Remove result pruning for CodeQL 2.11.2

Author: henrymercer

lib/upload-lib.js

@@ -6,8 +6,7 @@ import test from "ava";
 import { getRunnerLogger, Logger } from "./logging";
 import { setupTests } from "./testing-utils";
 import * as uploadLib from "./upload-lib";
-import { pruneInvalidResults } from "./upload-lib";
-import { initializeEnvironment, SarifFile, withTmpDir } from "./util";
+import { initializeEnvironment, withTmpDir } from "./util";
 
 setupTests(test);
 
@@ -307,59 +306,6 @@ test("validateUniqueCategory for multiple runs", (t) => {
   t.throws(() => uploadLib.validateUniqueCategory(sarif2));
 });
 
-test("pruneInvalidResults", (t) => {
-  const loggedMessages: string[] = [];
-  const mockLogger = {
-    info: (message: string) => {
-      loggedMessages.push(message);
-    },
-  } as Logger;
-
-  const sarif: SarifFile = {
-    runs: [
-      {
-        tool: otherTool,
-        results: [resultWithBadMessage1, resultWithGoodMessage],
-      },
-      {
-        tool: affectedCodeQLVersion,
-        results: [
-          resultWithOtherRuleId,
-          resultWithBadMessage1,
-          resultWithBadMessage2,
-          resultWithGoodMessage,
-        ],
-      },
-      {
-        tool: unaffectedCodeQLVersion,
-        results: [resultWithBadMessage1, resultWithGoodMessage],
-      },
-    ],
-  };
-  const result = pruneInvalidResults(sarif, mockLogger);
-
-  const expected: SarifFile = {
-    runs: [
-      {
-        tool: otherTool,
-        results: [resultWithBadMessage1, resultWithGoodMessage],
-      },
-      {
-        tool: affectedCodeQLVersion,
-        results: [resultWithOtherRuleId, resultWithGoodMessage],
-      },
-      {
-        tool: unaffectedCodeQLVersion,
-        results: [resultWithBadMessage1, resultWithGoodMessage],
-      },
-    ],
-  };
-
-  t.deepEqual(result, expected);
-  t.deepEqual(loggedMessages.length, 1);
-  t.assert(loggedMessages[0].includes("Pruned 2 results"));
-});
-
 test("accept results with invalid artifactLocation.uri value", (t) => {
   const loggedMessages: string[] = [];
   const mockLogger = {
@@ -377,62 +323,6 @@ test("accept results with invalid artifactLocation.uri value", (t) => {
     "Warning: 'not a valid URI' is not a valid URI in 'instance.runs[0].results[0].locations[0].physicalLocation.artifactLocation.uri'.",
   );
 });
-const affectedCodeQLVersion = {
-  driver: {
-    name: "CodeQL",
-    semanticVersion: "2.11.2",
-  },
-};
-
-const unaffectedCodeQLVersion = {
-  driver: {
-    name: "CodeQL",
-    semanticVersion: "2.11.3",
-  },
-};
-
-const otherTool = {
-  driver: {
-    name: "Some other tool",
-    semanticVersion: "2.11.2",
-  },
-};
-
-const resultWithOtherRuleId = {
-  ruleId: "doNotPrune",
-  message: {
-    text: "should not be pruned even though it says MD5 in it",
-  },
-  locations: [],
-  partialFingerprints: {},
-};
-
-const resultWithGoodMessage = {
-  ruleId: "rb/weak-cryptographic-algorithm",
-  message: {
-    text: "should not be pruned SHA128 is not a FP",
-  },
-  locations: [],
-  partialFingerprints: {},
-};
-
-const resultWithBadMessage1 = {
-  ruleId: "rb/weak-cryptographic-algorithm",
-  message: {
-    text: "should be pruned MD5 is a FP",
-  },
-  locations: [],
-  partialFingerprints: {},
-};
-
-const resultWithBadMessage2 = {
-  ruleId: "rb/weak-cryptographic-algorithm",
-  message: {
-    text: "should be pruned SHA1 is a FP",
-  },
-  locations: [],
-  partialFingerprints: {},
-};
 
 function createMockSarif(id?: string, tool?: string) {
   return {

lib/upload-lib.js.map

@@ -1,6 +1,5 @@
 import * as fs from "fs";
 import * as path from "path";
-import { env } from "process";
 import zlib from "zlib";
 
 import * as core from "@actions/core";
@@ -15,7 +14,7 @@ import * as fingerprints from "./fingerprints";
 import { Logger } from "./logging";
 import { parseRepositoryNwo, RepositoryNwo } from "./repository";
 import * as util from "./util";
-import { SarifFile, SarifResult, SarifRun, UserError, wrapError } from "./util";
+import { SarifFile, UserError, wrapError } from "./util";
 
 // Takes a list of paths to sarif files and combines them together,
 // returning the contents of the combined sarif file.
@@ -372,9 +371,6 @@ async function uploadFiles(
     environment,
   );
 
-  if (env["CODEQL_DISABLE_SARIF_PRUNING"] !== "true")
-    sarif = pruneInvalidResults(sarif, logger);
-
   const toolNames = util.getToolNames(sarif);
 
   validateUniqueCategory(sarif);
@@ -596,45 +592,6 @@ function sanitize(str?: string) {
   return (str ?? "_").replace(/[^a-zA-Z0-9_]/g, "_").toLocaleUpperCase();
 }
 
-export function pruneInvalidResults(
-  sarif: SarifFile,
-  logger: Logger,
-): SarifFile {
-  let pruned = 0;
-  const newRuns: SarifRun[] = [];
-  for (const run of sarif.runs || []) {
-    if (
-      run.tool?.driver?.name === "CodeQL" &&
-      run.tool?.driver?.semanticVersion === "2.11.2"
-    ) {
-      // Version 2.11.2 of the CodeQL CLI had many false positives in the
-      // rb/weak-cryptographic-algorithm query which we prune here. The
-      // issue is tracked in https://github.com/github/codeql/issues/11107.
-      const newResults: SarifResult[] = [];
-      for (const result of run.results || []) {
-        if (
-          result.ruleId === "rb/weak-cryptographic-algorithm" &&
-          (result.message?.text?.includes(" MD5 ") ||
-            result.message?.text?.includes(" SHA1 "))
-        ) {
-          pruned += 1;
-          continue;
-        }
-        newResults.push(result);
-      }
-      newRuns.push({ ...run, results: newResults });
-    } else {
-      newRuns.push(run);
-    }
-  }
-  if (pruned > 0) {
-    logger.info(
-      `Pruned ${pruned} results believed to be invalid from SARIF file.`,
-    );
-  }
-  return { ...sarif, runs: newRuns };
-}
-
 /**
  * An error that occurred due to an invalid SARIF upload request.
  */