-
Notifications
You must be signed in to change notification settings - Fork 329
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add integration tests for query filters
- Loading branch information
1 parent
06e27d3
commit b0c630e
Showing
4 changed files
with
105 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,4 @@ | ||
name: Expected queries runs | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
on: | ||
push: | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,74 @@ | ||
name: Query filters tests | ||
|
||
on: | ||
push: | ||
branches: | ||
- main | ||
- releases/v1 | ||
- releases/v2 | ||
pull_request: | ||
types: | ||
- opened | ||
- synchronize | ||
- reopened | ||
- ready_for_review | ||
workflow_dispatch: {} | ||
|
||
jobs: | ||
expected-queries: | ||
timeout-minutes: 45 | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Check out repository | ||
uses: actions/checkout@v3 | ||
- name: Prepare test | ||
id: prepare-test | ||
uses: ./.github/prepare-test | ||
with: | ||
version: latest | ||
|
||
# Test 1 | ||
- uses: ./../action/init | ||
with: | ||
languages: javascript | ||
config-file: ./.github/codeql/codeql-config-query-filters1.yml | ||
tools: ${{ steps.prepare-test.outputs.tools-url }} | ||
db-location: ${{ runner.temp }}/test1 | ||
- uses: ./../action/analyze | ||
with: | ||
output: ${{ runner.temp }}/results | ||
upload-database: false | ||
upload: false | ||
env: | ||
TEST_MODE: true | ||
- name: Check Sarif | ||
uses: ./../action/.github/check-sarif | ||
with: | ||
sarif-file: ${{ runner.temp }}/results/javascript.sarif | ||
queries-run: js/zipslip | ||
queries-not-run: js/path-injection | ||
- name: Cleanup after test | ||
run: rm -rf "$RUNNER_TEMP/results" | ||
|
||
# Test 2 | ||
- uses: ./../action/init | ||
with: | ||
languages: javascript | ||
config-file: ./.github/codeql/codeql-config-query-filters2.yml | ||
tools: ${{ steps.prepare-test.outputs.tools-url }} | ||
db-location: ${{ runner.temp }}/test2 | ||
- uses: ./../action/analyze | ||
with: | ||
output: ${{ runner.temp }}/results | ||
upload-database: false | ||
upload: false | ||
env: | ||
TEST_MODE: true | ||
- name: Check Sarif | ||
uses: ./../action/.github/check-sarif | ||
with: | ||
sarif-file: ${{ runner.temp }}/results/javascript.sarif | ||
queries-run: js/zipslip,javascript/example/empty-or-one-block | ||
queries-not-run: js/path-injection | ||
- name: Cleanup after test | ||
run: rm -rf "$RUNNER_TEMP/results" |
10 changes: 10 additions & 0 deletions
10
tests/multi-language-repo/.github/codeql/codeql-config-query-filters1.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
name: "CodeQL config 1" | ||
|
||
query-filters: | ||
# This should run js/path-injection and js/zipslip | ||
- include: | ||
tags contain: external/cwe/cwe-022 | ||
|
||
# Removes out js/path-injection | ||
- exclude: | ||
id: js/path-injection |
21 changes: 21 additions & 0 deletions
21
tests/multi-language-repo/.github/codeql/codeql-config-query-filters2.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
name: "CodeQL config 2" | ||
|
||
disable-default-queries: true | ||
|
||
packs: | ||
javascript: | ||
- codeql/javascript-queries | ||
- dsp-testing/[email protected] | ||
|
||
query-filters: | ||
# This should run js/path-injection and js/zipslip | ||
- include: | ||
tags contain: external/cwe/cwe-022 | ||
|
||
# Removes out js/path-injection | ||
- exclude: | ||
id: js/path-injection | ||
|
||
# Query from extra pack | ||
- include: | ||
id: javascript/example/empty-or-one-block |