Fix CodeQL threadflow steps (#15873)

* Upload SARIF artifact * Test removal of empty object * Fix polynomial-redos * Revert fail-fast change Co-authored-by: Rijk van Zanten <rijkvanzanten@me.com>
2026-01-09 16:38:04 -05:00 · 2022-10-13 03:01:13 +07:00
parent 5fcb3c84c7
commit 6cdd0eead4
4 changed files with 24 additions and 6 deletions
--- a/.github/codeql/codeql-config.yaml
+++ b/.github/codeql/codeql-config.yaml
@@ -1,4 +0,0 @@
-paths-ignore:
-  - '**/*.test.ts'
-  - '**/*.test.js'
-  - '**/node_modules'
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -37,3 +37,18 @@ jobs:

      - name: Perform CodeQL analysis
        uses: github/codeql-action/analyze@v2
+        with:
+          upload: false
+          output: sarif-results
+
+      - name: Upload Artifact
+        uses: actions/upload-artifact@v2.2.0
+        with:
+          name: sarif-results
+          path: sarif-results
+          retention-days: 1
+
+      - name: Upload SARIF
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: sarif-results/javascript.sarif
--- a/api/src/utils/get-ast-from-query.ts
+++ b/api/src/utils/get-ast-from-query.ts
@@ -110,7 +110,7 @@ export default async function getASTFromQuery(

 		const children: (NestedCollectionNode | FieldNode | FunctionFieldNode)[] = [];

-		const relationalStructure: Record<string, string[] | anyNested> = {};
+		const relationalStructure: Record<string, string[] | anyNested> = Object.create(null);

 		for (const fieldKey of fields) {
 			let name = fieldKey;
--- a/api/src/utils/get-relation-info.ts
+++ b/api/src/utils/get-relation-info.ts
@@ -6,12 +6,19 @@ type RelationInfo = {
 	relationType: string | null;
 };

+function checkImplicitRelation(field: string) {
+	if (field.startsWith('$FOLLOW(') && field.endsWith(')')) {
+		return field.slice(8, -1).split(',');
+	}
+	return null;
+}
+
 export function getRelationInfo(relations: Relation[], collection: string, field: string): RelationInfo {
 	if (field.startsWith('$FOLLOW') && field.length > 500) {
 		throw new Error(`Implicit $FOLLOW statement is too big to parse. Got: "${field.substring(500)}..."`);
 	}

-	const implicitRelation = field.match(/^\$FOLLOW\((.*?),(.*?)(?:,(.*?))?\)$/)?.slice(1);
+	const implicitRelation = checkImplicitRelation(field);

 	if (implicitRelation) {
 		if (implicitRelation[2] === undefined) {