search

github / codeql

CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
https://codeql.github.com
MIT License
7.52k stars 1.5k forks source link

INVALID_RESULT_PATTERNS #17338

Open KylerKatz opened 2 weeks ago

KylerKatz commented 2 weeks ago

Hello, I am getting some strange behavior when running one of my queries,

/**
 * @name Find all SensitiveVariableExpr instances
 * @description Identifies all variables that are considered SensitiveVariableExpr.
 * @kind problem
 * @problem.severity warning
 * @id java/find-sensitive-variable-expr
 */

 import java
 import SensitiveInfo.SensitiveInfo

 from SensitiveVariableExpr sve, Variable v
 where sve = v.getAnAccess()
 select sve, v.getName().toString() + "|" + v.getType().toString()

This is producing this error 

Error was: Expected result pattern(s) are not present for problem query: Expected at least 2 columns. [INVALID_RESULT_PATTERNS]

It looks like I am following the entry-to-string pattern.

This is the full command, I have flags such as max-paths because I am running it with another query in the same dir that is a path problem. 

codeql database analyze testing\\Dataflow\\db_dir\\ContainerExecDecorator codeql\\codeql-custom-queries-java\\ProgramSlicing --format=sarif-latest --output testing\\Dataflow\\query_results\\ContainerExecDecorator.sarif --max-paths=100 --sarif-add-snippets=true --no-group-results --threads=12

I call this strange because it works just fine in the extension without any errors. Usually, the extension won't display anything if there is a pattern issue.

Here is the SensitiveVariableExpr class for more context

  class SensitiveVariableExpr extends Expr {
    SensitiveVariableExpr() {
      exists(Variable v, File f |
        this = v.getAnAccess() and
        f = v.getCompilationUnit().getFile() and
        sensitiveVariables(f.getBaseName(), v.getName()) and
        not this instanceof CompileTimeConstantExpr and
        not v.getName().toLowerCase().matches("%encrypted%")
        )
    }
  }
aibaars commented 2 weeks ago

Have you tried the --rerun flag?

      --[no-]rerun           Evaluate even queries that seem to have a BQRS
                               result stored in the database already.

It might be that there is a cached result file from an earlier version of the query.