build: refresh js files

2025-12-23 15:50:11 +08:00 · 2025-02-19 06:26:33 -08:00
parent dae1626680
commit f85d8b5a74
7 changed files with 109 additions and 3 deletions
--- a/lib/upload-lib.js
+++ b/lib/upload-lib.js
@@ -58,6 +58,7 @@ const api = __importStar(require("./api-client"));
 const api_client_1 = require("./api-client");
 const codeql_1 = require("./codeql");
 const config_utils_1 = require("./config-utils");
+const diff_filtering_utils_1 = require("./diff-filtering-utils");
 const environment_1 = require("./environment");
 const fingerprints = __importStar(require("./fingerprints"));
 const gitUtils = __importStar(require("./git-utils"));
@@ -412,6 +413,7 @@ async function uploadFiles(sarifPath, checkoutPath, category, features, logger)
        validateSarifFileSchema(file, logger);
    }
    let sarif = await combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, logger);
+    sarif = filterAlertsByDiffRange(logger, sarif);
    sarif = await fingerprints.addFingerprints(sarif, checkoutPath, logger);
    const analysisKey = await api.getAnalysisKey();
    const environment = actionsUtil.getRequiredInput("matrix");
@@ -607,4 +609,43 @@ class InvalidSarifUploadError extends Error {
    }
 }
 exports.InvalidSarifUploadError = InvalidSarifUploadError;
+function filterAlertsByDiffRange(logger, sarif) {
+    const diffRanges = (0, diff_filtering_utils_1.readDiffRangesJsonFile)(logger);
+    if (!diffRanges?.length) {
+        return sarif;
+    }
+    const checkoutPath = actionsUtil.getRequiredInput("checkout_path");
+    for (const run of sarif.runs) {
+        if (run.results) {
+            run.results = run.results.filter((result) => {
+                const locations = [
+                    ...(result.locations || []).map((loc) => loc.physicalLocation),
+                    ...(result.relatedLocations || []).map((loc) => loc.physicalLocation),
+                ];
+                return locations.some((physicalLocation) => {
+                    const locationUri = physicalLocation?.artifactLocation?.uri;
+                    const locationStartLine = physicalLocation?.region?.startLine;
+                    if (!locationUri || locationStartLine === undefined) {
+                        return false;
+                    }
+                    // CodeQL always uses forward slashes as the path separator, so on Windows we
+                    // need to replace any backslashes with forward slashes.
+                    const locationPath = path
+                        .join(checkoutPath, locationUri)
+                        .replaceAll(path.sep, "/");
+                    // Alert filtering here replicates the same behavior as the restrictAlertsTo
+                    // extensible predicate in CodeQL. See the restrictAlertsTo documentation
+                    // https://codeql.github.com/codeql-standard-libraries/csharp/codeql/util/AlertFiltering.qll/predicate.AlertFiltering$restrictAlertsTo.3.html
+                    // for more details, such as why the filtering applies only to the first line
+                    // of an alert location.
+                    return diffRanges.some((range) => range.path === locationPath &&
+                        ((range.startLine <= locationStartLine &&
+                            range.endLine >= locationStartLine) ||
+                            (range.startLine === 0 && range.endLine === 0)));
+                });
+            });
+        }
+    }
+    return sarif;
+}
 //# sourceMappingURL=upload-lib.js.map