-
Notifications
You must be signed in to change notification settings - Fork 0
/
action.yml
97 lines (91 loc) · 4.7 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
name: 'CodeQL Enhanced Tracer for .NET Framework'
author: "@felickz"
description: 'Generates a custom tracing configuration for ASP.NET to remove MVCBuildViews and other CodeQL default compiler options.'
inputs:
MvcBuildViews:
description: 'A boolean to use MvcBuildViews=true compiler flag. Default is true.'
required: false
default: 'true'
EmitCompilerGeneratedFiles:
description: 'A boolean to use EmitCompilerGeneratedFiles=true compiler flag. Default is true.'
required: false
default: 'true'
DisableUseSharedCompilation:
description: 'A boolean to use the UseSharedCompilation=false compiler flag. Default is true.'
required: false
default: 'true'
runs:
using: composite
steps:
- name: Write Lua script
shell: pwsh
run: |
echo "function GetCompatibleVersions() return {'1.0.0'} end
table.unpack = table.unpack or unpack -- 5.1 compatibility
function Exify(path)
if OperatingSystem == 'windows' then return path .. '.exe' else return path end
end
function RegisterExtraConfig()
return {
['csharp'] = {
function(compilerName, compilerPath, compilerArguments, languageId)
if MatchCompilerName('^' .. Exify('msbuild') .. '$', compilerName, compilerPath,
compilerArguments) or
MatchCompilerName('^' .. Exify('xbuild') .. '$', compilerName, compilerPath,
compilerArguments) then
return {
order = ORDER_REPLACE,
invocation = BuildExtractorInvocation(languageId, compilerPath,
compilerPath,
compilerArguments,
nil, {
$( ('${{ inputs.DisableUseSharedCompilation }}' -eq 'true') ? `"'/p:UseSharedCompilation=false',`" : `"`" )
$( ('${{ inputs.MvcBuildViews }}' -eq 'true') ? `"'/p:MvcBuildViews=true',`" : `"`" )
$( ('${{ inputs.EmitCompilerGeneratedFiles }}' -eq 'true') ? `"'/p:EmitCompilerGeneratedFiles=true',`" : `"`" )
})
}
end
end,
table.unpack(_RegisteredMatchers['csharp'])
}
}
end" > "${env:RUNNER_TEMP}\config.lua"
# https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#setting-an-environment-variable
- name: Set Env Variable
shell: pwsh
run: |
# Output the env variable to the action env variables for use during codeql init step
"CODEQL_ACTION_EXTRA_OPTIONS={`"database`":{`"init`":[`"--extra-tracing-config`", `"$(${env:RUNNER_TEMP} -replace '\\', '\\')\\config.lua`" ]}}" >> $env:GITHUB_ENV
- name: Debug Lua Script
if: runner.debug == '1'
shell: pwsh
run: |
Write-Host "${env:RUNNER_TEMP}\config.lua contents:"
Get-Content "${env:RUNNER_TEMP}\config.lua"
- name: Debug Env Variables
if: runner.debug == '1'
shell: pwsh
run: |
Write-Host "Reading content from `$env:GITHUB_ENV: $env:GITHUB_ENV"
Get-Content $env:GITHUB_ENV
Write-Host "var set `$env:CODEQL_ACTION_EXTRA_OPTIONS: $env:CODEQL_ACTION_EXTRA_OPTIONS"
- name: Output Actions Warnings
if: inputs.DisableUseSharedCompilation != true || inputs.MvcBuildViews != true || inputs.EmitCompilerGeneratedFiles != true
shell: pwsh
run: |
# Handle `Untrusted repository` prompt
Set-PSRepository PSGallery -InstallationPolicy Trusted
#check if GitHubActions module is installed
if (Get-Module -ListAvailable -Name GitHubActions -ErrorAction SilentlyContinue) {
Write-ActionDebug "GitHubActions module is installed"
}
else {
#directly to output here before module loaded to support Write-ActionInfo
Write-Output "GitHubActions module is not installed. Installing from Gallery..."
Install-Module -Name GitHubActions
}
$message = "Overriding the default CodeQL Csharp Tracer configuration can increase the potential for false negatives in security analysis. See https://github.com/felickz/codeql-tracer-netframework/blob/main/README.md"
Write-ActionWarning -Message $message
branding:
icon: "lock"
color: "gray-dark"