The Wayback Machine - https://web.archive.org/web/20230319185601/https://github.com/github/vscode-codeql/issues/684
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add capability to group similar results #684

Open
aeisenberg opened this issue Nov 20, 2020 · 1 comment
Open

Add capability to group similar results #684

aeisenberg opened this issue Nov 20, 2020 · 1 comment
Labels
enhancement New feature or request VSCode

Comments

@aeisenberg
Copy link
Contributor

This query https://github.com/github/securitylab/blob/main/CodeQL_Queries/cpp/XNU_DTrace_CVE-2017-13782/DTraceUnsafeIndex.ql when run on the database linked here https://github.com/github/securitylab/tree/main/CodeQL_Queries/cpp/XNU_DTrace_CVE-2017-13782 will produce results like the following:

Banners_and_Alerts_and__Extension_Development_Host__-_dtrace_c_—_vscode-codeql-starter__Workspace_

You can see that many of the paths are duplicates. It's likely that in QL4E, the results were grouped together based on the comment in the ql file:

This query has 16 results. The 16th result is the vulnerability: dtrace_isa.c:817

The suggestion is the following:

  1. Add a toggle to group similar results in the results view. Similar results are defined by:
    • For Path queries
      • message is the same
      • All path elements are the same ast node
    • For alerts queries
      • message is the same
      • alert node is the same
    • For other query types
      • All elements are equal
  2. For the "Display in problems view", always group similar results. The calculation of what is similar would be slightly different since we only show the final element of a path query.
@aeisenberg aeisenberg added the enhancement New feature or request label Nov 20, 2020
@adityasharad
Copy link
Contributor

Some added context:

QL4E used to have two Problems panes for exactly this reason, one grouped and one ungrouped.
We made the explicit decision to avoid that clunky UI in the VS Code extension. Conveniently the CLI knows how to group results already. We currently pass --no-group-results to codeql database analyze to get ungrouped results in the SARIF for simplicity, but a toggle sounds feasible if this will improve usability, at the cost of making a second CLI call.

There is an internal discussion about making the grouping more intuitive for path alerts, which has been open for some time. I'll point you to that separately.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request VSCode
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aeisenberg @adityasharad