Skip to content

Commit

Permalink
Extract query-filters test into a composite action
Browse files Browse the repository at this point in the history
Removes duplicated yaml.

Also add some better typings.
  • Loading branch information
aeisenberg committed Jun 15, 2022
1 parent 428caf0 commit 59ca9b5
Show file tree
Hide file tree
Showing 4 changed files with 86 additions and 58 deletions.
52 changes: 52 additions & 0 deletions .github/query-filter-test/action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
name: Query Filter Test
description: Runs a test of query filters using the check sarif action
inputs:
sarif-file:
required: true
description: The sarif file to check

queries-run:
required: true
description: |
Comma separated list of query ids that should be included in this SARIF file.
queries-not-run:
required: true
description: |
Comma separated list of query ids that should NOT be included in this SARIF file.
config-file:
required: true
description: |
The location of the codeql configuration file to use.
tools:
required: true
description: |
The url of codeql to use.
runs:
using: composite
steps:
- uses: ./../action/init
with:
languages: javascript
config-file: ./.github/codeql/codeql-config-query-filters1.yml
tools: ${{ inputs.tools }}
db-location: ${{ runner.temp }}/query-filter-test
- uses: ./../action/analyze
with:
output: ${{ runner.temp }}/results
upload-database: false
upload: false
env:
TEST_MODE: "true"
- name: Check Sarif
uses: ./../action/.github/check-sarif
with:
sarif-file: ${{ inputs.sarif-file }}
queries-run: ${{ inputs.queries-run}}
queries-not-run: ${{ inputs.queries-not-run}}
- name: Cleanup after test
shell: bash
run: rm -rf "$RUNNER_TEMP/results" "$RUNNER_TEMP//query-filter-test"
66 changes: 12 additions & 54 deletions .github/workflows/query-filters.yml
Original file line number Diff line number Diff line change
Expand Up @@ -27,71 +27,29 @@ jobs:
with:
version: latest

# Test 1
- uses: ./../action/init
with:
languages: javascript
config-file: ./.github/codeql/codeql-config-query-filters1.yml
tools: ${{ steps.prepare-test.outputs.tools-url }}
db-location: ${{ runner.temp }}/test1
- uses: ./../action/analyze
with:
output: ${{ runner.temp }}/results
upload-database: false
upload: false
env:
TEST_MODE: true
- name: Check Sarif
uses: ./../action/.github/check-sarif
- name: Check Sarif for default queries with Single include, Single exclude
uses: ./../action/.github/query-filter-test
with:
sarif-file: ${{ runner.temp }}/results/javascript.sarif
queries-run: js/zipslip
queries-not-run: js/path-injection
- name: Cleanup after test
run: rm -rf "$RUNNER_TEMP/results"

# Test 2
- uses: ./../action/init
with:
languages: javascript
config-file: ./.github/codeql/codeql-config-query-filters2.yml
config-file: ./.github/codeql/codeql-config-query-filters1.yml
tools: ${{ steps.prepare-test.outputs.tools-url }}
db-location: ${{ runner.temp }}/test2
- uses: ./../action/analyze
with:
output: ${{ runner.temp }}/results
upload-database: false
upload: false
env:
TEST_MODE: true
- name: Check Sarif
uses: ./../action/.github/check-sarif

- name: Check Sarif for query packs with Single include, Single exclude
uses: ./../action/.github/query-filter-test
with:
sarif-file: ${{ runner.temp }}/results/javascript.sarif
queries-run: js/zipslip,javascript/example/empty-or-one-block
queries-not-run: js/path-injection
- name: Cleanup after test
run: rm -rf "$RUNNER_TEMP/results"

# Test 3
- uses: ./../action/init
with:
languages: javascript
config-file: ./.github/codeql/codeql-config-query-filters3.yml
config-file: ./.github/codeql/codeql-config-query-filters2.yml
tools: ${{ steps.prepare-test.outputs.tools-url }}
db-location: ${{ runner.temp }}/test3
- uses: ./../action/analyze
with:
output: ${{ runner.temp }}/results
upload-database: false
upload: false
env:
TEST_MODE: true
- name: Check Sarif
uses: ./../action/.github/check-sarif

- name: Check Sarif for query packs and local queries with Single include, Single exclude
uses: ./../action/.github/query-filter-test
with:
sarif-file: ${{ runner.temp }}/results/javascript.sarif
queries-run: js/zipslip,javascript/example/empty-or-one-block,inrepo-javascript-querypack/show-ifs
queries-not-run: js/path-injection,complex-python-querypack/show-ifs,complex-python-querypack/foo/bar/show-ifs
- name: Cleanup after test
run: rm -rf "$RUNNER_TEMP/results"
config-file: ./.github/codeql/codeql-config-query-filters3.yml
tools: ${{ steps.prepare-test.outputs.tools-url }}
10 changes: 6 additions & 4 deletions src/analyze.ts
Original file line number Diff line number Diff line change
Expand Up @@ -402,9 +402,9 @@ export async function runQueries(
}

// combine the list of packs into a query suite in order to run them all simultaneously.
const querySuite = packs
.map(convertPackToQuerySuiteEntry)
.concat(queryFilters as any[]);
const querySuite = (
packs.map(convertPackToQuerySuiteEntry) as configUtils.QuerySuiteEntry[]
).concat(queryFilters);

const querySuitePath = `${databasePath}-queries-${type}.qls`;
fs.writeFileSync(querySuitePath, yaml.dump(querySuite));
Expand All @@ -424,7 +424,9 @@ export async function runQueries(
}
}

export function convertPackToQuerySuiteEntry(packStr: string) {
export function convertPackToQuerySuiteEntry(
packStr: string
): configUtils.QuerySuitePackEntry {
const pack = configUtils.parsePacksSpecification(packStr);
return {
qlpack: !pack.path ? pack.name : undefined,
Expand Down
16 changes: 16 additions & 0 deletions src/config-utils.ts
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,22 @@ interface IncludeQueryFilter {
include: Record<string, string[] | string>;
}

export type QuerySuitePackEntry = {
version?: string;
} & (
| {
qlpack: string;
}
| {
from?: string;
query?: string;
queries?: string;
apply?: string;
}
);

export type QuerySuiteEntry = QuerySuitePackEntry | QueryFilter;

/**
* Lists of query files for each language.
* Will only contain .ql files and not other kinds of files,
Expand Down

0 comments on commit 59ca9b5

Please sign in to comment.