codeql-lab/codeql-jedis/README.org

• Jedis Codeql Setup
• Jedis Codeql Modeling
  • setup and start

Jedis Codeql Setup

• fork at https://github.com/hohn/jedis

• github db build: enable code scanning, advanced config

  • only java-kotlin, build-mode: none.
  • creates https://github.com/hohn/jedis/blob/master/.github/workflows/codeql.yml
  • action run at https://github.com/hohn/jedis/actions/workflows/codeql.yml

  • db download

      # list dbs
      curl -H "Authorization: token $GITHUB_TOKEN" \
           https://api.github.com/repos/hohn/jedis/code-scanning/analyses
    
    
      # Get DB via curl
      cd ~/work-gh/codeql-lab/assets
      curl -H "Authorization: token $GITHUB_TOKEN" \
           -H "Accept: application/zip" \
           -L \
           https://api.github.com/repos/hohn/jedis/code-scanning/codeql/databases/java \
           -o jedis-database-gh.zip

  • db at ~/work-gh/codeql-lab/assets/jedis-database-gh.zip

• local db build:

    cd ~/work-gh/codeql-lab/
  
    # Add the submodule
    git submodule add https://github.com/hohn/jedis extern/jedis
  
    # Initialize and clone the submodule
    git submodule update --init --recursive
  
  
    # Build directly once to resolve any errors
    cd ~/work-gh/codeql-lab/extern/jedis
    mvn install -DskipTests=true -Dmaven.javadoc.skip=true -B -V
  
    # Build under codeql
    # Step 1: Clean any prior Maven builds
    cd ~/work-gh/codeql-lab/extern/jedis
    mvn clean
  
    # Step 2: Run CodeQL DB creation with mvn install
    cd ~/work-gh/codeql-lab
    codeql database create assets/jedis-db-local \
           --overwrite \
           --language=java \
           --command="mvn install -DskipTests=true -Dmaven.javadoc.skip=true -B -V" \
           --source-root=extern/jedis

Jedis Codeql Modeling

setup and start

  # Step 1: Go to your CodeQL lab directory
  cd ~/work-gh/codeql-lab

  # Step 2: Extract the prebuilt CodeQL database for the Jedis project
  unzip -q assets/jedis-db-local.zip

  # Step 3: Extract the CodeQL command-line tools (platform-specific)
  unzip -q assets/codeql-osx64.zip

  # Step 4: Change directory to the unpacked CodeQL CLI tools
  cd ~/work-gh/codeql-lab/codeql

  # Step 5: Add the CodeQL CLI directory to your shell's PATH
  # This allows you to run `codeql` from any location
  export PATH="$(pwd):$PATH"

  # Step 6: Launch Visual Studio Code with the lab workspace
  code qllab.code-workspace

  # In VS Code, perform the following setup manually:
  # - Set the current database to: jedis-db-local
  #   (Usually from the CodeQL extension pane – this connects the UI to your analysis DB)
  # - Set the CodeQL CLI executable to: ~/work-gh/codeql-lab/codeql/codeql
  #   (Tell the extension where to find the CLI you just extracted)
  # - In the CodeQL extension tab, scroll to the bottom and select:
  #   'CodeQL: Method modeling' to begin a guided modeling tutorial