search

github / codeql

CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
https://codeql.github.com
MIT License
7.72k stars 1.55k forks source link

TypeScript extraction hangs #17827

Open sniok opened 1 month ago

sniok commented 1 month ago

We have an issue with CodeQL analysis where it would hang while extracting the files from the PR.

I've found which part was causing this and made a separate reproducible code snippet. Here's a minimal reproducible example:

class Test<T> {
  static methodA<I extends typeof Test<any>>() {}
  static methodB<I extends typeof Test<any>>() {}
}
Output logs ``` ➜ temp-codeql-bug codeql version CodeQL command-line toolchain release 2.19.2. Copyright (C) 2019-2024 GitHub, Inc. Unpacked in: /home/dubenko/codeql Analysis results depend critically on separately distributed query and extractor modules. To list modules that are visible to the toolchain, use 'codeql resolve packs' and 'codeql resolve languages'. ➜ temp-codeql-bug codeql database create test --language=javascript --verbosity="progress+++" --overwrite Writing logs to /home/dubenko/temp-codeql-bug/test/log/database-create-20241023.152003.392.log. Initializing database at /home/dubenko/temp-codeql-bug/test. Scanning for [codeql-extractor.yml] from /home/dubenko/codeql/.codeqlmanifest.json Parsing /home/dubenko/codeql/csv/codeql-extractor.yml. Parsing /home/dubenko/codeql/swift/codeql-extractor.yml. Parsing /home/dubenko/codeql/cpp/codeql-extractor.yml. Parsing /home/dubenko/codeql/properties/codeql-extractor.yml. Parsing /home/dubenko/codeql/java/codeql-extractor.yml. Parsing /home/dubenko/codeql/go/codeql-extractor.yml. Parsing /home/dubenko/codeql/javascript/codeql-extractor.yml. Parsing /home/dubenko/codeql/xml/codeql-extractor.yml. Parsing /home/dubenko/codeql/yaml/codeql-extractor.yml. Parsing /home/dubenko/codeql/html/codeql-extractor.yml. Parsing /home/dubenko/codeql/ruby/codeql-extractor.yml. Parsing /home/dubenko/codeql/python/codeql-extractor.yml. Parsing /home/dubenko/codeql/csharp/codeql-extractor.yml. Calculating baseline information in /home/dubenko/temp-codeql-bug Ignoring the following directories when processing baseline information: .git, .hg, .svn. Running command in /home/dubenko/temp-codeql-bug: /home/dubenko/codeql/tools/linux64/scc --by-file --exclude-dir .git,.hg,.svn --format json --no-large --no-min . Running command in /home/dubenko/temp-codeql-bug: [/home/dubenko/codeql/javascript/tools/configure-baseline.sh] Ignored an additional 92 files when processing baseline information for TypeScript Typings due to paths and paths-ignore configuration. Ignored an additional 7 files when processing baseline information for JavaScript due to paths and paths-ignore configuration. Found 2 baseline files for javascript. Calculated baseline information for languages: javascript (69ms). Resolving extractor javascript. Found candidate extractor root for javascript: /home/dubenko/codeql/javascript. Successfully loaded extractor JavaScript/TypeScript (javascript) from /home/dubenko/codeql/javascript. Created skeleton CodeQL database at /home/dubenko/temp-codeql-bug/test. This in-progress database is ready to be populated by an extractor. Running build command: [] Running command in /home/dubenko/temp-codeql-bug: [/home/dubenko/codeql/javascript/tools/autobuild.sh] [2024-10-23 15:20:04] [build-stdout] Single-threaded extraction. [2024-10-23 15:20:04] [build-stdout] package.json: Main file set to src/index.ts [2024-10-23 15:20:04] [build-stdout] Found Node.js at: node [2024-10-23 15:20:04] [build-stdout] Found Node.js version: v22.1.0 [2024-10-23 15:20:04] [build-stdout] Opening project /home/dubenko/temp-codeql-bug/tsconfig.json [2024-10-23 15:20:04] [build-stdout] Memory for TypeScript process: 2000 MB, and 400 MB reserve [2024-10-23 15:20:04] [build-stdout] Done opening project /home/dubenko/temp-codeql-bug/tsconfig.json (433 ms) [2024-10-23 15:20:04] [build-stdout] Extracting /home/dubenko/temp-codeql-bug/src/index.ts ```

Codeql only hangs if there are two methods, if you remove one of them it works.

hvitved commented 1 month ago

Thanks a lot for the reproduction case. I have forwarded this to @github/codeql-javascript .

erik-krogh commented 4 weeks ago

Thanks for the report.

Extracting types has unfortunately caused us a bunch of problems, and we don't gain much from it.
I was unable to make a nice fix for your problem, but I did make a fix that helps if you disable type extraction.
That fix should land in CodeQL 2.19.3, at which point you should be able to create a database (if you add -Oskip_types=true to your codeql database create command).

For now I don't think there's much you can do, except for ignoring the problematic files.
Here is some documentation for how to do that when you're using codeql-action: https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#specifying-directories-to-scan

We're considering entirely removing type extraction in the future, which should remove all issues like the one you've seen here.

sniok commented 4 weeks ago

Got it, thanks for such a quick response!