diff --git a/lib/analyze-action.js b/lib/analyze-action.js index 301c3cf89..a2835e664 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -89182,14 +89182,13 @@ Error Response: ${JSON.stringify(error4.response, null, 2)}` } } function getDiffRanges(fileDiff, logger) { - const filename = path5.join(getRequiredInput("checkout_path"), fileDiff.filename).replaceAll(path5.sep, "/"); if (fileDiff.patch === void 0) { if (fileDiff.changes === 0) { return []; } return [ { - path: filename, + path: fileDiff.filename, startLine: 0, endLine: 0 } @@ -89213,7 +89212,7 @@ function getDiffRanges(fileDiff, logger) { } if (additionRangeStartLine !== void 0) { diffRanges.push({ - path: filename, + path: fileDiff.filename, startLine: additionRangeStartLine, endLine: currentLine - 1 }); @@ -91333,15 +91332,11 @@ extensions: checkPresence: false data: `; - let data = ranges.map( - (range) => ( - // Using yaml.dump() with `forceQuotes: true` ensures that all special - // characters are escaped, and that the path is always rendered as a - // quoted string on a single line. - ` - [${dump(range.path, { forceQuotes: true }).trim()}, ${range.startLine}, ${range.endLine}] -` - ) - ).join(""); + let data = ranges.map((range) => { + const filename = path12.join(getRequiredInput("checkout_path"), range.path).replaceAll(path12.sep, "/"); + return ` - [${dump(filename, { forceQuotes: true }).trim()}, ${range.startLine}, ${range.endLine}] +`; + }).join(""); if (!data) { data = ' - ["", 0, 0]\n'; } @@ -93651,7 +93646,6 @@ function filterAlertsByDiffRange(logger, sarif) { if (!diffRanges?.length) { return sarif; } - const checkoutPath = getRequiredInput("checkout_path"); for (const run2 of sarif.runs) { if (run2.results) { run2.results = run2.results.filter((result) => { @@ -93665,9 +93659,8 @@ function filterAlertsByDiffRange(logger, sarif) { if (!locationUri || locationStartLine === void 0) { return false; } - const locationPath = path14.join(checkoutPath, locationUri).replaceAll(path14.sep, "/"); return diffRanges.some( - (range) => range.path === locationPath && (range.startLine <= locationStartLine && range.endLine >= locationStartLine || range.startLine === 0 && range.endLine === 0) + (range) => range.path === locationUri && (range.startLine <= locationStartLine && range.endLine >= locationStartLine || range.startLine === 0 && range.endLine === 0) ); }); }); diff --git a/lib/init-action-post.js b/lib/init-action-post.js index 9696cb4b1..8f76418e6 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -90452,8 +90452,8 @@ var require_primordials = __commonJS({ ArrayPrototypeIndexOf(self2, el) { return self2.indexOf(el); }, - ArrayPrototypeJoin(self2, sep4) { - return self2.join(sep4); + ArrayPrototypeJoin(self2, sep3) { + return self2.join(sep3); }, ArrayPrototypeMap(self2, fn) { return self2.map(fn); @@ -102340,7 +102340,7 @@ var require_commonjs16 = __commonJS({ * * @internal */ - constructor(cwd = process.cwd(), pathImpl, sep4, { nocase, childrenCacheSize = 16 * 1024, fs: fs17 = defaultFS } = {}) { + constructor(cwd = process.cwd(), pathImpl, sep3, { nocase, childrenCacheSize = 16 * 1024, fs: fs17 = defaultFS } = {}) { this.#fs = fsFromOption(fs17); if (cwd instanceof URL || cwd.startsWith("file://")) { cwd = (0, node_url_1.fileURLToPath)(cwd); @@ -102351,7 +102351,7 @@ var require_commonjs16 = __commonJS({ this.#resolveCache = new ResolveCache(); this.#resolvePosixCache = new ResolveCache(); this.#children = new ChildrenCache(childrenCacheSize); - const split = cwdPath.substring(this.rootPath.length).split(sep4); + const split = cwdPath.substring(this.rootPath.length).split(sep3); if (split.length === 1 && !split[0]) { split.pop(); } @@ -127560,7 +127560,6 @@ function filterAlertsByDiffRange(logger, sarif) { if (!diffRanges?.length) { return sarif; } - const checkoutPath = getRequiredInput("checkout_path"); for (const run2 of sarif.runs) { if (run2.results) { run2.results = run2.results.filter((result) => { @@ -127574,9 +127573,8 @@ function filterAlertsByDiffRange(logger, sarif) { if (!locationUri || locationStartLine === void 0) { return false; } - const locationPath = path13.join(checkoutPath, locationUri).replaceAll(path13.sep, "/"); return diffRanges.some( - (range) => range.path === locationPath && (range.startLine <= locationStartLine && range.endLine >= locationStartLine || range.startLine === 0 && range.endLine === 0) + (range) => range.path === locationUri && (range.startLine <= locationStartLine && range.endLine >= locationStartLine || range.startLine === 0 && range.endLine === 0) ); }); }); diff --git a/lib/upload-lib.js b/lib/upload-lib.js index 69195cc16..5adb64d05 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -90616,7 +90616,6 @@ function filterAlertsByDiffRange(logger, sarif) { if (!diffRanges?.length) { return sarif; } - const checkoutPath = getRequiredInput("checkout_path"); for (const run of sarif.runs) { if (run.results) { run.results = run.results.filter((result) => { @@ -90630,9 +90629,8 @@ function filterAlertsByDiffRange(logger, sarif) { if (!locationUri || locationStartLine === void 0) { return false; } - const locationPath = path10.join(checkoutPath, locationUri).replaceAll(path10.sep, "/"); return diffRanges.some( - (range) => range.path === locationPath && (range.startLine <= locationStartLine && range.endLine >= locationStartLine || range.startLine === 0 && range.endLine === 0) + (range) => range.path === locationUri && (range.startLine <= locationStartLine && range.endLine >= locationStartLine || range.startLine === 0 && range.endLine === 0) ); }); }); diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index 54af287ba..731d59b2b 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -91085,7 +91085,6 @@ function filterAlertsByDiffRange(logger, sarif) { if (!diffRanges?.length) { return sarif; } - const checkoutPath = getRequiredInput("checkout_path"); for (const run2 of sarif.runs) { if (run2.results) { run2.results = run2.results.filter((result) => { @@ -91099,9 +91098,8 @@ function filterAlertsByDiffRange(logger, sarif) { if (!locationUri || locationStartLine === void 0) { return false; } - const locationPath = path11.join(checkoutPath, locationUri).replaceAll(path11.sep, "/"); return diffRanges.some( - (range) => range.path === locationPath && (range.startLine <= locationStartLine && range.endLine >= locationStartLine || range.startLine === 0 && range.endLine === 0) + (range) => range.path === locationUri && (range.startLine <= locationStartLine && range.endLine >= locationStartLine || range.startLine === 0 && range.endLine === 0) ); }); }); diff --git a/src/analyze.test.ts b/src/analyze.test.ts index 33278271a..97b7d9567 100644 --- a/src/analyze.test.ts +++ b/src/analyze.test.ts @@ -4,6 +4,7 @@ import * as path from "path"; import test from "ava"; import * as sinon from "sinon"; +import * as actionsUtil from "./actions-util"; import { CodeQuality, CodeScanning } from "./analyses"; import { runQueries, @@ -161,9 +162,13 @@ test("addSarifExtension", (t) => { }); test("diffRangeExtensionPackContents", (t) => { + sinon + .stub(actionsUtil, "getRequiredInput") + .withArgs("checkout_path") + .returns("/checkout/path"); const output = diffRangeExtensionPackContents([ { - path: "/checkout/path/main.js", + path: "main.js", startLine: 10, endLine: 20, }, diff --git a/src/analyze.ts b/src/analyze.ts index 40a637568..6d48ea6fd 100644 --- a/src/analyze.ts +++ b/src/analyze.ts @@ -5,7 +5,11 @@ import { performance } from "perf_hooks"; import * as io from "@actions/io"; import * as yaml from "js-yaml"; -import { getTemporaryDirectory, PullRequestBranches } from "./actions-util"; +import { + getTemporaryDirectory, + getRequiredInput, + PullRequestBranches, +} from "./actions-util"; import * as analyses from "./analyses"; import { setupCppAutobuild } from "./autobuild"; import { type CodeQL } from "./codeql"; @@ -257,14 +261,22 @@ extensions: `; let data = ranges - .map( - (range) => - // Using yaml.dump() with `forceQuotes: true` ensures that all special - // characters are escaped, and that the path is always rendered as a - // quoted string on a single line. - ` - [${yaml.dump(range.path, { forceQuotes: true }).trim()}, ` + - `${range.startLine}, ${range.endLine}]\n`, - ) + .map((range) => { + // Diff-informed queries expect the file path to be absolute. CodeQL always + // uses forward slashes as the path separator, so on Windows we need to + // replace any backslashes with forward slashes. + const filename = path + .join(getRequiredInput("checkout_path"), range.path) + .replaceAll(path.sep, "/"); + + // Using yaml.dump() with `forceQuotes: true` ensures that all special + // characters are escaped, and that the path is always rendered as a + // quoted string on a single line. + return ( + ` - [${yaml.dump(filename, { forceQuotes: true }).trim()}, ` + + `${range.startLine}, ${range.endLine}]\n` + ); + }) .join(""); if (!data) { // Ensure that the data extension is not empty, so that a pull request with diff --git a/src/diff-informed-analysis-utils.test.ts b/src/diff-informed-analysis-utils.test.ts index eeb06cd1b..e9bfdc8e9 100644 --- a/src/diff-informed-analysis-utils.test.ts +++ b/src/diff-informed-analysis-utils.test.ts @@ -188,10 +188,6 @@ test( ); function runGetDiffRanges(changes: number, patch: string[] | undefined): any { - sinon - .stub(actionsUtil, "getRequiredInput") - .withArgs("checkout_path") - .returns("/checkout/path"); return exportedForTesting.getDiffRanges( { filename: "test.txt", @@ -211,7 +207,7 @@ test("getDiffRanges: file diff too large", async (t) => { const diffRanges = runGetDiffRanges(1000000, undefined); t.deepEqual(diffRanges, [ { - path: "/checkout/path/test.txt", + path: "test.txt", startLine: 0, endLine: 0, }, @@ -232,7 +228,7 @@ test("getDiffRanges: diff thunk with single addition range", async (t) => { ]); t.deepEqual(diffRanges, [ { - path: "/checkout/path/test.txt", + path: "test.txt", startLine: 53, endLine: 54, }, @@ -268,7 +264,7 @@ test("getDiffRanges: diff thunk with single update range", async (t) => { ]); t.deepEqual(diffRanges, [ { - path: "/checkout/path/test.txt", + path: "test.txt", startLine: 53, endLine: 53, }, @@ -290,12 +286,12 @@ test("getDiffRanges: diff thunk with addition ranges", async (t) => { ]); t.deepEqual(diffRanges, [ { - path: "/checkout/path/test.txt", + path: "test.txt", startLine: 53, endLine: 53, }, { - path: "/checkout/path/test.txt", + path: "test.txt", startLine: 55, endLine: 55, }, @@ -322,12 +318,12 @@ test("getDiffRanges: diff thunk with mixed ranges", async (t) => { ]); t.deepEqual(diffRanges, [ { - path: "/checkout/path/test.txt", + path: "test.txt", startLine: 54, endLine: 54, }, { - path: "/checkout/path/test.txt", + path: "test.txt", startLine: 57, endLine: 58, }, @@ -357,12 +353,12 @@ test("getDiffRanges: multiple diff thunks", async (t) => { ]); t.deepEqual(diffRanges, [ { - path: "/checkout/path/test.txt", + path: "test.txt", startLine: 53, endLine: 54, }, { - path: "/checkout/path/test.txt", + path: "test.txt", startLine: 153, endLine: 154, }, @@ -373,7 +369,7 @@ test("getDiffRanges: no diff context lines", async (t) => { const diffRanges = runGetDiffRanges(2, ["@@ -30 +50,2 @@", "+1", "+2"]); t.deepEqual(diffRanges, [ { - path: "/checkout/path/test.txt", + path: "test.txt", startLine: 50, endLine: 51, }, diff --git a/src/diff-informed-analysis-utils.ts b/src/diff-informed-analysis-utils.ts index 4f3a89d9f..8d385146a 100644 --- a/src/diff-informed-analysis-utils.ts +++ b/src/diff-informed-analysis-utils.ts @@ -191,13 +191,6 @@ function getDiffRanges( fileDiff: FileDiff, logger: Logger, ): DiffThunkRange[] | undefined { - // Diff-informed queries expect the file path to be absolute. CodeQL always - // uses forward slashes as the path separator, so on Windows we need to - // replace any backslashes with forward slashes. - const filename = path - .join(actionsUtil.getRequiredInput("checkout_path"), fileDiff.filename) - .replaceAll(path.sep, "/"); - if (fileDiff.patch === undefined) { if (fileDiff.changes === 0) { // There are situations where a changed file legitimately has no diff. @@ -212,7 +205,7 @@ function getDiffRanges( // to a special diff range that covers the entire file. return [ { - path: filename, + path: fileDiff.filename, startLine: 0, endLine: 0, }, @@ -247,7 +240,7 @@ function getDiffRanges( // Any line that does not start with a "+" or "-" terminates the current // range of added lines. diffRanges.push({ - path: filename, + path: fileDiff.filename, startLine: additionRangeStartLine, endLine: currentLine - 1, }); diff --git a/src/upload-lib.test.ts b/src/upload-lib.test.ts index 02af997be..10138d5ae 100644 --- a/src/upload-lib.test.ts +++ b/src/upload-lib.test.ts @@ -6,7 +6,6 @@ import { HTTPError } from "@actions/tool-cache"; import test from "ava"; import * as sinon from "sinon"; -import * as actionsUtil from "./actions-util"; import * as analyses from "./analyses"; import { AnalysisKind, CodeQuality, CodeScanning } from "./analyses"; import * as api from "./api-client"; @@ -972,10 +971,6 @@ function runFilterAlertsByDiffRange( input: SarifFile, diffRanges: diffUtils.DiffThunkRange[], ): SarifFile { - sinon - .stub(actionsUtil, "getRequiredInput") - .withArgs("checkout_path") - .returns("/checkout/path"); sinon.stub(diffUtils, "readDiffRangesJsonFile").returns(diffRanges); return uploadLib.filterAlertsByDiffRange(getRunnerLogger(true), input); } @@ -986,7 +981,7 @@ test("filterAlertsByDiffRange filters out alerts outside diff-range", (t) => { ); const actualOutput = runFilterAlertsByDiffRange(input, [ { - path: "/checkout/path/main.js", + path: "main.js", startLine: 1, endLine: 3, }, diff --git a/src/upload-lib.ts b/src/upload-lib.ts index 01fd5bded..e2ab99d38 100644 --- a/src/upload-lib.ts +++ b/src/upload-lib.ts @@ -1143,8 +1143,6 @@ export function filterAlertsByDiffRange( return sarif; } - const checkoutPath = actionsUtil.getRequiredInput("checkout_path"); - for (const run of sarif.runs) { if (run.results) { run.results = run.results.filter((result) => { @@ -1159,11 +1157,6 @@ export function filterAlertsByDiffRange( if (!locationUri || locationStartLine === undefined) { return false; } - // CodeQL always uses forward slashes as the path separator, so on Windows we - // need to replace any backslashes with forward slashes. - const locationPath = path - .join(checkoutPath, locationUri) - .replaceAll(path.sep, "/"); // Alert filtering here replicates the same behavior as the restrictAlertsTo // extensible predicate in CodeQL. See the restrictAlertsTo documentation // https://codeql.github.com/codeql-standard-libraries/csharp/codeql/util/AlertFiltering.qll/predicate.AlertFiltering$restrictAlertsTo.3.html @@ -1171,7 +1164,7 @@ export function filterAlertsByDiffRange( // of an alert location. return diffRanges.some( (range) => - range.path === locationPath && + range.path === locationUri && ((range.startLine <= locationStartLine && range.endLine >= locationStartLine) || (range.startLine === 0 && range.endLine === 0)),