Error 126: execute permission of setup.py #53
Comments
|
Thank you! I was running into the same. I added below line near the bottom right before the USER command. Then rebuild the image. RUN ["chmod", "+x", "usr/local/startup_scripts/setup.py"]
... |
|
still not resolved in the public image/registry |
|
still not resolved in the public image/registry |
|
+1 same error for me today with the public image. |
|
+1 same, running some pipelines Using docker image sha256:dde08fbe633123bf7e41bb6ecb53661bc4c99edeb997daf54f042db2ffa34e94 for mcr.microsoft.com/cstsectools/codeql-container with digest mcr.microsoft.com/cstsectools/codeql-container@sha256:f435d38885c23e8cd77125963d61adf4c49db12efc85bb58881fa69a539359b2 ...
/bin/sh: 1: /usr/local/startup_scripts/setup.py: Permission denied |
|
Look like the project is no longer active. I suggest you clone the repo, make modifications and build the Docker image yourself. |
|
As a heads up, I believe the technique used in this repository to download the CODEQL Binaries and precompile the queries is outdated in the sense that GitHub now offers pre-compiled queries you can just download. For example, instead of this: https://github.com/microsoft/codeql-container/blob/main/Dockerfile#L70 which downloads from We used this image from MCR as a base for a while and had it overwriting permissions for the setup.py file. Eventually, we realized there are quite a few inefficiencies in this workflow that have changed over time. Much appreciated to have this repository as a base starting example, but now we build our own container in minutes and have simplified the scripts in it, the primary change being we get queries from the mentioned new location, which is nice to pair the CLI version with the query version as there can be coupling there based on new features. Example installing latest CLI and Precompiled queries: |
|
@travisgosselin, great insights! I started a new repo to build new Docker image following travisgosselin's approach. Cheers, |
This is fantastic! Thanks for setting that up easily for more to use! |
## Summary This PR introduces a script that allows developers to run CodeQL analysis locally. It uses a Docker container with prebuilt CodeQL queries to facilitate easy setup and execution. The script has the following key steps: - Creating a CodeQL database from the source code. The database is essentially a representation of the codebase that CodeQL uses to analyze for potential issues. - Running the analysis on the created database, `javascript-security-and-quality` suit is used. ### Usage ``` bash scripts/codeql/quick_check.sh -s path/to/your-source-dir ``` For example ``` bash scripts/codeql/quick_check.sh -s ./x-pack/plugins/security_solution/public/common/components/ml/conditional_links ``` The `-s` option allows you to specify the path to the source code directory that you wish to analyze. ### Why custom Docker file? Checked the ability to use MSFT image for local run https://github.com/microsoft/codeql-container. Turned out it has several problems: 1. The published one has an error with [execute permissions](microsoft/codeql-container#53). 2. Container has outdated nodejs version, so it didn't parse our syntax (like `??`) and failed. 3. The technique used in the repository to download the CodeQL binaries and precompile the queries is outdated in the sense that GitHub now offers pre-compiled queries you can just download. Follow this [comment](microsoft/codeql-container#53 (comment)). Taking this into consideration I have created a lightweight docker image without extraneous dependencies for go/.net/java. ## Context and interdependencies issues There are issues sometimes when analyze run returns no results, particularly when analyzing a single folder. It might be due to the missing context for the data flow graph CodeQL generates or context for interdependencies. This is actually a trade off of running it locally for a subset of source directories. We need to explicitly state that in the documentation and advise to expand the scope of source code directories involved for local scan. Documentation for triaging issues will be updated separately. __Closes: https://github.com/elastic/kibana/issues/195740__
## Summary This PR introduces a script that allows developers to run CodeQL analysis locally. It uses a Docker container with prebuilt CodeQL queries to facilitate easy setup and execution. The script has the following key steps: - Creating a CodeQL database from the source code. The database is essentially a representation of the codebase that CodeQL uses to analyze for potential issues. - Running the analysis on the created database, `javascript-security-and-quality` suit is used. ### Usage ``` bash scripts/codeql/quick_check.sh -s path/to/your-source-dir ``` For example ``` bash scripts/codeql/quick_check.sh -s ./x-pack/plugins/security_solution/public/common/components/ml/conditional_links ``` The `-s` option allows you to specify the path to the source code directory that you wish to analyze. ### Why custom Docker file? Checked the ability to use MSFT image for local run https://github.com/microsoft/codeql-container. Turned out it has several problems: 1. The published one has an error with [execute permissions](microsoft/codeql-container#53). 2. Container has outdated nodejs version, so it didn't parse our syntax (like `??`) and failed. 3. The technique used in the repository to download the CodeQL binaries and precompile the queries is outdated in the sense that GitHub now offers pre-compiled queries you can just download. Follow this [comment](microsoft/codeql-container#53 (comment)). Taking this into consideration I have created a lightweight docker image without extraneous dependencies for go/.net/java. ## Context and interdependencies issues There are issues sometimes when analyze run returns no results, particularly when analyzing a single folder. It might be due to the missing context for the data flow graph CodeQL generates or context for interdependencies. This is actually a trade off of running it locally for a subset of source directories. We need to explicitly state that in the documentation and advise to expand the scope of source code directories involved for local scan. Documentation for triaging issues will be updated separately. __Closes: https://github.com/elastic/kibana/issues/195740__ (cherry picked from commit 9dd4205)
## Summary This PR introduces a script that allows developers to run CodeQL analysis locally. It uses a Docker container with prebuilt CodeQL queries to facilitate easy setup and execution. The script has the following key steps: - Creating a CodeQL database from the source code. The database is essentially a representation of the codebase that CodeQL uses to analyze for potential issues. - Running the analysis on the created database, `javascript-security-and-quality` suit is used. ### Usage ``` bash scripts/codeql/quick_check.sh -s path/to/your-source-dir ``` For example ``` bash scripts/codeql/quick_check.sh -s ./x-pack/plugins/security_solution/public/common/components/ml/conditional_links ``` The `-s` option allows you to specify the path to the source code directory that you wish to analyze. ### Why custom Docker file? Checked the ability to use MSFT image for local run https://github.com/microsoft/codeql-container. Turned out it has several problems: 1. The published one has an error with [execute permissions](microsoft/codeql-container#53). 2. Container has outdated nodejs version, so it didn't parse our syntax (like `??`) and failed. 3. The technique used in the repository to download the CodeQL binaries and precompile the queries is outdated in the sense that GitHub now offers pre-compiled queries you can just download. Follow this [comment](microsoft/codeql-container#53 (comment)). Taking this into consideration I have created a lightweight docker image without extraneous dependencies for go/.net/java. ## Context and interdependencies issues There are issues sometimes when analyze run returns no results, particularly when analyzing a single folder. It might be due to the missing context for the data flow graph CodeQL generates or context for interdependencies. This is actually a trade off of running it locally for a subset of source directories. We need to explicitly state that in the documentation and advise to expand the scope of source code directories involved for local scan. Documentation for triaging issues will be updated separately. __Closes: https://github.com/elastic/kibana/issues/195740__
Following the official instructions, I met the following errors when executing the
docker run ...command in Basic Usage of the readme, whenever I build the image myself or just pull the image from the Microsoft Container Registry./bin/sh: 1: /usr/local/startup_scripts/setup.py: Permission denied Error 126 executing from command. Exiting...codeql-container/container/startup.py
Lines 36 to 38 in 073695d
I reviewed the code of startup.py and Dockerfile. I think this is due to the lack of execute permission of setup.py. Then I
chmodthe permission, and the problem is solved.The text was updated successfully, but these errors were encountered: