WIP

lib/analyze.js

@@ -119,9 +119,9 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
                 logger.info("*************");
                 logger.startGroup(`Downloading custom packs for ${language}`);
                 const codeql = codeql_1.getCodeQL(config.codeQLCmd);
-                const results = await codeql.packDownload(packsWithVersion);
+                const results = await codeql.packDownload(packsWithVersion.map(packWithVersionToString));
                 logger.info(`Downloaded packs: ${results.packs
-                    .map((r) => `${r.name}@${r.version || "latest"}`)
+                    .map((r) => `${r.name}@${r.version}`)
                     .join(", ")}`);
                 logger.endGroup();
             }
@@ -245,4 +245,7 @@ function printLinesOfCodeSummary(logger, language, lineCounts) {
         logger.info(`Counted a baseline of ${lineCounts[language]} lines of code for ${language}.`);
     }
 }
+function packWithVersionToString(pack) {
+    return pack.version ? `${pack.packName}@${pack.version}` : pack.packName;
+}
 //# sourceMappingURL=analyze.js.map

lib/codeql.js

@@ -273,6 +273,7 @@ function resolveFunction(partialCodeql, methodName, defaultImplementation) {
  */
 function setCodeQL(partialCodeql) {
     cachedCodeQL = {
+        getVersion: resolveFunction(partialCodeql, "getVersion", () => Promise.resolve("0.0.0")),
         getPath: resolveFunction(partialCodeql, "getPath", () => "/tmp/dummy-path"),
         printVersion: resolveFunction(partialCodeql, "printVersion"),
         getTracerEnv: resolveFunction(partialCodeql, "getTracerEnv"),
@@ -306,12 +307,28 @@ function getCachedCodeQL() {
 }
 exports.getCachedCodeQL = getCachedCodeQL;
 function getCodeQLForCmd(cmd) {
+    let version;
     return {
+        async getVersion() {
+            if (!version) {
+                await this.printVersion();
+            }
+            return version;
+        },
         getPath() {
             return cmd;
         },
         async printVersion() {
-            await runTool(cmd, ["version", "--format=json"]);
+            const output = await runTool(cmd, ["version", "--format=json"]);
+            try {
+                version = JSON.parse(output).version;
+                if (!version) {
+                    throw new Error("Missing version");
+                }
+            }
+            catch (e) {
+                throw new Error(`Unexpected output from codeql version: ${e}`);
+            }
         },
         async getTracerEnv(databasePath) {
             // Write tracer-env.js to a temp location.
@@ -498,22 +515,22 @@ function getCodeQLForCmd(cmd) {
          * downloaded. The check to determine what the latest version is is done
          * each time this package is requested.
          */
-        async packDownload(packs) {
+        async packDownload(packsOrSuites, extraSearchPath) {
             const codeqlArgs = [
                 "pack",
                 "download",
                 "--format=json",
                 ...getExtraOptionsFromEnv(["pack", "download"]),
-                ...packs.map(packWithVersionToString),
+                ...packsOrSuites,
             ];
+            if (extraSearchPath) {
+                codeqlArgs.push("--additional-packs", extraSearchPath);
+            }
             const output = await runTool(cmd, codeqlArgs);
             try {
                 const parsedOutput = JSON.parse(output);
                 if (Array.isArray(parsedOutput.packs) &&
-                    // TODO PackDownloadOutput will not include the version if it is not specified
-                    // in the input. The version is always the latest version available.
-                    // It should be added to the output, but this requires a CLI change
-                    parsedOutput.packs.every((p) => p.name /* && p.version */)) {
+                    parsedOutput.packs.every((p) => p.name && p.version)) {
                     return parsedOutput;
                 }
                 else {
@@ -544,9 +561,6 @@ function getCodeQLForCmd(cmd) {
         },
     };
 }
-function packWithVersionToString(pack) {
-    return pack.version ? `${pack.packName}@${pack.version}` : pack.packName;
-}
 /**
  * Gets the options for `path` of `options` as an array of extra option strings.
  */
@@ -593,6 +607,16 @@ function getExtraOptions(options, paths, pathInfo) {
     return all.concat(specific);
 }
 exports.getExtraOptions = getExtraOptions;
+// TODO verify that this is the correct version.
+const CODEQL_MIN_VERSION_DOWNLOAD_PACKS_FROM_SUITES = ">=2.6.0";
+/**
+ * Determines if this codeql supports introspecting query suites to look for packages
+ * to download.
+ */
+async function supportsDownloadPacksFromSuites(codeQL) {
+    return semver.satisfies(await codeQL.getVersion(), CODEQL_MIN_VERSION_DOWNLOAD_PACKS_FROM_SUITES);
+}
+exports.supportsDownloadPacksFromSuites = supportsDownloadPacksFromSuites;
 /*
  * A constant defining the maximum number of characters we will keep from
  * the programs stderr for logging. This serves two purposes:

lib/codeql.test.js

@@ -205,4 +205,16 @@ ava_1.default("getCodeQLActionRepository", (t) => {
     const repoEnv = codeql.getCodeQLActionRepository(logger);
     t.deepEqual(repoEnv, "xxx/yyy");
 });
+ava_1.default("supportsDownloadPacksFromSuites", async (t) => {
+    const mockCodeQL = (mockVersion) => {
+        return {
+            async getVersion() {
+                return mockVersion;
+            },
+        };
+    };
+    t.true(await codeql.supportsDownloadPacksFromSuites(mockCodeQL("2.6.0")));
+    t.true(await codeql.supportsDownloadPacksFromSuites(mockCodeQL("2.6.1")));
+    t.false(await codeql.supportsDownloadPacksFromSuites(mockCodeQL("2.5.999")));
+});
 //# sourceMappingURL=codeql.test.js.map

lib/config-utils.js

@@ -12,6 +12,7 @@ const path = __importStar(require("path"));
 const yaml = __importStar(require("js-yaml"));
 const semver = __importStar(require("semver"));
 const api = __importStar(require("./api-client"));
+const codeql_1 = require("./codeql");
 const externalQueries = __importStar(require("./external-queries"));
 const languages_1 = require("./languages");
 // Property names from the user-supplied config file.
@@ -67,6 +68,10 @@ function validateQueries(resolvedQueries) {
  * queries, and error checking will be suppressed.
  */
 async function runResolveQueries(codeQL, resultMap, toResolve, extraSearchPath) {
+    // before running resolve queries, must run download packs, if the CLI is new enough
+    if (await codeql_1.supportsDownloadPacksFromSuites(codeQL)) {
+        await codeQL.packDownload(toResolve, extraSearchPath);
+    }
     const resolvedQueries = await codeQL.resolveQueries(toResolve, extraSearchPath);
     if (extraSearchPath !== undefined) {
         validateQueries(resolvedQueries);

src/analyze.ts

@@ -229,10 +229,12 @@ export async function runQueries(
         logger.startGroup(`Downloading custom packs for ${language}`);
 
         const codeql = getCodeQL(config.codeQLCmd);
-        const results = await codeql.packDownload(packsWithVersion);
+        const results = await codeql.packDownload(
+          packsWithVersion.map(packWithVersionToString)
+        );
         logger.info(
           `Downloaded packs: ${results.packs
-            .map((r) => `${r.name}@${r.version || "latest"}`)
+            .map((r) => `${r.name}@${r.version}`)
             .join(", ")}`
         );
 
@@ -445,3 +447,7 @@ function printLinesOfCodeSummary(
     );
   }
 }
+
+function packWithVersionToString(pack: configUtils.PackWithVersion): string {
+  return pack.version ? `${pack.packName}@${pack.version}` : pack.packName;
+}

src/codeql.test.ts

@@ -390,3 +390,17 @@ test("getCodeQLActionRepository", (t) => {
   const repoEnv = codeql.getCodeQLActionRepository(logger);
   t.deepEqual(repoEnv, "xxx/yyy");
 });
+
+test("supportsDownloadPacksFromSuites", async (t) => {
+  const mockCodeQL = (mockVersion: string) => {
+    return {
+      async getVersion() {
+        return mockVersion;
+      },
+    } as codeql.CodeQL;
+  };
+
+  t.true(await codeql.supportsDownloadPacksFromSuites(mockCodeQL("2.6.0")));
+  t.true(await codeql.supportsDownloadPacksFromSuites(mockCodeQL("2.6.1")));
+  t.false(await codeql.supportsDownloadPacksFromSuites(mockCodeQL("2.5.999")));
+});

src/codeql.ts

@@ -9,7 +9,6 @@ import * as semver from "semver";
 
 import { isRunningLocalAction, getRelativeScriptPath } from "./actions-util";
 import * as api from "./api-client";
-import { PackWithVersion } from "./config-utils";
 import * as defaults from "./defaults.json"; // Referenced from codeql-action-sync-tool!
 import { errorMatchers } from "./error-matcher";
 import { Language } from "./languages";
@@ -50,6 +49,11 @@ export class CommandInvocationError extends Error {
 }
 
 export interface CodeQL {
+  /**
+   * Gets the version of the CodeQL CLI.
+   */
+  getVersion(): Promise<string>;
+
   /**
    * Get the path of the CodeQL executable.
    */
@@ -99,7 +103,10 @@ export interface CodeQL {
   /**
    * Run 'codeql pack download'.
    */
-  packDownload(packs: PackWithVersion[]): Promise<PackDownloadOutput>;
+  packDownload(
+    packsOrSuites: string[],
+    extraSearchPath?: string
+  ): Promise<PackDownloadOutput>;
 
   /**
    * Run 'codeql database cleanup'.
@@ -489,6 +496,9 @@ function resolveFunction<T>(
  */
 export function setCodeQL(partialCodeql: Partial<CodeQL>): CodeQL {
   cachedCodeQL = {
+    getVersion: resolveFunction(partialCodeql, "getVersion", () =>
+      Promise.resolve("0.0.0")
+    ),
     getPath: resolveFunction(partialCodeql, "getPath", () => "/tmp/dummy-path"),
     printVersion: resolveFunction(partialCodeql, "printVersion"),
     getTracerEnv: resolveFunction(partialCodeql, "getTracerEnv"),
@@ -528,12 +538,27 @@ export function getCachedCodeQL(): CodeQL {
 }
 
 function getCodeQLForCmd(cmd: string): CodeQL {
+  let version: string;
   return {
+    async getVersion() {
+      if (!version) {
+        await this.printVersion();
+      }
+      return version;
+    },
     getPath() {
       return cmd;
     },
     async printVersion() {
-      await runTool(cmd, ["version", "--format=json"]);
+      const output = await runTool(cmd, ["version", "--format=json"]);
+      try {
+        version = JSON.parse(output).version;
+        if (!version) {
+          throw new Error("Missing version");
+        }
+      } catch (e) {
+        throw new Error(`Unexpected output from codeql version: ${e}`);
+      }
     },
     async getTracerEnv(databasePath: string) {
       // Write tracer-env.js to a temp location.
@@ -779,25 +804,29 @@ function getCodeQLForCmd(cmd: string): CodeQL {
      * downloaded. The check to determine what the latest version is is done
      * each time this package is requested.
      */
-    async packDownload(packs: PackWithVersion[]): Promise<PackDownloadOutput> {
+    async packDownload(
+      packsOrSuites: string[],
+      extraSearchPath?: string
+    ): Promise<PackDownloadOutput> {
       const codeqlArgs = [
         "pack",
         "download",
         "--format=json",
         ...getExtraOptionsFromEnv(["pack", "download"]),
-        ...packs.map(packWithVersionToString),
+        ...packsOrSuites,
       ];
 
+      if (extraSearchPath) {
+        codeqlArgs.push("--additional-packs", extraSearchPath);
+      }
+
       const output = await runTool(cmd, codeqlArgs);
 
       try {
         const parsedOutput: PackDownloadOutput = JSON.parse(output);
         if (
           Array.isArray(parsedOutput.packs) &&
-          // TODO PackDownloadOutput will not include the version if it is not specified
-          // in the input. The version is always the latest version available.
-          // It should be added to the output, but this requires a CLI change
-          parsedOutput.packs.every((p) => p.name /* && p.version */)
+          parsedOutput.packs.every((p) => p.name && p.version)
         ) {
           return parsedOutput;
         } else {
@@ -835,10 +864,6 @@ function getCodeQLForCmd(cmd: string): CodeQL {
     },
   };
 }
-
-function packWithVersionToString(pack: PackWithVersion): string {
-  return pack.version ? `${pack.packName}@${pack.version}` : pack.packName;
-}
 /**
  * Gets the options for `path` of `options` as an array of extra option strings.
  */
@@ -899,6 +924,22 @@ export function getExtraOptions(
   return all.concat(specific);
 }
 
+// TODO verify that this is the correct version.
+const CODEQL_MIN_VERSION_DOWNLOAD_PACKS_FROM_SUITES = ">=2.6.0";
+
+/**
+ * Determines if this codeql supports introspecting query suites to look for packages
+ * to download.
+ */
+export async function supportsDownloadPacksFromSuites(
+  codeQL: CodeQL
+): Promise<boolean> {
+  return semver.satisfies(
+    await codeQL.getVersion(),
+    CODEQL_MIN_VERSION_DOWNLOAD_PACKS_FROM_SUITES
+  );
+}
+
 /*
  * A constant defining the maximum number of characters we will keep from
  * the programs stderr for logging. This serves two purposes:

src/config-utils.ts

@@ -5,7 +5,11 @@ import * as yaml from "js-yaml";
 import * as semver from "semver";
 
 import * as api from "./api-client";
-import { CodeQL, ResolveQueriesOutput } from "./codeql";
+import {
+  CodeQL,
+  ResolveQueriesOutput,
+  supportsDownloadPacksFromSuites,
+} from "./codeql";
 import * as externalQueries from "./external-queries";
 import { Language, parseLanguage } from "./languages";
 import { Logger } from "./logging";
@@ -202,6 +206,10 @@ async function runResolveQueries(
   toResolve: string[],
   extraSearchPath: string | undefined
 ) {
+  // before running resolve queries, must run download packs, if the CLI is new enough
+  if (await supportsDownloadPacksFromSuites(codeQL)) {
+    await codeQL.packDownload(toResolve, extraSearchPath);
+  }
   const resolvedQueries = await codeQL.resolveQueries(
     toResolve,
     extraSearchPath