codeql

How do I display full string in a CodeQL exported result?

Converting a.getChild(1) to a string using toString()

test.ql

/**
 * @id custom
 * @kind problem
 * @problem.severity warning
 *
 */
import javascript

from ObjectExpr oe, Property p1, int i, AstNode a
where p1 = oe.getProperty(i) and
    p1.getName() = "fragment" and
    a = p1.getAChild().getAChild() and
    a.toString().indexOf("name") > -1
select a, a.getChild(1).toString()

Here is the codeql command used for generating a csv result file:

codeql database analyze ~/test.com ./test.ql --format=csv --output=results.csv

For example: a.getChild(1).toString() = PageLoadablePageWrapperQuery will be saved in the csv file like PageLo ... rQuery instead of the full string.

How do I have the full string in the exported csv result?

Solution

  • For the JavaScript library in CodeQL the shortening of long names in .toString() is hardcoded*. See https://github.com/github/codeql/blob/7361ad977a5dd5252d21f5fd23de47d75b763651/javascript/extractor/src/com/semmle/js/extractor/TextualExtractor.java#L121:

    public static String sanitiseToString(String str) {
    if (str.length() > 20) str = str.substring(0, 7) + " ... " + str.substring(str.length() - 7);

    However, it is not very difficult to modify the source code such that codeql database analyze skips this part of the string sanitation. This can be done using the following steps:

    1. download TextualExtractor.java from the url above and comment or remove the mentioned if-statement
    2. find the location of extractor-javascript.jar in the installation of CodeQL, which is something like codeql/javascript/tools/
    3. compile the modified file using the following line:
    javac -cp ".:/path/to/codeql/javascript/tools/extractor-javascript.jar" TextualExtractor.java`
    1. extract the jar file, replace TextualExtractor.class in the directory com/semmle/js/extractor/, and re-compress the jar file
    2. re-install the javascript pack with codeql pack install --force from the directory that contains qlpack.yml, i.e., the project root
    3. regenerate your CodeQL project database with
    codeql database create dbname --overwrite --language=javascript --source-root=/path/to/project
    1. run the query again.

    Tested with the following JavaScript file:

    var PageLoadablePageWrapperQuery = "some query";

var p = {  // object literal containing five property definitions
  longtobetruncatedfragment: PageLoadablePageWrapperQuery,
  y: 1,
  diag: function() { return this.x - this.y; },
  get area() { return this.x * this.y; },
  set area(a) { this.x = Math.sqrt(a); this.y = Math.sqrt(a); }
};

    and the following query:

    /**
 * @id custom
 * @kind problem
 * @problem.severity warning
 *
 */
import javascript

from ObjectExpr oe, Property p1, int i, AstNode a
where p1 = oe.getProperty(i) and
    p1.getName() = "longtobetruncatedfragment" and
    a = p1.getAChild()
select a, a.toString()

    Resulting csv:

    ,,"warning","longtobetruncatedfragment","/testfile.js","4","3","4","27"
,,"warning","PageLoadablePageWrapperQuery","/testfile.js","4","30","4","57"

    *Interestingly for other languages, for example the Python library, the sanitation step is not implemented.