mirror of
https://github.com/github/codeql.git
synced 2026-04-22 23:35:14 +02:00
8c46b61e85
Previously, we pulled in the shared tree-sitter extractor via a `git` dependency in `Cargo.toml` to address a `rules_rust` limitation (no `path` dependencies outside of the cargo workspace)). This was a problem, as that means we're cloning `github/codeql` _again_ for the build, which is quite slow. I found another way that is faster, and still produces correct builds for both `cargo`` and `rules_rust`: * Cargo depends on a fake crate that has the same dependencies as the real crate (thanks to `sync-files.py`). Therefore, cargo pulls in the right dependencies into the lockfile, which bazel targets * For local builds, we override the path to that dependency in a cargo config, so we're pulling in the correct code * rules_rust only uses `path` dependencies for collecting transitive dependencies, it never pulls in the code from there. So far that, we manually provide a `BUILD.bazel` file for the shared extractor, and depend on that.
Ruby analysis support for CodeQL
This directory contains the extractor, CodeQL libraries, and queries that power Ruby support in CodeQL products that GitHub makes available to its customers worldwide.
It contains two major components:
- static analysis libraries and queries written in CodeQL that can be used to analyze such a database to find coding mistakes or security vulnerabilities.
- an extractor, written in Rust, that parses Ruby source code and converts it into a database that can be queried using CodeQL. See Developer information for information on building the extractor (you do not need to do this if you are only developing queries).