hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-20 00:43:44 +01:00
Code Issues Packages Projects Releases Wiki Activity
307 Commits 1,693 Branches 160 Tags
dd954ea943a2a51646a80810504aea80aed15d3c
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Arthur Baars dd954ea943 CFG: correct flow for lambda bodies 
Lambda bodies are parsed as nested do-blocks or normal blocks.
This is actually incorrect, as the body of a lambda can't have
parameters. However, we can "inline" such blocks to get the
desired control flow.
2020-12-17 10:04:01 +01:00
.github/workflows
Workaround for broken cache on OSX
2020-12-03 16:40:37 +01:00
.vscode
Add VSCode build task for cargo build
2020-10-15 13:21:12 +01:00
extractor
Remove redundant field on ChildNode struct
2020-12-16 20:57:06 +00:00
generator
Merge remote-tracking branch 'origin/main' into kinds
2020-12-16 17:55:20 +00:00
node-types
Simplifications based on PR feedback
2020-12-16 17:54:40 +00:00
ql
CFG: correct flow for lambda bodies
2020-12-17 10:04:01 +01:00
scripts
Collect database stats
2020-11-26 14:53:30 +01:00
tools
Add QL test support
2020-11-11 16:32:44 +01:00
.codeqlmanifest.json
Add QL test support
2020-11-11 16:32:44 +01:00
.gitattributes
Use tree-sitter-ruby crate instead of vendoring it
2020-10-27 13:54:56 -04:00
.gitignore
Initial CFG skeleton code
2020-11-18 20:12:42 +01:00
.gitmodules
Use tree-sitter-ruby crate instead of vendoring it
2020-10-27 13:54:56 -04:00
Cargo.lock
Update tree-sitter-ruby to pick up improvements to calls
2020-12-16 10:13:45 +00:00
Cargo.toml
Add library package for shared code
2020-10-23 13:01:17 +01:00
codeql-extractor.yml
Add QL test support
2020-11-11 16:32:44 +01:00
codeql-ruby.code-workspace
Make VSCode default to unix line endings
2020-10-15 13:20:37 +01:00
create-extractor-pack.ps1
Move Generated.qll to ast/internal/TreeSitter.qll
2020-12-01 20:53:41 +01:00
create-extractor-pack.sh
Move Generated.qll to ast/internal/TreeSitter.qll
2020-12-01 20:53:41 +01:00
README.md
Move Generated.qll to ast/internal/TreeSitter.qll
2020-12-01 20:53:41 +01:00

README.md

Ruby analysis support for CodeQL

Under development.

Building the tools from source

Install Rust, then run:

cargo build --release

Generating the database schema and QL library

The generated ql/src/ruby.dbscheme and ql/src/codeql_ruby/ast/internal/TreeSitter.qll files are included in the repository, but they can be re-generated as follows:

# Run the generator
cargo run --release -p ruby-generator
# Then auto-format the QL library
codeql query format -i ql/src/codeql_ruby/ast/internal/TreeSitter.qll

Building a CodeQL database for a Ruby program

First, get an extractor pack. There are two options:

  1. Either download the latest codeql-ruby-pack from Actions and unzip it twice, or
  2. Run ./create-extractor-pack.sh (Linux/Mac) or .\create-extractor-pack.ps1 (Windows PowerShell) and the pack will be created in the extractor-pack directory.

Then run

codeql database create <database-path> -l ruby -s <project-source-path> --search-path <extractor-pack-path>
Description
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
codeqlgithub-advanced-securitygithub-security-labsemmle-qlworks-with-codespaces
Readme MIT 15 GiB
Languages
CodeQL 32.3%
Kotlin 27.5%
C# 17.1%
Java 7.7%
Python 4.6%
Other 10.6%