Warning: Some packages could not be found
weilueluo opened this issue · comments
Hi guys, I ran the Golang CodeQL checks on this repository: https://github.com/CiscoDevNet/terraform-provider-cdo and found that it is unable to resolve some references. Those references are replaced in the go.mod
file to a local package like this:
replace github.com/CiscoDevnet/terraform-provider-cdo/go-client => ../client
however, it seems like the tool does not recognise this:
May I know how can I resolve this? Any help is appreciated!
Thanks for reporting this. The error message suggests that this can be fixed by using a custom build command. Have you tried that?
I'm not sure CodeQL "understands" the replace
statements in your mod.go
file. I'll ask the team if we support this feature, and if not, perhaps it could be implemented.
Hi, thanks for the reply! I have added my custom build command and now the warnings are gone, however, it is still not running queries for the files in the client
directory. I downloaded artifact and found that the files in the client
directory had been indexed:
However, when I download the language csv report from this link (not sure if you can access)
https://github.com/CiscoDevNet/terraform-provider-cdo/security/code-scanning/tools/CodeQL/status, It says that all files in the client
directory are not successfully extracted
And then I went to decode the files in codeql_databases/go/results/codeql/go-queries/Diagnostics/ExtractionErrors.bqrs
and I got:
~/Downloads/artifact/codeql_databases/go/results/codeql/go-queries/Diagnostics ❯ codeql bqrs decode -- ExtractionErrors.bqrs 17:46:07
| msg | sev |
+-----+-----+
~/Downloads/artifact/codeql_databases/go/results/codeql/go-queries/Diagnostics ❯
which seems to suggest no error is found. Does it mean that the codeql has intentionally filtered out that package? How can I tell codeql to run query on that package as well? Any suggestion would be helpful! Thanks!