codeql

How do I display full string in a CodeQL exported result?


Converting a.getChild(1) to a string using toString()

test.ql

/**
 * @id custom
 * @kind problem
 * @problem.severity warning
 *
 */
import javascript

from ObjectExpr oe, Property p1, int i, AstNode a
where p1 = oe.getProperty(i) and
    p1.getName() = "fragment" and
    a = p1.getAChild().getAChild() and
    a.toString().indexOf("name") > -1
select a, a.getChild(1).toString()

Here is the codeql command used for generating a csv result file:

codeql database analyze ~/test.com ./test.ql --format=csv --output=results.csv

For example: a.getChild(1).toString() = PageLoadablePageWrapperQuery will be saved in the csv file like PageLo ... rQuery instead of the full string.

How do I have the full string in the exported csv result?


Solution

  • For the JavaScript library in CodeQL the shortening of long names in .toString() is hardcoded*. See https://github.com/github/codeql/blob/7361ad977a5dd5252d21f5fd23de47d75b763651/javascript/extractor/src/com/semmle/js/extractor/TextualExtractor.java#L121:

    public static String sanitiseToString(String str) {
        if (str.length() > 20) str = str.substring(0, 7) + " ... " + str.substring(str.length() - 7);
    

    However, it is not very difficult to modify the source code such that codeql database analyze skips this part of the string sanitation. This can be done using the following steps:

    1. download TextualExtractor.java from the url above and comment or remove the mentioned if-statement
    2. find the location of extractor-javascript.jar in the installation of CodeQL, which is something like codeql/javascript/tools/
    3. compile the modified file using the following line:
    javac -cp ".:/path/to/codeql/javascript/tools/extractor-javascript.jar" TextualExtractor.java`
    
    1. extract the jar file, replace TextualExtractor.class in the directory com/semmle/js/extractor/, and re-compress the jar file
    2. re-install the javascript pack with codeql pack install --force from the directory that contains qlpack.yml, i.e., the project root
    3. regenerate your CodeQL project database with
    codeql database create dbname --overwrite --language=javascript --source-root=/path/to/project
    
    1. run the query again.

    Tested with the following JavaScript file:

    var PageLoadablePageWrapperQuery = "some query";
    
    var p = {  // object literal containing five property definitions
      longtobetruncatedfragment: PageLoadablePageWrapperQuery,
      y: 1,
      diag: function() { return this.x - this.y; },
      get area() { return this.x * this.y; },
      set area(a) { this.x = Math.sqrt(a); this.y = Math.sqrt(a); }
    };
    

    and the following query:

    /**
     * @id custom
     * @kind problem
     * @problem.severity warning
     *
     */
    import javascript
    
    from ObjectExpr oe, Property p1, int i, AstNode a
    where p1 = oe.getProperty(i) and
        p1.getName() = "longtobetruncatedfragment" and
        a = p1.getAChild()
    select a, a.toString()
    

    Resulting csv:

    ,,"warning","longtobetruncatedfragment","/testfile.js","4","3","4","27"
    ,,"warning","PageLoadablePageWrapperQuery","/testfile.js","4","30","4","57"
    

    *Interestingly for other languages, for example the Python library, the sanitation step is not implemented.