search

github / codeql-cli-binaries

Binaries for the CodeQL CLI
Other
756 stars 112 forks source link

CLI can't handle '@' in query file path #136

Closed peey closed 2 years ago

peey commented 2 years ago

When I use codeql query run, holding everything else equal, if the /path/to/query.ql contains a @ in full expanded path (even if I specify just the relative path on the command line but if I'm in a cwd where there's a @ somewhere), I'm greeted by this output:

A fatal error occurred: Invalid package specification: /tmp/whatever@3/query.ql
(eventual cause: SemanticVersionFormatException "Invalid Semantic Version. Unexpected character '/'....")

If I cp -r /tmp/whatever@3 /tmp/whatever3 or ls -l /tmp/whatever4 and specify that instead, then it works smoothly.

@ is a legal filename character on linux, and cli shouldn't anyways be trying to parse anything but the path from the specified path?

hvitved commented 2 years ago

Hi

I believe this may be fixed already for the next release, but I have asked internally for confirmation.

aeisenberg commented 2 years ago

Yes. This should be fixed in the upcoming 2.11.1 release. As described in the upcoming changenotes, you will need to prefix query specifiers that have special characters with path: so that the CLI knows to interpret them as a path and not as query pack with a semantic version.

emilva commented 1 year ago

Hello team! I am using version 2.11.6 and I am still getting this error while having an @ in the path.

How do I prefix query specifiers that have special characters with path: ?

I have prefixed both defaultSuiteFile with path: and the - query: items in the defaultSuiteFile with path: but still no change.

Cheers,

emil

aeisenberg commented 1 year ago

What does your query suite look like and how are you trying to run your queries? Is this in code scanning or direct from the CLI?

emilva commented 1 year ago

Hi @aeisenberg and thanks for the reply! I fixed the problem by removing @ from the name of my home dir.

For completeness:

The original javascript.qls looked like this:

- description: custom queries for javascript
- query: PodiumFetchXSS.ql
- query: PodiumSendXSS.ql
- query: PreloadedStateXSS.ql

The reference in the qlpack.yml was defaultSuiteFile: javascript.qls

kozmic commented 1 year ago

I can confirm that this bug still exists with CodeQL CLI 2.12.7 and Visual Studio Code CodeQL extension version v1.8.2. When the path to the DB contains @, codeql will throw ``.

Workaround: Place the DB in /tmp (or any other path without @).

aeisenberg commented 1 year ago

Thanks for commenting, @kozmic. It looks like this is a slightly different problem. Your issue is with database path. The issue with here is with query paths. We'll take a look at this.

aeisenberg commented 1 year ago

Apologies for taking so long to get back, @kozmic. I finally got a chance to look to look at your problem. I have a fix and hope to release it for CodeQL CLI v2.13.3.

kozmic commented 1 year ago

thanks for following up on this @aeisenberg !

AlexWilson-GIS commented 3 months ago

This is still a problem in 2.13.5. My company is using this version on GitHub Enterprise, and I came here after trying to figure out why this error only occurs on some of our runners. In my case, one of the runners has an email in the file path. Here's what the action output looks like (email partially redacted):

Running queries for javascript
  /home/***@esri.com/actions-runner/_work/_tool/CodeQL/2.13.5-v2.13.5/x64/codeql/codeql database run-queries --ram=5600 --threads=2 /home/***@esri.com/actions-runner/_work/_temp/codeql_databases/javascript --min-disk-free=1024 -v --expect-discarded-cache
  Writing logs to /home/***@esri.com/actions-runner/_work/_temp/codeql_databases/javascript/log/database-run-queries-20240805.151535.850.log.
  Writing logs to /home/***@esri.com/actions-runner/_work/_temp/codeql_databases/javascript/log/execute-queries-20240805.151536.670.log.
  A fatal error occurred: Invalid package specification: /home/***@esri.com/actions-runner/_work/_temp/codeql_databases/javascript/temp/config-queries.qls
  (eventual cause: SemanticVersionFormatException "Invalid Semantic Version. Unexpected 'e'....")
  Error: A fatal error occurred.
  Error: A fatal error occurred.
      at toolrunnerErrorCatcher (/home/***@esri.com/actions-runner/_work/_actions/github/codeql-action/v2/lib/toolrunner-error-catcher.js:74:27)
      at async Object.databaseRunQueries (/home/***@esri.com/actions-runner/_work/_actions/github/codeql-action/v2/lib/codeql.js:430:13)
      at async runQueryGroup (/home/***@esri.com/actions-runner/_work/_actions/github/codeql-action/v2/lib/analyze.js:284:9)
      at async runQueries (/home/***@esri.com/actions-runner/_work/_actions/github/codeql-action/v2/lib/analyze.js:153:17)
      at async run (/home/***@esri.com/actions-runner/_work/_actions/github/codeql-action/v2/lib/analyze-action.js:168:24)
      at async runWrapper (/home/***@esri.com/actions-runner/_work/_actions/github/codeql-action/v2/lib/analyze-action.js:238:9)
  Error: Error running analysis for javascript: Error: A fatal error occurred.

This appears to me to be the same problem as described by @kozmic, and I will try his suggested workaround to see if it fixes the issue.

aeisenberg commented 3 months ago

Can you please open a new issue for this in https://github.com/github/codeql-action/issues?

This issue has been closed for a while. Opening a new one will ensure that our first responder looks at it appropriately.