How to solve "Referenced pack 'XXX' was found in multiple locations"?

[whj0401]

I was using codeql-v2.15.3, and I hope to test the latest version (v2.16.6). After downloading the latest bundle and decompressing it, I moved the new version to a new directory. The folder looks like

- codeql-v2.15.3
- codeql-v2.16.6

Then I changed the PATH from using the directory of v2.15.3 to v2.16.6, and running codeql --version looks good (see below).

CodeQL command-line toolchain release 2.16.6.
Copyright (C) 2019-2024 GitHub, Inc.
Unpacked in: /export/codeql
   Analysis results depend critically on separately distributed query and
   extractor modules. To list modules that are visible to the toolchain,
   use 'codeql resolve qlpacks' and 'codeql resolve languages'.

Next, I tried to use the new codeql with new queries and got the following errors.

codeql query run IntegerOverflowTainted_1.ql -d /path/to/codeql_db -o IntegerOverflowTainted_1.ql.bqrs
ERROR: Referenced pack 'codeql/dataflow' was found in multiple locations. Could be one of: '/export/d1/hwangdz/llm-codeql/codeql-v2.15.3/qlpacks/codeql/dataflow/0.1.3/qlpack.yml', '/export/codeql-v2.16.6/qlpacks/codeql/dataflow/0.2.3/qlpack.yml'. (/export/CVE_QLOpt_output/autotrace/ql/qlpack.yml:1,1-1)
ERROR: Referenced pack 'codeql/rangeanalysis' was found in multiple locations. Could be one of: '/export/codeql-v2.15.3/qlpacks/codeql/rangeanalysis/0.0.2/qlpack.yml', '/export/codeql-v2.16.6/qlpacks/codeql/rangeanalysis/0.0.11/qlpack.yml'. (/export/CVE_QLOpt_output/autotrace/ql/qlpack.yml:1,1-1)
ERROR: Referenced pack 'codeql/ssa' was found in multiple locations. Could be one of: '/export/codeql-v2.15.3/qlpacks/codeql/ssa/0.2.3/qlpack.yml', '/export/codeql-v2.16.6/qlpacks/codeql/ssa/0.2.12/qlpack.yml'. (/export/CVE_QLOpt_output/autotrace/ql/qlpack.yml:1,1-1)
ERROR: Referenced pack 'codeql/tutorial' was found in multiple locations. Could be one of: '/export/codeql-v2.15.3/qlpacks/codeql/tutorial/0.2.3/qlpack.yml', '/export/codeql-v2.16.6/qlpacks/codeql/tutorial/0.2.12/qlpack.yml'. (/export/CVE_QLOpt_output/autotrace/ql/qlpack.yml:1,1-1)
...
A fatal error occurred: A 'codeql resolve extensions-by-pack' operation failed with error code 2

Changing the folder of codeql-v2.15.3 to other folders like abcd does not help. Does it mean I have to remove the old directory?
Is there any way to switch the used version without removing the old one?

Thank you in advance.

[Malikrehman00107]

You don't necessarily have to remove the old directory, but you do need to ensure that the environment variables and configurations point to the correct locations for the new version.

you just need to make sure that all environment variables related to CodeQL (such as PATH) are pointing to the directory of the new version (v2.16.6).

[whj0401]

@Malikrehman00107
Thanks for your reply. It seems CodeQL tries to search for directories of qlpacks in some folders. I looked at my environment variables, and only PATH is relative to CodeQL. As shown by running codeql --version, the binary executable is correct. I am not sure if any other variables can control the behavior of CodeQL.

I just made a trick to solve this problem by changing the priority of my old CodeQL's folder, then running codeql will not search available qlpacks in my old folder. I simply run command like

chmod 000 codeql-v2.15.3

Once I want to switch to my old CodeQL, run the following commands let me run codeql-v2.15.3.

chmod 000 codeql-v2.16.6
chmod +wrx codeql-v2.15.3
# then change the value of PATH
export PATH=/path/to/codeql-v2.15.3:$PATH

[Malikrehman00107]

Great ! 👍

[aibaars]

If I recall correctly CodeQL looks for query packs in its "sibling" folders. I think organizing your folders like the following should work

v2.15.3/codeql/
v2.16.6/codeql/

You can also download CodeQL CLI versions without bundled queries. They can be downloaded directly from https://github.com/github/codeql-cli-binaries/releases , but I'd recommend the gh codeql tool which is great for downloading and switching between different CodeQL versions.