.open, exports2.readdir = _a.readdir, exports2.readlink = _a.readlink, exports2.rename = _a.rename, exports2.rm = _a.rm, exports2.rmdir = _a.rmdir, exports2.stat = _a.stat, exports2.symlink = _a.symlink, exports2.unlink = _a.unlink; + _a = fs20.promises, exports2.chmod = _a.chmod, exports2.copyFile = _a.copyFile, exports2.lstat = _a.lstat, exports2.mkdir = _a.mkdir, exports2.open = _a.open, exports2.readdir = _a.readdir, exports2.readlink = _a.readlink, exports2.rename = _a.rename, exports2.rm = _a.rm, exports2.rmdir = _a.rmdir, exports2.stat = _a.stat, exports2.symlink = _a.symlink, exports2.unlink = _a.unlink; exports2.IS_WINDOWS = process.platform === "win32"; exports2.UV_FS_O_EXLOCK = 268435456; - exports2.READONLY = fs19.constants.O_RDONLY; + exports2.READONLY = fs20.constants.O_RDONLY; function exists(fsPath) { return __awaiter2(this, void 0, void 0, function* () { try { @@ -156054,25 +156054,25 @@ var require_upload_specification = __commonJS({ }; Object.defineProperty(exports2, "__esModule", { value: true }); exports2.getUploadSpecification = void 0; - var fs19 = __importStar2(require("fs")); + var fs20 = __importStar2(require("fs")); var core_1 = require_core3(); var path_1 = require("path"); var path_and_artifact_name_validation_1 = require_path_and_artifact_name_validation2(); function getUploadSpecification(artifactName, rootDirectory, artifactFiles) { const specifications = []; - if (!fs19.existsSync(rootDirectory)) { + if (!fs20.existsSync(rootDirectory)) { throw new Error(`Provided rootDirectory ${rootDirectory} does not exist`); } - if (!fs19.statSync(rootDirectory).isDirectory()) { + if (!fs20.statSync(rootDirectory).isDirectory()) { throw new Error(`Provided rootDirectory ${rootDirectory} is not a valid directory`); } rootDirectory = (0, path_1.normalize)(rootDirectory); rootDirectory = (0, path_1.resolve)(rootDirectory); for (let file of artifactFiles) { - if (!fs19.existsSync(file)) { + if (!fs20.existsSync(file)) { throw new Error(`File ${file} does not exist`); } - if (!fs19.statSync(file).isDirectory()) { + if (!fs20.statSync(file).isDirectory()) { file = (0, path_1.normalize)(file); file = (0, path_1.resolve)(file); if (!file.startsWith(rootDirectory)) { @@ -156097,11 +156097,11 @@ var require_upload_specification = __commonJS({ // node_modules/tmp/lib/tmp.js var require_tmp = __commonJS({ "node_modules/tmp/lib/tmp.js"(exports2, module2) { - var fs19 = require("fs"); + var fs20 = require("fs"); var os4 = require("os"); var path18 = require("path"); var crypto2 = require("crypto"); - var _c = { fs: fs19.constants, os: os4.constants }; + var _c = { fs: fs20.constants, os: os4.constants }; var RANDOM_CHARS = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; var TEMPLATE_PATTERN = /XXXXXX/; var DEFAULT_TRIES = 3; @@ -156113,13 +156113,13 @@ var require_tmp = __commonJS({ var FILE_MODE = 384; var EXIT = "exit"; var _removeObjects = []; - var FN_RMDIR_SYNC = fs19.rmdirSync.bind(fs19); + var FN_RMDIR_SYNC = fs20.rmdirSync.bind(fs20); var _gracefulCleanup = false; function rimraf(dirPath, callback) { - return fs19.rm(dirPath, { recursive: true }, callback); + return fs20.rm(dirPath, { recursive: true }, callback); } function FN_RIMRAF_SYNC(dirPath) { - return fs19.rmSync(dirPath, { recursive: true }); + return fs20.rmSync(dirPath, { recursive: true }); } function tmpName(options, callback) { const args = _parseArguments(options, callback), opts = args[0], cb = args[1]; @@ -156129,7 +156129,7 @@ var require_tmp = __commonJS({ (function _getUniqueName() { try { const name = _generateTmpName(sanitizedOptions); - fs19.stat(name, function(err2) { + fs20.stat(name, function(err2) { if (!err2) { if (tries-- > 0) return _getUniqueName(); return cb(new Error("Could not get a unique tmp filename, max tries reached " + name)); @@ -156149,7 +156149,7 @@ var require_tmp = __commonJS({ do { const name = _generateTmpName(sanitizedOptions); try { - fs19.statSync(name); + fs20.statSync(name); } catch (e) { return name; } @@ -156160,10 +156160,10 @@ var require_tmp = __commonJS({ const args = _parseArguments(options, callback), opts = args[0], cb = args[1]; tmpName(opts, function _tmpNameCreated(err, name) { if (err) return cb(err); - fs19.open(name, CREATE_FLAGS, opts.mode || FILE_MODE, function _fileCreated(err2, fd) { + fs20.open(name, CREATE_FLAGS, opts.mode || FILE_MODE, function _fileCreated(err2, fd) { if (err2) return cb(err2); if (opts.discardDescriptor) { - return fs19.close(fd, function _discardCallback(possibleErr) { + return fs20.close(fd, function _discardCallback(possibleErr) { return cb(possibleErr, name, void 0, _prepareTmpFileRemoveCallback(name, -1, opts, false)); }); } else { @@ -156177,9 +156177,9 @@ var require_tmp = __commonJS({ const args = _parseArguments(options), opts = args[0]; const discardOrDetachDescriptor = opts.discardDescriptor || opts.detachDescriptor; const name = tmpNameSync(opts); - let fd = fs19.openSync(name, CREATE_FLAGS, opts.mode || FILE_MODE); + let fd = fs20.openSync(name, CREATE_FLAGS, opts.mode || FILE_MODE); if (opts.discardDescriptor) { - fs19.closeSync(fd); + fs20.closeSync(fd); fd = void 0; } return { @@ -156192,7 +156192,7 @@ var require_tmp = __commonJS({ const args = _parseArguments(options, callback), opts = args[0], cb = args[1]; tmpName(opts, function _tmpNameCreated(err, name) { if (err) return cb(err); - fs19.mkdir(name, opts.mode || DIR_MODE, function _dirCreated(err2) { + fs20.mkdir(name, opts.mode || DIR_MODE, function _dirCreated(err2) { if (err2) return cb(err2); cb(null, name, _prepareTmpDirRemoveCallback(name, opts, false)); }); @@ -156201,7 +156201,7 @@ var require_tmp = __commonJS({ function dirSync(options) { const args = _parseArguments(options), opts = args[0]; const name = tmpNameSync(opts); - fs19.mkdirSync(name, opts.mode || DIR_MODE); + fs20.mkdirSync(name, opts.mode || DIR_MODE); return { name, removeCallback: _prepareTmpDirRemoveCallback(name, opts, true) @@ -156215,20 +156215,20 @@ var require_tmp = __commonJS({ next(); }; if (0 <= fdPath[0]) - fs19.close(fdPath[0], function() { - fs19.unlink(fdPath[1], _handler); + fs20.close(fdPath[0], function() { + fs20.unlink(fdPath[1], _handler); }); - else fs19.unlink(fdPath[1], _handler); + else fs20.unlink(fdPath[1], _handler); } function _removeFileSync(fdPath) { let rethrownException = null; try { - if (0 <= fdPath[0]) fs19.closeSync(fdPath[0]); + if (0 <= fdPath[0]) fs20.closeSync(fdPath[0]); } catch (e) { if (!_isEBADF(e) && !_isENOENT(e)) throw e; } finally { try { - fs19.unlinkSync(fdPath[1]); + fs20.unlinkSync(fdPath[1]); } catch (e) { if (!_isENOENT(e)) rethrownException = e; } @@ -156244,7 +156244,7 @@ var require_tmp = __commonJS({ return sync ? removeCallbackSync : removeCallback; } function _prepareTmpDirRemoveCallback(name, opts, sync) { - const removeFunction = opts.unsafeCleanup ? rimraf : fs19.rmdir.bind(fs19); + const removeFunction = opts.unsafeCleanup ? rimraf : fs20.rmdir.bind(fs20); const removeFunctionSync = opts.unsafeCleanup ? FN_RIMRAF_SYNC : FN_RMDIR_SYNC; const removeCallbackSync = _prepareRemoveCallback(removeFunctionSync, name, sync); const removeCallback = _prepareRemoveCallback(removeFunction, name, sync, removeCallbackSync); @@ -156307,24 +156307,24 @@ var require_tmp = __commonJS({ } function _resolvePath(name, tmpDir, cb) { const pathToResolve = path18.isAbsolute(name) ? name : path18.join(tmpDir, name); - fs19.stat(pathToResolve, function(err) { + fs20.stat(pathToResolve, function(err) { if (err) { - fs19.realpath(path18.dirname(pathToResolve), function(err2, parentDir) { + fs20.realpath(path18.dirname(pathToResolve), function(err2, parentDir) { if (err2) return cb(err2); cb(null, path18.join(parentDir, path18.basename(pathToResolve))); }); } else { - fs19.realpath(path18, cb); + fs20.realpath(path18, cb); } }); } function _resolvePathSync(name, tmpDir) { const pathToResolve = path18.isAbsolute(name) ? name : path18.join(tmpDir, name); try { - fs19.statSync(pathToResolve); - return fs19.realpathSync(pathToResolve); + fs20.statSync(pathToResolve); + return fs20.realpathSync(pathToResolve); } catch (_err) { - const parentDir = fs19.realpathSync(path18.dirname(pathToResolve)); + const parentDir = fs20.realpathSync(path18.dirname(pathToResolve)); return path18.join(parentDir, path18.basename(pathToResolve)); } } @@ -156429,10 +156429,10 @@ var require_tmp = __commonJS({ _gracefulCleanup = true; } function _getTmpDir(options, cb) { - return fs19.realpath(options && options.tmpdir || os4.tmpdir(), cb); + return fs20.realpath(options && options.tmpdir || os4.tmpdir(), cb); } function _getTmpDirSync(options) { - return fs19.realpathSync(options && options.tmpdir || os4.tmpdir()); + return fs20.realpathSync(options && options.tmpdir || os4.tmpdir()); } process.addListener(EXIT, _garbageCollector); Object.defineProperty(module2.exports, "tmpdir", { @@ -157286,10 +157286,10 @@ var require_upload_gzip = __commonJS({ }; Object.defineProperty(exports2, "__esModule", { value: true }); exports2.createGZipFileInBuffer = exports2.createGZipFileOnDisk = void 0; - var fs19 = __importStar2(require("fs")); + var fs20 = __importStar2(require("fs")); var zlib3 = __importStar2(require("zlib")); var util_1 = require("util"); - var stat = (0, util_1.promisify)(fs19.stat); + var stat = (0, util_1.promisify)(fs20.stat); var gzipExemptFileExtensions = [ ".gz", ".gzip", @@ -157322,9 +157322,9 @@ var require_upload_gzip = __commonJS({ } } return new Promise((resolve8, reject) => { - const inputStream = fs19.createReadStream(originalFilePath); + const inputStream = fs20.createReadStream(originalFilePath); const gzip = zlib3.createGzip(); - const outputStream = fs19.createWriteStream(tempFilePath); + const outputStream = fs20.createWriteStream(tempFilePath); inputStream.pipe(gzip).pipe(outputStream); outputStream.on("finish", () => __awaiter2(this, void 0, void 0, function* () { const size = (yield stat(tempFilePath)).size; @@ -157342,7 +157342,7 @@ var require_upload_gzip = __commonJS({ return __awaiter2(this, void 0, void 0, function* () { return new Promise((resolve8) => __awaiter2(this, void 0, void 0, function* () { var _a, e_1, _b, _c; - const inputStream = fs19.createReadStream(originalFilePath); + const inputStream = fs20.createReadStream(originalFilePath); const gzip = zlib3.createGzip(); inputStream.pipe(gzip); const chunks = []; @@ -157551,7 +157551,7 @@ var require_upload_http_client = __commonJS({ }; Object.defineProperty(exports2, "__esModule", { value: true }); exports2.UploadHttpClient = void 0; - var fs19 = __importStar2(require("fs")); + var fs20 = __importStar2(require("fs")); var core17 = __importStar2(require_core3()); var tmp = __importStar2(require_tmp_promise()); var stream2 = __importStar2(require("stream")); @@ -157565,7 +157565,7 @@ var require_upload_http_client = __commonJS({ var http_manager_1 = require_http_manager(); var upload_gzip_1 = require_upload_gzip(); var requestUtils_1 = require_requestUtils2(); - var stat = (0, util_1.promisify)(fs19.stat); + var stat = (0, util_1.promisify)(fs20.stat); var UploadHttpClient = class { constructor() { this.uploadHttpManager = new http_manager_1.HttpManager((0, config_variables_1.getUploadFileConcurrency)(), "@actions/artifact-upload"); @@ -157702,7 +157702,7 @@ var require_upload_http_client = __commonJS({ let openUploadStream; if (totalFileSize < buffer.byteLength) { core17.debug(`The gzip file created for ${parameters.file} did not help with reducing the size of the file. The original file will be uploaded as-is`); - openUploadStream = () => fs19.createReadStream(parameters.file); + openUploadStream = () => fs20.createReadStream(parameters.file); isGzip = false; uploadFileSize = totalFileSize; } else { @@ -157748,7 +157748,7 @@ var require_upload_http_client = __commonJS({ failedChunkSizes += chunkSize; continue; } - const result = yield this.uploadChunk(httpClientIndex, parameters.resourceUrl, () => fs19.createReadStream(uploadFilePath, { + const result = yield this.uploadChunk(httpClientIndex, parameters.resourceUrl, () => fs20.createReadStream(uploadFilePath, { start: startChunkIndex, end: endChunkIndex, autoClose: false @@ -157943,7 +157943,7 @@ var require_download_http_client = __commonJS({ }; Object.defineProperty(exports2, "__esModule", { value: true }); exports2.DownloadHttpClient = void 0; - var fs19 = __importStar2(require("fs")); + var fs20 = __importStar2(require("fs")); var core17 = __importStar2(require_core3()); var zlib3 = __importStar2(require("zlib")); var utils_1 = require_utils13(); @@ -158034,7 +158034,7 @@ var require_download_http_client = __commonJS({ return __awaiter2(this, void 0, void 0, function* () { let retryCount = 0; const retryLimit = (0, config_variables_1.getRetryLimit)(); - let destinationStream = fs19.createWriteStream(downloadPath); + let destinationStream = fs20.createWriteStream(downloadPath); const headers = (0, utils_1.getDownloadHeaders)("application/json", true, true); const makeDownloadRequest = () => __awaiter2(this, void 0, void 0, function* () { const client = this.downloadHttpManager.getClient(httpClientIndex); @@ -158076,7 +158076,7 @@ var require_download_http_client = __commonJS({ } }); yield (0, utils_1.rmFile)(fileDownloadPath); - destinationStream = fs19.createWriteStream(fileDownloadPath); + destinationStream = fs20.createWriteStream(fileDownloadPath); }); while (retryCount <= retryLimit) { let response; @@ -161338,7 +161338,7 @@ var require_sarif_schema_2_1_0 = __commonJS({ var core16 = __toESM(require_core()); // src/actions-util.ts -var fs2 = __toESM(require("fs")); +var fs3 = __toESM(require("fs")); var path2 = __toESM(require("path")); var core4 = __toESM(require_core()); var toolrunner = __toESM(require_toolrunner()); @@ -161346,7 +161346,7 @@ var github = __toESM(require_github()); var io2 = __toESM(require_io()); // src/util.ts -var fs = __toESM(require("fs")); +var fs2 = __toESM(require("fs")); var fsPromises = __toESM(require("fs/promises")); var path = __toESM(require("path")); var core3 = __toESM(require_core()); @@ -161360,21 +161360,21 @@ async function getFolderSize(itemPath, options) { getFolderSize.loose = async (itemPath, options) => await core(itemPath, options); getFolderSize.strict = async (itemPath, options) => await core(itemPath, options, { strict: true }); async function core(rootItemPath, options = {}, returnType = {}) { - const fs19 = options.fs || await import("node:fs/promises"); + const fs20 = options.fs || await import("node:fs/promises"); let folderSize = 0n; const foundInos = /* @__PURE__ */ new Set(); const errors = []; await processItem(rootItemPath); async function processItem(itemPath) { if (options.ignore?.test(itemPath)) return; - const stats = returnType.strict ? await fs19.lstat(itemPath, { bigint: true }) : await fs19.lstat(itemPath, { bigint: true }).catch((error3) => errors.push(error3)); + const stats = returnType.strict ? await fs20.lstat(itemPath, { bigint: true }) : await fs20.lstat(itemPath, { bigint: true }).catch((error3) => errors.push(error3)); if (typeof stats !== "object") return; if (!foundInos.has(stats.ino)) { foundInos.add(stats.ino); folderSize += stats.size; } if (stats.isDirectory()) { - const directoryItems = returnType.strict ? await fs19.readdir(itemPath) : await fs19.readdir(itemPath).catch((error3) => errors.push(error3)); + const directoryItems = returnType.strict ? await fs20.readdir(itemPath) : await fs20.readdir(itemPath).catch((error3) => errors.push(error3)); if (typeof directoryItems !== "object") return; await Promise.all( directoryItems.map( @@ -164001,6 +164001,7 @@ var maximumVersion = "3.20"; var minimumVersion = "3.14"; // src/sarif/index.ts +var fs = __toESM(require("fs")); function getToolNames(sarif) { const toolNames = {}; for (const run3 of sarif.runs || []) { @@ -164012,6 +164013,9 @@ function getToolNames(sarif) { } return Object.keys(toolNames); } +function readSarifFile(sarifFilePath) { + return JSON.parse(fs.readFileSync(sarifFilePath, "utf8")); +} // src/util.ts var BASE_DATABASE_OIDS_FILE_NAME = "base-database-oids.json"; @@ -164153,12 +164157,12 @@ function getBaseDatabaseOidsFilePath(config) { async function bundleDb(config, language, codeql, dbName, { includeDiagnostics }) { const databasePath = getCodeQLDatabasePath(config, language); const databaseBundlePath = path.resolve(config.dbLocation, `${dbName}.zip`); - if (fs.existsSync(databaseBundlePath)) { - await fs.promises.rm(databaseBundlePath, { force: true }); + if (fs2.existsSync(databaseBundlePath)) { + await fs2.promises.rm(databaseBundlePath, { force: true }); } const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); const additionalFiles = []; - if (fs.existsSync(baseDatabaseOidsFilePath)) { + if (fs2.existsSync(baseDatabaseOidsFilePath)) { await fsPromises.copyFile( baseDatabaseOidsFilePath, path.join(databasePath, BASE_DATABASE_OIDS_FILE_NAME) @@ -164201,7 +164205,7 @@ function getTestingEnvironment() { } function doesDirectoryExist(dirPath) { try { - const stats = fs.lstatSync(dirPath); + const stats = fs2.lstatSync(dirPath); return stats.isDirectory(); } catch { return false; @@ -164211,7 +164215,7 @@ function listFolder(dir) { if (!doesDirectoryExist(dir)) { return []; } - const entries = fs.readdirSync(dir, { withFileTypes: true }); + const entries = fs2.readdirSync(dir, { withFileTypes: true }); let files = []; for (const entry of entries) { if (entry.isFile()) { @@ -164294,7 +164298,7 @@ function cloneObject(obj) { async function cleanUpPath(file, name, logger) { logger.debug(`Cleaning up ${name}.`); try { - await fs.promises.rm(file, { + await fs2.promises.rm(file, { force: true, recursive: true }); @@ -164352,7 +164356,7 @@ function getRelativeScriptPath() { function getWorkflowEvent() { const eventJsonFile = getRequiredEnvParam("GITHUB_EVENT_PATH"); try { - return JSON.parse(fs2.readFileSync(eventJsonFile, "utf-8")); + return JSON.parse(fs3.readFileSync(eventJsonFile, "utf-8")); } catch (e) { throw new Error( `Unable to read workflow event JSON from ${eventJsonFile}: ${e}` @@ -164368,7 +164372,7 @@ async function printDebugLogs(config) { continue; } const walkLogFiles = (dir) => { - const entries = fs2.readdirSync(dir, { withFileTypes: true }); + const entries = fs3.readdirSync(dir, { withFileTypes: true }); if (entries.length === 0) { core4.info(`No debug logs found at directory ${logsDirectory}.`); } @@ -164378,7 +164382,7 @@ async function printDebugLogs(config) { core4.startGroup( `CodeQL Debug Logs - ${language} - ${entry.name} from file at path ${absolutePath}` ); - process.stdout.write(fs2.readFileSync(absolutePath)); + process.stdout.write(fs3.readFileSync(absolutePath)); core4.endGroup(); } else if (entry.isDirectory()) { walkLogFiles(path2.resolve(dir, entry.name)); @@ -164799,7 +164803,7 @@ function wrapApiConfigurationError(e) { var core6 = __toESM(require_core()); // src/codeql.ts -var fs11 = __toESM(require("fs")); +var fs12 = __toESM(require("fs")); var path11 = __toESM(require("path")); var core10 = __toESM(require_core()); var toolrunner3 = __toESM(require_toolrunner()); @@ -165047,7 +165051,7 @@ function wrapCliConfigurationError(cliError) { } // src/config-utils.ts -var fs7 = __toESM(require("fs")); +var fs8 = __toESM(require("fs")); var path8 = __toESM(require("path")); // src/analyses.ts @@ -165221,11 +165225,11 @@ function writeDiagnostic(config, language, diagnostic) { } // src/diff-informed-analysis-utils.ts -var fs5 = __toESM(require("fs")); +var fs6 = __toESM(require("fs")); var path6 = __toESM(require("path")); // src/feature-flags.ts -var fs4 = __toESM(require("fs")); +var fs5 = __toESM(require("fs")); var path5 = __toESM(require("path")); var semver5 = __toESM(require_semver2()); @@ -165234,7 +165238,7 @@ var bundleVersion = "codeql-bundle-v2.24.2"; var cliVersion = "2.24.2"; // src/overlay/index.ts -var fs3 = __toESM(require("fs")); +var fs4 = __toESM(require("fs")); var path4 = __toESM(require("path")); var actionsCache = __toESM(require_cache5()); @@ -165445,12 +165449,12 @@ async function writeBaseDatabaseOidsFile(config, sourceRoot) { const gitFileOids = await getFileOidsUnderPath(sourceRoot); const gitFileOidsJson = JSON.stringify(gitFileOids); const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); - await fs3.promises.writeFile(baseDatabaseOidsFilePath, gitFileOidsJson); + await fs4.promises.writeFile(baseDatabaseOidsFilePath, gitFileOidsJson); } async function readBaseDatabaseOidsFile(config, logger) { const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); try { - const contents = await fs3.promises.readFile( + const contents = await fs4.promises.readFile( baseDatabaseOidsFilePath, "utf-8" ); @@ -165477,7 +165481,7 @@ async function writeOverlayChangesFile(config, sourceRoot, logger) { logger.debug( `Writing overlay changed files to ${overlayChangesFile}: ${changedFilesJson}` ); - await fs3.promises.writeFile(overlayChangesFile, changedFilesJson); + await fs4.promises.writeFile(overlayChangesFile, changedFilesJson); return overlayChangesFile; } function computeChangedFiles(baseFileOids, overlayFileOids) { @@ -165983,12 +165987,12 @@ var GitHubFeatureFlags = class { } async readLocalFlags() { try { - if (fs4.existsSync(this.featureFlagsFile)) { + if (fs5.existsSync(this.featureFlagsFile)) { this.logger.debug( `Loading feature flags from ${this.featureFlagsFile}` ); return JSON.parse( - fs4.readFileSync(this.featureFlagsFile, "utf8") + fs5.readFileSync(this.featureFlagsFile, "utf8") ); } } catch (e) { @@ -166001,7 +166005,7 @@ var GitHubFeatureFlags = class { async writeLocalFlags(flags) { try { this.logger.debug(`Writing feature flags to ${this.featureFlagsFile}`); - fs4.writeFileSync(this.featureFlagsFile, JSON.stringify(flags)); + fs5.writeFileSync(this.featureFlagsFile, JSON.stringify(flags)); } catch (e) { this.logger.warning( `Error writing cached feature flags file ${this.featureFlagsFile}: ${e}.` @@ -166077,11 +166081,11 @@ function getDiffRangesJsonFilePath() { } function readDiffRangesJsonFile(logger) { const jsonFilePath = getDiffRangesJsonFilePath(); - if (!fs5.existsSync(jsonFilePath)) { + if (!fs6.existsSync(jsonFilePath)) { logger.debug(`Diff ranges JSON file does not exist at ${jsonFilePath}`); return void 0; } - const jsonContents = fs5.readFileSync(jsonFilePath, "utf8"); + const jsonContents = fs6.readFileSync(jsonFilePath, "utf8"); logger.debug( `Read pr-diff-range JSON file from ${jsonFilePath}: ${jsonContents}` @@ -166090,7 +166094,7 @@ ${jsonContents}` } // src/overlay/status.ts -var fs6 = __toESM(require("fs")); +var fs7 = __toESM(require("fs")); var path7 = __toESM(require("path")); var actionsCache2 = __toESM(require_cache5()); var MAX_CACHE_OPERATION_MS = 3e4; @@ -166107,8 +166111,8 @@ async function saveOverlayStatus(codeql, languages, diskUsage, status, logger) { const cacheKey = await getCacheKey(codeql, languages, diskUsage); const statusFile = getStatusFilePath(languages); try { - await fs6.promises.mkdir(path7.dirname(statusFile), { recursive: true }); - await fs6.promises.writeFile(statusFile, JSON.stringify(status)); + await fs7.promises.mkdir(path7.dirname(statusFile), { recursive: true }); + await fs7.promises.writeFile(statusFile, JSON.stringify(status)); const cacheId = await waitForResultWithTimeLimit( MAX_CACHE_OPERATION_MS, actionsCache2.saveCache([statusFile], cacheKey), @@ -166171,10 +166175,10 @@ function getPathToParsedConfigFile(tempDir) { } async function getConfig(tempDir, logger) { const configFile = getPathToParsedConfigFile(tempDir); - if (!fs7.existsSync(configFile)) { + if (!fs8.existsSync(configFile)) { return void 0; } - const configString = fs7.readFileSync(configFile, "utf8"); + const configString = fs8.readFileSync(configFile, "utf8"); logger.debug("Loaded config:"); logger.debug(configString); const config = JSON.parse(configString); @@ -166213,7 +166217,7 @@ function isCodeScanningEnabled(config) { } // src/setup-codeql.ts -var fs10 = __toESM(require("fs")); +var fs11 = __toESM(require("fs")); var path10 = __toESM(require("path")); var toolcache3 = __toESM(require_tool_cache()); var import_fast_deep_equal = __toESM(require_fast_deep_equal()); @@ -166275,7 +166279,7 @@ var v4_default = v4; // src/tar.ts var import_child_process = require("child_process"); -var fs8 = __toESM(require("fs")); +var fs9 = __toESM(require("fs")); var stream = __toESM(require("stream")); var import_toolrunner = __toESM(require_toolrunner()); var io4 = __toESM(require_io()); @@ -166348,7 +166352,7 @@ async function isZstdAvailable(logger) { } } async function extract(tarPath, dest, compressionMethod, tarVersion, logger) { - fs8.mkdirSync(dest, { recursive: true }); + fs9.mkdirSync(dest, { recursive: true }); switch (compressionMethod) { case "gzip": return await toolcache.extractTar(tarPath, dest); @@ -166432,7 +166436,7 @@ function inferCompressionMethod(tarPath) { } // src/tools-download.ts -var fs9 = __toESM(require("fs")); +var fs10 = __toESM(require("fs")); var os = __toESM(require("os")); var path9 = __toESM(require("path")); var import_perf_hooks = require("perf_hooks"); @@ -166539,7 +166543,7 @@ async function downloadAndExtract(codeqlURL, compressionMethod, dest, authorizat }; } async function downloadAndExtractZstdWithStreaming(codeqlURL, dest, authorization, headers, tarVersion, logger) { - fs9.mkdirSync(dest, { recursive: true }); + fs10.mkdirSync(dest, { recursive: true }); const agent = new import_http_client.HttpClient().getAgent(codeqlURL); headers = Object.assign( { "User-Agent": "CodeQL Action" }, @@ -166576,7 +166580,7 @@ function getToolcacheDirectory(version) { } function writeToolcacheMarkerFile(extractedPath, logger) { const markerFilePath = `${extractedPath}.complete`; - fs9.writeFileSync(markerFilePath, ""); + fs10.writeFileSync(markerFilePath, ""); logger.info(`Created toolcache marker file ${markerFilePath}`); } function sanitizeUrlForStatusReport(url2) { @@ -166711,7 +166715,7 @@ async function findOverridingToolsInCache(humanReadableVersion, logger) { const candidates = toolcache3.findAllVersions("CodeQL").filter(isGoodVersion).map((version) => ({ folder: toolcache3.find("CodeQL", version), version - })).filter(({ folder }) => fs10.existsSync(path10.join(folder, "pinned-version"))); + })).filter(({ folder }) => fs11.existsSync(path10.join(folder, "pinned-version"))); if (candidates.length === 1) { const candidate = candidates[0]; logger.debug( @@ -167265,7 +167269,7 @@ async function getCodeQLForCmd(cmd, checkVersion) { "tools", "tracing-config.lua" ); - return fs11.existsSync(tracingConfigPath); + return fs12.existsSync(tracingConfigPath); }, async isScannedLanguage(language) { return !await this.isTracedLanguage(language); @@ -167745,7 +167749,7 @@ async function writeCodeScanningConfigFile(config, logger) { logger.startGroup("Augmented user configuration file contents"); logger.info(dump(augmentedConfig)); logger.endGroup(); - fs11.writeFileSync(codeScanningConfigFile, dump(augmentedConfig)); + fs12.writeFileSync(codeScanningConfigFile, dump(augmentedConfig)); return codeScanningConfigFile; } var TRAP_CACHE_SIZE_MB = 1024; @@ -167789,7 +167793,7 @@ async function getJobRunUuidSarifOptions(codeql) { } // src/debug-artifacts.ts -var fs14 = __toESM(require("fs")); +var fs15 = __toESM(require("fs")); var path14 = __toESM(require("path")); var artifact = __toESM(require_artifact2()); var artifactLegacy = __toESM(require_artifact_client2()); @@ -167797,7 +167801,7 @@ var core12 = __toESM(require_core()); var import_archiver = __toESM(require_archiver()); // src/analyze.ts -var fs12 = __toESM(require("fs")); +var fs13 = __toESM(require("fs")); var path12 = __toESM(require("path")); var io5 = __toESM(require_io()); @@ -167829,7 +167833,7 @@ function dbIsFinalized(config, language, logger) { const dbPath = getCodeQLDatabasePath(config, language); try { const dbInfo = load( - fs12.readFileSync(path12.resolve(dbPath, "codeql-database.yml"), "utf8") + fs13.readFileSync(path12.resolve(dbPath, "codeql-database.yml"), "utf8") ); return !("inProgress" in dbInfo); } catch { @@ -167841,7 +167845,7 @@ function dbIsFinalized(config, language, logger) { } // src/artifact-scanner.ts -var fs13 = __toESM(require("fs")); +var fs14 = __toESM(require("fs")); var os2 = __toESM(require("os")); var path13 = __toESM(require("path")); var exec = __toESM(require_exec()); @@ -167880,7 +167884,7 @@ var GITHUB_TOKEN_PATTERNS = [ function scanFileForTokens(filePath, relativePath, logger) { const findings = []; try { - const content = fs13.readFileSync(filePath, "utf8"); + const content = fs14.readFileSync(filePath, "utf8"); for (const { type: type2, pattern } of GITHUB_TOKEN_PATTERNS) { const matches = content.match(pattern); if (matches) { @@ -167910,7 +167914,7 @@ async function scanArchiveFile(archivePath, relativeArchivePath, extractDir, log findings: [] }; try { - const tempExtractDir = fs13.mkdtempSync( + const tempExtractDir = fs14.mkdtempSync( path13.join(extractDir, `extract-${depth}-`) ); const fileName = path13.basename(archivePath).toLowerCase(); @@ -167944,7 +167948,7 @@ async function scanArchiveFile(archivePath, relativeArchivePath, extractDir, log path13.basename(archivePath, ".gz") ); await exec.exec("gunzip", ["-c", archivePath], { - outStream: fs13.createWriteStream(outputFile), + outStream: fs14.createWriteStream(outputFile), silent: true }); } else if (fileName.endsWith(".zip")) { @@ -167965,7 +167969,7 @@ async function scanArchiveFile(archivePath, relativeArchivePath, extractDir, log ); result.scannedFiles += scanResult.scannedFiles; result.findings.push(...scanResult.findings); - fs13.rmSync(tempExtractDir, { recursive: true, force: true }); + fs14.rmSync(tempExtractDir, { recursive: true, force: true }); } catch (e) { logger.debug( `Could not extract or scan archive file ${archivePath}: ${getErrorMessage(e)}` @@ -168000,7 +168004,7 @@ async function scanDirectory(dirPath, baseRelativePath, logger, depth = 0) { scannedFiles: 0, findings: [] }; - const entries = fs13.readdirSync(dirPath, { withFileTypes: true }); + const entries = fs14.readdirSync(dirPath, { withFileTypes: true }); for (const entry of entries) { const fullPath = path13.join(dirPath, entry.name); const relativePath = path13.join(baseRelativePath, entry.name); @@ -168035,10 +168039,10 @@ async function scanArtifactsForTokens(filesToScan, logger) { scannedFiles: 0, findings: [] }; - const tempScanDir = fs13.mkdtempSync(path13.join(os2.tmpdir(), "artifact-scan-")); + const tempScanDir = fs14.mkdtempSync(path13.join(os2.tmpdir(), "artifact-scan-")); try { for (const filePath of filesToScan) { - const stats = fs13.statSync(filePath); + const stats = fs14.statSync(filePath); const fileName = path13.basename(filePath); if (stats.isDirectory()) { const dirResult = await scanDirectory(filePath, fileName, logger); @@ -168076,7 +168080,7 @@ async function scanArtifactsForTokens(filesToScan, logger) { } } finally { try { - fs13.rmSync(tempScanDir, { recursive: true, force: true }); + fs14.rmSync(tempScanDir, { recursive: true, force: true }); } catch (e) { logger.debug( `Could not clean up temporary scan directory: ${getErrorMessage(e)}` @@ -168092,17 +168096,17 @@ function sanitizeArtifactName(name) { function tryPrepareSarifDebugArtifact(config, language, logger) { try { const analyzeActionOutputDir = process.env["CODEQL_ACTION_SARIF_RESULTS_OUTPUT_DIR" /* SARIF_RESULTS_OUTPUT_DIR */]; - if (analyzeActionOutputDir !== void 0 && fs14.existsSync(analyzeActionOutputDir) && fs14.lstatSync(analyzeActionOutputDir).isDirectory()) { + if (analyzeActionOutputDir !== void 0 && fs15.existsSync(analyzeActionOutputDir) && fs15.lstatSync(analyzeActionOutputDir).isDirectory()) { const sarifFile = path14.resolve( analyzeActionOutputDir, `${language}.sarif` ); - if (fs14.existsSync(sarifFile)) { + if (fs15.existsSync(sarifFile)) { const sarifInDbLocation = path14.resolve( config.dbLocation, `${language}.sarif` ); - fs14.copyFileSync(sarifFile, sarifInDbLocation); + fs15.copyFileSync(sarifFile, sarifInDbLocation); return sarifInDbLocation; } } @@ -168281,10 +168285,10 @@ async function createPartialDatabaseBundle(config, language) { core12.info( `${config.debugDatabaseName}-${language} is not finalized. Uploading partial database bundle at ${databaseBundlePath}...` ); - if (fs14.existsSync(databaseBundlePath)) { - await fs14.promises.rm(databaseBundlePath, { force: true }); + if (fs15.existsSync(databaseBundlePath)) { + await fs15.promises.rm(databaseBundlePath, { force: true }); } - const output = fs14.createWriteStream(databaseBundlePath); + const output = fs15.createWriteStream(databaseBundlePath); const zip = (0, import_archiver.default)("zip"); zip.on("error", (err) => { throw err; @@ -168311,11 +168315,11 @@ async function createDatabaseBundleCli(codeql, config, language) { } // src/init-action-post-helper.ts -var fs18 = __toESM(require("fs")); +var fs19 = __toESM(require("fs")); var github2 = __toESM(require_github()); // src/upload-lib.ts -var fs16 = __toESM(require("fs")); +var fs17 = __toESM(require("fs")); var path16 = __toESM(require("path")); var url = __toESM(require("url")); var import_zlib = __toESM(require("zlib")); @@ -168323,7 +168327,7 @@ var core13 = __toESM(require_core()); var jsonschema2 = __toESM(require_lib2()); // src/fingerprints.ts -var fs15 = __toESM(require("fs")); +var fs16 = __toESM(require("fs")); var import_path2 = __toESM(require("path")); // node_modules/long/index.js @@ -169311,7 +169315,7 @@ async function hash(callback, filepath) { } updateHash(current); }; - const readStream = fs15.createReadStream(filepath, "utf8"); + const readStream = fs16.createReadStream(filepath, "utf8"); for await (const data of readStream) { for (let i = 0; i < data.length; ++i) { processCharacter(data.charCodeAt(i)); @@ -169386,11 +169390,11 @@ function resolveUriToFile(location, artifacts, sourceRoot, logger) { if (!import_path2.default.isAbsolute(uri)) { uri = srcRootPrefix + uri; } - if (!fs15.existsSync(uri)) { + if (!fs16.existsSync(uri)) { logger.debug(`Unable to compute fingerprint for non-existent file: ${uri}`); return void 0; } - if (fs15.statSync(uri).isDirectory()) { + if (fs16.statSync(uri).isDirectory()) { logger.debug(`Unable to compute fingerprint for directory: ${uri}`); return void 0; } @@ -169487,9 +169491,7 @@ function combineSarifFiles(sarifFiles, logger) { }; for (const sarifFile of sarifFiles) { logger.debug(`Loading SARIF file: ${sarifFile}`); - const sarifObject = JSON.parse( - fs16.readFileSync(sarifFile, "utf8") - ); + const sarifObject = readSarifFile(sarifFile); if (combinedSarif.version === null) { combinedSarif.version = sarifObject.version; } else if (combinedSarif.version !== sarifObject.version) { @@ -169559,9 +169561,7 @@ async function shouldDisableCombineSarifFiles(sarifObjects, githubVersion) { } async function combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, logger) { logger.info("Combining SARIF files using the CodeQL CLI"); - const sarifObjects = sarifFiles.map((sarifFile) => { - return JSON.parse(fs16.readFileSync(sarifFile, "utf8")); - }); + const sarifObjects = sarifFiles.map(readSarifFile); const deprecationWarningMessage = gitHubVersion.type === "GitHub Enterprise Server" /* GHES */ ? "and will be removed in GitHub Enterprise Server 3.18" : "and will be removed in July 2025"; const deprecationMoreInformationMessage = "For more information, see https://github.blog/changelog/2024-05-06-code-scanning-will-stop-combining-runs-from-a-single-upload"; if (!areAllRunsProducedByCodeQL(sarifObjects)) { @@ -169614,13 +169614,13 @@ async function combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, lo codeQL = initCodeQLResult.codeql; } const baseTempDir = path16.resolve(tempDir, "combined-sarif"); - fs16.mkdirSync(baseTempDir, { recursive: true }); - const outputDirectory = fs16.mkdtempSync(path16.resolve(baseTempDir, "output-")); + fs17.mkdirSync(baseTempDir, { recursive: true }); + const outputDirectory = fs17.mkdtempSync(path16.resolve(baseTempDir, "output-")); const outputFile = path16.resolve(outputDirectory, "combined-sarif.sarif"); await codeQL.mergeResults(sarifFiles, outputFile, { mergeRunsFromEqualCategory: true }); - return JSON.parse(fs16.readFileSync(outputFile, "utf8")); + return readSarifFile(outputFile); } function populateRunAutomationDetails(sarif, category, analysis_key, environment) { const automationID = getAutomationID2(category, analysis_key, environment); @@ -169657,7 +169657,7 @@ async function uploadPayload(payload, repositoryNwo, logger, analysis) { `SARIF upload disabled by an environment variable. Saving to ${payloadSaveFile}` ); logger.info(`Payload: ${JSON.stringify(payload, null, 2)}`); - fs16.writeFileSync(payloadSaveFile, JSON.stringify(payload, null, 2)); + fs17.writeFileSync(payloadSaveFile, JSON.stringify(payload, null, 2)); return "dummy-sarif-id"; } const client = getApiClient(); @@ -169691,7 +169691,7 @@ async function uploadPayload(payload, repositoryNwo, logger, analysis) { function findSarifFilesInDir(sarifPath, isSarif) { const sarifFiles = []; const walkSarifFiles = (dir) => { - const entries = fs16.readdirSync(dir, { withFileTypes: true }); + const entries = fs17.readdirSync(dir, { withFileTypes: true }); for (const entry of entries) { if (entry.isFile() && isSarif(entry.name)) { sarifFiles.push(path16.resolve(dir, entry.name)); @@ -169704,11 +169704,11 @@ function findSarifFilesInDir(sarifPath, isSarif) { return sarifFiles; } function getSarifFilePaths(sarifPath, isSarif) { - if (!fs16.existsSync(sarifPath)) { + if (!fs17.existsSync(sarifPath)) { throw new ConfigurationError(`Path does not exist: ${sarifPath}`); } let sarifFiles; - if (fs16.lstatSync(sarifPath).isDirectory()) { + if (fs17.lstatSync(sarifPath).isDirectory()) { sarifFiles = findSarifFilesInDir(sarifPath, isSarif); if (sarifFiles.length === 0) { throw new ConfigurationError( @@ -169736,9 +169736,9 @@ function countResultsInSarif(sarif) { } return numResults; } -function readSarifFile(sarifFilePath) { +function readSarifFile2(sarifFilePath) { try { - return JSON.parse(fs16.readFileSync(sarifFilePath, "utf8")); + return readSarifFile(sarifFilePath); } catch (e) { throw new InvalidSarifUploadError( `Invalid SARIF. JSON syntax error: ${getErrorMessage(e)}` @@ -169807,7 +169807,7 @@ function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, wo payloadObj.base_sha = mergeBaseCommitOid; } else if (process.env.GITHUB_EVENT_PATH) { const githubEvent = JSON.parse( - fs16.readFileSync(process.env.GITHUB_EVENT_PATH, "utf8") + fs17.readFileSync(process.env.GITHUB_EVENT_PATH, "utf8") ); payloadObj.base_ref = `refs/heads/${githubEvent.pull_request.base.ref}`; payloadObj.base_sha = githubEvent.pull_request.base.sha; @@ -169822,7 +169822,7 @@ async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths, category = analysis.fixCategory(logger, category); if (sarifPaths.length > 1) { for (const sarifPath of sarifPaths) { - const parsedSarif = readSarifFile(sarifPath); + const parsedSarif = readSarifFile2(sarifPath); validateSarifFileSchema(parsedSarif, sarifPath, logger); } sarif = await combineSarifFilesUsingCLI( @@ -169833,7 +169833,7 @@ async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths, ); } else { const sarifPath = sarifPaths[0]; - sarif = readSarifFile(sarifPath); + sarif = readSarifFile2(sarifPath); validateSarifFileSchema(sarif, sarifPath, logger); await throwIfCombineSarifFilesDisabled([sarif], gitHubVersion); } @@ -170077,7 +170077,7 @@ function filterAlertsByDiffRange(logger, sarif) { } // src/workflow.ts -var fs17 = __toESM(require("fs")); +var fs18 = __toESM(require("fs")); var path17 = __toESM(require("path")); var import_zlib2 = __toESM(require("zlib")); var core14 = __toESM(require_core()); @@ -170106,7 +170106,7 @@ async function getWorkflow(logger) { ); } const workflowPath = await getWorkflowAbsolutePath(logger); - return load(fs17.readFileSync(workflowPath, "utf-8")); + return load(fs18.readFileSync(workflowPath, "utf-8")); } async function getWorkflowAbsolutePath(logger) { const relativePath = await getWorkflowRelativePath(); @@ -170114,7 +170114,7 @@ async function getWorkflowAbsolutePath(logger) { getRequiredEnvParam("GITHUB_WORKSPACE"), relativePath ); - if (fs17.existsSync(absolutePath)) { + if (fs18.existsSync(absolutePath)) { logger.debug( `Derived the following absolute path for the currently executing workflow: ${absolutePath}.` ); @@ -170324,7 +170324,7 @@ async function run(uploadAllAvailableDebugArtifacts, printDebugLogs2, codeql, co } if (isSelfHostedRunner()) { try { - fs18.rmSync(config.dbLocation, { + fs19.rmSync(config.dbLocation, { recursive: true, force: true, maxRetries: 3 diff --git a/lib/upload-lib.js b/lib/upload-lib.js index 711e287446..a6505fbf00 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -204,7 +204,7 @@ var require_file_command = __commonJS({ exports2.issueFileCommand = issueFileCommand; exports2.prepareKeyValueMessage = prepareKeyValueMessage; var crypto2 = __importStar2(require("crypto")); - var fs12 = __importStar2(require("fs")); + var fs13 = __importStar2(require("fs")); var os2 = __importStar2(require("os")); var utils_1 = require_utils(); function issueFileCommand(command, message) { @@ -212,10 +212,10 @@ var require_file_command = __commonJS({ if (!filePath) { throw new Error(`Unable to find environment variable for file command ${command}`); } - if (!fs12.existsSync(filePath)) { + if (!fs13.existsSync(filePath)) { throw new Error(`Missing file at path: ${filePath}`); } - fs12.appendFileSync(filePath, `${(0, utils_1.toCommandValue)(message)}${os2.EOL}`, { + fs13.appendFileSync(filePath, `${(0, utils_1.toCommandValue)(message)}${os2.EOL}`, { encoding: "utf8" }); } @@ -20123,13 +20123,13 @@ var require_io_util = __commonJS({ exports2.isRooted = isRooted; exports2.tryGetExecutablePath = tryGetExecutablePath; exports2.getCmdPath = getCmdPath; - var fs12 = __importStar2(require("fs")); + var fs13 = __importStar2(require("fs")); var path12 = __importStar2(require("path")); - _a = fs12.promises, exports2.chmod = _a.chmod, exports2.copyFile = _a.copyFile, exports2.lstat = _a.lstat, exports2.mkdir = _a.mkdir, exports2.open = _a.open, exports2.readdir = _a.readdir, exports2.rename = _a.rename, exports2.rm = _a.rm, exports2.rmdir = _a.rmdir, exports2.stat = _a.stat, exports2.symlink = _a.symlink, exports2.unlink = _a.unlink; + _a = fs13.promises, exports2.chmod = _a.chmod, exports2.copyFile = _a.copyFile, exports2.lstat = _a.lstat, exports2.mkdir = _a.mkdir, exports2.open = _a.open, exports2.readdir = _a.readdir, exports2.rename = _a.rename, exports2.rm = _a.rm, exports2.rmdir = _a.rmdir, exports2.stat = _a.stat, exports2.symlink = _a.symlink, exports2.unlink = _a.unlink; exports2.IS_WINDOWS = process.platform === "win32"; function readlink(fsPath) { return __awaiter2(this, void 0, void 0, function* () { - const result = yield fs12.promises.readlink(fsPath); + const result = yield fs13.promises.readlink(fsPath); if (exports2.IS_WINDOWS && !result.endsWith("\\")) { return `${result}\\`; } @@ -20137,7 +20137,7 @@ var require_io_util = __commonJS({ }); } exports2.UV_FS_O_EXLOCK = 268435456; - exports2.READONLY = fs12.constants.O_RDONLY; + exports2.READONLY = fs13.constants.O_RDONLY; function exists(fsPath) { return __awaiter2(this, void 0, void 0, function* () { try { @@ -50403,7 +50403,7 @@ var require_internal_globber = __commonJS({ Object.defineProperty(exports2, "__esModule", { value: true }); exports2.DefaultGlobber = void 0; var core12 = __importStar2(require_core()); - var fs12 = __importStar2(require("fs")); + var fs13 = __importStar2(require("fs")); var globOptionsHelper = __importStar2(require_internal_glob_options_helper()); var path12 = __importStar2(require("path")); var patternHelper = __importStar2(require_internal_pattern_helper()); @@ -50457,7 +50457,7 @@ var require_internal_globber = __commonJS({ for (const searchPath of patternHelper.getSearchPaths(patterns)) { core12.debug(`Search path '${searchPath}'`); try { - yield __await2(fs12.promises.lstat(searchPath)); + yield __await2(fs13.promises.lstat(searchPath)); } catch (err) { if (err.code === "ENOENT") { continue; @@ -50491,7 +50491,7 @@ var require_internal_globber = __commonJS({ continue; } const childLevel = item.level + 1; - const childItems = (yield __await2(fs12.promises.readdir(item.path))).map((x) => new internal_search_state_1.SearchState(path12.join(item.path, x), childLevel)); + const childItems = (yield __await2(fs13.promises.readdir(item.path))).map((x) => new internal_search_state_1.SearchState(path12.join(item.path, x), childLevel)); stack.push(...childItems.reverse()); } else if (match & internal_match_kind_1.MatchKind.File) { yield yield __await2(item.path); @@ -50526,7 +50526,7 @@ var require_internal_globber = __commonJS({ let stats; if (options.followSymbolicLinks) { try { - stats = yield fs12.promises.stat(item.path); + stats = yield fs13.promises.stat(item.path); } catch (err) { if (err.code === "ENOENT") { if (options.omitBrokenSymbolicLinks) { @@ -50538,10 +50538,10 @@ var require_internal_globber = __commonJS({ throw err; } } else { - stats = yield fs12.promises.lstat(item.path); + stats = yield fs13.promises.lstat(item.path); } if (stats.isDirectory() && options.followSymbolicLinks) { - const realPath = yield fs12.promises.realpath(item.path); + const realPath = yield fs13.promises.realpath(item.path); while (traversalChain.length >= item.level) { traversalChain.pop(); } @@ -50650,7 +50650,7 @@ var require_internal_hash_files = __commonJS({ exports2.hashFiles = hashFiles; var crypto2 = __importStar2(require("crypto")); var core12 = __importStar2(require_core()); - var fs12 = __importStar2(require("fs")); + var fs13 = __importStar2(require("fs")); var stream2 = __importStar2(require("stream")); var util = __importStar2(require("util")); var path12 = __importStar2(require("path")); @@ -50673,13 +50673,13 @@ var require_internal_hash_files = __commonJS({ writeDelegate(`Ignore '${file}' since it is not under GITHUB_WORKSPACE.`); continue; } - if (fs12.statSync(file).isDirectory()) { + if (fs13.statSync(file).isDirectory()) { writeDelegate(`Skip directory '${file}'.`); continue; } const hash2 = crypto2.createHash("sha256"); const pipeline = util.promisify(stream2.pipeline); - yield pipeline(fs12.createReadStream(file), hash2); + yield pipeline(fs13.createReadStream(file), hash2); result.write(hash2.digest()); count++; if (!hasMatch) { @@ -52054,7 +52054,7 @@ var require_cacheUtils = __commonJS({ var glob = __importStar2(require_glob()); var io6 = __importStar2(require_io()); var crypto2 = __importStar2(require("crypto")); - var fs12 = __importStar2(require("fs")); + var fs13 = __importStar2(require("fs")); var path12 = __importStar2(require("path")); var semver9 = __importStar2(require_semver3()); var util = __importStar2(require("util")); @@ -52083,7 +52083,7 @@ var require_cacheUtils = __commonJS({ }); } function getArchiveFileSizeInBytes(filePath) { - return fs12.statSync(filePath).size; + return fs13.statSync(filePath).size; } function resolvePaths(patterns) { return __awaiter2(this, void 0, void 0, function* () { @@ -52121,7 +52121,7 @@ var require_cacheUtils = __commonJS({ } function unlinkFile(filePath) { return __awaiter2(this, void 0, void 0, function* () { - return util.promisify(fs12.unlink)(filePath); + return util.promisify(fs13.unlink)(filePath); }); } function getVersion(app_1) { @@ -52163,7 +52163,7 @@ var require_cacheUtils = __commonJS({ } function getGnuTarPathOnWindows() { return __awaiter2(this, void 0, void 0, function* () { - if (fs12.existsSync(constants_1.GnuTarPathOnWindows)) { + if (fs13.existsSync(constants_1.GnuTarPathOnWindows)) { return constants_1.GnuTarPathOnWindows; } const versionOutput = yield getVersion("tar"); @@ -92320,7 +92320,7 @@ var require_downloadUtils = __commonJS({ var http_client_1 = require_lib(); var storage_blob_1 = require_commonjs15(); var buffer = __importStar2(require("buffer")); - var fs12 = __importStar2(require("fs")); + var fs13 = __importStar2(require("fs")); var stream2 = __importStar2(require("stream")); var util = __importStar2(require("util")); var utils = __importStar2(require_cacheUtils()); @@ -92431,7 +92431,7 @@ var require_downloadUtils = __commonJS({ exports2.DownloadProgress = DownloadProgress; function downloadCacheHttpClient(archiveLocation, archivePath) { return __awaiter2(this, void 0, void 0, function* () { - const writeStream = fs12.createWriteStream(archivePath); + const writeStream = fs13.createWriteStream(archivePath); const httpClient = new http_client_1.HttpClient("actions/cache"); const downloadResponse = yield (0, requestUtils_1.retryHttpClientResponse)("downloadCache", () => __awaiter2(this, void 0, void 0, function* () { return httpClient.get(archiveLocation); @@ -92456,7 +92456,7 @@ var require_downloadUtils = __commonJS({ function downloadCacheHttpClientConcurrent(archiveLocation, archivePath, options) { return __awaiter2(this, void 0, void 0, function* () { var _a; - const archiveDescriptor = yield fs12.promises.open(archivePath, "w"); + const archiveDescriptor = yield fs13.promises.open(archivePath, "w"); const httpClient = new http_client_1.HttpClient("actions/cache", void 0, { socketTimeout: options.timeoutInMs, keepAlive: true @@ -92572,7 +92572,7 @@ var require_downloadUtils = __commonJS({ } else { const maxSegmentSize = Math.min(134217728, buffer.constants.MAX_LENGTH); const downloadProgress = new DownloadProgress(contentLength); - const fd = fs12.openSync(archivePath, "w"); + const fd = fs13.openSync(archivePath, "w"); try { downloadProgress.startDisplayTimer(); const controller = new abort_controller_1.AbortController(); @@ -92590,12 +92590,12 @@ var require_downloadUtils = __commonJS({ controller.abort(); throw new Error("Aborting cache download as the download time exceeded the timeout."); } else if (Buffer.isBuffer(result)) { - fs12.writeFileSync(fd, result); + fs13.writeFileSync(fd, result); } } } finally { downloadProgress.stopDisplayTimer(); - fs12.closeSync(fd); + fs13.closeSync(fd); } } }); @@ -92917,7 +92917,7 @@ var require_cacheHttpClient = __commonJS({ var core12 = __importStar2(require_core()); var http_client_1 = require_lib(); var auth_1 = require_auth(); - var fs12 = __importStar2(require("fs")); + var fs13 = __importStar2(require("fs")); var url_1 = require("url"); var utils = __importStar2(require_cacheUtils()); var uploadUtils_1 = require_uploadUtils(); @@ -93052,7 +93052,7 @@ Other caches with similar key:`); return __awaiter2(this, void 0, void 0, function* () { const fileSize = utils.getArchiveFileSizeInBytes(archivePath); const resourceUrl = getCacheApiUrl(`caches/${cacheId.toString()}`); - const fd = fs12.openSync(archivePath, "r"); + const fd = fs13.openSync(archivePath, "r"); const uploadOptions = (0, options_1.getUploadOptions)(options); const concurrency = utils.assertDefined("uploadConcurrency", uploadOptions.uploadConcurrency); const maxChunkSize = utils.assertDefined("uploadChunkSize", uploadOptions.uploadChunkSize); @@ -93066,7 +93066,7 @@ Other caches with similar key:`); const start = offset; const end = offset + chunkSize - 1; offset += maxChunkSize; - yield uploadChunk(httpClient, resourceUrl, () => fs12.createReadStream(archivePath, { + yield uploadChunk(httpClient, resourceUrl, () => fs13.createReadStream(archivePath, { fd, start, end, @@ -93077,7 +93077,7 @@ Other caches with similar key:`); } }))); } finally { - fs12.closeSync(fd); + fs13.closeSync(fd); } return; }); @@ -99033,7 +99033,7 @@ var require_manifest = __commonJS({ var core_1 = require_core(); var os2 = require("os"); var cp = require("child_process"); - var fs12 = require("fs"); + var fs13 = require("fs"); function _findMatch(versionSpec, stable, candidates, archFilter) { return __awaiter2(this, void 0, void 0, function* () { const platFilter = os2.platform(); @@ -99095,10 +99095,10 @@ var require_manifest = __commonJS({ const lsbReleaseFile = "/etc/lsb-release"; const osReleaseFile = "/etc/os-release"; let contents = ""; - if (fs12.existsSync(lsbReleaseFile)) { - contents = fs12.readFileSync(lsbReleaseFile).toString(); - } else if (fs12.existsSync(osReleaseFile)) { - contents = fs12.readFileSync(osReleaseFile).toString(); + if (fs13.existsSync(lsbReleaseFile)) { + contents = fs13.readFileSync(lsbReleaseFile).toString(); + } else if (fs13.existsSync(osReleaseFile)) { + contents = fs13.readFileSync(osReleaseFile).toString(); } return contents; } @@ -99307,7 +99307,7 @@ var require_tool_cache = __commonJS({ var core12 = __importStar2(require_core()); var io6 = __importStar2(require_io()); var crypto2 = __importStar2(require("crypto")); - var fs12 = __importStar2(require("fs")); + var fs13 = __importStar2(require("fs")); var mm = __importStar2(require_manifest()); var os2 = __importStar2(require("os")); var path12 = __importStar2(require("path")); @@ -99353,7 +99353,7 @@ var require_tool_cache = __commonJS({ } function downloadToolAttempt(url2, dest, auth2, headers) { return __awaiter2(this, void 0, void 0, function* () { - if (fs12.existsSync(dest)) { + if (fs13.existsSync(dest)) { throw new Error(`Destination file path ${dest} already exists`); } const http = new httpm.HttpClient(userAgent2, [], { @@ -99377,7 +99377,7 @@ var require_tool_cache = __commonJS({ const readStream = responseMessageFactory(); let succeeded = false; try { - yield pipeline(readStream, fs12.createWriteStream(dest)); + yield pipeline(readStream, fs13.createWriteStream(dest)); core12.debug("download complete"); succeeded = true; return dest; @@ -99589,11 +99589,11 @@ var require_tool_cache = __commonJS({ arch2 = arch2 || os2.arch(); core12.debug(`Caching tool ${tool} ${version} ${arch2}`); core12.debug(`source dir: ${sourceDir}`); - if (!fs12.statSync(sourceDir).isDirectory()) { + if (!fs13.statSync(sourceDir).isDirectory()) { throw new Error("sourceDir is not a directory"); } const destPath = yield _createToolPath(tool, version, arch2); - for (const itemName of fs12.readdirSync(sourceDir)) { + for (const itemName of fs13.readdirSync(sourceDir)) { const s = path12.join(sourceDir, itemName); yield io6.cp(s, destPath, { recursive: true }); } @@ -99607,7 +99607,7 @@ var require_tool_cache = __commonJS({ arch2 = arch2 || os2.arch(); core12.debug(`Caching tool ${tool} ${version} ${arch2}`); core12.debug(`source file: ${sourceFile}`); - if (!fs12.statSync(sourceFile).isFile()) { + if (!fs13.statSync(sourceFile).isFile()) { throw new Error("sourceFile is not a file"); } const destFolder = yield _createToolPath(tool, version, arch2); @@ -99636,7 +99636,7 @@ var require_tool_cache = __commonJS({ versionSpec = semver9.clean(versionSpec) || ""; const cachePath = path12.join(_getCacheDirectory(), toolName, versionSpec, arch2); core12.debug(`checking cache: ${cachePath}`); - if (fs12.existsSync(cachePath) && fs12.existsSync(`${cachePath}.complete`)) { + if (fs13.existsSync(cachePath) && fs13.existsSync(`${cachePath}.complete`)) { core12.debug(`Found tool in cache ${toolName} ${versionSpec} ${arch2}`); toolPath = cachePath; } else { @@ -99649,12 +99649,12 @@ var require_tool_cache = __commonJS({ const versions = []; arch2 = arch2 || os2.arch(); const toolPath = path12.join(_getCacheDirectory(), toolName); - if (fs12.existsSync(toolPath)) { - const children = fs12.readdirSync(toolPath); + if (fs13.existsSync(toolPath)) { + const children = fs13.readdirSync(toolPath); for (const child of children) { if (isExplicitVersion(child)) { const fullPath = path12.join(toolPath, child, arch2 || ""); - if (fs12.existsSync(fullPath) && fs12.existsSync(`${fullPath}.complete`)) { + if (fs13.existsSync(fullPath) && fs13.existsSync(`${fullPath}.complete`)) { versions.push(child); } } @@ -99725,7 +99725,7 @@ var require_tool_cache = __commonJS({ function _completeToolPath(tool, version, arch2) { const folderPath = path12.join(_getCacheDirectory(), tool, semver9.clean(version) || version, arch2 || ""); const markerPath = `${folderPath}.complete`; - fs12.writeFileSync(markerPath, ""); + fs13.writeFileSync(markerPath, ""); core12.debug("finished caching tool"); } function isExplicitVersion(versionSpec) { @@ -103235,7 +103235,7 @@ __export(upload_lib_exports, { getGroupedSarifFilePaths: () => getGroupedSarifFilePaths, populateRunAutomationDetails: () => populateRunAutomationDetails, postProcessSarifFiles: () => postProcessSarifFiles, - readSarifFile: () => readSarifFile, + readSarifFile: () => readSarifFile2, shouldConsiderConfigurationError: () => shouldConsiderConfigurationError, shouldConsiderInvalidRequest: () => shouldConsiderInvalidRequest, shouldShowCombineSarifFilesDeprecationWarning: () => shouldShowCombineSarifFilesDeprecationWarning, @@ -103249,7 +103249,7 @@ __export(upload_lib_exports, { writePostProcessedFiles: () => writePostProcessedFiles }); module.exports = __toCommonJS(upload_lib_exports); -var fs11 = __toESM(require("fs")); +var fs12 = __toESM(require("fs")); var path11 = __toESM(require("path")); var url = __toESM(require("url")); var import_zlib = __toESM(require("zlib")); @@ -103257,7 +103257,7 @@ var core11 = __toESM(require_core()); var jsonschema2 = __toESM(require_lib2()); // src/actions-util.ts -var fs2 = __toESM(require("fs")); +var fs3 = __toESM(require("fs")); var path2 = __toESM(require("path")); var core4 = __toESM(require_core()); var toolrunner = __toESM(require_toolrunner()); @@ -103265,7 +103265,7 @@ var github = __toESM(require_github()); var io2 = __toESM(require_io()); // src/util.ts -var fs = __toESM(require("fs")); +var fs2 = __toESM(require("fs")); var path = __toESM(require("path")); var core3 = __toESM(require_core()); var io = __toESM(require_io()); @@ -103278,21 +103278,21 @@ async function getFolderSize(itemPath, options) { getFolderSize.loose = async (itemPath, options) => await core(itemPath, options); getFolderSize.strict = async (itemPath, options) => await core(itemPath, options, { strict: true }); async function core(rootItemPath, options = {}, returnType = {}) { - const fs12 = options.fs || await import("node:fs/promises"); + const fs13 = options.fs || await import("node:fs/promises"); let folderSize = 0n; const foundInos = /* @__PURE__ */ new Set(); const errors = []; await processItem(rootItemPath); async function processItem(itemPath) { if (options.ignore?.test(itemPath)) return; - const stats = returnType.strict ? await fs12.lstat(itemPath, { bigint: true }) : await fs12.lstat(itemPath, { bigint: true }).catch((error3) => errors.push(error3)); + const stats = returnType.strict ? await fs13.lstat(itemPath, { bigint: true }) : await fs13.lstat(itemPath, { bigint: true }).catch((error3) => errors.push(error3)); if (typeof stats !== "object") return; if (!foundInos.has(stats.ino)) { foundInos.add(stats.ino); folderSize += stats.size; } if (stats.isDirectory()) { - const directoryItems = returnType.strict ? await fs12.readdir(itemPath) : await fs12.readdir(itemPath).catch((error3) => errors.push(error3)); + const directoryItems = returnType.strict ? await fs13.readdir(itemPath) : await fs13.readdir(itemPath).catch((error3) => errors.push(error3)); if (typeof directoryItems !== "object") return; await Promise.all( directoryItems.map( @@ -105915,6 +105915,7 @@ var safeDump = renamed("safeDump", "dump"); var semver = __toESM(require_semver2()); // src/sarif/index.ts +var fs = __toESM(require("fs")); function getToolNames(sarif) { const toolNames = {}; for (const run of sarif.runs || []) { @@ -105926,6 +105927,9 @@ function getToolNames(sarif) { } return Object.keys(toolNames); } +function readSarifFile(sarifFilePath) { + return JSON.parse(fs.readFileSync(sarifFilePath, "utf8")); +} // src/util.ts var BASE_DATABASE_OIDS_FILE_NAME = "base-database-oids.json"; @@ -106089,7 +106093,7 @@ function cloneObject(obj) { async function cleanUpPath(file, name, logger) { logger.debug(`Cleaning up ${name}.`); try { - await fs.promises.rm(file, { + await fs2.promises.rm(file, { force: true, recursive: true }); @@ -106147,7 +106151,7 @@ function getRelativeScriptPath() { function getWorkflowEvent() { const eventJsonFile = getRequiredEnvParam("GITHUB_EVENT_PATH"); try { - return JSON.parse(fs2.readFileSync(eventJsonFile, "utf-8")); + return JSON.parse(fs3.readFileSync(eventJsonFile, "utf-8")); } catch (e) { throw new Error( `Unable to read workflow event JSON from ${eventJsonFile}: ${e}` @@ -106579,7 +106583,7 @@ function wrapApiConfigurationError(e) { } // src/codeql.ts -var fs9 = __toESM(require("fs")); +var fs10 = __toESM(require("fs")); var path9 = __toESM(require("path")); var core10 = __toESM(require_core()); var toolrunner3 = __toESM(require_toolrunner()); @@ -106827,7 +106831,7 @@ function wrapCliConfigurationError(cliError) { } // src/config-utils.ts -var fs5 = __toESM(require("fs")); +var fs6 = __toESM(require("fs")); var path6 = __toESM(require("path")); // src/caching-utils.ts @@ -106942,7 +106946,7 @@ function writeDiagnostic(config, language, diagnostic) { } // src/diff-informed-analysis-utils.ts -var fs4 = __toESM(require("fs")); +var fs5 = __toESM(require("fs")); var path5 = __toESM(require("path")); // src/feature-flags.ts @@ -106953,7 +106957,7 @@ var bundleVersion = "codeql-bundle-v2.24.2"; var cliVersion = "2.24.2"; // src/overlay/index.ts -var fs3 = __toESM(require("fs")); +var fs4 = __toESM(require("fs")); var path4 = __toESM(require("path")); var actionsCache = __toESM(require_cache5()); @@ -107164,12 +107168,12 @@ async function writeBaseDatabaseOidsFile(config, sourceRoot) { const gitFileOids = await getFileOidsUnderPath(sourceRoot); const gitFileOidsJson = JSON.stringify(gitFileOids); const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); - await fs3.promises.writeFile(baseDatabaseOidsFilePath, gitFileOidsJson); + await fs4.promises.writeFile(baseDatabaseOidsFilePath, gitFileOidsJson); } async function readBaseDatabaseOidsFile(config, logger) { const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); try { - const contents = await fs3.promises.readFile( + const contents = await fs4.promises.readFile( baseDatabaseOidsFilePath, "utf-8" ); @@ -107196,7 +107200,7 @@ async function writeOverlayChangesFile(config, sourceRoot, logger) { logger.debug( `Writing overlay changed files to ${overlayChangesFile}: ${changedFilesJson}` ); - await fs3.promises.writeFile(overlayChangesFile, changedFilesJson); + await fs4.promises.writeFile(overlayChangesFile, changedFilesJson); return overlayChangesFile; } function computeChangedFiles(baseFileOids, overlayFileOids) { @@ -107467,11 +107471,11 @@ function getDiffRangesJsonFilePath() { } function readDiffRangesJsonFile(logger) { const jsonFilePath = getDiffRangesJsonFilePath(); - if (!fs4.existsSync(jsonFilePath)) { + if (!fs5.existsSync(jsonFilePath)) { logger.debug(`Diff ranges JSON file does not exist at ${jsonFilePath}`); return void 0; } - const jsonContents = fs4.readFileSync(jsonFilePath, "utf8"); + const jsonContents = fs5.readFileSync(jsonFilePath, "utf8"); logger.debug( `Read pr-diff-range JSON file from ${jsonFilePath}: ${jsonContents}` @@ -107520,10 +107524,10 @@ function getPathToParsedConfigFile(tempDir) { } async function getConfig(tempDir, logger) { const configFile = getPathToParsedConfigFile(tempDir); - if (!fs5.existsSync(configFile)) { + if (!fs6.existsSync(configFile)) { return void 0; } - const configString = fs5.readFileSync(configFile, "utf8"); + const configString = fs6.readFileSync(configFile, "utf8"); logger.debug("Loaded config:"); logger.debug(configString); const config = JSON.parse(configString); @@ -107559,7 +107563,7 @@ function appendExtraQueryExclusions(extraQueryExclusions, cliConfig) { } // src/setup-codeql.ts -var fs8 = __toESM(require("fs")); +var fs9 = __toESM(require("fs")); var path8 = __toESM(require("path")); var toolcache3 = __toESM(require_tool_cache()); var import_fast_deep_equal = __toESM(require_fast_deep_equal()); @@ -107621,7 +107625,7 @@ var v4_default = v4; // src/tar.ts var import_child_process = require("child_process"); -var fs6 = __toESM(require("fs")); +var fs7 = __toESM(require("fs")); var stream = __toESM(require("stream")); var import_toolrunner = __toESM(require_toolrunner()); var io4 = __toESM(require_io()); @@ -107694,7 +107698,7 @@ async function isZstdAvailable(logger) { } } async function extract(tarPath, dest, compressionMethod, tarVersion, logger) { - fs6.mkdirSync(dest, { recursive: true }); + fs7.mkdirSync(dest, { recursive: true }); switch (compressionMethod) { case "gzip": return await toolcache.extractTar(tarPath, dest); @@ -107778,7 +107782,7 @@ function inferCompressionMethod(tarPath) { } // src/tools-download.ts -var fs7 = __toESM(require("fs")); +var fs8 = __toESM(require("fs")); var os = __toESM(require("os")); var path7 = __toESM(require("path")); var import_perf_hooks = require("perf_hooks"); @@ -107885,7 +107889,7 @@ async function downloadAndExtract(codeqlURL, compressionMethod, dest, authorizat }; } async function downloadAndExtractZstdWithStreaming(codeqlURL, dest, authorization, headers, tarVersion, logger) { - fs7.mkdirSync(dest, { recursive: true }); + fs8.mkdirSync(dest, { recursive: true }); const agent = new import_http_client.HttpClient().getAgent(codeqlURL); headers = Object.assign( { "User-Agent": "CodeQL Action" }, @@ -107922,7 +107926,7 @@ function getToolcacheDirectory(version) { } function writeToolcacheMarkerFile(extractedPath, logger) { const markerFilePath = `${extractedPath}.complete`; - fs7.writeFileSync(markerFilePath, ""); + fs8.writeFileSync(markerFilePath, ""); logger.info(`Created toolcache marker file ${markerFilePath}`); } function sanitizeUrlForStatusReport(url2) { @@ -108057,7 +108061,7 @@ async function findOverridingToolsInCache(humanReadableVersion, logger) { const candidates = toolcache3.findAllVersions("CodeQL").filter(isGoodVersion).map((version) => ({ folder: toolcache3.find("CodeQL", version), version - })).filter(({ folder }) => fs8.existsSync(path8.join(folder, "pinned-version"))); + })).filter(({ folder }) => fs9.existsSync(path8.join(folder, "pinned-version"))); if (candidates.length === 1) { const candidate = candidates[0]; logger.debug( @@ -108611,7 +108615,7 @@ async function getCodeQLForCmd(cmd, checkVersion) { "tools", "tracing-config.lua" ); - return fs9.existsSync(tracingConfigPath); + return fs10.existsSync(tracingConfigPath); }, async isScannedLanguage(language) { return !await this.isTracedLanguage(language); @@ -109091,7 +109095,7 @@ async function writeCodeScanningConfigFile(config, logger) { logger.startGroup("Augmented user configuration file contents"); logger.info(dump(augmentedConfig)); logger.endGroup(); - fs9.writeFileSync(codeScanningConfigFile, dump(augmentedConfig)); + fs10.writeFileSync(codeScanningConfigFile, dump(augmentedConfig)); return codeScanningConfigFile; } var TRAP_CACHE_SIZE_MB = 1024; @@ -109135,7 +109139,7 @@ async function getJobRunUuidSarifOptions(codeql) { } // src/fingerprints.ts -var fs10 = __toESM(require("fs")); +var fs11 = __toESM(require("fs")); var import_path2 = __toESM(require("path")); // node_modules/long/index.js @@ -110123,7 +110127,7 @@ async function hash(callback, filepath) { } updateHash(current); }; - const readStream = fs10.createReadStream(filepath, "utf8"); + const readStream = fs11.createReadStream(filepath, "utf8"); for await (const data of readStream) { for (let i = 0; i < data.length; ++i) { processCharacter(data.charCodeAt(i)); @@ -110198,11 +110202,11 @@ function resolveUriToFile(location, artifacts, sourceRoot, logger) { if (!import_path2.default.isAbsolute(uri)) { uri = srcRootPrefix + uri; } - if (!fs10.existsSync(uri)) { + if (!fs11.existsSync(uri)) { logger.debug(`Unable to compute fingerprint for non-existent file: ${uri}`); return void 0; } - if (fs10.statSync(uri).isDirectory()) { + if (fs11.statSync(uri).isDirectory()) { logger.debug(`Unable to compute fingerprint for directory: ${uri}`); return void 0; } @@ -110299,9 +110303,7 @@ function combineSarifFiles(sarifFiles, logger) { }; for (const sarifFile of sarifFiles) { logger.debug(`Loading SARIF file: ${sarifFile}`); - const sarifObject = JSON.parse( - fs11.readFileSync(sarifFile, "utf8") - ); + const sarifObject = readSarifFile(sarifFile); if (combinedSarif.version === null) { combinedSarif.version = sarifObject.version; } else if (combinedSarif.version !== sarifObject.version) { @@ -110371,9 +110373,7 @@ async function shouldDisableCombineSarifFiles(sarifObjects, githubVersion) { } async function combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, logger) { logger.info("Combining SARIF files using the CodeQL CLI"); - const sarifObjects = sarifFiles.map((sarifFile) => { - return JSON.parse(fs11.readFileSync(sarifFile, "utf8")); - }); + const sarifObjects = sarifFiles.map(readSarifFile); const deprecationWarningMessage = gitHubVersion.type === "GitHub Enterprise Server" /* GHES */ ? "and will be removed in GitHub Enterprise Server 3.18" : "and will be removed in July 2025"; const deprecationMoreInformationMessage = "For more information, see https://github.blog/changelog/2024-05-06-code-scanning-will-stop-combining-runs-from-a-single-upload"; if (!areAllRunsProducedByCodeQL(sarifObjects)) { @@ -110426,13 +110426,13 @@ async function combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, lo codeQL = initCodeQLResult.codeql; } const baseTempDir = path11.resolve(tempDir, "combined-sarif"); - fs11.mkdirSync(baseTempDir, { recursive: true }); - const outputDirectory = fs11.mkdtempSync(path11.resolve(baseTempDir, "output-")); + fs12.mkdirSync(baseTempDir, { recursive: true }); + const outputDirectory = fs12.mkdtempSync(path11.resolve(baseTempDir, "output-")); const outputFile = path11.resolve(outputDirectory, "combined-sarif.sarif"); await codeQL.mergeResults(sarifFiles, outputFile, { mergeRunsFromEqualCategory: true }); - return JSON.parse(fs11.readFileSync(outputFile, "utf8")); + return readSarifFile(outputFile); } function populateRunAutomationDetails(sarif, category, analysis_key, environment) { const automationID = getAutomationID2(category, analysis_key, environment); @@ -110469,7 +110469,7 @@ async function uploadPayload(payload, repositoryNwo, logger, analysis) { `SARIF upload disabled by an environment variable. Saving to ${payloadSaveFile}` ); logger.info(`Payload: ${JSON.stringify(payload, null, 2)}`); - fs11.writeFileSync(payloadSaveFile, JSON.stringify(payload, null, 2)); + fs12.writeFileSync(payloadSaveFile, JSON.stringify(payload, null, 2)); return "dummy-sarif-id"; } const client = getApiClient(); @@ -110503,7 +110503,7 @@ async function uploadPayload(payload, repositoryNwo, logger, analysis) { function findSarifFilesInDir(sarifPath, isSarif) { const sarifFiles = []; const walkSarifFiles = (dir) => { - const entries = fs11.readdirSync(dir, { withFileTypes: true }); + const entries = fs12.readdirSync(dir, { withFileTypes: true }); for (const entry of entries) { if (entry.isFile() && isSarif(entry.name)) { sarifFiles.push(path11.resolve(dir, entry.name)); @@ -110516,11 +110516,11 @@ function findSarifFilesInDir(sarifPath, isSarif) { return sarifFiles; } function getSarifFilePaths(sarifPath, isSarif) { - if (!fs11.existsSync(sarifPath)) { + if (!fs12.existsSync(sarifPath)) { throw new ConfigurationError(`Path does not exist: ${sarifPath}`); } let sarifFiles; - if (fs11.lstatSync(sarifPath).isDirectory()) { + if (fs12.lstatSync(sarifPath).isDirectory()) { sarifFiles = findSarifFilesInDir(sarifPath, isSarif); if (sarifFiles.length === 0) { throw new ConfigurationError( @@ -110533,7 +110533,7 @@ function getSarifFilePaths(sarifPath, isSarif) { return sarifFiles; } async function getGroupedSarifFilePaths(logger, sarifPath) { - const stats = fs11.statSync(sarifPath, { throwIfNoEntry: false }); + const stats = fs12.statSync(sarifPath, { throwIfNoEntry: false }); if (stats === void 0) { throw new ConfigurationError(`Path does not exist: ${sarifPath}`); } @@ -110596,9 +110596,9 @@ function countResultsInSarif(sarif) { } return numResults; } -function readSarifFile(sarifFilePath) { +function readSarifFile2(sarifFilePath) { try { - return JSON.parse(fs11.readFileSync(sarifFilePath, "utf8")); + return readSarifFile(sarifFilePath); } catch (e) { throw new InvalidSarifUploadError( `Invalid SARIF. JSON syntax error: ${getErrorMessage(e)}` @@ -110667,7 +110667,7 @@ function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, wo payloadObj.base_sha = mergeBaseCommitOid; } else if (process.env.GITHUB_EVENT_PATH) { const githubEvent = JSON.parse( - fs11.readFileSync(process.env.GITHUB_EVENT_PATH, "utf8") + fs12.readFileSync(process.env.GITHUB_EVENT_PATH, "utf8") ); payloadObj.base_ref = `refs/heads/${githubEvent.pull_request.base.ref}`; payloadObj.base_sha = githubEvent.pull_request.base.sha; @@ -110682,7 +110682,7 @@ async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths, category = analysis.fixCategory(logger, category); if (sarifPaths.length > 1) { for (const sarifPath of sarifPaths) { - const parsedSarif = readSarifFile(sarifPath); + const parsedSarif = readSarifFile2(sarifPath); validateSarifFileSchema(parsedSarif, sarifPath, logger); } sarif = await combineSarifFilesUsingCLI( @@ -110693,7 +110693,7 @@ async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths, ); } else { const sarifPath = sarifPaths[0]; - sarif = readSarifFile(sarifPath); + sarif = readSarifFile2(sarifPath); validateSarifFileSchema(sarif, sarifPath, logger); await throwIfCombineSarifFilesDisabled([sarif], gitHubVersion); } @@ -110801,9 +110801,9 @@ async function uploadPostProcessedFiles(logger, checkoutPath, uploadTarget, post }; } function dumpSarifFile(sarifPayload, outputDir, logger, uploadTarget) { - if (!fs11.existsSync(outputDir)) { - fs11.mkdirSync(outputDir, { recursive: true }); - } else if (!fs11.lstatSync(outputDir).isDirectory()) { + if (!fs12.existsSync(outputDir)) { + fs12.mkdirSync(outputDir, { recursive: true }); + } else if (!fs12.lstatSync(outputDir).isDirectory()) { throw new ConfigurationError( `The path that processed SARIF files should be written to exists, but is not a directory: ${outputDir}` ); @@ -110813,7 +110813,7 @@ function dumpSarifFile(sarifPayload, outputDir, logger, uploadTarget) { `upload${uploadTarget.sarifExtension}` ); logger.info(`Writing processed SARIF file to ${outputFile}`); - fs11.writeFileSync(outputFile, sarifPayload); + fs12.writeFileSync(outputFile, sarifPayload); } var STATUS_CHECK_FREQUENCY_MILLISECONDS = 5 * 1e3; var STATUS_CHECK_TIMEOUT_MILLISECONDS = 2 * 60 * 1e3; diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index b46e3b6b32..1adb7849c3 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -204,7 +204,7 @@ var require_file_command = __commonJS({ exports2.issueFileCommand = issueFileCommand; exports2.prepareKeyValueMessage = prepareKeyValueMessage; var crypto2 = __importStar2(require("crypto")); - var fs13 = __importStar2(require("fs")); + var fs14 = __importStar2(require("fs")); var os3 = __importStar2(require("os")); var utils_1 = require_utils(); function issueFileCommand(command, message) { @@ -212,10 +212,10 @@ var require_file_command = __commonJS({ if (!filePath) { throw new Error(`Unable to find environment variable for file command ${command}`); } - if (!fs13.existsSync(filePath)) { + if (!fs14.existsSync(filePath)) { throw new Error(`Missing file at path: ${filePath}`); } - fs13.appendFileSync(filePath, `${(0, utils_1.toCommandValue)(message)}${os3.EOL}`, { + fs14.appendFileSync(filePath, `${(0, utils_1.toCommandValue)(message)}${os3.EOL}`, { encoding: "utf8" }); } @@ -20123,13 +20123,13 @@ var require_io_util = __commonJS({ exports2.isRooted = isRooted; exports2.tryGetExecutablePath = tryGetExecutablePath; exports2.getCmdPath = getCmdPath; - var fs13 = __importStar2(require("fs")); + var fs14 = __importStar2(require("fs")); var path13 = __importStar2(require("path")); - _a = fs13.promises, exports2.chmod = _a.chmod, exports2.copyFile = _a.copyFile, exports2.lstat = _a.lstat, exports2.mkdir = _a.mkdir, exports2.open = _a.open, exports2.readdir = _a.readdir, exports2.rename = _a.rename, exports2.rm = _a.rm, exports2.rmdir = _a.rmdir, exports2.stat = _a.stat, exports2.symlink = _a.symlink, exports2.unlink = _a.unlink; + _a = fs14.promises, exports2.chmod = _a.chmod, exports2.copyFile = _a.copyFile, exports2.lstat = _a.lstat, exports2.mkdir = _a.mkdir, exports2.open = _a.open, exports2.readdir = _a.readdir, exports2.rename = _a.rename, exports2.rm = _a.rm, exports2.rmdir = _a.rmdir, exports2.stat = _a.stat, exports2.symlink = _a.symlink, exports2.unlink = _a.unlink; exports2.IS_WINDOWS = process.platform === "win32"; function readlink(fsPath) { return __awaiter2(this, void 0, void 0, function* () { - const result = yield fs13.promises.readlink(fsPath); + const result = yield fs14.promises.readlink(fsPath); if (exports2.IS_WINDOWS && !result.endsWith("\\")) { return `${result}\\`; } @@ -20137,7 +20137,7 @@ var require_io_util = __commonJS({ }); } exports2.UV_FS_O_EXLOCK = 268435456; - exports2.READONLY = fs13.constants.O_RDONLY; + exports2.READONLY = fs14.constants.O_RDONLY; function exists(fsPath) { return __awaiter2(this, void 0, void 0, function* () { try { @@ -49106,7 +49106,7 @@ var require_internal_globber = __commonJS({ Object.defineProperty(exports2, "__esModule", { value: true }); exports2.DefaultGlobber = void 0; var core14 = __importStar2(require_core()); - var fs13 = __importStar2(require("fs")); + var fs14 = __importStar2(require("fs")); var globOptionsHelper = __importStar2(require_internal_glob_options_helper()); var path13 = __importStar2(require("path")); var patternHelper = __importStar2(require_internal_pattern_helper()); @@ -49160,7 +49160,7 @@ var require_internal_globber = __commonJS({ for (const searchPath of patternHelper.getSearchPaths(patterns)) { core14.debug(`Search path '${searchPath}'`); try { - yield __await2(fs13.promises.lstat(searchPath)); + yield __await2(fs14.promises.lstat(searchPath)); } catch (err) { if (err.code === "ENOENT") { continue; @@ -49194,7 +49194,7 @@ var require_internal_globber = __commonJS({ continue; } const childLevel = item.level + 1; - const childItems = (yield __await2(fs13.promises.readdir(item.path))).map((x) => new internal_search_state_1.SearchState(path13.join(item.path, x), childLevel)); + const childItems = (yield __await2(fs14.promises.readdir(item.path))).map((x) => new internal_search_state_1.SearchState(path13.join(item.path, x), childLevel)); stack.push(...childItems.reverse()); } else if (match & internal_match_kind_1.MatchKind.File) { yield yield __await2(item.path); @@ -49229,7 +49229,7 @@ var require_internal_globber = __commonJS({ let stats; if (options.followSymbolicLinks) { try { - stats = yield fs13.promises.stat(item.path); + stats = yield fs14.promises.stat(item.path); } catch (err) { if (err.code === "ENOENT") { if (options.omitBrokenSymbolicLinks) { @@ -49241,10 +49241,10 @@ var require_internal_globber = __commonJS({ throw err; } } else { - stats = yield fs13.promises.lstat(item.path); + stats = yield fs14.promises.lstat(item.path); } if (stats.isDirectory() && options.followSymbolicLinks) { - const realPath = yield fs13.promises.realpath(item.path); + const realPath = yield fs14.promises.realpath(item.path); while (traversalChain.length >= item.level) { traversalChain.pop(); } @@ -49353,7 +49353,7 @@ var require_internal_hash_files = __commonJS({ exports2.hashFiles = hashFiles; var crypto2 = __importStar2(require("crypto")); var core14 = __importStar2(require_core()); - var fs13 = __importStar2(require("fs")); + var fs14 = __importStar2(require("fs")); var stream2 = __importStar2(require("stream")); var util = __importStar2(require("util")); var path13 = __importStar2(require("path")); @@ -49376,13 +49376,13 @@ var require_internal_hash_files = __commonJS({ writeDelegate(`Ignore '${file}' since it is not under GITHUB_WORKSPACE.`); continue; } - if (fs13.statSync(file).isDirectory()) { + if (fs14.statSync(file).isDirectory()) { writeDelegate(`Skip directory '${file}'.`); continue; } const hash2 = crypto2.createHash("sha256"); const pipeline = util.promisify(stream2.pipeline); - yield pipeline(fs13.createReadStream(file), hash2); + yield pipeline(fs14.createReadStream(file), hash2); result.write(hash2.digest()); count++; if (!hasMatch) { @@ -50757,7 +50757,7 @@ var require_cacheUtils = __commonJS({ var glob = __importStar2(require_glob()); var io6 = __importStar2(require_io()); var crypto2 = __importStar2(require("crypto")); - var fs13 = __importStar2(require("fs")); + var fs14 = __importStar2(require("fs")); var path13 = __importStar2(require("path")); var semver9 = __importStar2(require_semver3()); var util = __importStar2(require("util")); @@ -50786,7 +50786,7 @@ var require_cacheUtils = __commonJS({ }); } function getArchiveFileSizeInBytes(filePath) { - return fs13.statSync(filePath).size; + return fs14.statSync(filePath).size; } function resolvePaths(patterns) { return __awaiter2(this, void 0, void 0, function* () { @@ -50824,7 +50824,7 @@ var require_cacheUtils = __commonJS({ } function unlinkFile(filePath) { return __awaiter2(this, void 0, void 0, function* () { - return util.promisify(fs13.unlink)(filePath); + return util.promisify(fs14.unlink)(filePath); }); } function getVersion(app_1) { @@ -50866,7 +50866,7 @@ var require_cacheUtils = __commonJS({ } function getGnuTarPathOnWindows() { return __awaiter2(this, void 0, void 0, function* () { - if (fs13.existsSync(constants_1.GnuTarPathOnWindows)) { + if (fs14.existsSync(constants_1.GnuTarPathOnWindows)) { return constants_1.GnuTarPathOnWindows; } const versionOutput = yield getVersion("tar"); @@ -91023,7 +91023,7 @@ var require_downloadUtils = __commonJS({ var http_client_1 = require_lib(); var storage_blob_1 = require_commonjs15(); var buffer = __importStar2(require("buffer")); - var fs13 = __importStar2(require("fs")); + var fs14 = __importStar2(require("fs")); var stream2 = __importStar2(require("stream")); var util = __importStar2(require("util")); var utils = __importStar2(require_cacheUtils()); @@ -91134,7 +91134,7 @@ var require_downloadUtils = __commonJS({ exports2.DownloadProgress = DownloadProgress; function downloadCacheHttpClient(archiveLocation, archivePath) { return __awaiter2(this, void 0, void 0, function* () { - const writeStream = fs13.createWriteStream(archivePath); + const writeStream = fs14.createWriteStream(archivePath); const httpClient = new http_client_1.HttpClient("actions/cache"); const downloadResponse = yield (0, requestUtils_1.retryHttpClientResponse)("downloadCache", () => __awaiter2(this, void 0, void 0, function* () { return httpClient.get(archiveLocation); @@ -91159,7 +91159,7 @@ var require_downloadUtils = __commonJS({ function downloadCacheHttpClientConcurrent(archiveLocation, archivePath, options) { return __awaiter2(this, void 0, void 0, function* () { var _a; - const archiveDescriptor = yield fs13.promises.open(archivePath, "w"); + const archiveDescriptor = yield fs14.promises.open(archivePath, "w"); const httpClient = new http_client_1.HttpClient("actions/cache", void 0, { socketTimeout: options.timeoutInMs, keepAlive: true @@ -91275,7 +91275,7 @@ var require_downloadUtils = __commonJS({ } else { const maxSegmentSize = Math.min(134217728, buffer.constants.MAX_LENGTH); const downloadProgress = new DownloadProgress(contentLength); - const fd = fs13.openSync(archivePath, "w"); + const fd = fs14.openSync(archivePath, "w"); try { downloadProgress.startDisplayTimer(); const controller = new abort_controller_1.AbortController(); @@ -91293,12 +91293,12 @@ var require_downloadUtils = __commonJS({ controller.abort(); throw new Error("Aborting cache download as the download time exceeded the timeout."); } else if (Buffer.isBuffer(result)) { - fs13.writeFileSync(fd, result); + fs14.writeFileSync(fd, result); } } } finally { downloadProgress.stopDisplayTimer(); - fs13.closeSync(fd); + fs14.closeSync(fd); } } }); @@ -91620,7 +91620,7 @@ var require_cacheHttpClient = __commonJS({ var core14 = __importStar2(require_core()); var http_client_1 = require_lib(); var auth_1 = require_auth(); - var fs13 = __importStar2(require("fs")); + var fs14 = __importStar2(require("fs")); var url_1 = require("url"); var utils = __importStar2(require_cacheUtils()); var uploadUtils_1 = require_uploadUtils(); @@ -91755,7 +91755,7 @@ Other caches with similar key:`); return __awaiter2(this, void 0, void 0, function* () { const fileSize = utils.getArchiveFileSizeInBytes(archivePath); const resourceUrl = getCacheApiUrl(`caches/${cacheId.toString()}`); - const fd = fs13.openSync(archivePath, "r"); + const fd = fs14.openSync(archivePath, "r"); const uploadOptions = (0, options_1.getUploadOptions)(options); const concurrency = utils.assertDefined("uploadConcurrency", uploadOptions.uploadConcurrency); const maxChunkSize = utils.assertDefined("uploadChunkSize", uploadOptions.uploadChunkSize); @@ -91769,7 +91769,7 @@ Other caches with similar key:`); const start = offset; const end = offset + chunkSize - 1; offset += maxChunkSize; - yield uploadChunk(httpClient, resourceUrl, () => fs13.createReadStream(archivePath, { + yield uploadChunk(httpClient, resourceUrl, () => fs14.createReadStream(archivePath, { fd, start, end, @@ -91780,7 +91780,7 @@ Other caches with similar key:`); } }))); } finally { - fs13.closeSync(fd); + fs14.closeSync(fd); } return; }); @@ -99033,7 +99033,7 @@ var require_manifest = __commonJS({ var core_1 = require_core(); var os3 = require("os"); var cp = require("child_process"); - var fs13 = require("fs"); + var fs14 = require("fs"); function _findMatch(versionSpec, stable, candidates, archFilter) { return __awaiter2(this, void 0, void 0, function* () { const platFilter = os3.platform(); @@ -99095,10 +99095,10 @@ var require_manifest = __commonJS({ const lsbReleaseFile = "/etc/lsb-release"; const osReleaseFile = "/etc/os-release"; let contents = ""; - if (fs13.existsSync(lsbReleaseFile)) { - contents = fs13.readFileSync(lsbReleaseFile).toString(); - } else if (fs13.existsSync(osReleaseFile)) { - contents = fs13.readFileSync(osReleaseFile).toString(); + if (fs14.existsSync(lsbReleaseFile)) { + contents = fs14.readFileSync(lsbReleaseFile).toString(); + } else if (fs14.existsSync(osReleaseFile)) { + contents = fs14.readFileSync(osReleaseFile).toString(); } return contents; } @@ -99307,7 +99307,7 @@ var require_tool_cache = __commonJS({ var core14 = __importStar2(require_core()); var io6 = __importStar2(require_io()); var crypto2 = __importStar2(require("crypto")); - var fs13 = __importStar2(require("fs")); + var fs14 = __importStar2(require("fs")); var mm = __importStar2(require_manifest()); var os3 = __importStar2(require("os")); var path13 = __importStar2(require("path")); @@ -99353,7 +99353,7 @@ var require_tool_cache = __commonJS({ } function downloadToolAttempt(url2, dest, auth2, headers) { return __awaiter2(this, void 0, void 0, function* () { - if (fs13.existsSync(dest)) { + if (fs14.existsSync(dest)) { throw new Error(`Destination file path ${dest} already exists`); } const http = new httpm.HttpClient(userAgent2, [], { @@ -99377,7 +99377,7 @@ var require_tool_cache = __commonJS({ const readStream = responseMessageFactory(); let succeeded = false; try { - yield pipeline(readStream, fs13.createWriteStream(dest)); + yield pipeline(readStream, fs14.createWriteStream(dest)); core14.debug("download complete"); succeeded = true; return dest; @@ -99589,11 +99589,11 @@ var require_tool_cache = __commonJS({ arch2 = arch2 || os3.arch(); core14.debug(`Caching tool ${tool} ${version} ${arch2}`); core14.debug(`source dir: ${sourceDir}`); - if (!fs13.statSync(sourceDir).isDirectory()) { + if (!fs14.statSync(sourceDir).isDirectory()) { throw new Error("sourceDir is not a directory"); } const destPath = yield _createToolPath(tool, version, arch2); - for (const itemName of fs13.readdirSync(sourceDir)) { + for (const itemName of fs14.readdirSync(sourceDir)) { const s = path13.join(sourceDir, itemName); yield io6.cp(s, destPath, { recursive: true }); } @@ -99607,7 +99607,7 @@ var require_tool_cache = __commonJS({ arch2 = arch2 || os3.arch(); core14.debug(`Caching tool ${tool} ${version} ${arch2}`); core14.debug(`source file: ${sourceFile}`); - if (!fs13.statSync(sourceFile).isFile()) { + if (!fs14.statSync(sourceFile).isFile()) { throw new Error("sourceFile is not a file"); } const destFolder = yield _createToolPath(tool, version, arch2); @@ -99636,7 +99636,7 @@ var require_tool_cache = __commonJS({ versionSpec = semver9.clean(versionSpec) || ""; const cachePath = path13.join(_getCacheDirectory(), toolName, versionSpec, arch2); core14.debug(`checking cache: ${cachePath}`); - if (fs13.existsSync(cachePath) && fs13.existsSync(`${cachePath}.complete`)) { + if (fs14.existsSync(cachePath) && fs14.existsSync(`${cachePath}.complete`)) { core14.debug(`Found tool in cache ${toolName} ${versionSpec} ${arch2}`); toolPath = cachePath; } else { @@ -99649,12 +99649,12 @@ var require_tool_cache = __commonJS({ const versions = []; arch2 = arch2 || os3.arch(); const toolPath = path13.join(_getCacheDirectory(), toolName); - if (fs13.existsSync(toolPath)) { - const children = fs13.readdirSync(toolPath); + if (fs14.existsSync(toolPath)) { + const children = fs14.readdirSync(toolPath); for (const child of children) { if (isExplicitVersion(child)) { const fullPath = path13.join(toolPath, child, arch2 || ""); - if (fs13.existsSync(fullPath) && fs13.existsSync(`${fullPath}.complete`)) { + if (fs14.existsSync(fullPath) && fs14.existsSync(`${fullPath}.complete`)) { versions.push(child); } } @@ -99725,7 +99725,7 @@ var require_tool_cache = __commonJS({ function _completeToolPath(tool, version, arch2) { const folderPath = path13.join(_getCacheDirectory(), tool, semver9.clean(version) || version, arch2 || ""); const markerPath = `${folderPath}.complete`; - fs13.writeFileSync(markerPath, ""); + fs14.writeFileSync(markerPath, ""); core14.debug("finished caching tool"); } function isExplicitVersion(versionSpec) { @@ -103230,7 +103230,7 @@ var require_sarif_schema_2_1_0 = __commonJS({ var core13 = __toESM(require_core()); // src/actions-util.ts -var fs2 = __toESM(require("fs")); +var fs3 = __toESM(require("fs")); var path2 = __toESM(require("path")); var core4 = __toESM(require_core()); var toolrunner = __toESM(require_toolrunner()); @@ -103238,7 +103238,7 @@ var github = __toESM(require_github()); var io2 = __toESM(require_io()); // src/util.ts -var fs = __toESM(require("fs")); +var fs2 = __toESM(require("fs")); var fsPromises = __toESM(require("fs/promises")); var path = __toESM(require("path")); var core3 = __toESM(require_core()); @@ -103252,21 +103252,21 @@ async function getFolderSize(itemPath, options) { getFolderSize.loose = async (itemPath, options) => await core(itemPath, options); getFolderSize.strict = async (itemPath, options) => await core(itemPath, options, { strict: true }); async function core(rootItemPath, options = {}, returnType = {}) { - const fs13 = options.fs || await import("node:fs/promises"); + const fs14 = options.fs || await import("node:fs/promises"); let folderSize = 0n; const foundInos = /* @__PURE__ */ new Set(); const errors = []; await processItem(rootItemPath); async function processItem(itemPath) { if (options.ignore?.test(itemPath)) return; - const stats = returnType.strict ? await fs13.lstat(itemPath, { bigint: true }) : await fs13.lstat(itemPath, { bigint: true }).catch((error3) => errors.push(error3)); + const stats = returnType.strict ? await fs14.lstat(itemPath, { bigint: true }) : await fs14.lstat(itemPath, { bigint: true }).catch((error3) => errors.push(error3)); if (typeof stats !== "object") return; if (!foundInos.has(stats.ino)) { foundInos.add(stats.ino); folderSize += stats.size; } if (stats.isDirectory()) { - const directoryItems = returnType.strict ? await fs13.readdir(itemPath) : await fs13.readdir(itemPath).catch((error3) => errors.push(error3)); + const directoryItems = returnType.strict ? await fs14.readdir(itemPath) : await fs14.readdir(itemPath).catch((error3) => errors.push(error3)); if (typeof directoryItems !== "object") return; await Promise.all( directoryItems.map( @@ -105889,6 +105889,7 @@ var safeDump = renamed("safeDump", "dump"); var semver = __toESM(require_semver2()); // src/sarif/index.ts +var fs = __toESM(require("fs")); function getToolNames(sarif) { const toolNames = {}; for (const run2 of sarif.runs || []) { @@ -105900,6 +105901,9 @@ function getToolNames(sarif) { } return Object.keys(toolNames); } +function readSarifFile(sarifFilePath) { + return JSON.parse(fs.readFileSync(sarifFilePath, "utf8")); +} // src/util.ts var BASE_DATABASE_OIDS_FILE_NAME = "base-database-oids.json"; @@ -106112,7 +106116,7 @@ function cloneObject(obj) { async function cleanUpPath(file, name, logger) { logger.debug(`Cleaning up ${name}.`); try { - await fs.promises.rm(file, { + await fs2.promises.rm(file, { force: true, recursive: true }); @@ -106175,7 +106179,7 @@ function getRelativeScriptPath() { function getWorkflowEvent() { const eventJsonFile = getRequiredEnvParam("GITHUB_EVENT_PATH"); try { - return JSON.parse(fs2.readFileSync(eventJsonFile, "utf-8")); + return JSON.parse(fs3.readFileSync(eventJsonFile, "utf-8")); } catch (e) { throw new Error( `Unable to read workflow event JSON from ${eventJsonFile}: ${e}` @@ -106627,7 +106631,7 @@ function wrapApiConfigurationError(e) { } // src/feature-flags.ts -var fs4 = __toESM(require("fs")); +var fs5 = __toESM(require("fs")); var path4 = __toESM(require("path")); var semver4 = __toESM(require_semver2()); @@ -106636,7 +106640,7 @@ var bundleVersion = "codeql-bundle-v2.24.2"; var cliVersion = "2.24.2"; // src/overlay/index.ts -var fs3 = __toESM(require("fs")); +var fs4 = __toESM(require("fs")); var path3 = __toESM(require("path")); var actionsCache = __toESM(require_cache5()); @@ -106875,12 +106879,12 @@ async function writeBaseDatabaseOidsFile(config, sourceRoot) { const gitFileOids = await getFileOidsUnderPath(sourceRoot); const gitFileOidsJson = JSON.stringify(gitFileOids); const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); - await fs3.promises.writeFile(baseDatabaseOidsFilePath, gitFileOidsJson); + await fs4.promises.writeFile(baseDatabaseOidsFilePath, gitFileOidsJson); } async function readBaseDatabaseOidsFile(config, logger) { const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); try { - const contents = await fs3.promises.readFile( + const contents = await fs4.promises.readFile( baseDatabaseOidsFilePath, "utf-8" ); @@ -106907,7 +106911,7 @@ async function writeOverlayChangesFile(config, sourceRoot, logger) { logger.debug( `Writing overlay changed files to ${overlayChangesFile}: ${changedFilesJson}` ); - await fs3.promises.writeFile(overlayChangesFile, changedFilesJson); + await fs4.promises.writeFile(overlayChangesFile, changedFilesJson); return overlayChangesFile; } function computeChangedFiles(baseFileOids, overlayFileOids) { @@ -107409,12 +107413,12 @@ var GitHubFeatureFlags = class { } async readLocalFlags() { try { - if (fs4.existsSync(this.featureFlagsFile)) { + if (fs5.existsSync(this.featureFlagsFile)) { this.logger.debug( `Loading feature flags from ${this.featureFlagsFile}` ); return JSON.parse( - fs4.readFileSync(this.featureFlagsFile, "utf8") + fs5.readFileSync(this.featureFlagsFile, "utf8") ); } } catch (e) { @@ -107427,7 +107431,7 @@ var GitHubFeatureFlags = class { async writeLocalFlags(flags) { try { this.logger.debug(`Writing feature flags to ${this.featureFlagsFile}`); - fs4.writeFileSync(this.featureFlagsFile, JSON.stringify(flags)); + fs5.writeFileSync(this.featureFlagsFile, JSON.stringify(flags)); } catch (e) { this.logger.warning( `Error writing cached feature flags file ${this.featureFlagsFile}: ${e}.` @@ -107502,7 +107506,7 @@ var os = __toESM(require("os")); var core9 = __toESM(require_core()); // src/config-utils.ts -var fs6 = __toESM(require("fs")); +var fs7 = __toESM(require("fs")); var path7 = __toESM(require("path")); // src/config/db-config.ts @@ -107587,18 +107591,18 @@ function writeDiagnostic(config, language, diagnostic) { } // src/diff-informed-analysis-utils.ts -var fs5 = __toESM(require("fs")); +var fs6 = __toESM(require("fs")); var path6 = __toESM(require("path")); function getDiffRangesJsonFilePath() { return path6.join(getTemporaryDirectory(), "pr-diff-range.json"); } function readDiffRangesJsonFile(logger) { const jsonFilePath = getDiffRangesJsonFilePath(); - if (!fs5.existsSync(jsonFilePath)) { + if (!fs6.existsSync(jsonFilePath)) { logger.debug(`Diff ranges JSON file does not exist at ${jsonFilePath}`); return void 0; } - const jsonContents = fs5.readFileSync(jsonFilePath, "utf8"); + const jsonContents = fs6.readFileSync(jsonFilePath, "utf8"); logger.debug( `Read pr-diff-range JSON file from ${jsonFilePath}: ${jsonContents}` @@ -107647,10 +107651,10 @@ function getPathToParsedConfigFile(tempDir) { } async function getConfig(tempDir, logger) { const configFile = getPathToParsedConfigFile(tempDir); - if (!fs6.existsSync(configFile)) { + if (!fs7.existsSync(configFile)) { return void 0; } - const configString = fs6.readFileSync(configFile, "utf8"); + const configString = fs7.readFileSync(configFile, "utf8"); logger.debug("Loaded config:"); logger.debug(configString); const config = JSON.parse(configString); @@ -107894,7 +107898,7 @@ async function sendUnhandledErrorStatusReport(actionName, actionStartedAt, error } // src/upload-lib.ts -var fs12 = __toESM(require("fs")); +var fs13 = __toESM(require("fs")); var path12 = __toESM(require("path")); var url = __toESM(require("url")); var import_zlib = __toESM(require("zlib")); @@ -107902,7 +107906,7 @@ var core12 = __toESM(require_core()); var jsonschema2 = __toESM(require_lib2()); // src/codeql.ts -var fs10 = __toESM(require("fs")); +var fs11 = __toESM(require("fs")); var path10 = __toESM(require("path")); var core11 = __toESM(require_core()); var toolrunner3 = __toESM(require_toolrunner()); @@ -108150,7 +108154,7 @@ function wrapCliConfigurationError(cliError) { } // src/setup-codeql.ts -var fs9 = __toESM(require("fs")); +var fs10 = __toESM(require("fs")); var path9 = __toESM(require("path")); var toolcache3 = __toESM(require_tool_cache()); var import_fast_deep_equal = __toESM(require_fast_deep_equal()); @@ -108212,7 +108216,7 @@ var v4_default = v4; // src/tar.ts var import_child_process = require("child_process"); -var fs7 = __toESM(require("fs")); +var fs8 = __toESM(require("fs")); var stream = __toESM(require("stream")); var import_toolrunner = __toESM(require_toolrunner()); var io4 = __toESM(require_io()); @@ -108285,7 +108289,7 @@ async function isZstdAvailable(logger) { } } async function extract(tarPath, dest, compressionMethod, tarVersion, logger) { - fs7.mkdirSync(dest, { recursive: true }); + fs8.mkdirSync(dest, { recursive: true }); switch (compressionMethod) { case "gzip": return await toolcache.extractTar(tarPath, dest); @@ -108369,7 +108373,7 @@ function inferCompressionMethod(tarPath) { } // src/tools-download.ts -var fs8 = __toESM(require("fs")); +var fs9 = __toESM(require("fs")); var os2 = __toESM(require("os")); var path8 = __toESM(require("path")); var import_perf_hooks = require("perf_hooks"); @@ -108476,7 +108480,7 @@ async function downloadAndExtract(codeqlURL, compressionMethod, dest, authorizat }; } async function downloadAndExtractZstdWithStreaming(codeqlURL, dest, authorization, headers, tarVersion, logger) { - fs8.mkdirSync(dest, { recursive: true }); + fs9.mkdirSync(dest, { recursive: true }); const agent = new import_http_client.HttpClient().getAgent(codeqlURL); headers = Object.assign( { "User-Agent": "CodeQL Action" }, @@ -108513,7 +108517,7 @@ function getToolcacheDirectory(version) { } function writeToolcacheMarkerFile(extractedPath, logger) { const markerFilePath = `${extractedPath}.complete`; - fs8.writeFileSync(markerFilePath, ""); + fs9.writeFileSync(markerFilePath, ""); logger.info(`Created toolcache marker file ${markerFilePath}`); } function sanitizeUrlForStatusReport(url2) { @@ -108648,7 +108652,7 @@ async function findOverridingToolsInCache(humanReadableVersion, logger) { const candidates = toolcache3.findAllVersions("CodeQL").filter(isGoodVersion).map((version) => ({ folder: toolcache3.find("CodeQL", version), version - })).filter(({ folder }) => fs9.existsSync(path9.join(folder, "pinned-version"))); + })).filter(({ folder }) => fs10.existsSync(path9.join(folder, "pinned-version"))); if (candidates.length === 1) { const candidate = candidates[0]; logger.debug( @@ -109202,7 +109206,7 @@ async function getCodeQLForCmd(cmd, checkVersion) { "tools", "tracing-config.lua" ); - return fs10.existsSync(tracingConfigPath); + return fs11.existsSync(tracingConfigPath); }, async isScannedLanguage(language) { return !await this.isTracedLanguage(language); @@ -109682,7 +109686,7 @@ async function writeCodeScanningConfigFile(config, logger) { logger.startGroup("Augmented user configuration file contents"); logger.info(dump(augmentedConfig)); logger.endGroup(); - fs10.writeFileSync(codeScanningConfigFile, dump(augmentedConfig)); + fs11.writeFileSync(codeScanningConfigFile, dump(augmentedConfig)); return codeScanningConfigFile; } var TRAP_CACHE_SIZE_MB = 1024; @@ -109726,7 +109730,7 @@ async function getJobRunUuidSarifOptions(codeql) { } // src/fingerprints.ts -var fs11 = __toESM(require("fs")); +var fs12 = __toESM(require("fs")); var import_path2 = __toESM(require("path")); // node_modules/long/index.js @@ -110714,7 +110718,7 @@ async function hash(callback, filepath) { } updateHash(current); }; - const readStream = fs11.createReadStream(filepath, "utf8"); + const readStream = fs12.createReadStream(filepath, "utf8"); for await (const data of readStream) { for (let i = 0; i < data.length; ++i) { processCharacter(data.charCodeAt(i)); @@ -110789,11 +110793,11 @@ function resolveUriToFile(location, artifacts, sourceRoot, logger) { if (!import_path2.default.isAbsolute(uri)) { uri = srcRootPrefix + uri; } - if (!fs11.existsSync(uri)) { + if (!fs12.existsSync(uri)) { logger.debug(`Unable to compute fingerprint for non-existent file: ${uri}`); return void 0; } - if (fs11.statSync(uri).isDirectory()) { + if (fs12.statSync(uri).isDirectory()) { logger.debug(`Unable to compute fingerprint for directory: ${uri}`); return void 0; } @@ -110890,9 +110894,7 @@ function combineSarifFiles(sarifFiles, logger) { }; for (const sarifFile of sarifFiles) { logger.debug(`Loading SARIF file: ${sarifFile}`); - const sarifObject = JSON.parse( - fs12.readFileSync(sarifFile, "utf8") - ); + const sarifObject = readSarifFile(sarifFile); if (combinedSarif.version === null) { combinedSarif.version = sarifObject.version; } else if (combinedSarif.version !== sarifObject.version) { @@ -110962,9 +110964,7 @@ async function shouldDisableCombineSarifFiles(sarifObjects, githubVersion) { } async function combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, logger) { logger.info("Combining SARIF files using the CodeQL CLI"); - const sarifObjects = sarifFiles.map((sarifFile) => { - return JSON.parse(fs12.readFileSync(sarifFile, "utf8")); - }); + const sarifObjects = sarifFiles.map(readSarifFile); const deprecationWarningMessage = gitHubVersion.type === "GitHub Enterprise Server" /* GHES */ ? "and will be removed in GitHub Enterprise Server 3.18" : "and will be removed in July 2025"; const deprecationMoreInformationMessage = "For more information, see https://github.blog/changelog/2024-05-06-code-scanning-will-stop-combining-runs-from-a-single-upload"; if (!areAllRunsProducedByCodeQL(sarifObjects)) { @@ -111017,13 +111017,13 @@ async function combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, lo codeQL = initCodeQLResult.codeql; } const baseTempDir = path12.resolve(tempDir, "combined-sarif"); - fs12.mkdirSync(baseTempDir, { recursive: true }); - const outputDirectory = fs12.mkdtempSync(path12.resolve(baseTempDir, "output-")); + fs13.mkdirSync(baseTempDir, { recursive: true }); + const outputDirectory = fs13.mkdtempSync(path12.resolve(baseTempDir, "output-")); const outputFile = path12.resolve(outputDirectory, "combined-sarif.sarif"); await codeQL.mergeResults(sarifFiles, outputFile, { mergeRunsFromEqualCategory: true }); - return JSON.parse(fs12.readFileSync(outputFile, "utf8")); + return readSarifFile(outputFile); } function populateRunAutomationDetails(sarif, category, analysis_key, environment) { const automationID = getAutomationID2(category, analysis_key, environment); @@ -111060,7 +111060,7 @@ async function uploadPayload(payload, repositoryNwo, logger, analysis) { `SARIF upload disabled by an environment variable. Saving to ${payloadSaveFile}` ); logger.info(`Payload: ${JSON.stringify(payload, null, 2)}`); - fs12.writeFileSync(payloadSaveFile, JSON.stringify(payload, null, 2)); + fs13.writeFileSync(payloadSaveFile, JSON.stringify(payload, null, 2)); return "dummy-sarif-id"; } const client = getApiClient(); @@ -111094,7 +111094,7 @@ async function uploadPayload(payload, repositoryNwo, logger, analysis) { function findSarifFilesInDir(sarifPath, isSarif) { const sarifFiles = []; const walkSarifFiles = (dir) => { - const entries = fs12.readdirSync(dir, { withFileTypes: true }); + const entries = fs13.readdirSync(dir, { withFileTypes: true }); for (const entry of entries) { if (entry.isFile() && isSarif(entry.name)) { sarifFiles.push(path12.resolve(dir, entry.name)); @@ -111107,7 +111107,7 @@ function findSarifFilesInDir(sarifPath, isSarif) { return sarifFiles; } async function getGroupedSarifFilePaths(logger, sarifPath) { - const stats = fs12.statSync(sarifPath, { throwIfNoEntry: false }); + const stats = fs13.statSync(sarifPath, { throwIfNoEntry: false }); if (stats === void 0) { throw new ConfigurationError(`Path does not exist: ${sarifPath}`); } @@ -111170,9 +111170,9 @@ function countResultsInSarif(sarif) { } return numResults; } -function readSarifFile(sarifFilePath) { +function readSarifFile2(sarifFilePath) { try { - return JSON.parse(fs12.readFileSync(sarifFilePath, "utf8")); + return readSarifFile(sarifFilePath); } catch (e) { throw new InvalidSarifUploadError( `Invalid SARIF. JSON syntax error: ${getErrorMessage(e)}` @@ -111241,7 +111241,7 @@ function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, wo payloadObj.base_sha = mergeBaseCommitOid; } else if (process.env.GITHUB_EVENT_PATH) { const githubEvent = JSON.parse( - fs12.readFileSync(process.env.GITHUB_EVENT_PATH, "utf8") + fs13.readFileSync(process.env.GITHUB_EVENT_PATH, "utf8") ); payloadObj.base_ref = `refs/heads/${githubEvent.pull_request.base.ref}`; payloadObj.base_sha = githubEvent.pull_request.base.sha; @@ -111256,7 +111256,7 @@ async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths, category = analysis.fixCategory(logger, category); if (sarifPaths.length > 1) { for (const sarifPath of sarifPaths) { - const parsedSarif = readSarifFile(sarifPath); + const parsedSarif = readSarifFile2(sarifPath); validateSarifFileSchema(parsedSarif, sarifPath, logger); } sarif = await combineSarifFilesUsingCLI( @@ -111267,7 +111267,7 @@ async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths, ); } else { const sarifPath = sarifPaths[0]; - sarif = readSarifFile(sarifPath); + sarif = readSarifFile2(sarifPath); validateSarifFileSchema(sarif, sarifPath, logger); await throwIfCombineSarifFilesDisabled([sarif], gitHubVersion); } @@ -111345,9 +111345,9 @@ async function uploadPostProcessedFiles(logger, checkoutPath, uploadTarget, post }; } function dumpSarifFile(sarifPayload, outputDir, logger, uploadTarget) { - if (!fs12.existsSync(outputDir)) { - fs12.mkdirSync(outputDir, { recursive: true }); - } else if (!fs12.lstatSync(outputDir).isDirectory()) { + if (!fs13.existsSync(outputDir)) { + fs13.mkdirSync(outputDir, { recursive: true }); + } else if (!fs13.lstatSync(outputDir).isDirectory()) { throw new ConfigurationError( `The path that processed SARIF files should be written to exists, but is not a directory: ${outputDir}` ); @@ -111357,7 +111357,7 @@ function dumpSarifFile(sarifPayload, outputDir, logger, uploadTarget) { `upload${uploadTarget.sarifExtension}` ); logger.info(`Writing processed SARIF file to ${outputFile}`); - fs12.writeFileSync(outputFile, sarifPayload); + fs13.writeFileSync(outputFile, sarifPayload); } var STATUS_CHECK_FREQUENCY_MILLISECONDS = 5 * 1e3; var STATUS_CHECK_TIMEOUT_MILLISECONDS = 2 * 60 * 1e3; diff --git a/src/sarif/index.ts b/src/sarif/index.ts index 6dab843914..2764f26fce 100644 --- a/src/sarif/index.ts +++ b/src/sarif/index.ts @@ -1,3 +1,5 @@ +import * as fs from "fs"; + import { Logger } from "../logging"; export interface SarifLocation { @@ -166,3 +168,7 @@ export function fixInvalidNotifications( } return newSarif; } + +export function readSarifFile(sarifFilePath: string): SarifFile { + return JSON.parse(fs.readFileSync(sarifFilePath, "utf8")) as SarifFile; +} diff --git a/src/upload-lib.ts b/src/upload-lib.ts index 88f8276ae3..5904f08e2c 100644 --- a/src/upload-lib.ts +++ b/src/upload-lib.ts @@ -21,6 +21,7 @@ import * as gitUtils from "./git-utils"; import { initCodeQL } from "./init"; import { Logger } from "./logging"; import { getRepositoryNwo, RepositoryNwo } from "./repository"; +import type { SarifFile, SarifRun } from "./sarif"; import { BasePayload, UploadPayload } from "./upload-lib/types"; import * as util from "./util"; import { @@ -30,8 +31,6 @@ import { GitHubVariant, GitHubVersion, satisfiesGHESVersion, - SarifFile, - SarifRun, } from "./util"; const GENERIC_403_MSG = @@ -50,9 +49,7 @@ function combineSarifFiles(sarifFiles: string[], logger: Logger): SarifFile { for (const sarifFile of sarifFiles) { logger.debug(`Loading SARIF file: ${sarifFile}`); - const sarifObject = JSON.parse( - fs.readFileSync(sarifFile, "utf8"), - ) as SarifFile; + const sarifObject = util.readSarifFile(sarifFile); // Check SARIF version if (combinedSarif.version === null) { combinedSarif.version = sarifObject.version; @@ -195,9 +192,7 @@ async function combineSarifFilesUsingCLI( ): Promise { logger.info("Combining SARIF files using the CodeQL CLI"); - const sarifObjects = sarifFiles.map((sarifFile): SarifFile => { - return JSON.parse(fs.readFileSync(sarifFile, "utf8")) as SarifFile; - }); + const sarifObjects = sarifFiles.map(util.readSarifFile); const deprecationWarningMessage = gitHubVersion.type === GitHubVariant.GHES @@ -279,7 +274,7 @@ async function combineSarifFilesUsingCLI( mergeRunsFromEqualCategory: true, }); - return JSON.parse(fs.readFileSync(outputFile, "utf8")) as SarifFile; + return util.readSarifFile(outputFile); } // Populates the run.automationDetails.id field using the analysis_key and environment @@ -531,7 +526,7 @@ function countResultsInSarif(sarif: string): number { export function readSarifFile(sarifFilePath: string): SarifFile { try { - return JSON.parse(fs.readFileSync(sarifFilePath, "utf8")) as SarifFile; + return util.readSarifFile(sarifFilePath); } catch (e) { throw new InvalidSarifUploadError( `Invalid SARIF. JSON syntax error: ${getErrorMessage(e)}`, From 40aec383a1e9545cf4efa0f1898f87d492f28484 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Sun, 1 Mar 2026 14:22:49 +0000 Subject: [PATCH 03/11] Move more SARIF helpers to `sarif` module --- lib/analyze-action.js | 112 ++++++++++++++++++------------------ lib/init-action-post.js | 112 ++++++++++++++++++------------------ lib/upload-lib.js | 114 ++++++++++++++++++------------------- lib/upload-sarif-action.js | 112 ++++++++++++++++++------------------ src/sarif/index.ts | 91 +++++++++++++++++++++++++++++ src/upload-lib.ts | 104 ++++----------------------------- src/upload-sarif-action.ts | 3 +- 7 files changed, 328 insertions(+), 320 deletions(-) diff --git a/lib/analyze-action.js b/lib/analyze-action.js index 72dc91b047..982289ce3d 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -105899,6 +105899,8 @@ var semver = __toESM(require_semver2()); // src/sarif/index.ts var fs = __toESM(require("fs")); +var InvalidSarifUploadError = class extends Error { +}; function getToolNames(sarif) { const toolNames = {}; for (const run2 of sarif.runs || []) { @@ -105913,6 +105915,56 @@ function getToolNames(sarif) { function readSarifFile(sarifFilePath) { return JSON.parse(fs.readFileSync(sarifFilePath, "utf8")); } +function combineSarifFiles(sarifFiles, logger) { + logger.info(`Loading SARIF file(s)`); + const combinedSarif = { + version: null, + runs: [] + }; + for (const sarifFile of sarifFiles) { + logger.debug(`Loading SARIF file: ${sarifFile}`); + const sarifObject = readSarifFile(sarifFile); + if (combinedSarif.version === null) { + combinedSarif.version = sarifObject.version; + } else if (combinedSarif.version !== sarifObject.version) { + throw new InvalidSarifUploadError( + `Different SARIF versions encountered: ${combinedSarif.version} and ${sarifObject.version}` + ); + } + combinedSarif.runs.push(...sarifObject.runs); + } + return combinedSarif; +} +function areAllRunsProducedByCodeQL(sarifObjects) { + return sarifObjects.every((sarifObject) => { + return sarifObject.runs?.every( + (run2) => run2.tool?.driver?.name === "CodeQL" + ); + }); +} +function createRunKey(run2) { + return { + name: run2.tool?.driver?.name, + fullName: run2.tool?.driver?.fullName, + version: run2.tool?.driver?.version, + semanticVersion: run2.tool?.driver?.semanticVersion, + guid: run2.tool?.driver?.guid, + automationId: run2.automationDetails?.id + }; +} +function areAllRunsUnique(sarifObjects) { + const keys = /* @__PURE__ */ new Set(); + for (const sarifObject of sarifObjects) { + for (const run2 of sarifObject.runs) { + const key = JSON.stringify(createRunKey(run2)); + if (keys.has(key)) { + return false; + } + keys.add(key); + } + } + return true; +} // src/util.ts var BASE_DATABASE_OIDS_FILE_NAME = "base-database-oids.json"; @@ -112407,56 +112459,6 @@ async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVe // src/upload-lib.ts var GENERIC_403_MSG = "The repo on which this action is running has not opted-in to CodeQL code scanning."; var GENERIC_404_MSG = "The CodeQL code scanning feature is forbidden on this repository."; -function combineSarifFiles(sarifFiles, logger) { - logger.info(`Loading SARIF file(s)`); - const combinedSarif = { - version: null, - runs: [] - }; - for (const sarifFile of sarifFiles) { - logger.debug(`Loading SARIF file: ${sarifFile}`); - const sarifObject = readSarifFile(sarifFile); - if (combinedSarif.version === null) { - combinedSarif.version = sarifObject.version; - } else if (combinedSarif.version !== sarifObject.version) { - throw new InvalidSarifUploadError( - `Different SARIF versions encountered: ${combinedSarif.version} and ${sarifObject.version}` - ); - } - combinedSarif.runs.push(...sarifObject.runs); - } - return combinedSarif; -} -function areAllRunsProducedByCodeQL(sarifObjects) { - return sarifObjects.every((sarifObject) => { - return sarifObject.runs?.every( - (run2) => run2.tool?.driver?.name === "CodeQL" - ); - }); -} -function createRunKey(run2) { - return { - name: run2.tool?.driver?.name, - fullName: run2.tool?.driver?.fullName, - version: run2.tool?.driver?.version, - semanticVersion: run2.tool?.driver?.semanticVersion, - guid: run2.tool?.driver?.guid, - automationId: run2.automationDetails?.id - }; -} -function areAllRunsUnique(sarifObjects) { - const keys = /* @__PURE__ */ new Set(); - for (const sarifObject of sarifObjects) { - for (const run2 of sarifObject.runs) { - const key = JSON.stringify(createRunKey(run2)); - if (keys.has(key)) { - return false; - } - keys.add(key); - } - } - return true; -} async function shouldShowCombineSarifFilesDeprecationWarning(sarifObjects, githubVersion) { if (githubVersion.type === "GitHub Enterprise Server" /* GHES */ && satisfiesGHESVersion(githubVersion.version, "<3.14", true)) { return false; @@ -112546,19 +112548,19 @@ async function combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, lo }); return readSarifFile(outputFile); } -function populateRunAutomationDetails(sarif, category, analysis_key, environment) { +function populateRunAutomationDetails(sarifFile, category, analysis_key, environment) { const automationID = getAutomationID2(category, analysis_key, environment); if (automationID !== void 0) { - for (const run2 of sarif.runs || []) { + for (const run2 of sarifFile.runs || []) { if (run2.automationDetails === void 0) { run2.automationDetails = { id: automationID }; } } - return sarif; + return sarifFile; } - return sarif; + return sarifFile; } function getAutomationID2(category, analysis_key, environment) { if (category !== void 0) { @@ -112997,8 +112999,6 @@ function validateUniqueCategory(sarif, sentinelPrefix) { function sanitize(str2) { return (str2 ?? "_").replace(/[^a-zA-Z0-9_]/g, "_").toLocaleUpperCase(); } -var InvalidSarifUploadError = class extends Error { -}; function filterAlertsByDiffRange(logger, sarif) { const diffRanges = readDiffRangesJsonFile(logger); if (!diffRanges?.length) { diff --git a/lib/init-action-post.js b/lib/init-action-post.js index c6d485ab64..7631d46f7d 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -164002,6 +164002,8 @@ var minimumVersion = "3.14"; // src/sarif/index.ts var fs = __toESM(require("fs")); +var InvalidSarifUploadError = class extends Error { +}; function getToolNames(sarif) { const toolNames = {}; for (const run3 of sarif.runs || []) { @@ -164016,6 +164018,56 @@ function getToolNames(sarif) { function readSarifFile(sarifFilePath) { return JSON.parse(fs.readFileSync(sarifFilePath, "utf8")); } +function combineSarifFiles(sarifFiles, logger) { + logger.info(`Loading SARIF file(s)`); + const combinedSarif = { + version: null, + runs: [] + }; + for (const sarifFile of sarifFiles) { + logger.debug(`Loading SARIF file: ${sarifFile}`); + const sarifObject = readSarifFile(sarifFile); + if (combinedSarif.version === null) { + combinedSarif.version = sarifObject.version; + } else if (combinedSarif.version !== sarifObject.version) { + throw new InvalidSarifUploadError( + `Different SARIF versions encountered: ${combinedSarif.version} and ${sarifObject.version}` + ); + } + combinedSarif.runs.push(...sarifObject.runs); + } + return combinedSarif; +} +function areAllRunsProducedByCodeQL(sarifObjects) { + return sarifObjects.every((sarifObject) => { + return sarifObject.runs?.every( + (run3) => run3.tool?.driver?.name === "CodeQL" + ); + }); +} +function createRunKey(run3) { + return { + name: run3.tool?.driver?.name, + fullName: run3.tool?.driver?.fullName, + version: run3.tool?.driver?.version, + semanticVersion: run3.tool?.driver?.semanticVersion, + guid: run3.tool?.driver?.guid, + automationId: run3.automationDetails?.id + }; +} +function areAllRunsUnique(sarifObjects) { + const keys = /* @__PURE__ */ new Set(); + for (const sarifObject of sarifObjects) { + for (const run3 of sarifObject.runs) { + const key = JSON.stringify(createRunKey(run3)); + if (keys.has(key)) { + return false; + } + keys.add(key); + } + } + return true; +} // src/util.ts var BASE_DATABASE_OIDS_FILE_NAME = "base-database-oids.json"; @@ -169483,56 +169535,6 @@ async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVe // src/upload-lib.ts var GENERIC_403_MSG = "The repo on which this action is running has not opted-in to CodeQL code scanning."; var GENERIC_404_MSG = "The CodeQL code scanning feature is forbidden on this repository."; -function combineSarifFiles(sarifFiles, logger) { - logger.info(`Loading SARIF file(s)`); - const combinedSarif = { - version: null, - runs: [] - }; - for (const sarifFile of sarifFiles) { - logger.debug(`Loading SARIF file: ${sarifFile}`); - const sarifObject = readSarifFile(sarifFile); - if (combinedSarif.version === null) { - combinedSarif.version = sarifObject.version; - } else if (combinedSarif.version !== sarifObject.version) { - throw new InvalidSarifUploadError( - `Different SARIF versions encountered: ${combinedSarif.version} and ${sarifObject.version}` - ); - } - combinedSarif.runs.push(...sarifObject.runs); - } - return combinedSarif; -} -function areAllRunsProducedByCodeQL(sarifObjects) { - return sarifObjects.every((sarifObject) => { - return sarifObject.runs?.every( - (run3) => run3.tool?.driver?.name === "CodeQL" - ); - }); -} -function createRunKey(run3) { - return { - name: run3.tool?.driver?.name, - fullName: run3.tool?.driver?.fullName, - version: run3.tool?.driver?.version, - semanticVersion: run3.tool?.driver?.semanticVersion, - guid: run3.tool?.driver?.guid, - automationId: run3.automationDetails?.id - }; -} -function areAllRunsUnique(sarifObjects) { - const keys = /* @__PURE__ */ new Set(); - for (const sarifObject of sarifObjects) { - for (const run3 of sarifObject.runs) { - const key = JSON.stringify(createRunKey(run3)); - if (keys.has(key)) { - return false; - } - keys.add(key); - } - } - return true; -} async function shouldShowCombineSarifFilesDeprecationWarning(sarifObjects, githubVersion) { if (githubVersion.type === "GitHub Enterprise Server" /* GHES */ && satisfiesGHESVersion(githubVersion.version, "<3.14", true)) { return false; @@ -169622,19 +169624,19 @@ async function combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, lo }); return readSarifFile(outputFile); } -function populateRunAutomationDetails(sarif, category, analysis_key, environment) { +function populateRunAutomationDetails(sarifFile, category, analysis_key, environment) { const automationID = getAutomationID2(category, analysis_key, environment); if (automationID !== void 0) { - for (const run3 of sarif.runs || []) { + for (const run3 of sarifFile.runs || []) { if (run3.automationDetails === void 0) { run3.automationDetails = { id: automationID }; } } - return sarif; + return sarifFile; } - return sarif; + return sarifFile; } function getAutomationID2(category, analysis_key, environment) { if (category !== void 0) { @@ -170044,8 +170046,6 @@ function validateUniqueCategory(sarif, sentinelPrefix) { function sanitize(str2) { return (str2 ?? "_").replace(/[^a-zA-Z0-9_]/g, "_").toLocaleUpperCase(); } -var InvalidSarifUploadError = class extends Error { -}; function filterAlertsByDiffRange(logger, sarif) { const diffRanges = readDiffRangesJsonFile(logger); if (!diffRanges?.length) { diff --git a/lib/upload-lib.js b/lib/upload-lib.js index a6505fbf00..a258cc46a8 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -103229,7 +103229,6 @@ var require_sarif_schema_2_1_0 = __commonJS({ // src/upload-lib.ts var upload_lib_exports = {}; __export(upload_lib_exports, { - InvalidSarifUploadError: () => InvalidSarifUploadError, buildPayload: () => buildPayload, findSarifFilesInDir: () => findSarifFilesInDir, getGroupedSarifFilePaths: () => getGroupedSarifFilePaths, @@ -105916,6 +105915,8 @@ var semver = __toESM(require_semver2()); // src/sarif/index.ts var fs = __toESM(require("fs")); +var InvalidSarifUploadError = class extends Error { +}; function getToolNames(sarif) { const toolNames = {}; for (const run of sarif.runs || []) { @@ -105930,6 +105931,56 @@ function getToolNames(sarif) { function readSarifFile(sarifFilePath) { return JSON.parse(fs.readFileSync(sarifFilePath, "utf8")); } +function combineSarifFiles(sarifFiles, logger) { + logger.info(`Loading SARIF file(s)`); + const combinedSarif = { + version: null, + runs: [] + }; + for (const sarifFile of sarifFiles) { + logger.debug(`Loading SARIF file: ${sarifFile}`); + const sarifObject = readSarifFile(sarifFile); + if (combinedSarif.version === null) { + combinedSarif.version = sarifObject.version; + } else if (combinedSarif.version !== sarifObject.version) { + throw new InvalidSarifUploadError( + `Different SARIF versions encountered: ${combinedSarif.version} and ${sarifObject.version}` + ); + } + combinedSarif.runs.push(...sarifObject.runs); + } + return combinedSarif; +} +function areAllRunsProducedByCodeQL(sarifObjects) { + return sarifObjects.every((sarifObject) => { + return sarifObject.runs?.every( + (run) => run.tool?.driver?.name === "CodeQL" + ); + }); +} +function createRunKey(run) { + return { + name: run.tool?.driver?.name, + fullName: run.tool?.driver?.fullName, + version: run.tool?.driver?.version, + semanticVersion: run.tool?.driver?.semanticVersion, + guid: run.tool?.driver?.guid, + automationId: run.automationDetails?.id + }; +} +function areAllRunsUnique(sarifObjects) { + const keys = /* @__PURE__ */ new Set(); + for (const sarifObject of sarifObjects) { + for (const run of sarifObject.runs) { + const key = JSON.stringify(createRunKey(run)); + if (keys.has(key)) { + return false; + } + keys.add(key); + } + } + return true; +} // src/util.ts var BASE_DATABASE_OIDS_FILE_NAME = "base-database-oids.json"; @@ -110295,56 +110346,6 @@ async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVe // src/upload-lib.ts var GENERIC_403_MSG = "The repo on which this action is running has not opted-in to CodeQL code scanning."; var GENERIC_404_MSG = "The CodeQL code scanning feature is forbidden on this repository."; -function combineSarifFiles(sarifFiles, logger) { - logger.info(`Loading SARIF file(s)`); - const combinedSarif = { - version: null, - runs: [] - }; - for (const sarifFile of sarifFiles) { - logger.debug(`Loading SARIF file: ${sarifFile}`); - const sarifObject = readSarifFile(sarifFile); - if (combinedSarif.version === null) { - combinedSarif.version = sarifObject.version; - } else if (combinedSarif.version !== sarifObject.version) { - throw new InvalidSarifUploadError( - `Different SARIF versions encountered: ${combinedSarif.version} and ${sarifObject.version}` - ); - } - combinedSarif.runs.push(...sarifObject.runs); - } - return combinedSarif; -} -function areAllRunsProducedByCodeQL(sarifObjects) { - return sarifObjects.every((sarifObject) => { - return sarifObject.runs?.every( - (run) => run.tool?.driver?.name === "CodeQL" - ); - }); -} -function createRunKey(run) { - return { - name: run.tool?.driver?.name, - fullName: run.tool?.driver?.fullName, - version: run.tool?.driver?.version, - semanticVersion: run.tool?.driver?.semanticVersion, - guid: run.tool?.driver?.guid, - automationId: run.automationDetails?.id - }; -} -function areAllRunsUnique(sarifObjects) { - const keys = /* @__PURE__ */ new Set(); - for (const sarifObject of sarifObjects) { - for (const run of sarifObject.runs) { - const key = JSON.stringify(createRunKey(run)); - if (keys.has(key)) { - return false; - } - keys.add(key); - } - } - return true; -} async function shouldShowCombineSarifFilesDeprecationWarning(sarifObjects, githubVersion) { if (githubVersion.type === "GitHub Enterprise Server" /* GHES */ && satisfiesGHESVersion(githubVersion.version, "<3.14", true)) { return false; @@ -110434,19 +110435,19 @@ async function combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, lo }); return readSarifFile(outputFile); } -function populateRunAutomationDetails(sarif, category, analysis_key, environment) { +function populateRunAutomationDetails(sarifFile, category, analysis_key, environment) { const automationID = getAutomationID2(category, analysis_key, environment); if (automationID !== void 0) { - for (const run of sarif.runs || []) { + for (const run of sarifFile.runs || []) { if (run.automationDetails === void 0) { run.automationDetails = { id: automationID }; } } - return sarif; + return sarifFile; } - return sarif; + return sarifFile; } function getAutomationID2(category, analysis_key, environment) { if (category !== void 0) { @@ -110932,8 +110933,6 @@ function validateUniqueCategory(sarif, sentinelPrefix) { function sanitize(str2) { return (str2 ?? "_").replace(/[^a-zA-Z0-9_]/g, "_").toLocaleUpperCase(); } -var InvalidSarifUploadError = class extends Error { -}; function filterAlertsByDiffRange(logger, sarif) { const diffRanges = readDiffRangesJsonFile(logger); if (!diffRanges?.length) { @@ -110965,7 +110964,6 @@ function filterAlertsByDiffRange(logger, sarif) { } // Annotate the CommonJS export names for ESM import in node: 0 && (module.exports = { - InvalidSarifUploadError, buildPayload, findSarifFilesInDir, getGroupedSarifFilePaths, diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index 1adb7849c3..f853efa100 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -105890,6 +105890,8 @@ var semver = __toESM(require_semver2()); // src/sarif/index.ts var fs = __toESM(require("fs")); +var InvalidSarifUploadError = class extends Error { +}; function getToolNames(sarif) { const toolNames = {}; for (const run2 of sarif.runs || []) { @@ -105904,6 +105906,56 @@ function getToolNames(sarif) { function readSarifFile(sarifFilePath) { return JSON.parse(fs.readFileSync(sarifFilePath, "utf8")); } +function combineSarifFiles(sarifFiles, logger) { + logger.info(`Loading SARIF file(s)`); + const combinedSarif = { + version: null, + runs: [] + }; + for (const sarifFile of sarifFiles) { + logger.debug(`Loading SARIF file: ${sarifFile}`); + const sarifObject = readSarifFile(sarifFile); + if (combinedSarif.version === null) { + combinedSarif.version = sarifObject.version; + } else if (combinedSarif.version !== sarifObject.version) { + throw new InvalidSarifUploadError( + `Different SARIF versions encountered: ${combinedSarif.version} and ${sarifObject.version}` + ); + } + combinedSarif.runs.push(...sarifObject.runs); + } + return combinedSarif; +} +function areAllRunsProducedByCodeQL(sarifObjects) { + return sarifObjects.every((sarifObject) => { + return sarifObject.runs?.every( + (run2) => run2.tool?.driver?.name === "CodeQL" + ); + }); +} +function createRunKey(run2) { + return { + name: run2.tool?.driver?.name, + fullName: run2.tool?.driver?.fullName, + version: run2.tool?.driver?.version, + semanticVersion: run2.tool?.driver?.semanticVersion, + guid: run2.tool?.driver?.guid, + automationId: run2.automationDetails?.id + }; +} +function areAllRunsUnique(sarifObjects) { + const keys = /* @__PURE__ */ new Set(); + for (const sarifObject of sarifObjects) { + for (const run2 of sarifObject.runs) { + const key = JSON.stringify(createRunKey(run2)); + if (keys.has(key)) { + return false; + } + keys.add(key); + } + } + return true; +} // src/util.ts var BASE_DATABASE_OIDS_FILE_NAME = "base-database-oids.json"; @@ -110886,56 +110938,6 @@ async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVe // src/upload-lib.ts var GENERIC_403_MSG = "The repo on which this action is running has not opted-in to CodeQL code scanning."; var GENERIC_404_MSG = "The CodeQL code scanning feature is forbidden on this repository."; -function combineSarifFiles(sarifFiles, logger) { - logger.info(`Loading SARIF file(s)`); - const combinedSarif = { - version: null, - runs: [] - }; - for (const sarifFile of sarifFiles) { - logger.debug(`Loading SARIF file: ${sarifFile}`); - const sarifObject = readSarifFile(sarifFile); - if (combinedSarif.version === null) { - combinedSarif.version = sarifObject.version; - } else if (combinedSarif.version !== sarifObject.version) { - throw new InvalidSarifUploadError( - `Different SARIF versions encountered: ${combinedSarif.version} and ${sarifObject.version}` - ); - } - combinedSarif.runs.push(...sarifObject.runs); - } - return combinedSarif; -} -function areAllRunsProducedByCodeQL(sarifObjects) { - return sarifObjects.every((sarifObject) => { - return sarifObject.runs?.every( - (run2) => run2.tool?.driver?.name === "CodeQL" - ); - }); -} -function createRunKey(run2) { - return { - name: run2.tool?.driver?.name, - fullName: run2.tool?.driver?.fullName, - version: run2.tool?.driver?.version, - semanticVersion: run2.tool?.driver?.semanticVersion, - guid: run2.tool?.driver?.guid, - automationId: run2.automationDetails?.id - }; -} -function areAllRunsUnique(sarifObjects) { - const keys = /* @__PURE__ */ new Set(); - for (const sarifObject of sarifObjects) { - for (const run2 of sarifObject.runs) { - const key = JSON.stringify(createRunKey(run2)); - if (keys.has(key)) { - return false; - } - keys.add(key); - } - } - return true; -} async function shouldShowCombineSarifFilesDeprecationWarning(sarifObjects, githubVersion) { if (githubVersion.type === "GitHub Enterprise Server" /* GHES */ && satisfiesGHESVersion(githubVersion.version, "<3.14", true)) { return false; @@ -111025,19 +111027,19 @@ async function combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, lo }); return readSarifFile(outputFile); } -function populateRunAutomationDetails(sarif, category, analysis_key, environment) { +function populateRunAutomationDetails(sarifFile, category, analysis_key, environment) { const automationID = getAutomationID2(category, analysis_key, environment); if (automationID !== void 0) { - for (const run2 of sarif.runs || []) { + for (const run2 of sarifFile.runs || []) { if (run2.automationDetails === void 0) { run2.automationDetails = { id: automationID }; } } - return sarif; + return sarifFile; } - return sarif; + return sarifFile; } function getAutomationID2(category, analysis_key, environment) { if (category !== void 0) { @@ -111476,8 +111478,6 @@ function validateUniqueCategory(sarif, sentinelPrefix) { function sanitize(str2) { return (str2 ?? "_").replace(/[^a-zA-Z0-9_]/g, "_").toLocaleUpperCase(); } -var InvalidSarifUploadError = class extends Error { -}; function filterAlertsByDiffRange(logger, sarif) { const diffRanges = readDiffRangesJsonFile(logger); if (!diffRanges?.length) { diff --git a/src/sarif/index.ts b/src/sarif/index.ts index 2764f26fce..c8811bb42a 100644 --- a/src/sarif/index.ts +++ b/src/sarif/index.ts @@ -74,6 +74,20 @@ export interface SarifFile { runs: SarifRun[]; } +export type SarifRunKey = { + name: string | undefined; + fullName: string | undefined; + version: string | undefined; + semanticVersion: string | undefined; + guid: string | undefined; + automationId: string | undefined; +}; + +/** + * An error that occurred due to an invalid SARIF upload request. + */ +export class InvalidSarifUploadError extends Error {} + /** * Get the array of all the tool names contained in the given sarif contents. * @@ -172,3 +186,80 @@ export function fixInvalidNotifications( export function readSarifFile(sarifFilePath: string): SarifFile { return JSON.parse(fs.readFileSync(sarifFilePath, "utf8")) as SarifFile; } + +// Takes a list of paths to sarif files and combines them together, +// returning the contents of the combined sarif file. +export function combineSarifFiles( + sarifFiles: string[], + logger: Logger, +): SarifFile { + logger.info(`Loading SARIF file(s)`); + const combinedSarif: SarifFile = { + version: null, + runs: [], + }; + + for (const sarifFile of sarifFiles) { + logger.debug(`Loading SARIF file: ${sarifFile}`); + const sarifObject = readSarifFile(sarifFile); + // Check SARIF version + if (combinedSarif.version === null) { + combinedSarif.version = sarifObject.version; + } else if (combinedSarif.version !== sarifObject.version) { + throw new InvalidSarifUploadError( + `Different SARIF versions encountered: ${combinedSarif.version} and ${sarifObject.version}`, + ); + } + + combinedSarif.runs.push(...sarifObject.runs); + } + + return combinedSarif; +} + +/** + * Checks whether all the runs in the given SARIF files were produced by CodeQL. + * @param sarifObjects The list of SARIF objects to check. + */ +export function areAllRunsProducedByCodeQL(sarifObjects: SarifFile[]): boolean { + return sarifObjects.every((sarifObject) => { + return sarifObject.runs?.every( + (run) => run.tool?.driver?.name === "CodeQL", + ); + }); +} + +function createRunKey(run: SarifRun): SarifRunKey { + return { + name: run.tool?.driver?.name, + fullName: run.tool?.driver?.fullName, + version: run.tool?.driver?.version, + semanticVersion: run.tool?.driver?.semanticVersion, + guid: run.tool?.driver?.guid, + automationId: run.automationDetails?.id, + }; +} + +/** + * Checks whether all runs in the given SARIF files are unique (based on the + * criteria used by Code Scanning to determine analysis categories). + * @param sarifObjects The list of SARIF objects to check. + */ +export function areAllRunsUnique(sarifObjects: SarifFile[]): boolean { + const keys = new Set(); + + for (const sarifObject of sarifObjects) { + for (const run of sarifObject.runs) { + const key = JSON.stringify(createRunKey(run)); + + // If the key already exists, the runs are not unique. + if (keys.has(key)) { + return false; + } + + keys.add(key); + } + } + + return true; +} diff --git a/src/upload-lib.ts b/src/upload-lib.ts index 5904f08e2c..919adbccfe 100644 --- a/src/upload-lib.ts +++ b/src/upload-lib.ts @@ -21,7 +21,13 @@ import * as gitUtils from "./git-utils"; import { initCodeQL } from "./init"; import { Logger } from "./logging"; import { getRepositoryNwo, RepositoryNwo } from "./repository"; -import type { SarifFile, SarifRun } from "./sarif"; +import type { SarifFile } from "./sarif"; +import { + areAllRunsProducedByCodeQL, + areAllRunsUnique, + combineSarifFiles, + InvalidSarifUploadError, +} from "./sarif"; import { BasePayload, UploadPayload } from "./upload-lib/types"; import * as util from "./util"; import { @@ -38,89 +44,6 @@ const GENERIC_403_MSG = const GENERIC_404_MSG = "The CodeQL code scanning feature is forbidden on this repository."; -// Takes a list of paths to sarif files and combines them together, -// returning the contents of the combined sarif file. -function combineSarifFiles(sarifFiles: string[], logger: Logger): SarifFile { - logger.info(`Loading SARIF file(s)`); - const combinedSarif: SarifFile = { - version: null, - runs: [], - }; - - for (const sarifFile of sarifFiles) { - logger.debug(`Loading SARIF file: ${sarifFile}`); - const sarifObject = util.readSarifFile(sarifFile); - // Check SARIF version - if (combinedSarif.version === null) { - combinedSarif.version = sarifObject.version; - } else if (combinedSarif.version !== sarifObject.version) { - throw new InvalidSarifUploadError( - `Different SARIF versions encountered: ${combinedSarif.version} and ${sarifObject.version}`, - ); - } - - combinedSarif.runs.push(...sarifObject.runs); - } - - return combinedSarif; -} - -/** - * Checks whether all the runs in the given SARIF files were produced by CodeQL. - * @param sarifObjects The list of SARIF objects to check. - */ -function areAllRunsProducedByCodeQL(sarifObjects: SarifFile[]): boolean { - return sarifObjects.every((sarifObject) => { - return sarifObject.runs?.every( - (run) => run.tool?.driver?.name === "CodeQL", - ); - }); -} - -type SarifRunKey = { - name: string | undefined; - fullName: string | undefined; - version: string | undefined; - semanticVersion: string | undefined; - guid: string | undefined; - automationId: string | undefined; -}; - -function createRunKey(run: SarifRun): SarifRunKey { - return { - name: run.tool?.driver?.name, - fullName: run.tool?.driver?.fullName, - version: run.tool?.driver?.version, - semanticVersion: run.tool?.driver?.semanticVersion, - guid: run.tool?.driver?.guid, - automationId: run.automationDetails?.id, - }; -} - -/** - * Checks whether all runs in the given SARIF files are unique (based on the - * criteria used by Code Scanning to determine analysis categories). - * @param sarifObjects The list of SARIF objects to check. - */ -function areAllRunsUnique(sarifObjects: SarifFile[]): boolean { - const keys = new Set(); - - for (const sarifObject of sarifObjects) { - for (const run of sarifObject.runs) { - const key = JSON.stringify(createRunKey(run)); - - // If the key already exists, the runs are not unique. - if (keys.has(key)) { - return false; - } - - keys.add(key); - } - } - - return true; -} - // Checks whether the deprecation warning for combining SARIF files should be shown. export async function shouldShowCombineSarifFilesDeprecationWarning( sarifObjects: util.SarifFile[], @@ -280,7 +203,7 @@ async function combineSarifFilesUsingCLI( // Populates the run.automationDetails.id field using the analysis_key and environment // and return an updated sarif file contents. export function populateRunAutomationDetails( - sarif: SarifFile, + sarifFile: SarifFile, category: string | undefined, analysis_key: string, environment: string | undefined, @@ -288,16 +211,16 @@ export function populateRunAutomationDetails( const automationID = getAutomationID(category, analysis_key, environment); if (automationID !== undefined) { - for (const run of sarif.runs || []) { + for (const run of sarifFile.runs || []) { if (run.automationDetails === undefined) { run.automationDetails = { id: automationID, }; } } - return sarif; + return sarifFile; } - return sarif; + return sarifFile; } function getAutomationID( @@ -1122,11 +1045,6 @@ function sanitize(str?: string) { return (str ?? "_").replace(/[^a-zA-Z0-9_]/g, "_").toLocaleUpperCase(); } -/** - * An error that occurred due to an invalid SARIF upload request. - */ -export class InvalidSarifUploadError extends Error {} - function filterAlertsByDiffRange(logger: Logger, sarif: SarifFile): SarifFile { const diffRanges = readDiffRangesJsonFile(logger); if (!diffRanges?.length) { diff --git a/src/upload-sarif-action.ts b/src/upload-sarif-action.ts index cec41b2766..b09821924b 100644 --- a/src/upload-sarif-action.ts +++ b/src/upload-sarif-action.ts @@ -20,6 +20,7 @@ import * as upload_lib from "./upload-lib"; import { postProcessAndUploadSarif } from "./upload-sarif"; import { ConfigurationError, + InvalidSarifUploadError, checkActionVersion, checkDiskUsage, getErrorMessage, @@ -141,7 +142,7 @@ async function run(startedAt: Date) { } catch (unwrappedError) { const error = isThirdPartyAnalysis(ActionName.UploadSarif) && - unwrappedError instanceof upload_lib.InvalidSarifUploadError + unwrappedError instanceof InvalidSarifUploadError ? new ConfigurationError(unwrappedError.message) : wrapError(unwrappedError); const message = error.message; From 3b16d31abcde07cd36c450377d6c52ae596843ec Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Sun, 1 Mar 2026 14:26:41 +0000 Subject: [PATCH 04/11] Delete unused `fixInvalidNotifications` function --- src/sarif/index.test.ts | 74 ++------------------------------------- src/sarif/index.ts | 76 ----------------------------------------- 2 files changed, 2 insertions(+), 148 deletions(-) diff --git a/src/sarif/index.test.ts b/src/sarif/index.test.ts index 3d41f848b2..94d1c5f182 100644 --- a/src/sarif/index.test.ts +++ b/src/sarif/index.test.ts @@ -2,18 +2,9 @@ import * as fs from "fs"; import test from "ava"; -import { - getRecordingLogger, - LoggedMessage, - setupTests, -} from "../testing-utils"; +import { setupTests } from "../testing-utils"; -import { - fixInvalidNotifications, - getToolNames, - SarifLocation, - type SarifFile, -} from "."; +import { getToolNames, type SarifFile } from "."; setupTests(test); @@ -25,64 +16,3 @@ test("getToolNames", (t) => { const toolNames = getToolNames(JSON.parse(input) as SarifFile); t.deepEqual(toolNames, ["CodeQL command-line toolchain", "ESLint"]); }); - -function createMockSarifWithNotification( - locations: SarifLocation[], -): SarifFile { - return { - runs: [ - { - tool: { - driver: { - name: "CodeQL", - }, - }, - invocations: [ - { - toolExecutionNotifications: [ - { - locations, - }, - ], - }, - ], - }, - ], - }; -} - -const stubLocation: SarifLocation = { - physicalLocation: { - artifactLocation: { - uri: "file1", - }, - }, -}; - -test("fixInvalidNotifications leaves notifications with unique locations alone", (t) => { - const messages: LoggedMessage[] = []; - const result = fixInvalidNotifications( - createMockSarifWithNotification([stubLocation]), - getRecordingLogger(messages), - ); - t.deepEqual(result, createMockSarifWithNotification([stubLocation])); - t.is(messages.length, 1); - t.deepEqual(messages[0], { - type: "debug", - message: "No duplicate locations found in SARIF notification objects.", - }); -}); - -test("fixInvalidNotifications removes duplicate locations", (t) => { - const messages: LoggedMessage[] = []; - const result = fixInvalidNotifications( - createMockSarifWithNotification([stubLocation, stubLocation]), - getRecordingLogger(messages), - ); - t.deepEqual(result, createMockSarifWithNotification([stubLocation])); - t.is(messages.length, 1); - t.deepEqual(messages[0], { - type: "info", - message: "Removed 1 duplicate locations from SARIF notification objects.", - }); -}); diff --git a/src/sarif/index.ts b/src/sarif/index.ts index c8811bb42a..11f5f6e3dc 100644 --- a/src/sarif/index.ts +++ b/src/sarif/index.ts @@ -107,82 +107,6 @@ export function getToolNames(sarif: SarifFile): string[] { return Object.keys(toolNames); } -export function removeDuplicateLocations( - locations: SarifLocation[], -): SarifLocation[] { - const newJsonLocations = new Set(); - return locations.filter((location) => { - const jsonLocation = JSON.stringify(location); - if (!newJsonLocations.has(jsonLocation)) { - newJsonLocations.add(jsonLocation); - return true; - } - return false; - }); -} - -export function fixInvalidNotifications( - sarif: SarifFile, - logger: Logger, -): SarifFile { - if (!Array.isArray(sarif.runs)) { - return sarif; - } - - // Ensure that the array of locations for each SARIF notification contains unique locations. - // This is a workaround for a bug in the CodeQL CLI that causes duplicate locations to be - // emitted in some cases. - let numDuplicateLocationsRemoved = 0; - - const newSarif = { - ...sarif, - runs: sarif.runs.map((run) => { - if ( - run.tool?.driver?.name !== "CodeQL" || - !Array.isArray(run.invocations) - ) { - return run; - } - return { - ...run, - invocations: run.invocations.map((invocation) => { - if (!Array.isArray(invocation.toolExecutionNotifications)) { - return invocation; - } - return { - ...invocation, - toolExecutionNotifications: - invocation.toolExecutionNotifications.map((notification) => { - if (!Array.isArray(notification.locations)) { - return notification; - } - const newLocations = removeDuplicateLocations( - notification.locations, - ); - numDuplicateLocationsRemoved += - notification.locations.length - newLocations.length; - return { - ...notification, - locations: newLocations, - }; - }), - }; - }), - }; - }), - }; - - if (numDuplicateLocationsRemoved > 0) { - logger.info( - `Removed ${numDuplicateLocationsRemoved} duplicate locations from SARIF notification ` + - "objects.", - ); - } else { - logger.debug("No duplicate locations found in SARIF notification objects."); - } - return newSarif; -} - export function readSarifFile(sarifFilePath: string): SarifFile { return JSON.parse(fs.readFileSync(sarifFilePath, "utf8")) as SarifFile; } From ae9cb024599383bc9bc4d94950e2b847f988af7e Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Mon, 2 Mar 2026 17:41:41 +0000 Subject: [PATCH 05/11] Add dependency on `@types/sarif` --- package-lock.json | 8 ++++++++ package.json | 1 + 2 files changed, 9 insertions(+) diff --git a/package-lock.json b/package-lock.json index 28411b4d8a..5f17b5d6da 100644 --- a/package-lock.json +++ b/package-lock.json @@ -43,6 +43,7 @@ "@types/js-yaml": "^4.0.9", "@types/node": "^20.19.9", "@types/node-forge": "^1.3.14", + "@types/sarif": "^2.1.7", "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", "ava": "^6.4.1", @@ -2522,6 +2523,13 @@ "@types/node": "*" } }, + "node_modules/@types/sarif": { + "version": "2.1.7", + "resolved": "https://registry.npmjs.org/@types/sarif/-/sarif-2.1.7.tgz", + "integrity": "sha512-kRz0VEkJqWLf1LLVN4pT1cg1Z9wAuvI6L97V3m2f5B76Tg8d413ddvLBPTEHAZJlnn4XSvu0FkZtViCQGVyrXQ==", + "dev": true, + "license": "MIT" + }, "node_modules/@types/semver": { "version": "7.7.1", "resolved": "https://registry.npmjs.org/@types/semver/-/semver-7.7.1.tgz", diff --git a/package.json b/package.json index a048d52528..6636511233 100644 --- a/package.json +++ b/package.json @@ -58,6 +58,7 @@ "@types/js-yaml": "^4.0.9", "@types/node": "^20.19.9", "@types/node-forge": "^1.3.14", + "@types/sarif": "^2.1.7", "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", "ava": "^6.4.1", From 9a31859f7827cb9f9e85b3a0ecb9dd09e3fb2f34 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Mon, 2 Mar 2026 18:04:11 +0000 Subject: [PATCH 06/11] Use `@types/sarif` --- lib/analyze-action-post.js | 1 + lib/analyze-action.js | 7 ++- lib/autobuild-action.js | 1 + lib/init-action-post.js | 7 ++- lib/init-action.js | 1 + lib/resolve-environment-action.js | 1 + lib/setup-codeql-action.js | 1 + lib/start-proxy-action-post.js | 1 + lib/start-proxy-action.js | 1 + lib/upload-lib.js | 7 ++- lib/upload-sarif-action-post.js | 1 + lib/upload-sarif-action.js | 7 ++- src/sarif/index.ts | 96 +++++-------------------------- src/upload-lib.test.ts | 67 ++++++++++++--------- src/upload-sarif.test.ts | 6 +- 15 files changed, 84 insertions(+), 121 deletions(-) diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index aaed462b38..c62fe14bc5 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -46044,6 +46044,7 @@ var require_package = __commonJS({ "@types/js-yaml": "^4.0.9", "@types/node": "^20.19.9", "@types/node-forge": "^1.3.14", + "@types/sarif": "^2.1.7", "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", ava: "^6.4.1", diff --git a/lib/analyze-action.js b/lib/analyze-action.js index 982289ce3d..15d0059a01 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -46044,6 +46044,7 @@ var require_package = __commonJS({ "@types/js-yaml": "^4.0.9", "@types/node": "^20.19.9", "@types/node-forge": "^1.3.14", + "@types/sarif": "^2.1.7", "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", ava: "^6.4.1", @@ -105901,9 +105902,9 @@ var semver = __toESM(require_semver2()); var fs = __toESM(require("fs")); var InvalidSarifUploadError = class extends Error { }; -function getToolNames(sarif) { +function getToolNames(sarifFile) { const toolNames = {}; - for (const run2 of sarif.runs || []) { + for (const run2 of sarifFile.runs || []) { const tool = run2.tool || {}; const driver = tool.driver || {}; if (typeof driver.name === "string" && driver.name.length > 0) { @@ -105918,7 +105919,7 @@ function readSarifFile(sarifFilePath) { function combineSarifFiles(sarifFiles, logger) { logger.info(`Loading SARIF file(s)`); const combinedSarif = { - version: null, + version: "2.1.0", runs: [] }; for (const sarifFile of sarifFiles) { diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index a5e822b8ea..b5886f65cb 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -46044,6 +46044,7 @@ var require_package = __commonJS({ "@types/js-yaml": "^4.0.9", "@types/node": "^20.19.9", "@types/node-forge": "^1.3.14", + "@types/sarif": "^2.1.7", "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", ava: "^6.4.1", diff --git a/lib/init-action-post.js b/lib/init-action-post.js index 7631d46f7d..7bc36d338d 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -46044,6 +46044,7 @@ var require_package = __commonJS({ "@types/js-yaml": "^4.0.9", "@types/node": "^20.19.9", "@types/node-forge": "^1.3.14", + "@types/sarif": "^2.1.7", "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", ava: "^6.4.1", @@ -164004,9 +164005,9 @@ var minimumVersion = "3.14"; var fs = __toESM(require("fs")); var InvalidSarifUploadError = class extends Error { }; -function getToolNames(sarif) { +function getToolNames(sarifFile) { const toolNames = {}; - for (const run3 of sarif.runs || []) { + for (const run3 of sarifFile.runs || []) { const tool = run3.tool || {}; const driver = tool.driver || {}; if (typeof driver.name === "string" && driver.name.length > 0) { @@ -164021,7 +164022,7 @@ function readSarifFile(sarifFilePath) { function combineSarifFiles(sarifFiles, logger) { logger.info(`Loading SARIF file(s)`); const combinedSarif = { - version: null, + version: "2.1.0", runs: [] }; for (const sarifFile of sarifFiles) { diff --git a/lib/init-action.js b/lib/init-action.js index bce9e2dfcd..35173ccc15 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -46044,6 +46044,7 @@ var require_package = __commonJS({ "@types/js-yaml": "^4.0.9", "@types/node": "^20.19.9", "@types/node-forge": "^1.3.14", + "@types/sarif": "^2.1.7", "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", ava: "^6.4.1", diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index fe419d9104..d9929d50ac 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -46044,6 +46044,7 @@ var require_package = __commonJS({ "@types/js-yaml": "^4.0.9", "@types/node": "^20.19.9", "@types/node-forge": "^1.3.14", + "@types/sarif": "^2.1.7", "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", ava: "^6.4.1", diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js index e9a5e8dce8..02dfee0e42 100644 --- a/lib/setup-codeql-action.js +++ b/lib/setup-codeql-action.js @@ -46044,6 +46044,7 @@ var require_package = __commonJS({ "@types/js-yaml": "^4.0.9", "@types/node": "^20.19.9", "@types/node-forge": "^1.3.14", + "@types/sarif": "^2.1.7", "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", ava: "^6.4.1", diff --git a/lib/start-proxy-action-post.js b/lib/start-proxy-action-post.js index 14fa9fd053..145b953d1c 100644 --- a/lib/start-proxy-action-post.js +++ b/lib/start-proxy-action-post.js @@ -46044,6 +46044,7 @@ var require_package = __commonJS({ "@types/js-yaml": "^4.0.9", "@types/node": "^20.19.9", "@types/node-forge": "^1.3.14", + "@types/sarif": "^2.1.7", "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", ava: "^6.4.1", diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index 13996a08fe..389e59502b 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -46044,6 +46044,7 @@ var require_package = __commonJS({ "@types/js-yaml": "^4.0.9", "@types/node": "^20.19.9", "@types/node-forge": "^1.3.14", + "@types/sarif": "^2.1.7", "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", ava: "^6.4.1", diff --git a/lib/upload-lib.js b/lib/upload-lib.js index a258cc46a8..13996f1d0b 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -47341,6 +47341,7 @@ var require_package = __commonJS({ "@types/js-yaml": "^4.0.9", "@types/node": "^20.19.9", "@types/node-forge": "^1.3.14", + "@types/sarif": "^2.1.7", "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", ava: "^6.4.1", @@ -105917,9 +105918,9 @@ var semver = __toESM(require_semver2()); var fs = __toESM(require("fs")); var InvalidSarifUploadError = class extends Error { }; -function getToolNames(sarif) { +function getToolNames(sarifFile) { const toolNames = {}; - for (const run of sarif.runs || []) { + for (const run of sarifFile.runs || []) { const tool = run.tool || {}; const driver = tool.driver || {}; if (typeof driver.name === "string" && driver.name.length > 0) { @@ -105934,7 +105935,7 @@ function readSarifFile(sarifFilePath) { function combineSarifFiles(sarifFiles, logger) { logger.info(`Loading SARIF file(s)`); const combinedSarif = { - version: null, + version: "2.1.0", runs: [] }; for (const sarifFile of sarifFiles) { diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js index 103b279d16..1c7a491526 100644 --- a/lib/upload-sarif-action-post.js +++ b/lib/upload-sarif-action-post.js @@ -46044,6 +46044,7 @@ var require_package = __commonJS({ "@types/js-yaml": "^4.0.9", "@types/node": "^20.19.9", "@types/node-forge": "^1.3.14", + "@types/sarif": "^2.1.7", "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", ava: "^6.4.1", diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index f853efa100..5cf3669685 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -46044,6 +46044,7 @@ var require_package = __commonJS({ "@types/js-yaml": "^4.0.9", "@types/node": "^20.19.9", "@types/node-forge": "^1.3.14", + "@types/sarif": "^2.1.7", "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", ava: "^6.4.1", @@ -105892,9 +105893,9 @@ var semver = __toESM(require_semver2()); var fs = __toESM(require("fs")); var InvalidSarifUploadError = class extends Error { }; -function getToolNames(sarif) { +function getToolNames(sarifFile) { const toolNames = {}; - for (const run2 of sarif.runs || []) { + for (const run2 of sarifFile.runs || []) { const tool = run2.tool || {}; const driver = tool.driver || {}; if (typeof driver.name === "string" && driver.name.length > 0) { @@ -105909,7 +105910,7 @@ function readSarifFile(sarifFilePath) { function combineSarifFiles(sarifFiles, logger) { logger.info(`Loading SARIF file(s)`); const combinedSarif = { - version: null, + version: "2.1.0", runs: [] }; for (const sarifFile of sarifFiles) { diff --git a/src/sarif/index.ts b/src/sarif/index.ts index 11f5f6e3dc..acb19e1e94 100644 --- a/src/sarif/index.ts +++ b/src/sarif/index.ts @@ -2,84 +2,18 @@ import * as fs from "fs"; import { Logger } from "../logging"; -export interface SarifLocation { - physicalLocation?: { - artifactLocation?: { - uri?: string; - }; - }; -} - -export interface SarifNotification { - locations?: SarifLocation[]; -} - -export interface SarifInvocation { - toolExecutionNotifications?: SarifNotification[]; -} - -export interface SarifResult { - ruleId?: string; - rule?: { - id?: string; - }; - message?: { - text?: string; - }; - locations: Array<{ - physicalLocation: { - artifactLocation: { - uri: string; - }; - region?: { - startLine?: number; - }; - }; - }>; - relatedLocations?: Array<{ - physicalLocation: { - artifactLocation: { - uri: string; - }; - region?: { - startLine?: number; - }; - }; - }>; - partialFingerprints: { - primaryLocationLineHash?: string; - }; -} - -export interface SarifRun { - tool?: { - driver?: { - guid?: string; - name?: string; - fullName?: string; - semanticVersion?: string; - version?: string; - }; - }; - automationDetails?: { - id?: string; - }; - artifacts?: string[]; - invocations?: SarifInvocation[]; - results?: SarifResult[]; -} - -export interface SarifFile { - version?: string | null; - runs: SarifRun[]; -} - -export type SarifRunKey = { - name: string | undefined; - fullName: string | undefined; - version: string | undefined; - semanticVersion: string | undefined; - guid: string | undefined; +import * as sarif from "sarif"; + +// Re-export some types with other names for backwards-compatibility +export type SarifLocation = sarif.Location; +export type SarifNotification = sarif.Notification; +export type SarifInvocation = sarif.Invocation; +export type SarifResult = sarif.Result; +export type SarifRun = sarif.Run; +export type SarifFile = sarif.Log; + +// `automationId` is non-standard. +export type SarifRunKey = sarif.ToolComponent & { automationId: string | undefined; }; @@ -93,10 +27,10 @@ export class InvalidSarifUploadError extends Error {} * * Returns an array of unique string tool names. */ -export function getToolNames(sarif: SarifFile): string[] { +export function getToolNames(sarifFile: SarifFile): string[] { const toolNames = {}; - for (const run of sarif.runs || []) { + for (const run of sarifFile.runs || []) { const tool = run.tool || {}; const driver = tool.driver || {}; if (typeof driver.name === "string" && driver.name.length > 0) { @@ -119,7 +53,7 @@ export function combineSarifFiles( ): SarifFile { logger.info(`Loading SARIF file(s)`); const combinedSarif: SarifFile = { - version: null, + version: "2.1.0", runs: [], }; diff --git a/src/upload-lib.test.ts b/src/upload-lib.test.ts index 677d9f2aa5..dbaa7d8e0a 100644 --- a/src/upload-lib.test.ts +++ b/src/upload-lib.test.ts @@ -13,7 +13,12 @@ import { getRunnerLogger, Logger } from "./logging"; import { setupTests } from "./testing-utils"; import * as uploadLib from "./upload-lib"; import { UploadPayload } from "./upload-lib/types"; -import { GitHubVariant, initializeEnvironment, withTmpDir } from "./util"; +import { + GitHubVariant, + initializeEnvironment, + SarifFile, + withTmpDir, +} from "./util"; setupTests(test); @@ -262,13 +267,18 @@ test("getGroupedSarifFilePaths - Other file", async (t) => { }); test("populateRunAutomationDetails", (t) => { - let sarif = { - runs: [{}], + const tool = { driver: { name: "test tool" } }; + let sarif: SarifFile = { + version: "2.1.0", + runs: [{ tool }], }; const analysisKey = ".github/workflows/codeql-analysis.yml:analyze"; - let expectedSarif = { - runs: [{ automationDetails: { id: "language:javascript/os:linux/" } }], + let expectedSarif: SarifFile = { + version: "2.1.0", + runs: [ + { tool, automationDetails: { id: "language:javascript/os:linux/" } }, + ], }; // Category has priority over analysis_key/environment @@ -290,8 +300,14 @@ test("populateRunAutomationDetails", (t) => { t.deepEqual(modifiedSarif, expectedSarif); // check that the automation details doesn't get overwritten - sarif = { runs: [{ automationDetails: { id: "my_id" } }] }; - expectedSarif = { runs: [{ automationDetails: { id: "my_id" } }] }; + sarif = { + version: "2.1.0", + runs: [{ tool, automationDetails: { id: "my_id" } }], + }; + expectedSarif = { + version: "2.1.0", + runs: [{ tool, automationDetails: { id: "my_id" } }], + }; modifiedSarif = uploadLib.populateRunAutomationDetails( sarif, undefined, @@ -301,11 +317,16 @@ test("populateRunAutomationDetails", (t) => { t.deepEqual(modifiedSarif, expectedSarif); // check multiple runs - sarif = { runs: [{ automationDetails: { id: "my_id" } }, {}] }; + sarif = { + version: "2.1.0", + runs: [{ tool, automationDetails: { id: "my_id" } }, { tool }], + }; expectedSarif = { + version: "2.1.0", runs: [ - { automationDetails: { id: "my_id" } }, + { tool, automationDetails: { id: "my_id" } }, { + tool, automationDetails: { id: ".github/workflows/codeql-analysis.yml:analyze/language:javascript/os:linux/", }, @@ -515,20 +536,8 @@ test("validateUniqueCategory for automation details id and tool name", (t) => { ); // Our category sanitization is not perfect. Here are some examples - // of where we see false clashes - t.notThrows(() => - uploadLib.validateUniqueCategory( - createMockSarif("abc"), - CodeScanning.sentinelPrefix, - ), - ); - t.throws(() => - uploadLib.validateUniqueCategory( - createMockSarif("abc", "_"), - CodeScanning.sentinelPrefix, - ), - ); - + // of where we see false clashes because we replace some characters + // with `_` in `sanitize`. t.notThrows(() => uploadLib.validateUniqueCategory( createMockSarif("abc", "def__"), @@ -537,7 +546,7 @@ test("validateUniqueCategory for automation details id and tool name", (t) => { ); t.throws(() => uploadLib.validateUniqueCategory( - createMockSarif("abc_def"), + createMockSarif("abc_def", "_"), CodeScanning.sentinelPrefix, ), ); @@ -561,7 +570,10 @@ test("validateUniqueCategory for multiple runs", (t) => { const sarif2 = createMockSarif("ghi", "jkl"); // duplicate categories are allowed within the same sarif file - const multiSarif = { runs: [sarif1.runs[0], sarif1.runs[0], sarif2.runs[0]] }; + const multiSarif: SarifFile = { + version: "2.1.0", + runs: [sarif1.runs[0], sarif1.runs[0], sarif2.runs[0]], + }; t.notThrows(() => uploadLib.validateUniqueCategory(multiSarif, CodeScanning.sentinelPrefix), ); @@ -891,8 +903,9 @@ test("shouldConsiderInvalidRequest returns correct recognises processing errors" t.false(uploadLib.shouldConsiderInvalidRequest(error3)); }); -function createMockSarif(id?: string, tool?: string) { +function createMockSarif(id?: string, tool?: string): SarifFile { return { + version: "2.1.0", runs: [ { automationDetails: { @@ -900,7 +913,7 @@ function createMockSarif(id?: string, tool?: string) { }, tool: { driver: { - name: tool, + name: tool || "test tool", }, }, }, diff --git a/src/upload-sarif.test.ts b/src/upload-sarif.test.ts index d32c0c0312..e7ee91174d 100644 --- a/src/upload-sarif.test.ts +++ b/src/upload-sarif.test.ts @@ -33,7 +33,11 @@ function mockPostProcessSarifFiles() { sinon.match.any, analysisConfig, ) - .resolves({ sarif: { runs: [] }, analysisKey: "", environment: "" }); + .resolves({ + sarif: { version: "2.1.0", runs: [] }, + analysisKey: "", + environment: "", + }); } return postProcessSarifFiles; From b43d146e3737bf31278fa258423a935173411e29 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Mon, 2 Mar 2026 20:47:19 +0000 Subject: [PATCH 07/11] Do not alias types --- lib/analyze-action.js | 56 ++++++++++++++--------------- lib/init-action-post.js | 56 ++++++++++++++--------------- lib/upload-lib.js | 56 ++++++++++++++--------------- lib/upload-sarif-action.js | 56 ++++++++++++++--------------- src/analyze.ts | 3 +- src/fingerprints.test.ts | 5 +-- src/fingerprints.ts | 12 +++---- src/sarif/index.test.ts | 4 +-- src/sarif/index.ts | 26 ++++++-------- src/upload-lib.test.ts | 28 +++++++-------- src/upload-lib.ts | 73 ++++++++++++++++++++------------------ 11 files changed, 185 insertions(+), 190 deletions(-) diff --git a/lib/analyze-action.js b/lib/analyze-action.js index 15d0059a01..5ddb1b8823 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -112377,12 +112377,12 @@ function resolveUriToFile(location, artifacts, sourceRoot, logger) { } return uri; } -async function addFingerprints(sarif, sourceRoot, logger) { +async function addFingerprints(sarifLog, sourceRoot, logger) { logger.info( `Adding fingerprints to SARIF file. See ${"https://docs.github.com/en/code-security/reference/code-scanning/sarif-support-for-code-scanning#data-for-preventing-duplicated-alerts" /* TRACK_CODE_SCANNING_ALERTS_ACROSS_RUNS */} for more information.` ); const callbacksByFile = {}; - for (const run2 of sarif.runs || []) { + for (const run2 of sarifLog.runs || []) { const artifacts = run2.artifacts || []; for (const result of run2.results || []) { const primaryLocation = (result.locations || [])[0]; @@ -112422,7 +112422,7 @@ async function addFingerprints(sarif, sourceRoot, logger) { }; await hash(teeCallback, filepath); } - return sarif; + return sarifLog; } // src/init.ts @@ -112678,9 +112678,9 @@ async function getGroupedSarifFilePaths(logger, sarifPath) { } return results; } -function countResultsInSarif(sarif) { +function countResultsInSarif(sarifLog) { let numResults = 0; - const parsedSarif = JSON.parse(sarif); + const parsedSarif = JSON.parse(sarifLog); if (!Array.isArray(parsedSarif.runs)) { throw new InvalidSarifUploadError("Invalid SARIF. Missing 'runs' array."); } @@ -112703,8 +112703,8 @@ function readSarifFile2(sarifFilePath) { ); } } -function validateSarifFileSchema(sarif, sarifFilePath, logger) { - if (areAllRunsProducedByCodeQL([sarif]) && // We want to validate CodeQL SARIF in testing environments. +function validateSarifFileSchema(sarifLog, sarifFilePath, logger) { + if (areAllRunsProducedByCodeQL([sarifLog]) && // We want to validate CodeQL SARIF in testing environments. !getTestingEnvironment()) { logger.debug( `Skipping SARIF schema validation for ${sarifFilePath} as all runs are produced by CodeQL.` @@ -112713,7 +112713,7 @@ function validateSarifFileSchema(sarif, sarifFilePath, logger) { } logger.info(`Validating ${sarifFilePath}`); const schema2 = require_sarif_schema_2_1_0(); - const result = new jsonschema2.Validator().validate(sarif, schema2); + const result = new jsonschema2.Validator().validate(sarifLog, schema2); const warningAttributes = ["uri-reference", "uri"]; const errors = (result.errors ?? []).filter( (err) => !(err.name === "format" && typeof err.argument === "string" && warningAttributes.includes(err.argument)) @@ -112776,14 +112776,14 @@ function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, wo async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths, category, analysis) { logger.info(`Post-processing sarif files: ${JSON.stringify(sarifPaths)}`); const gitHubVersion = await getGitHubVersion(); - let sarif; + let sarifLog; category = analysis.fixCategory(logger, category); if (sarifPaths.length > 1) { for (const sarifPath of sarifPaths) { const parsedSarif = readSarifFile2(sarifPath); validateSarifFileSchema(parsedSarif, sarifPath, logger); } - sarif = await combineSarifFilesUsingCLI( + sarifLog = await combineSarifFilesUsingCLI( sarifPaths, gitHubVersion, features, @@ -112791,21 +112791,21 @@ async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths, ); } else { const sarifPath = sarifPaths[0]; - sarif = readSarifFile2(sarifPath); - validateSarifFileSchema(sarif, sarifPath, logger); - await throwIfCombineSarifFilesDisabled([sarif], gitHubVersion); + sarifLog = readSarifFile2(sarifPath); + validateSarifFileSchema(sarifLog, sarifPath, logger); + await throwIfCombineSarifFilesDisabled([sarifLog], gitHubVersion); } - sarif = filterAlertsByDiffRange(logger, sarif); - sarif = await addFingerprints(sarif, checkoutPath, logger); + sarifLog = filterAlertsByDiffRange(logger, sarifLog); + sarifLog = await addFingerprints(sarifLog, checkoutPath, logger); const analysisKey = await getAnalysisKey(); const environment = getRequiredInput("matrix"); - sarif = populateRunAutomationDetails( - sarif, + sarifLog = populateRunAutomationDetails( + sarifLog, category, analysisKey, environment ); - return { sarif, analysisKey, environment }; + return { sarif: sarifLog, analysisKey, environment }; } async function writePostProcessedFiles(logger, pathInput, uploadTarget, postProcessingResults) { const outputPath = pathInput || getOptionalEnvVar("CODEQL_ACTION_SARIF_DUMP_DIR" /* SARIF_DUMP_DIR */); @@ -112822,12 +112822,12 @@ async function writePostProcessedFiles(logger, pathInput, uploadTarget, postProc } async function uploadPostProcessedFiles(logger, checkoutPath, uploadTarget, postProcessingResults) { logger.startGroup(`Uploading ${uploadTarget.name} results`); - const sarif = postProcessingResults.sarif; - const toolNames = getToolNames(sarif); + const sarifLog = postProcessingResults.sarif; + const toolNames = getToolNames(sarifLog); logger.debug(`Validating that each SARIF run has a unique category`); - validateUniqueCategory(sarif, uploadTarget.sentinelPrefix); + validateUniqueCategory(sarifLog, uploadTarget.sentinelPrefix); logger.debug(`Serializing SARIF for upload`); - const sarifPayload = JSON.stringify(sarif); + const sarifPayload = JSON.stringify(sarifLog); logger.debug(`Compressing serialized SARIF`); const zippedSarif = import_zlib.default.gzipSync(sarifPayload).toString("base64"); const checkoutURI = url.pathToFileURL(checkoutPath).href; @@ -112979,9 +112979,9 @@ function handleProcessingResultForUnsuccessfulExecution(response, status, logger assertNever(status); } } -function validateUniqueCategory(sarif, sentinelPrefix) { +function validateUniqueCategory(sarifLog, sentinelPrefix) { const categories = {}; - for (const run2 of sarif.runs) { + for (const run2 of sarifLog.runs) { const id = run2?.automationDetails?.id; const tool = run2.tool?.driver?.name; const category = `${sanitize(id)}_${sanitize(tool)}`; @@ -113000,13 +113000,13 @@ function validateUniqueCategory(sarif, sentinelPrefix) { function sanitize(str2) { return (str2 ?? "_").replace(/[^a-zA-Z0-9_]/g, "_").toLocaleUpperCase(); } -function filterAlertsByDiffRange(logger, sarif) { +function filterAlertsByDiffRange(logger, sarifLog) { const diffRanges = readDiffRangesJsonFile(logger); if (!diffRanges?.length) { - return sarif; + return sarifLog; } const checkoutPath = getRequiredInput("checkout_path"); - for (const run2 of sarif.runs) { + for (const run2 of sarifLog.runs) { if (run2.results) { run2.results = run2.results.filter((result) => { const locations = [ @@ -113027,7 +113027,7 @@ function filterAlertsByDiffRange(logger, sarif) { }); } } - return sarif; + return sarifLog; } // src/upload-sarif.ts diff --git a/lib/init-action-post.js b/lib/init-action-post.js index 7bc36d338d..a58d1ed6ea 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -169453,12 +169453,12 @@ function resolveUriToFile(location, artifacts, sourceRoot, logger) { } return uri; } -async function addFingerprints(sarif, sourceRoot, logger) { +async function addFingerprints(sarifLog, sourceRoot, logger) { logger.info( `Adding fingerprints to SARIF file. See ${"https://docs.github.com/en/code-security/reference/code-scanning/sarif-support-for-code-scanning#data-for-preventing-duplicated-alerts" /* TRACK_CODE_SCANNING_ALERTS_ACROSS_RUNS */} for more information.` ); const callbacksByFile = {}; - for (const run3 of sarif.runs || []) { + for (const run3 of sarifLog.runs || []) { const artifacts = run3.artifacts || []; for (const result of run3.results || []) { const primaryLocation = (result.locations || [])[0]; @@ -169498,7 +169498,7 @@ async function addFingerprints(sarif, sourceRoot, logger) { }; await hash(teeCallback, filepath); } - return sarif; + return sarifLog; } // src/init.ts @@ -169723,9 +169723,9 @@ function getSarifFilePaths(sarifPath, isSarif) { } return sarifFiles; } -function countResultsInSarif(sarif) { +function countResultsInSarif(sarifLog) { let numResults = 0; - const parsedSarif = JSON.parse(sarif); + const parsedSarif = JSON.parse(sarifLog); if (!Array.isArray(parsedSarif.runs)) { throw new InvalidSarifUploadError("Invalid SARIF. Missing 'runs' array."); } @@ -169748,8 +169748,8 @@ function readSarifFile2(sarifFilePath) { ); } } -function validateSarifFileSchema(sarif, sarifFilePath, logger) { - if (areAllRunsProducedByCodeQL([sarif]) && // We want to validate CodeQL SARIF in testing environments. +function validateSarifFileSchema(sarifLog, sarifFilePath, logger) { + if (areAllRunsProducedByCodeQL([sarifLog]) && // We want to validate CodeQL SARIF in testing environments. !getTestingEnvironment()) { logger.debug( `Skipping SARIF schema validation for ${sarifFilePath} as all runs are produced by CodeQL.` @@ -169758,7 +169758,7 @@ function validateSarifFileSchema(sarif, sarifFilePath, logger) { } logger.info(`Validating ${sarifFilePath}`); const schema2 = require_sarif_schema_2_1_0(); - const result = new jsonschema2.Validator().validate(sarif, schema2); + const result = new jsonschema2.Validator().validate(sarifLog, schema2); const warningAttributes = ["uri-reference", "uri"]; const errors = (result.errors ?? []).filter( (err) => !(err.name === "format" && typeof err.argument === "string" && warningAttributes.includes(err.argument)) @@ -169821,14 +169821,14 @@ function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, wo async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths, category, analysis) { logger.info(`Post-processing sarif files: ${JSON.stringify(sarifPaths)}`); const gitHubVersion = await getGitHubVersion(); - let sarif; + let sarifLog; category = analysis.fixCategory(logger, category); if (sarifPaths.length > 1) { for (const sarifPath of sarifPaths) { const parsedSarif = readSarifFile2(sarifPath); validateSarifFileSchema(parsedSarif, sarifPath, logger); } - sarif = await combineSarifFilesUsingCLI( + sarifLog = await combineSarifFilesUsingCLI( sarifPaths, gitHubVersion, features, @@ -169836,21 +169836,21 @@ async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths, ); } else { const sarifPath = sarifPaths[0]; - sarif = readSarifFile2(sarifPath); - validateSarifFileSchema(sarif, sarifPath, logger); - await throwIfCombineSarifFilesDisabled([sarif], gitHubVersion); + sarifLog = readSarifFile2(sarifPath); + validateSarifFileSchema(sarifLog, sarifPath, logger); + await throwIfCombineSarifFilesDisabled([sarifLog], gitHubVersion); } - sarif = filterAlertsByDiffRange(logger, sarif); - sarif = await addFingerprints(sarif, checkoutPath, logger); + sarifLog = filterAlertsByDiffRange(logger, sarifLog); + sarifLog = await addFingerprints(sarifLog, checkoutPath, logger); const analysisKey = await getAnalysisKey(); const environment = getRequiredInput("matrix"); - sarif = populateRunAutomationDetails( - sarif, + sarifLog = populateRunAutomationDetails( + sarifLog, category, analysisKey, environment ); - return { sarif, analysisKey, environment }; + return { sarif: sarifLog, analysisKey, environment }; } async function uploadFiles(inputSarifPath, checkoutPath, category, features, logger, uploadTarget) { const sarifPaths = getSarifFilePaths( @@ -169884,12 +169884,12 @@ async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features } async function uploadPostProcessedFiles(logger, checkoutPath, uploadTarget, postProcessingResults) { logger.startGroup(`Uploading ${uploadTarget.name} results`); - const sarif = postProcessingResults.sarif; - const toolNames = getToolNames(sarif); + const sarifLog = postProcessingResults.sarif; + const toolNames = getToolNames(sarifLog); logger.debug(`Validating that each SARIF run has a unique category`); - validateUniqueCategory(sarif, uploadTarget.sentinelPrefix); + validateUniqueCategory(sarifLog, uploadTarget.sentinelPrefix); logger.debug(`Serializing SARIF for upload`); - const sarifPayload = JSON.stringify(sarif); + const sarifPayload = JSON.stringify(sarifLog); logger.debug(`Compressing serialized SARIF`); const zippedSarif = import_zlib.default.gzipSync(sarifPayload).toString("base64"); const checkoutURI = url.pathToFileURL(checkoutPath).href; @@ -170026,9 +170026,9 @@ function handleProcessingResultForUnsuccessfulExecution(response, status, logger assertNever(status); } } -function validateUniqueCategory(sarif, sentinelPrefix) { +function validateUniqueCategory(sarifLog, sentinelPrefix) { const categories = {}; - for (const run3 of sarif.runs) { + for (const run3 of sarifLog.runs) { const id = run3?.automationDetails?.id; const tool = run3.tool?.driver?.name; const category = `${sanitize(id)}_${sanitize(tool)}`; @@ -170047,13 +170047,13 @@ function validateUniqueCategory(sarif, sentinelPrefix) { function sanitize(str2) { return (str2 ?? "_").replace(/[^a-zA-Z0-9_]/g, "_").toLocaleUpperCase(); } -function filterAlertsByDiffRange(logger, sarif) { +function filterAlertsByDiffRange(logger, sarifLog) { const diffRanges = readDiffRangesJsonFile(logger); if (!diffRanges?.length) { - return sarif; + return sarifLog; } const checkoutPath = getRequiredInput("checkout_path"); - for (const run3 of sarif.runs) { + for (const run3 of sarifLog.runs) { if (run3.results) { run3.results = run3.results.filter((result) => { const locations = [ @@ -170074,7 +170074,7 @@ function filterAlertsByDiffRange(logger, sarif) { }); } } - return sarif; + return sarifLog; } // src/workflow.ts diff --git a/lib/upload-lib.js b/lib/upload-lib.js index 13996f1d0b..4faf8586fe 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -110264,12 +110264,12 @@ function resolveUriToFile(location, artifacts, sourceRoot, logger) { } return uri; } -async function addFingerprints(sarif, sourceRoot, logger) { +async function addFingerprints(sarifLog, sourceRoot, logger) { logger.info( `Adding fingerprints to SARIF file. See ${"https://docs.github.com/en/code-security/reference/code-scanning/sarif-support-for-code-scanning#data-for-preventing-duplicated-alerts" /* TRACK_CODE_SCANNING_ALERTS_ACROSS_RUNS */} for more information.` ); const callbacksByFile = {}; - for (const run of sarif.runs || []) { + for (const run of sarifLog.runs || []) { const artifacts = run.artifacts || []; for (const result of run.results || []) { const primaryLocation = (result.locations || [])[0]; @@ -110309,7 +110309,7 @@ async function addFingerprints(sarif, sourceRoot, logger) { }; await hash(teeCallback, filepath); } - return sarif; + return sarifLog; } // src/init.ts @@ -110582,9 +110582,9 @@ async function getGroupedSarifFilePaths(logger, sarifPath) { } return results; } -function countResultsInSarif(sarif) { +function countResultsInSarif(sarifLog) { let numResults = 0; - const parsedSarif = JSON.parse(sarif); + const parsedSarif = JSON.parse(sarifLog); if (!Array.isArray(parsedSarif.runs)) { throw new InvalidSarifUploadError("Invalid SARIF. Missing 'runs' array."); } @@ -110607,8 +110607,8 @@ function readSarifFile2(sarifFilePath) { ); } } -function validateSarifFileSchema(sarif, sarifFilePath, logger) { - if (areAllRunsProducedByCodeQL([sarif]) && // We want to validate CodeQL SARIF in testing environments. +function validateSarifFileSchema(sarifLog, sarifFilePath, logger) { + if (areAllRunsProducedByCodeQL([sarifLog]) && // We want to validate CodeQL SARIF in testing environments. !getTestingEnvironment()) { logger.debug( `Skipping SARIF schema validation for ${sarifFilePath} as all runs are produced by CodeQL.` @@ -110617,7 +110617,7 @@ function validateSarifFileSchema(sarif, sarifFilePath, logger) { } logger.info(`Validating ${sarifFilePath}`); const schema2 = require_sarif_schema_2_1_0(); - const result = new jsonschema2.Validator().validate(sarif, schema2); + const result = new jsonschema2.Validator().validate(sarifLog, schema2); const warningAttributes = ["uri-reference", "uri"]; const errors = (result.errors ?? []).filter( (err) => !(err.name === "format" && typeof err.argument === "string" && warningAttributes.includes(err.argument)) @@ -110680,14 +110680,14 @@ function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, wo async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths, category, analysis) { logger.info(`Post-processing sarif files: ${JSON.stringify(sarifPaths)}`); const gitHubVersion = await getGitHubVersion(); - let sarif; + let sarifLog; category = analysis.fixCategory(logger, category); if (sarifPaths.length > 1) { for (const sarifPath of sarifPaths) { const parsedSarif = readSarifFile2(sarifPath); validateSarifFileSchema(parsedSarif, sarifPath, logger); } - sarif = await combineSarifFilesUsingCLI( + sarifLog = await combineSarifFilesUsingCLI( sarifPaths, gitHubVersion, features, @@ -110695,21 +110695,21 @@ async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths, ); } else { const sarifPath = sarifPaths[0]; - sarif = readSarifFile2(sarifPath); - validateSarifFileSchema(sarif, sarifPath, logger); - await throwIfCombineSarifFilesDisabled([sarif], gitHubVersion); + sarifLog = readSarifFile2(sarifPath); + validateSarifFileSchema(sarifLog, sarifPath, logger); + await throwIfCombineSarifFilesDisabled([sarifLog], gitHubVersion); } - sarif = filterAlertsByDiffRange(logger, sarif); - sarif = await addFingerprints(sarif, checkoutPath, logger); + sarifLog = filterAlertsByDiffRange(logger, sarifLog); + sarifLog = await addFingerprints(sarifLog, checkoutPath, logger); const analysisKey = await getAnalysisKey(); const environment = getRequiredInput("matrix"); - sarif = populateRunAutomationDetails( - sarif, + sarifLog = populateRunAutomationDetails( + sarifLog, category, analysisKey, environment ); - return { sarif, analysisKey, environment }; + return { sarif: sarifLog, analysisKey, environment }; } async function writePostProcessedFiles(logger, pathInput, uploadTarget, postProcessingResults) { const outputPath = pathInput || getOptionalEnvVar("CODEQL_ACTION_SARIF_DUMP_DIR" /* SARIF_DUMP_DIR */); @@ -110756,12 +110756,12 @@ async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features } async function uploadPostProcessedFiles(logger, checkoutPath, uploadTarget, postProcessingResults) { logger.startGroup(`Uploading ${uploadTarget.name} results`); - const sarif = postProcessingResults.sarif; - const toolNames = getToolNames(sarif); + const sarifLog = postProcessingResults.sarif; + const toolNames = getToolNames(sarifLog); logger.debug(`Validating that each SARIF run has a unique category`); - validateUniqueCategory(sarif, uploadTarget.sentinelPrefix); + validateUniqueCategory(sarifLog, uploadTarget.sentinelPrefix); logger.debug(`Serializing SARIF for upload`); - const sarifPayload = JSON.stringify(sarif); + const sarifPayload = JSON.stringify(sarifLog); logger.debug(`Compressing serialized SARIF`); const zippedSarif = import_zlib.default.gzipSync(sarifPayload).toString("base64"); const checkoutURI = url.pathToFileURL(checkoutPath).href; @@ -110913,9 +110913,9 @@ function handleProcessingResultForUnsuccessfulExecution(response, status, logger assertNever(status); } } -function validateUniqueCategory(sarif, sentinelPrefix) { +function validateUniqueCategory(sarifLog, sentinelPrefix) { const categories = {}; - for (const run of sarif.runs) { + for (const run of sarifLog.runs) { const id = run?.automationDetails?.id; const tool = run.tool?.driver?.name; const category = `${sanitize(id)}_${sanitize(tool)}`; @@ -110934,13 +110934,13 @@ function validateUniqueCategory(sarif, sentinelPrefix) { function sanitize(str2) { return (str2 ?? "_").replace(/[^a-zA-Z0-9_]/g, "_").toLocaleUpperCase(); } -function filterAlertsByDiffRange(logger, sarif) { +function filterAlertsByDiffRange(logger, sarifLog) { const diffRanges = readDiffRangesJsonFile(logger); if (!diffRanges?.length) { - return sarif; + return sarifLog; } const checkoutPath = getRequiredInput("checkout_path"); - for (const run of sarif.runs) { + for (const run of sarifLog.runs) { if (run.results) { run.results = run.results.filter((result) => { const locations = [ @@ -110961,7 +110961,7 @@ function filterAlertsByDiffRange(logger, sarif) { }); } } - return sarif; + return sarifLog; } // Annotate the CommonJS export names for ESM import in node: 0 && (module.exports = { diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index 5cf3669685..00c563e744 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -110856,12 +110856,12 @@ function resolveUriToFile(location, artifacts, sourceRoot, logger) { } return uri; } -async function addFingerprints(sarif, sourceRoot, logger) { +async function addFingerprints(sarifLog, sourceRoot, logger) { logger.info( `Adding fingerprints to SARIF file. See ${"https://docs.github.com/en/code-security/reference/code-scanning/sarif-support-for-code-scanning#data-for-preventing-duplicated-alerts" /* TRACK_CODE_SCANNING_ALERTS_ACROSS_RUNS */} for more information.` ); const callbacksByFile = {}; - for (const run2 of sarif.runs || []) { + for (const run2 of sarifLog.runs || []) { const artifacts = run2.artifacts || []; for (const result of run2.results || []) { const primaryLocation = (result.locations || [])[0]; @@ -110901,7 +110901,7 @@ async function addFingerprints(sarif, sourceRoot, logger) { }; await hash(teeCallback, filepath); } - return sarif; + return sarifLog; } // src/init.ts @@ -111157,9 +111157,9 @@ async function getGroupedSarifFilePaths(logger, sarifPath) { } return results; } -function countResultsInSarif(sarif) { +function countResultsInSarif(sarifLog) { let numResults = 0; - const parsedSarif = JSON.parse(sarif); + const parsedSarif = JSON.parse(sarifLog); if (!Array.isArray(parsedSarif.runs)) { throw new InvalidSarifUploadError("Invalid SARIF. Missing 'runs' array."); } @@ -111182,8 +111182,8 @@ function readSarifFile2(sarifFilePath) { ); } } -function validateSarifFileSchema(sarif, sarifFilePath, logger) { - if (areAllRunsProducedByCodeQL([sarif]) && // We want to validate CodeQL SARIF in testing environments. +function validateSarifFileSchema(sarifLog, sarifFilePath, logger) { + if (areAllRunsProducedByCodeQL([sarifLog]) && // We want to validate CodeQL SARIF in testing environments. !getTestingEnvironment()) { logger.debug( `Skipping SARIF schema validation for ${sarifFilePath} as all runs are produced by CodeQL.` @@ -111192,7 +111192,7 @@ function validateSarifFileSchema(sarif, sarifFilePath, logger) { } logger.info(`Validating ${sarifFilePath}`); const schema2 = require_sarif_schema_2_1_0(); - const result = new jsonschema2.Validator().validate(sarif, schema2); + const result = new jsonschema2.Validator().validate(sarifLog, schema2); const warningAttributes = ["uri-reference", "uri"]; const errors = (result.errors ?? []).filter( (err) => !(err.name === "format" && typeof err.argument === "string" && warningAttributes.includes(err.argument)) @@ -111255,14 +111255,14 @@ function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, wo async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths, category, analysis) { logger.info(`Post-processing sarif files: ${JSON.stringify(sarifPaths)}`); const gitHubVersion = await getGitHubVersion(); - let sarif; + let sarifLog; category = analysis.fixCategory(logger, category); if (sarifPaths.length > 1) { for (const sarifPath of sarifPaths) { const parsedSarif = readSarifFile2(sarifPath); validateSarifFileSchema(parsedSarif, sarifPath, logger); } - sarif = await combineSarifFilesUsingCLI( + sarifLog = await combineSarifFilesUsingCLI( sarifPaths, gitHubVersion, features, @@ -111270,21 +111270,21 @@ async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths, ); } else { const sarifPath = sarifPaths[0]; - sarif = readSarifFile2(sarifPath); - validateSarifFileSchema(sarif, sarifPath, logger); - await throwIfCombineSarifFilesDisabled([sarif], gitHubVersion); + sarifLog = readSarifFile2(sarifPath); + validateSarifFileSchema(sarifLog, sarifPath, logger); + await throwIfCombineSarifFilesDisabled([sarifLog], gitHubVersion); } - sarif = filterAlertsByDiffRange(logger, sarif); - sarif = await addFingerprints(sarif, checkoutPath, logger); + sarifLog = filterAlertsByDiffRange(logger, sarifLog); + sarifLog = await addFingerprints(sarifLog, checkoutPath, logger); const analysisKey = await getAnalysisKey(); const environment = getRequiredInput("matrix"); - sarif = populateRunAutomationDetails( - sarif, + sarifLog = populateRunAutomationDetails( + sarifLog, category, analysisKey, environment ); - return { sarif, analysisKey, environment }; + return { sarif: sarifLog, analysisKey, environment }; } async function writePostProcessedFiles(logger, pathInput, uploadTarget, postProcessingResults) { const outputPath = pathInput || getOptionalEnvVar("CODEQL_ACTION_SARIF_DUMP_DIR" /* SARIF_DUMP_DIR */); @@ -111301,12 +111301,12 @@ async function writePostProcessedFiles(logger, pathInput, uploadTarget, postProc } async function uploadPostProcessedFiles(logger, checkoutPath, uploadTarget, postProcessingResults) { logger.startGroup(`Uploading ${uploadTarget.name} results`); - const sarif = postProcessingResults.sarif; - const toolNames = getToolNames(sarif); + const sarifLog = postProcessingResults.sarif; + const toolNames = getToolNames(sarifLog); logger.debug(`Validating that each SARIF run has a unique category`); - validateUniqueCategory(sarif, uploadTarget.sentinelPrefix); + validateUniqueCategory(sarifLog, uploadTarget.sentinelPrefix); logger.debug(`Serializing SARIF for upload`); - const sarifPayload = JSON.stringify(sarif); + const sarifPayload = JSON.stringify(sarifLog); logger.debug(`Compressing serialized SARIF`); const zippedSarif = import_zlib.default.gzipSync(sarifPayload).toString("base64"); const checkoutURI = url.pathToFileURL(checkoutPath).href; @@ -111458,9 +111458,9 @@ function handleProcessingResultForUnsuccessfulExecution(response, status, logger assertNever(status); } } -function validateUniqueCategory(sarif, sentinelPrefix) { +function validateUniqueCategory(sarifLog, sentinelPrefix) { const categories = {}; - for (const run2 of sarif.runs) { + for (const run2 of sarifLog.runs) { const id = run2?.automationDetails?.id; const tool = run2.tool?.driver?.name; const category = `${sanitize(id)}_${sanitize(tool)}`; @@ -111479,13 +111479,13 @@ function validateUniqueCategory(sarif, sentinelPrefix) { function sanitize(str2) { return (str2 ?? "_").replace(/[^a-zA-Z0-9_]/g, "_").toLocaleUpperCase(); } -function filterAlertsByDiffRange(logger, sarif) { +function filterAlertsByDiffRange(logger, sarifLog) { const diffRanges = readDiffRangesJsonFile(logger); if (!diffRanges?.length) { - return sarif; + return sarifLog; } const checkoutPath = getRequiredInput("checkout_path"); - for (const run2 of sarif.runs) { + for (const run2 of sarifLog.runs) { if (run2.results) { run2.results = run2.results.filter((result) => { const locations = [ @@ -111506,7 +111506,7 @@ function filterAlertsByDiffRange(logger, sarif) { }); } } - return sarif; + return sarifLog; } // src/upload-sarif.ts diff --git a/src/analyze.ts b/src/analyze.ts index 6f5693044f..c7af4fec9f 100644 --- a/src/analyze.ts +++ b/src/analyze.ts @@ -25,6 +25,7 @@ import { FeatureEnablement, Feature } from "./feature-flags"; import { KnownLanguage, Language } from "./languages"; import { Logger, withGroupAsync } from "./logging"; import { OverlayDatabaseMode } from "./overlay"; +import type * as sarif from "./sarif"; import { DatabaseCreationTimings, EventReport } from "./status-report"; import { endTracingForCluster } from "./tracer-config"; import * as util from "./util"; @@ -594,7 +595,7 @@ export async function runQueries( function getPerQueryAlertCounts(sarifPath: string): Record { const sarifObject = JSON.parse( fs.readFileSync(sarifPath, "utf8"), - ) as util.SarifFile; + ) as sarif.Log; // We do not need to compute fingerprints because we are not sending data based off of locations. // Generate the query: alert count object diff --git a/src/fingerprints.test.ts b/src/fingerprints.test.ts index 6c29537d08..6cb9b68617 100644 --- a/src/fingerprints.test.ts +++ b/src/fingerprints.test.ts @@ -6,6 +6,7 @@ import test from "ava"; import * as fingerprints from "./fingerprints"; import { getRunnerLogger } from "./logging"; +import * as sarif from "./sarif"; import { setupTests } from "./testing-utils"; import * as util from "./util"; @@ -201,7 +202,7 @@ test("addFingerprints", async (t) => { fs .readFileSync(`${__dirname}/../src/testdata/fingerprinting.input.sarif`) .toString(), - ) as util.SarifFile; + ) as sarif.Log; const expected = JSON.parse( fs .readFileSync( @@ -229,7 +230,7 @@ test("missingRegions", async (t) => { fs .readFileSync(`${__dirname}/../src/testdata/fingerprinting2.input.sarif`) .toString(), - ) as util.SarifFile; + ) as sarif.Log; const expected = JSON.parse( fs .readFileSync( diff --git a/src/fingerprints.ts b/src/fingerprints.ts index 443238ed4f..e6c5bd1316 100644 --- a/src/fingerprints.ts +++ b/src/fingerprints.ts @@ -5,7 +5,7 @@ import Long from "long"; import { DocUrl } from "./doc-url"; import { Logger } from "./logging"; -import { SarifFile, SarifResult } from "./util"; +import type * as sarif from "./sarif"; const tab = "\t".charCodeAt(0); const space = " ".charCodeAt(0); @@ -138,7 +138,7 @@ export async function hash(callback: hashCallback, filepath: string) { // Generate a hash callback function that updates the given result in-place // when it receives a hash for the correct line number. Ignores hashes for other lines. function locationUpdateCallback( - result: SarifResult, + result: sarif.Result, location: any, logger: Logger, ): hashCallback { @@ -256,17 +256,17 @@ export function resolveUriToFile( // Compute fingerprints for results in the given sarif file // and return an updated sarif file contents. export async function addFingerprints( - sarif: SarifFile, + sarifLog: sarif.Log, sourceRoot: string, logger: Logger, -): Promise { +): Promise { logger.info( `Adding fingerprints to SARIF file. See ${DocUrl.TRACK_CODE_SCANNING_ALERTS_ACROSS_RUNS} for more information.`, ); // Gather together results for the same file and construct // callbacks to accept hashes for that file and update the location const callbacksByFile: { [filename: string]: hashCallback[] } = {}; - for (const run of sarif.runs || []) { + for (const run of sarifLog.runs || []) { // We may need the list of artifacts to resolve against const artifacts = run.artifacts || []; @@ -316,5 +316,5 @@ export async function addFingerprints( await hash(teeCallback, filepath); } - return sarif; + return sarifLog; } diff --git a/src/sarif/index.test.ts b/src/sarif/index.test.ts index 94d1c5f182..115d350133 100644 --- a/src/sarif/index.test.ts +++ b/src/sarif/index.test.ts @@ -4,7 +4,7 @@ import test from "ava"; import { setupTests } from "../testing-utils"; -import { getToolNames, type SarifFile } from "."; +import { getToolNames, type Log } from "."; setupTests(test); @@ -13,6 +13,6 @@ test("getToolNames", (t) => { `${__dirname}/../../src/testdata/tool-names.sarif`, "utf8", ); - const toolNames = getToolNames(JSON.parse(input) as SarifFile); + const toolNames = getToolNames(JSON.parse(input) as Log); t.deepEqual(toolNames, ["CodeQL command-line toolchain", "ESLint"]); }); diff --git a/src/sarif/index.ts b/src/sarif/index.ts index acb19e1e94..628c772268 100644 --- a/src/sarif/index.ts +++ b/src/sarif/index.ts @@ -4,16 +4,10 @@ import { Logger } from "../logging"; import * as sarif from "sarif"; -// Re-export some types with other names for backwards-compatibility -export type SarifLocation = sarif.Location; -export type SarifNotification = sarif.Notification; -export type SarifInvocation = sarif.Invocation; -export type SarifResult = sarif.Result; -export type SarifRun = sarif.Run; -export type SarifFile = sarif.Log; +export type * from "sarif"; // `automationId` is non-standard. -export type SarifRunKey = sarif.ToolComponent & { +export type RunKey = sarif.ToolComponent & { automationId: string | undefined; }; @@ -27,7 +21,7 @@ export class InvalidSarifUploadError extends Error {} * * Returns an array of unique string tool names. */ -export function getToolNames(sarifFile: SarifFile): string[] { +export function getToolNames(sarifFile: sarif.Log): string[] { const toolNames = {}; for (const run of sarifFile.runs || []) { @@ -41,8 +35,8 @@ export function getToolNames(sarifFile: SarifFile): string[] { return Object.keys(toolNames); } -export function readSarifFile(sarifFilePath: string): SarifFile { - return JSON.parse(fs.readFileSync(sarifFilePath, "utf8")) as SarifFile; +export function readSarifFile(sarifFilePath: string): sarif.Log { + return JSON.parse(fs.readFileSync(sarifFilePath, "utf8")) as sarif.Log; } // Takes a list of paths to sarif files and combines them together, @@ -50,9 +44,9 @@ export function readSarifFile(sarifFilePath: string): SarifFile { export function combineSarifFiles( sarifFiles: string[], logger: Logger, -): SarifFile { +): sarif.Log { logger.info(`Loading SARIF file(s)`); - const combinedSarif: SarifFile = { + const combinedSarif: sarif.Log = { version: "2.1.0", runs: [], }; @@ -79,7 +73,7 @@ export function combineSarifFiles( * Checks whether all the runs in the given SARIF files were produced by CodeQL. * @param sarifObjects The list of SARIF objects to check. */ -export function areAllRunsProducedByCodeQL(sarifObjects: SarifFile[]): boolean { +export function areAllRunsProducedByCodeQL(sarifObjects: sarif.Log[]): boolean { return sarifObjects.every((sarifObject) => { return sarifObject.runs?.every( (run) => run.tool?.driver?.name === "CodeQL", @@ -87,7 +81,7 @@ export function areAllRunsProducedByCodeQL(sarifObjects: SarifFile[]): boolean { }); } -function createRunKey(run: SarifRun): SarifRunKey { +function createRunKey(run: sarif.Run): RunKey { return { name: run.tool?.driver?.name, fullName: run.tool?.driver?.fullName, @@ -103,7 +97,7 @@ function createRunKey(run: SarifRun): SarifRunKey { * criteria used by Code Scanning to determine analysis categories). * @param sarifObjects The list of SARIF objects to check. */ -export function areAllRunsUnique(sarifObjects: SarifFile[]): boolean { +export function areAllRunsUnique(sarifObjects: sarif.Log[]): boolean { const keys = new Set(); for (const sarifObject of sarifObjects) { diff --git a/src/upload-lib.test.ts b/src/upload-lib.test.ts index dbaa7d8e0a..9926fed5bc 100644 --- a/src/upload-lib.test.ts +++ b/src/upload-lib.test.ts @@ -10,15 +10,11 @@ import * as analyses from "./analyses"; import { AnalysisKind, CodeQuality, CodeScanning } from "./analyses"; import * as api from "./api-client"; import { getRunnerLogger, Logger } from "./logging"; +import * as sarif from "./sarif"; import { setupTests } from "./testing-utils"; import * as uploadLib from "./upload-lib"; import { UploadPayload } from "./upload-lib/types"; -import { - GitHubVariant, - initializeEnvironment, - SarifFile, - withTmpDir, -} from "./util"; +import { GitHubVariant, initializeEnvironment, withTmpDir } from "./util"; setupTests(test); @@ -268,13 +264,13 @@ test("getGroupedSarifFilePaths - Other file", async (t) => { test("populateRunAutomationDetails", (t) => { const tool = { driver: { name: "test tool" } }; - let sarif: SarifFile = { + let sarifLog: sarif.Log = { version: "2.1.0", runs: [{ tool }], }; const analysisKey = ".github/workflows/codeql-analysis.yml:analyze"; - let expectedSarif: SarifFile = { + let expectedSarif: sarif.Log = { version: "2.1.0", runs: [ { tool, automationDetails: { id: "language:javascript/os:linux/" } }, @@ -283,7 +279,7 @@ test("populateRunAutomationDetails", (t) => { // Category has priority over analysis_key/environment let modifiedSarif = uploadLib.populateRunAutomationDetails( - sarif, + sarifLog, "language:javascript/os:linux", analysisKey, '{"language": "other", "os": "other"}', @@ -292,7 +288,7 @@ test("populateRunAutomationDetails", (t) => { // It doesn't matter if the category has a slash at the end or not modifiedSarif = uploadLib.populateRunAutomationDetails( - sarif, + sarifLog, "language:javascript/os:linux/", analysisKey, "", @@ -300,7 +296,7 @@ test("populateRunAutomationDetails", (t) => { t.deepEqual(modifiedSarif, expectedSarif); // check that the automation details doesn't get overwritten - sarif = { + sarifLog = { version: "2.1.0", runs: [{ tool, automationDetails: { id: "my_id" } }], }; @@ -309,7 +305,7 @@ test("populateRunAutomationDetails", (t) => { runs: [{ tool, automationDetails: { id: "my_id" } }], }; modifiedSarif = uploadLib.populateRunAutomationDetails( - sarif, + sarifLog, undefined, analysisKey, '{"os": "linux", "language": "javascript"}', @@ -317,7 +313,7 @@ test("populateRunAutomationDetails", (t) => { t.deepEqual(modifiedSarif, expectedSarif); // check multiple runs - sarif = { + sarifLog = { version: "2.1.0", runs: [{ tool, automationDetails: { id: "my_id" } }, { tool }], }; @@ -334,7 +330,7 @@ test("populateRunAutomationDetails", (t) => { ], }; modifiedSarif = uploadLib.populateRunAutomationDetails( - sarif, + sarifLog, undefined, analysisKey, '{"os": "linux", "language": "javascript"}', @@ -570,7 +566,7 @@ test("validateUniqueCategory for multiple runs", (t) => { const sarif2 = createMockSarif("ghi", "jkl"); // duplicate categories are allowed within the same sarif file - const multiSarif: SarifFile = { + const multiSarif: sarif.Log = { version: "2.1.0", runs: [sarif1.runs[0], sarif1.runs[0], sarif2.runs[0]], }; @@ -903,7 +899,7 @@ test("shouldConsiderInvalidRequest returns correct recognises processing errors" t.false(uploadLib.shouldConsiderInvalidRequest(error3)); }); -function createMockSarif(id?: string, tool?: string): SarifFile { +function createMockSarif(id?: string, tool?: string): sarif.Log { return { version: "2.1.0", runs: [ diff --git a/src/upload-lib.ts b/src/upload-lib.ts index 919adbccfe..dcda043614 100644 --- a/src/upload-lib.ts +++ b/src/upload-lib.ts @@ -21,7 +21,7 @@ import * as gitUtils from "./git-utils"; import { initCodeQL } from "./init"; import { Logger } from "./logging"; import { getRepositoryNwo, RepositoryNwo } from "./repository"; -import type { SarifFile } from "./sarif"; +import * as sarif from "./sarif"; import { areAllRunsProducedByCodeQL, areAllRunsUnique, @@ -46,7 +46,7 @@ const GENERIC_404_MSG = // Checks whether the deprecation warning for combining SARIF files should be shown. export async function shouldShowCombineSarifFilesDeprecationWarning( - sarifObjects: util.SarifFile[], + sarifObjects: sarif.Log[], githubVersion: GitHubVersion, ) { // Do not show this warning on GHES versions before 3.14.0 @@ -66,7 +66,7 @@ export async function shouldShowCombineSarifFilesDeprecationWarning( } export async function throwIfCombineSarifFilesDisabled( - sarifObjects: util.SarifFile[], + sarifObjects: sarif.Log[], githubVersion: GitHubVersion, ) { if (!(await shouldDisableCombineSarifFiles(sarifObjects, githubVersion))) { @@ -83,7 +83,7 @@ export async function throwIfCombineSarifFilesDisabled( // Checks whether combining SARIF files should be disabled. async function shouldDisableCombineSarifFiles( - sarifObjects: util.SarifFile[], + sarifObjects: sarif.Log[], githubVersion: GitHubVersion, ) { if (githubVersion.type === GitHubVariant.GHES) { @@ -112,7 +112,7 @@ async function combineSarifFilesUsingCLI( gitHubVersion: GitHubVersion, features: FeatureEnablement, logger: Logger, -): Promise { +): Promise { logger.info("Combining SARIF files using the CodeQL CLI"); const sarifObjects = sarifFiles.map(util.readSarifFile); @@ -203,11 +203,11 @@ async function combineSarifFilesUsingCLI( // Populates the run.automationDetails.id field using the analysis_key and environment // and return an updated sarif file contents. export function populateRunAutomationDetails( - sarifFile: SarifFile, + sarifFile: sarif.Log, category: string | undefined, analysis_key: string, environment: string | undefined, -): SarifFile { +): sarif.Log { const automationID = getAutomationID(category, analysis_key, environment); if (automationID !== undefined) { @@ -429,9 +429,9 @@ export async function getGroupedSarifFilePaths( } // Counts the number of results in the given SARIF file -function countResultsInSarif(sarif: string): number { +function countResultsInSarif(sarifLog: string): number { let numResults = 0; - const parsedSarif = JSON.parse(sarif); + const parsedSarif = JSON.parse(sarifLog); if (!Array.isArray(parsedSarif.runs)) { throw new InvalidSarifUploadError("Invalid SARIF. Missing 'runs' array."); } @@ -447,9 +447,9 @@ function countResultsInSarif(sarif: string): number { return numResults; } -export function readSarifFile(sarifFilePath: string): SarifFile { +export function readSarifFile(sarifFilePath: string): sarif.Log { try { - return util.readSarifFile(sarifFilePath); + return sarif.readSarifFile(sarifFilePath); } catch (e) { throw new InvalidSarifUploadError( `Invalid SARIF. JSON syntax error: ${getErrorMessage(e)}`, @@ -460,12 +460,12 @@ export function readSarifFile(sarifFilePath: string): SarifFile { // Validates the given SARIF object and throws an error if the SARIF object is invalid. // The file path is only used in error messages to improve clarity. export function validateSarifFileSchema( - sarif: SarifFile, + sarifLog: sarif.Log, sarifFilePath: string, logger: Logger, ) { if ( - areAllRunsProducedByCodeQL([sarif]) && + areAllRunsProducedByCodeQL([sarifLog]) && // We want to validate CodeQL SARIF in testing environments. !util.getTestingEnvironment() ) { @@ -479,7 +479,7 @@ export function validateSarifFileSchema( // eslint-disable-next-line @typescript-eslint/no-require-imports const schema = require("../src/sarif-schema-2.1.0.json") as jsonschema.Schema; - const result = new jsonschema.Validator().validate(sarif, schema); + const result = new jsonschema.Validator().validate(sarifLog, schema); // Filter errors related to invalid URIs in the artifactLocation field as this // is a breaking change. See https://github.com/github/codeql-action/issues/1703 const warningAttributes = ["uri-reference", "uri"]; @@ -581,7 +581,7 @@ export function buildPayload( } export interface PostProcessingResults { - sarif: util.SarifFile; + sarif: sarif.Log; analysisKey: string; environment: string; } @@ -611,7 +611,7 @@ export async function postProcessSarifFiles( const gitHubVersion = await getGitHubVersion(); - let sarif: SarifFile; + let sarifLog: sarif.Log; category = analysis.fixCategory(logger, category); if (sarifPaths.length > 1) { @@ -621,7 +621,7 @@ export async function postProcessSarifFiles( validateSarifFileSchema(parsedSarif, sarifPath, logger); } - sarif = await combineSarifFilesUsingCLI( + sarifLog = await combineSarifFilesUsingCLI( sarifPaths, gitHubVersion, features, @@ -629,26 +629,26 @@ export async function postProcessSarifFiles( ); } else { const sarifPath = sarifPaths[0]; - sarif = readSarifFile(sarifPath); - validateSarifFileSchema(sarif, sarifPath, logger); + sarifLog = readSarifFile(sarifPath); + validateSarifFileSchema(sarifLog, sarifPath, logger); // Validate that there are no runs for the same category - await throwIfCombineSarifFilesDisabled([sarif], gitHubVersion); + await throwIfCombineSarifFilesDisabled([sarifLog], gitHubVersion); } - sarif = filterAlertsByDiffRange(logger, sarif); - sarif = await fingerprints.addFingerprints(sarif, checkoutPath, logger); + sarifLog = filterAlertsByDiffRange(logger, sarifLog); + sarifLog = await fingerprints.addFingerprints(sarifLog, checkoutPath, logger); const analysisKey = await api.getAnalysisKey(); const environment = actionsUtil.getRequiredInput("matrix"); - sarif = populateRunAutomationDetails( - sarif, + sarifLog = populateRunAutomationDetails( + sarifLog, category, analysisKey, environment, ); - return { sarif, analysisKey, environment }; + return { sarif: sarifLog, analysisKey, environment }; } /** @@ -754,13 +754,13 @@ export async function uploadPostProcessedFiles( ): Promise { logger.startGroup(`Uploading ${uploadTarget.name} results`); - const sarif = postProcessingResults.sarif; - const toolNames = util.getToolNames(sarif); + const sarifLog = postProcessingResults.sarif; + const toolNames = util.getToolNames(sarifLog); logger.debug(`Validating that each SARIF run has a unique category`); - validateUniqueCategory(sarif, uploadTarget.sentinelPrefix); + validateUniqueCategory(sarifLog, uploadTarget.sentinelPrefix); logger.debug(`Serializing SARIF for upload`); - const sarifPayload = JSON.stringify(sarif); + const sarifPayload = JSON.stringify(sarifLog); logger.debug(`Compressing serialized SARIF`); const zippedSarif = zlib.gzipSync(sarifPayload).toString("base64"); @@ -1003,14 +1003,14 @@ function handleProcessingResultForUnsuccessfulExecution( } export function validateUniqueCategory( - sarif: SarifFile, + sarifLog: sarif.Log, sentinelPrefix: string, ): void { // duplicate categories are allowed in the same sarif file // but not across multiple sarif files const categories = {} as Record; - for (const run of sarif.runs) { + for (const run of sarifLog.runs) { const id = run?.automationDetails?.id; const tool = run.tool?.driver?.name; const category = `${sanitize(id)}_${sanitize(tool)}`; @@ -1045,15 +1045,18 @@ function sanitize(str?: string) { return (str ?? "_").replace(/[^a-zA-Z0-9_]/g, "_").toLocaleUpperCase(); } -function filterAlertsByDiffRange(logger: Logger, sarif: SarifFile): SarifFile { +function filterAlertsByDiffRange( + logger: Logger, + sarifLog: sarif.Log, +): sarif.Log { const diffRanges = readDiffRangesJsonFile(logger); if (!diffRanges?.length) { - return sarif; + return sarifLog; } const checkoutPath = actionsUtil.getRequiredInput("checkout_path"); - for (const run of sarif.runs) { + for (const run of sarifLog.runs) { if (run.results) { run.results = run.results.filter((result) => { const locations = [ @@ -1089,5 +1092,5 @@ function filterAlertsByDiffRange(logger: Logger, sarif: SarifFile): SarifFile { } } - return sarif; + return sarifLog; } From 1721ce7afd720aed7911df9c4bcc7900f3ad9ad2 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Tue, 3 Mar 2026 11:05:37 +0000 Subject: [PATCH 08/11] Address minor review comments --- lib/analyze-action.js | 258 ++++++++++++++++++------------------ lib/init-action-post.js | 262 ++++++++++++++++++------------------- lib/upload-lib.js | 204 ++++++++++++++--------------- lib/upload-sarif-action.js | 168 ++++++++++++------------ src/sarif/index.ts | 18 ++- src/upload-lib.test.ts | 6 +- src/upload-lib.ts | 16 ++- src/upload-sarif-action.ts | 2 +- src/util.ts | 2 - 9 files changed, 461 insertions(+), 475 deletions(-) diff --git a/lib/analyze-action.js b/lib/analyze-action.js index 5ddb1b8823..1b881eb184 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -103239,7 +103239,7 @@ var import_perf_hooks3 = require("perf_hooks"); var core14 = __toESM(require_core()); // src/actions-util.ts -var fs3 = __toESM(require("fs")); +var fs2 = __toESM(require("fs")); var path2 = __toESM(require("path")); var core4 = __toESM(require_core()); var toolrunner = __toESM(require_toolrunner()); @@ -103247,7 +103247,7 @@ var github = __toESM(require_github()); var io2 = __toESM(require_io()); // src/util.ts -var fs2 = __toESM(require("fs")); +var fs = __toESM(require("fs")); var fsPromises = __toESM(require("fs/promises")); var os = __toESM(require("os")); var path = __toESM(require("path")); @@ -105897,77 +105897,6 @@ var safeDump = renamed("safeDump", "dump"); // src/util.ts var semver = __toESM(require_semver2()); - -// src/sarif/index.ts -var fs = __toESM(require("fs")); -var InvalidSarifUploadError = class extends Error { -}; -function getToolNames(sarifFile) { - const toolNames = {}; - for (const run2 of sarifFile.runs || []) { - const tool = run2.tool || {}; - const driver = tool.driver || {}; - if (typeof driver.name === "string" && driver.name.length > 0) { - toolNames[driver.name] = true; - } - } - return Object.keys(toolNames); -} -function readSarifFile(sarifFilePath) { - return JSON.parse(fs.readFileSync(sarifFilePath, "utf8")); -} -function combineSarifFiles(sarifFiles, logger) { - logger.info(`Loading SARIF file(s)`); - const combinedSarif = { - version: "2.1.0", - runs: [] - }; - for (const sarifFile of sarifFiles) { - logger.debug(`Loading SARIF file: ${sarifFile}`); - const sarifObject = readSarifFile(sarifFile); - if (combinedSarif.version === null) { - combinedSarif.version = sarifObject.version; - } else if (combinedSarif.version !== sarifObject.version) { - throw new InvalidSarifUploadError( - `Different SARIF versions encountered: ${combinedSarif.version} and ${sarifObject.version}` - ); - } - combinedSarif.runs.push(...sarifObject.runs); - } - return combinedSarif; -} -function areAllRunsProducedByCodeQL(sarifObjects) { - return sarifObjects.every((sarifObject) => { - return sarifObject.runs?.every( - (run2) => run2.tool?.driver?.name === "CodeQL" - ); - }); -} -function createRunKey(run2) { - return { - name: run2.tool?.driver?.name, - fullName: run2.tool?.driver?.fullName, - version: run2.tool?.driver?.version, - semanticVersion: run2.tool?.driver?.semanticVersion, - guid: run2.tool?.driver?.guid, - automationId: run2.automationDetails?.id - }; -} -function areAllRunsUnique(sarifObjects) { - const keys = /* @__PURE__ */ new Set(); - for (const sarifObject of sarifObjects) { - for (const run2 of sarifObject.runs) { - const key = JSON.stringify(createRunKey(run2)); - if (keys.has(key)) { - return false; - } - keys.add(key); - } - } - return true; -} - -// src/util.ts var BASE_DATABASE_OIDS_FILE_NAME = "base-database-oids.json"; var BROKEN_VERSIONS = ["0.0.0-20211207"]; var GITHUB_DOTCOM_URL = "https://github.com"; @@ -106039,13 +105968,13 @@ function getTotalMemoryBytes(logger) { return limit; } function getCgroupMemoryLimitBytes(limitFile, logger) { - if (!fs2.existsSync(limitFile)) { + if (!fs.existsSync(limitFile)) { logger.debug( `While resolving RAM, did not find a cgroup memory limit at ${limitFile}.` ); return void 0; } - const limit = Number(fs2.readFileSync(limitFile, "utf8")); + const limit = Number(fs.readFileSync(limitFile, "utf8")); if (!Number.isInteger(limit)) { logger.debug( `While resolving RAM, ignored the file ${limitFile} that may contain a cgroup memory limit as this file did not contain an integer.` @@ -106119,13 +106048,13 @@ function getThreadsFlagValue(userInput, logger) { return numThreads; } function getCgroupCpuCountFromCpuMax(cpuMaxFile, logger) { - if (!fs2.existsSync(cpuMaxFile)) { + if (!fs.existsSync(cpuMaxFile)) { logger.debug( `While resolving threads, did not find a cgroup CPU file at ${cpuMaxFile}.` ); return void 0; } - const cpuMaxString = fs2.readFileSync(cpuMaxFile, "utf-8"); + const cpuMaxString = fs.readFileSync(cpuMaxFile, "utf-8"); const cpuMaxStringSplit = cpuMaxString.split(" "); if (cpuMaxStringSplit.length !== 2) { logger.debug( @@ -106145,14 +106074,14 @@ function getCgroupCpuCountFromCpuMax(cpuMaxFile, logger) { return cpuCount; } function getCgroupCpuCountFromCpus(cpusFile, logger) { - if (!fs2.existsSync(cpusFile)) { + if (!fs.existsSync(cpusFile)) { logger.debug( `While resolving threads, did not find a cgroup CPUs file at ${cpusFile}.` ); return void 0; } let cpuCount = 0; - const cpusString = fs2.readFileSync(cpusFile, "utf-8").trim(); + const cpusString = fs.readFileSync(cpusFile, "utf-8").trim(); if (cpusString.length === 0) { return void 0; } @@ -106282,12 +106211,12 @@ function getBaseDatabaseOidsFilePath(config) { async function bundleDb(config, language, codeql, dbName, { includeDiagnostics }) { const databasePath = getCodeQLDatabasePath(config, language); const databaseBundlePath = path.resolve(config.dbLocation, `${dbName}.zip`); - if (fs2.existsSync(databaseBundlePath)) { - await fs2.promises.rm(databaseBundlePath, { force: true }); + if (fs.existsSync(databaseBundlePath)) { + await fs.promises.rm(databaseBundlePath, { force: true }); } const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); const additionalFiles = []; - if (fs2.existsSync(baseDatabaseOidsFilePath)) { + if (fs.existsSync(baseDatabaseOidsFilePath)) { await fsPromises.copyFile( baseDatabaseOidsFilePath, path.join(databasePath, BASE_DATABASE_OIDS_FILE_NAME) @@ -106435,7 +106364,7 @@ function cloneObject(obj) { async function cleanUpPath(file, name, logger) { logger.debug(`Cleaning up ${name}.`); try { - await fs2.promises.rm(file, { + await fs.promises.rm(file, { force: true, recursive: true }); @@ -106498,7 +106427,7 @@ function getRelativeScriptPath() { function getWorkflowEvent() { const eventJsonFile = getRequiredEnvParam("GITHUB_EVENT_PATH"); try { - return JSON.parse(fs3.readFileSync(eventJsonFile, "utf-8")); + return JSON.parse(fs2.readFileSync(eventJsonFile, "utf-8")); } catch (e) { throw new Error( `Unable to read workflow event JSON from ${eventJsonFile}: ${e}` @@ -106744,7 +106673,7 @@ var SarifScanOrder = [ ]; // src/analyze.ts -var fs13 = __toESM(require("fs")); +var fs12 = __toESM(require("fs")); var path12 = __toESM(require("path")); var import_perf_hooks2 = require("perf_hooks"); var io5 = __toESM(require_io()); @@ -107026,7 +106955,7 @@ function wrapApiConfigurationError(e) { } // src/codeql.ts -var fs12 = __toESM(require("fs")); +var fs11 = __toESM(require("fs")); var path11 = __toESM(require("path")); var core10 = __toESM(require_core()); var toolrunner3 = __toESM(require_toolrunner()); @@ -107274,7 +107203,7 @@ function wrapCliConfigurationError(cliError) { } // src/config-utils.ts -var fs7 = __toESM(require("fs")); +var fs6 = __toESM(require("fs")); var path7 = __toESM(require("path")); // src/caching-utils.ts @@ -107412,11 +107341,11 @@ function writeDiagnostic(config, language, diagnostic) { } // src/diff-informed-analysis-utils.ts -var fs6 = __toESM(require("fs")); +var fs5 = __toESM(require("fs")); var path6 = __toESM(require("path")); // src/feature-flags.ts -var fs5 = __toESM(require("fs")); +var fs4 = __toESM(require("fs")); var path5 = __toESM(require("path")); var semver5 = __toESM(require_semver2()); @@ -107425,7 +107354,7 @@ var bundleVersion = "codeql-bundle-v2.24.2"; var cliVersion = "2.24.2"; // src/overlay/index.ts -var fs4 = __toESM(require("fs")); +var fs3 = __toESM(require("fs")); var path4 = __toESM(require("path")); var actionsCache = __toESM(require_cache5()); @@ -107636,12 +107565,12 @@ async function writeBaseDatabaseOidsFile(config, sourceRoot) { const gitFileOids = await getFileOidsUnderPath(sourceRoot); const gitFileOidsJson = JSON.stringify(gitFileOids); const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); - await fs4.promises.writeFile(baseDatabaseOidsFilePath, gitFileOidsJson); + await fs3.promises.writeFile(baseDatabaseOidsFilePath, gitFileOidsJson); } async function readBaseDatabaseOidsFile(config, logger) { const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); try { - const contents = await fs4.promises.readFile( + const contents = await fs3.promises.readFile( baseDatabaseOidsFilePath, "utf-8" ); @@ -107668,7 +107597,7 @@ async function writeOverlayChangesFile(config, sourceRoot, logger) { logger.debug( `Writing overlay changed files to ${overlayChangesFile}: ${changedFilesJson}` ); - await fs4.promises.writeFile(overlayChangesFile, changedFilesJson); + await fs3.promises.writeFile(overlayChangesFile, changedFilesJson); return overlayChangesFile; } function computeChangedFiles(baseFileOids, overlayFileOids) { @@ -107690,7 +107619,7 @@ var CACHE_PREFIX = "codeql-overlay-base-database"; var MAX_CACHE_OPERATION_MS = 6e5; async function checkOverlayBaseDatabase(codeql, config, logger, warningPrefix) { const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); - if (!fs4.existsSync(baseDatabaseOidsFilePath)) { + if (!fs3.existsSync(baseDatabaseOidsFilePath)) { logger.warning( `${warningPrefix}: ${baseDatabaseOidsFilePath} does not exist` ); @@ -108305,12 +108234,12 @@ var GitHubFeatureFlags = class { } async readLocalFlags() { try { - if (fs5.existsSync(this.featureFlagsFile)) { + if (fs4.existsSync(this.featureFlagsFile)) { this.logger.debug( `Loading feature flags from ${this.featureFlagsFile}` ); return JSON.parse( - fs5.readFileSync(this.featureFlagsFile, "utf8") + fs4.readFileSync(this.featureFlagsFile, "utf8") ); } } catch (e) { @@ -108323,7 +108252,7 @@ var GitHubFeatureFlags = class { async writeLocalFlags(flags) { try { this.logger.debug(`Writing feature flags to ${this.featureFlagsFile}`); - fs5.writeFileSync(this.featureFlagsFile, JSON.stringify(flags)); + fs4.writeFileSync(this.featureFlagsFile, JSON.stringify(flags)); } catch (e) { this.logger.warning( `Error writing cached feature flags file ${this.featureFlagsFile}: ${e}.` @@ -108416,7 +108345,7 @@ function getDiffRangesJsonFilePath() { function writeDiffRangesJsonFile(logger, ranges) { const jsonContents = JSON.stringify(ranges, null, 2); const jsonFilePath = getDiffRangesJsonFilePath(); - fs6.writeFileSync(jsonFilePath, jsonContents); + fs5.writeFileSync(jsonFilePath, jsonContents); logger.debug( `Wrote pr-diff-range JSON file to ${jsonFilePath}: ${jsonContents}` @@ -108424,11 +108353,11 @@ ${jsonContents}` } function readDiffRangesJsonFile(logger) { const jsonFilePath = getDiffRangesJsonFilePath(); - if (!fs6.existsSync(jsonFilePath)) { + if (!fs5.existsSync(jsonFilePath)) { logger.debug(`Diff ranges JSON file does not exist at ${jsonFilePath}`); return void 0; } - const jsonContents = fs6.readFileSync(jsonFilePath, "utf8"); + const jsonContents = fs5.readFileSync(jsonFilePath, "utf8"); logger.debug( `Read pr-diff-range JSON file from ${jsonFilePath}: ${jsonContents}` @@ -108707,10 +108636,10 @@ function getPathToParsedConfigFile(tempDir) { } async function getConfig(tempDir, logger) { const configFile = getPathToParsedConfigFile(tempDir); - if (!fs7.existsSync(configFile)) { + if (!fs6.existsSync(configFile)) { return void 0; } - const configString = fs7.readFileSync(configFile, "utf8"); + const configString = fs6.readFileSync(configFile, "utf8"); logger.debug("Loaded config:"); logger.debug(configString); const config = JSON.parse(configString); @@ -108761,7 +108690,7 @@ function getPrimaryAnalysisConfig(config) { } // src/setup-codeql.ts -var fs10 = __toESM(require("fs")); +var fs9 = __toESM(require("fs")); var path9 = __toESM(require("path")); var toolcache3 = __toESM(require_tool_cache()); var import_fast_deep_equal = __toESM(require_fast_deep_equal()); @@ -108823,7 +108752,7 @@ var v4_default = v4; // src/tar.ts var import_child_process = require("child_process"); -var fs8 = __toESM(require("fs")); +var fs7 = __toESM(require("fs")); var stream = __toESM(require("stream")); var import_toolrunner = __toESM(require_toolrunner()); var io4 = __toESM(require_io()); @@ -108896,7 +108825,7 @@ async function isZstdAvailable(logger) { } } async function extract(tarPath, dest, compressionMethod, tarVersion, logger) { - fs8.mkdirSync(dest, { recursive: true }); + fs7.mkdirSync(dest, { recursive: true }); switch (compressionMethod) { case "gzip": return await toolcache.extractTar(tarPath, dest); @@ -108980,7 +108909,7 @@ function inferCompressionMethod(tarPath) { } // src/tools-download.ts -var fs9 = __toESM(require("fs")); +var fs8 = __toESM(require("fs")); var os2 = __toESM(require("os")); var path8 = __toESM(require("path")); var import_perf_hooks = require("perf_hooks"); @@ -109087,7 +109016,7 @@ async function downloadAndExtract(codeqlURL, compressionMethod, dest, authorizat }; } async function downloadAndExtractZstdWithStreaming(codeqlURL, dest, authorization, headers, tarVersion, logger) { - fs9.mkdirSync(dest, { recursive: true }); + fs8.mkdirSync(dest, { recursive: true }); const agent = new import_http_client.HttpClient().getAgent(codeqlURL); headers = Object.assign( { "User-Agent": "CodeQL Action" }, @@ -109124,7 +109053,7 @@ function getToolcacheDirectory(version) { } function writeToolcacheMarkerFile(extractedPath, logger) { const markerFilePath = `${extractedPath}.complete`; - fs9.writeFileSync(markerFilePath, ""); + fs8.writeFileSync(markerFilePath, ""); logger.info(`Created toolcache marker file ${markerFilePath}`); } function sanitizeUrlForStatusReport(url2) { @@ -109259,7 +109188,7 @@ async function findOverridingToolsInCache(humanReadableVersion, logger) { const candidates = toolcache3.findAllVersions("CodeQL").filter(isGoodVersion).map((version) => ({ folder: toolcache3.find("CodeQL", version), version - })).filter(({ folder }) => fs10.existsSync(path9.join(folder, "pinned-version"))); + })).filter(({ folder }) => fs9.existsSync(path9.join(folder, "pinned-version"))); if (candidates.length === 1) { const candidate = candidates[0]; logger.debug( @@ -109706,7 +109635,7 @@ function isReservedToolsValue(tools) { } // src/tracer-config.ts -var fs11 = __toESM(require("fs")); +var fs10 = __toESM(require("fs")); var path10 = __toESM(require("path")); async function shouldEnableIndirectTracing(codeql, config) { if (config.buildMode === "none" /* None */) { @@ -109726,14 +109655,14 @@ async function endTracingForCluster(codeql, config, logger) { config.dbLocation, "temp/tracingEnvironment/end-tracing.json" ); - if (!fs11.existsSync(envVariablesFile)) { + if (!fs10.existsSync(envVariablesFile)) { throw new Error( `Environment file for ending tracing not found: ${envVariablesFile}` ); } try { const endTracingEnvVariables = JSON.parse( - fs11.readFileSync(envVariablesFile, "utf8") + fs10.readFileSync(envVariablesFile, "utf8") ); for (const [key, value] of Object.entries(endTracingEnvVariables)) { if (value !== null) { @@ -109846,7 +109775,7 @@ async function getCodeQLForCmd(cmd, checkVersion) { "tools", "tracing-config.lua" ); - return fs12.existsSync(tracingConfigPath); + return fs11.existsSync(tracingConfigPath); }, async isScannedLanguage(language) { return !await this.isTracedLanguage(language); @@ -110326,7 +110255,7 @@ async function writeCodeScanningConfigFile(config, logger) { logger.startGroup("Augmented user configuration file contents"); logger.info(dump(augmentedConfig)); logger.endGroup(); - fs12.writeFileSync(codeScanningConfigFile, dump(augmentedConfig)); + fs11.writeFileSync(codeScanningConfigFile, dump(augmentedConfig)); return codeScanningConfigFile; } var TRAP_CACHE_SIZE_MB = 1024; @@ -110673,7 +110602,7 @@ function dbIsFinalized(config, language, logger) { const dbPath = getCodeQLDatabasePath(config, language); try { const dbInfo = load( - fs13.readFileSync(path12.resolve(dbPath, "codeql-database.yml"), "utf8") + fs12.readFileSync(path12.resolve(dbPath, "codeql-database.yml"), "utf8") ); return !("inProgress" in dbInfo); } catch { @@ -110740,8 +110669,8 @@ function writeDiffRangeDataExtensionPack(logger, ranges) { ranges = [{ path: "", startLine: 0, endLine: 0 }]; } const diffRangeDir = path12.join(getTemporaryDirectory(), "pr-diff-range"); - fs13.mkdirSync(diffRangeDir, { recursive: true }); - fs13.writeFileSync( + fs12.mkdirSync(diffRangeDir, { recursive: true }); + fs12.writeFileSync( path12.join(diffRangeDir, "qlpack.yml"), ` name: codeql-action/pr-diff-range @@ -110775,7 +110704,7 @@ extensions: } const extensionContents = header + data; const extensionFilePath = path12.join(diffRangeDir, "pr-diff-range.yml"); - fs13.writeFileSync(extensionFilePath, extensionContents); + fs12.writeFileSync(extensionFilePath, extensionContents); logger.debug( `Wrote pr-diff-range extension pack to ${extensionFilePath}: ${extensionContents}` @@ -110928,7 +110857,7 @@ async function runQueries(sarifFolder, memoryFlag, threadsFlag, diffRangePackDir } function getPerQueryAlertCounts(sarifPath) { const sarifObject = JSON.parse( - fs13.readFileSync(sarifPath, "utf8") + fs12.readFileSync(sarifPath, "utf8") ); const perQueryAlertCounts = {}; for (const sarifRun of sarifObject.runs) { @@ -110946,13 +110875,13 @@ async function runQueries(sarifFolder, memoryFlag, threadsFlag, diffRangePackDir } async function runFinalize(features, outputDir, threadsFlag, memoryFlag, codeql, config, logger) { try { - await fs13.promises.rm(outputDir, { force: true, recursive: true }); + await fs12.promises.rm(outputDir, { force: true, recursive: true }); } catch (error3) { if (error3?.code !== "ENOENT") { throw error3; } } - await fs13.promises.mkdir(outputDir, { recursive: true }); + await fs12.promises.mkdir(outputDir, { recursive: true }); const timings = await finalizeDatabaseCreation( codeql, features, @@ -110996,7 +110925,7 @@ async function warnIfGoInstalledAfterInit(config, logger) { } // src/database-upload.ts -var fs14 = __toESM(require("fs")); +var fs13 = __toESM(require("fs")); async function cleanupAndUploadDatabases(repositoryNwo, codeql, config, apiDetails, features, logger) { if (getRequiredInput("upload-database") !== "true") { logger.debug("Database upload disabled in workflow. Skipping upload."); @@ -111039,8 +110968,8 @@ async function cleanupAndUploadDatabases(repositoryNwo, codeql, config, apiDetai const bundledDb = await bundleDb(config, language, codeql, language, { includeDiagnostics: false }); - bundledDbSize = fs14.statSync(bundledDb).size; - const bundledDbReadStream = fs14.createReadStream(bundledDb); + bundledDbSize = fs13.statSync(bundledDb).size; + const bundledDbReadStream = fs13.createReadStream(bundledDb); const commitOid = await getCommitOid( getRequiredInput("checkout_path") ); @@ -111304,7 +111233,7 @@ var core13 = __toESM(require_core()); var jsonschema2 = __toESM(require_lib2()); // src/fingerprints.ts -var fs15 = __toESM(require("fs")); +var fs14 = __toESM(require("fs")); var import_path3 = __toESM(require("path")); // node_modules/long/index.js @@ -112292,7 +112221,7 @@ async function hash(callback, filepath) { } updateHash(current); }; - const readStream = fs15.createReadStream(filepath, "utf8"); + const readStream = fs14.createReadStream(filepath, "utf8"); for await (const data of readStream) { for (let i = 0; i < data.length; ++i) { processCharacter(data.charCodeAt(i)); @@ -112367,11 +112296,11 @@ function resolveUriToFile(location, artifacts, sourceRoot, logger) { if (!import_path3.default.isAbsolute(uri)) { uri = srcRootPrefix + uri; } - if (!fs15.existsSync(uri)) { + if (!fs14.existsSync(uri)) { logger.debug(`Unable to compute fingerprint for non-existent file: ${uri}`); return void 0; } - if (fs15.statSync(uri).isDirectory()) { + if (fs14.statSync(uri).isDirectory()) { logger.debug(`Unable to compute fingerprint for directory: ${uri}`); return void 0; } @@ -112457,6 +112386,73 @@ async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVe }; } +// src/sarif/index.ts +var fs15 = __toESM(require("fs")); +var InvalidSarifUploadError = class extends Error { +}; +function getToolNames(sarifFile) { + const toolNames = {}; + for (const run2 of sarifFile.runs || []) { + const tool = run2.tool || {}; + const driver = tool.driver || {}; + if (typeof driver.name === "string" && driver.name.length > 0) { + toolNames[driver.name] = true; + } + } + return Object.keys(toolNames); +} +function readSarifFile(sarifFilePath) { + return JSON.parse(fs15.readFileSync(sarifFilePath, "utf8")); +} +function combineSarifFiles(sarifFiles, logger) { + logger.info(`Loading SARIF file(s)`); + const combinedSarif = { + version: "2.1.0", + runs: [] + }; + for (const sarifFile of sarifFiles) { + logger.debug(`Loading SARIF file: ${sarifFile}`); + const sarifObject = readSarifFile(sarifFile); + if (combinedSarif.version === null) { + combinedSarif.version = sarifObject.version; + } else if (combinedSarif.version !== sarifObject.version) { + throw new InvalidSarifUploadError( + `Different SARIF versions encountered: ${combinedSarif.version} and ${sarifObject.version}` + ); + } + combinedSarif.runs.push(...sarifObject.runs); + } + return combinedSarif; +} +function areAllRunsProducedByCodeQL(sarifLogs) { + return sarifLogs.every((sarifLog) => { + return sarifLog.runs?.every((run2) => run2.tool?.driver?.name === "CodeQL"); + }); +} +function createRunKey(run2) { + return { + name: run2.tool?.driver?.name, + fullName: run2.tool?.driver?.fullName, + version: run2.tool?.driver?.version, + semanticVersion: run2.tool?.driver?.semanticVersion, + guid: run2.tool?.driver?.guid, + automationId: run2.automationDetails?.id + }; +} +function areAllRunsUnique(sarifLogs) { + const keys = /* @__PURE__ */ new Set(); + for (const sarifLog of sarifLogs) { + for (const run2 of sarifLog.runs) { + const key = JSON.stringify(createRunKey(run2)); + if (keys.has(key)) { + return false; + } + keys.add(key); + } + } + return true; +} + // src/upload-lib.ts var GENERIC_403_MSG = "The repo on which this action is running has not opted-in to CodeQL code scanning."; var GENERIC_404_MSG = "The CodeQL code scanning feature is forbidden on this repository."; @@ -112694,7 +112690,7 @@ function countResultsInSarif(sarifLog) { } return numResults; } -function readSarifFile2(sarifFilePath) { +function readSarifFileOrThrow(sarifFilePath) { try { return readSarifFile(sarifFilePath); } catch (e) { @@ -112780,7 +112776,7 @@ async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths, category = analysis.fixCategory(logger, category); if (sarifPaths.length > 1) { for (const sarifPath of sarifPaths) { - const parsedSarif = readSarifFile2(sarifPath); + const parsedSarif = readSarifFileOrThrow(sarifPath); validateSarifFileSchema(parsedSarif, sarifPath, logger); } sarifLog = await combineSarifFilesUsingCLI( @@ -112791,7 +112787,7 @@ async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths, ); } else { const sarifPath = sarifPaths[0]; - sarifLog = readSarifFile2(sarifPath); + sarifLog = readSarifFileOrThrow(sarifPath); validateSarifFileSchema(sarifLog, sarifPath, logger); await throwIfCombineSarifFilesDisabled([sarifLog], gitHubVersion); } diff --git a/lib/init-action-post.js b/lib/init-action-post.js index a58d1ed6ea..f1fb6991e3 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -161339,7 +161339,7 @@ var require_sarif_schema_2_1_0 = __commonJS({ var core16 = __toESM(require_core()); // src/actions-util.ts -var fs3 = __toESM(require("fs")); +var fs2 = __toESM(require("fs")); var path2 = __toESM(require("path")); var core4 = __toESM(require_core()); var toolrunner = __toESM(require_toolrunner()); @@ -161347,7 +161347,7 @@ var github = __toESM(require_github()); var io2 = __toESM(require_io()); // src/util.ts -var fs2 = __toESM(require("fs")); +var fs = __toESM(require("fs")); var fsPromises = __toESM(require("fs/promises")); var path = __toESM(require("path")); var core3 = __toESM(require_core()); @@ -164001,75 +164001,6 @@ var semver = __toESM(require_semver2()); var maximumVersion = "3.20"; var minimumVersion = "3.14"; -// src/sarif/index.ts -var fs = __toESM(require("fs")); -var InvalidSarifUploadError = class extends Error { -}; -function getToolNames(sarifFile) { - const toolNames = {}; - for (const run3 of sarifFile.runs || []) { - const tool = run3.tool || {}; - const driver = tool.driver || {}; - if (typeof driver.name === "string" && driver.name.length > 0) { - toolNames[driver.name] = true; - } - } - return Object.keys(toolNames); -} -function readSarifFile(sarifFilePath) { - return JSON.parse(fs.readFileSync(sarifFilePath, "utf8")); -} -function combineSarifFiles(sarifFiles, logger) { - logger.info(`Loading SARIF file(s)`); - const combinedSarif = { - version: "2.1.0", - runs: [] - }; - for (const sarifFile of sarifFiles) { - logger.debug(`Loading SARIF file: ${sarifFile}`); - const sarifObject = readSarifFile(sarifFile); - if (combinedSarif.version === null) { - combinedSarif.version = sarifObject.version; - } else if (combinedSarif.version !== sarifObject.version) { - throw new InvalidSarifUploadError( - `Different SARIF versions encountered: ${combinedSarif.version} and ${sarifObject.version}` - ); - } - combinedSarif.runs.push(...sarifObject.runs); - } - return combinedSarif; -} -function areAllRunsProducedByCodeQL(sarifObjects) { - return sarifObjects.every((sarifObject) => { - return sarifObject.runs?.every( - (run3) => run3.tool?.driver?.name === "CodeQL" - ); - }); -} -function createRunKey(run3) { - return { - name: run3.tool?.driver?.name, - fullName: run3.tool?.driver?.fullName, - version: run3.tool?.driver?.version, - semanticVersion: run3.tool?.driver?.semanticVersion, - guid: run3.tool?.driver?.guid, - automationId: run3.automationDetails?.id - }; -} -function areAllRunsUnique(sarifObjects) { - const keys = /* @__PURE__ */ new Set(); - for (const sarifObject of sarifObjects) { - for (const run3 of sarifObject.runs) { - const key = JSON.stringify(createRunKey(run3)); - if (keys.has(key)) { - return false; - } - keys.add(key); - } - } - return true; -} - // src/util.ts var BASE_DATABASE_OIDS_FILE_NAME = "base-database-oids.json"; var BROKEN_VERSIONS = ["0.0.0-20211207"]; @@ -164210,12 +164141,12 @@ function getBaseDatabaseOidsFilePath(config) { async function bundleDb(config, language, codeql, dbName, { includeDiagnostics }) { const databasePath = getCodeQLDatabasePath(config, language); const databaseBundlePath = path.resolve(config.dbLocation, `${dbName}.zip`); - if (fs2.existsSync(databaseBundlePath)) { - await fs2.promises.rm(databaseBundlePath, { force: true }); + if (fs.existsSync(databaseBundlePath)) { + await fs.promises.rm(databaseBundlePath, { force: true }); } const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); const additionalFiles = []; - if (fs2.existsSync(baseDatabaseOidsFilePath)) { + if (fs.existsSync(baseDatabaseOidsFilePath)) { await fsPromises.copyFile( baseDatabaseOidsFilePath, path.join(databasePath, BASE_DATABASE_OIDS_FILE_NAME) @@ -164258,7 +164189,7 @@ function getTestingEnvironment() { } function doesDirectoryExist(dirPath) { try { - const stats = fs2.lstatSync(dirPath); + const stats = fs.lstatSync(dirPath); return stats.isDirectory(); } catch { return false; @@ -164268,7 +164199,7 @@ function listFolder(dir) { if (!doesDirectoryExist(dir)) { return []; } - const entries = fs2.readdirSync(dir, { withFileTypes: true }); + const entries = fs.readdirSync(dir, { withFileTypes: true }); let files = []; for (const entry of entries) { if (entry.isFile()) { @@ -164351,7 +164282,7 @@ function cloneObject(obj) { async function cleanUpPath(file, name, logger) { logger.debug(`Cleaning up ${name}.`); try { - await fs2.promises.rm(file, { + await fs.promises.rm(file, { force: true, recursive: true }); @@ -164409,7 +164340,7 @@ function getRelativeScriptPath() { function getWorkflowEvent() { const eventJsonFile = getRequiredEnvParam("GITHUB_EVENT_PATH"); try { - return JSON.parse(fs3.readFileSync(eventJsonFile, "utf-8")); + return JSON.parse(fs2.readFileSync(eventJsonFile, "utf-8")); } catch (e) { throw new Error( `Unable to read workflow event JSON from ${eventJsonFile}: ${e}` @@ -164425,7 +164356,7 @@ async function printDebugLogs(config) { continue; } const walkLogFiles = (dir) => { - const entries = fs3.readdirSync(dir, { withFileTypes: true }); + const entries = fs2.readdirSync(dir, { withFileTypes: true }); if (entries.length === 0) { core4.info(`No debug logs found at directory ${logsDirectory}.`); } @@ -164435,7 +164366,7 @@ async function printDebugLogs(config) { core4.startGroup( `CodeQL Debug Logs - ${language} - ${entry.name} from file at path ${absolutePath}` ); - process.stdout.write(fs3.readFileSync(absolutePath)); + process.stdout.write(fs2.readFileSync(absolutePath)); core4.endGroup(); } else if (entry.isDirectory()) { walkLogFiles(path2.resolve(dir, entry.name)); @@ -164856,7 +164787,7 @@ function wrapApiConfigurationError(e) { var core6 = __toESM(require_core()); // src/codeql.ts -var fs12 = __toESM(require("fs")); +var fs11 = __toESM(require("fs")); var path11 = __toESM(require("path")); var core10 = __toESM(require_core()); var toolrunner3 = __toESM(require_toolrunner()); @@ -165104,7 +165035,7 @@ function wrapCliConfigurationError(cliError) { } // src/config-utils.ts -var fs8 = __toESM(require("fs")); +var fs7 = __toESM(require("fs")); var path8 = __toESM(require("path")); // src/analyses.ts @@ -165278,11 +165209,11 @@ function writeDiagnostic(config, language, diagnostic) { } // src/diff-informed-analysis-utils.ts -var fs6 = __toESM(require("fs")); +var fs5 = __toESM(require("fs")); var path6 = __toESM(require("path")); // src/feature-flags.ts -var fs5 = __toESM(require("fs")); +var fs4 = __toESM(require("fs")); var path5 = __toESM(require("path")); var semver5 = __toESM(require_semver2()); @@ -165291,7 +165222,7 @@ var bundleVersion = "codeql-bundle-v2.24.2"; var cliVersion = "2.24.2"; // src/overlay/index.ts -var fs4 = __toESM(require("fs")); +var fs3 = __toESM(require("fs")); var path4 = __toESM(require("path")); var actionsCache = __toESM(require_cache5()); @@ -165502,12 +165433,12 @@ async function writeBaseDatabaseOidsFile(config, sourceRoot) { const gitFileOids = await getFileOidsUnderPath(sourceRoot); const gitFileOidsJson = JSON.stringify(gitFileOids); const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); - await fs4.promises.writeFile(baseDatabaseOidsFilePath, gitFileOidsJson); + await fs3.promises.writeFile(baseDatabaseOidsFilePath, gitFileOidsJson); } async function readBaseDatabaseOidsFile(config, logger) { const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); try { - const contents = await fs4.promises.readFile( + const contents = await fs3.promises.readFile( baseDatabaseOidsFilePath, "utf-8" ); @@ -165534,7 +165465,7 @@ async function writeOverlayChangesFile(config, sourceRoot, logger) { logger.debug( `Writing overlay changed files to ${overlayChangesFile}: ${changedFilesJson}` ); - await fs4.promises.writeFile(overlayChangesFile, changedFilesJson); + await fs3.promises.writeFile(overlayChangesFile, changedFilesJson); return overlayChangesFile; } function computeChangedFiles(baseFileOids, overlayFileOids) { @@ -166040,12 +165971,12 @@ var GitHubFeatureFlags = class { } async readLocalFlags() { try { - if (fs5.existsSync(this.featureFlagsFile)) { + if (fs4.existsSync(this.featureFlagsFile)) { this.logger.debug( `Loading feature flags from ${this.featureFlagsFile}` ); return JSON.parse( - fs5.readFileSync(this.featureFlagsFile, "utf8") + fs4.readFileSync(this.featureFlagsFile, "utf8") ); } } catch (e) { @@ -166058,7 +165989,7 @@ var GitHubFeatureFlags = class { async writeLocalFlags(flags) { try { this.logger.debug(`Writing feature flags to ${this.featureFlagsFile}`); - fs5.writeFileSync(this.featureFlagsFile, JSON.stringify(flags)); + fs4.writeFileSync(this.featureFlagsFile, JSON.stringify(flags)); } catch (e) { this.logger.warning( `Error writing cached feature flags file ${this.featureFlagsFile}: ${e}.` @@ -166134,11 +166065,11 @@ function getDiffRangesJsonFilePath() { } function readDiffRangesJsonFile(logger) { const jsonFilePath = getDiffRangesJsonFilePath(); - if (!fs6.existsSync(jsonFilePath)) { + if (!fs5.existsSync(jsonFilePath)) { logger.debug(`Diff ranges JSON file does not exist at ${jsonFilePath}`); return void 0; } - const jsonContents = fs6.readFileSync(jsonFilePath, "utf8"); + const jsonContents = fs5.readFileSync(jsonFilePath, "utf8"); logger.debug( `Read pr-diff-range JSON file from ${jsonFilePath}: ${jsonContents}` @@ -166147,7 +166078,7 @@ ${jsonContents}` } // src/overlay/status.ts -var fs7 = __toESM(require("fs")); +var fs6 = __toESM(require("fs")); var path7 = __toESM(require("path")); var actionsCache2 = __toESM(require_cache5()); var MAX_CACHE_OPERATION_MS = 3e4; @@ -166164,8 +166095,8 @@ async function saveOverlayStatus(codeql, languages, diskUsage, status, logger) { const cacheKey = await getCacheKey(codeql, languages, diskUsage); const statusFile = getStatusFilePath(languages); try { - await fs7.promises.mkdir(path7.dirname(statusFile), { recursive: true }); - await fs7.promises.writeFile(statusFile, JSON.stringify(status)); + await fs6.promises.mkdir(path7.dirname(statusFile), { recursive: true }); + await fs6.promises.writeFile(statusFile, JSON.stringify(status)); const cacheId = await waitForResultWithTimeLimit( MAX_CACHE_OPERATION_MS, actionsCache2.saveCache([statusFile], cacheKey), @@ -166228,10 +166159,10 @@ function getPathToParsedConfigFile(tempDir) { } async function getConfig(tempDir, logger) { const configFile = getPathToParsedConfigFile(tempDir); - if (!fs8.existsSync(configFile)) { + if (!fs7.existsSync(configFile)) { return void 0; } - const configString = fs8.readFileSync(configFile, "utf8"); + const configString = fs7.readFileSync(configFile, "utf8"); logger.debug("Loaded config:"); logger.debug(configString); const config = JSON.parse(configString); @@ -166270,7 +166201,7 @@ function isCodeScanningEnabled(config) { } // src/setup-codeql.ts -var fs11 = __toESM(require("fs")); +var fs10 = __toESM(require("fs")); var path10 = __toESM(require("path")); var toolcache3 = __toESM(require_tool_cache()); var import_fast_deep_equal = __toESM(require_fast_deep_equal()); @@ -166332,7 +166263,7 @@ var v4_default = v4; // src/tar.ts var import_child_process = require("child_process"); -var fs9 = __toESM(require("fs")); +var fs8 = __toESM(require("fs")); var stream = __toESM(require("stream")); var import_toolrunner = __toESM(require_toolrunner()); var io4 = __toESM(require_io()); @@ -166405,7 +166336,7 @@ async function isZstdAvailable(logger) { } } async function extract(tarPath, dest, compressionMethod, tarVersion, logger) { - fs9.mkdirSync(dest, { recursive: true }); + fs8.mkdirSync(dest, { recursive: true }); switch (compressionMethod) { case "gzip": return await toolcache.extractTar(tarPath, dest); @@ -166489,7 +166420,7 @@ function inferCompressionMethod(tarPath) { } // src/tools-download.ts -var fs10 = __toESM(require("fs")); +var fs9 = __toESM(require("fs")); var os = __toESM(require("os")); var path9 = __toESM(require("path")); var import_perf_hooks = require("perf_hooks"); @@ -166596,7 +166527,7 @@ async function downloadAndExtract(codeqlURL, compressionMethod, dest, authorizat }; } async function downloadAndExtractZstdWithStreaming(codeqlURL, dest, authorization, headers, tarVersion, logger) { - fs10.mkdirSync(dest, { recursive: true }); + fs9.mkdirSync(dest, { recursive: true }); const agent = new import_http_client.HttpClient().getAgent(codeqlURL); headers = Object.assign( { "User-Agent": "CodeQL Action" }, @@ -166633,7 +166564,7 @@ function getToolcacheDirectory(version) { } function writeToolcacheMarkerFile(extractedPath, logger) { const markerFilePath = `${extractedPath}.complete`; - fs10.writeFileSync(markerFilePath, ""); + fs9.writeFileSync(markerFilePath, ""); logger.info(`Created toolcache marker file ${markerFilePath}`); } function sanitizeUrlForStatusReport(url2) { @@ -166768,7 +166699,7 @@ async function findOverridingToolsInCache(humanReadableVersion, logger) { const candidates = toolcache3.findAllVersions("CodeQL").filter(isGoodVersion).map((version) => ({ folder: toolcache3.find("CodeQL", version), version - })).filter(({ folder }) => fs11.existsSync(path10.join(folder, "pinned-version"))); + })).filter(({ folder }) => fs10.existsSync(path10.join(folder, "pinned-version"))); if (candidates.length === 1) { const candidate = candidates[0]; logger.debug( @@ -167322,7 +167253,7 @@ async function getCodeQLForCmd(cmd, checkVersion) { "tools", "tracing-config.lua" ); - return fs12.existsSync(tracingConfigPath); + return fs11.existsSync(tracingConfigPath); }, async isScannedLanguage(language) { return !await this.isTracedLanguage(language); @@ -167802,7 +167733,7 @@ async function writeCodeScanningConfigFile(config, logger) { logger.startGroup("Augmented user configuration file contents"); logger.info(dump(augmentedConfig)); logger.endGroup(); - fs12.writeFileSync(codeScanningConfigFile, dump(augmentedConfig)); + fs11.writeFileSync(codeScanningConfigFile, dump(augmentedConfig)); return codeScanningConfigFile; } var TRAP_CACHE_SIZE_MB = 1024; @@ -167846,7 +167777,7 @@ async function getJobRunUuidSarifOptions(codeql) { } // src/debug-artifacts.ts -var fs15 = __toESM(require("fs")); +var fs14 = __toESM(require("fs")); var path14 = __toESM(require("path")); var artifact = __toESM(require_artifact2()); var artifactLegacy = __toESM(require_artifact_client2()); @@ -167854,7 +167785,7 @@ var core12 = __toESM(require_core()); var import_archiver = __toESM(require_archiver()); // src/analyze.ts -var fs13 = __toESM(require("fs")); +var fs12 = __toESM(require("fs")); var path12 = __toESM(require("path")); var io5 = __toESM(require_io()); @@ -167886,7 +167817,7 @@ function dbIsFinalized(config, language, logger) { const dbPath = getCodeQLDatabasePath(config, language); try { const dbInfo = load( - fs13.readFileSync(path12.resolve(dbPath, "codeql-database.yml"), "utf8") + fs12.readFileSync(path12.resolve(dbPath, "codeql-database.yml"), "utf8") ); return !("inProgress" in dbInfo); } catch { @@ -167898,7 +167829,7 @@ function dbIsFinalized(config, language, logger) { } // src/artifact-scanner.ts -var fs14 = __toESM(require("fs")); +var fs13 = __toESM(require("fs")); var os2 = __toESM(require("os")); var path13 = __toESM(require("path")); var exec = __toESM(require_exec()); @@ -167937,7 +167868,7 @@ var GITHUB_TOKEN_PATTERNS = [ function scanFileForTokens(filePath, relativePath, logger) { const findings = []; try { - const content = fs14.readFileSync(filePath, "utf8"); + const content = fs13.readFileSync(filePath, "utf8"); for (const { type: type2, pattern } of GITHUB_TOKEN_PATTERNS) { const matches = content.match(pattern); if (matches) { @@ -167967,7 +167898,7 @@ async function scanArchiveFile(archivePath, relativeArchivePath, extractDir, log findings: [] }; try { - const tempExtractDir = fs14.mkdtempSync( + const tempExtractDir = fs13.mkdtempSync( path13.join(extractDir, `extract-${depth}-`) ); const fileName = path13.basename(archivePath).toLowerCase(); @@ -168001,7 +167932,7 @@ async function scanArchiveFile(archivePath, relativeArchivePath, extractDir, log path13.basename(archivePath, ".gz") ); await exec.exec("gunzip", ["-c", archivePath], { - outStream: fs14.createWriteStream(outputFile), + outStream: fs13.createWriteStream(outputFile), silent: true }); } else if (fileName.endsWith(".zip")) { @@ -168022,7 +167953,7 @@ async function scanArchiveFile(archivePath, relativeArchivePath, extractDir, log ); result.scannedFiles += scanResult.scannedFiles; result.findings.push(...scanResult.findings); - fs14.rmSync(tempExtractDir, { recursive: true, force: true }); + fs13.rmSync(tempExtractDir, { recursive: true, force: true }); } catch (e) { logger.debug( `Could not extract or scan archive file ${archivePath}: ${getErrorMessage(e)}` @@ -168057,7 +167988,7 @@ async function scanDirectory(dirPath, baseRelativePath, logger, depth = 0) { scannedFiles: 0, findings: [] }; - const entries = fs14.readdirSync(dirPath, { withFileTypes: true }); + const entries = fs13.readdirSync(dirPath, { withFileTypes: true }); for (const entry of entries) { const fullPath = path13.join(dirPath, entry.name); const relativePath = path13.join(baseRelativePath, entry.name); @@ -168092,10 +168023,10 @@ async function scanArtifactsForTokens(filesToScan, logger) { scannedFiles: 0, findings: [] }; - const tempScanDir = fs14.mkdtempSync(path13.join(os2.tmpdir(), "artifact-scan-")); + const tempScanDir = fs13.mkdtempSync(path13.join(os2.tmpdir(), "artifact-scan-")); try { for (const filePath of filesToScan) { - const stats = fs14.statSync(filePath); + const stats = fs13.statSync(filePath); const fileName = path13.basename(filePath); if (stats.isDirectory()) { const dirResult = await scanDirectory(filePath, fileName, logger); @@ -168133,7 +168064,7 @@ async function scanArtifactsForTokens(filesToScan, logger) { } } finally { try { - fs14.rmSync(tempScanDir, { recursive: true, force: true }); + fs13.rmSync(tempScanDir, { recursive: true, force: true }); } catch (e) { logger.debug( `Could not clean up temporary scan directory: ${getErrorMessage(e)}` @@ -168149,17 +168080,17 @@ function sanitizeArtifactName(name) { function tryPrepareSarifDebugArtifact(config, language, logger) { try { const analyzeActionOutputDir = process.env["CODEQL_ACTION_SARIF_RESULTS_OUTPUT_DIR" /* SARIF_RESULTS_OUTPUT_DIR */]; - if (analyzeActionOutputDir !== void 0 && fs15.existsSync(analyzeActionOutputDir) && fs15.lstatSync(analyzeActionOutputDir).isDirectory()) { + if (analyzeActionOutputDir !== void 0 && fs14.existsSync(analyzeActionOutputDir) && fs14.lstatSync(analyzeActionOutputDir).isDirectory()) { const sarifFile = path14.resolve( analyzeActionOutputDir, `${language}.sarif` ); - if (fs15.existsSync(sarifFile)) { + if (fs14.existsSync(sarifFile)) { const sarifInDbLocation = path14.resolve( config.dbLocation, `${language}.sarif` ); - fs15.copyFileSync(sarifFile, sarifInDbLocation); + fs14.copyFileSync(sarifFile, sarifInDbLocation); return sarifInDbLocation; } } @@ -168338,10 +168269,10 @@ async function createPartialDatabaseBundle(config, language) { core12.info( `${config.debugDatabaseName}-${language} is not finalized. Uploading partial database bundle at ${databaseBundlePath}...` ); - if (fs15.existsSync(databaseBundlePath)) { - await fs15.promises.rm(databaseBundlePath, { force: true }); + if (fs14.existsSync(databaseBundlePath)) { + await fs14.promises.rm(databaseBundlePath, { force: true }); } - const output = fs15.createWriteStream(databaseBundlePath); + const output = fs14.createWriteStream(databaseBundlePath); const zip = (0, import_archiver.default)("zip"); zip.on("error", (err) => { throw err; @@ -168380,7 +168311,7 @@ var core13 = __toESM(require_core()); var jsonschema2 = __toESM(require_lib2()); // src/fingerprints.ts -var fs16 = __toESM(require("fs")); +var fs15 = __toESM(require("fs")); var import_path2 = __toESM(require("path")); // node_modules/long/index.js @@ -169368,7 +169299,7 @@ async function hash(callback, filepath) { } updateHash(current); }; - const readStream = fs16.createReadStream(filepath, "utf8"); + const readStream = fs15.createReadStream(filepath, "utf8"); for await (const data of readStream) { for (let i = 0; i < data.length; ++i) { processCharacter(data.charCodeAt(i)); @@ -169443,11 +169374,11 @@ function resolveUriToFile(location, artifacts, sourceRoot, logger) { if (!import_path2.default.isAbsolute(uri)) { uri = srcRootPrefix + uri; } - if (!fs16.existsSync(uri)) { + if (!fs15.existsSync(uri)) { logger.debug(`Unable to compute fingerprint for non-existent file: ${uri}`); return void 0; } - if (fs16.statSync(uri).isDirectory()) { + if (fs15.statSync(uri).isDirectory()) { logger.debug(`Unable to compute fingerprint for directory: ${uri}`); return void 0; } @@ -169533,6 +169464,73 @@ async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVe }; } +// src/sarif/index.ts +var fs16 = __toESM(require("fs")); +var InvalidSarifUploadError = class extends Error { +}; +function getToolNames(sarifFile) { + const toolNames = {}; + for (const run3 of sarifFile.runs || []) { + const tool = run3.tool || {}; + const driver = tool.driver || {}; + if (typeof driver.name === "string" && driver.name.length > 0) { + toolNames[driver.name] = true; + } + } + return Object.keys(toolNames); +} +function readSarifFile(sarifFilePath) { + return JSON.parse(fs16.readFileSync(sarifFilePath, "utf8")); +} +function combineSarifFiles(sarifFiles, logger) { + logger.info(`Loading SARIF file(s)`); + const combinedSarif = { + version: "2.1.0", + runs: [] + }; + for (const sarifFile of sarifFiles) { + logger.debug(`Loading SARIF file: ${sarifFile}`); + const sarifObject = readSarifFile(sarifFile); + if (combinedSarif.version === null) { + combinedSarif.version = sarifObject.version; + } else if (combinedSarif.version !== sarifObject.version) { + throw new InvalidSarifUploadError( + `Different SARIF versions encountered: ${combinedSarif.version} and ${sarifObject.version}` + ); + } + combinedSarif.runs.push(...sarifObject.runs); + } + return combinedSarif; +} +function areAllRunsProducedByCodeQL(sarifLogs) { + return sarifLogs.every((sarifLog) => { + return sarifLog.runs?.every((run3) => run3.tool?.driver?.name === "CodeQL"); + }); +} +function createRunKey(run3) { + return { + name: run3.tool?.driver?.name, + fullName: run3.tool?.driver?.fullName, + version: run3.tool?.driver?.version, + semanticVersion: run3.tool?.driver?.semanticVersion, + guid: run3.tool?.driver?.guid, + automationId: run3.automationDetails?.id + }; +} +function areAllRunsUnique(sarifLogs) { + const keys = /* @__PURE__ */ new Set(); + for (const sarifLog of sarifLogs) { + for (const run3 of sarifLog.runs) { + const key = JSON.stringify(createRunKey(run3)); + if (keys.has(key)) { + return false; + } + keys.add(key); + } + } + return true; +} + // src/upload-lib.ts var GENERIC_403_MSG = "The repo on which this action is running has not opted-in to CodeQL code scanning."; var GENERIC_404_MSG = "The CodeQL code scanning feature is forbidden on this repository."; @@ -169739,7 +169737,7 @@ function countResultsInSarif(sarifLog) { } return numResults; } -function readSarifFile2(sarifFilePath) { +function readSarifFileOrThrow(sarifFilePath) { try { return readSarifFile(sarifFilePath); } catch (e) { @@ -169825,7 +169823,7 @@ async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths, category = analysis.fixCategory(logger, category); if (sarifPaths.length > 1) { for (const sarifPath of sarifPaths) { - const parsedSarif = readSarifFile2(sarifPath); + const parsedSarif = readSarifFileOrThrow(sarifPath); validateSarifFileSchema(parsedSarif, sarifPath, logger); } sarifLog = await combineSarifFilesUsingCLI( @@ -169836,7 +169834,7 @@ async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths, ); } else { const sarifPath = sarifPaths[0]; - sarifLog = readSarifFile2(sarifPath); + sarifLog = readSarifFileOrThrow(sarifPath); validateSarifFileSchema(sarifLog, sarifPath, logger); await throwIfCombineSarifFilesDisabled([sarifLog], gitHubVersion); } diff --git a/lib/upload-lib.js b/lib/upload-lib.js index 4faf8586fe..edd8851035 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -103235,7 +103235,7 @@ __export(upload_lib_exports, { getGroupedSarifFilePaths: () => getGroupedSarifFilePaths, populateRunAutomationDetails: () => populateRunAutomationDetails, postProcessSarifFiles: () => postProcessSarifFiles, - readSarifFile: () => readSarifFile2, + readSarifFileOrThrow: () => readSarifFileOrThrow, shouldConsiderConfigurationError: () => shouldConsiderConfigurationError, shouldConsiderInvalidRequest: () => shouldConsiderInvalidRequest, shouldShowCombineSarifFilesDeprecationWarning: () => shouldShowCombineSarifFilesDeprecationWarning, @@ -103257,7 +103257,7 @@ var core11 = __toESM(require_core()); var jsonschema2 = __toESM(require_lib2()); // src/actions-util.ts -var fs3 = __toESM(require("fs")); +var fs2 = __toESM(require("fs")); var path2 = __toESM(require("path")); var core4 = __toESM(require_core()); var toolrunner = __toESM(require_toolrunner()); @@ -103265,7 +103265,7 @@ var github = __toESM(require_github()); var io2 = __toESM(require_io()); // src/util.ts -var fs2 = __toESM(require("fs")); +var fs = __toESM(require("fs")); var path = __toESM(require("path")); var core3 = __toESM(require_core()); var io = __toESM(require_io()); @@ -105913,77 +105913,6 @@ var safeDump = renamed("safeDump", "dump"); // src/util.ts var semver = __toESM(require_semver2()); - -// src/sarif/index.ts -var fs = __toESM(require("fs")); -var InvalidSarifUploadError = class extends Error { -}; -function getToolNames(sarifFile) { - const toolNames = {}; - for (const run of sarifFile.runs || []) { - const tool = run.tool || {}; - const driver = tool.driver || {}; - if (typeof driver.name === "string" && driver.name.length > 0) { - toolNames[driver.name] = true; - } - } - return Object.keys(toolNames); -} -function readSarifFile(sarifFilePath) { - return JSON.parse(fs.readFileSync(sarifFilePath, "utf8")); -} -function combineSarifFiles(sarifFiles, logger) { - logger.info(`Loading SARIF file(s)`); - const combinedSarif = { - version: "2.1.0", - runs: [] - }; - for (const sarifFile of sarifFiles) { - logger.debug(`Loading SARIF file: ${sarifFile}`); - const sarifObject = readSarifFile(sarifFile); - if (combinedSarif.version === null) { - combinedSarif.version = sarifObject.version; - } else if (combinedSarif.version !== sarifObject.version) { - throw new InvalidSarifUploadError( - `Different SARIF versions encountered: ${combinedSarif.version} and ${sarifObject.version}` - ); - } - combinedSarif.runs.push(...sarifObject.runs); - } - return combinedSarif; -} -function areAllRunsProducedByCodeQL(sarifObjects) { - return sarifObjects.every((sarifObject) => { - return sarifObject.runs?.every( - (run) => run.tool?.driver?.name === "CodeQL" - ); - }); -} -function createRunKey(run) { - return { - name: run.tool?.driver?.name, - fullName: run.tool?.driver?.fullName, - version: run.tool?.driver?.version, - semanticVersion: run.tool?.driver?.semanticVersion, - guid: run.tool?.driver?.guid, - automationId: run.automationDetails?.id - }; -} -function areAllRunsUnique(sarifObjects) { - const keys = /* @__PURE__ */ new Set(); - for (const sarifObject of sarifObjects) { - for (const run of sarifObject.runs) { - const key = JSON.stringify(createRunKey(run)); - if (keys.has(key)) { - return false; - } - keys.add(key); - } - } - return true; -} - -// src/util.ts var BASE_DATABASE_OIDS_FILE_NAME = "base-database-oids.json"; var BROKEN_VERSIONS = ["0.0.0-20211207"]; var GITHUB_DOTCOM_URL = "https://github.com"; @@ -106145,7 +106074,7 @@ function cloneObject(obj) { async function cleanUpPath(file, name, logger) { logger.debug(`Cleaning up ${name}.`); try { - await fs2.promises.rm(file, { + await fs.promises.rm(file, { force: true, recursive: true }); @@ -106203,7 +106132,7 @@ function getRelativeScriptPath() { function getWorkflowEvent() { const eventJsonFile = getRequiredEnvParam("GITHUB_EVENT_PATH"); try { - return JSON.parse(fs3.readFileSync(eventJsonFile, "utf-8")); + return JSON.parse(fs2.readFileSync(eventJsonFile, "utf-8")); } catch (e) { throw new Error( `Unable to read workflow event JSON from ${eventJsonFile}: ${e}` @@ -106635,7 +106564,7 @@ function wrapApiConfigurationError(e) { } // src/codeql.ts -var fs10 = __toESM(require("fs")); +var fs9 = __toESM(require("fs")); var path9 = __toESM(require("path")); var core10 = __toESM(require_core()); var toolrunner3 = __toESM(require_toolrunner()); @@ -106883,7 +106812,7 @@ function wrapCliConfigurationError(cliError) { } // src/config-utils.ts -var fs6 = __toESM(require("fs")); +var fs5 = __toESM(require("fs")); var path6 = __toESM(require("path")); // src/caching-utils.ts @@ -106998,7 +106927,7 @@ function writeDiagnostic(config, language, diagnostic) { } // src/diff-informed-analysis-utils.ts -var fs5 = __toESM(require("fs")); +var fs4 = __toESM(require("fs")); var path5 = __toESM(require("path")); // src/feature-flags.ts @@ -107009,7 +106938,7 @@ var bundleVersion = "codeql-bundle-v2.24.2"; var cliVersion = "2.24.2"; // src/overlay/index.ts -var fs4 = __toESM(require("fs")); +var fs3 = __toESM(require("fs")); var path4 = __toESM(require("path")); var actionsCache = __toESM(require_cache5()); @@ -107220,12 +107149,12 @@ async function writeBaseDatabaseOidsFile(config, sourceRoot) { const gitFileOids = await getFileOidsUnderPath(sourceRoot); const gitFileOidsJson = JSON.stringify(gitFileOids); const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); - await fs4.promises.writeFile(baseDatabaseOidsFilePath, gitFileOidsJson); + await fs3.promises.writeFile(baseDatabaseOidsFilePath, gitFileOidsJson); } async function readBaseDatabaseOidsFile(config, logger) { const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); try { - const contents = await fs4.promises.readFile( + const contents = await fs3.promises.readFile( baseDatabaseOidsFilePath, "utf-8" ); @@ -107252,7 +107181,7 @@ async function writeOverlayChangesFile(config, sourceRoot, logger) { logger.debug( `Writing overlay changed files to ${overlayChangesFile}: ${changedFilesJson}` ); - await fs4.promises.writeFile(overlayChangesFile, changedFilesJson); + await fs3.promises.writeFile(overlayChangesFile, changedFilesJson); return overlayChangesFile; } function computeChangedFiles(baseFileOids, overlayFileOids) { @@ -107523,11 +107452,11 @@ function getDiffRangesJsonFilePath() { } function readDiffRangesJsonFile(logger) { const jsonFilePath = getDiffRangesJsonFilePath(); - if (!fs5.existsSync(jsonFilePath)) { + if (!fs4.existsSync(jsonFilePath)) { logger.debug(`Diff ranges JSON file does not exist at ${jsonFilePath}`); return void 0; } - const jsonContents = fs5.readFileSync(jsonFilePath, "utf8"); + const jsonContents = fs4.readFileSync(jsonFilePath, "utf8"); logger.debug( `Read pr-diff-range JSON file from ${jsonFilePath}: ${jsonContents}` @@ -107576,10 +107505,10 @@ function getPathToParsedConfigFile(tempDir) { } async function getConfig(tempDir, logger) { const configFile = getPathToParsedConfigFile(tempDir); - if (!fs6.existsSync(configFile)) { + if (!fs5.existsSync(configFile)) { return void 0; } - const configString = fs6.readFileSync(configFile, "utf8"); + const configString = fs5.readFileSync(configFile, "utf8"); logger.debug("Loaded config:"); logger.debug(configString); const config = JSON.parse(configString); @@ -107615,7 +107544,7 @@ function appendExtraQueryExclusions(extraQueryExclusions, cliConfig) { } // src/setup-codeql.ts -var fs9 = __toESM(require("fs")); +var fs8 = __toESM(require("fs")); var path8 = __toESM(require("path")); var toolcache3 = __toESM(require_tool_cache()); var import_fast_deep_equal = __toESM(require_fast_deep_equal()); @@ -107677,7 +107606,7 @@ var v4_default = v4; // src/tar.ts var import_child_process = require("child_process"); -var fs7 = __toESM(require("fs")); +var fs6 = __toESM(require("fs")); var stream = __toESM(require("stream")); var import_toolrunner = __toESM(require_toolrunner()); var io4 = __toESM(require_io()); @@ -107750,7 +107679,7 @@ async function isZstdAvailable(logger) { } } async function extract(tarPath, dest, compressionMethod, tarVersion, logger) { - fs7.mkdirSync(dest, { recursive: true }); + fs6.mkdirSync(dest, { recursive: true }); switch (compressionMethod) { case "gzip": return await toolcache.extractTar(tarPath, dest); @@ -107834,7 +107763,7 @@ function inferCompressionMethod(tarPath) { } // src/tools-download.ts -var fs8 = __toESM(require("fs")); +var fs7 = __toESM(require("fs")); var os = __toESM(require("os")); var path7 = __toESM(require("path")); var import_perf_hooks = require("perf_hooks"); @@ -107941,7 +107870,7 @@ async function downloadAndExtract(codeqlURL, compressionMethod, dest, authorizat }; } async function downloadAndExtractZstdWithStreaming(codeqlURL, dest, authorization, headers, tarVersion, logger) { - fs8.mkdirSync(dest, { recursive: true }); + fs7.mkdirSync(dest, { recursive: true }); const agent = new import_http_client.HttpClient().getAgent(codeqlURL); headers = Object.assign( { "User-Agent": "CodeQL Action" }, @@ -107978,7 +107907,7 @@ function getToolcacheDirectory(version) { } function writeToolcacheMarkerFile(extractedPath, logger) { const markerFilePath = `${extractedPath}.complete`; - fs8.writeFileSync(markerFilePath, ""); + fs7.writeFileSync(markerFilePath, ""); logger.info(`Created toolcache marker file ${markerFilePath}`); } function sanitizeUrlForStatusReport(url2) { @@ -108113,7 +108042,7 @@ async function findOverridingToolsInCache(humanReadableVersion, logger) { const candidates = toolcache3.findAllVersions("CodeQL").filter(isGoodVersion).map((version) => ({ folder: toolcache3.find("CodeQL", version), version - })).filter(({ folder }) => fs9.existsSync(path8.join(folder, "pinned-version"))); + })).filter(({ folder }) => fs8.existsSync(path8.join(folder, "pinned-version"))); if (candidates.length === 1) { const candidate = candidates[0]; logger.debug( @@ -108667,7 +108596,7 @@ async function getCodeQLForCmd(cmd, checkVersion) { "tools", "tracing-config.lua" ); - return fs10.existsSync(tracingConfigPath); + return fs9.existsSync(tracingConfigPath); }, async isScannedLanguage(language) { return !await this.isTracedLanguage(language); @@ -109147,7 +109076,7 @@ async function writeCodeScanningConfigFile(config, logger) { logger.startGroup("Augmented user configuration file contents"); logger.info(dump(augmentedConfig)); logger.endGroup(); - fs10.writeFileSync(codeScanningConfigFile, dump(augmentedConfig)); + fs9.writeFileSync(codeScanningConfigFile, dump(augmentedConfig)); return codeScanningConfigFile; } var TRAP_CACHE_SIZE_MB = 1024; @@ -109191,7 +109120,7 @@ async function getJobRunUuidSarifOptions(codeql) { } // src/fingerprints.ts -var fs11 = __toESM(require("fs")); +var fs10 = __toESM(require("fs")); var import_path2 = __toESM(require("path")); // node_modules/long/index.js @@ -110179,7 +110108,7 @@ async function hash(callback, filepath) { } updateHash(current); }; - const readStream = fs11.createReadStream(filepath, "utf8"); + const readStream = fs10.createReadStream(filepath, "utf8"); for await (const data of readStream) { for (let i = 0; i < data.length; ++i) { processCharacter(data.charCodeAt(i)); @@ -110254,11 +110183,11 @@ function resolveUriToFile(location, artifacts, sourceRoot, logger) { if (!import_path2.default.isAbsolute(uri)) { uri = srcRootPrefix + uri; } - if (!fs11.existsSync(uri)) { + if (!fs10.existsSync(uri)) { logger.debug(`Unable to compute fingerprint for non-existent file: ${uri}`); return void 0; } - if (fs11.statSync(uri).isDirectory()) { + if (fs10.statSync(uri).isDirectory()) { logger.debug(`Unable to compute fingerprint for directory: ${uri}`); return void 0; } @@ -110344,6 +110273,73 @@ async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVe }; } +// src/sarif/index.ts +var fs11 = __toESM(require("fs")); +var InvalidSarifUploadError = class extends Error { +}; +function getToolNames(sarifFile) { + const toolNames = {}; + for (const run of sarifFile.runs || []) { + const tool = run.tool || {}; + const driver = tool.driver || {}; + if (typeof driver.name === "string" && driver.name.length > 0) { + toolNames[driver.name] = true; + } + } + return Object.keys(toolNames); +} +function readSarifFile(sarifFilePath) { + return JSON.parse(fs11.readFileSync(sarifFilePath, "utf8")); +} +function combineSarifFiles(sarifFiles, logger) { + logger.info(`Loading SARIF file(s)`); + const combinedSarif = { + version: "2.1.0", + runs: [] + }; + for (const sarifFile of sarifFiles) { + logger.debug(`Loading SARIF file: ${sarifFile}`); + const sarifObject = readSarifFile(sarifFile); + if (combinedSarif.version === null) { + combinedSarif.version = sarifObject.version; + } else if (combinedSarif.version !== sarifObject.version) { + throw new InvalidSarifUploadError( + `Different SARIF versions encountered: ${combinedSarif.version} and ${sarifObject.version}` + ); + } + combinedSarif.runs.push(...sarifObject.runs); + } + return combinedSarif; +} +function areAllRunsProducedByCodeQL(sarifLogs) { + return sarifLogs.every((sarifLog) => { + return sarifLog.runs?.every((run) => run.tool?.driver?.name === "CodeQL"); + }); +} +function createRunKey(run) { + return { + name: run.tool?.driver?.name, + fullName: run.tool?.driver?.fullName, + version: run.tool?.driver?.version, + semanticVersion: run.tool?.driver?.semanticVersion, + guid: run.tool?.driver?.guid, + automationId: run.automationDetails?.id + }; +} +function areAllRunsUnique(sarifLogs) { + const keys = /* @__PURE__ */ new Set(); + for (const sarifLog of sarifLogs) { + for (const run of sarifLog.runs) { + const key = JSON.stringify(createRunKey(run)); + if (keys.has(key)) { + return false; + } + keys.add(key); + } + } + return true; +} + // src/upload-lib.ts var GENERIC_403_MSG = "The repo on which this action is running has not opted-in to CodeQL code scanning."; var GENERIC_404_MSG = "The CodeQL code scanning feature is forbidden on this repository."; @@ -110598,7 +110594,7 @@ function countResultsInSarif(sarifLog) { } return numResults; } -function readSarifFile2(sarifFilePath) { +function readSarifFileOrThrow(sarifFilePath) { try { return readSarifFile(sarifFilePath); } catch (e) { @@ -110684,7 +110680,7 @@ async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths, category = analysis.fixCategory(logger, category); if (sarifPaths.length > 1) { for (const sarifPath of sarifPaths) { - const parsedSarif = readSarifFile2(sarifPath); + const parsedSarif = readSarifFileOrThrow(sarifPath); validateSarifFileSchema(parsedSarif, sarifPath, logger); } sarifLog = await combineSarifFilesUsingCLI( @@ -110695,7 +110691,7 @@ async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths, ); } else { const sarifPath = sarifPaths[0]; - sarifLog = readSarifFile2(sarifPath); + sarifLog = readSarifFileOrThrow(sarifPath); validateSarifFileSchema(sarifLog, sarifPath, logger); await throwIfCombineSarifFilesDisabled([sarifLog], gitHubVersion); } @@ -110970,7 +110966,7 @@ function filterAlertsByDiffRange(logger, sarifLog) { getGroupedSarifFilePaths, populateRunAutomationDetails, postProcessSarifFiles, - readSarifFile, + readSarifFileOrThrow, shouldConsiderConfigurationError, shouldConsiderInvalidRequest, shouldShowCombineSarifFilesDeprecationWarning, diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index 00c563e744..4aa79da845 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -103231,7 +103231,7 @@ var require_sarif_schema_2_1_0 = __commonJS({ var core13 = __toESM(require_core()); // src/actions-util.ts -var fs3 = __toESM(require("fs")); +var fs2 = __toESM(require("fs")); var path2 = __toESM(require("path")); var core4 = __toESM(require_core()); var toolrunner = __toESM(require_toolrunner()); @@ -103239,7 +103239,7 @@ var github = __toESM(require_github()); var io2 = __toESM(require_io()); // src/util.ts -var fs2 = __toESM(require("fs")); +var fs = __toESM(require("fs")); var fsPromises = __toESM(require("fs/promises")); var path = __toESM(require("path")); var core3 = __toESM(require_core()); @@ -105888,77 +105888,6 @@ var safeDump = renamed("safeDump", "dump"); // src/util.ts var semver = __toESM(require_semver2()); - -// src/sarif/index.ts -var fs = __toESM(require("fs")); -var InvalidSarifUploadError = class extends Error { -}; -function getToolNames(sarifFile) { - const toolNames = {}; - for (const run2 of sarifFile.runs || []) { - const tool = run2.tool || {}; - const driver = tool.driver || {}; - if (typeof driver.name === "string" && driver.name.length > 0) { - toolNames[driver.name] = true; - } - } - return Object.keys(toolNames); -} -function readSarifFile(sarifFilePath) { - return JSON.parse(fs.readFileSync(sarifFilePath, "utf8")); -} -function combineSarifFiles(sarifFiles, logger) { - logger.info(`Loading SARIF file(s)`); - const combinedSarif = { - version: "2.1.0", - runs: [] - }; - for (const sarifFile of sarifFiles) { - logger.debug(`Loading SARIF file: ${sarifFile}`); - const sarifObject = readSarifFile(sarifFile); - if (combinedSarif.version === null) { - combinedSarif.version = sarifObject.version; - } else if (combinedSarif.version !== sarifObject.version) { - throw new InvalidSarifUploadError( - `Different SARIF versions encountered: ${combinedSarif.version} and ${sarifObject.version}` - ); - } - combinedSarif.runs.push(...sarifObject.runs); - } - return combinedSarif; -} -function areAllRunsProducedByCodeQL(sarifObjects) { - return sarifObjects.every((sarifObject) => { - return sarifObject.runs?.every( - (run2) => run2.tool?.driver?.name === "CodeQL" - ); - }); -} -function createRunKey(run2) { - return { - name: run2.tool?.driver?.name, - fullName: run2.tool?.driver?.fullName, - version: run2.tool?.driver?.version, - semanticVersion: run2.tool?.driver?.semanticVersion, - guid: run2.tool?.driver?.guid, - automationId: run2.automationDetails?.id - }; -} -function areAllRunsUnique(sarifObjects) { - const keys = /* @__PURE__ */ new Set(); - for (const sarifObject of sarifObjects) { - for (const run2 of sarifObject.runs) { - const key = JSON.stringify(createRunKey(run2)); - if (keys.has(key)) { - return false; - } - keys.add(key); - } - } - return true; -} - -// src/util.ts var BASE_DATABASE_OIDS_FILE_NAME = "base-database-oids.json"; var BROKEN_VERSIONS = ["0.0.0-20211207"]; var GITHUB_DOTCOM_URL = "https://github.com"; @@ -106169,7 +106098,7 @@ function cloneObject(obj) { async function cleanUpPath(file, name, logger) { logger.debug(`Cleaning up ${name}.`); try { - await fs2.promises.rm(file, { + await fs.promises.rm(file, { force: true, recursive: true }); @@ -106232,7 +106161,7 @@ function getRelativeScriptPath() { function getWorkflowEvent() { const eventJsonFile = getRequiredEnvParam("GITHUB_EVENT_PATH"); try { - return JSON.parse(fs3.readFileSync(eventJsonFile, "utf-8")); + return JSON.parse(fs2.readFileSync(eventJsonFile, "utf-8")); } catch (e) { throw new Error( `Unable to read workflow event JSON from ${eventJsonFile}: ${e}` @@ -106684,7 +106613,7 @@ function wrapApiConfigurationError(e) { } // src/feature-flags.ts -var fs5 = __toESM(require("fs")); +var fs4 = __toESM(require("fs")); var path4 = __toESM(require("path")); var semver4 = __toESM(require_semver2()); @@ -106693,7 +106622,7 @@ var bundleVersion = "codeql-bundle-v2.24.2"; var cliVersion = "2.24.2"; // src/overlay/index.ts -var fs4 = __toESM(require("fs")); +var fs3 = __toESM(require("fs")); var path3 = __toESM(require("path")); var actionsCache = __toESM(require_cache5()); @@ -106932,12 +106861,12 @@ async function writeBaseDatabaseOidsFile(config, sourceRoot) { const gitFileOids = await getFileOidsUnderPath(sourceRoot); const gitFileOidsJson = JSON.stringify(gitFileOids); const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); - await fs4.promises.writeFile(baseDatabaseOidsFilePath, gitFileOidsJson); + await fs3.promises.writeFile(baseDatabaseOidsFilePath, gitFileOidsJson); } async function readBaseDatabaseOidsFile(config, logger) { const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); try { - const contents = await fs4.promises.readFile( + const contents = await fs3.promises.readFile( baseDatabaseOidsFilePath, "utf-8" ); @@ -106964,7 +106893,7 @@ async function writeOverlayChangesFile(config, sourceRoot, logger) { logger.debug( `Writing overlay changed files to ${overlayChangesFile}: ${changedFilesJson}` ); - await fs4.promises.writeFile(overlayChangesFile, changedFilesJson); + await fs3.promises.writeFile(overlayChangesFile, changedFilesJson); return overlayChangesFile; } function computeChangedFiles(baseFileOids, overlayFileOids) { @@ -107466,12 +107395,12 @@ var GitHubFeatureFlags = class { } async readLocalFlags() { try { - if (fs5.existsSync(this.featureFlagsFile)) { + if (fs4.existsSync(this.featureFlagsFile)) { this.logger.debug( `Loading feature flags from ${this.featureFlagsFile}` ); return JSON.parse( - fs5.readFileSync(this.featureFlagsFile, "utf8") + fs4.readFileSync(this.featureFlagsFile, "utf8") ); } } catch (e) { @@ -107484,7 +107413,7 @@ var GitHubFeatureFlags = class { async writeLocalFlags(flags) { try { this.logger.debug(`Writing feature flags to ${this.featureFlagsFile}`); - fs5.writeFileSync(this.featureFlagsFile, JSON.stringify(flags)); + fs4.writeFileSync(this.featureFlagsFile, JSON.stringify(flags)); } catch (e) { this.logger.warning( `Error writing cached feature flags file ${this.featureFlagsFile}: ${e}.` @@ -107554,6 +107483,73 @@ function initFeatures(gitHubVersion, repositoryNwo, tempDir, logger) { } } +// src/sarif/index.ts +var fs5 = __toESM(require("fs")); +var InvalidSarifUploadError = class extends Error { +}; +function getToolNames(sarifFile) { + const toolNames = {}; + for (const run2 of sarifFile.runs || []) { + const tool = run2.tool || {}; + const driver = tool.driver || {}; + if (typeof driver.name === "string" && driver.name.length > 0) { + toolNames[driver.name] = true; + } + } + return Object.keys(toolNames); +} +function readSarifFile(sarifFilePath) { + return JSON.parse(fs5.readFileSync(sarifFilePath, "utf8")); +} +function combineSarifFiles(sarifFiles, logger) { + logger.info(`Loading SARIF file(s)`); + const combinedSarif = { + version: "2.1.0", + runs: [] + }; + for (const sarifFile of sarifFiles) { + logger.debug(`Loading SARIF file: ${sarifFile}`); + const sarifObject = readSarifFile(sarifFile); + if (combinedSarif.version === null) { + combinedSarif.version = sarifObject.version; + } else if (combinedSarif.version !== sarifObject.version) { + throw new InvalidSarifUploadError( + `Different SARIF versions encountered: ${combinedSarif.version} and ${sarifObject.version}` + ); + } + combinedSarif.runs.push(...sarifObject.runs); + } + return combinedSarif; +} +function areAllRunsProducedByCodeQL(sarifLogs) { + return sarifLogs.every((sarifLog) => { + return sarifLog.runs?.every((run2) => run2.tool?.driver?.name === "CodeQL"); + }); +} +function createRunKey(run2) { + return { + name: run2.tool?.driver?.name, + fullName: run2.tool?.driver?.fullName, + version: run2.tool?.driver?.version, + semanticVersion: run2.tool?.driver?.semanticVersion, + guid: run2.tool?.driver?.guid, + automationId: run2.automationDetails?.id + }; +} +function areAllRunsUnique(sarifLogs) { + const keys = /* @__PURE__ */ new Set(); + for (const sarifLog of sarifLogs) { + for (const run2 of sarifLog.runs) { + const key = JSON.stringify(createRunKey(run2)); + if (keys.has(key)) { + return false; + } + keys.add(key); + } + } + return true; +} + // src/status-report.ts var os = __toESM(require("os")); var core9 = __toESM(require_core()); @@ -111173,7 +111169,7 @@ function countResultsInSarif(sarifLog) { } return numResults; } -function readSarifFile2(sarifFilePath) { +function readSarifFileOrThrow(sarifFilePath) { try { return readSarifFile(sarifFilePath); } catch (e) { @@ -111259,7 +111255,7 @@ async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths, category = analysis.fixCategory(logger, category); if (sarifPaths.length > 1) { for (const sarifPath of sarifPaths) { - const parsedSarif = readSarifFile2(sarifPath); + const parsedSarif = readSarifFileOrThrow(sarifPath); validateSarifFileSchema(parsedSarif, sarifPath, logger); } sarifLog = await combineSarifFilesUsingCLI( @@ -111270,7 +111266,7 @@ async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths, ); } else { const sarifPath = sarifPaths[0]; - sarifLog = readSarifFile2(sarifPath); + sarifLog = readSarifFileOrThrow(sarifPath); validateSarifFileSchema(sarifLog, sarifPath, logger); await throwIfCombineSarifFilesDisabled([sarifLog], gitHubVersion); } diff --git a/src/sarif/index.ts b/src/sarif/index.ts index 628c772268..645ca62fe3 100644 --- a/src/sarif/index.ts +++ b/src/sarif/index.ts @@ -71,13 +71,11 @@ export function combineSarifFiles( /** * Checks whether all the runs in the given SARIF files were produced by CodeQL. - * @param sarifObjects The list of SARIF objects to check. + * @param sarifLogs The list of SARIF objects to check. */ -export function areAllRunsProducedByCodeQL(sarifObjects: sarif.Log[]): boolean { - return sarifObjects.every((sarifObject) => { - return sarifObject.runs?.every( - (run) => run.tool?.driver?.name === "CodeQL", - ); +export function areAllRunsProducedByCodeQL(sarifLogs: sarif.Log[]): boolean { + return sarifLogs.every((sarifLog: sarif.Log) => { + return sarifLog.runs?.every((run) => run.tool?.driver?.name === "CodeQL"); }); } @@ -95,13 +93,13 @@ function createRunKey(run: sarif.Run): RunKey { /** * Checks whether all runs in the given SARIF files are unique (based on the * criteria used by Code Scanning to determine analysis categories). - * @param sarifObjects The list of SARIF objects to check. + * @param sarifLogs The list of SARIF objects to check. */ -export function areAllRunsUnique(sarifObjects: sarif.Log[]): boolean { +export function areAllRunsUnique(sarifLogs: sarif.Log[]): boolean { const keys = new Set(); - for (const sarifObject of sarifObjects) { - for (const run of sarifObject.runs) { + for (const sarifLog of sarifLogs) { + for (const run of sarifLog.runs) { const key = JSON.stringify(createRunKey(run)); // If the key already exists, the runs are not unique. diff --git a/src/upload-lib.test.ts b/src/upload-lib.test.ts index 9926fed5bc..973ee81905 100644 --- a/src/upload-lib.test.ts +++ b/src/upload-lib.test.ts @@ -26,7 +26,7 @@ test("validateSarifFileSchema - valid", (t) => { const inputFile = `${__dirname}/../src/testdata/valid-sarif.sarif`; t.notThrows(() => uploadLib.validateSarifFileSchema( - uploadLib.readSarifFile(inputFile), + uploadLib.readSarifFileOrThrow(inputFile), inputFile, getRunnerLogger(true), ), @@ -37,7 +37,7 @@ test("validateSarifFileSchema - invalid", (t) => { const inputFile = `${__dirname}/../src/testdata/invalid-sarif.sarif`; t.throws(() => uploadLib.validateSarifFileSchema( - uploadLib.readSarifFile(inputFile), + uploadLib.readSarifFileOrThrow(inputFile), inputFile, getRunnerLogger(true), ), @@ -608,7 +608,7 @@ test("accept results with invalid artifactLocation.uri value", (t) => { const sarifFile = `${__dirname}/../src/testdata/with-invalid-uri.sarif`; uploadLib.validateSarifFileSchema( - uploadLib.readSarifFile(sarifFile), + uploadLib.readSarifFileOrThrow(sarifFile), sarifFile, mockLogger, ); diff --git a/src/upload-lib.ts b/src/upload-lib.ts index dcda043614..b15278be5b 100644 --- a/src/upload-lib.ts +++ b/src/upload-lib.ts @@ -115,7 +115,7 @@ async function combineSarifFilesUsingCLI( ): Promise { logger.info("Combining SARIF files using the CodeQL CLI"); - const sarifObjects = sarifFiles.map(util.readSarifFile); + const sarifObjects = sarifFiles.map(sarif.readSarifFile); const deprecationWarningMessage = gitHubVersion.type === GitHubVariant.GHES @@ -197,7 +197,7 @@ async function combineSarifFilesUsingCLI( mergeRunsFromEqualCategory: true, }); - return util.readSarifFile(outputFile); + return sarif.readSarifFile(outputFile); } // Populates the run.automationDetails.id field using the analysis_key and environment @@ -447,7 +447,11 @@ function countResultsInSarif(sarifLog: string): number { return numResults; } -export function readSarifFile(sarifFilePath: string): sarif.Log { +/** A thin wrapper around `readSarifFile` which wraps exceptions in `InvalidSarifUploadError`. + * + * @throws InvalidSarifUploadError If parsing the SARIF file as JSON failed. + */ +export function readSarifFileOrThrow(sarifFilePath: string): sarif.Log { try { return sarif.readSarifFile(sarifFilePath); } catch (e) { @@ -617,7 +621,7 @@ export async function postProcessSarifFiles( if (sarifPaths.length > 1) { // Validate that the files we were asked to upload are all valid SARIF files for (const sarifPath of sarifPaths) { - const parsedSarif = readSarifFile(sarifPath); + const parsedSarif = readSarifFileOrThrow(sarifPath); validateSarifFileSchema(parsedSarif, sarifPath, logger); } @@ -629,7 +633,7 @@ export async function postProcessSarifFiles( ); } else { const sarifPath = sarifPaths[0]; - sarifLog = readSarifFile(sarifPath); + sarifLog = readSarifFileOrThrow(sarifPath); validateSarifFileSchema(sarifLog, sarifPath, logger); // Validate that there are no runs for the same category @@ -755,7 +759,7 @@ export async function uploadPostProcessedFiles( logger.startGroup(`Uploading ${uploadTarget.name} results`); const sarifLog = postProcessingResults.sarif; - const toolNames = util.getToolNames(sarifLog); + const toolNames = sarif.getToolNames(sarifLog); logger.debug(`Validating that each SARIF run has a unique category`); validateUniqueCategory(sarifLog, uploadTarget.sentinelPrefix); diff --git a/src/upload-sarif-action.ts b/src/upload-sarif-action.ts index b09821924b..896c144581 100644 --- a/src/upload-sarif-action.ts +++ b/src/upload-sarif-action.ts @@ -7,6 +7,7 @@ import { getGitHubVersion } from "./api-client"; import { initFeatures } from "./feature-flags"; import { Logger, getActionsLogger } from "./logging"; import { getRepositoryNwo } from "./repository"; +import { InvalidSarifUploadError } from "./sarif"; import { createStatusReportBase, sendStatusReport, @@ -20,7 +21,6 @@ import * as upload_lib from "./upload-lib"; import { postProcessAndUploadSarif } from "./upload-sarif"; import { ConfigurationError, - InvalidSarifUploadError, checkActionVersion, checkDiskUsage, getErrorMessage, diff --git a/src/util.ts b/src/util.ts index 60def1d82c..6db56e7220 100644 --- a/src/util.ts +++ b/src/util.ts @@ -17,8 +17,6 @@ import { EnvVar } from "./environment"; import { Language } from "./languages"; import { Logger } from "./logging"; -export * from "./sarif"; - /** * The name of the file containing the base database OIDs, as stored in the * root of the database location. From 28b449d8c7efe442b6c82b03135ffbcd8fd4e98d Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Tue, 3 Mar 2026 11:18:47 +0000 Subject: [PATCH 09/11] Improve version handling in `combineSarifFiles` --- lib/analyze-action.js | 23 ++++++++++++----------- lib/init-action-post.js | 23 ++++++++++++----------- lib/upload-lib.js | 23 ++++++++++++----------- lib/upload-sarif-action.js | 23 ++++++++++++----------- src/sarif/index.ts | 30 ++++++++++++++++++------------ 5 files changed, 66 insertions(+), 56 deletions(-) diff --git a/lib/analyze-action.js b/lib/analyze-action.js index 1b881eb184..35c36f0fbe 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -112406,23 +112406,24 @@ function readSarifFile(sarifFilePath) { } function combineSarifFiles(sarifFiles, logger) { logger.info(`Loading SARIF file(s)`); - const combinedSarif = { - version: "2.1.0", - runs: [] - }; + const runs = []; + let version = void 0; for (const sarifFile of sarifFiles) { logger.debug(`Loading SARIF file: ${sarifFile}`); - const sarifObject = readSarifFile(sarifFile); - if (combinedSarif.version === null) { - combinedSarif.version = sarifObject.version; - } else if (combinedSarif.version !== sarifObject.version) { + const sarifLog = readSarifFile(sarifFile); + if (version === void 0) { + version = sarifLog.version; + } else if (version !== sarifLog.version) { throw new InvalidSarifUploadError( - `Different SARIF versions encountered: ${combinedSarif.version} and ${sarifObject.version}` + `Different SARIF versions encountered: ${version} and ${sarifLog.version}` ); } - combinedSarif.runs.push(...sarifObject.runs); + runs.push(...sarifLog.runs); + } + if (version === void 0) { + version = "2.1.0"; } - return combinedSarif; + return { version, runs }; } function areAllRunsProducedByCodeQL(sarifLogs) { return sarifLogs.every((sarifLog) => { diff --git a/lib/init-action-post.js b/lib/init-action-post.js index f1fb6991e3..a3ad6686e1 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -169484,23 +169484,24 @@ function readSarifFile(sarifFilePath) { } function combineSarifFiles(sarifFiles, logger) { logger.info(`Loading SARIF file(s)`); - const combinedSarif = { - version: "2.1.0", - runs: [] - }; + const runs = []; + let version = void 0; for (const sarifFile of sarifFiles) { logger.debug(`Loading SARIF file: ${sarifFile}`); - const sarifObject = readSarifFile(sarifFile); - if (combinedSarif.version === null) { - combinedSarif.version = sarifObject.version; - } else if (combinedSarif.version !== sarifObject.version) { + const sarifLog = readSarifFile(sarifFile); + if (version === void 0) { + version = sarifLog.version; + } else if (version !== sarifLog.version) { throw new InvalidSarifUploadError( - `Different SARIF versions encountered: ${combinedSarif.version} and ${sarifObject.version}` + `Different SARIF versions encountered: ${version} and ${sarifLog.version}` ); } - combinedSarif.runs.push(...sarifObject.runs); + runs.push(...sarifLog.runs); + } + if (version === void 0) { + version = "2.1.0"; } - return combinedSarif; + return { version, runs }; } function areAllRunsProducedByCodeQL(sarifLogs) { return sarifLogs.every((sarifLog) => { diff --git a/lib/upload-lib.js b/lib/upload-lib.js index edd8851035..bf7a38ff47 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -110293,23 +110293,24 @@ function readSarifFile(sarifFilePath) { } function combineSarifFiles(sarifFiles, logger) { logger.info(`Loading SARIF file(s)`); - const combinedSarif = { - version: "2.1.0", - runs: [] - }; + const runs = []; + let version = void 0; for (const sarifFile of sarifFiles) { logger.debug(`Loading SARIF file: ${sarifFile}`); - const sarifObject = readSarifFile(sarifFile); - if (combinedSarif.version === null) { - combinedSarif.version = sarifObject.version; - } else if (combinedSarif.version !== sarifObject.version) { + const sarifLog = readSarifFile(sarifFile); + if (version === void 0) { + version = sarifLog.version; + } else if (version !== sarifLog.version) { throw new InvalidSarifUploadError( - `Different SARIF versions encountered: ${combinedSarif.version} and ${sarifObject.version}` + `Different SARIF versions encountered: ${version} and ${sarifLog.version}` ); } - combinedSarif.runs.push(...sarifObject.runs); + runs.push(...sarifLog.runs); + } + if (version === void 0) { + version = "2.1.0"; } - return combinedSarif; + return { version, runs }; } function areAllRunsProducedByCodeQL(sarifLogs) { return sarifLogs.every((sarifLog) => { diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index 4aa79da845..8029454c1d 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -107503,23 +107503,24 @@ function readSarifFile(sarifFilePath) { } function combineSarifFiles(sarifFiles, logger) { logger.info(`Loading SARIF file(s)`); - const combinedSarif = { - version: "2.1.0", - runs: [] - }; + const runs = []; + let version = void 0; for (const sarifFile of sarifFiles) { logger.debug(`Loading SARIF file: ${sarifFile}`); - const sarifObject = readSarifFile(sarifFile); - if (combinedSarif.version === null) { - combinedSarif.version = sarifObject.version; - } else if (combinedSarif.version !== sarifObject.version) { + const sarifLog = readSarifFile(sarifFile); + if (version === void 0) { + version = sarifLog.version; + } else if (version !== sarifLog.version) { throw new InvalidSarifUploadError( - `Different SARIF versions encountered: ${combinedSarif.version} and ${sarifObject.version}` + `Different SARIF versions encountered: ${version} and ${sarifLog.version}` ); } - combinedSarif.runs.push(...sarifObject.runs); + runs.push(...sarifLog.runs); + } + if (version === void 0) { + version = "2.1.0"; } - return combinedSarif; + return { version, runs }; } function areAllRunsProducedByCodeQL(sarifLogs) { return sarifLogs.every((sarifLog) => { diff --git a/src/sarif/index.ts b/src/sarif/index.ts index 645ca62fe3..475110eef3 100644 --- a/src/sarif/index.ts +++ b/src/sarif/index.ts @@ -46,27 +46,33 @@ export function combineSarifFiles( logger: Logger, ): sarif.Log { logger.info(`Loading SARIF file(s)`); - const combinedSarif: sarif.Log = { - version: "2.1.0", - runs: [], - }; + const runs: sarif.Run[] = []; + let version: sarif.Log.version | undefined = undefined; for (const sarifFile of sarifFiles) { logger.debug(`Loading SARIF file: ${sarifFile}`); - const sarifObject = readSarifFile(sarifFile); - // Check SARIF version - if (combinedSarif.version === null) { - combinedSarif.version = sarifObject.version; - } else if (combinedSarif.version !== sarifObject.version) { + const sarifLog = readSarifFile(sarifFile); + // If this is the first SARIF file we are reading, store the version from it so that we + // can put it in the combined SARIF. If not, then check that the versions match and + // throw an exception if they do not. + if (version === undefined) { + version = sarifLog.version; + } else if (version !== sarifLog.version) { throw new InvalidSarifUploadError( - `Different SARIF versions encountered: ${combinedSarif.version} and ${sarifObject.version}`, + `Different SARIF versions encountered: ${version} and ${sarifLog.version}`, ); } - combinedSarif.runs.push(...sarifObject.runs); + runs.push(...sarifLog.runs); + } + + // We can't guarantee that the SARIF files we load will have version properties. As a fallback, + // we set it to the expected version if we didn't find any other. + if (version === undefined) { + version = "2.1.0"; } - return combinedSarif; + return { version, runs }; } /** From 6d060bbaa15a58eaed2a12c82e2120a5f7a8bd17 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Tue, 3 Mar 2026 11:34:01 +0000 Subject: [PATCH 10/11] Return `Partial` from `readSarifFile` Our previous definition had `tools` as a mandatory field, so this also makes some changes to deal with the case where that may be `undefined` by treating it as equivalent to `[]`. --- lib/analyze-action.js | 13 ++++++++++--- lib/init-action-post.js | 13 ++++++++++--- lib/upload-lib.js | 13 ++++++++++--- lib/upload-sarif-action.js | 13 ++++++++++--- src/fingerprints.ts | 4 ++-- src/sarif/index.ts | 28 ++++++++++++++++++++------ src/upload-lib.ts | 40 +++++++++++++++++++++++--------------- 7 files changed, 88 insertions(+), 36 deletions(-) diff --git a/lib/analyze-action.js b/lib/analyze-action.js index 35c36f0fbe..d5a137385b 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -112418,7 +112418,7 @@ function combineSarifFiles(sarifFiles, logger) { `Different SARIF versions encountered: ${version} and ${sarifLog.version}` ); } - runs.push(...sarifLog.runs); + runs.push(...sarifLog?.runs || []); } if (version === void 0) { version = "2.1.0"; @@ -112443,6 +112443,9 @@ function createRunKey(run2) { function areAllRunsUnique(sarifLogs) { const keys = /* @__PURE__ */ new Set(); for (const sarifLog of sarifLogs) { + if (sarifLog.runs === void 0) { + continue; + } for (const run2 of sarifLog.runs) { const key = JSON.stringify(createRunKey(run2)); if (keys.has(key)) { @@ -112706,7 +112709,7 @@ function validateSarifFileSchema(sarifLog, sarifFilePath, logger) { logger.debug( `Skipping SARIF schema validation for ${sarifFilePath} as all runs are produced by CodeQL.` ); - return; + return true; } logger.info(`Validating ${sarifFilePath}`); const schema2 = require_sarif_schema_2_1_0(); @@ -112737,6 +112740,7 @@ ${sarifErrors.join( )}` ); } + return true; } function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, workflowRunID, workflowRunAttempt, checkoutURI, environment, toolNames, mergeBaseCommitOid) { const payloadObj = { @@ -112978,7 +112982,7 @@ function handleProcessingResultForUnsuccessfulExecution(response, status, logger } function validateUniqueCategory(sarifLog, sentinelPrefix) { const categories = {}; - for (const run2 of sarifLog.runs) { + for (const run2 of sarifLog.runs || []) { const id = run2?.automationDetails?.id; const tool = run2.tool?.driver?.name; const category = `${sanitize(id)}_${sanitize(tool)}`; @@ -113002,6 +113006,9 @@ function filterAlertsByDiffRange(logger, sarifLog) { if (!diffRanges?.length) { return sarifLog; } + if (sarifLog.runs === void 0) { + return sarifLog; + } const checkoutPath = getRequiredInput("checkout_path"); for (const run2 of sarifLog.runs) { if (run2.results) { diff --git a/lib/init-action-post.js b/lib/init-action-post.js index a3ad6686e1..4766f61a4b 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -169496,7 +169496,7 @@ function combineSarifFiles(sarifFiles, logger) { `Different SARIF versions encountered: ${version} and ${sarifLog.version}` ); } - runs.push(...sarifLog.runs); + runs.push(...sarifLog?.runs || []); } if (version === void 0) { version = "2.1.0"; @@ -169521,6 +169521,9 @@ function createRunKey(run3) { function areAllRunsUnique(sarifLogs) { const keys = /* @__PURE__ */ new Set(); for (const sarifLog of sarifLogs) { + if (sarifLog.runs === void 0) { + continue; + } for (const run3 of sarifLog.runs) { const key = JSON.stringify(createRunKey(run3)); if (keys.has(key)) { @@ -169753,7 +169756,7 @@ function validateSarifFileSchema(sarifLog, sarifFilePath, logger) { logger.debug( `Skipping SARIF schema validation for ${sarifFilePath} as all runs are produced by CodeQL.` ); - return; + return true; } logger.info(`Validating ${sarifFilePath}`); const schema2 = require_sarif_schema_2_1_0(); @@ -169784,6 +169787,7 @@ ${sarifErrors.join( )}` ); } + return true; } function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, workflowRunID, workflowRunAttempt, checkoutURI, environment, toolNames, mergeBaseCommitOid) { const payloadObj = { @@ -170027,7 +170031,7 @@ function handleProcessingResultForUnsuccessfulExecution(response, status, logger } function validateUniqueCategory(sarifLog, sentinelPrefix) { const categories = {}; - for (const run3 of sarifLog.runs) { + for (const run3 of sarifLog.runs || []) { const id = run3?.automationDetails?.id; const tool = run3.tool?.driver?.name; const category = `${sanitize(id)}_${sanitize(tool)}`; @@ -170051,6 +170055,9 @@ function filterAlertsByDiffRange(logger, sarifLog) { if (!diffRanges?.length) { return sarifLog; } + if (sarifLog.runs === void 0) { + return sarifLog; + } const checkoutPath = getRequiredInput("checkout_path"); for (const run3 of sarifLog.runs) { if (run3.results) { diff --git a/lib/upload-lib.js b/lib/upload-lib.js index bf7a38ff47..fef47c9e2f 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -110305,7 +110305,7 @@ function combineSarifFiles(sarifFiles, logger) { `Different SARIF versions encountered: ${version} and ${sarifLog.version}` ); } - runs.push(...sarifLog.runs); + runs.push(...sarifLog?.runs || []); } if (version === void 0) { version = "2.1.0"; @@ -110330,6 +110330,9 @@ function createRunKey(run) { function areAllRunsUnique(sarifLogs) { const keys = /* @__PURE__ */ new Set(); for (const sarifLog of sarifLogs) { + if (sarifLog.runs === void 0) { + continue; + } for (const run of sarifLog.runs) { const key = JSON.stringify(createRunKey(run)); if (keys.has(key)) { @@ -110610,7 +110613,7 @@ function validateSarifFileSchema(sarifLog, sarifFilePath, logger) { logger.debug( `Skipping SARIF schema validation for ${sarifFilePath} as all runs are produced by CodeQL.` ); - return; + return true; } logger.info(`Validating ${sarifFilePath}`); const schema2 = require_sarif_schema_2_1_0(); @@ -110641,6 +110644,7 @@ ${sarifErrors.join( )}` ); } + return true; } function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, workflowRunID, workflowRunAttempt, checkoutURI, environment, toolNames, mergeBaseCommitOid) { const payloadObj = { @@ -110912,7 +110916,7 @@ function handleProcessingResultForUnsuccessfulExecution(response, status, logger } function validateUniqueCategory(sarifLog, sentinelPrefix) { const categories = {}; - for (const run of sarifLog.runs) { + for (const run of sarifLog.runs || []) { const id = run?.automationDetails?.id; const tool = run.tool?.driver?.name; const category = `${sanitize(id)}_${sanitize(tool)}`; @@ -110936,6 +110940,9 @@ function filterAlertsByDiffRange(logger, sarifLog) { if (!diffRanges?.length) { return sarifLog; } + if (sarifLog.runs === void 0) { + return sarifLog; + } const checkoutPath = getRequiredInput("checkout_path"); for (const run of sarifLog.runs) { if (run.results) { diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index 8029454c1d..b70d99ebd6 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -107515,7 +107515,7 @@ function combineSarifFiles(sarifFiles, logger) { `Different SARIF versions encountered: ${version} and ${sarifLog.version}` ); } - runs.push(...sarifLog.runs); + runs.push(...sarifLog?.runs || []); } if (version === void 0) { version = "2.1.0"; @@ -107540,6 +107540,9 @@ function createRunKey(run2) { function areAllRunsUnique(sarifLogs) { const keys = /* @__PURE__ */ new Set(); for (const sarifLog of sarifLogs) { + if (sarifLog.runs === void 0) { + continue; + } for (const run2 of sarifLog.runs) { const key = JSON.stringify(createRunKey(run2)); if (keys.has(key)) { @@ -111185,7 +111188,7 @@ function validateSarifFileSchema(sarifLog, sarifFilePath, logger) { logger.debug( `Skipping SARIF schema validation for ${sarifFilePath} as all runs are produced by CodeQL.` ); - return; + return true; } logger.info(`Validating ${sarifFilePath}`); const schema2 = require_sarif_schema_2_1_0(); @@ -111216,6 +111219,7 @@ ${sarifErrors.join( )}` ); } + return true; } function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, workflowRunID, workflowRunAttempt, checkoutURI, environment, toolNames, mergeBaseCommitOid) { const payloadObj = { @@ -111457,7 +111461,7 @@ function handleProcessingResultForUnsuccessfulExecution(response, status, logger } function validateUniqueCategory(sarifLog, sentinelPrefix) { const categories = {}; - for (const run2 of sarifLog.runs) { + for (const run2 of sarifLog.runs || []) { const id = run2?.automationDetails?.id; const tool = run2.tool?.driver?.name; const category = `${sanitize(id)}_${sanitize(tool)}`; @@ -111481,6 +111485,9 @@ function filterAlertsByDiffRange(logger, sarifLog) { if (!diffRanges?.length) { return sarifLog; } + if (sarifLog.runs === void 0) { + return sarifLog; + } const checkoutPath = getRequiredInput("checkout_path"); for (const run2 of sarifLog.runs) { if (run2.results) { diff --git a/src/fingerprints.ts b/src/fingerprints.ts index e6c5bd1316..013ba65f57 100644 --- a/src/fingerprints.ts +++ b/src/fingerprints.ts @@ -256,10 +256,10 @@ export function resolveUriToFile( // Compute fingerprints for results in the given sarif file // and return an updated sarif file contents. export async function addFingerprints( - sarifLog: sarif.Log, + sarifLog: Partial, sourceRoot: string, logger: Logger, -): Promise { +): Promise> { logger.info( `Adding fingerprints to SARIF file. See ${DocUrl.TRACK_CODE_SCANNING_ALERTS_ACROSS_RUNS} for more information.`, ); diff --git a/src/sarif/index.ts b/src/sarif/index.ts index 475110eef3..34d41ef181 100644 --- a/src/sarif/index.ts +++ b/src/sarif/index.ts @@ -21,7 +21,7 @@ export class InvalidSarifUploadError extends Error {} * * Returns an array of unique string tool names. */ -export function getToolNames(sarifFile: sarif.Log): string[] { +export function getToolNames(sarifFile: Partial): string[] { const toolNames = {}; for (const run of sarifFile.runs || []) { @@ -35,7 +35,15 @@ export function getToolNames(sarifFile: sarif.Log): string[] { return Object.keys(toolNames); } -export function readSarifFile(sarifFilePath: string): sarif.Log { +/** + * Reads the file pointed at by `sarifFilePath` and parses it as JSON. This function does + * not validate that the JSON represents a valid SARIF file. I.e. this function will only + * throw if the file cannot be read or does not contain valid JSON. + * + * @param sarifFilePath The file to read. + * @returns The resulting JSON value, cast to a SARIF `Log`. + */ +export function readSarifFile(sarifFilePath: string): Partial { return JSON.parse(fs.readFileSync(sarifFilePath, "utf8")) as sarif.Log; } @@ -63,7 +71,7 @@ export function combineSarifFiles( ); } - runs.push(...sarifLog.runs); + runs.push(...(sarifLog?.runs || [])); } // We can't guarantee that the SARIF files we load will have version properties. As a fallback, @@ -79,8 +87,10 @@ export function combineSarifFiles( * Checks whether all the runs in the given SARIF files were produced by CodeQL. * @param sarifLogs The list of SARIF objects to check. */ -export function areAllRunsProducedByCodeQL(sarifLogs: sarif.Log[]): boolean { - return sarifLogs.every((sarifLog: sarif.Log) => { +export function areAllRunsProducedByCodeQL( + sarifLogs: Array>, +): boolean { + return sarifLogs.every((sarifLog: Partial) => { return sarifLog.runs?.every((run) => run.tool?.driver?.name === "CodeQL"); }); } @@ -101,10 +111,16 @@ function createRunKey(run: sarif.Run): RunKey { * criteria used by Code Scanning to determine analysis categories). * @param sarifLogs The list of SARIF objects to check. */ -export function areAllRunsUnique(sarifLogs: sarif.Log[]): boolean { +export function areAllRunsUnique( + sarifLogs: Array>, +): boolean { const keys = new Set(); for (const sarifLog of sarifLogs) { + if (sarifLog.runs === undefined) { + continue; + } + for (const run of sarifLog.runs) { const key = JSON.stringify(createRunKey(run)); diff --git a/src/upload-lib.ts b/src/upload-lib.ts index b15278be5b..2498825337 100644 --- a/src/upload-lib.ts +++ b/src/upload-lib.ts @@ -46,7 +46,7 @@ const GENERIC_404_MSG = // Checks whether the deprecation warning for combining SARIF files should be shown. export async function shouldShowCombineSarifFilesDeprecationWarning( - sarifObjects: sarif.Log[], + sarifObjects: Array>, githubVersion: GitHubVersion, ) { // Do not show this warning on GHES versions before 3.14.0 @@ -66,7 +66,7 @@ export async function shouldShowCombineSarifFilesDeprecationWarning( } export async function throwIfCombineSarifFilesDisabled( - sarifObjects: sarif.Log[], + sarifObjects: Array>, githubVersion: GitHubVersion, ) { if (!(await shouldDisableCombineSarifFiles(sarifObjects, githubVersion))) { @@ -83,7 +83,7 @@ export async function throwIfCombineSarifFilesDisabled( // Checks whether combining SARIF files should be disabled. async function shouldDisableCombineSarifFiles( - sarifObjects: sarif.Log[], + sarifObjects: Array>, githubVersion: GitHubVersion, ) { if (githubVersion.type === GitHubVariant.GHES) { @@ -112,7 +112,7 @@ async function combineSarifFilesUsingCLI( gitHubVersion: GitHubVersion, features: FeatureEnablement, logger: Logger, -): Promise { +): Promise> { logger.info("Combining SARIF files using the CodeQL CLI"); const sarifObjects = sarifFiles.map(sarif.readSarifFile); @@ -203,11 +203,11 @@ async function combineSarifFilesUsingCLI( // Populates the run.automationDetails.id field using the analysis_key and environment // and return an updated sarif file contents. export function populateRunAutomationDetails( - sarifFile: sarif.Log, + sarifFile: Partial, category: string | undefined, analysis_key: string, environment: string | undefined, -): sarif.Log { +): Partial { const automationID = getAutomationID(category, analysis_key, environment); if (automationID !== undefined) { @@ -451,7 +451,9 @@ function countResultsInSarif(sarifLog: string): number { * * @throws InvalidSarifUploadError If parsing the SARIF file as JSON failed. */ -export function readSarifFileOrThrow(sarifFilePath: string): sarif.Log { +export function readSarifFileOrThrow( + sarifFilePath: string, +): Partial { try { return sarif.readSarifFile(sarifFilePath); } catch (e) { @@ -464,10 +466,10 @@ export function readSarifFileOrThrow(sarifFilePath: string): sarif.Log { // Validates the given SARIF object and throws an error if the SARIF object is invalid. // The file path is only used in error messages to improve clarity. export function validateSarifFileSchema( - sarifLog: sarif.Log, + sarifLog: Partial, sarifFilePath: string, logger: Logger, -) { +): sarifLog is sarif.Log { if ( areAllRunsProducedByCodeQL([sarifLog]) && // We want to validate CodeQL SARIF in testing environments. @@ -476,7 +478,7 @@ export function validateSarifFileSchema( logger.debug( `Skipping SARIF schema validation for ${sarifFilePath} as all runs are produced by CodeQL.`, ); - return; + return true; } logger.info(`Validating ${sarifFilePath}`); @@ -525,6 +527,8 @@ export function validateSarifFileSchema( )}`, ); } + + return true; } // buildPayload constructs a map ready to be uploaded to the API from the given @@ -585,7 +589,7 @@ export function buildPayload( } export interface PostProcessingResults { - sarif: sarif.Log; + sarif: Partial; analysisKey: string; environment: string; } @@ -615,7 +619,7 @@ export async function postProcessSarifFiles( const gitHubVersion = await getGitHubVersion(); - let sarifLog: sarif.Log; + let sarifLog: Partial; category = analysis.fixCategory(logger, category); if (sarifPaths.length > 1) { @@ -1007,14 +1011,14 @@ function handleProcessingResultForUnsuccessfulExecution( } export function validateUniqueCategory( - sarifLog: sarif.Log, + sarifLog: Partial, sentinelPrefix: string, ): void { // duplicate categories are allowed in the same sarif file // but not across multiple sarif files const categories = {} as Record; - for (const run of sarifLog.runs) { + for (const run of sarifLog.runs || []) { const id = run?.automationDetails?.id; const tool = run.tool?.driver?.name; const category = `${sanitize(id)}_${sanitize(tool)}`; @@ -1051,13 +1055,17 @@ function sanitize(str?: string) { function filterAlertsByDiffRange( logger: Logger, - sarifLog: sarif.Log, -): sarif.Log { + sarifLog: Partial, +): Partial { const diffRanges = readDiffRangesJsonFile(logger); if (!diffRanges?.length) { return sarifLog; } + if (sarifLog.runs === undefined) { + return sarifLog; + } + const checkoutPath = actionsUtil.getRequiredInput("checkout_path"); for (const run of sarifLog.runs) { From 2a2f4c30a1aea20d7e86315b3d3d54c0a1d345c9 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Tue, 3 Mar 2026 11:35:43 +0000 Subject: [PATCH 11/11] Add docs for `automationId` --- src/sarif/index.ts | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/sarif/index.ts b/src/sarif/index.ts index 34d41ef181..3cd537dafb 100644 --- a/src/sarif/index.ts +++ b/src/sarif/index.ts @@ -6,8 +6,12 @@ import * as sarif from "sarif"; export type * from "sarif"; -// `automationId` is non-standard. +// Extends `ToolComponent` with the non-standard `automationId` property we use. export type RunKey = sarif.ToolComponent & { + /** + * Describes a SARIF run (either uniquely or not uniquely) based on the criteria used by + * Code Scanning to determine analysis categories + */ automationId: string | undefined; };