The number of paths different from codeql-cli and vscode

[whyaicn]

I encounter a problem about codeql. I used the following codeql language to detect codeFlows of a project through codeql-cli and vscode respectively:

/**
 * This is an automatically generated file
 * @name Hello world
 * @kind path-problem
 * @problem.severity warning
 * @id java/example/hello-world
 */

 import java
 import semmle.code.java.dataflow.DataFlow
 import semmle.code.java.dataflow.FlowSources

 // For some languages (Java/C++/Python/Swift) you need to explicitly import the data flow library, such as
 // import semmle.code.java.dataflow.DataFlow or import codeql.swift.dataflow.DataFlow

 module MyFlowConfiguration implements DataFlow::ConfigSig {
  predicate isSource(DataFlow::Node source) {
    source.asExpr() = any(MethodCall m| m.getMethod().hasQualifiedName("com.example.app", "UserRegistration", "getUserInput"))
  }
  
  predicate isSink(DataFlow::Node sink) {
    exists(sink)
  }
}

 module Flow = DataFlow::Global<MyFlowConfiguration>;
 import Flow::PathGraph

 from Flow::PathNode source, Flow::PathNode sink
 where Flow::flowPath(source, sink)
 select sink.getNode(), source, sink, "<message>"

But I got different results . In the sarif file, I got 120 codeFlows. However, searching in vscode only yields 26 paths. I don't know why this situation happened

[aibaars]

That quite a large difference indeed. Could you check that codeql database analyze/interpret-results is run with the same arguments on the CLI as in VSCode? In VSCode you can review the CodeQL extension log in Output tab to see what commands it is running. Things to look for are for example --max-path (how many paths are generated per result) and --no-group-results (should results reported on the same location be grouped together or not).

[rvermeulen]

Hi @whyaicn,

Were you able to look into @aibaars's suggestions?

Thanks!

[whyaicn]

Oh! I'm very sorry for taking so long to see your reply. Recently, due to some delays, I couldn't check it in a timely manner. I may know why I got a different number of paths. I found that when modifying a SQL file that has been queried once in VSCode and using the modified SQL to query again, the query results in Codeql CLI and VSCode will be different. The query result in VSCode is the query result of the modified file, but the result given by Codeql CLI is still the result before modification.Here is an example(The Java project is Jenkins):
The following is my first time using Example 4. ql for a query. And I did not receive any results.

Next, I will use CodeQL CLI for querying. Here is my command:
codeql database analyze {databasepath} {codeqlpath}--format=sarif-latest --output={output_path}
And the result is following:

There has no results either.
Then I will change parameters in example4.ql. The modified result is as follows:

I obtained two results.
Finally, I use CodeQL CLI for querying again.

As with the first result, there is still no results.
That is to say, for the codeql CLI, the result obtained after modifying the parameters is the same as before the modification. But VSCode can obtain normal results.
Finally, I would like to apologize once again for my lateness

[whyaicn]

And simply creating a new QL statement with a different name and adding new parameters for querying can solve this problem

[rvermeulen]

No worries and thanks for following-up.

If you run the CLI command with the --rerun flag, are there still no results?

codeql database analyze --rerun {databasepath} {codeqlpath}--format=sarif-latest --output={output_path}

The CLI will cache results for a query and reuse that. The --rerun option will skip a cached result.

[whyaicn]

Oh!Thank you for your help. This is really useful to me. Perhaps next time I should carefully check the official information before asking. Anyway, you have been a great help to me. Once again, I would like to express my gratitude. By the way, CodeQL is really a very useful tool.