Skip validating SARIF produced by CodeQL

github · henrymercer · May 14, 2025 · May 14, 2025 · May 14, 2025 · May 14, 2025
commit 2f70a988e76f219f826110e1c12b79733d647084
@@ -26,7 +26,6 @@ import { getRepositoryNwoFromEnv } from "./repository";
 import { DatabaseCreationTimings, EventReport } from "./status-report";
 import { ToolsFeature } from "./tools-features";
 import { endTracingForCluster } from "./tracer-config";
-import { validateSarifFileSchema } from "./upload-lib";
 import * as util from "./util";
 import { BuildMode } from "./util";
 
@@ -630,7 +629,7 @@ export async function runQueries(
       logger.info(analysisSummary);
 
       if (await features.getValue(Feature.QaTelemetryEnabled)) {
-        const perQueryAlertCounts = getPerQueryAlertCounts(sarifFile, logger);
+        const perQueryAlertCounts = getPerQueryAlertCounts(sarifFile);
 
         const perQueryAlertCountEventReport: EventReport = {
           event: "codeql database interpret-results",
@@ -682,11 +681,7 @@ export async function runQueries(
   }
 
   /** Get an object with all queries and their counts parsed from a SARIF file path. */
-  function getPerQueryAlertCounts(
-    sarifPath: string,
-    log: Logger,
-  ): Record<string, number> {
-    validateSarifFileSchema(sarifPath, log);
+  function getPerQueryAlertCounts(sarifPath: string): Record<string, number> {
     const sarifObject = JSON.parse(
       fs.readFileSync(sarifPath, "utf8"),
     ) as util.SarifFile;

@@ -17,14 +17,22 @@ test.beforeEach(() => {
 test("validateSarifFileSchema - valid", (t) => {
   const inputFile = `${__dirname}/../src/testdata/valid-sarif.sarif`;
   t.notThrows(() =>
-    uploadLib.validateSarifFileSchema(inputFile, getRunnerLogger(true)),
+    uploadLib.validateSarifFileSchema(
+      uploadLib.readSarifFile(inputFile),
+      inputFile,
+      getRunnerLogger(true),
+    ),
   );
 });
 
 test("validateSarifFileSchema - invalid", (t) => {
   const inputFile = `${__dirname}/../src/testdata/invalid-sarif.sarif`;
   t.throws(() =>
-    uploadLib.validateSarifFileSchema(inputFile, getRunnerLogger(true)),
+    uploadLib.validateSarifFileSchema(
+      uploadLib.readSarifFile(inputFile),
+      inputFile,
+      getRunnerLogger(true),
+    ),
   );
 });
 
@@ -314,7 +322,11 @@ test("accept results with invalid artifactLocation.uri value", (t) => {
   } as Logger;
 
   const sarifFile = `${__dirname}/../src/testdata/with-invalid-uri.sarif`;
-  uploadLib.validateSarifFileSchema(sarifFile, mockLogger);
+  uploadLib.validateSarifFileSchema(
+    uploadLib.readSarifFile(sarifFile),
+    sarifFile,
+    mockLogger,
+  );
 
   t.deepEqual(loggedMessages.length, 3);
   t.deepEqual(

@@ -434,18 +434,35 @@ function countResultsInSarif(sarif: string): number {
   return numResults;
 }
 
-// Validates that the given file path refers to a valid SARIF file.
-// Throws an error if the file is invalid.
-export function validateSarifFileSchema(sarifFilePath: string, logger: Logger) {
-  logger.info(`Validating ${sarifFilePath}`);
-  let sarif;
+export function readSarifFile(sarifFilePath: string): SarifFile {
   try {
-    sarif = JSON.parse(fs.readFileSync(sarifFilePath, "utf8")) as SarifFile;
+    return JSON.parse(fs.readFileSync(sarifFilePath, "utf8")) as SarifFile;
   } catch (e) {
     throw new InvalidSarifUploadError(
       `Invalid SARIF. JSON syntax error: ${getErrorMessage(e)}`,
     );
   }
+}
+
+// Validates that the given file path refers to a valid SARIF file.
+// Throws an error if the file is invalid.
+export function validateSarifFileSchema(
+  sarif: SarifFile,
+  sarifFilePath: string,
+  logger: Logger,
+) {
+  if (
+    areAllRunsProducedByCodeQL([sarif]) &&
+    // We want to validate CodeQL SARIF in testing environments.
+    !util.getTestingEnvironment()
+  ) {
+    logger.debug(
+      `Skipping SARIF schema validation for ${sarifFilePath} as all runs are produced by CodeQL.`,
+    );
+    return;
+  }
+
+  logger.info(`Validating ${sarifFilePath}`);
   // eslint-disable-next-line @typescript-eslint/no-require-imports
   const schema = require("../src/sarif-schema-2.1.0.json") as jsonschema.Schema;
 
@@ -551,41 +568,44 @@ export function buildPayload(
 }
 
 /**
- * Uploads a single SARIF file or a directory of SARIF files depending on what `sarifPath` refers
+ * Uploads a single SARIF file or a directory of SARIF files depending on what `inputSarifPath` refers
  * to.
  */
 export async function uploadFiles(
-  sarifPath: string,
+  inputSarifPath: string,
   checkoutPath: string,
   category: string | undefined,
   features: FeatureEnablement,
   logger: Logger,
 ): Promise<UploadResult> {
-  const sarifFiles = getSarifFilePaths(sarifPath);
+  const sarifPaths = getSarifFilePaths(inputSarifPath);
 
   logger.startGroup("Uploading results");
-  logger.info(`Processing sarif files: ${JSON.stringify(sarifFiles)}`);
+  logger.info(`Processing sarif files: ${JSON.stringify(sarifPaths)}`);
 
   const gitHubVersion = await getGitHubVersion();
 
-  try {
+  let sarif: SarifFile;
+
+  if (sarifPaths.length > 1) {
     // Validate that the files we were asked to upload are all valid SARIF files
-    for (const file of sarifFiles) {
-      validateSarifFileSchema(file, logger);
-    }
-  } catch (e) {
-    if (e instanceof SyntaxError) {
-      throw new InvalidSarifUploadError(e.message);
+    for (const sarifPath of sarifPaths) {
+      const parsedSarif = readSarifFile(sarifPath);
+      validateSarifFileSchema(parsedSarif, sarifPath, logger);
     }
-    throw e;
+
+    sarif = await combineSarifFilesUsingCLI(
+      sarifPaths,
+      gitHubVersion,
+      features,
+      logger,
+    );
+  } else {
+    const sarifPath = sarifPaths[0];
+    sarif = readSarifFile(sarifPath);
+    validateSarifFileSchema(sarif, sarifPath, logger);
   }
 
-  let sarif = await combineSarifFilesUsingCLI(
-    sarifFiles,
-    gitHubVersion,
-    features,
-    logger,
-  );
   sarif = filterAlertsByDiffRange(logger, sarif);
   sarif = await fingerprints.addFingerprints(sarif, checkoutPath, logger);