Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Can anyone tell how primaryLocationLineHash be generated? #5982

Answered by RasmusWL
ZH3FENG asked this question in Q&A
Discussion options

I have read part of SARIF https://docs.oasis-open.org/sarif/sarif/v2.1.0/cs01/sarif-v2.1.0-cs01.html, particularly partialFingerprints property.
Also, SARIF results file from https://lgtm.com/help/lgtm/sarif-results-file.

This will contain, at a minimum, a value for the primaryLocationLineHash, which provides a fingerprint based on the context of the primary location.

Can anyone tell me how primaryLocationLineHash be generated. What algorithm ?
I have noticed the result contains codeflow property. Does codeflow affect generation of primaryLocationLineHash ?
You must be logged in to vote

Hi @ZH3FENG, can you please elaborate on why you want to know how primaryLocationLineHash is generated? As I see it, this is just some unique hash value produced by CodeQL to help determine whether two results are logically identical.

Replies: 2 comments 4 replies

Comment options

Hi @ZH3FENG, can you please elaborate on why you want to know how primaryLocationLineHash is generated? As I see it, this is just some unique hash value produced by CodeQL to help determine whether two results are logically identical.
You must be logged in to vote
4 replies
Comment options

I knew it's purpose.
I'am thinking whether a customized sanitization would change it, especially when the sanitization is valid.
Will a new result reported?
Comment options

I'm not too familiar with the specific logic. Can you please elaborate on why you want to know how primaryLocationLineHash is generated? (have you experienced any specific problems?)
Comment options

Not yet.
I'm worrying about customized sanitization will change it, then another new vulnerability will be reported.
Maybe i should do some test.
Thanks.
Comment options

👌
Answer selected by ZH3FENG
Comment options

An implementation of the algorithm used by CodeQL can be found at https://github.com/github/codeql-action/blob/216127f34aa309c5876c25b8ea6bda90f4f559fe/src/fingerprints.ts#L30-L41

You must be logged in to vote
0 replies
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

AltStyle によって変換されたページ (->オリジナル) /