Support all default query suites and resolve them

First stab at only generating security alerts in main SARIF
2025-12-06 07:48:17 +08:00 · 2025-06-24 14:59:40 +01:00 · 2025-06-24 14:58:48 +01:00
3 changed files with 41 additions and 3 deletions
--- a/lib/analyze.js
+++ b/lib/analyze.js
@@ -408,6 +408,19 @@ function resolveQuerySuiteAlias(language, query) {
    }
    return query;
 }
+function defaultQueries(language) {
+    return `codeql/${language}-queries`;
+}
+function securityQueries(config, language) {
+    const results = [];
+    if (!config.originalUserInput["disable-default-queries"]) {
+        results.push(defaultQueries(language));
+    }
+    if (config.originalUserInput["queries"]) {
+        results.push(...config.originalUserInput["queries"].map((q) => resolveQuerySuiteAlias(language, q.uses)));
+    }
+    return results;
+}
 // Runs queries and creates sarif files in the given folder
 async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag, cleanupLevel, diffRangePackDir, automationDetailsId, config, logger, features) {
    const statusReport = {};
@@ -442,7 +455,7 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
                new Date().getTime() - startTimeRunQueries;
            logger.startGroup(`Interpreting results for ${language}`);
            const startTimeInterpretResults = new Date();
-            const analysisSummary = await runInterpretResults(language, undefined, sarifFile, config.debugMode);
+            const analysisSummary = await runInterpretResults(language, securityQueries(config, language), sarifFile, config.debugMode);
            if (config.augmentationProperties.qualityQueriesInput !== undefined) {
                logger.info(`Interpreting quality results for ${language}`);
                const qualitySarifFile = path.join(sarifFolder, `${language}.quality.sarif`);
--- a/lib/analyze.js.map
+++ b/lib/analyze.js.map
--- a/src/analyze.ts
+++ b/src/analyze.ts
@@ -589,6 +589,31 @@ export function resolveQuerySuiteAlias(
  return query;
 }

+function defaultQueries(language: Language): string {
+  return `codeql/${language}-queries`;
+}
+
+function securityQueries(
+  config: configUtils.Config,
+  language: Language,
+): string[] {
+  const results: string[] = [];
+
+  if (!config.originalUserInput["disable-default-queries"]) {
+    results.push(defaultQueries(language));
+  }
+
+  if (config.originalUserInput["queries"]) {
+    results.push(
+      ...config.originalUserInput["queries"].map((q) =>
+        resolveQuerySuiteAlias(language, q.uses),
+      ),
+    );
+  }
+
+  return results;
+}
+
 // Runs queries and creates sarif files in the given folder
 export async function runQueries(
  sarifFolder: string,
@@ -642,7 +667,7 @@ export async function runQueries(
      const startTimeInterpretResults = new Date();
      const analysisSummary = await runInterpretResults(
        language,
-        undefined,
+        securityQueries(config, language),
        sarifFile,
        config.debugMode,
      );
Author	SHA1	Message	Date
Michael B. Gale	4c05c6f13d	Support all default query suites and resolve them	2025-06-24 14:59:40 +01:00
Michael B. Gale	45b87be46b	First stab at only generating security alerts in main SARIF	2025-06-24 14:58:48 +01:00