C/C++: Paths reported in sarif results contain extra back slashes in latest version of CodeQL (2.19.2) #17972
Labels
question
Further information is requested
Comments
smowton
changed the title
|
Hi @jacob-ronstadt, Thanks for the report. We're currently discussing internally whether this change is correct or not. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description of the issue
Expr used as source in data flow. Source is a string that doesn't match a given pattern:
e.getValue().toString().toLowerCase().matches(pattern)Source is used in the output message:
select f, message, source, source.asIndirectExpr().toString()In the source code the string is a function argument hard-coded such as:
L"\\some\\bad\\path\\test\\test.txt"In the sarif file results from running codeql database analyze with --format=sarif-latest, the same source code, and using the same commands for building and analyzing the database, previous versions of CodeQL CLI (2.17.6 tested) show this as:
"message":{"text":"\\some\\bad\\path\\test\\test.txt"}}]}],while CodeQL CLI 2.19.2 show:
"message":{"text":"\\\\some\\\\bad\\\\path\\\\test\\\\test.txt"}}]}],The text was updated successfully, but these errors were encountered: