vscode-codeql icon indicating copy to clipboard operation
vscode-codeql copied to clipboard
verified publisher icon github

Graph viewer: node names are not escaped

Open nickrolfe opened this issue 3 years ago • 3 comments

In a graph query being displayed by the graph viewer, when the value for semmle.label contains backslashes, they appear to be interpreted by graphviz, when I would expect them to appear as literal backslashes. Here's an example:

/**
 * @kind graph
 * @id foo
 */
query predicate nodes(string node, string attr, string val) {
  node in ["foo\\bar", "x\\ny", "p\\q\\r\\s"] and
  attr = "semmle.label" and
  val = node
}

query predicate edges(string a, string b, string attr, string val) { none() }

It looks like this: image

I would expect to see the actual string x\ny rather than x<newline>y.

This affected me when I was using the graph viewer to visualize parsed regexes, which often contain backslashes.

Version

VS Code: 1.66.2 CodeQL extension: 1.6.5

nickrolfe avatar May 04 '22 14:05 nickrolfe

Curious....does it do what you expect if you double escape? ie- x\\ny --> x\\\\ny

aeisenberg avatar May 04 '22 16:05 aeisenberg

Yes, if I write the QL string "x\\\\ny" (which, after QL's escaping, has the value x\\ny), then the graph gets rendered with x\ny. I assume what's happening is that graphviz treats \ as an escape character, and \\ is the way to escape a single backslash.

nickrolfe avatar May 04 '22 16:05 nickrolfe

Hmmm...interesting. I think what needs to happen is that strings are escaped in vscode before rendering them to the graph.

aeisenberg avatar May 04 '22 18:05 aeisenberg