9d60489908
This patch fixes the following
- [X] Wrong db metadata path. Fixed via
: globRecursively(databasePath, "codeql-database.yml")
The log output for reference:
agent | 2024/08/09 21:16:40 DEBUG XX:getDataBaseMetadata databasePath=/tmp/ce523549-a217-4b54-a118-7224ce444870/db "Waiting for SIGUSR1 or SIGUSR2..."=<nil>
agent | 2024/08/09 21:16:40 DEBUG XX:getDataBaseMetadata databasePath=/tmp/bc24fe72-b520-4e72-9634-a98d630cb75e/db "Waiting for SIGUSR1 or SIGUSR2..."=<nil>
agent | 2024/08/09 21:16:40 DEBUG Received signal: %s "user defined signal 1"=<nil>
agent | 2024/08/09 21:16:40 DEBUG XX:getDataBaseMetadata databasePath=/tmp/41fcf5cc-e151-4a11-bccc-481d599aa426/db "Waiting for SIGUSR1 or SIGUSR2..."=<nil>
From
func getDatabaseMetadata(databasePath string) (*DatabaseMetadata, error) {
data, err := os.ReadFile(filepath.Join(databasePath, "codeql-database.yml"))
...}
And some inspection:
root@3fa4b8013336:~# find /tmp |grep ql-datab
/tmp/27f09b9f-254f-4ef5-abf5-9a1a2927906b/db/cpp/codeql-database.yml
/tmp/d7e14cd4-8789-4176-81bc-2ac1957ed9fd/db/codeql_db/codeql-database.yml
/tmp/41fcf5cc-e151-4a11-bccc-481d599aa426/db/codeql_db/codeql-database.yml
/tmp/bc24fe72-b520-4e72-9634-a98d630cb75e/db/codeql_db/codeql-database.yml
/tmp/ce523549-a217-4b54-a118-7224ce444870/db/codeql_db/codeql-database.yml
- [X] Wrong db path. Fixed via
: findDBDir(databasePath)
The log output for reference:
agent | 2024/08/09 21:51:09 ERROR Failed to run analysis job error="failed to run analysis: failed to run queries: exit status 2\nOutput: A fatal error occurred: /tmp/91c61e0b-dfd9-4dd3-a3ad-cb77dbc1cbfd/db is not a recognized CodeQL database.\n"
agent | 2024/08/09 21:51:09 INFO Running analysis job job="{Spec:{SessionID:1 NameWithOwner:{Owner:USCiLab Repo:cerealctsj264953}} QueryPackLocation:{Key:1 Bucket:packs} QueryLanguage:cpp}"
agent | 2024/08/09 21:51:09 ERROR Failed to run analysis job error="failed to run analysis: failed to run queries: exit status 2\nOutput: A fatal error occurred: /tmp/1b8ffeba-8ad1-465e-8ec7-36cda449a5f5/db is not a recognized CodeQL database.\n"
...
This is easily confirmed:
root@171b5417e05f:~# /opt/codeql/codeql database upgrade /tmp/7ed27578-d7ea-42e0-902a-effbc4df05f2/
A fatal error occurred: /tmp/7ed27578-d7ea-42e0-902a-effbc4df05f2 is not a recognized CodeQL database.
Another try:
root@171b5417e05f:~# /opt/codeql/codeql database upgrade /tmp/7ed27578-d7ea-42e0-902a-effbc4df05f2/database.zip
A fatal error occurred: Database root /tmp/7ed27578-d7ea-42e0-902a-effbc4df05f2/database.zip is not a directory.
This one is correct:
root@171b5417e05f:~# /opt/codeql/codeql database upgrade /tmp/7ed27578-d7ea-42e0-902a-effbc4df05f2/db/codeql_db
/tmp/7ed27578-d7ea-42e0-902a-effbc4df05f2/db/codeql_db/db-cpp is up to date.
- [X] Wrong database source prefix. Also fixed via
: findDBDir(databasePath)
Similar log entries:
agent | 2024/08/13 15:40:14 ERROR Failed to run analysis job error="failed to run analysis: failed to get source location prefix: failed to resolve database: exit status 2\nOutput: A fatal error occurred: /tmp/da420844-a284-4d82-9470-fa189a5b4ee6/db is not a recognized CodeQL database.\n"
agent | 2024/08/13 15:40:14 INFO Worker stopping due to reduction in worker count
agent | 2024/08/13 15:40:18 ERROR Failed to run analysis job error="failed to run analysis: failed to get source location prefix: failed to resolve database: exit status 2\nOutput: A fatal error occurred: /tmp/eebfc52c-3ecf-490d-bbf4-23c305d6ba18/db is not a recognized CodeQL database.\n"
and
agent | 2024/08/13 15:49:33 ERROR Failed to resolve database err="exit status 2" output="A fatal error occurred: /tmp/b5c4941a-5692-4640-aa79-9810bcab39f4/db is not a recognized CodeQL database.\n"
agent | 2024/08/13 15:49:33 DEBUG XX: RunQuery failed to get source location prefixdatabasePath=/tmp/b5c4941a-5692-4640-aa79-9810bcab39f4/db "Waiting for SIGUSR1 or SIGUSR2..."=<nil>
agent | 2024/08/13 15:49:35 INFO Modifying worker count current=3 new=2
agent | 2024/08/13 15:49:35 ERROR Failed to resolve database err="exit status 2" output="A fatal error occurred: /tmp/eda30582-81a3-4582-8897-65f8904e8501/db is not a recognized CodeQL database.\n"
agent | 2024/08/13 15:49:35 DEBUG XX: RunQuery failed to get source location prefixdatabasePath=/tmp/eda30582-81a3-4582-8897-65f8904e8501/db "Waiting for SIGUSR1 or SIGUSR2..."=<nil>
And this fails
root@51464985499f:~# /opt/codeql/codeql resolve database /tmp/eda30582-81a3-4582-8897-65f8904e8501/db/
A fatal error occurred: /tmp/eda30582-81a3-4582-8897-65f8904e8501/db is not a recognized CodeQL database.
But this works:
root@51464985499f:~# /opt/codeql/codeql resolve database /tmp/eda30582-81a3-4582-8897-65f8904e8501/db/codeql_db/
{
"sourceLocationPrefix" : "/home/runner/work/bulk-builder/bulk-builder",
"columnKind" : "utf8",
"unicodeNewlines" : false,
"sourceArchiveZip" : "/tmp/eda30582-81a3-4582-8897-65f8904e8501/db/codeql_db/src.zip",
"sourceArchiveRoot" : "/tmp/eda30582-81a3-4582-8897-65f8904e8501/db/codeql_db/src",
"datasetFolder" : "/tmp/eda30582-81a3-4582-8897-65f8904e8501/db/codeql_db/db-cpp",
"logsFolder" : "/tmp/eda30582-81a3-4582-8897-65f8904e8501/db/codeql_db/log",
"languages" : [
"cpp"
],
"scratchDir" : "/tmp/eda30582-81a3-4582-8897-65f8904e8501/db/codeql_db/working"
}
Overview
TODO diagram
TODO Style notes
- NO package init() functions
- Dynamic behaviour must be explicit
Client CodeQL Database Selector
Separate from the server's downloading of databases, a client-side interface is needed to generate the databases.json file. This
- must be usable from the shell
- must be interactive (Python, Jupyter)
- is session based to allow iterations on selection / narrowing
- must be queryable. There is no need to reinvent sql / dataframes
Python with dataframes is ideal for this; the project is in client/.
Reverse proxy
For testing, replay flows using mitmweb. This is faster and simpler than using gh-mrva or the VS Code plugin.
-
Set up the virtual environment and install tools
python3.11 -m venv venv source venv/bin/activate pip install mitmproxy
For intercepting requests:
-
Start mitmproxy to listen on port 8080 and forward requests to port 8081, with web interface
mitmweb --mode reverse:http://localhost:8081 -p 8080 -
Change
serverports indocker-compose.ymltoports: - "8081:8080" # host:container -
Start the containers.
-
Submit requests.
-
Save the flows for later replay.
One such session is in tools/mitmweb-flows; it can be loaded to replay the
requests:
- start
mitmweb --mode reverse:http://localhost:8081 -p 8080 file>open>tools/mitmweb-flows- replay at least the submit, status, and download requests
Cross-compile server on host, run it in container
These are simple steps using a single container.
-
build server on host
GOOS=linux GOARCH=arm64 go build -
build docker image
cd cmd/server docker build -t server-image . -
Start container with shared directory
docker run -it \ -v /Users/hohn/work-gh/mrva/mrvacommander:/mrva/mrvacommander \ server-image -
Run server in container
cd /mrva/mrvacommander/cmd/server/ && ./server
Using docker-compose
Steps to build and run the server
Steps to build and run the server in a multi-container environment set up by docker-compose.
-
Built the server-image, above
-
Build server on host
cd ~/work-gh/mrva/mrvacommander/cmd/server/ GOOS=linux GOARCH=arm64 go build -
Start the containers
cd ~/work-gh/mrva/mrvacommander/ docker-compose down docker-compose up -d -
Run server in its container
cd ~/work-gh/mrva/mrvacommander/ docker exec -it server bash cd /mrva/mrvacommander/cmd/server/ ./server -loglevel=debug -mode=container -
Test server from the host via
cd ~/work-gh/mrva/mrvacommander/tools sh ./request_16-Jun-2024_11-33-16.curl -
Follow server logging via
cd ~/work-gh/mrva/mrvacommander docker-compose up -d docker-compose logs -f server -
Completely rebuild all containers. Useful when running into docker errors
cd ~/work-gh/mrva/mrvacommander docker-compose up --build -
Test server via remote client by following the steps in gh-mrva
Some general docker-compose commands
-
Get service status
docker-compose ps -
Stop services
docker-compose down -
View all logs
docker-compose logs -
check containers from server container
docker exec -it server bash curl -I http://rabbitmq:15672
Use the minio ql database db
-
Web access via
open http://localhost:9001/loginusername / password are in
docker-compose.ymlfor now. The ql db listing will be athttp://localhost:9001/browser/qldb -
Populate the database by running
./populate-dbstore.shfrom the host.
-
The names in the bucket use the
owner_repoformat for now, e.g.google_flatbuffers_db.zip. TODO This will be enhanced to include other data later -
Test Go's access to the dbstore -- from the host -- via
cd ./test go test -vThis should produce
=== RUN TestDBListing dbstore_test.go:44: Object Key: google_flatbuffers_db.zip dbstore_test.go:44: Object Key: psycopg_psycopg2_db.zip
Use the minio query pack db
-
Web access via
open http://localhost:19001/loginusername / password are in
docker-compose.ymlfor now. The ql db listing will be athttp://localhost:19001/browser/qpstore