Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JS/TS Analyse 2.20.4 Runs Extremely Slow #18736

Open
aaronmassicotte opened this issue Feb 11, 2025 · 8 comments
Open

JS/TS Analyse 2.20.4 Runs Extremely Slow #18736

aaronmassicotte opened this issue Feb 11, 2025 · 8 comments
Labels
question Further information is requested

Comments

@aaronmassicotte
Copy link

aaronmassicotte commented Feb 11, 2025
edited
Loading

Pipelines had been taking >90m to run the CodeQL github/codeql-action/analyze@v3 step sicne 2.20.4. When reverting back to 2.20.3 via

...
      - name: "Initialize CodeQL"
        uses: github/codeql-action/init@v3
        with:
          tools: https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.20.3/codeql-bundle-linux64.tar.zst
          languages: javascript-typescript
...

the issue is resolved. It is difficult to see why this is happening, but in our case the codebase is large (CodeQL scanned 8401 out of 8401 TypeScript files and 1568 out of 1569 JavaScript files in this invocation.). Normal runtime for this job is about 10 minutes with 32 GB memory and 40 (32 effective) CPUs

Let me know if I can help resolve the issue by providing additional details about the codebase. I suspect something in particular about this codebase may be running inefficiently, as no other JS/TS scans within the enterprise have been impacted so far
@aaronmassicotte aaronmassicotte added the question Further information is requested label Feb 11, 2025
@aaronmassicotte aaronmassicotte mentioned this issue Feb 11, 2025
Closed
@jketema
Copy link
Contributor

jketema commented Feb 11, 2025

Hi @aaronmassicotte,

There's not a lot to go by here. Would you be able to share the codebase? If not the best option it to re-run the workflow with debugging enabled. This will generate some artifacts, including a database. When you download the artifacts you should be able to run the analysis locally. See here on how to do that. You want to pass --tuple-counting --evaluator-log output.log as additional options to codeql database analyze, and post-process the output.log file with codeql generate log-summary --format=text output.log summary.log. Then share the summary.log file with us.

@aaronmassicotte
Copy link
Author

aaronmassicotte commented Feb 18, 2025
edited
Loading

  1. codeql database analyze debug-artifacts/db-javascript codeql/javascript-queries --tuple-counting --format=sarif-latest --output=results.sarif --evaluator-log output.log
  2. codeql generate log-summary --format=text output.log summary.log

output.log

{
  "time" : "2025-02-18T10:09:59.610477Z",
  "type" : "LOG_HEADER",
  "eventId" : 0,
  "nanoTime" : 194279666,
  "codeqlVersion" : "2.20.4",
  "logVersion" : "0.5.0"
}

{
  "time" : "2025-02-18T10:10:00.224435Z",
  "type" : "LOG_FOOTER",
  "eventId" : 1,
  "nanoTime" : 808215916
}

summary.log

[2025-02-18 11:09:59] Summary of a CodeQL evaluation that started at 2025-02-18T10:09:59.610477Z
[2025-02-18 11:09:59]
[2025-02-18 11:10:00] Total evaluation times for this run:
        * Wall-clock duration of evaluation run: 0.6 seconds
        * Total time spent evaluating predicates: 0.0 seconds
  1. codeql generate log-summary --format=text results.sarif summary.log
Beginning to generate summary for query log located at /Users/aaron.massicotte/Downloads/results.sarif
Oops! A fatal internal error occurred. Details:
java.lang.NullPointerException: Cannot invoke "Object.toString()" because the return value of "com.fasterxml.jackson.core.TreeNode.get(String)" is null
	at com.semmle.inmemory.logging.json.events.LogEventDeserialiser.readEvent(LogEventDeserialiser.java:25)
	at com.semmle.cli2.generate.LogSummaryCommand.executeSubcommand(LogSummaryCommand.java:278)
	at com.semmle.cli2.picocli.SubcommandCommon.lambda$executeSubcommandWithMessages$5(SubcommandCommon.java:892)
	at com.semmle.cli2.picocli.SubcommandCommon.withCompilationMessages(SubcommandCommon.java:444)
	at com.semmle.cli2.picocli.SubcommandCommon.executeSubcommandWithMessages(SubcommandCommon.java:890)
	at com.semmle.cli2.picocli.SubcommandCommon.toplevelMain(SubcommandCommon.java:777)
	at com.semmle.cli2.picocli.SubcommandCommon.call(SubcommandCommon.java:757)
	at com.semmle.cli2.picocli.SubcommandMaker.runMain(SubcommandMaker.java:238)
	at com.semmle.cli2.picocli.SubcommandMaker.runMain(SubcommandMaker.java:259)
	at com.semmle.cli2.CodeQL.main(CodeQL.java:115)

@jketema
Copy link
Contributor

jketema commented Feb 18, 2025

It doesn't look like any queries were run. What was the output of

codeql database analyze debug-artifacts/db-javascript codeql/javascript-queries --tuple-counting --format=sarif-latest --output=results.sarif --evaluator-log output.log

?

@aaronmassicotte
Copy link
Author

Initial Run

Running queries.
[1/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/AngularJS/DisablingSce.qlx.
[2/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/AngularJS/DoubleCompilation.qlx.
[3/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/AngularJS/InsecureUrlWhitelist.qlx.
[4/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/RegExp/IdentityReplacement.qlx.
[5/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-201/PostMessageStar.qlx.
[6/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-830/FunctionalityFromUntrustedSource.qlx.
[7/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-830/FunctionalityFromUntrustedDomain.qlx.
[8/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-094/CodeInjection.qlx.
[9/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-094/UnsafeDynamicMethodAccess.qlx.
[10/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-094/ExpressionInjection.qlx.
[11/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-094/ImproperCodeSanitization.qlx.
[12/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-209/StackTraceExposure.qlx.
[13/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-200/PrivateFileExposure.qlx.
[14/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-601/ClientSideUrlRedirect.qlx.
[15/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-601/ServerSideUrlRedirect.qlx.
[16/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-326/InsufficientKeySize.qlx.
[17/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-178/CaseSensitiveMiddlewarePath.qlx.
[18/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-327/BrokenCryptoAlgorithm.qlx.
[19/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-327/BadRandomness.qlx.
[20/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-916/InsufficientPasswordHash.qlx.
[21/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-918/RequestForgery.qlx.
[22/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-598/SensitiveGetQuery.qlx.
[23/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-614/ClearTextCookie.qlx.
[24/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-089/SqlInjection.qlx.
[25/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-073/TemplateObjectInjection.qlx.
[26/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-020/IncompleteUrlSchemeCheck.qlx.
[27/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-020/UselessRegExpCharacterEscape.qlx.
[28/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-020/IncompleteHostnameRegExp.qlx.
[29/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-020/IncorrectSuffixCheck.qlx.
[30/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-020/IncompleteUrlSubstringSanitization.qlx.
[31/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-020/OverlyLargeRange.qlx.
[32/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.qlx.
[33/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-400/DeepObjectResourceExhaustion.qlx.
[34/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-834/LoopBoundInjection.qlx.
[35/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-295/DisablingCertificateValidation.qlx.
[36/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-693/InsecureHelmet.qlx.
[37/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-347/MissingJWTKeyVerification.qlx.
[38/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-770/ResourceExhaustion.qlx.
[39/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-770/MissingRateLimiting.qlx.
[40/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-346/CorsMisconfigurationForCredentials.qlx.
[41/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-116/IncompleteSanitization.qlx.
[42/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-116/BadTagFilter.qlx.
[43/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-116/UnsafeHtmlExpansion.qlx.
[44/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-116/IncompleteMultiCharacterSanitization.qlx.
[45/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-116/DoubleEscaping.qlx.
[46/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-116/IncompleteHtmlAttributeSanitization.qlx.
[47/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-915/PrototypePollutingAssignment.qlx.
[48/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-915/PrototypePollutingMergeCall.qlx.
[49/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-915/PrototypePollutingFunction.qlx.
[50/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-776/XmlBomb.qlx.
[51/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-312/CleartextStorage.qlx.
[52/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-312/ActionsArtifactLeak.qlx.
[53/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-312/CleartextLogging.qlx.
[54/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-312/BuildArtifactLeak.qlx.
[55/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-754/UnvalidatedDynamicMethodCall.qlx.
[56/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-798/HardcodedCredentials.qlx.
[57/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-134/TaintedFormatString.qlx.
[58/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-352/MissingCsrfMiddleware.qlx.
[59/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-338/InsecureRandomness.qlx.
[60/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-300/InsecureDependencyResolution.qlx.
[61/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-502/UnsafeDeserialization.qlx.
[62/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-730/RegExpInjection.qlx.
[63/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-730/ServerCrash.qlx.
[64/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-1004/ClientExposedCookie.qlx.
[65/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-022/ZipSlip.qlx.
[66/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-022/TaintedPath.qlx.
[67/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-843/TypeConfusionThroughParameterTampering.qlx.
[68/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-611/Xxe.qlx.
[69/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-078/UselessUseOfCat.qlx.
[70/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-078/CommandInjection.qlx.
[71/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-078/UnsafeShellCommandConstruction.qlx.
[72/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-078/SecondOrderCommandInjection.qlx.
[73/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-078/ShellCommandInjectionFromEnvironment.qlx.
[74/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-643/XpathInjection.qlx.
[75/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-829/InsecureDownload.qlx.
[76/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-079/ReflectedXss.qlx.
[77/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-079/XssThroughDom.qlx.
[78/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-079/UnsafeJQueryPlugin.qlx.
[79/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-079/Xss.qlx.
[80/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-079/ExceptionXss.qlx.
[81/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-079/UnsafeHtmlConstruction.qlx.
[82/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-079/StoredXss.qlx.
[83/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Performance/ReDoS.qlx.
[84/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Performance/PolynomialReDoS.qlx.
[85/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Electron/AllowRunningInsecureContent.qlx.
[86/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Electron/DisablingWebSecurity.qlx.
[87/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Diagnostics/ExtractionErrors.qlx.
[88/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Diagnostics/ExtractedFiles.qlx.
[89/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Summary/LinesOfCode.qlx.
[90/90] Loaded /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Summary/LinesOfUserCode.qlx.
DisablingSce.ql                          : [1/90 eval 1m11s] Results written to codeql/javascript-queries/AngularJS/DisablingSce.bqrs.
DoubleCompilation.ql                     : [2/90 eval 1.1s] Results written to codeql/javascript-queries/AngularJS/DoubleCompilation.bqrs.
InsecureUrlWhitelist.ql                  : [3/90 eval 144ms] Results written to codeql/javascript-queries/AngularJS/InsecureUrlWhitelist.bqrs.
ExtractedFiles.ql                        : [4/90 eval 77ms] Results written to codeql/javascript-queries/Diagnostics/ExtractedFiles.bqrs.
ExtractionErrors.ql                      : [5/90 eval 6ms] Results written to codeql/javascript-queries/Diagnostics/ExtractionErrors.bqrs.
AllowRunningInsecureContent.ql           : [6/90 eval 233ms] Results written to codeql/javascript-queries/Electron/AllowRunningInsecureContent.bqrs.
DisablingWebSecurity.ql                  : [7/90 eval 3ms] Results written to codeql/javascript-queries/Electron/DisablingWebSecurity.bqrs.
PolynomialReDoS.ql                       : [8/90 eval 32.7s] Results written to codeql/javascript-queries/Performance/PolynomialReDoS.bqrs.
ReDoS.ql                                 : [9/90 eval 976ms] Results written to codeql/javascript-queries/Performance/ReDoS.bqrs.
IdentityReplacement.ql                   : [10/90 eval 523ms] Results written to codeql/javascript-queries/RegExp/IdentityReplacement.bqrs.
IncompleteHostnameRegExp.ql              : [11/90 eval 321ms] Results written to codeql/javascript-queries/Security/CWE-020/IncompleteHostnameRegExp.bqrs.
IncompleteUrlSchemeCheck.ql              : [12/90 eval 975ms] Results written to codeql/javascript-queries/Security/CWE-020/IncompleteUrlSchemeCheck.bqrs.
IncompleteUrlSubstringSanitization.ql    : [13/90 eval 1.2s] Results written to codeql/javascript-queries/Security/CWE-020/IncompleteUrlSubstringSanitization.bqrs.
IncorrectSuffixCheck.ql                  : [14/90 eval 803ms] Results written to codeql/javascript-queries/Security/CWE-020/IncorrectSuffixCheck.bqrs.
OverlyLargeRange.ql                      : [15/90 eval 64ms] Results written to codeql/javascript-queries/Security/CWE-020/OverlyLargeRange.bqrs.
UselessRegExpCharacterEscape.ql          : [16/90 eval 2.8s] Results written to codeql/javascript-queries/Security/CWE-020/UselessRegExpCharacterEscape.bqrs.
TaintedPath.ql                           : [17/90 eval 6s] Results written to codeql/javascript-queries/Security/CWE-022/TaintedPath.bqrs.
ZipSlip.ql                               : [18/90 eval 921ms] Results written to codeql/javascript-queries/Security/CWE-022/ZipSlip.bqrs.
TemplateObjectInjection.ql               : [19/90 eval 172ms] Results written to codeql/javascript-queries/Security/CWE-073/TemplateObjectInjection.bqrs.
CommandInjection.ql                      : [20/90 eval 5.5s] Results written to codeql/javascript-queries/Security/CWE-078/CommandInjection.bqrs.
SecondOrderCommandInjection.ql           : [21/90 eval 2.5s] Results written to codeql/javascript-queries/Security/CWE-078/SecondOrderCommandInjection.bqrs.
ShellCommandInjectionFromEnvironment.ql  : [22/90 eval 5.2s] Results written to codeql/javascript-queries/Security/CWE-078/ShellCommandInjectionFromEnvironment.bqrs.
UnsafeShellCommandConstruction.ql        : [23/90 eval 4.3s] Results written to codeql/javascript-queries/Security/CWE-078/UnsafeShellCommandConstruction.bqrs.
UselessUseOfCat.ql                       : [24/90 eval 1.4s] Results written to codeql/javascript-queries/Security/CWE-078/UselessUseOfCat.bqrs.
ExceptionXss.ql                          : [25/90 eval 10s] Results written to codeql/javascript-queries/Security/CWE-079/ExceptionXss.bqrs.
ReflectedXss.ql                          : [26/90 eval 454ms] Results written to codeql/javascript-queries/Security/CWE-079/ReflectedXss.bqrs.
StoredXss.ql                             : [27/90 eval 7.1s] Results written to codeql/javascript-queries/Security/CWE-079/StoredXss.bqrs.
UnsafeHtmlConstruction.ql                : [28/90 eval 3.3s] Results written to codeql/javascript-queries/Security/CWE-079/UnsafeHtmlConstruction.bqrs.
UnsafeJQueryPlugin.ql                    : [29/90 eval 268ms] Results written to codeql/javascript-queries/Security/CWE-079/UnsafeJQueryPlugin.bqrs.
Xss.ql                                   : [30/90 eval 4.6s] Results written to codeql/javascript-queries/Security/CWE-079/Xss.bqrs.
XssThroughDom.ql                         : [31/90 eval 5.8s] Results written to codeql/javascript-queries/Security/CWE-079/XssThroughDom.bqrs.
SqlInjection.ql                          : [32/90 eval 1.3s] Results written to codeql/javascript-queries/Security/CWE-089/SqlInjection.bqrs.
CodeInjection.ql                         : [33/90 eval 2.9s] Results written to codeql/javascript-queries/Security/CWE-094/CodeInjection.bqrs.
ExpressionInjection.ql                   : [34/90 eval 42ms] Results written to codeql/javascript-queries/Security/CWE-094/ExpressionInjection.bqrs.
ImproperCodeSanitization.ql              : [35/90 eval 70ms] Results written to codeql/javascript-queries/Security/CWE-094/ImproperCodeSanitization.bqrs.
UnsafeDynamicMethodAccess.ql             : [36/90 eval 2s] Results written to codeql/javascript-queries/Security/CWE-094/UnsafeDynamicMethodAccess.bqrs.
ClientExposedCookie.ql                   : [37/90 eval 10s] Results written to codeql/javascript-queries/Security/CWE-1004/ClientExposedCookie.bqrs.
BadTagFilter.ql                          : [38/90 eval 453ms] Results written to codeql/javascript-queries/Security/CWE-116/BadTagFilter.bqrs.
DoubleEscaping.ql                        : [39/90 eval 579ms] Results written to codeql/javascript-queries/Security/CWE-116/DoubleEscaping.bqrs.
IncompleteHtmlAttributeSanitization.ql   : [40/90 eval 709ms] Results written to codeql/javascript-queries/Security/CWE-116/IncompleteHtmlAttributeSanitization.bqrs.
IncompleteMultiCharacterSanitization.ql  : [41/90 eval 698ms] Results written to codeql/javascript-queries/Security/CWE-116/IncompleteMultiCharacterSanitization.bqrs.
IncompleteSanitization.ql                : [42/90 eval 420ms] Results written to codeql/javascript-queries/Security/CWE-116/IncompleteSanitization.bqrs.
UnsafeHtmlExpansion.ql                   : [43/90 eval 146ms] Results written to codeql/javascript-queries/Security/CWE-116/UnsafeHtmlExpansion.bqrs.
TaintedFormatString.ql                   : [44/90 eval 686ms] Results written to codeql/javascript-queries/Security/CWE-134/TaintedFormatString.bqrs.
CaseSensitiveMiddlewarePath.ql           : [45/90 eval 27ms] Results written to codeql/javascript-queries/Security/CWE-178/CaseSensitiveMiddlewarePath.bqrs.
PrivateFileExposure.ql                   : [46/90 eval 425ms] Results written to codeql/javascript-queries/Security/CWE-200/PrivateFileExposure.bqrs.
PostMessageStar.ql                       : [47/90 eval 18ms] Results written to codeql/javascript-queries/Security/CWE-201/PostMessageStar.bqrs.
StackTraceExposure.ql                    : [48/90 eval 133ms] Results written to codeql/javascript-queries/Security/CWE-209/StackTraceExposure.bqrs.
DisablingCertificateValidation.ql        : [49/90 eval 999ms] Results written to codeql/javascript-queries/Security/CWE-295/DisablingCertificateValidation.bqrs.
InsecureDependencyResolution.ql          : [50/90 eval 6ms] Results written to codeql/javascript-queries/Security/CWE-300/InsecureDependencyResolution.bqrs.
ActionsArtifactLeak.ql                   : [51/90 eval 7ms] Results written to codeql/javascript-queries/Security/CWE-312/ActionsArtifactLeak.bqrs.
BuildArtifactLeak.ql                     : [52/90 eval 19ms] Results written to codeql/javascript-queries/Security/CWE-312/BuildArtifactLeak.bqrs.
CleartextLogging.ql                      : [53/90 eval 6.9s] Results written to codeql/javascript-queries/Security/CWE-312/CleartextLogging.bqrs.
CleartextStorage.ql                      : [54/90 eval 2.9s] Results written to codeql/javascript-queries/Security/CWE-312/CleartextStorage.bqrs.
InsufficientKeySize.ql                   : [55/90 eval 288ms] Results written to codeql/javascript-queries/Security/CWE-326/InsufficientKeySize.bqrs.
BadRandomness.ql                         : [56/90 eval 401ms] Results written to codeql/javascript-queries/Security/CWE-327/BadRandomness.bqrs.
BrokenCryptoAlgorithm.ql                 : [57/90 eval 126ms] Results written to codeql/javascript-queries/Security/CWE-327/BrokenCryptoAlgorithm.bqrs.
InsecureRandomness.ql                    : [58/90 eval 6.5s] Results written to codeql/javascript-queries/Security/CWE-338/InsecureRandomness.bqrs.
CorsMisconfigurationForCredentials.ql    : [59/90 eval 306ms] Results written to codeql/javascript-queries/Security/CWE-346/CorsMisconfigurationForCredentials.bqrs.
MissingJWTKeyVerification.ql             : [60/90 eval 200ms] Results written to codeql/javascript-queries/Security/CWE-347/MissingJWTKeyVerification.bqrs.
MissingCsrfMiddleware.ql                 : [61/90 eval 16ms] Results written to codeql/javascript-queries/Security/CWE-352/MissingCsrfMiddleware.bqrs.
DeepObjectResourceExhaustion.ql          : [62/90 eval 19ms] Results written to codeql/javascript-queries/Security/CWE-400/DeepObjectResourceExhaustion.bqrs.
UnsafeDeserialization.ql                 : [63/90 eval 75ms] Results written to codeql/javascript-queries/Security/CWE-502/UnsafeDeserialization.bqrs.
SensitiveGetQuery.ql                     : [64/90 eval 139ms] Results written to codeql/javascript-queries/Security/CWE-598/SensitiveGetQuery.bqrs.
ClientSideUrlRedirect.ql                 : [65/90 eval 6.5s] Results written to codeql/javascript-queries/Security/CWE-601/ClientSideUrlRedirect.bqrs.
ServerSideUrlRedirect.ql                 : [66/90 eval 1.5s] Results written to codeql/javascript-queries/Security/CWE-601/ServerSideUrlRedirect.bqrs.
Xxe.ql                                   : [67/90 eval 357ms] Results written to codeql/javascript-queries/Security/CWE-611/Xxe.bqrs.
ClearTextCookie.ql                       : [68/90 eval 4ms] Results written to codeql/javascript-queries/Security/CWE-614/ClearTextCookie.bqrs.
HostHeaderPoisoningInEmailGeneration.ql  : [69/90 eval 16ms] Results written to codeql/javascript-queries/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.bqrs.
XpathInjection.ql                        : [70/90 eval 27ms] Results written to codeql/javascript-queries/Security/CWE-643/XpathInjection.bqrs.
InsecureHelmet.ql                        : [71/90 eval 186ms] Results written to codeql/javascript-queries/Security/CWE-693/InsecureHelmet.bqrs.
RegExpInjection.ql                       : [72/90 eval 2.7s] Results written to codeql/javascript-queries/Security/CWE-730/RegExpInjection.bqrs.
ServerCrash.ql                           : [73/90 eval 1.5s] Results written to codeql/javascript-queries/Security/CWE-730/ServerCrash.bqrs.
UnvalidatedDynamicMethodCall.ql          : [74/90 eval 5.3s] Results written to codeql/javascript-queries/Security/CWE-754/UnvalidatedDynamicMethodCall.bqrs.
MissingRateLimiting.ql                   : [75/90 eval 670ms] Results written to codeql/javascript-queries/Security/CWE-770/MissingRateLimiting.bqrs.
ResourceExhaustion.ql                    : [76/90 eval 7.3s] Results written to codeql/javascript-queries/Security/CWE-770/ResourceExhaustion.bqrs.
XmlBomb.ql                               : [77/90 eval 15ms] Results written to codeql/javascript-queries/Security/CWE-776/XmlBomb.bqrs.
HardcodedCredentials.ql                  : [78/90 eval 2.5s] Results written to codeql/javascript-queries/Security/CWE-798/HardcodedCredentials.bqrs.
InsecureDownload.ql                      : [79/90 eval 1.7s] Results written to codeql/javascript-queries/Security/CWE-829/InsecureDownload.bqrs.
FunctionalityFromUntrustedDomain.ql      : [80/90 eval 269ms] Results written to codeql/javascript-queries/Security/CWE-830/FunctionalityFromUntrustedDomain.bqrs.
FunctionalityFromUntrustedSource.ql      : [81/90 eval 14ms] Results written to codeql/javascript-queries/Security/CWE-830/FunctionalityFromUntrustedSource.bqrs.
LoopBoundInjection.ql                    : [82/90 eval 14ms] Results written to codeql/javascript-queries/Security/CWE-834/LoopBoundInjection.bqrs.
TypeConfusionThroughParameterTampering.ql: [83/90 eval 8ms] Results written to codeql/javascript-queries/Security/CWE-843/TypeConfusionThroughParameterTampering.bqrs.
PrototypePollutingAssignment.ql          : [84/90 eval 16m32s] Results written to codeql/javascript-queries/Security/CWE-915/PrototypePollutingAssignment.bqrs.
PrototypePollutingFunction.ql            : [85/90 eval 3.8s] Results written to codeql/javascript-queries/Security/CWE-915/PrototypePollutingFunction.bqrs.
PrototypePollutingMergeCall.ql           : [86/90 eval 31m6s] Results written to codeql/javascript-queries/Security/CWE-915/PrototypePollutingMergeCall.bqrs.
InsufficientPasswordHash.ql              : [87/90 eval 267ms] Results written to codeql/javascript-queries/Security/CWE-916/InsufficientPasswordHash.bqrs.
RequestForgery.ql                        : [88/90 eval 17m40s] Results written to codeql/javascript-queries/Security/CWE-918/RequestForgery.bqrs.
LinesOfCode.ql                           : [89/90 eval 11ms] Results written to codeql/javascript-queries/Summary/LinesOfCode.bqrs.
LinesOfUserCode.ql                       : [90/90 eval 16m54s] Results written to codeql/javascript-queries/Summary/LinesOfUserCode.bqrs.
Shutting down query evaluator.
Interpreting results.
CodeQL scanned 8403 out of 8403 TypeScript files and 1568 out of 1569 JavaScript files in this invocation. Typically CodeQL is configured to analyze a single CodeQL language per invocation, so check other invocations to determine overall coverage information.

Subsequent run

Running queries.
[1/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/AngularJS/DisablingSce.ql.
[2/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/AngularJS/DoubleCompilation.ql.
[3/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/AngularJS/InsecureUrlWhitelist.ql.
[4/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/RegExp/IdentityReplacement.ql.
[5/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-201/PostMessageStar.ql.
[6/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-830/FunctionalityFromUntrustedSource.ql.
[7/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-830/FunctionalityFromUntrustedDomain.ql.
[8/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-094/CodeInjection.ql.
[9/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-094/UnsafeDynamicMethodAccess.ql.
[10/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-094/ExpressionInjection.ql.
[11/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-094/ImproperCodeSanitization.ql.
[12/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-209/StackTraceExposure.ql.
[13/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-200/PrivateFileExposure.ql.
[14/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-601/ClientSideUrlRedirect.ql.
[15/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-601/ServerSideUrlRedirect.ql.
[16/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-326/InsufficientKeySize.ql.
[17/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-178/CaseSensitiveMiddlewarePath.ql.
[18/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-327/BrokenCryptoAlgorithm.ql.
[19/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-327/BadRandomness.ql.
[20/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-916/InsufficientPasswordHash.ql.
[21/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-918/RequestForgery.ql.
[22/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-598/SensitiveGetQuery.ql.
[23/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-614/ClearTextCookie.ql.
[24/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-089/SqlInjection.ql.
[25/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-073/TemplateObjectInjection.ql.
[26/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-020/IncompleteUrlSchemeCheck.ql.
[27/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-020/UselessRegExpCharacterEscape.ql.
[28/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-020/IncompleteHostnameRegExp.ql.
[29/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-020/IncorrectSuffixCheck.ql.
[30/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-020/IncompleteUrlSubstringSanitization.ql.
[31/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-020/OverlyLargeRange.ql.
[32/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.ql.
[33/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-400/DeepObjectResourceExhaustion.ql.
[34/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-834/LoopBoundInjection.ql.
[35/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-295/DisablingCertificateValidation.ql.
[36/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-693/InsecureHelmet.ql.
[37/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-347/MissingJWTKeyVerification.ql.
[38/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-770/ResourceExhaustion.ql.
[39/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-770/MissingRateLimiting.ql.
[40/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-346/CorsMisconfigurationForCredentials.ql.
[41/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-116/IncompleteSanitization.ql.
[42/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-116/BadTagFilter.ql.
[43/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-116/UnsafeHtmlExpansion.ql.
[44/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-116/IncompleteMultiCharacterSanitization.ql.
[45/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-116/DoubleEscaping.ql.
[46/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-116/IncompleteHtmlAttributeSanitization.ql.
[47/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-915/PrototypePollutingAssignment.ql.
[48/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-915/PrototypePollutingMergeCall.ql.
[49/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-915/PrototypePollutingFunction.ql.
[50/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-776/XmlBomb.ql.
[51/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-312/CleartextStorage.ql.
[52/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-312/ActionsArtifactLeak.ql.
[53/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-312/CleartextLogging.ql.
[54/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-312/BuildArtifactLeak.ql.
[55/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-754/UnvalidatedDynamicMethodCall.ql.
[56/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-798/HardcodedCredentials.ql.
[57/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-134/TaintedFormatString.ql.
[58/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-352/MissingCsrfMiddleware.ql.
[59/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-338/InsecureRandomness.ql.
[60/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-300/InsecureDependencyResolution.ql.
[61/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-502/UnsafeDeserialization.ql.
[62/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-730/RegExpInjection.ql.
[63/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-730/ServerCrash.ql.
[64/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-1004/ClientExposedCookie.ql.
[65/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-022/ZipSlip.ql.
[66/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-022/TaintedPath.ql.
[67/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-843/TypeConfusionThroughParameterTampering.ql.
[68/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-611/Xxe.ql.
[69/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-078/UselessUseOfCat.ql.
[70/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-078/CommandInjection.ql.
[71/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-078/UnsafeShellCommandConstruction.ql.
[72/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-078/SecondOrderCommandInjection.ql.
[73/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-078/ShellCommandInjectionFromEnvironment.ql.
[74/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-643/XpathInjection.ql.
[75/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-829/InsecureDownload.ql.
[76/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-079/ReflectedXss.ql.
[77/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-079/XssThroughDom.ql.
[78/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-079/UnsafeJQueryPlugin.ql.
[79/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-079/Xss.ql.
[80/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-079/ExceptionXss.ql.
[81/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-079/UnsafeHtmlConstruction.ql.
[82/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-079/StoredXss.ql.
[83/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Performance/ReDoS.ql.
[84/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Performance/PolynomialReDoS.ql.
[85/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Electron/AllowRunningInsecureContent.ql.
[86/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Electron/DisablingWebSecurity.ql.
[87/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Diagnostics/ExtractionErrors.ql.
[88/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Diagnostics/ExtractedFiles.ql.
[89/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Summary/LinesOfCode.ql.
[90/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Summary/LinesOfUserCode.ql.
Shutting down query evaluator.
Interpreting results.
CodeQL scanned 8403 out of 8403 TypeScript files and 1568 out of 1569 JavaScript files in this invocation. Typically CodeQL is configured to analyze a single CodeQL language per invocation, so check other invocations to determine overall coverage information.

@jketema
Copy link
Contributor

jketema commented Feb 18, 2025

Yeah, we cache results. You'll need to run codeql database cleanup --cache-cleanup=clear debug-artifacts/db-javascript beforehand.

@aaronmassicotte
Copy link
Author

I see you're not asking to verify whether a valid scan was run but looking to investigate the output of the uncached run. My mistake. I'm not sure what the intended outcome should be though, as this results in a very similar output:

$ codeql database cleanup --cache-cleanup=clear debug-artifacts/db-javascript && codeql database analyze debug-artifacts/db-javascript codeql/javascript-queries --tuple-counting --format=sarif-latest --output=results.sarif --evaluator-log output.log

Cleaning up existing TRAP files after import...
TRAP files cleaned up (2ms).
Cleaning up scratch directory...
Scratch directory cleaned up (0ms).
Running queries.
[1/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/AngularJS/DisablingSce.ql.
[2/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/AngularJS/DoubleCompilation.ql.
[3/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/AngularJS/InsecureUrlWhitelist.ql.
[4/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/RegExp/IdentityReplacement.ql.
[5/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-201/PostMessageStar.ql.
[6/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-830/FunctionalityFromUntrustedSource.ql.
[7/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-830/FunctionalityFromUntrustedDomain.ql.
[8/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-094/CodeInjection.ql.
[9/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-094/UnsafeDynamicMethodAccess.ql.
[10/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-094/ExpressionInjection.ql.
[11/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-094/ImproperCodeSanitization.ql.
[12/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-209/StackTraceExposure.ql.
[13/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-200/PrivateFileExposure.ql.
[14/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-601/ClientSideUrlRedirect.ql.
[15/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-601/ServerSideUrlRedirect.ql.
[16/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-326/InsufficientKeySize.ql.
[17/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-178/CaseSensitiveMiddlewarePath.ql.
[18/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-327/BrokenCryptoAlgorithm.ql.
[19/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-327/BadRandomness.ql.
[20/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-916/InsufficientPasswordHash.ql.
[21/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-918/RequestForgery.ql.
[22/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-598/SensitiveGetQuery.ql.
[23/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-614/ClearTextCookie.ql.
[24/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-089/SqlInjection.ql.
[25/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-073/TemplateObjectInjection.ql.
[26/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-020/IncompleteUrlSchemeCheck.ql.
[27/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-020/UselessRegExpCharacterEscape.ql.
[28/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-020/IncompleteHostnameRegExp.ql.
[29/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-020/IncorrectSuffixCheck.ql.
[30/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-020/IncompleteUrlSubstringSanitization.ql.
[31/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-020/OverlyLargeRange.ql.
[32/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.ql.
[33/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-400/DeepObjectResourceExhaustion.ql.
[34/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-834/LoopBoundInjection.ql.
[35/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-295/DisablingCertificateValidation.ql.
[36/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-693/InsecureHelmet.ql.
[37/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-347/MissingJWTKeyVerification.ql.
[38/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-770/ResourceExhaustion.ql.
[39/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-770/MissingRateLimiting.ql.
[40/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-346/CorsMisconfigurationForCredentials.ql.
[41/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-116/IncompleteSanitization.ql.
[42/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-116/BadTagFilter.ql.
[43/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-116/UnsafeHtmlExpansion.ql.
[44/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-116/IncompleteMultiCharacterSanitization.ql.
[45/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-116/DoubleEscaping.ql.
[46/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-116/IncompleteHtmlAttributeSanitization.ql.
[47/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-915/PrototypePollutingAssignment.ql.
[48/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-915/PrototypePollutingMergeCall.ql.
[49/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-915/PrototypePollutingFunction.ql.
[50/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-776/XmlBomb.ql.
[51/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-312/CleartextStorage.ql.
[52/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-312/ActionsArtifactLeak.ql.
[53/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-312/CleartextLogging.ql.
[54/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-312/BuildArtifactLeak.ql.
[55/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-754/UnvalidatedDynamicMethodCall.ql.
[56/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-798/HardcodedCredentials.ql.
[57/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-134/TaintedFormatString.ql.
[58/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-352/MissingCsrfMiddleware.ql.
[59/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-338/InsecureRandomness.ql.
[60/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-300/InsecureDependencyResolution.ql.
[61/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-502/UnsafeDeserialization.ql.
[62/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-730/RegExpInjection.ql.
[63/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-730/ServerCrash.ql.
[64/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-1004/ClientExposedCookie.ql.
[65/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-022/ZipSlip.ql.
[66/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-022/TaintedPath.ql.
[67/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-843/TypeConfusionThroughParameterTampering.ql.
[68/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-611/Xxe.ql.
[69/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-078/UselessUseOfCat.ql.
[70/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-078/CommandInjection.ql.
[71/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-078/UnsafeShellCommandConstruction.ql.
[72/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-078/SecondOrderCommandInjection.ql.
[73/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-078/ShellCommandInjectionFromEnvironment.ql.
[74/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-643/XpathInjection.ql.
[75/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-829/InsecureDownload.ql.
[76/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-079/ReflectedXss.ql.
[77/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-079/XssThroughDom.ql.
[78/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-079/UnsafeJQueryPlugin.ql.
[79/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-079/Xss.ql.
[80/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-079/ExceptionXss.ql.
[81/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-079/UnsafeHtmlConstruction.ql.
[82/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Security/CWE-079/StoredXss.ql.
[83/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Performance/ReDoS.ql.
[84/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Performance/PolynomialReDoS.ql.
[85/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Electron/AllowRunningInsecureContent.ql.
[86/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Electron/DisablingWebSecurity.ql.
[87/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Diagnostics/ExtractionErrors.ql.
[88/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Diagnostics/ExtractedFiles.ql.
[89/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Summary/LinesOfCode.ql.
[90/90] No need to rerun /Users/aaron.massicotte/.codeql/packages/codeql/javascript-queries/1.4.0/Summary/LinesOfUserCode.ql.
Shutting down query evaluator.
Interpreting results.
CodeQL scanned 8403 out of 8403 TypeScript files and 1568 out of 1569 JavaScript files in this invocation. Typically CodeQL is configured to analyze a single CodeQL language per invocation, so check other invocations to determine overall coverage information.

@jketema
Copy link
Contributor

jketema commented Feb 20, 2025

Those "No need to rerun" indicate that you didn't clear the cache. I'm still interested in the output from #18736 (comment), as the tuple counts in that log file should explain where the slowness is coming from.

@jketema
Copy link
Contributor

jketema commented Feb 20, 2025

Those "No need to rerun" indicate that you didn't clear the cache.

Oh, my mistake. You'll also need to pass --rerun to codeql database analyze (it's also caching the results).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jketema @aaronmassicotte