Merge pull request #883 from github/update-v1.0.30-a7adbce2

Merge main into v1

CHANGELOG.md

@@ -1,13 +1,22 @@
 # CodeQL Action and CodeQL Runner Changelog
 
-## [UNRELEASED]
+## 1.0.30 - 24 Jan 2022
 
-No user facing changes.
+- Display a better error message when encountering a workflow that runs the `codeql-action/init` action multiple times. [#876](https://github.com/github/codeql-action/pull/876)
+- Update default CodeQL bundle version to 2.7.6. [#877](https://github.com/github/codeql-action/pull/877)
+
+## 1.0.29 - 21 Jan 2022
+
+- The feature to wait for SARIF processing to complete after upload has been disabled by default due to a bug in its interaction with pull requests from forks.
+
+## 1.0.28 - 18 Jan 2022
+
+- Update default CodeQL bundle version to 2.7.5. [#866](https://github.com/github/codeql-action/pull/866)
+- Fix a bug where SARIF files were failing upload due to an invalid test for unique categories. [#872](https://github.com/github/codeql-action/pull/872)
 
 ## 1.0.27 - 11 Jan 2022
 
-- The `analyze` and `upload-sarif` actions will now wait up to 2 minutes for processing to complete after they have uploaded the results so they can report any processing errors that occurred. This behavior can be disabled by setting the `wait-for-processing` action input to `"false"`.
-
+- The `analyze` and `upload-sarif` actions will now wait up to 2 minutes for processing to complete after they have uploaded the results so they can report any processing errors that occurred. This behavior can be disabled by setting the `wait-for-processing` action input to `"false"`. [#855](https://github.com/github/codeql-action/pull/855)
 
 ## 1.0.26 - 10 Dec 2021
 

analyze/action.yml

@@ -55,7 +55,7 @@ inputs:
   wait-for-processing:
     description: If true, the Action will wait for the uploaded SARIF to be processed before completing.
     required: true
-    default: "true"
+    default: "false"
   token:
     default: ${{ github.token }}
   matrix:

lib/analysis-paths.js

@@ -37,11 +37,11 @@ function buildIncludeExcludeEnvVar(paths) {
     return paths.join("\n");
 }
 function printPathFiltersWarning(config, logger) {
-    // Index include/exclude/filters only work in javascript and python.
+    // Index include/exclude/filters only work in javascript/python/ruby.
     // If any other languages are detected/configured then show a warning.
     if ((config.paths.length !== 0 || config.pathsIgnore.length !== 0) &&
         !config.languages.every(isInterpretedLanguage)) {
-        logger.warning('The "paths"/"paths-ignore" fields of the config only have effect for JavaScript and Python');
+        logger.warning('The "paths"/"paths-ignore" fields of the config only have effect for JavaScript, Python, and Ruby');
     }
 }
 exports.printPathFiltersWarning = printPathFiltersWarning;

lib/analysis-paths.js.map

@@ -1 +1 @@
-{"version":3,"file":"analysis-paths.js","sourceRoot":"","sources":["../src/analysis-paths.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAAA,2CAA6B;AAK7B,SAAS,qBAAqB,CAAC,QAAQ;IACrC,OAAO,CACL,QAAQ,KAAK,YAAY,IAAI,QAAQ,KAAK,QAAQ,IAAI,QAAQ,KAAK,MAAM,CAC1E,CAAC;AACJ,CAAC;AAED,6FAA6F;AAChF,QAAA,+BAA+B,GAAG,cAAc,CAAC;AAE9D,uFAAuF;AACvF,SAAS,yBAAyB,CAAC,KAAe;IAChD,iCAAiC;IACjC,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAEnD,uDAAuD;IACvD,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;QAChC,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,uCAA+B,CAAC,CAAC,CAAC;KACvE;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,SAAgB,uBAAuB,CACrC,MAA0B,EAC1B,MAAc;IAEd,oEAAoE;IACpE,sEAAsE;IACtE,IACE,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,MAAM,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC,CAAC;QAC9D,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,qBAAqB,CAAC,EAC9C;QACA,MAAM,CAAC,OAAO,CACZ,4FAA4F,CAC7F,CAAC;KACH;AACH,CAAC;AAdD,0DAcC;AAED,SAAgB,8BAA8B,CAAC,MAA0B;IACvE,0EAA0E;IAC1E,+DAA+D;IAC/D,sEAAsE;IACtE,qDAAqD;IACrD,gFAAgF;IAChF,sEAAsE;IACtE,sDAAsD;IACtD,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE;QAC7B,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,GAAG,yBAAyB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;KAC7E;IACD,mFAAmF;IACnF,MAAM,qBAAqB,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;IAC3E,MAAM,sBAAsB,GAAG,IAAI,CAAC,QAAQ,CAC1C,OAAO,CAAC,GAAG,EAAE,EACb,MAAM,CAAC,YAAY,CACpB,CAAC;IACF,IAAI,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC;IACrC,IAAI,CAAC,qBAAqB,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE;QAC3C,WAAW,GAAG,WAAW,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC;KACzD;IACD,IAAI,CAAC,sBAAsB,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE;QAC5C,WAAW,GAAG,WAAW,CAAC,MAAM,CAAC,sBAAsB,CAAC,CAAC;KAC1D;IACD,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE;QAC5B,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,GAAG,yBAAyB,CAAC,WAAW,CAAC,CAAC;KAC5E;IAED,yEAAyE;IACzE,6EAA6E;IAC7E,wDAAwD;IACxD,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,OAAO,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;IACzD,OAAO,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;IAC/D,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE;QACxB,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;KACxD;AACH,CAAC;AArCD,wEAqCC"}
+{"version":3,"file":"analysis-paths.js","sourceRoot":"","sources":["../src/analysis-paths.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAAA,2CAA6B;AAK7B,SAAS,qBAAqB,CAAC,QAAQ;IACrC,OAAO,CACL,QAAQ,KAAK,YAAY,IAAI,QAAQ,KAAK,QAAQ,IAAI,QAAQ,KAAK,MAAM,CAC1E,CAAC;AACJ,CAAC;AAED,6FAA6F;AAChF,QAAA,+BAA+B,GAAG,cAAc,CAAC;AAE9D,uFAAuF;AACvF,SAAS,yBAAyB,CAAC,KAAe;IAChD,iCAAiC;IACjC,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAEnD,uDAAuD;IACvD,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;QAChC,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,uCAA+B,CAAC,CAAC,CAAC;KACvE;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,SAAgB,uBAAuB,CACrC,MAA0B,EAC1B,MAAc;IAEd,qEAAqE;IACrE,sEAAsE;IACtE,IACE,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,MAAM,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC,CAAC;QAC9D,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,qBAAqB,CAAC,EAC9C;QACA,MAAM,CAAC,OAAO,CACZ,mGAAmG,CACpG,CAAC;KACH;AACH,CAAC;AAdD,0DAcC;AAED,SAAgB,8BAA8B,CAAC,MAA0B;IACvE,0EAA0E;IAC1E,+DAA+D;IAC/D,sEAAsE;IACtE,qDAAqD;IACrD,gFAAgF;IAChF,sEAAsE;IACtE,sDAAsD;IACtD,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE;QAC7B,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,GAAG,yBAAyB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;KAC7E;IACD,mFAAmF;IACnF,MAAM,qBAAqB,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;IAC3E,MAAM,sBAAsB,GAAG,IAAI,CAAC,QAAQ,CAC1C,OAAO,CAAC,GAAG,EAAE,EACb,MAAM,CAAC,YAAY,CACpB,CAAC;IACF,IAAI,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC;IACrC,IAAI,CAAC,qBAAqB,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE;QAC3C,WAAW,GAAG,WAAW,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC;KACzD;IACD,IAAI,CAAC,sBAAsB,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE;QAC5C,WAAW,GAAG,WAAW,CAAC,MAAM,CAAC,sBAAsB,CAAC,CAAC;KAC1D;IACD,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE;QAC5B,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,GAAG,yBAAyB,CAAC,WAAW,CAAC,CAAC;KAC5E;IAED,yEAAyE;IACzE,6EAA6E;IAC7E,wDAAwD;IACxD,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,OAAO,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;IACzD,OAAO,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;IAC/D,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE;QACxB,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;KACxD;AACH,CAAC;AArCD,wEAqCC"}

lib/codeql.js

@@ -512,7 +512,12 @@ async function getCodeQLForCmd(cmd, checkVersion) {
             await (0, toolrunner_error_catcher_1.toolrunnerErrorCatcher)(cmd, args, error_matcher_1.errorMatchers);
         },
         async resolveLanguages() {
-            const codeqlArgs = ["resolve", "languages", "--format=json"];
+            const codeqlArgs = [
+                "resolve",
+                "languages",
+                "--format=json",
+                ...getExtraOptionsFromEnv(["resolve", "languages"]),
+            ];
             const output = await runTool(cmd, codeqlArgs);
             try {
                 return JSON.parse(output);
@@ -635,6 +640,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                 "cleanup",
                 databasePath,
                 `--mode=${cleanupLevel}`,
+                ...getExtraOptionsFromEnv(["database", "cleanup"]),
             ];
             await runTool(cmd, codeqlArgs);
         },
@@ -645,6 +651,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                 databasePath,
                 `--output=${outputFilePath}`,
                 `--name=${databaseName}`,
+                ...getExtraOptionsFromEnv(["database", "bundle"]),
             ];
             await new toolrunner.ToolRunner(cmd, args).exec();
         },

lib/defaults.json

@@ -1,3 +1,3 @@
 {
-    "bundleVersion": "codeql-bundle-20211208"
+    "bundleVersion": "codeql-bundle-20220120"
 }

lib/fingerprints.js

@@ -226,9 +226,8 @@ function resolveUriToFile(location, artifacts, sourceRoot, logger) {
 exports.resolveUriToFile = resolveUriToFile;
 // Compute fingerprints for results in the given sarif file
 // and return an updated sarif file contents.
-async function addFingerprints(sarifContents, sourceRoot, logger) {
+async function addFingerprints(sarif, sourceRoot, logger) {
     var _a, _b, _c;
-    const sarif = JSON.parse(sarifContents);
     // Gather together results for the same file and construct
     // callbacks to accept hashes for that file and update the location
     const callbacksByFile = {};
@@ -266,7 +265,7 @@ async function addFingerprints(sarifContents, sourceRoot, logger) {
         };
         await hash(teeCallback, filepath);
     }
-    return JSON.stringify(sarif);
+    return sarif;
 }
 exports.addFingerprints = addFingerprints;
 //# sourceMappingURL=fingerprints.js.map

lib/fingerprints.test.js

@@ -169,30 +169,24 @@ function testResolveUriToFile(uri, index, artifactsURIs) {
 });
 (0, ava_1.default)("addFingerprints", async (t) => {
     // Run an end-to-end test on a test file
-    let input = fs
+    const input = JSON.parse(fs
         .readFileSync(`${__dirname}/../src/testdata/fingerprinting.input.sarif`)
-        .toString();
-    let expected = fs
+        .toString());
+    const expected = JSON.parse(fs
         .readFileSync(`${__dirname}/../src/testdata/fingerprinting.expected.sarif`)
-        .toString();
-    // The test files are stored prettified, but addFingerprints outputs condensed JSON
-    input = JSON.stringify(JSON.parse(input));
-    expected = JSON.stringify(JSON.parse(expected));
+        .toString());
     // The URIs in the SARIF files resolve to files in the testdata directory
     const sourceRoot = path.normalize(`${__dirname}/../src/testdata`);
     t.deepEqual(await fingerprints.addFingerprints(input, sourceRoot, (0, logging_1.getRunnerLogger)(true)), expected);
 });
 (0, ava_1.default)("missingRegions", async (t) => {
     // Run an end-to-end test on a test file
-    let input = fs
+    const input = JSON.parse(fs
         .readFileSync(`${__dirname}/../src/testdata/fingerprinting2.input.sarif`)
-        .toString();
-    let expected = fs
+        .toString());
+    const expected = JSON.parse(fs
         .readFileSync(`${__dirname}/../src/testdata/fingerprinting2.expected.sarif`)
-        .toString();
-    // The test files are stored prettified, but addFingerprints outputs condensed JSON
-    input = JSON.stringify(JSON.parse(input));
-    expected = JSON.stringify(JSON.parse(expected));
+        .toString());
     // The URIs in the SARIF files resolve to files in the testdata directory
     const sourceRoot = path.normalize(`${__dirname}/../src/testdata`);
     t.deepEqual(await fingerprints.addFingerprints(input, sourceRoot, (0, logging_1.getRunnerLogger)(true)), expected);

lib/init.js

@@ -47,15 +47,30 @@ async function initConfig(languagesInput, queriesInput, packsInput, configFile,
 }
 exports.initConfig = initConfig;
 async function runInit(codeql, config, sourceRoot, processName, processLevel) {
+    var _a;
     fs.mkdirSync(config.dbLocation, { recursive: true });
-    if (await (0, util_1.codeQlVersionAbove)(codeql, codeql_1.CODEQL_VERSION_NEW_TRACING)) {
-        // Init a database cluster
-        await codeql.databaseInitCluster(config.dbLocation, config.languages, sourceRoot, processName, processLevel);
+    try {
+        if (await (0, util_1.codeQlVersionAbove)(codeql, codeql_1.CODEQL_VERSION_NEW_TRACING)) {
+            // Init a database cluster
+            await codeql.databaseInitCluster(config.dbLocation, config.languages, sourceRoot, processName, processLevel);
+        }
+        else {
+            for (const language of config.languages) {
+                // Init language database
+                await codeql.databaseInit(util.getCodeQLDatabasePath(config, language), language, sourceRoot);
+            }
+        }
     }
-    else {
-        for (const language of config.languages) {
-            // Init language database
-            await codeql.databaseInit(util.getCodeQLDatabasePath(config, language), language, sourceRoot);
+    catch (e) {
+        // Handle the situation where init is called twice
+        // for the same database in the same job.
+        if (e instanceof Error &&
+            ((_a = e.message) === null || _a === void 0 ? void 0 : _a.includes("Refusing to create databases")) &&
+            e.message.includes("exists and is not an empty directory.")) {
+            throw new Error(`Is the "init" action called twice in the same job? ${e.message}`);
+        }
+        else {
+            throw e;
         }
     }
     return await (0, tracer_config_1.getCombinedTracerConfig)(config, codeql);

lib/init.js.map

@@ -1 +1 @@
-{"version":3,"file":"init.js","sourceRoot":"","sources":["../src/init.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAE7B,yEAA2D;AAC3D,kEAAoD;AAEpD,gEAAkD;AAElD,qCAA2E;AAC3E,4DAA8C;AAI9C,mDAAwE;AACxE,6CAA+B;AAC/B,iCAA4C;AAErC,KAAK,UAAU,UAAU,CAC9B,SAA6B,EAC7B,UAA4B,EAC5B,OAAe,EACf,YAAoB,EACpB,OAA2B,EAC3B,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,oBAAoB,CAAC,CAAC;IACxC,MAAM,EAAE,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,IAAA,oBAAW,EAChD,SAAS,EACT,UAAU,EACV,OAAO,EACP,YAAY,EACZ,OAAO,EACP,MAAM,EACN,IAAI,CACL,CAAC;IACF,MAAM,MAAM,CAAC,YAAY,EAAE,CAAC;IAC5B,MAAM,CAAC,QAAQ,EAAE,CAAC;IAClB,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC;AAClC,CAAC;AArBD,gCAqBC;AAEM,KAAK,UAAU,UAAU,CAC9B,cAAkC,EAClC,YAAgC,EAChC,UAA8B,EAC9B,UAA8B,EAC9B,UAA8B,EAC9B,SAAkB,EAClB,iBAAyB,EACzB,iBAAyB,EACzB,UAAyB,EACzB,OAAe,EACf,YAAoB,EACpB,MAAc,EACd,aAAqB,EACrB,aAAiC,EACjC,UAAoC,EACpC,YAA0B,EAC1B,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,6BAA6B,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,UAAU,CACzC,cAAc,EACd,YAAY,EACZ,UAAU,EACV,UAAU,EACV,UAAU,EACV,SAAS,EACT,iBAAiB,EACjB,iBAAiB,EACjB,UAAU,EACV,OAAO,EACP,YAAY,EACZ,MAAM,EACN,aAAa,EACb,aAAa,EACb,UAAU,EACV,YAAY,EACZ,MAAM,CACP,CAAC;IACF,aAAa,CAAC,uBAAuB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACtD,MAAM,CAAC,QAAQ,EAAE,CAAC;IAClB,OAAO,MAAM,CAAC;AAChB,CAAC;AA1CD,gCA0CC;AAEM,KAAK,UAAU,OAAO,CAC3B,MAAc,EACd,MAA0B,EAC1B,UAAkB,EAClB,WAA+B,EAC/B,YAAgC;IAEhC,EAAE,CAAC,SAAS,CAAC,MAAM,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAErD,IAAI,MAAM,IAAA,yBAAkB,EAAC,MAAM,EAAE,mCAA0B,CAAC,EAAE;QAChE,0BAA0B;QAC1B,MAAM,MAAM,CAAC,mBAAmB,CAC9B,MAAM,CAAC,UAAU,EACjB,MAAM,CAAC,SAAS,EAChB,UAAU,EACV,WAAW,EACX,YAAY,CACb,CAAC;KACH;SAAM;QACL,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;YACvC,yBAAyB;YACzB,MAAM,MAAM,CAAC,YAAY,CACvB,IAAI,CAAC,qBAAqB,CAAC,MAAM,EAAE,QAAQ,CAAC,EAC5C,QAAQ,EACR,UAAU,CACX,CAAC;SACH;KACF;IAED,OAAO,MAAM,IAAA,uCAAuB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AACvD,CAAC;AA9BD,0BA8BC;AAED,sEAAsE;AACtE,4EAA4E;AAC5E,4EAA4E;AAC5E,6EAA6E;AAC7E,+CAA+C;AACxC,KAAK,UAAU,mBAAmB,CACvC,WAA+B,EAC/B,YAAgC,EAChC,MAA0B,EAC1B,MAAc,EACd,YAA0B;IAE1B,IAAI,MAAc,CAAC;IACnB,IAAI,WAAW,KAAK,SAAS,EAAE;QAC7B,MAAM,GAAG;;;;;;;;;;;;uCAY0B,WAAW;;8BAEpB,WAAW;;;;;;;;gDAQO,CAAC;KAC9C;SAAM;QACL,oEAAoE;QACpE,mFAAmF;QACnF,+EAA+E;QAC/E,kFAAkF;QAClF,6EAA6E;QAC7E,oFAAoF;QACpF,6CAA6C;QAC7C,YAAY,GAAG,YAAY,IAAI,CAAC,CAAC;QACjC,MAAM,GAAG;;;;;;;;4BAQe,YAAY;;;;;;;;;;;;;;;;;;;;;gDAqBQ,CAAC;KAC9C;IAED,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,mBAAmB,CAAC,CAAC;IACxE,EAAE,CAAC,aAAa,CAAC,gBAAgB,EAAE,MAAM,CAAC,CAAC;IAE3C,MAAM,IAAI,UAAU,CAAC,UAAU,CAC7B,MAAM,SAAS,CAAC,SAAS,CAAC,YAAY,CAAC,EACvC;QACE,kBAAkB;QAClB,QAAQ;QACR,OAAO;QACP,gBAAgB;QAChB,IAAI,CAAC,OAAO,CACV,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,EAC9B,OAAO,EACP,OAAO,EACP,YAAY,CACb;KACF,EACD,EAAE,GAAG,EAAE,EAAE,0BAA0B,EAAE,YAAY,CAAC,IAAI,EAAE,EAAE,CAC3D,CAAC,IAAI,EAAE,CAAC;AACX,CAAC;AA5FD,kDA4FC;AAEM,KAAK,UAAU,iBAAiB,CAAC,MAAc,EAAE,MAAc;IACpE,MAAM,CAAC,UAAU,CAAC,2BAA2B,CAAC,CAAC;IAE/C,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,iBAAiB,CAAC,CAAC;IAEjE,IAAI;QACF,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;YAChC,MAAM,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,SAAS,CAAC,SAAS,CAAC,YAAY,CAAC,EAAE;gBACvE,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,mBAAmB,CAAC;aAC9C,CAAC,CAAC,IAAI,EAAE,CAAC;SACX;aAAM;YACL,MAAM,IAAI,UAAU,CAAC,UAAU,CAC7B,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,kBAAkB,CAAC,CAC7C,CAAC,IAAI,EAAE,CAAC;SACV;QACD,MAAM,MAAM,GAAG,0BAA0B,CAAC;QAC1C,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;YAChC,MAAM,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,SAAS,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;gBAC/D,IAAI;gBACJ,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC;gBAChC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;aAC/B,CAAC,CAAC,IAAI,EAAE,CAAC;SACX;aAAM;YACL,MAAM,IAAI,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC,EAAE;gBAChE,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;aAC/B,CAAC,CAAC,IAAI,EAAE,CAAC;SACX;KACF;IAAC,OAAO,CAAC,EAAE;QACV,MAAM,CAAC,QAAQ,EAAE,CAAC;QAClB,MAAM,CAAC,OAAO,CACZ,gFAAgF,CAAC,IAAI;YACnF,qGAAqG;YACrG,oGAAoG;YACpG,iDAAiD,CACpD,CAAC;QACF,OAAO;KACR;IACD,MAAM,CAAC,QAAQ,EAAE,CAAC;AACpB,CAAC;AAtCD,8CAsCC"}
+{"version":3,"file":"init.js","sourceRoot":"","sources":["../src/init.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAE7B,yEAA2D;AAC3D,kEAAoD;AAEpD,gEAAkD;AAElD,qCAA2E;AAC3E,4DAA8C;AAI9C,mDAAwE;AACxE,6CAA+B;AAC/B,iCAA4C;AAErC,KAAK,UAAU,UAAU,CAC9B,SAA6B,EAC7B,UAA4B,EAC5B,OAAe,EACf,YAAoB,EACpB,OAA2B,EAC3B,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,oBAAoB,CAAC,CAAC;IACxC,MAAM,EAAE,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,IAAA,oBAAW,EAChD,SAAS,EACT,UAAU,EACV,OAAO,EACP,YAAY,EACZ,OAAO,EACP,MAAM,EACN,IAAI,CACL,CAAC;IACF,MAAM,MAAM,CAAC,YAAY,EAAE,CAAC;IAC5B,MAAM,CAAC,QAAQ,EAAE,CAAC;IAClB,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC;AAClC,CAAC;AArBD,gCAqBC;AAEM,KAAK,UAAU,UAAU,CAC9B,cAAkC,EAClC,YAAgC,EAChC,UAA8B,EAC9B,UAA8B,EAC9B,UAA8B,EAC9B,SAAkB,EAClB,iBAAyB,EACzB,iBAAyB,EACzB,UAAyB,EACzB,OAAe,EACf,YAAoB,EACpB,MAAc,EACd,aAAqB,EACrB,aAAiC,EACjC,UAAoC,EACpC,YAA0B,EAC1B,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,6BAA6B,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,UAAU,CACzC,cAAc,EACd,YAAY,EACZ,UAAU,EACV,UAAU,EACV,UAAU,EACV,SAAS,EACT,iBAAiB,EACjB,iBAAiB,EACjB,UAAU,EACV,OAAO,EACP,YAAY,EACZ,MAAM,EACN,aAAa,EACb,aAAa,EACb,UAAU,EACV,YAAY,EACZ,MAAM,CACP,CAAC;IACF,aAAa,CAAC,uBAAuB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACtD,MAAM,CAAC,QAAQ,EAAE,CAAC;IAClB,OAAO,MAAM,CAAC;AAChB,CAAC;AA1CD,gCA0CC;AAEM,KAAK,UAAU,OAAO,CAC3B,MAAc,EACd,MAA0B,EAC1B,UAAkB,EAClB,WAA+B,EAC/B,YAAgC;;IAEhC,EAAE,CAAC,SAAS,CAAC,MAAM,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAErD,IAAI;QACF,IAAI,MAAM,IAAA,yBAAkB,EAAC,MAAM,EAAE,mCAA0B,CAAC,EAAE;YAChE,0BAA0B;YAC1B,MAAM,MAAM,CAAC,mBAAmB,CAC9B,MAAM,CAAC,UAAU,EACjB,MAAM,CAAC,SAAS,EAChB,UAAU,EACV,WAAW,EACX,YAAY,CACb,CAAC;SACH;aAAM;YACL,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;gBACvC,yBAAyB;gBACzB,MAAM,MAAM,CAAC,YAAY,CACvB,IAAI,CAAC,qBAAqB,CAAC,MAAM,EAAE,QAAQ,CAAC,EAC5C,QAAQ,EACR,UAAU,CACX,CAAC;aACH;SACF;KACF;IAAC,OAAO,CAAC,EAAE;QACV,kDAAkD;QAClD,yCAAyC;QACzC,IACE,CAAC,YAAY,KAAK;aAClB,MAAA,CAAC,CAAC,OAAO,0CAAE,QAAQ,CAAC,8BAA8B,CAAC,CAAA;YACnD,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,uCAAuC,CAAC,EAC3D;YACA,MAAM,IAAI,KAAK,CACb,sDAAsD,CAAC,CAAC,OAAO,EAAE,CAClE,CAAC;SACH;aAAM;YACL,MAAM,CAAC,CAAC;SACT;KACF;IACD,OAAO,MAAM,IAAA,uCAAuB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AACvD,CAAC;AA7CD,0BA6CC;AAED,sEAAsE;AACtE,4EAA4E;AAC5E,4EAA4E;AAC5E,6EAA6E;AAC7E,+CAA+C;AACxC,KAAK,UAAU,mBAAmB,CACvC,WAA+B,EAC/B,YAAgC,EAChC,MAA0B,EAC1B,MAAc,EACd,YAA0B;IAE1B,IAAI,MAAc,CAAC;IACnB,IAAI,WAAW,KAAK,SAAS,EAAE;QAC7B,MAAM,GAAG;;;;;;;;;;;;uCAY0B,WAAW;;8BAEpB,WAAW;;;;;;;;gDAQO,CAAC;KAC9C;SAAM;QACL,oEAAoE;QACpE,mFAAmF;QACnF,+EAA+E;QAC/E,kFAAkF;QAClF,6EAA6E;QAC7E,oFAAoF;QACpF,6CAA6C;QAC7C,YAAY,GAAG,YAAY,IAAI,CAAC,CAAC;QACjC,MAAM,GAAG;;;;;;;;4BAQe,YAAY;;;;;;;;;;;;;;;;;;;;;gDAqBQ,CAAC;KAC9C;IAED,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,mBAAmB,CAAC,CAAC;IACxE,EAAE,CAAC,aAAa,CAAC,gBAAgB,EAAE,MAAM,CAAC,CAAC;IAE3C,MAAM,IAAI,UAAU,CAAC,UAAU,CAC7B,MAAM,SAAS,CAAC,SAAS,CAAC,YAAY,CAAC,EACvC;QACE,kBAAkB;QAClB,QAAQ;QACR,OAAO;QACP,gBAAgB;QAChB,IAAI,CAAC,OAAO,CACV,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,EAC9B,OAAO,EACP,OAAO,EACP,YAAY,CACb;KACF,EACD,EAAE,GAAG,EAAE,EAAE,0BAA0B,EAAE,YAAY,CAAC,IAAI,EAAE,EAAE,CAC3D,CAAC,IAAI,EAAE,CAAC;AACX,CAAC;AA5FD,kDA4FC;AAEM,KAAK,UAAU,iBAAiB,CAAC,MAAc,EAAE,MAAc;IACpE,MAAM,CAAC,UAAU,CAAC,2BAA2B,CAAC,CAAC;IAE/C,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,iBAAiB,CAAC,CAAC;IAEjE,IAAI;QACF,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;YAChC,MAAM,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,SAAS,CAAC,SAAS,CAAC,YAAY,CAAC,EAAE;gBACvE,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,mBAAmB,CAAC;aAC9C,CAAC,CAAC,IAAI,EAAE,CAAC;SACX;aAAM;YACL,MAAM,IAAI,UAAU,CAAC,UAAU,CAC7B,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,kBAAkB,CAAC,CAC7C,CAAC,IAAI,EAAE,CAAC;SACV;QACD,MAAM,MAAM,GAAG,0BAA0B,CAAC;QAC1C,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;YAChC,MAAM,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,SAAS,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;gBAC/D,IAAI;gBACJ,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC;gBAChC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;aAC/B,CAAC,CAAC,IAAI,EAAE,CAAC;SACX;aAAM;YACL,MAAM,IAAI,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC,EAAE;gBAChE,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;aAC/B,CAAC,CAAC,IAAI,EAAE,CAAC;SACX;KACF;IAAC,OAAO,CAAC,EAAE;QACV,MAAM,CAAC,QAAQ,EAAE,CAAC;QAClB,MAAM,CAAC,OAAO,CACZ,gFAAgF,CAAC,IAAI;YACnF,qGAAqG;YACrG,oGAAoG;YACpG,iDAAiD,CACpD,CAAC;QACF,OAAO;KACR;IACD,MAAM,CAAC,QAAQ,EAAE,CAAC;AACpB,CAAC;AAtCD,8CAsCC"}

lib/upload-lib.js

@@ -54,25 +54,24 @@ function combineSarifFiles(sarifFiles) {
         }
         combinedSarif.runs.push(...sarifObject.runs);
     }
-    return JSON.stringify(combinedSarif);
+    return combinedSarif;
 }
 exports.combineSarifFiles = combineSarifFiles;
 // Populates the run.automationDetails.id field using the analysis_key and environment
 // and return an updated sarif file contents.
-function populateRunAutomationDetails(sarifContents, category, analysis_key, environment) {
-    if (analysis_key === undefined) {
-        return sarifContents;
-    }
+function populateRunAutomationDetails(sarif, category, analysis_key, environment) {
     const automationID = getAutomationID(category, analysis_key, environment);
-    const sarif = JSON.parse(sarifContents);
-    for (const run of sarif.runs || []) {
-        if (run.automationDetails === undefined) {
-            run.automationDetails = {
-                id: automationID,
-            };
+    if (automationID !== undefined) {
+        for (const run of sarif.runs || []) {
+            if (run.automationDetails === undefined) {
+                run.automationDetails = {
+                    id: automationID,
+                };
+            }
         }
+        return sarif;
     }
-    return JSON.stringify(sarif);
+    return sarif;
 }
 exports.populateRunAutomationDetails = populateRunAutomationDetails;
 function getAutomationID(category, analysis_key, environment) {
@@ -83,7 +82,11 @@ function getAutomationID(category, analysis_key, environment) {
         }
         return automationID;
     }
-    return actionsUtil.computeAutomationID(analysis_key, environment);
+    // analysis_key is undefined for the runner.
+    if (analysis_key !== undefined) {
+        return actionsUtil.computeAutomationID(analysis_key, environment);
+    }
+    return undefined;
 }
 // Upload the given payload.
 // If the request fails then this will retry a small number of times.
@@ -244,17 +247,18 @@ exports.buildPayload = buildPayload;
 async function uploadFiles(sarifFiles, repositoryNwo, commitOid, ref, analysisKey, category, analysisName, workflowRunID, sourceRoot, environment, gitHubVersion, apiDetails, logger) {
     logger.startGroup("Uploading results");
     logger.info(`Processing sarif files: ${JSON.stringify(sarifFiles)}`);
-    validateUniqueCategory(category);
     // Validate that the files we were asked to upload are all valid SARIF files
     for (const file of sarifFiles) {
         validateSarifFileSchema(file, logger);
     }
-    let sarifPayload = combineSarifFiles(sarifFiles);
-    sarifPayload = await fingerprints.addFingerprints(sarifPayload, sourceRoot, logger);
-    sarifPayload = populateRunAutomationDetails(sarifPayload, category, analysisKey, environment);
+    let sarif = combineSarifFiles(sarifFiles);
+    sarif = await fingerprints.addFingerprints(sarif, sourceRoot, logger);
+    sarif = populateRunAutomationDetails(sarif, category, analysisKey, environment);
+    const toolNames = util.getToolNames(sarif);
+    validateUniqueCategory(sarif);
+    const sarifPayload = JSON.stringify(sarif);
     const zippedSarif = zlib_1.default.gzipSync(sarifPayload).toString("base64");
     const checkoutURI = (0, file_url_1.default)(sourceRoot);
-    const toolNames = util.getToolNames(sarifPayload);
     const payload = buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, workflowRunID, checkoutURI, environment, toolNames, gitHubVersion);
     // Log some useful debug info about the info
     const rawUploadSizeBytes = sarifPayload.length;
@@ -325,16 +329,28 @@ async function waitForProcessing(repositoryNwo, sarifID, apiDetails, logger) {
     logger.endGroup();
 }
 exports.waitForProcessing = waitForProcessing;
-function validateUniqueCategory(category) {
+function validateUniqueCategory(sarif) {
+    var _a, _b, _c;
+    // This check only works on actions as env vars don't persist between calls to the runner
     if (util.isActions()) {
-        // This check only works on actions as env vars don't persist between calls to the runner
-        const sentinelEnvVar = `CODEQL_UPLOAD_SARIF${category ? `_${sanitize(category)}` : ""}`;
-        if (process.env[sentinelEnvVar]) {
-            throw new Error("Aborting upload: only one run of the codeql/analyze or codeql/upload-sarif actions is allowed per job per category. " +
-                "Please specify a unique `category` to call this action multiple times. " +
-                `Category: ${category ? category : "(none)"}`);
+        // duplicate categories are allowed in the same sarif file
+        // but not across multiple sarif files
+        const categories = {};
+        for (const run of sarif.runs) {
+            const id = (_a = run === null || run === void 0 ? void 0 : run.automationDetails) === null || _a === void 0 ? void 0 : _a.id;
+            const tool = (_c = (_b = run.tool) === null || _b === void 0 ? void 0 : _b.driver) === null || _c === void 0 ? void 0 : _c.name;
+            const category = `${sanitize(id)}_${sanitize(tool)}`;
+            categories[category] = { id, tool };
+        }
+        for (const [category, { id, tool }] of Object.entries(categories)) {
+            const sentinelEnvVar = `CODEQL_UPLOAD_SARIF_${category}`;
+            if (process.env[sentinelEnvVar]) {
+                throw new Error("Aborting upload: only one run of the codeql/analyze or codeql/upload-sarif actions is allowed per job per tool/category. " +
+                    "The easiest fix is to specify a unique value for the `category` input. " +
+                    `Category: (${id ? id : "none"}) Tool: (${tool ? tool : "none"})`);
+            }
+            core.exportVariable(sentinelEnvVar, sentinelEnvVar);
         }
-        core.exportVariable(sentinelEnvVar, sentinelEnvVar);
     }
 }
 exports.validateUniqueCategory = validateUniqueCategory;
@@ -348,6 +364,6 @@ exports.validateUniqueCategory = validateUniqueCategory;
  * @param str the initial value to sanitize
  */
 function sanitize(str) {
-    return str.replace(/[^a-zA-Z0-9_]/g, "_");
+    return (str !== null && str !== void 0 ? str : "_").replace(/[^a-zA-Z0-9_]/g, "_").toLocaleUpperCase();
 }
 //# sourceMappingURL=upload-lib.js.map

lib/upload-lib.test.js

@@ -98,9 +98,13 @@ ava_1.default.beforeEach(() => {
     });
 });
 (0, ava_1.default)("populateRunAutomationDetails", (t) => {
-    let sarif = '{"runs": [{}]}';
+    let sarif = {
+        runs: [{}],
+    };
     const analysisKey = ".github/workflows/codeql-analysis.yml:analyze";
-    let expectedSarif = '{"runs":[{"automationDetails":{"id":"language:javascript/os:linux/"}}]}';
+    let expectedSarif = {
+        runs: [{ automationDetails: { id: "language:javascript/os:linux/" } }],
+    };
     // Category has priority over analysis_key/environment
     let modifiedSarif = uploadLib.populateRunAutomationDetails(sarif, "language:javascript/os:linux", analysisKey, '{"language": "other", "os": "other"}');
     t.deepEqual(modifiedSarif, expectedSarif);
@@ -108,25 +112,99 @@ ava_1.default.beforeEach(() => {
     modifiedSarif = uploadLib.populateRunAutomationDetails(sarif, "language:javascript/os:linux/", analysisKey, "");
     t.deepEqual(modifiedSarif, expectedSarif);
     // check that the automation details doesn't get overwritten
-    sarif = '{"runs":[{"automationDetails":{"id":"my_id"}}]}';
-    expectedSarif = '{"runs":[{"automationDetails":{"id":"my_id"}}]}';
+    sarif = { runs: [{ automationDetails: { id: "my_id" } }] };
+    expectedSarif = { runs: [{ automationDetails: { id: "my_id" } }] };
+    modifiedSarif = uploadLib.populateRunAutomationDetails(sarif, undefined, analysisKey, '{"os": "linux", "language": "javascript"}');
+    t.deepEqual(modifiedSarif, expectedSarif);
+    // check multiple runs
+    sarif = { runs: [{ automationDetails: { id: "my_id" } }, {}] };
+    expectedSarif = {
+        runs: [
+            { automationDetails: { id: "my_id" } },
+            {
+                automationDetails: {
+                    id: ".github/workflows/codeql-analysis.yml:analyze/language:javascript/os:linux/",
+                },
+            },
+        ],
+    };
     modifiedSarif = uploadLib.populateRunAutomationDetails(sarif, undefined, analysisKey, '{"os": "linux", "language": "javascript"}');
     t.deepEqual(modifiedSarif, expectedSarif);
 });
-(0, ava_1.default)("validateUniqueCategory", (t) => {
-    t.notThrows(() => uploadLib.validateUniqueCategory(undefined));
-    t.throws(() => uploadLib.validateUniqueCategory(undefined));
-    t.notThrows(() => uploadLib.validateUniqueCategory("abc"));
-    t.throws(() => uploadLib.validateUniqueCategory("abc"));
-    t.notThrows(() => uploadLib.validateUniqueCategory("def"));
-    t.throws(() => uploadLib.validateUniqueCategory("def"));
+(0, ava_1.default)("validateUniqueCategory when empty", (t) => {
+    t.notThrows(() => uploadLib.validateUniqueCategory(createMockSarif()));
+    t.throws(() => uploadLib.validateUniqueCategory(createMockSarif()));
+});
+(0, ava_1.default)("validateUniqueCategory for automation details id", (t) => {
+    t.notThrows(() => uploadLib.validateUniqueCategory(createMockSarif("abc")));
+    t.throws(() => uploadLib.validateUniqueCategory(createMockSarif("abc")));
+    t.throws(() => uploadLib.validateUniqueCategory(createMockSarif("AbC")));
+    t.notThrows(() => uploadLib.validateUniqueCategory(createMockSarif("def")));
+    t.throws(() => uploadLib.validateUniqueCategory(createMockSarif("def")));
     // Our category sanitization is not perfect. Here are some examples
     // of where we see false clashes
-    t.notThrows(() => uploadLib.validateUniqueCategory("abc/def"));
-    t.throws(() => uploadLib.validateUniqueCategory("abc@def"));
-    t.throws(() => uploadLib.validateUniqueCategory("abc_def"));
-    t.throws(() => uploadLib.validateUniqueCategory("abc def"));
+    t.notThrows(() => uploadLib.validateUniqueCategory(createMockSarif("abc/def")));
+    t.throws(() => uploadLib.validateUniqueCategory(createMockSarif("abc@def")));
+    t.throws(() => uploadLib.validateUniqueCategory(createMockSarif("abc_def")));
+    t.throws(() => uploadLib.validateUniqueCategory(createMockSarif("abc def")));
     // this one is fine
-    t.notThrows(() => uploadLib.validateUniqueCategory("abc_ def"));
+    t.notThrows(() => uploadLib.validateUniqueCategory(createMockSarif("abc_ def")));
 });
+(0, ava_1.default)("validateUniqueCategory for tool name", (t) => {
+    t.notThrows(() => uploadLib.validateUniqueCategory(createMockSarif(undefined, "abc")));
+    t.throws(() => uploadLib.validateUniqueCategory(createMockSarif(undefined, "abc")));
+    t.throws(() => uploadLib.validateUniqueCategory(createMockSarif(undefined, "AbC")));
+    t.notThrows(() => uploadLib.validateUniqueCategory(createMockSarif(undefined, "def")));
+    t.throws(() => uploadLib.validateUniqueCategory(createMockSarif(undefined, "def")));
+    // Our category sanitization is not perfect. Here are some examples
+    // of where we see false clashes
+    t.notThrows(() => uploadLib.validateUniqueCategory(createMockSarif(undefined, "abc/def")));
+    t.throws(() => uploadLib.validateUniqueCategory(createMockSarif(undefined, "abc@def")));
+    t.throws(() => uploadLib.validateUniqueCategory(createMockSarif(undefined, "abc_def")));
+    t.throws(() => uploadLib.validateUniqueCategory(createMockSarif(undefined, "abc def")));
+    // this one is fine
+    t.notThrows(() => uploadLib.validateUniqueCategory(createMockSarif("abc_ def")));
+});
+(0, ava_1.default)("validateUniqueCategory for automation details id and tool name", (t) => {
+    t.notThrows(() => uploadLib.validateUniqueCategory(createMockSarif("abc", "abc")));
+    t.throws(() => uploadLib.validateUniqueCategory(createMockSarif("abc", "abc")));
+    t.notThrows(() => uploadLib.validateUniqueCategory(createMockSarif("abc_", "def")));
+    t.throws(() => uploadLib.validateUniqueCategory(createMockSarif("abc_", "def")));
+    t.notThrows(() => uploadLib.validateUniqueCategory(createMockSarif("ghi", "_jkl")));
+    t.throws(() => uploadLib.validateUniqueCategory(createMockSarif("ghi", "_jkl")));
+    // Our category sanitization is not perfect. Here are some examples
+    // of where we see false clashes
+    t.notThrows(() => uploadLib.validateUniqueCategory(createMockSarif("abc")));
+    t.throws(() => uploadLib.validateUniqueCategory(createMockSarif("abc", "_")));
+    t.notThrows(() => uploadLib.validateUniqueCategory(createMockSarif("abc", "def__")));
+    t.throws(() => uploadLib.validateUniqueCategory(createMockSarif("abc_def")));
+    t.notThrows(() => uploadLib.validateUniqueCategory(createMockSarif("mno_", "pqr")));
+    t.throws(() => uploadLib.validateUniqueCategory(createMockSarif("mno", "_pqr")));
+});
+(0, ava_1.default)("validateUniqueCategory for multiple runs", (t) => {
+    const sarif1 = createMockSarif("abc", "def");
+    const sarif2 = createMockSarif("ghi", "jkl");
+    // duplicate categories are allowed within the same sarif file
+    const multiSarif = { runs: [sarif1.runs[0], sarif1.runs[0], sarif2.runs[0]] };
+    t.notThrows(() => uploadLib.validateUniqueCategory(multiSarif));
+    // should throw if there are duplicate categories in separate validations
+    t.throws(() => uploadLib.validateUniqueCategory(sarif1));
+    t.throws(() => uploadLib.validateUniqueCategory(sarif2));
+});
+function createMockSarif(id, tool) {
+    return {
+        runs: [
+            {
+                automationDetails: {
+                    id,
+                },
+                tool: {
+                    driver: {
+                        name: tool,
+                    },
+                },
+            },
+        ],
+    };
+}
 //# sourceMappingURL=upload-lib.test.js.map

lib/util.js

@@ -72,8 +72,7 @@ exports.getExtraOptionsEnvParam = getExtraOptionsEnvParam;
  *
  * Returns an array of unique string tool names.
  */
-function getToolNames(sarifContents) {
-    const sarif = JSON.parse(sarifContents);
+function getToolNames(sarif) {
     const toolNames = {};
     for (const run of sarif.runs || []) {
         const tool = run.tool || {};

lib/util.test.js

@@ -35,7 +35,7 @@ const util = __importStar(require("./util"));
 (0, testing_utils_1.setupTests)(ava_1.default);
 (0, ava_1.default)("getToolNames", (t) => {
     const input = fs.readFileSync(`${__dirname}/../src/testdata/tool-names.sarif`, "utf8");
-    const toolNames = util.getToolNames(input);
+    const toolNames = util.getToolNames(JSON.parse(input));
     t.deepEqual(toolNames, ["CodeQL command-line toolchain", "ESLint"]);
 });
 (0, ava_1.default)("getMemoryFlag() should return the correct --ram flag", (t) => {

node_modules/.package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "codeql",
-  "version": "1.0.28",
+  "version": "1.0.30",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {

package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "codeql",
-  "version": "1.0.28",
+  "version": "1.0.30",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
     "": {
       "name": "codeql",
-      "version": "1.0.28",
+      "version": "1.0.30",
       "license": "MIT",
       "dependencies": {
         "@actions/artifact": "^0.5.2",

package.json

@@ -1,6 +1,6 @@
 {
   "name": "codeql",
-  "version": "1.0.28",
+  "version": "1.0.30",
   "private": true,
   "description": "CodeQL action",
   "scripts": {

runner/package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "codeql-runner",
-  "version": "1.0.28",
+  "version": "1.0.30",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {

runner/package.json

@@ -1,6 +1,6 @@
 {
   "name": "codeql-runner",
-  "version": "1.0.28",
+  "version": "1.0.30",
   "private": true,
   "description": "CodeQL runner",
   "scripts": {

src/analysis-paths.ts

@@ -29,14 +29,14 @@ export function printPathFiltersWarning(
   config: configUtils.Config,
   logger: Logger
 ) {
-  // Index include/exclude/filters only work in javascript and python.
+  // Index include/exclude/filters only work in javascript/python/ruby.
   // If any other languages are detected/configured then show a warning.
   if (
     (config.paths.length !== 0 || config.pathsIgnore.length !== 0) &&
     !config.languages.every(isInterpretedLanguage)
   ) {
     logger.warning(
-      'The "paths"/"paths-ignore" fields of the config only have effect for JavaScript and Python'
+      'The "paths"/"paths-ignore" fields of the config only have effect for JavaScript, Python, and Ruby'
     );
   }
 }

src/codeql.ts

@@ -805,7 +805,12 @@ async function getCodeQLForCmd(
       await toolrunnerErrorCatcher(cmd, args, errorMatchers);
     },
     async resolveLanguages() {
-      const codeqlArgs = ["resolve", "languages", "--format=json"];
+      const codeqlArgs = [
+        "resolve",
+        "languages",
+        "--format=json",
+        ...getExtraOptionsFromEnv(["resolve", "languages"]),
+      ];
       const output = await runTool(cmd, codeqlArgs);
 
       try {
@@ -956,6 +961,7 @@ async function getCodeQLForCmd(
         "cleanup",
         databasePath,
         `--mode=${cleanupLevel}`,
+        ...getExtraOptionsFromEnv(["database", "cleanup"]),
       ];
       await runTool(cmd, codeqlArgs);
     },
@@ -970,6 +976,7 @@ async function getCodeQLForCmd(
         databasePath,
         `--output=${outputFilePath}`,
         `--name=${databaseName}`,
+        ...getExtraOptionsFromEnv(["database", "bundle"]),
       ];
       await new toolrunner.ToolRunner(cmd, args).exec();
     },

src/defaults.json

@@ -1,3 +1,3 @@
 {
-  "bundleVersion": "codeql-bundle-20211208"
+  "bundleVersion": "codeql-bundle-20220120"
 }

src/fingerprints.test.ts

@@ -189,16 +189,18 @@ test("resolveUriToFile", (t) => {
 
 test("addFingerprints", async (t) => {
   // Run an end-to-end test on a test file
-  let input = fs
-    .readFileSync(`${__dirname}/../src/testdata/fingerprinting.input.sarif`)
-    .toString();
-  let expected = fs
-    .readFileSync(`${__dirname}/../src/testdata/fingerprinting.expected.sarif`)
-    .toString();
-
-  // The test files are stored prettified, but addFingerprints outputs condensed JSON
-  input = JSON.stringify(JSON.parse(input));
-  expected = JSON.stringify(JSON.parse(expected));
+  const input = JSON.parse(
+    fs
+      .readFileSync(`${__dirname}/../src/testdata/fingerprinting.input.sarif`)
+      .toString()
+  );
+  const expected = JSON.parse(
+    fs
+      .readFileSync(
+        `${__dirname}/../src/testdata/fingerprinting.expected.sarif`
+      )
+      .toString()
+  );
 
   // The URIs in the SARIF files resolve to files in the testdata directory
   const sourceRoot = path.normalize(`${__dirname}/../src/testdata`);
@@ -215,16 +217,18 @@ test("addFingerprints", async (t) => {
 
 test("missingRegions", async (t) => {
   // Run an end-to-end test on a test file
-  let input = fs
-    .readFileSync(`${__dirname}/../src/testdata/fingerprinting2.input.sarif`)
-    .toString();
-  let expected = fs
-    .readFileSync(`${__dirname}/../src/testdata/fingerprinting2.expected.sarif`)
-    .toString();
-
-  // The test files are stored prettified, but addFingerprints outputs condensed JSON
-  input = JSON.stringify(JSON.parse(input));
-  expected = JSON.stringify(JSON.parse(expected));
+  const input = JSON.parse(
+    fs
+      .readFileSync(`${__dirname}/../src/testdata/fingerprinting2.input.sarif`)
+      .toString()
+  );
+  const expected = JSON.parse(
+    fs
+      .readFileSync(
+        `${__dirname}/../src/testdata/fingerprinting2.expected.sarif`
+      )
+      .toString()
+  );
 
   // The URIs in the SARIF files resolve to files in the testdata directory
   const sourceRoot = path.normalize(`${__dirname}/../src/testdata`);

src/fingerprints.ts

@@ -3,6 +3,7 @@ import * as fs from "fs";
 import Long from "long";
 
 import { Logger } from "./logging";
+import { SarifFile, SarifResult } from "./util";
 
 const tab = "\t".charCodeAt(0);
 const space = " ".charCodeAt(0);
@@ -135,7 +136,7 @@ export async function hash(callback: hashCallback, filepath: string) {
 // Generate a hash callback function that updates the given result in-place
 // when it receives a hash for the correct line number. Ignores hashes for other lines.
 function locationUpdateCallback(
-  result: any,
+  result: SarifResult,
   location: any,
   logger: Logger
 ): hashCallback {
@@ -246,12 +247,10 @@ export function resolveUriToFile(
 // Compute fingerprints for results in the given sarif file
 // and return an updated sarif file contents.
 export async function addFingerprints(
-  sarifContents: string,
+  sarif: SarifFile,
   sourceRoot: string,
   logger: Logger
-): Promise<string> {
-  const sarif = JSON.parse(sarifContents);
-
+): Promise<SarifFile> {
   // Gather together results for the same file and construct
   // callbacks to accept hashes for that file and update the location
   const callbacksByFile: { [filename: string]: hashCallback[] } = {};
@@ -305,5 +304,5 @@ export async function addFingerprints(
     await hash(teeCallback, filepath);
   }
 
-  return JSON.stringify(sarif);
+  return sarif;
 }

src/init.ts

@@ -91,26 +91,41 @@ export async function runInit(
 ): Promise<TracerConfig | undefined> {
   fs.mkdirSync(config.dbLocation, { recursive: true });
 
-  if (await codeQlVersionAbove(codeql, CODEQL_VERSION_NEW_TRACING)) {
-    // Init a database cluster
-    await codeql.databaseInitCluster(
-      config.dbLocation,
-      config.languages,
-      sourceRoot,
-      processName,
-      processLevel
-    );
-  } else {
-    for (const language of config.languages) {
-      // Init language database
-      await codeql.databaseInit(
-        util.getCodeQLDatabasePath(config, language),
-        language,
-        sourceRoot
+  try {
+    if (await codeQlVersionAbove(codeql, CODEQL_VERSION_NEW_TRACING)) {
+      // Init a database cluster
+      await codeql.databaseInitCluster(
+        config.dbLocation,
+        config.languages,
+        sourceRoot,
+        processName,
+        processLevel
       );
+    } else {
+      for (const language of config.languages) {
+        // Init language database
+        await codeql.databaseInit(
+          util.getCodeQLDatabasePath(config, language),
+          language,
+          sourceRoot
+        );
+      }
+    }
+  } catch (e) {
+    // Handle the situation where init is called twice
+    // for the same database in the same job.
+    if (
+      e instanceof Error &&
+      e.message?.includes("Refusing to create databases") &&
+      e.message.includes("exists and is not an empty directory.")
+    ) {
+      throw new Error(
+        `Is the "init" action called twice in the same job? ${e.message}`
+      );
+    } else {
+      throw e;
     }
   }
-
   return await getCombinedTracerConfig(config, codeql);
 }
 

src/upload-lib.test.ts

@@ -140,11 +140,14 @@ test("finding SARIF files", async (t) => {
 });
 
 test("populateRunAutomationDetails", (t) => {
-  let sarif = '{"runs": [{}]}';
+  let sarif = {
+    runs: [{}],
+  };
   const analysisKey = ".github/workflows/codeql-analysis.yml:analyze";
 
-  let expectedSarif =
-    '{"runs":[{"automationDetails":{"id":"language:javascript/os:linux/"}}]}';
+  let expectedSarif = {
+    runs: [{ automationDetails: { id: "language:javascript/os:linux/" } }],
+  };
 
   // Category has priority over analysis_key/environment
   let modifiedSarif = uploadLib.populateRunAutomationDetails(
@@ -165,8 +168,28 @@ test("populateRunAutomationDetails", (t) => {
   t.deepEqual(modifiedSarif, expectedSarif);
 
   // check that the automation details doesn't get overwritten
-  sarif = '{"runs":[{"automationDetails":{"id":"my_id"}}]}';
-  expectedSarif = '{"runs":[{"automationDetails":{"id":"my_id"}}]}';
+  sarif = { runs: [{ automationDetails: { id: "my_id" } }] };
+  expectedSarif = { runs: [{ automationDetails: { id: "my_id" } }] };
+  modifiedSarif = uploadLib.populateRunAutomationDetails(
+    sarif,
+    undefined,
+    analysisKey,
+    '{"os": "linux", "language": "javascript"}'
+  );
+  t.deepEqual(modifiedSarif, expectedSarif);
+
+  // check multiple runs
+  sarif = { runs: [{ automationDetails: { id: "my_id" } }, {}] };
+  expectedSarif = {
+    runs: [
+      { automationDetails: { id: "my_id" } },
+      {
+        automationDetails: {
+          id: ".github/workflows/codeql-analysis.yml:analyze/language:javascript/os:linux/",
+        },
+      },
+    ],
+  };
   modifiedSarif = uploadLib.populateRunAutomationDetails(
     sarif,
     undefined,
@@ -176,23 +199,139 @@ test("populateRunAutomationDetails", (t) => {
   t.deepEqual(modifiedSarif, expectedSarif);
 });
 
-test("validateUniqueCategory", (t) => {
-  t.notThrows(() => uploadLib.validateUniqueCategory(undefined));
-  t.throws(() => uploadLib.validateUniqueCategory(undefined));
+test("validateUniqueCategory when empty", (t) => {
+  t.notThrows(() => uploadLib.validateUniqueCategory(createMockSarif()));
+  t.throws(() => uploadLib.validateUniqueCategory(createMockSarif()));
+});
 
-  t.notThrows(() => uploadLib.validateUniqueCategory("abc"));
-  t.throws(() => uploadLib.validateUniqueCategory("abc"));
+test("validateUniqueCategory for automation details id", (t) => {
+  t.notThrows(() => uploadLib.validateUniqueCategory(createMockSarif("abc")));
+  t.throws(() => uploadLib.validateUniqueCategory(createMockSarif("abc")));
+  t.throws(() => uploadLib.validateUniqueCategory(createMockSarif("AbC")));
 
-  t.notThrows(() => uploadLib.validateUniqueCategory("def"));
-  t.throws(() => uploadLib.validateUniqueCategory("def"));
+  t.notThrows(() => uploadLib.validateUniqueCategory(createMockSarif("def")));
+  t.throws(() => uploadLib.validateUniqueCategory(createMockSarif("def")));
 
   // Our category sanitization is not perfect. Here are some examples
   // of where we see false clashes
-  t.notThrows(() => uploadLib.validateUniqueCategory("abc/def"));
-  t.throws(() => uploadLib.validateUniqueCategory("abc@def"));
-  t.throws(() => uploadLib.validateUniqueCategory("abc_def"));
-  t.throws(() => uploadLib.validateUniqueCategory("abc def"));
+  t.notThrows(() =>
+    uploadLib.validateUniqueCategory(createMockSarif("abc/def"))
+  );
+  t.throws(() => uploadLib.validateUniqueCategory(createMockSarif("abc@def")));
+  t.throws(() => uploadLib.validateUniqueCategory(createMockSarif("abc_def")));
+  t.throws(() => uploadLib.validateUniqueCategory(createMockSarif("abc def")));
 
   // this one is fine
-  t.notThrows(() => uploadLib.validateUniqueCategory("abc_ def"));
+  t.notThrows(() =>
+    uploadLib.validateUniqueCategory(createMockSarif("abc_ def"))
+  );
 });
+
+test("validateUniqueCategory for tool name", (t) => {
+  t.notThrows(() =>
+    uploadLib.validateUniqueCategory(createMockSarif(undefined, "abc"))
+  );
+  t.throws(() =>
+    uploadLib.validateUniqueCategory(createMockSarif(undefined, "abc"))
+  );
+  t.throws(() =>
+    uploadLib.validateUniqueCategory(createMockSarif(undefined, "AbC"))
+  );
+
+  t.notThrows(() =>
+    uploadLib.validateUniqueCategory(createMockSarif(undefined, "def"))
+  );
+  t.throws(() =>
+    uploadLib.validateUniqueCategory(createMockSarif(undefined, "def"))
+  );
+
+  // Our category sanitization is not perfect. Here are some examples
+  // of where we see false clashes
+  t.notThrows(() =>
+    uploadLib.validateUniqueCategory(createMockSarif(undefined, "abc/def"))
+  );
+  t.throws(() =>
+    uploadLib.validateUniqueCategory(createMockSarif(undefined, "abc@def"))
+  );
+  t.throws(() =>
+    uploadLib.validateUniqueCategory(createMockSarif(undefined, "abc_def"))
+  );
+  t.throws(() =>
+    uploadLib.validateUniqueCategory(createMockSarif(undefined, "abc def"))
+  );
+
+  // this one is fine
+  t.notThrows(() =>
+    uploadLib.validateUniqueCategory(createMockSarif("abc_ def"))
+  );
+});
+
+test("validateUniqueCategory for automation details id and tool name", (t) => {
+  t.notThrows(() =>
+    uploadLib.validateUniqueCategory(createMockSarif("abc", "abc"))
+  );
+  t.throws(() =>
+    uploadLib.validateUniqueCategory(createMockSarif("abc", "abc"))
+  );
+
+  t.notThrows(() =>
+    uploadLib.validateUniqueCategory(createMockSarif("abc_", "def"))
+  );
+  t.throws(() =>
+    uploadLib.validateUniqueCategory(createMockSarif("abc_", "def"))
+  );
+
+  t.notThrows(() =>
+    uploadLib.validateUniqueCategory(createMockSarif("ghi", "_jkl"))
+  );
+  t.throws(() =>
+    uploadLib.validateUniqueCategory(createMockSarif("ghi", "_jkl"))
+  );
+
+  // Our category sanitization is not perfect. Here are some examples
+  // of where we see false clashes
+  t.notThrows(() => uploadLib.validateUniqueCategory(createMockSarif("abc")));
+  t.throws(() => uploadLib.validateUniqueCategory(createMockSarif("abc", "_")));
+
+  t.notThrows(() =>
+    uploadLib.validateUniqueCategory(createMockSarif("abc", "def__"))
+  );
+  t.throws(() => uploadLib.validateUniqueCategory(createMockSarif("abc_def")));
+
+  t.notThrows(() =>
+    uploadLib.validateUniqueCategory(createMockSarif("mno_", "pqr"))
+  );
+  t.throws(() =>
+    uploadLib.validateUniqueCategory(createMockSarif("mno", "_pqr"))
+  );
+});
+
+test("validateUniqueCategory for multiple runs", (t) => {
+  const sarif1 = createMockSarif("abc", "def");
+  const sarif2 = createMockSarif("ghi", "jkl");
+
+  // duplicate categories are allowed within the same sarif file
+  const multiSarif = { runs: [sarif1.runs[0], sarif1.runs[0], sarif2.runs[0]] };
+  t.notThrows(() => uploadLib.validateUniqueCategory(multiSarif));
+
+  // should throw if there are duplicate categories in separate validations
+  t.throws(() => uploadLib.validateUniqueCategory(sarif1));
+  t.throws(() => uploadLib.validateUniqueCategory(sarif2));
+});
+
+function createMockSarif(id?: string, tool?: string) {
+  return {
+    runs: [
+      {
+        automationDetails: {
+          id,
+        },
+        tool: {
+          driver: {
+            name: tool,
+          },
+        },
+      },
+    ],
+  };
+}

src/upload-lib.ts

@@ -14,17 +14,20 @@ import { Logger } from "./logging";
 import { parseRepositoryNwo, RepositoryNwo } from "./repository";
 import * as sharedEnv from "./shared-environment";
 import * as util from "./util";
+import { SarifFile } from "./util";
 
 // Takes a list of paths to sarif files and combines them together,
 // returning the contents of the combined sarif file.
-export function combineSarifFiles(sarifFiles: string[]): string {
-  const combinedSarif = {
+export function combineSarifFiles(sarifFiles: string[]): SarifFile {
+  const combinedSarif: SarifFile = {
     version: null,
-    runs: [] as any[],
+    runs: [],
   };
 
   for (const sarifFile of sarifFiles) {
-    const sarifObject = JSON.parse(fs.readFileSync(sarifFile, "utf8"));
+    const sarifObject = JSON.parse(
+      fs.readFileSync(sarifFile, "utf8")
+    ) as SarifFile;
     // Check SARIF version
     if (combinedSarif.version === null) {
       combinedSarif.version = sarifObject.version;
@@ -37,39 +40,37 @@ export function combineSarifFiles(sarifFiles: string[]): string {
     combinedSarif.runs.push(...sarifObject.runs);
   }
 
-  return JSON.stringify(combinedSarif);
+  return combinedSarif;
 }
 
 // Populates the run.automationDetails.id field using the analysis_key and environment
 // and return an updated sarif file contents.
 export function populateRunAutomationDetails(
-  sarifContents: string,
+  sarif: SarifFile,
   category: string | undefined,
   analysis_key: string | undefined,
   environment: string | undefined
-): string {
-  if (analysis_key === undefined) {
-    return sarifContents;
-  }
+): SarifFile {
   const automationID = getAutomationID(category, analysis_key, environment);
 
-  const sarif = JSON.parse(sarifContents);
-  for (const run of sarif.runs || []) {
-    if (run.automationDetails === undefined) {
-      run.automationDetails = {
-        id: automationID,
-      };
+  if (automationID !== undefined) {
+    for (const run of sarif.runs || []) {
+      if (run.automationDetails === undefined) {
+        run.automationDetails = {
+          id: automationID,
+        };
+      }
     }
+    return sarif;
   }
-
-  return JSON.stringify(sarif);
+  return sarif;
 }
 
 function getAutomationID(
   category: string | undefined,
-  analysis_key: string,
+  analysis_key: string | undefined,
   environment: string | undefined
-): string {
+): string | undefined {
   if (category !== undefined) {
     let automationID = category;
     if (!automationID.endsWith("/")) {
@@ -78,7 +79,12 @@ function getAutomationID(
     return automationID;
   }
 
-  return actionsUtil.computeAutomationID(analysis_key, environment);
+  // analysis_key is undefined for the runner.
+  if (analysis_key !== undefined) {
+    return actionsUtil.computeAutomationID(analysis_key, environment);
+  }
+
+  return undefined;
 }
 
 // Upload the given payload.
@@ -350,31 +356,28 @@ async function uploadFiles(
   logger.startGroup("Uploading results");
   logger.info(`Processing sarif files: ${JSON.stringify(sarifFiles)}`);
 
-  validateUniqueCategory(category);
-
   // Validate that the files we were asked to upload are all valid SARIF files
   for (const file of sarifFiles) {
     validateSarifFileSchema(file, logger);
   }
 
-  let sarifPayload = combineSarifFiles(sarifFiles);
-  sarifPayload = await fingerprints.addFingerprints(
-    sarifPayload,
-    sourceRoot,
-    logger
-  );
-  sarifPayload = populateRunAutomationDetails(
-    sarifPayload,
+  let sarif = combineSarifFiles(sarifFiles);
+  sarif = await fingerprints.addFingerprints(sarif, sourceRoot, logger);
+
+  sarif = populateRunAutomationDetails(
+    sarif,
     category,
     analysisKey,
     environment
   );
 
+  const toolNames = util.getToolNames(sarif);
+
+  validateUniqueCategory(sarif);
+  const sarifPayload = JSON.stringify(sarif);
   const zippedSarif = zlib.gzipSync(sarifPayload).toString("base64");
   const checkoutURI = fileUrl(sourceRoot);
 
-  const toolNames = util.getToolNames(sarifPayload);
-
   const payload = buildPayload(
     commitOid,
     ref,
@@ -479,20 +482,31 @@ export async function waitForProcessing(
   logger.endGroup();
 }
 
-export function validateUniqueCategory(category: string | undefined) {
+export function validateUniqueCategory(sarif: SarifFile): void {
+  // This check only works on actions as env vars don't persist between calls to the runner
   if (util.isActions()) {
-    // This check only works on actions as env vars don't persist between calls to the runner
-    const sentinelEnvVar = `CODEQL_UPLOAD_SARIF${
-      category ? `_${sanitize(category)}` : ""
-    }`;
-    if (process.env[sentinelEnvVar]) {
-      throw new Error(
-        "Aborting upload: only one run of the codeql/analyze or codeql/upload-sarif actions is allowed per job per category. " +
-          "Please specify a unique `category` to call this action multiple times. " +
-          `Category: ${category ? category : "(none)"}`
-      );
+    // duplicate categories are allowed in the same sarif file
+    // but not across multiple sarif files
+    const categories = {} as Record<string, { id?: string; tool?: string }>;
+
+    for (const run of sarif.runs) {
+      const id = run?.automationDetails?.id;
+      const tool = run.tool?.driver?.name;
+      const category = `${sanitize(id)}_${sanitize(tool)}`;
+      categories[category] = { id, tool };
+    }
+
+    for (const [category, { id, tool }] of Object.entries(categories)) {
+      const sentinelEnvVar = `CODEQL_UPLOAD_SARIF_${category}`;
+      if (process.env[sentinelEnvVar]) {
+        throw new Error(
+          "Aborting upload: only one run of the codeql/analyze or codeql/upload-sarif actions is allowed per job per tool/category. " +
+            "The easiest fix is to specify a unique value for the `category` input. " +
+            `Category: (${id ? id : "none"}) Tool: (${tool ? tool : "none"})`
+        );
+      }
+      core.exportVariable(sentinelEnvVar, sentinelEnvVar);
     }
-    core.exportVariable(sentinelEnvVar, sentinelEnvVar);
   }
 }
 
@@ -505,6 +519,6 @@ export function validateUniqueCategory(category: string | undefined) {
  *
  * @param str the initial value to sanitize
  */
-function sanitize(str: string) {
-  return str.replace(/[^a-zA-Z0-9_]/g, "_");
+function sanitize(str?: string) {
+  return (str ?? "_").replace(/[^a-zA-Z0-9_]/g, "_").toLocaleUpperCase();
 }

src/util.test.ts

@@ -18,7 +18,7 @@ test("getToolNames", (t) => {
     `${__dirname}/../src/testdata/tool-names.sarif`,
     "utf8"
   );
-  const toolNames = util.getToolNames(input);
+  const toolNames = util.getToolNames(JSON.parse(input));
   t.deepEqual(toolNames, ["CodeQL command-line toolchain", "ESLint"]);
 });
 

src/util.ts

@@ -35,6 +35,38 @@ export const DEFAULT_DEBUG_ARTIFACT_NAME = "debug-artifacts";
  */
 export const DEFAULT_DEBUG_DATABASE_NAME = "db";
 
+export interface SarifFile {
+  version?: string | null;
+  runs: Array<{
+    tool?: {
+      driver?: {
+        name?: string;
+      };
+    };
+    automationDetails?: {
+      id?: string;
+    };
+    artifacts?: string[];
+    results?: SarifResult[];
+  }>;
+}
+
+export interface SarifResult {
+  locations: Array<{
+    physicalLocation: {
+      artifactLocation: {
+        uri: string;
+      };
+      region?: {
+        startLine?: number;
+      };
+    };
+  }>;
+  partialFingerprints: {
+    primaryLocationLineHash?: string;
+  };
+}
+
 /**
  * Get the extra options for the codeql commands.
  */
@@ -59,8 +91,7 @@ export function getExtraOptionsEnvParam(): object {
  *
  * Returns an array of unique string tool names.
  */
-export function getToolNames(sarifContents: string): string[] {
-  const sarif = JSON.parse(sarifContents);
+export function getToolNames(sarif: SarifFile): string[] {
   const toolNames = {};
 
   for (const run of sarif.runs || []) {

upload-sarif/action.yml

@@ -23,7 +23,7 @@ inputs:
   wait-for-processing:
     description: If true, the Action will wait for the uploaded SARIF to be processed before completing.
     required: true
-    default: "true"
+    default: "false"
 runs:
   using: 'node12'
   main: '../lib/upload-sarif-action.js'