hohn/codeql-cli-end-to-end
1
0
Fork 0
mirror of https://github.com/hohn/codeql-cli-end-to-end.git synced 2025-12-16 05:03:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

Individual: 1 database -> N sarif files

Browse Source
This commit is contained in:
Michael Hohn
2023-06-20 09:57:18 -07:00
committed by =Michael Hohn
parent 637743d8ea
commit 5225d9eeff
1 changed files with 34 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
readme.org
View File

@@ -2,10 +2,10 @@
** Run analyses
*** Get collection of databases (already handy)
**** DONE Get https://github.com/rvermeulen/codeql-workshop-vulnerable-linux-driver
**** DONE Get https://github.com/hohn/codeql-workshop-vulnerable-linux-driver
#+begin_src text
cd ~/local
git clone git@github.com:rvermeulen/codeql-workshop-vulnerable-linux-driver.git
git clone git@github.com:hohn/codeql-workshop-vulnerable-linux-driver.git
cd codeql-workshop-vulnerable-linux-driver/
unzip vulnerable-linux-driver.zip
tree -L 2 vulnerable-linux-driver-db/
@@ -256,7 +256,38 @@
# ...
#+END_SRC
**** Use directory of queries: 1 database -> 1 sarif file (least effort)
And run another, get another sarif file. Bad idea in general, but good for
debugging timing etc.
#+BEGIN_SRC sh
#* Use prior variable settings
#* Run query
pushd $PROJ
qo=$PROJ/$(cd $PROJ && git rev-parse --short HEAD)-UseAfterFree.sarif
codeql database analyze --format=sarif-latest --rerun \
--output $qo \
-j6 \
--ram=24000 \
-- \
$DB \
$PROJ/solutions/UseAfterFree.ql
popd
echo "Query results in $qo"
head -5 "$qo"
# Query results in /Users/hohn/local/codeql-cli-end-to-end/codeql-workshop-vulnerable-linux-driver/e402cf5-UseAfterFree.sarif
# {
# "$schema" : "https://json.schemastore.org/sarif-2.1.0.json",
# "version" : "2.1.0",
# "runs" : [ {
# "tool" : {
#+END_SRC
**** NEXT Use directory of queries: 1 database -> 1 sarif file (least effort)
**** Use suite: 1 database -> 1 sarif file (more flexible, more effort)
**** Include versioning:
***** codeql cli