Add autofix coverage information for CodeQL queries (#49781)

Co-authored-by: Peter Bengtsson <peterbe@github.com>
Co-authored-by: Peter Bengtsson <mail@peterbe.com>

src/code-scanning/scripts/generate-code-scanning-query-list.ts

@@ -29,6 +29,15 @@
  *
  *   /Users/peterbe/.local/share/gh/extensions/gh-codeql/dist/nightly/codeql-bundle-20231204/codeql
  *
+ * Finally, you need to install `@github/cocofix`. This is a private package,
+ * so you first need to get the `DOCS_BOT_PAT_WORKFLOW` PAT from the vault and
+ * store it in the environment variable `DOCS_BOT_PAT_WORKFLOW`.
+ * Then run the following command from the root of this repo:
+ *
+ * ```sh
+ * npm i --no-save '--@github:registry=https://npm.pkg.github.com' '--//npm.pkg.github.com/:_authToken=${DOCS_BOT_PAT_WORKFLOW}' @github/cocofix
+ * ```
+ *
  * If you've git cloned github/codeql in /tmp/ now you can execute this script.
  * For example, to generate the Markdown
  * for Python:
@@ -44,6 +53,10 @@ import { execFileSync } from 'child_process'
 
 import chalk from 'chalk'
 import { program } from 'commander'
+// We don't want to introduce a global dependency on @github/cocofix, so we install it by hand
+// as described above and suppress the import warning.
+import { getSupportedQueries } from '@github/cocofix/dist/querySuites' // eslint-disable-line import/no-unresolved
+import { type Language } from '@github/cocofix/dist/codeql' // eslint-disable-line import/no-unresolved
 
 program
   .description('Generate a reusable Markdown for for a code scanning query language')
@@ -74,6 +87,7 @@ type Query = {
   url: string
   packs: string[]
   cwes: string[]
+  autofixSupport: 'none' | 'default'
 }
 
 const opts = program.opts()
@@ -105,6 +119,12 @@ async function main(options: Options, language: string) {
     [id: string]: Query
   } = {}
 
+  const autofixSupportedQueryIds = await getSupportedQueries(
+    'default',
+    language as Language,
+    'CodeQL',
+  )
+
   for (const pack of options.packs) {
     const languagePack = `${language}-${pack}.qls`
     if (options.verbose) console.log(chalk.dim(`Searching for queries in ${languagePack}`))
@@ -123,12 +143,13 @@ async function main(options: Options, language: string) {
         if (id && name) {
           const cwes = getCWEs(tags || '')
           const url = getDocsLink(language, id)
+          const autofixSupport = autofixSupportedQueryIds.includes(id) ? 'default' : 'none'
 
           // Only include queries that have CWEs, since the other queries deal with code scanning
           // metadata and metrics (e.g. counting lines of code or number of files) and have no docs link
           if (cwes.length) {
             if (!(id in queries)) {
-              queries[id] = { url, name, packs: [], cwes }
+              queries[id] = { url, name, packs: [], cwes, autofixSupport }
             }
             queries[id].packs.push(pack)
           } else {
@@ -150,7 +171,7 @@ function printQueries(options: Options, queries: Query[]) {
   const markdown = []
   markdown.push('{% rowheaders %}')
   markdown.push('') // blank line
-  const header = ['Query name', 'Related CWEs', 'Default', 'Extended']
+  const header = ['Query name', 'Related CWEs', 'Default', 'Extended', 'Autofix']
   markdown.push(`| ${header.join(' | ')} |`)
   markdown.push(`| ${header.map(() => '---').join(' | ')} |`)
 
@@ -161,14 +182,18 @@ function printQueries(options: Options, queries: Query[]) {
     const markdownLink = `[${query.name}](${query.url})`
     let defaultIcon = notIncludedOcticon
     let extendedIcon = notIncludedOcticon
+    let autofixIcon = notIncludedOcticon
     if (query.packs.includes('code-scanning')) {
       defaultIcon = includedOcticon
     }
     if (query.packs.includes('security-extended')) {
       extendedIcon = includedOcticon
     }
+    if (query.autofixSupport === 'default') {
+      autofixIcon = includedOcticon
+    }
     markdown.push(
-      `| ${markdownLink} | ${query.cwes.join(', ')} | ${defaultIcon} | ${extendedIcon} |`,
+      `| ${markdownLink} | ${query.cwes.join(', ')} | ${defaultIcon} | ${extendedIcon} | ${autofixIcon} |`,
     )
   }
   markdown.push('') // blank line