vscode-codeql icon indicating copy to clipboard operation
vscode-codeql copied to clipboard

Published 20 hours ago verified publisher icon github

Placeholder text does not show if location information is unavailable

Open rvermeulen opened this issue 3 years ago • 4 comments

Describe the bug The alert of a message containing a placeholder without location information does not render the text.

Version The CodeQL and VS Code version in which the bug occurs.

CodeQL extension version: 1.5.3 CodeQL CLI version: 2.3.4 Platform: darwin x64

To reproduce Create a message with a placeholder that is replaced by an element that has no location information and a string text describtion.

select e, "Some $@", e, "element" where e has no location.

Expected behavior The message with the placeholder being replaced by the provided text (not rendered as an URL).

Additional context Add any other context about the problem here.

rvermeulen avatar Aug 24 '21 11:08 rvermeulen

Presumably, this is alert queries only. Can you give an example of how to create an element with no location information? Would a simple string be sufficient?

aeisenberg avatar Sep 24 '21 22:09 aeisenberg

I tried to reproduce this today with @marcnjaramillo.

Here's an example of an alert query that selects an element with no location (the predicates getURL/hasLocationInfo/getLocation are special and determine the location of the element, and I find getURL is the easiest to modify):

/** @kind problem */
class HasNoLocation extends string {
  HasNoLocation() {
    this = "Has no location"
  }

  string getURL() {
    none()
  }
}

from HasNoLocation x
select x, "Has no location"

This query leads to a CLI exception, thus the results view doesn't appear at all. @rvermeulen is that what you were seeing?

java.lang.StringIndexOutOfBoundsException: begin 0, end -3, length 0
	at java.base/java.lang.String.checkBoundsBeginEnd(Unknown Source)
	at java.base/java.lang.String.substring(Unknown Source)
	at com.semmle.util.urls.URLUtil.convertFilePathToURI(URLUtil.java:472)
	at com.semmle.cli2.bqrs.DecodeCommand.generateURL(DecodeCommand.java:541)
	at com.semmle.cli2.bqrs.DecodeCommand.generateValue(DecodeCommand.java:511)
	at com.semmle.cli2.bqrs.DecodeCommand.generateJsonForResultSet(DecodeCommand.java:449)
	at com.semmle.cli2.bqrs.DecodeCommand.lambda$null$2(DecodeCommand.java:280)
	at com.semmle.cli2.bqrs.DecodeCommand.writeJson(DecodeCommand.java:407)
	at com.semmle.cli2.bqrs.DecodeCommand.lambda$generate$3(DecodeCommand.java:280)
	at com.semmle.cli2.bqrs.DecodeCommand.streamOnceUnsorted(DecodeCommand.java:352)
	at com.semmle.cli2.bqrs.DecodeCommand.streamResultSet(DecodeCommand.java:336)
	at com.semmle.cli2.bqrs.DecodeCommand.generate(DecodeCommand.java:277)
	at com.semmle.cli2.bqrs.DecodeCommand.generateOutput(DecodeCommand.java:240)
	at com.semmle.cli2.bqrs.DecodeCommand.executeSubcommand(DecodeCommand.java:213)

If ensure the location exists, but not within the codebase, e.g. change getURL to:

  string getURL() {
    result = "https://github.com"
  }

then we get 0 alerts and 1 raw result. I'm not sure whether this is the ideal output, but I think this is a choice made by the CLI's results interpretation, not the extension.

Similar behaviour in each of the above cases if we add a placeholder to the select clause, e.g. change to:

from HasNoLocation x
select x, "Has no location: $@", x, x.toString()

adityasharad avatar Sep 30 '21 20:09 adityasharad

Leaving this open as this won't be fixed until 2.7.0.

alexet avatar Oct 08 '21 17:10 alexet

Sorry for the late response. In my case this was for an element that is an instance ofGlobalNamespace in C++. So probably when the location is UnknownDefaultLocation

rvermeulen avatar Oct 28 '21 12:10 rvermeulen