CodeQL CLI prints warning for valid config file

[Kiemes]

Downloading the latest version (2.17.0) and running just the executable without any arguments, prints warning /Users/<user>/.config/codeql/config:1: Warning: Ignoring line with no option name." when this config file is present.

paths-ignore:
  - '**/*.Test.java'

There is nothing else in the config file. Still it should be valid according to this documentation. Or does the snippet only show a partial config file? If so, this could be better visualized or mentioned on the documentation. Is there a general syntax description of the config file?

Expectation is that there is no warning for valid config files or that the documentation states how a valid config file should look like.

[mbg]

Hi @Kiemes 👋

The documentation you have linked to is for configuration files that are understood by the CodeQL GitHub Action. The /Users/<user>/.config/codeql/config file that is used with the CLI follows the format described in https://docs.github.com/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/specifying-command-options-in-a-codeql-configuration-file

[Kiemes]

Thanks for that hint @mbg. 😅
But how do I specify paths-ignore then in the config file if the structure has to be <command> <subcommand> <option> <value>?
Could you help there as well?

[mbg]

You may be able to use the --codescanning-config=<path> option to specify a path to a .yml file with the format from the documentation you linked to. In other words, invoke codeql database create with --codescanning-config=/path/to/your.yml and place

paths-ignore:
  - '**/*.Test.java'

in that file. You can skip the /Users/<user>/.config/codeql/config file entirely
or use it to store the --codescanning-config=/path/to/your.yml as a default argument for codeql database create.

[Kiemes]

I think I tried that before but it did not work. Retried and I get

Writing logs to /Users/<user>/<repo>/codeqlDB/log/database-create-20240409.101317.682.log.
Initializing database at /Users/<user>/<repo>/codeqlDB.
A fatal error occurred: Query pack codeql/java-queries cannot be found. Check the spelling of the pack.

The command I am running is codeql database create codeqlDB --overwrite --source-root . --working-dir ./ --language=java --threads=0 --ram=4000 -v --build-mode none --codescanning-config=<absolute path to config>. Without the --codescanning-config argument it works.

Seems not so easy to just ignore some files from the CodeQL check. I would not even know how to verify what files are actually checked and which are not, based on the output of the CLI. I looked into some of the generated files but did not identify clear evidence. For example, I saw the baseline-info.json which contains java files from my repo, but it contains all, also the *Test.java files.
Should the creation of the DB already skip adding files to the DB? Is there a way to see which files got used for the DB?

[mbg]

Hi @Kiemes,

You could try running codeql pack download codeql/java-queries to make sure the pack is installed.

I also saw your comment in #8689 which I assume is related to this.

Is there a way to see which files got used for the DB?

The database contains information about all extracted files, which can be queried with something like from File f select f. For just extracted source files, from File f where f.isSourceFile() select f will work.