Add codeql-duckdb/ with instructions, assets/duckdb* with databases

codeql-duckdb/README.org

@@ -0,0 +1,44 @@
+* Duckdb Codeql Setup
+  - fork at https://github.com/hohn/duckdb
+  - github db build: enable code scanning, advanced config
+    - only c/cpp
+    - creates https://github.com/hohn/duckdb/blob/main/.github/workflows/codeql.yml
+    - action run at https://github.com/hohn/duckdb/actions/runs/15939648352/job/44965776267
+    - db download
+      #+BEGIN_SRC sh
+        # list dbs
+        curl -H "Authorization: token $GITHUB_TOKEN" \
+             https://api.github.com/repos/hohn/duckdb/code-scanning/analyses
+
+
+        # Get DB via curl
+        cd ~/work-gh/codeql-lab/assets
+        curl -H "Authorization: token $GITHUB_TOKEN" \
+             -H "Accept: application/zip" \
+             -L \
+             https://api.github.com/repos/hohn/duckdb/code-scanning/codeql/databases/cpp \
+             -o duckdb-database-gh.zip
+      #+END_SRC
+
+  - local db build:
+    #+BEGIN_SRC sh 
+      cd ~/work-gh/codeql-lab/extern/duckdb
+      # follow https://duckdb.org/docs/stable/dev/building/macos
+      brew install git cmake ninja
+
+      # edit makefile to speed up build:
+      '
+      release: ${EXTENSION_CONFIG_STEP}
+          mkdir -p ./build/release && \
+          cd build/release && \
+          cmake $(GENERATOR) $(FORCE_COLOR) ${WARNINGS_AS_ERRORS} ${FORCE_WARN_UNUSED_FLAG} ${FORCE_32_BIT_FLAG} ${DISABLE_UNITY_FLAG} ${DISABLE_SANITIZER_FLAG} ${STATIC_LIBCPP} ${CMAKE_VARS} ${CMAKE_VARS_BUILD} -DCMAKE_BUILD_TYPE=Release ../.. 
+
+      rbuild: release
+          cd build/release && cmake --build . --config Release -j10
+      '
+
+      codeql database create --language=cpp -s . -j 10 -v \
+             duckdb-db \
+             --command='make rbuild'
+    #+END_SRC
+    

codeql-duckdb/codeql-pack.lock.yml

@@ -0,0 +1,4 @@
+---
+lockVersion: 1.0.0
+dependencies: {}
+compiled: false

codeql-duckdb/example.ql

@@ -0,0 +1,12 @@
+/**
+ * @name Empty block
+ * @kind problem
+ * @problem.severity warning
+ * @id cpp/example/empty-block
+ */
+
+import cpp
+ 
+from BlockStmt b
+where b.getNumStmt() = 0
+select b, "This is an empty block."

codeql-duckdb/qlpack.yml

@@ -0,0 +1,6 @@
+name: getting-started/codeql-duckdb
+version: 0.0.0
+dependencies:
+  # This uses the latest version of the codeql/cpp-all library.
+  # You may want to change to a more precise semver string.
+  codeql/cpp-all: "*"