Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add capability to filter queries #1098

Merged
merged 9 commits into from
Jun 16, 2022
52 changes: 52 additions & 0 deletions .github/query-filter-test/action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
name: Query Filter Test
description: Runs a test of query filters using the check SARIF action
inputs:
sarif-file:
required: true
description: The SARIF file to check

queries-run:
required: true
description: |
Comma separated list of query ids that should be included in this SARIF file.

queries-not-run:
required: true
description: |
Comma separated list of query ids that should NOT be included in this SARIF file.

config-file:
required: true
description: |
The location of the codeql configuration file to use.

tools:
required: true
description: |
The url of codeql to use.

runs:
using: composite
steps:
- uses: ./../action/init
with:
languages: javascript
config-file: ./.github/codeql/codeql-config-query-filters1.yml
tools: ${{ inputs.tools }}
db-location: ${{ runner.temp }}/query-filter-test
- uses: ./../action/analyze
with:
output: ${{ runner.temp }}/results
upload-database: false
upload: false
env:
TEST_MODE: "true"
- name: Check SARIF
uses: ./../action/.github/check-sarif
with:
sarif-file: ${{ inputs.sarif-file }}
queries-run: ${{ inputs.queries-run}}
queries-not-run: ${{ inputs.queries-not-run}}
- name: Cleanup after test
shell: bash
run: rm -rf "$RUNNER_TEMP/results" "$RUNNER_TEMP//query-filter-test"
2 changes: 0 additions & 2 deletions .github/workflows/expected-queries-runs.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,4 @@
name: Check queries that ran
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

on:
push:
Expand Down
55 changes: 55 additions & 0 deletions .github/workflows/query-filters.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
name: Query filters tests

on:
push:
branches:
- main
- releases/v1
- releases/v2
pull_request:
types:
- opened
- synchronize
- reopened
- ready_for_review
workflow_dispatch: {}

jobs:
expected-queries:
timeout-minutes: 45
runs-on: ubuntu-latest
steps:
- name: Check out repository
uses: actions/checkout@v3
- name: Prepare test
id: prepare-test
uses: ./.github/prepare-test
with:
version: latest

- name: Check SARIF for default queries with Single include, Single exclude
uses: ./../action/.github/query-filter-test
with:
sarif-file: ${{ runner.temp }}/results/javascript.sarif
queries-run: js/zipslip
queries-not-run: js/path-injection
config-file: ./.github/codeql/codeql-config-query-filters1.yml
tools: ${{ steps.prepare-test.outputs.tools-url }}

- name: Check SARIF for query packs with Single include, Single exclude
uses: ./../action/.github/query-filter-test
with:
sarif-file: ${{ runner.temp }}/results/javascript.sarif
queries-run: js/zipslip,javascript/example/empty-or-one-block
queries-not-run: js/path-injection
config-file: ./.github/codeql/codeql-config-query-filters2.yml
tools: ${{ steps.prepare-test.outputs.tools-url }}

- name: Check SARIF for query packs and local queries with Single include, Single exclude
uses: ./../action/.github/query-filter-test
with:
sarif-file: ${{ runner.temp }}/results/javascript.sarif
queries-run: js/zipslip,javascript/example/empty-or-one-block,inrepo-javascript-querypack/show-ifs
queries-not-run: js/path-injection,complex-python-querypack/show-ifs,complex-python-querypack/foo/bar/show-ifs
config-file: ./.github/codeql/codeql-config-query-filters3.yml
tools: ${{ steps.prepare-test.outputs.tools-url }}
2 changes: 1 addition & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

## [UNRELEASED]

No user facing changes.
- Add the ability to filter queries from a code scanning run by using the `query-filters` option in the code scanning configuration file. [#1098](https://github.com/github/codeql-action/pull/1098)

## 2.1.12 - 01 Jun 2022

Expand Down
69 changes: 56 additions & 13 deletions lib/analyze.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading