Skip to content

Exclude injection alerts where the input data type is not String #1140

Exclude injection alerts where the input data type is not String

Exclude injection alerts where the input data type is not String #1140

name: ⚙️ CodeQL - Run Unit Tests (javascript)
on:
push:
branches:
- 'main'
pull_request:
branches:
- 'main'
workflow_dispatch:
jobs:
create-unit-test-matrix:
name: Create CodeQL Unit Test Matrix
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.export-unit-test-matrix.outputs.matrix }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Install QLT
id: install-qlt
uses: advanced-security/codeql-development-toolkit/.github/actions/install-qlt@main
with:
qlt-version: 'latest'
add-to-path: true
- name: Export unit test matrix
id: export-unit-test-matrix
run: |
qlt test run get-matrix --os-version ubuntu-latest
run-test-suites:
name: Run Unit Tests
needs: create-unit-test-matrix
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix: ${{ fromJSON(needs.create-unit-test-matrix.outputs.matrix) }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Install QLT
id: install-qlt
uses: advanced-security/codeql-development-toolkit/.github/actions/install-qlt@main
with:
qlt-version: 'latest'
add-to-path: true
- name: Install CodeQL
id: install-codeql
shell: bash
run: |
echo "Installing CodeQL"
qlt codeql run install
echo "-----------------------------"
echo "CodeQL Home: $QLT_CODEQL_HOME"
echo "CodeQL Binary: $QLT_CODEQL_PATH"
- name: Verify Versions of Tooling
shell: bash
run: |
echo -e "Checking CodeQL Version:"
$QLT_CODEQL_PATH --version
echo -e "Checking QLT Version:"
echo "QLT Home: ${{ steps.install-qlt.outputs.qlt-home }}"
qlt version
- name: Install QL Packs
shell: bash
run: |
qlt query run install-packs
- name: Ensure presence of cds shell command
run: |
if ! command -v cds &> /dev/null
then
npm install -g @sap/cds-dk
fi
# Compile .cds files to .cds.json files.
- name: Compile CAP CDS files
run: |
for test_dir in $(find . -type f -name '*.expected' -exec dirname {} \;);
do
# The CDS compiler produces locations relative to the working directory
# so we switch to the test directory before running the compiler.
pushd $test_dir
for cds_file in $(find . -type f \( -iname '*.cds' \) -print)
do
echo "I am compiling $cds_file"
cds compile $cds_file \
-2 json \
-o "$cds_file.json" \
--locations
done
popd
done
- name: Run test suites
id: run-test-suites
env:
RUNNER_OS: ${{ runner.os }}
CODEQL_CLI: ${{ matrix.codeql_cli }}
CODEQL_STDLIB: ${{ matrix.codeql_standard_library }}
CODEQL_STDLIB_IDENT: ${{matrix.codeql_standard_library_ident}}
RUNNER_TMP: ${{ runner.temp }}
LGTM_INDEX_XML_MODE: all
LGTM_INDEX_FILETYPES: ".json:JSON\n.cds:JSON"
shell: bash
run: >
qlt test run execute-unit-tests
--codeql-args "--threads=0 --strict-test-discovery"
--num-threads 2
--language javascript
--runner-os $RUNNER_OS
--work-dir $RUNNER_TMP
- name: Upload test results
uses: actions/upload-artifact@v4
with:
name: test-results-${{ runner.os }}-${{ matrix.codeql_cli }}-${{ matrix.codeql_standard_library_ident }}
path: |
${{ runner.temp }}/test_report_${{ runner.os }}_${{ matrix.codeql_cli }}_${{ matrix.codeql_standard_library_ident }}_slice_*.json
if-no-files-found: error
validate-test-results:
name: Validate test results
needs: [run-test-suites]
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Install QLT
id: install-qlt
uses: advanced-security/codeql-development-toolkit/.github/actions/install-qlt@main
with:
qlt-version: 'latest'
add-to-path: true
- name: Collect test results
uses: actions/download-artifact@v4
- name: Validate test results
run: |
qlt test run validate-unit-tests --pretty-print --results-directory . >> $GITHUB_STEP_SUMMARY
qlt test run validate-unit-tests --results-directory .