From 6cdd0eead401e0dd6eb682a609c56018949e8f5f Mon Sep 17 00:00:00 2001 From: ian Date: Thu, 13 Oct 2022 03:01:13 +0700 Subject: [PATCH] Fix CodeQL threadflow steps (#15873) * Upload SARIF artifact * Test removal of empty object * Fix polynomial-redos * Revert fail-fast change Co-authored-by: Rijk van Zanten --- .github/codeql/codeql-config.yaml | 4 ---- .github/workflows/codeql-analysis.yml | 15 +++++++++++++++ api/src/utils/get-ast-from-query.ts | 2 +- api/src/utils/get-relation-info.ts | 9 ++++++++- 4 files changed, 24 insertions(+), 6 deletions(-) delete mode 100644 .github/codeql/codeql-config.yaml diff --git a/.github/codeql/codeql-config.yaml b/.github/codeql/codeql-config.yaml deleted file mode 100644 index 225587e171..0000000000 --- a/.github/codeql/codeql-config.yaml +++ /dev/null @@ -1,4 +0,0 @@ -paths-ignore: - - '**/*.test.ts' - - '**/*.test.js' - - '**/node_modules' diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 6f88bb9488..7696dcaea8 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -37,3 +37,18 @@ jobs: - name: Perform CodeQL analysis uses: github/codeql-action/analyze@v2 + with: + upload: false + output: sarif-results + + - name: Upload Artifact + uses: actions/upload-artifact@v2.2.0 + with: + name: sarif-results + path: sarif-results + retention-days: 1 + + - name: Upload SARIF + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: sarif-results/javascript.sarif diff --git a/api/src/utils/get-ast-from-query.ts b/api/src/utils/get-ast-from-query.ts index de2c5510b1..6ca7c54c80 100644 --- a/api/src/utils/get-ast-from-query.ts +++ b/api/src/utils/get-ast-from-query.ts @@ -110,7 +110,7 @@ export default async function getASTFromQuery( const children: (NestedCollectionNode | FieldNode | FunctionFieldNode)[] = []; - const relationalStructure: Record = {}; + const relationalStructure: Record = Object.create(null); for (const fieldKey of fields) { let name = fieldKey; diff --git a/api/src/utils/get-relation-info.ts b/api/src/utils/get-relation-info.ts index f8bae4e753..8aabef08c1 100644 --- a/api/src/utils/get-relation-info.ts +++ b/api/src/utils/get-relation-info.ts @@ -6,12 +6,19 @@ type RelationInfo = { relationType: string | null; }; +function checkImplicitRelation(field: string) { + if (field.startsWith('$FOLLOW(') && field.endsWith(')')) { + return field.slice(8, -1).split(','); + } + return null; +} + export function getRelationInfo(relations: Relation[], collection: string, field: string): RelationInfo { if (field.startsWith('$FOLLOW') && field.length > 500) { throw new Error(`Implicit $FOLLOW statement is too big to parse. Got: "${field.substring(500)}..."`); } - const implicitRelation = field.match(/^\$FOLLOW\((.*?),(.*?)(?:,(.*?))?\)$/)?.slice(1); + const implicitRelation = checkImplicitRelation(field); if (implicitRelation) { if (implicitRelation[2] === undefined) {