Exclude the temporary directory from scanning.

src/analysis-paths.test.ts

@@ -1,6 +1,8 @@
 import test from "ava";
+import * as path from "path";
 
 import * as analysisPaths from "./analysis-paths";
+import { getRunnerLogger } from "./logging";
 import { setupTests } from "./testing-utils";
 import * as util from "./util";
 
@@ -18,7 +20,7 @@ test("emptyPaths", async (t) => {
       toolCacheDir: tmpDir,
       codeQLCmd: "",
     };
-    analysisPaths.includeAndExcludeAnalysisPaths(config);
+    analysisPaths.includeAndExcludeAnalysisPaths(config, getRunnerLogger(true));
     t.is(process.env["LGTM_INDEX_INCLUDE"], undefined);
     t.is(process.env["LGTM_INDEX_EXCLUDE"], undefined);
     t.is(process.env["LGTM_INDEX_FILTERS"], undefined);
@@ -37,7 +39,7 @@ test("nonEmptyPaths", async (t) => {
       toolCacheDir: tmpDir,
       codeQLCmd: "",
     };
-    analysisPaths.includeAndExcludeAnalysisPaths(config);
+    analysisPaths.includeAndExcludeAnalysisPaths(config, getRunnerLogger(true));
     t.is(process.env["LGTM_INDEX_INCLUDE"], "path1\npath2");
     t.is(process.env["LGTM_INDEX_EXCLUDE"], "path4\npath5");
     t.is(
@@ -46,3 +48,23 @@ test("nonEmptyPaths", async (t) => {
     );
   });
 });
+
+test("exclude temp dir", async (t) => {
+  return await util.withTmpDir(async (toolCacheDir) => {
+    const tempDir = path.join(process.cwd(), "codeql-runner-temp");
+    const config = {
+      languages: [],
+      queries: {},
+      pathsIgnore: [],
+      paths: [],
+      originalUserInput: {},
+      tempDir,
+      toolCacheDir,
+      codeQLCmd: "",
+    };
+    analysisPaths.includeAndExcludeAnalysisPaths(config, getRunnerLogger(true));
+    t.is(process.env["LGTM_INDEX_INCLUDE"], undefined);
+    t.is(process.env["LGTM_INDEX_EXCLUDE"], tempDir);
+    t.is(process.env["LGTM_INDEX_FILTERS"], undefined);
+  });
+});

src/analysis-paths.ts

@@ -1,3 +1,4 @@
+import * as path from "path";
 import * as configUtils from "./config-utils";
 import { Logger } from "./logging";
 
@@ -37,7 +38,10 @@ export function printPathFiltersWarning(
   }
 }
 
-export function includeAndExcludeAnalysisPaths(config: configUtils.Config) {
+export function includeAndExcludeAnalysisPaths(
+  config: configUtils.Config,
+  logger: Logger
+) {
   // The 'LGTM_INDEX_INCLUDE' and 'LGTM_INDEX_EXCLUDE' environment variables
   // control which files/directories are traversed when scanning.
   // This allows including files that otherwise would not be scanned, or
@@ -48,10 +52,17 @@ export function includeAndExcludeAnalysisPaths(config: configUtils.Config) {
   if (config.paths.length !== 0) {
     process.env["LGTM_INDEX_INCLUDE"] = buildIncludeExcludeEnvVar(config.paths);
   }
-  if (config.pathsIgnore.length !== 0) {
-    process.env["LGTM_INDEX_EXCLUDE"] = buildIncludeExcludeEnvVar(
-      config.pathsIgnore
+  // If the temporary directory is in the working directory ignore that too.
+  const tempRelativeToWorking = path.relative(process.cwd(), config.tempDir);
+  let pathsIgnore = config.pathsIgnore;
+  if (!tempRelativeToWorking.startsWith("..")) {
+    logger.warning(
+      "Storing the CodeQL Runner in the directory being analyzed is not recommended."
     );
+    pathsIgnore = pathsIgnore.concat(config.tempDir);
+  }
+  if (pathsIgnore.length !== 0) {
+    process.env["LGTM_INDEX_EXCLUDE"] = buildIncludeExcludeEnvVar(pathsIgnore);
   }
 
   // The 'LGTM_INDEX_FILTERS' environment variable controls which files are

src/analyze.ts

@@ -50,7 +50,7 @@ async function createdDBForScannedLanguages(
 ) {
   // Insert the LGTM_INDEX_X env vars at this point so they are set when
   // we extract any scanned languages.
-  analysisPaths.includeAndExcludeAnalysisPaths(config);
+  analysisPaths.includeAndExcludeAnalysisPaths(config, logger);
 
   const codeql = getCodeQL(config.codeQLCmd);
   for (const language of config.languages) {