Skip validating SARIF produced by CodeQL

lib/upload-lib.js

@@ -40,6 +40,7 @@ exports.InvalidSarifUploadError = void 0;
 exports.shouldShowCombineSarifFilesDeprecationWarning = shouldShowCombineSarifFilesDeprecationWarning;
 exports.populateRunAutomationDetails = populateRunAutomationDetails;
 exports.findSarifFilesInDir = findSarifFilesInDir;
+exports.readSarifFile = readSarifFile;
 exports.validateSarifFileSchema = validateSarifFileSchema;
 exports.buildPayload = buildPayload;
 exports.uploadFiles = uploadFiles;
@@ -324,17 +325,24 @@ function countResultsInSarif(sarif) {
     }
     return numResults;
 }
-// Validates that the given file path refers to a valid SARIF file.
-// Throws an error if the file is invalid.
-function validateSarifFileSchema(sarifFilePath, logger) {
-    logger.info(`Validating ${sarifFilePath}`);
-    let sarif;
+function readSarifFile(sarifFilePath) {
     try {
-        sarif = JSON.parse(fs.readFileSync(sarifFilePath, "utf8"));
+        return JSON.parse(fs.readFileSync(sarifFilePath, "utf8"));
     }
     catch (e) {
         throw new InvalidSarifUploadError(`Invalid SARIF. JSON syntax error: ${(0, util_1.getErrorMessage)(e)}`);
     }
+}
+// Validates that the given file path refers to a valid SARIF file.
+// Throws an error if the file is invalid.
+function validateSarifFileSchema(sarif, sarifFilePath, logger) {
+    if (areAllRunsProducedByCodeQL([sarif]) &&
+        // We want to validate CodeQL SARIF in testing environments.
+        !util.getTestingEnvironment()) {
+        logger.debug(`Skipping SARIF schema validation for ${sarifFilePath} as all runs are produced by CodeQL.`);
+        return;
+    }
+    logger.info(`Validating ${sarifFilePath}`);
     // eslint-disable-next-line @typescript-eslint/no-require-imports
     const schema = require("../src/sarif-schema-2.1.0.json");
     const result = new jsonschema.Validator().validate(sarif, schema);
@@ -402,27 +410,28 @@ function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, wo
     return payloadObj;
 }
 /**
- * Uploads a single SARIF file or a directory of SARIF files depending on what `sarifPath` refers
+ * Uploads a single SARIF file or a directory of SARIF files depending on what `inputSarifPath` refers
  * to.
  */
-async function uploadFiles(sarifPath, checkoutPath, category, features, logger) {
-    const sarifFiles = getSarifFilePaths(sarifPath);
+async function uploadFiles(inputSarifPath, checkoutPath, category, features, logger) {
+    const sarifPaths = getSarifFilePaths(inputSarifPath);
     logger.startGroup("Uploading results");
-    logger.info(`Processing sarif files: ${JSON.stringify(sarifFiles)}`);
+    logger.info(`Processing sarif files: ${JSON.stringify(sarifPaths)}`);
     const gitHubVersion = await (0, api_client_1.getGitHubVersion)();
-    try {
+    let sarif;
+    if (sarifPaths.length > 1) {
         // Validate that the files we were asked to upload are all valid SARIF files
-        for (const file of sarifFiles) {
-            validateSarifFileSchema(file, logger);
+        for (const sarifPath of sarifPaths) {
+            const parsedSarif = readSarifFile(sarifPath);
+            validateSarifFileSchema(parsedSarif, sarifPath, logger);
         }
+        sarif = await combineSarifFilesUsingCLI(sarifPaths, gitHubVersion, features, logger);
     }
-    catch (e) {
-        if (e instanceof SyntaxError) {
-            throw new InvalidSarifUploadError(e.message);
-        }
-        throw e;
+    else {
+        const sarifPath = sarifPaths[0];
+        sarif = readSarifFile(sarifPath);
+        validateSarifFileSchema(sarif, sarifPath, logger);
     }
-    let sarif = await combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, logger);
     sarif = filterAlertsByDiffRange(logger, sarif);
     sarif = await fingerprints.addFingerprints(sarif, checkoutPath, logger);
     const analysisKey = await api.getAnalysisKey();