Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CodeQL python scan failing #16370

Closed
infa-aksharma opened this issue May 1, 2024 · 4 comments
Closed

CodeQL python scan failing #16370

infa-aksharma opened this issue May 1, 2024 · 4 comments
Labels
Python question Further information is requested

Comments

@infa-aksharma
Copy link

infa-aksharma commented May 1, 2024
edited

CodeQL python scan failing

Running codelql database command fails with error below:
codeql database create . --threads=16 --mode=light --db-cluster --language=python --codescanning-config=.github/codeql/codeql-config.yml --no-run-unnecessary-builds --overwrite Initializing databases at ./codeql_databases. Running build command: [] Running command : [/opt/codeql/python/tools/autobuild.sh] [2024-05-01 00:07:42] [build-stderr] ERROR: Python 3.7 or later is required (currently running 3.6) [2024-05-01 00:07:42] [ERROR] Spawned process exited abnormally (code 1; tried to run: [/opt/codeql/python/tools/autobuild.sh]) A fatal error occurred: Exit status 1 from command: [/opt/codeql/python/tools/autobuild.sh]

CodeQL version:2.17.0
Python version 3.6

Does that mean, codeql scans aren't supported using python 3.6?
@infa-aksharma infa-aksharma added the question Further information is requested label May 1, 2024
@RasmusWL RasmusWL added the Python label May 2, 2024
@RasmusWL
Copy link
Member

RasmusWL commented May 2, 2024

Hi @infa-aksharma, we can analyze code written for Python 3.6, but to run the extractor you must use at least Python 3.7.

@sidshank sidshank closed this as completed May 6, 2024
@asharma3-ias
Copy link

Thanks @RasmusWL

Is there a configuration option available to execute the scan on Python 3.6 while disabling the extractors? I'm dealing with legacy code that specifically requires Python 3.6 compatibility. I'm exploring whether there's a way to scan it without the extractors, but if not, I'll need to exclude the code from scanning altogether.

@RasmusWL
Copy link
Member

RasmusWL commented May 8, 2024

You'll need to give a bit more context before I can help you. From what you've said so far, I assume you're not using codeql-action on GitHub Actions to run codeql, but do so manually on your own CI infrastructure? (if so, for running the codeql analysis, you will need to use an installation of Python 3.7+ to run the extractor. it's perfectly viable to have multiple python versions installed at the same time, see pyenv as an example)

@asharma3-ias
Copy link

Thanks @RasmusWL
Yes, I'm using my own CI infrastructure which currently relies on Python 3.6 (Because of some legacy code not compatible with Python 3.6+ ) . As part of routine agent upgrades, I updated the CodeQL version from 2.15.1 to 2.17.2 and noticed Python project scans started failing. So there are two options:

  • Update the Python on the build agent to 3.7 or higher

  • Downgrade codeQL version to 2.15.1 to keep supporting python3.6.

Is there any way for me to keep CodeQL to the latest version and still support python3.6? While i understand the likely answer is No. I want to double check and confirm that I'm not missing any potential solution.

Thanks again for your help.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Python question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@RasmusWL @sidshank @infa-aksharma @asharma3-ias