search

github / codeql

CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
https://codeql.github.com
MIT License
7.5k stars 1.49k forks source link

`codeql resolve qlpacks` is reporting errors for duplicated packs from different languages even though it is not a problem #17059

Open RobbingDaHood opened 1 month ago

RobbingDaHood commented 1 month ago

Description of the issue

A fresh download of the CodeQL bundle shows errors when running: 

./codeql resolve qlpacks

The errors shown seems to be false positives because they all seems to report duplicated packs: But the packs are in separate languages, so it could be fine: If that is the case, then the resolve qlpacks likely just need to consider if the packs are in fact from different languages.

On the other hand, then it does seem strange that multiple languages have individual packs for xml, yml etc. Should they not all be defined in one location? And if there then are language specific considerations for these cases then they could be added in the relevant language folder.

Reproduction

  1. Download the latest version of the bundle here: https://github.com/github/codeql-action/releases
    1. I Downloaded v2.18.1 called codeql-bundle-linux64.tar.gz
    2. Unpack the bundle
    3. Execute ./codeql resolve qlpacks at the root of the unpacked folder.
Here is the full output of my run ``` > ./codeql resolve qlpacks codeql/controlflow is found in 6 same-priority locations, so attempts to resolve it will fail: /home/USER/Projects/codeql-home/qlpacks/codeql/controlflow/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/csharp-examples/0.0.0/.codeql/libraries/codeql/controlflow/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/swift-queries/1.0.3/.codeql/libraries/codeql/controlflow/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/csharp-queries/1.0.3/.codeql/libraries/codeql/controlflow/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/ruby-examples/0.0.0/.codeql/libraries/codeql/controlflow/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/ruby-queries/1.0.3/.codeql/libraries/codeql/controlflow/1.0.3 codeql/cpp-all is found in 3 same-priority locations, so attempts to resolve it will fail: /home/USER/Projects/codeql-home/qlpacks/codeql/cpp-all/1.2.0 /home/USER/Projects/codeql-home/qlpacks/codeql/cpp-queries/1.0.3/.codeql/libraries/codeql/cpp-all/1.2.0 /home/USER/Projects/codeql-home/qlpacks/codeql/cpp-examples/0.0.0/.codeql/libraries/codeql/cpp-all/1.2.0 codeql/cpp-examples (/home/USER/Projects/codeql-home/qlpacks/codeql/cpp-examples/0.0.0) codeql/cpp-queries (/home/USER/Projects/codeql-home/qlpacks/codeql/cpp-queries/1.0.3) codeql/csharp-all is found in 3 same-priority locations, so attempts to resolve it will fail: /home/USER/Projects/codeql-home/qlpacks/codeql/csharp-examples/0.0.0/.codeql/libraries/codeql/csharp-all/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/csharp-queries/1.0.3/.codeql/libraries/codeql/csharp-all/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/csharp-all/1.0.3 codeql/csharp-examples (/home/USER/Projects/codeql-home/qlpacks/codeql/csharp-examples/0.0.0) codeql/csharp-queries (/home/USER/Projects/codeql-home/qlpacks/codeql/csharp-queries/1.0.3) codeql/dataflow is found in 16 same-priority locations, so attempts to resolve it will fail: /home/USER/Projects/codeql-home/qlpacks/codeql/dataflow/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/java-queries/1.1.0/.codeql/libraries/codeql/dataflow/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/javascript-examples/0.0.0/.codeql/libraries/codeql/dataflow/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/python-queries/1.0.3/.codeql/libraries/codeql/dataflow/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/csharp-examples/0.0.0/.codeql/libraries/codeql/dataflow/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/swift-queries/1.0.3/.codeql/libraries/codeql/dataflow/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/csharp-queries/1.0.3/.codeql/libraries/codeql/dataflow/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/ruby-examples/0.0.0/.codeql/libraries/codeql/dataflow/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/go-queries/1.0.3/.codeql/libraries/codeql/dataflow/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/ruby-queries/1.0.3/.codeql/libraries/codeql/dataflow/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/go-examples/0.0.0/.codeql/libraries/codeql/dataflow/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/cpp-queries/1.0.3/.codeql/libraries/codeql/dataflow/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/java-examples/0.0.0/.codeql/libraries/codeql/dataflow/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/javascript-queries/1.0.3/.codeql/libraries/codeql/dataflow/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/python-examples/0.0.0/.codeql/libraries/codeql/dataflow/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/cpp-examples/0.0.0/.codeql/libraries/codeql/dataflow/1.0.3 codeql/go-all is found in 3 same-priority locations, so attempts to resolve it will fail: /home/USER/Projects/codeql-home/qlpacks/codeql/go-queries/1.0.3/.codeql/libraries/codeql/go-all/1.1.2 /home/USER/Projects/codeql-home/qlpacks/codeql/go-examples/0.0.0/.codeql/libraries/codeql/go-all/1.1.2 /home/USER/Projects/codeql-home/qlpacks/codeql/go-all/1.1.2 codeql/go-examples (/home/USER/Projects/codeql-home/qlpacks/codeql/go-examples/0.0.0) codeql/go-queries (/home/USER/Projects/codeql-home/qlpacks/codeql/go-queries/1.0.3) codeql/java-all is found in 3 same-priority locations, so attempts to resolve it will fail: /home/USER/Projects/codeql-home/qlpacks/codeql/java-queries/1.1.0/.codeql/libraries/codeql/java-all/1.1.2 /home/USER/Projects/codeql-home/qlpacks/codeql/java-all/1.1.2 /home/USER/Projects/codeql-home/qlpacks/codeql/java-examples/0.0.0/.codeql/libraries/codeql/java-all/1.1.2 codeql/java-examples (/home/USER/Projects/codeql-home/qlpacks/codeql/java-examples/0.0.0) codeql/java-queries (/home/USER/Projects/codeql-home/qlpacks/codeql/java-queries/1.1.0) codeql/javascript-all is found in 3 same-priority locations, so attempts to resolve it will fail: /home/USER/Projects/codeql-home/qlpacks/codeql/javascript-examples/0.0.0/.codeql/libraries/codeql/javascript-all/1.1.0 /home/USER/Projects/codeql-home/qlpacks/codeql/javascript-all/1.1.0 /home/USER/Projects/codeql-home/qlpacks/codeql/javascript-queries/1.0.3/.codeql/libraries/codeql/javascript-all/1.1.0 codeql/javascript-examples (/home/USER/Projects/codeql-home/qlpacks/codeql/javascript-examples/0.0.0) codeql/javascript-queries (/home/USER/Projects/codeql-home/qlpacks/codeql/javascript-queries/1.0.3) codeql/mad is found in 16 same-priority locations, so attempts to resolve it will fail: /home/USER/Projects/codeql-home/qlpacks/codeql/java-queries/1.1.0/.codeql/libraries/codeql/mad/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/javascript-examples/0.0.0/.codeql/libraries/codeql/mad/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/python-queries/1.0.3/.codeql/libraries/codeql/mad/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/csharp-examples/0.0.0/.codeql/libraries/codeql/mad/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/swift-queries/1.0.3/.codeql/libraries/codeql/mad/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/csharp-queries/1.0.3/.codeql/libraries/codeql/mad/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/ruby-examples/0.0.0/.codeql/libraries/codeql/mad/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/go-queries/1.0.3/.codeql/libraries/codeql/mad/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/ruby-queries/1.0.3/.codeql/libraries/codeql/mad/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/mad/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/go-examples/0.0.0/.codeql/libraries/codeql/mad/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/cpp-queries/1.0.3/.codeql/libraries/codeql/mad/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/java-examples/0.0.0/.codeql/libraries/codeql/mad/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/javascript-queries/1.0.3/.codeql/libraries/codeql/mad/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/python-examples/0.0.0/.codeql/libraries/codeql/mad/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/cpp-examples/0.0.0/.codeql/libraries/codeql/mad/1.0.3 codeql/python-all is found in 3 same-priority locations, so attempts to resolve it will fail: /home/USER/Projects/codeql-home/qlpacks/codeql/python-queries/1.0.3/.codeql/libraries/codeql/python-all/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/python-all/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/python-examples/0.0.0/.codeql/libraries/codeql/python-all/1.0.3 codeql/python-examples (/home/USER/Projects/codeql-home/qlpacks/codeql/python-examples/0.0.0) codeql/python-queries (/home/USER/Projects/codeql-home/qlpacks/codeql/python-queries/1.0.3) codeql/rangeanalysis is found in 5 same-priority locations, so attempts to resolve it will fail: /home/USER/Projects/codeql-home/qlpacks/codeql/java-queries/1.1.0/.codeql/libraries/codeql/rangeanalysis/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/rangeanalysis/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/cpp-queries/1.0.3/.codeql/libraries/codeql/rangeanalysis/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/java-examples/0.0.0/.codeql/libraries/codeql/rangeanalysis/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/cpp-examples/0.0.0/.codeql/libraries/codeql/rangeanalysis/1.0.3 codeql/regex is found in 10 same-priority locations, so attempts to resolve it will fail: /home/USER/Projects/codeql-home/qlpacks/codeql/java-queries/1.1.0/.codeql/libraries/codeql/regex/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/javascript-examples/0.0.0/.codeql/libraries/codeql/regex/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/python-queries/1.0.3/.codeql/libraries/codeql/regex/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/swift-queries/1.0.3/.codeql/libraries/codeql/regex/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/regex/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/ruby-examples/0.0.0/.codeql/libraries/codeql/regex/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/ruby-queries/1.0.3/.codeql/libraries/codeql/regex/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/java-examples/0.0.0/.codeql/libraries/codeql/regex/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/javascript-queries/1.0.3/.codeql/libraries/codeql/regex/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/python-examples/0.0.0/.codeql/libraries/codeql/regex/1.0.3 codeql/ruby-all is found in 3 same-priority locations, so attempts to resolve it will fail: /home/USER/Projects/codeql-home/qlpacks/codeql/ruby-examples/0.0.0/.codeql/libraries/codeql/ruby-all/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/ruby-queries/1.0.3/.codeql/libraries/codeql/ruby-all/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/ruby-all/1.0.3 codeql/ruby-examples (/home/USER/Projects/codeql-home/qlpacks/codeql/ruby-examples/0.0.0) codeql/ruby-queries (/home/USER/Projects/codeql-home/qlpacks/codeql/ruby-queries/1.0.3) codeql/ssa is found in 16 same-priority locations, so attempts to resolve it will fail: /home/USER/Projects/codeql-home/qlpacks/codeql/java-queries/1.1.0/.codeql/libraries/codeql/ssa/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/javascript-examples/0.0.0/.codeql/libraries/codeql/ssa/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/python-queries/1.0.3/.codeql/libraries/codeql/ssa/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/csharp-examples/0.0.0/.codeql/libraries/codeql/ssa/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/swift-queries/1.0.3/.codeql/libraries/codeql/ssa/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/ssa/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/csharp-queries/1.0.3/.codeql/libraries/codeql/ssa/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/ruby-examples/0.0.0/.codeql/libraries/codeql/ssa/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/go-queries/1.0.3/.codeql/libraries/codeql/ssa/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/ruby-queries/1.0.3/.codeql/libraries/codeql/ssa/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/go-examples/0.0.0/.codeql/libraries/codeql/ssa/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/cpp-queries/1.0.3/.codeql/libraries/codeql/ssa/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/java-examples/0.0.0/.codeql/libraries/codeql/ssa/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/javascript-queries/1.0.3/.codeql/libraries/codeql/ssa/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/python-examples/0.0.0/.codeql/libraries/codeql/ssa/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/cpp-examples/0.0.0/.codeql/libraries/codeql/ssa/1.0.3 codeql/suite-helpers is found in 9 same-priority locations, so attempts to resolve it will fail: /home/USER/Projects/codeql-home/qlpacks/codeql/java-queries/1.1.0/.codeql/libraries/codeql/suite-helpers/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/python-queries/1.0.3/.codeql/libraries/codeql/suite-helpers/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/suite-helpers/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/swift-queries/1.0.3/.codeql/libraries/codeql/suite-helpers/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/csharp-queries/1.0.3/.codeql/libraries/codeql/suite-helpers/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/go-queries/1.0.3/.codeql/libraries/codeql/suite-helpers/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/ruby-queries/1.0.3/.codeql/libraries/codeql/suite-helpers/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/cpp-queries/1.0.3/.codeql/libraries/codeql/suite-helpers/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/javascript-queries/1.0.3/.codeql/libraries/codeql/suite-helpers/1.0.3 codeql/swift-all is found in 2 same-priority locations, so attempts to resolve it will fail: /home/USER/Projects/codeql-home/qlpacks/codeql/swift-all/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/swift-queries/1.0.3/.codeql/libraries/codeql/swift-all/1.0.3 codeql/swift-queries (/home/USER/Projects/codeql-home/qlpacks/codeql/swift-queries/1.0.3) codeql/threat-models is found in 7 same-priority locations, so attempts to resolve it will fail: /home/USER/Projects/codeql-home/qlpacks/codeql/java-queries/1.1.0/.codeql/libraries/codeql/threat-models/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/csharp-examples/0.0.0/.codeql/libraries/codeql/threat-models/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/csharp-queries/1.0.3/.codeql/libraries/codeql/threat-models/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/go-queries/1.0.3/.codeql/libraries/codeql/threat-models/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/threat-models/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/go-examples/0.0.0/.codeql/libraries/codeql/threat-models/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/java-examples/0.0.0/.codeql/libraries/codeql/threat-models/1.0.3 codeql/tutorial is found in 16 same-priority locations, so attempts to resolve it will fail: /home/USER/Projects/codeql-home/qlpacks/codeql/java-queries/1.1.0/.codeql/libraries/codeql/tutorial/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/tutorial/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/javascript-examples/0.0.0/.codeql/libraries/codeql/tutorial/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/python-queries/1.0.3/.codeql/libraries/codeql/tutorial/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/csharp-examples/0.0.0/.codeql/libraries/codeql/tutorial/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/swift-queries/1.0.3/.codeql/libraries/codeql/tutorial/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/csharp-queries/1.0.3/.codeql/libraries/codeql/tutorial/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/ruby-examples/0.0.0/.codeql/libraries/codeql/tutorial/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/go-queries/1.0.3/.codeql/libraries/codeql/tutorial/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/ruby-queries/1.0.3/.codeql/libraries/codeql/tutorial/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/go-examples/0.0.0/.codeql/libraries/codeql/tutorial/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/cpp-queries/1.0.3/.codeql/libraries/codeql/tutorial/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/java-examples/0.0.0/.codeql/libraries/codeql/tutorial/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/javascript-queries/1.0.3/.codeql/libraries/codeql/tutorial/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/python-examples/0.0.0/.codeql/libraries/codeql/tutorial/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/cpp-examples/0.0.0/.codeql/libraries/codeql/tutorial/1.0.3 codeql/typeflow is found in 5 same-priority locations, so attempts to resolve it will fail: /home/USER/Projects/codeql-home/qlpacks/codeql/java-queries/1.1.0/.codeql/libraries/codeql/typeflow/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/typeflow/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/cpp-queries/1.0.3/.codeql/libraries/codeql/typeflow/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/java-examples/0.0.0/.codeql/libraries/codeql/typeflow/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/cpp-examples/0.0.0/.codeql/libraries/codeql/typeflow/1.0.3 codeql/typetracking is found in 16 same-priority locations, so attempts to resolve it will fail: /home/USER/Projects/codeql-home/qlpacks/codeql/java-queries/1.1.0/.codeql/libraries/codeql/typetracking/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/javascript-examples/0.0.0/.codeql/libraries/codeql/typetracking/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/python-queries/1.0.3/.codeql/libraries/codeql/typetracking/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/csharp-examples/0.0.0/.codeql/libraries/codeql/typetracking/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/typetracking/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/swift-queries/1.0.3/.codeql/libraries/codeql/typetracking/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/csharp-queries/1.0.3/.codeql/libraries/codeql/typetracking/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/ruby-examples/0.0.0/.codeql/libraries/codeql/typetracking/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/go-queries/1.0.3/.codeql/libraries/codeql/typetracking/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/ruby-queries/1.0.3/.codeql/libraries/codeql/typetracking/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/go-examples/0.0.0/.codeql/libraries/codeql/typetracking/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/cpp-queries/1.0.3/.codeql/libraries/codeql/typetracking/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/java-examples/0.0.0/.codeql/libraries/codeql/typetracking/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/javascript-queries/1.0.3/.codeql/libraries/codeql/typetracking/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/python-examples/0.0.0/.codeql/libraries/codeql/typetracking/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/cpp-examples/0.0.0/.codeql/libraries/codeql/typetracking/1.0.3 codeql/typos is found in 2 same-priority locations, so attempts to resolve it will fail: /home/USER/Projects/codeql-home/qlpacks/codeql/typos/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/javascript-queries/1.0.3/.codeql/libraries/codeql/typos/1.0.3 codeql/util is found in 16 same-priority locations, so attempts to resolve it will fail: /home/USER/Projects/codeql-home/qlpacks/codeql/util/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/java-queries/1.1.0/.codeql/libraries/codeql/util/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/javascript-examples/0.0.0/.codeql/libraries/codeql/util/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/python-queries/1.0.3/.codeql/libraries/codeql/util/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/csharp-examples/0.0.0/.codeql/libraries/codeql/util/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/swift-queries/1.0.3/.codeql/libraries/codeql/util/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/csharp-queries/1.0.3/.codeql/libraries/codeql/util/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/ruby-examples/0.0.0/.codeql/libraries/codeql/util/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/go-queries/1.0.3/.codeql/libraries/codeql/util/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/ruby-queries/1.0.3/.codeql/libraries/codeql/util/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/go-examples/0.0.0/.codeql/libraries/codeql/util/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/cpp-queries/1.0.3/.codeql/libraries/codeql/util/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/java-examples/0.0.0/.codeql/libraries/codeql/util/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/javascript-queries/1.0.3/.codeql/libraries/codeql/util/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/python-examples/0.0.0/.codeql/libraries/codeql/util/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/cpp-examples/0.0.0/.codeql/libraries/codeql/util/1.0.3 codeql/xml is found in 11 same-priority locations, so attempts to resolve it will fail: /home/USER/Projects/codeql-home/qlpacks/codeql/java-queries/1.1.0/.codeql/libraries/codeql/xml/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/javascript-examples/0.0.0/.codeql/libraries/codeql/xml/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/python-queries/1.0.3/.codeql/libraries/codeql/xml/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/xml/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/csharp-examples/0.0.0/.codeql/libraries/codeql/xml/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/csharp-queries/1.0.3/.codeql/libraries/codeql/xml/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/cpp-queries/1.0.3/.codeql/libraries/codeql/xml/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/java-examples/0.0.0/.codeql/libraries/codeql/xml/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/javascript-queries/1.0.3/.codeql/libraries/codeql/xml/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/python-examples/0.0.0/.codeql/libraries/codeql/xml/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/cpp-examples/0.0.0/.codeql/libraries/codeql/xml/1.0.3 codeql/yaml is found in 5 same-priority locations, so attempts to resolve it will fail: /home/USER/Projects/codeql-home/qlpacks/codeql/javascript-examples/0.0.0/.codeql/libraries/codeql/yaml/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/python-queries/1.0.3/.codeql/libraries/codeql/yaml/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/yaml/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/javascript-queries/1.0.3/.codeql/libraries/codeql/yaml/1.0.3 /home/USER/Projects/codeql-home/qlpacks/codeql/python-examples/0.0.0/.codeql/libraries/codeql/yaml/1.0.3 legacy-upgrades (/home/USER/Projects/codeql-home/legacy-upgrades) ```
mbg commented 1 month ago

Hi @RobbingDaHood 👋

Thanks for flagging this up. I can confirm that this happens for me as well when I download the CLI and run ./codeql resolve qlpacks. This doesn't seem to be new behaviour, and also happens with at least the two previous releases before this. It doesn't seem to happen if the CLI is obtained via the GH CLI extension.

I am checking with the relevant team to see if this is intentional behaviour. Are you running into any further issues or is it just the output of the command that's unexpected?

RobbingDaHood commented 1 month ago

Hi @mbg

Thx for the quick response.

I did try to create and analyze a database on a java project and it behaved as expected (As far as I could see) so there does not seem to be a problem with resolving what pack to use: As the errors suggest.

So in short: Nope, I have not seen any other issues as a result of this.

RobbingDaHood commented 1 month ago

PS: I did not go in depth of the analysis on the java project investigating if it did in fact apply the packs that were flagged as being duplicated. I could try to look more into that. There is a risk that they are not applied as the errors states.

mbg commented 1 month ago

Thanks for confirming that! It seems that the team is aware that the output of resolve qlpacks isn't very helpful here. They are considering to deprecate the command and replace it with something else in the future, but in the meantime this should not be getting in the way of other commands working correctly.

RobbingDaHood commented 1 month ago

Suggestion I can see that all the duplicates comes from the .codeql/libraries/codeql subpath and indicates that it is because it refers to another library.

So maybe the resolve command should not consider anything in this subpath?

Other issues? It is a bit tricky to identify a open source shared query that depends on the XML library in the java folder, so I am not completely sure that there is or is not a problem. I also tried with some of the other queries.

But at least it is not confirmed to be an issue :)

The command seems nice

The resolve command is quite neat to verify the codeql configuration, so would it not be nice to keep it and just improve it a bit?

RobbingDaHood commented 1 month ago

@mbg I took a look around the repo and could not see where the codeql resolve were defined. Is that in another repo, not open source or can I just not spot it? :)

mbg commented 1 month ago

@RobbingDaHood the implementation of the CLI is not open source.

junwha0511 commented 2 weeks ago

I'm facing the same issue on ubuntu 22.04