mirror of
https://github.com/github/codeql.git
synced 2025-12-26 13:46:31 +01:00
754bfdd136
Include and prepend statements are rarely used in block in normal code and when used in normal code they tend to be in blocks that are passed to methods like `module_eval` which is a builtin method that evaluates a block in the context of some other module (typically created with Module.new). We currently don't attempt to track such "dynamically" constructed modules, and ignoring such modules and the `module_eval` calls on them seems fine for now. Another, much more frequent use of include/prepend statements in blocks is in Rspec.describe and Rspec.context method calls in tests. Rspec also evaluates those blocks in the context of some special Rspec class. Precisely tracking such calls during the initial construction of the module/class hierarchy would be really hard and there would be little benefit because the interesting modules and classes of an application are not defined in test files.
Ruby analysis support for CodeQL
Under development.
Building the tools from source
Install Rust, then run:
cargo build --release
Generating the database schema and QL library
The generated ql/src/ruby.dbscheme and ql/src/codeql_ruby/ast/internal/TreeSitter.qll files are included in the repository, but they can be re-generated as follows:
# Run the generator
cargo run --release -p ruby-generator
# Then auto-format the QL library
codeql query format -i ql/src/codeql_ruby/ast/internal/TreeSitter.qll
Building a CodeQL database for a Ruby program
First, get an extractor pack. There are two options:
- Either download the latest
codeql-ruby-packfrom Actions and unzip it twice, or - Run
./create-extractor-pack.sh(Linux/Mac) or.\create-extractor-pack.ps1(Windows PowerShell) and the pack will be created in theextractor-packdirectory.
Then run
codeql database create <database-path> -l ruby -s <project-source-path> --search-path <extractor-pack-path>
Running qltests
Run
codeql test run <test-path> --search-path <repository-root-path>