Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Inconsistency between the sarif file and information from vscode codeql panel #18933

Open
lllssskkk opened this issue Mar 5, 2025 · 1 comment
Open

Inconsistency between the sarif file and information from vscode codeql panel #18933

lllssskkk opened this issue Mar 5, 2025 · 1 comment
Assignees
@mbg
Labels
awaiting-response The CodeQL team is awaiting further input or clarification from the original reporter of this issue. question Further information is requested

Comments

@lllssskkk
Copy link

I'm running a query. The vscode codeql addon gives the following analysis result.

Image

From the image, i suppose there should be 8 paths in total. However, when i look at the sarif file, it only present four. What about the other four? The first and second thread flows belong to the upper one, third and forth belong to the lower one.

...
"codeFlows" : [ 
  {
    "first thread flow" : [{}]
  },
  {
     "second thread flow" : [{}]
  },
  {
     "third thread flow" : [{}]
  },
  {
     "forth thread flow" : [{}]
  },
  ],
...
@lllssskkk lllssskkk added the question Further information is requested label Mar 5, 2025
@mbg
Copy link
Member

mbg commented Mar 7, 2025

Hi @lllssskkk 👋🏻

I believe the codeFlows property is specific to a SARIF "result" object. In VSCode, you show two results, so I'd expect there to be two "result" objects in the SARIF file, each with four elements in their respective codeFlows property. Could you check whether that's the case? If not, are you able to share the SARIF file?

@mbg mbg self-assigned this Mar 7, 2025
@mbg mbg added the awaiting-response The CodeQL team is awaiting further input or clarification from the original reporter of this issue. label Mar 7, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mbg mbg

Labels
awaiting-response The CodeQL team is awaiting further input or clarification from the original reporter of this issue. question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mbg @lllssskkk