8000 Support `security-experimental` as a well-known suite (#1519) · github/codeql-action@39c954c · GitHub
[go: up one dir, main page]
Skip to content

Commit 39c954c

Browse files
angelapwenangelapwen
authored
Support security-experimental as a well-known suite (#1519)
1 parent 927de48 commit 39c954c

File tree

9 files changed

+64
-11
lines changed

9 files changed

+64
-11
lines changed

lib/codeql.js

Lines changed: 5 additions & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

lib/codeql.js.map

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

lib/config-utils.js

Lines changed: 14 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

lib/config-utils.js.map

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

lib/config-utils.test.js

Lines changed: 4 additions & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

lib/config-utils.test.js.map

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

src/codeql.ts

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -278,6 +278,11 @@ export const CODEQL_VERSION_ML_POWERED_QUERIES_WINDOWS = "2.9.0";
278278
*/
279279
export const CODEQL_VERSION_BETTER_RESOLVE_LANGUAGES = "2.10.3";
280280

281+
/**
282+
* Versions 2.11.1+ of the CodeQL Bundle include a `security-experimental` built-in query suite for each language.
283+
*/
284+
export const CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = "2.12.1";
285+
281286
/**
282287
* Set up CodeQL CLI access.
283288
*

src/config-utils.test.ts

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1993,7 +1993,7 @@ test(
19931993
process.platform === "win32" ? undefined : "~0.1.0"
19941994
);
19951995
// Test that ML-powered queries aren't run when the user hasn't specified that we should run the
1996-
// `security-extended` or `security-and-quality` query suite.
1996+
// `security-extended`, `security-and-quality`, or `security-experimental` query suite.
19971997
test(mlPoweredQueriesMacro, "2.7.5", true, undefined, undefined, undefined);
19981998
// Test that ML-powered queries are run on non-Windows platforms running `security-extended` on
19991999
// versions of the CodeQL CLI prior to 2.9.0.
@@ -2074,7 +2074,6 @@ test(
20742074
"security-extended",
20752075
"~0.4.0"
20762076
);
2077-
20782077
// Test that ML-powered queries are run on all platforms running `security-and-quality` on CodeQL
20792078
// CLI 2.11.3+.
20802079
test(
@@ -2085,6 +2084,16 @@ test(
20852084
"security-and-quality",
20862085
"~0.4.0"
20872086
);
2087+
// Test that ML-powered queries are run on all platforms running `security-experimental` on CodeQL
2088+
// CLI 2.12.1+.
2089+
test(
2090+
mlPoweredQueriesMacro,
2091+
"2.12.1",
2092+
true,
2093+
undefined,
2094+
"security-experimental",
2095+
"~0.4.0"
2096+
);
20882097

20892098
const calculateAugmentationMacro = test.macro({
20902099
exec: async (

src/config-utils.ts

Lines changed: 22 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@ import {
1010
CodeQL,
1111
CODEQL_VERSION_GHES_PACK_DOWNLOAD,
1212
CODEQL_VERSION_ML_POWERED_QUERIES_WINDOWS,
13+
CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE,
1314
ResolveQueriesOutput,
1415
} from "./codeql";
1516
import * as externalQueries from "./external-queries";
@@ -380,7 +381,11 @@ async function addDefaultQueries(
380381
}
381382

382383
// The set of acceptable values for built-in suites from the codeql bundle
383-
const builtinSuites = ["security-extended", "security-and-quality"] as const;
384+
const builtinSuites = [
385+
"security-experimental",
386+
"security-extended",
387+
"security-and-quality",
388+
] as const;
384389

385390
/**
386391
* Determine the set of queries associated with suiteName's suites and add them to resultMap.
@@ -401,6 +406,19 @@ async function addBuiltinSuiteQueries(
401406
if (!found) {
402407
throw new Error(getQueryUsesInvalid(configFile, suiteName));
403408
}
409+
if (
410+
suiteName === "security-experimental" &&
411+
!(await codeQlVersionAbove(
412+
codeQL,
413+
CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE
414+
))
415+
) {
416+
throw new Error(
417+
`The 'security-experimental' suite is not supported on CodeQL CLI versions earlier than
418+
${CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE}. Please upgrade to CodeQL CLI version
419+
${CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE} or later.`
420+
);
421+
}
404422

405423
// If we're running the JavaScript security-extended analysis (or a superset of it), the repo is
406424
// opted into the ML-powered queries beta, and a user hasn't already added the ML-powered query
@@ -413,7 +431,9 @@ async function addBuiltinSuiteQueries(
413431
CODEQL_VERSION_ML_POWERED_QUERIES_WINDOWS
414432
))) &&
415433
languages.includes("javascript") &&
416-
(found === "security-extended" || found === "security-and-quality") &&
434+
(found === "security-experimental" ||
435+
found === "security-extended" ||
436+
found === "security-and-quality") &&
417437
!packs.javascript?.some(isMlPoweredJsQueriesPack) &&
418438
(await featureEnablement.getValue(Feature.MlPoweredQueriesEnabled, codeQL))
419439
) {

0 commit comments

Comments
 (0)
0