Skip to content

Commit 7c5585e

Browse files
henrymercerhenrymercer
authored
Merge pull request #3852 from github/henrymercer/avoid-diagnostic-collisions
Add random suffix when writing diagnostics to avoid filename collisions
2 parents 19b3a84 + 245f682 commit 7c5585e

8 files changed

Lines changed: 60 additions & 15 deletions

CHANGELOG.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th
44

55
## [UNRELEASED]
66

7-
No user facing changes.
7+
- Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. [#3852](https://github.com/github/codeql-action/pull/3852)
88

99
## 4.35.2 - 15 Apr 2026
1010

lib/analyze-action.js

Lines changed: 7 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

lib/init-action-post.js

Lines changed: 7 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

lib/init-action.js

Lines changed: 7 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

lib/setup-codeql-action.js

Lines changed: 7 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

lib/upload-lib.js

Lines changed: 7 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

lib/upload-sarif-action.js

Lines changed: 7 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

src/diagnostics.ts

Lines changed: 17 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -72,6 +72,13 @@ let unwrittenDiagnostics: UnwrittenDiagnostic[] = [];
7272
*/
7373
let unwrittenDefaultLanguageDiagnostics: DiagnosticMessage[] = [];
7474

75+
/**
76+
* Counter used to generate a unique suffix for each diagnostic filename, so that
77+
* two diagnostics produced within the same millisecond do not overwrite each
78+
* other on disk.
79+
*/
80+
let diagnosticCounter = 0;
81+
7582
/**
7683
* Constructs a new diagnostic message with the specified id and name, as well as optional additional data.
7784
*
@@ -167,10 +174,18 @@ function writeDiagnostic(
167174
// Create the directory if it doesn't exist yet.
168175
mkdirSync(diagnosticsPath, { recursive: true });
169176

177+
// Include a monotonically increasing suffix to avoid filename collisions
178+
// between diagnostics produced within the same millisecond.
179+
const uniqueSuffix = (diagnosticCounter++).toString();
180+
// We should only need to remove colons, but to be defensive, only allow a restricted set of
181+
// characters.
182+
const sanitizedTimestamp = diagnostic.timestamp.replace(
183+
/[^a-zA-Z0-9.-]/g,
184+
"",
185+
);
170186
const jsonPath = path.resolve(
171187
diagnosticsPath,
172-
// Remove colons from the timestamp as these are not allowed in Windows filenames.
173-
`codeql-action-${diagnostic.timestamp.replaceAll(":", "")}.json`,
188+
`codeql-action-${sanitizedTimestamp}-${uniqueSuffix}.json`,
174189
);
175190

176191
writeFileSync(jsonPath, JSON.stringify(diagnostic));

0 commit comments

Comments
 (0)