* AST Sample for Javascript Source Create dot output from query and db, and then get a rendered graph in SVG. #+BEGIN_SRC sh # export PATH=$HOME/local/vmsync/codeql250:"$PATH" # cd ~/w/codeql-javascript/src/ codeql database create -j8 -v --language=javascript -s . callbacks.db # cd ~/w/codeql-javascript/queries/ codeql database analyze \ ~/w/codeql-javascript/src/callbacks.db/ \ ~/w/codeql-javascript/queries/printast.ql \ -j8 -v --ram=16000 \ --format=dot \ --output=printast.dot # Results in ls ./callbacks.db/results/codeql-custom-queries-javascript/printast.bqrs # and ls ./printast.dot/null.dot # cd ~/w/codeql-javascript/src/ dot -Tsvg < ./printast.dot/null.dot > ./printast.dot/null.svg open -a safari printast.dot/null.svg #+END_SRC #+CAPTION: AST graph from dot #+NAME: fig:graph-ast-1 [[./src/printast.dot/null.svg]] * Correspondence between query and graph ** Node Query : query predicate nodes(PrintAstNode node, string key, string value) query result | node | key | value | |--------------------------+--------------+--------------------------| | [DeclStmt] var arr = ... | semmle.label | [DeclStmt] var arr = ... | dot source in [[./src/printast.dot/null.dot]] #+BEGIN_SRC text digraph { 28[label="[DeclStmt] var arr = ..."; ]; } #+END_SRC ** Edge Query : query predicate edges(PrintAstNode source, PrintAstNode target, string key, string value) query result | source | target | key | value | |-----------------------------+-----------------------------------------+--------------+-------| | [DeclStmt] var result = ... | [VariableDeclarator] result ... > 3; }) | semmle.order | 1 | | [DeclStmt] var result = ... | [VariableDeclarator] result ... > 3; }) | semmle.label | 1 | dot source in [[./src/printast.dot/null.dot]] #+BEGIN_SRC text digraph { 29[label="[DeclStmt] var result = ..."; ]; 9[label="[VariableDeclarator] result ... > 3; })"; ]; 29 -> 9[label="1"; ]; } #+END_SRC ** graph properties #+BEGIN_SRC java query predicate graphProperties(string key, string value) { key = "semmle.graphKind" and value = "tree" } #+END_SRC query result | key | value | |------------------+-------| | semmle.graphKind | tree | dot source: none * Simple direct use of graph API For illustration, the query [[./queries/graphout.ql]] uses the =@kind graph= output for a trivial graph defined in the =edges()= predicate. The ouput: #+CAPTION: Trivial graph rendered by dot #+ATTR_HTML: :width 10% :height 180px #+NAME: fig:graph-trivial-1 [[./printast.dot/null.svg]] #+BEGIN_SRC sh # export PATH=$HOME/local/vmsync/codeql250:"$PATH" # Create the db cd ~/w/codeql-javascript/src/ rm -fR callbacks.db codeql database create -j8 -v --language=javascript -s . callbacks.db # Run the query to create dot file (and bqrs as side effect) cd ~/w/codeql-javascript/ codeql database analyze \ ~/w/codeql-javascript/src/callbacks.db/ \ ~/w/codeql-javascript/queries/graphout.ql \ -j8 -v --ram=16000 \ --format=dot --rerun \ --output=printast.dot # Create SVG version of graph cd ~/w/codeql-javascript/ dot -Tsvg < ./printast.dot/null.dot > ./printast.dot/null.svg open -a safari printast.dot/null.svg # List query result meta info BQRS=src/callbacks.db/results/exploratory-queries-javascript/graphout.bqrs codeql bqrs info --format=text -- $BQRS # Format results using bqrs decode. codeql bqrs decode --output=printast.csv --result-set=edges \ --format=csv --entities=all -- $BQRS codeql bqrs decode --output=printast.json --format=json --entities=all -- $BQRS # Result files ls -1l ./src/callbacks.db/results/exploratory-queries-javascript/graphout.bqrs \ ./printast.dot/null.dot \ printast.csv printast.json #+END_SRC