Exclude injection alerts where the input data type is not String #1133
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ⚙️ CodeQL - Run Unit Tests (javascript) | |
| on: | |
| push: | |
| branches: | |
| - 'main' | |
| pull_request: | |
| branches: | |
| - 'main' | |
| workflow_dispatch: | |
| jobs: | |
| create-unit-test-matrix: | |
| name: Create CodeQL Unit Test Matrix | |
| runs-on: ubuntu-latest | |
| outputs: | |
| matrix: ${{ steps.export-unit-test-matrix.outputs.matrix }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Install QLT | |
| id: install-qlt | |
| uses: advanced-security/codeql-development-toolkit/.github/actions/install-qlt@main | |
| with: | |
| qlt-version: 'latest' | |
| add-to-path: true | |
| - name: Export unit test matrix | |
| id: export-unit-test-matrix | |
| run: | | |
| qlt test run get-matrix --os-version ubuntu-latest | |
| run-test-suites: | |
| name: Run Unit Tests | |
| needs: create-unit-test-matrix | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: ${{ fromJSON(needs.create-unit-test-matrix.outputs.matrix) }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Install QLT | |
| id: install-qlt | |
| uses: advanced-security/codeql-development-toolkit/.github/actions/install-qlt@main | |
| with: | |
| qlt-version: 'latest' | |
| add-to-path: true | |
| - name: Install CodeQL | |
| id: install-codeql | |
| shell: bash | |
| run: | | |
| echo "Installing CodeQL" | |
| qlt codeql run install | |
| echo "-----------------------------" | |
| echo "CodeQL Home: $QLT_CODEQL_HOME" | |
| echo "CodeQL Binary: $QLT_CODEQL_PATH" | |
| - name: Verify Versions of Tooling | |
| shell: bash | |
| run: | | |
| echo -e "Checking CodeQL Version:" | |
| $QLT_CODEQL_PATH --version | |
| echo -e "Checking QLT Version:" | |
| echo "QLT Home: ${{ steps.install-qlt.outputs.qlt-home }}" | |
| qlt version | |
| - name: Install QL Packs | |
| shell: bash | |
| run: | | |
| qlt query run install-packs | |
| - name: Ensure presence of cds shell command | |
| run: | | |
| if ! command -v cds &> /dev/null | |
| then | |
| npm install -g @sap/cds-dk | |
| fi | |
| # Compile .cds files to .cds.json files. | |
| - name: Compile CAP CDS files | |
| run: | | |
| for test_dir in $(find . -type f -name '*.expected' -exec dirname {} \;); | |
| do | |
| # The CDS compiler produces locations relative to the working directory | |
| # so we switch to the test directory before running the compiler. | |
| pushd $test_dir | |
| for cds_file in $(find . -type f \( -iname '*.cds' \) -print) | |
| do | |
| echo "I am compiling $cds_file" | |
| cds compile $cds_file \ | |
| -2 json \ | |
| -o "$cds_file.json" \ | |
| --locations | |
| done | |
| popd | |
| done | |
| - name: Run test suites | |
| id: run-test-suites | |
| env: | |
| RUNNER_OS: ${{ runner.os }} | |
| CODEQL_CLI: ${{ matrix.codeql_cli }} | |
| CODEQL_STDLIB: ${{ matrix.codeql_standard_library }} | |
| CODEQL_STDLIB_IDENT: ${{matrix.codeql_standard_library_ident}} | |
| RUNNER_TMP: ${{ runner.temp }} | |
| LGTM_INDEX_XML_MODE: all | |
| LGTM_INDEX_FILETYPES: ".json:JSON\n.cds:JSON" | |
| shell: bash | |
| run: > | |
| qlt test run execute-unit-tests | |
| --codeql-args "--threads=0 --strict-test-discovery" | |
| --num-threads 2 | |
| --language javascript | |
| --runner-os $RUNNER_OS | |
| --work-dir $RUNNER_TMP | |
| - name: Upload test results | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: test-results-${{ runner.os }}-${{ matrix.codeql_cli }}-${{ matrix.codeql_standard_library_ident }} | |
| path: | | |
| ${{ runner.temp }}/test_report_${{ runner.os }}_${{ matrix.codeql_cli }}_${{ matrix.codeql_standard_library_ident }}_slice_*.json | |
| if-no-files-found: error | |
| validate-test-results: | |
| name: Validate test results | |
| needs: [run-test-suites] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Install QLT | |
| id: install-qlt | |
| uses: advanced-security/codeql-development-toolkit/.github/actions/install-qlt@main | |
| with: | |
| qlt-version: 'latest' | |
| add-to-path: true | |
| - name: Collect test results | |
| uses: actions/download-artifact@v4 | |
| - name: Validate test results | |
| run: | | |
| qlt test run validate-unit-tests --pretty-print --results-directory . >> $GITHUB_STEP_SUMMARY | |
| qlt test run validate-unit-tests --results-directory . | |