ERROR: Could not resolve module semmle.code.cpp.dataflow.TaintTracking

[d4em0n]

Hello i installing codeql and have created a cpp database with c projects. But when i run analyze with my query, this is give me error.

➜  new git:(master) ✗ codeql database analyze --format=csv --output=out.txt cpp-database sc.ql
Running queries.
Compiling query plan for /home/xx/new/sc.ql.
ERROR: Could not resolve module semmle.code.cpp.dataflow.TaintTracking. There should probably be a qlpack.yml file declaring dependencies in /home/xx/new or an enclosing directory. (/home/xx/new/sc.ql:2,8-46)
ERROR: Could not resolve module cpp. There should probably be a qlpack.yml file declaring dependencies in /home/xx/new or an enclosing directory. (/home/xx/new/sc.ql:1,8-11)
ERROR: Could not resolve type FunctionCall (/home/xx/new/sc.ql:4,6-18)
ERROR: Could not resolve module DataFlow. There should probably be a qlpack.yml file declaring dependencies in /home/xx/new or an enclosing directory. (/home/xx/new/sc.ql:4,25-33)
ERROR: Could not resolve module DataFlow. There should probably be a qlpack.yml file declaring dependencies in /home/xx/new or an enclosing directory. (/home/xx/new/sc.ql:4,48-56)
ERROR: Could not resolve module TaintTracking. There should probably be a qlpack.yml file declaring dependencies in /home/xx/new or an enclosing directory. (/home/xx/new/sc.ql:8,3-16)

this is sc.ql

import cpp
import semmle.code.cpp.dataflow.TaintTracking

from FunctionCall call, DataFlow::Node source, DataFlow::Node sink
where
  call.getTarget().getName() = "snprintf" and
  call.getArgument(2).getValue().regexpMatch("(?s).*%s.*") and
  TaintTracking::localTaint(source, sink) and
  source.asExpr() = call and
  sink.asExpr() = call.getArgument(1)
select call

I don't know why codeql can't find qlpack.yml. with command resolve packs, it's works. can you help me please?

➜  new git:(master) ✗ codeql resolve qlpacks 
codeql-cpp (/home/xx/codeql-home/codeql-repo/cpp/ql/src)
codeql-cpp-examples (/home/xx/codeql-home/codeql-repo/cpp/ql/examples)
codeql-cpp-tests (/home/xx/codeql-home/codeql-repo/cpp/ql/test)
codeql-cpp-upgrades (/home/xx/codeql-home/codeql-repo/cpp/upgrades)
codeql-csharp (/home/xx/codeql-home/codeql-repo/csharp/ql/src)
codeql-csharp-examples (/home/xx/codeql-home/codeql-repo/csharp/ql/examples)
codeql-csharp-tests (/home/xx/codeql-home/codeql-repo/csharp/ql/test)
codeql-csharp-upgrades (/home/xx/codeql-home/codeql-repo/csharp/upgrades)
codeql-java (/home/xx/codeql-home/codeql-repo/java/ql/src)
codeql-java-examples (/home/xx/codeql-home/codeql-repo/java/ql/examples)
codeql-java-tests (/home/xx/codeql-home/codeql-repo/java/ql/test)
codeql-java-upgrades (/home/xx/codeql-home/codeql-repo/java/upgrades)
codeql-javascript (/home/xx/codeql-home/codeql-repo/javascript/ql/src)
codeql-javascript-examples (/home/xx/codeql-home/codeql-repo/javascript/ql/examples)
codeql-javascript-tests (/home/xx/codeql-home/codeql-repo/javascript/ql/test)
codeql-javascript-upgrades (/home/xx/codeql-home/codeql-repo/javascript/upgrades)
codeql-python (/home/xx/codeql-home/codeql-repo/python/ql/src)
codeql-python-examples (/home/xx/codeql-home/codeql-repo/python/ql/examples)
codeql-python-tests (/home/xx/codeql-home/codeql-repo/python/ql/test)
codeql-python-upgrades (/home/xx/codeql-home/codeql-repo/python/upgrades)
codeql-suite-helpers (/home/xx/codeql-home/codeql-repo/misc/suite-helpers)
legacy-libraries-cpp (/home/xx/codeql-home/codeql-repo/misc/legacy-support/cpp)
legacy-libraries-csharp (/home/xx/codeql-home/codeql-repo/misc/legacy-support/csharp)
legacy-libraries-java (/home/xx/codeql-home/codeql-repo/misc/legacy-support/java)
legacy-libraries-javascript (/home/xx/codeql-home/codeql-repo/misc/legacy-support/javascript)
legacy-libraries-python (/home/xx/codeql-home/codeql-repo/misc/legacy-support/python)
legacy-upgrades (/home/xx/codeql-home/codeql/legacy-upgrades)

[twosmi1e]

I face the same problem. how to fix it?

[Semiu]

Why is this question closed without providing a solution to the issue raised or an explanation? Google search for a similar problem would always direct users here and would be better if a guide is provided.

[u2400]

/**
 * @name Uncontrolled command line
 * @description Using externally controlled strings in a command line may allow a malicious
 *              user to change the meaning of the command.
 * @kind path-problem
 * @problem.severity error
 * @security-severity 9.8
 * @precision high
 * @id js/command-line-injection
 * @tags correctness
 *       security
 *       external/cwe/cwe-078
 *       external/cwe/cwe-088
 */

import javascript
import semmle.javascript.security.dataflow.CommandInjection
import DataFlow::PathGraph

from
  CommandInjection::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, DataFlow::Node highlight,
  CommandInjection::Source sourceNode
where
  cfg.hasFlowPath(source, sink) and
  (
    if cfg.isSinkWithHighlight(sink.getNode(), _)
    then cfg.isSinkWithHighlight(sink.getNode(), highlight)
    else highlight = sink.getNode()
  ) and
  sourceNode = source.getNode()
select highlight, source, sink, "This command depends on $@.", sourceNode,
  sourceNode.getSourceType()

I checked the packages I was able to call and modified the code. This worked for me.

[carlspring]

Hi,

So, how's you folks get it to work?

[c01dkit]

You need to (manually) create a file exactly named qlpack.yml in the same directory as your xxx.ql. CodeQL seems to use it as default.

The content of the qlpack.yml may simply be, for instance:

name: test
dependencies:
  codeql/cpp-all: '*'

I think it strange to do so, though.