mirror of
https://github.com/github/codeql-action.git
synced 2025-12-27 01:30:10 +08:00
Enable unsafe call rule
This commit is contained in:
Henry Mercer
@@ -85,6 +85,7 @@ export async function getGitHubVersionFromApi(
|
||||
|
||||
// Doesn't strictly have to be the meta endpoint as we're only
|
||||
// using the response headers which are available on every request.
|
||||
// eslint-disable-next-line @typescript-eslint/no-unsafe-call
|
||||
const response = await apiClient.rest.meta.get();
|
||||
|
||||
// This happens on dotcom, although we expect to have already returned in that
|
||||
|
||||
@@ -700,7 +700,7 @@ test("passes a code scanning config AND qlconfig to the CLI", async (t: Executio
|
||||
getRunnerLogger(true),
|
||||
);
|
||||
|
||||
const args = runnerConstructorStub.firstCall.args[1];
|
||||
const args = runnerConstructorStub.firstCall.args[1] as string[];
|
||||
// should have used a config file
|
||||
const hasCodeScanningConfigArg = args.some((arg: string) =>
|
||||
arg.startsWith("--codescanning-config="),
|
||||
@@ -808,17 +808,14 @@ for (const {
|
||||
createFeatures([]),
|
||||
getRunnerLogger(true),
|
||||
);
|
||||
const actualArgs = runnerConstructorStub.firstCall.args[1] as string[];
|
||||
t.is(
|
||||
runnerConstructorStub.firstCall.args[1].includes(
|
||||
"--new-analysis-summary",
|
||||
),
|
||||
actualArgs.includes("--new-analysis-summary"),
|
||||
flagPassed,
|
||||
`--new-analysis-summary should${flagPassed ? "" : "n't"} be passed`,
|
||||
);
|
||||
t.is(
|
||||
runnerConstructorStub.firstCall.args[1].includes(
|
||||
"--no-new-analysis-summary",
|
||||
),
|
||||
actualArgs.includes("--no-new-analysis-summary"),
|
||||
negativeFlagPassed,
|
||||
`--no-new-analysis-summary should${
|
||||
negativeFlagPassed ? "" : "n't"
|
||||
|
||||
@@ -145,7 +145,9 @@ export async function checkInstallPython311(
|
||||
|
||||
// For MacOS runners: runs `csrutil status` to determine whether System
|
||||
// Integrity Protection is enabled.
|
||||
export async function isSipEnabled(logger): Promise<boolean | undefined> {
|
||||
export async function isSipEnabled(
|
||||
logger: Logger,
|
||||
): Promise<boolean | undefined> {
|
||||
try {
|
||||
const sipStatusOutput = await exec.getExecOutput("csrutil status");
|
||||
if (sipStatusOutput.exitCode === 0) {
|
||||
|
||||
@@ -66,7 +66,7 @@ function tryGetCodeQLCliVersionForRelease(
|
||||
release,
|
||||
logger: Logger,
|
||||
): string | undefined {
|
||||
const cliVersionsFromMarkerFiles = release.assets
|
||||
const cliVersionsFromMarkerFiles = (release.assets as Array<{ name: string }>)
|
||||
.map((asset) => asset.name.match(/cli-version-(.*)\.txt/)?.[1])
|
||||
.filter((v) => v)
|
||||
.map((v) => v as string);
|
||||
|
||||
@@ -792,6 +792,7 @@ function handleProcessingResultForUnsuccessfulExecution(
|
||||
status === "failed" &&
|
||||
Array.isArray(response.data.errors) &&
|
||||
response.data.errors.length === 1 &&
|
||||
// eslint-disable-next-line @typescript-eslint/no-unsafe-call
|
||||
response.data.errors[0].toString().startsWith("unsuccessful execution")
|
||||
) {
|
||||
logger.debug(
|
||||
|
||||
@@ -10,7 +10,6 @@ import {
|
||||
formatWorkflowErrors,
|
||||
getCategoryInputOrThrow,
|
||||
getWorkflowErrors,
|
||||
patternIsSuperset,
|
||||
Workflow,
|
||||
WorkflowErrors,
|
||||
} from "./workflow";
|
||||
@@ -442,31 +441,6 @@ test("formatWorkflowCause()", (t) => {
|
||||
t.deepEqual(formatWorkflowCause([]), undefined);
|
||||
});
|
||||
|
||||
test("patternIsSuperset()", (t) => {
|
||||
t.false(patternIsSuperset("main-*", "main"));
|
||||
t.true(patternIsSuperset("*", "*"));
|
||||
t.true(patternIsSuperset("*", "main-*"));
|
||||
t.false(patternIsSuperset("main-*", "*"));
|
||||
t.false(patternIsSuperset("main-*", "main"));
|
||||
t.true(patternIsSuperset("main", "main"));
|
||||
t.false(patternIsSuperset("*", "feature/*"));
|
||||
t.true(patternIsSuperset("**", "feature/*"));
|
||||
t.false(patternIsSuperset("feature-*", "**"));
|
||||
t.false(patternIsSuperset("a/**/c", "a/**/d"));
|
||||
t.false(patternIsSuperset("a/**/c", "a/**"));
|
||||
t.true(patternIsSuperset("a/**", "a/**/c"));
|
||||
t.true(patternIsSuperset("a/**/c", "a/main-**/c"));
|
||||
t.false(patternIsSuperset("a/**/b/**/c", "a/**/d/**/c"));
|
||||
t.true(patternIsSuperset("a/**/b/**/c", "a/**/b/c/**/c"));
|
||||
t.true(patternIsSuperset("a/**/b/**/c", "a/**/b/d/**/c"));
|
||||
t.false(patternIsSuperset("a/**/c/d/**/c", "a/**/b/**/c"));
|
||||
t.false(patternIsSuperset("a/main-**/c", "a/**/c"));
|
||||
t.true(patternIsSuperset("/robin/*/release/*", "/robin/moose/release/goose"));
|
||||
t.false(
|
||||
patternIsSuperset("/robin/moose/release/goose", "/robin/*/release/*"),
|
||||
);
|
||||
});
|
||||
|
||||
test("getWorkflowErrors() when branches contain dots", async (t) => {
|
||||
const errors = await getWorkflowErrors(
|
||||
yaml.load(`
|
||||
|
||||
@@ -47,37 +47,6 @@ export interface Workflow {
|
||||
on?: string | string[] | WorkflowTriggers;
|
||||
}
|
||||
|
||||
const GLOB_PATTERN = new RegExp("(\\*\\*?)");
|
||||
|
||||
function escapeRegExp(string) {
|
||||
return string.replace(/[.*+?^${}()|[\]\\]/g, "\\$&"); // $& means the whole matched string
|
||||
}
|
||||
|
||||
function patternToRegExp(value) {
|
||||
return new RegExp(
|
||||
`^${value
|
||||
.toString()
|
||||
.split(GLOB_PATTERN)
|
||||
.reduce(function (arr, cur) {
|
||||
if (cur === "**") {
|
||||
arr.push(".*?");
|
||||
} else if (cur === "*") {
|
||||
arr.push("[^/]*?");
|
||||
} else if (cur) {
|
||||
arr.push(escapeRegExp(cur));
|
||||
}
|
||||
return arr;
|
||||
}, [])
|
||||
.join("")}$`,
|
||||
);
|
||||
}
|
||||
|
||||
// this function should return true if patternA is a superset of patternB
|
||||
// e.g: * is a superset of main-* but main-* is not a superset of *.
|
||||
export function patternIsSuperset(patternA: string, patternB: string): boolean {
|
||||
return patternToRegExp(patternA).test(patternB);
|
||||
}
|
||||
|
||||
export interface CodedError {
|
||||
message: string;
|
||||
code: string;
|
||||
|
||||
Reference in New Issue
Block a user