Validate CODEQL_ACTION_CSRA_ASSESSMENT_ID value

Author: mbg

lib/analyze-action.js

@@ -8,13 +8,16 @@ import {
   AnalysisKind,
   CodeScanning,
   compatibilityMatrix,
+  CSRA,
   getAnalysisConfig,
   getAnalysisKinds,
   parseAnalysisKinds,
   supportedAnalysisKinds,
 } from "./analyses";
+import { EnvVar } from "./environment";
 import { getRunnerLogger } from "./logging";
 import { setupTests } from "./testing-utils";
+import { AssessmentPayload } from "./upload-lib/types";
 import { ConfigurationError } from "./util";
 
 setupTests(test);
@@ -118,3 +121,61 @@ test("Code Scanning configuration does not accept other SARIF extensions", (t) =
     t.false(CodeScanning.sarifPredicate(sarifPath));
   }
 });
+
+test("CSRA configuration transforms SARIF upload payload", (t) => {
+  process.env[EnvVar.CSRA_ASSESSMENT_ID] = "1";
+  const payload = CSRA.transformPayload({
+    commit_oid: "abc",
+    sarif: "sarif",
+    ref: "ref",
+    workflow_run_attempt: 1,
+    workflow_run_id: 1,
+    checkout_uri: "uri",
+    tool_names: [],
+  }) as AssessmentPayload;
+
+  const expected: AssessmentPayload = { sarif: "sarif", assessment_id: 1 };
+  t.deepEqual(expected, payload);
+});
+
+test("CSRA configuration throws for negative assessment IDs", (t) => {
+  process.env[EnvVar.CSRA_ASSESSMENT_ID] = "-1";
+  t.throws(
+    () =>
+      CSRA.transformPayload({
+        commit_oid: "abc",
+        sarif: "sarif",
+        ref: "ref",
+        workflow_run_attempt: 1,
+        workflow_run_id: 1,
+        checkout_uri: "uri",
+        tool_names: [],
+      }),
+    {
+      instanceOf: Error,
+      message: (msg) =>
+        msg.startsWith(`${EnvVar.CSRA_ASSESSMENT_ID} must not be negative: `),
+    },
+  );
+});
+
+test("CSRA configuration throws for invalid IDs", (t) => {
+  process.env[EnvVar.CSRA_ASSESSMENT_ID] = "foo";
+  t.throws(
+    () =>
+      CSRA.transformPayload({
+        commit_oid: "abc",
+        sarif: "sarif",
+        ref: "ref",
+        workflow_run_attempt: 1,
+        workflow_run_id: 1,
+        checkout_uri: "uri",
+        tool_names: [],
+      }),
+    {
+      instanceOf: Error,
+      message: (msg) =>
+        msg.startsWith(`${EnvVar.CSRA_ASSESSMENT_ID} must not be NaN: `),
+    },
+  );
+});

lib/init-action-post.js

@@ -3,6 +3,7 @@ import {
   getOptionalInput,
   getRequiredInput,
 } from "./actions-util";
+import { EnvVar } from "./environment";
 import { Logger } from "./logging";
 import {
   AssessmentPayload,
@@ -187,10 +188,18 @@ export const CodeQuality: AnalysisConfig = {
  * @param payload The base payload.
  */
 function addAssessmentId(payload: UploadPayload): AssessmentPayload {
-  const assessmentId = parseInt(
-    getRequiredEnvParam("CODEQL_ACTION_CSRA_ASSESSMENT_ID"),
-    10,
-  );
+  const rawAssessmentId = getRequiredEnvParam(EnvVar.CSRA_ASSESSMENT_ID);
+  const assessmentId = parseInt(rawAssessmentId, 10);
+  if (Number.isNaN(assessmentId)) {
+    throw new Error(
+      `${EnvVar.CSRA_ASSESSMENT_ID} must not be NaN: ${rawAssessmentId}`,
+    );
+  }
+  if (assessmentId < 0) {
+    throw new Error(
+      `${EnvVar.CSRA_ASSESSMENT_ID} must not be negative: ${rawAssessmentId}`,
+    );
+  }
   return { sarif: payload.sarif, assessment_id: assessmentId };
 }
 

lib/upload-lib.js

@@ -141,4 +141,7 @@ export enum EnvVar {
    * `getAnalysisKey`, but can also be set manually for testing and non-standard applications.
    */
   ANALYSIS_KEY = "CODEQL_ACTION_ANALYSIS_KEY",
+
+  /** Used by CSRA to communicate the assessment ID to the CodeQL Action. */
+  CSRA_ASSESSMENT_ID = "CODEQL_ACTION_CSRA_ASSESSMENT_ID",
 }