vscode-codeql icon indicating copy to clipboard operation
vscode-codeql copied to clipboard
verified publisher icon github

Erroneous location mapping

Open zbazztian opened this issue 4 years ago • 1 comments

VSCode only handles locations corresponding to a range. This is a known shortcoming. This also means special ranges can correspond to invalid VSCode ranges which mean that no scroll happens. This likely has never worked 100% but we did fix some off by one errors which may have caused it to seem to work.

Version Extension v1.5.5 CodeQL CLI v2.6.2 VSCode:

1.60.2
7f6ab5485bbc008386c4386d08766667e155244e
x64

To reproduce Consider the following screenshot, with a query that emits location links to a file in the database. Only a small number of these locations actually work (in the sense that they can be clicked and VSCode selects the given location). locations

As is visible in the output (Problem View), most of the locations are mapped to the top of the file. According to our documentation, however, :2:0:2:0, for example, should mark the entire second line.

This is a somewhat serious problem, because it prevents results from being properly accessible. We recently encountered issues with our Java JSP support, where the resulting locations in the JSP files all pointed at the top of the files, making triaging the results very tedious.

Expected behavior Location display in VSCode should be consistent with our documentation.

Additional context Here the query that was used in the screenshot above:

/**
 * @kind problem
 */
​
// documentation at https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/#file-urls
class MyLoc extends string {
  string pos;
  MyLoc() {
    this = "file:///home/sebastian/dev/src/commons-io/src/main/java/org/apache/commons/io/IOUtils.java" + pos and
    pos = [
      ":0:0:0:0", // (works) docs say that this should link to the whole file
      ":2:0:2:0", // (fails) docs say that this should mark the entire line
      ":2:0:2:1", // (fails) should probably not work
      ":2:0:3:0", // (fails) I would expect it to mark lines 2 and 3
      ":2:1:2:0", // (fails) not sure whether it should work
      ":2:1:3:0", // (fails) This is currently used to mark JSP results. Yorck says it used to work.
      ":2:1:2:1", // (works)
      ":2:1:3:1"  // (works)
    ]
  }
  string getURL() { result = this }
  string getPos() { result = pos }
}
​
from MyLoc l
select l, "Position " + l.getPos() + " is mapped to "

@alexet

zbazztian avatar Oct 07 '21 01:10 zbazztian

Thanks for reporting. I haven't taken a deep look at this yet, but I suspect the problem has to do with our showLocation logic:

https://github.com/github/vscode-codeql/blob/1d414bac552f5b4ac03527c5666b8545c694cd05/extensions/ql-vscode/src/interface-utils.ts#L158-L194

Just marking this now so that whoever looks at this later will know where to start.

aeisenberg avatar Oct 07 '21 03:10 aeisenberg