Fix CodeScanning config's sarifPredicate and add test

Author: mbg

lib/analyze-action.js

@@ -4,14 +4,17 @@ import * as sinon from "sinon";
 import * as actionsUtil from "./actions-util";
 import {
   AnalysisKind,
+  CodeScanning,
   compatibilityMatrix,
+  getAnalysisConfig,
   getAnalysisKinds,
   parseAnalysisKinds,
   supportedAnalysisKinds,
 } from "./analyses";
 import { getRunnerLogger } from "./logging";
 import { setupTests } from "./testing-utils";
 import { ConfigurationError } from "./util";
+import path from "path";
 
 setupTests(test);
 
@@ -101,3 +104,16 @@ for (let i = 0; i < analysisKinds.length; i++) {
     }
   }
 }
+
+test("Code Scanning configuration does not accept other SARIF extensions", (t) => {
+  for (const analysisKind of supportedAnalysisKinds) {
+    if (analysisKind === AnalysisKind.CodeScanning) continue;
+
+    const analysis = getAnalysisConfig(analysisKind);
+    const sarifPath = path.join("path", "to", `file${analysis.sarifExtension}`);
+
+    // The Code Scanning configuration's `sarifPredicate` should not accept a path which
+    // ends in a different configuration's `sarifExtension`.
+    t.false(CodeScanning.sarifPredicate(sarifPath));
+  }
+});

lib/init-action-post.js

@@ -156,7 +156,8 @@ export const CodeScanning: AnalysisConfig = {
   sarifExtension: ".sarif",
   sarifPredicate: (name) =>
     name.endsWith(CodeScanning.sarifExtension) &&
-    !CodeQuality.sarifPredicate(name),
+    !CodeQuality.sarifPredicate(name) &&
+    !CSRA.sarifPredicate(name),
   fixCategory: (_, category) => category,
   sentinelPrefix: "CODEQL_UPLOAD_SARIF_",
 };