github
Path viewer shows empty line for `file://` locations
Describe the bug
When a @kind path-problem query has a path node whose SARIF "location" is file:/, then the SARIF "message" is ignored, and a completely empty entry is displayed:
Example SARIF: interpretedResults.sarif.zip
Version Latest
Expected behavior
Render the line with the provided "message", but without a location link.
First question I have is why are we getting all of these invalid file locations?
I assume the query you are using is this one: ruby/ql/src/queries/security/cwe-1333/PolynomialReDoS.ql. Can you let me know what database you are using?
Here's a recent Swift example I hit:
The query is here:
/**
* @kind path-problem
*/
import swift
import codeql.swift.dataflow.DataFlow
import Partial::PartialPathGraph
module Config implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) {
exists(CallExpr call |
source.asExpr() = call and
call.getStaticTarget().hasName("source()")
)
}
predicate isSink(DataFlow::Node sink) {
exists(CallExpr call |
sink.asExpr() = call.getAnArgument().getExpr() and
call.getStaticTarget().getName().matches("%sink%")
)
}
}
module Flow = DataFlow::Global<Config>;
int limit() { result = 10 }
module Partial = Flow::FlowExploration<limit/0>;
from Partial::PartialPathNode source, Partial::PartialPathNode sink
where Partial::partialFlow(source, sink, _) and not exists(sink.getASuccessor())
select sink.getNode(), source, sink, ""
And the database is here:
