hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-08 19:21:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
299 Commits 1,691 Branches 160 Tags
c6a52ed2eaed308896e37df8e8bbf5e02d01b68f
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Taus c6a52ed2ea Query: Noninitial imports of the standard library 
Finds a single result in

```
semmle.code.java.dataflow.internal.rangeanalysis.SignAnalysisSpecific.qll
```
which starts with

```ql
module Private {
  import semmle.code.java.dataflow.RangeUtils as RU
  private import semmle.code.java.dataflow.SSA as Ssa
  private import semmle.code.java.controlflow.Guards as G
  private import java as J
  private import Sign
  ...
```
2021-10-14 15:44:23 +00:00
.devcontainer
More cleanup
2021-05-26 13:25:43 +02:00
.github/workflows
build a query pack separately, with a compilation cache
2021-10-14 14:09:01 +02:00
.vscode
Initial commit
2021-05-26 11:32:30 +02:00
extractor
Fix parsing of unique
2021-10-14 08:09:13 +00:00
generator
Fix parsing of unique
2021-10-14 08:09:13 +00:00
node-types
Update to latest generator
2021-06-01 16:43:11 +00:00
ql
Query: Noninitial imports of the standard library
2021-10-14 15:44:23 +00:00
repo-tests
Add codeql-go sources (abe3f2148b)
2021-10-14 08:09:51 +02:00
scripts
Initial commit
2021-05-26 11:32:30 +02:00
tools
Add support for dbscheme and qlpack.yml
2021-05-30 17:38:26 +00:00
.codeqlmanifest.json
Initial commit
2021-05-26 11:32:30 +02:00
.gitattributes
Initial commit
2021-05-26 11:32:30 +02:00
.gitignore
Add work folder to gitignore.
2021-10-13 08:28:27 +00:00
Cargo.lock
Fix parsing of unique
2021-10-14 08:09:13 +00:00
Cargo.toml
Initial commit
2021-05-26 11:32:30 +02:00
codeql-extractor.yml
fix qlpack version string
2021-10-12 11:01:18 +00:00
create-extractor-pack.ps1
Make the create-extractor-pack.ps1 script more reliable.
2021-10-13 09:17:59 +01:00
create-extractor-pack.sh
Initial commit
2021-05-26 11:32:30 +02:00
README.md
Update README.md
2021-10-13 10:09:08 +01:00

README.md

QL analysis support for CodeQL

Part of the May 2021 code scanning hackathon.

Under development.

Building the tools from source

Install Rust (if using VSCode, you may also want the rust-analyzer extension), then run:

cargo build --release

Generating the database schema and QL library

The generated ql/src/ql.dbscheme and ql/src/codeql_ql/ast/internal/TreeSitter.qll files are included in the repository, but they can be re-generated as follows:

./create-extractor-pack.sh

Building a CodeQL database for a QL program

First, get an extractor pack:

Run ./create-extractor-pack.sh (Linux/Mac) or .\create-extractor-pack.ps1 (Windows PowerShell) and the pack will be created in the extractor-pack directory.

Then run

codeql database create <database-path> -l ql -s <project-source-path> --search-path <extractor-pack-path>

Running qltests

Run

codeql test run <test-path> --search-path <repository-root-path>
Description
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
codeqlgithub-advanced-securitygithub-security-labsemmle-qlworks-with-codespaces
Readme MIT 15 GiB
Languages
CodeQL 32.3%
Kotlin 27.5%
C# 17.1%
Java 7.7%
Python 4.6%
Other 10.6%