Add capability to filter queries

This change adds a `query-filters` property to the codeql-config file. This property is an array of `exclude`/`include` entries for a query suite. These filters are appended to the generated query suite files and used to filter queries after they are selected. A related change is that now, all pack references are run in a single query suite, which has the query filters appended to them.
2026-01-06 14:40:10 +08:00 · 2022-06-13 17:59:03 -07:00
parent bcb7fad5b3
commit 40b280032c
18 changed files with 637 additions and 101 deletions
--- a/src/util.ts
+++ b/src/util.ts
@@ -11,7 +11,11 @@ import * as api from "./api-client";
 import { getApiClient, GitHubApiDetails } from "./api-client";
 import * as apiCompatibility from "./api-compatibility.json";
 import { CodeQL, CODEQL_VERSION_NEW_TRACING } from "./codeql";
-import { Config } from "./config-utils";
+import {
+  Config,
+  parsePacksSpecification,
+  prettyPrintPack,
+} from "./config-utils";
 import { Language } from "./languages";
 import { Logger } from "./logging";

@@ -664,10 +668,13 @@ export const ML_POWERED_JS_QUERIES_PACK_NAME =
 export async function getMlPoweredJsQueriesPack(
  codeQL: CodeQL
 ): Promise<string> {
-  if (await codeQlVersionAbove(codeQL, "2.8.4")) {
-    return `${ML_POWERED_JS_QUERIES_PACK_NAME}@~0.2.0`;
-  }
-  return `${ML_POWERED_JS_QUERIES_PACK_NAME}@~0.1.0`;
+  const version = (await codeQlVersionAbove(codeQL, "2.8.4"))
+    ? "~0.2.0"
+    : "~0.1.0";
+  return prettyPrintPack({
+    name: ML_POWERED_JS_QUERIES_PACK_NAME,
+    version,
+  });
 }

 /**
@@ -693,11 +700,10 @@ export async function getMlPoweredJsQueriesPack(
 */
 export function getMlPoweredJsQueriesStatus(config: Config): string {
  const mlPoweredJsQueryPacks = (config.packs.javascript || [])
-    .map((pack) => pack.split("@"))
+    .map((p) => parsePacksSpecification(p))
    .filter(
-      (packNameVersion) =>
-        packNameVersion[0] === "codeql/javascript-experimental-atm-queries" &&
-        packNameVersion.length <= 2
+      (pack) =>
+        pack.name === "codeql/javascript-experimental-atm-queries" && !pack.path
    );
  switch (mlPoweredJsQueryPacks.length) {
    case 1:
@@ -706,7 +712,7 @@ export function getMlPoweredJsQueriesStatus(config: Config): string {
      // with each version of the CodeQL Action. Therefore in practice we should only hit the
      // `latest` case here when customers have explicitly added the ML-powered query pack to their
      // CodeQL config.
-      return mlPoweredJsQueryPacks[0][1] || "latest";
+      return mlPoweredJsQueryPacks[0].version || "latest";
    case 0:
      return "false";
    default: