a69ec03c6e
This makes it possible to open the query file in the editor when clicking on the query filename. This is a slightly different implementation from the remote queries implementation. The remote queries implementation will send the file path to open to the extension host, and the extension host will simply open the given file path. If someone is able to inject JavaScript into the webview, this would allow them to open an arbitrary file in VSCode. By moving the file path logic to the extension host, we can ensure that we only allow opening the actual query file.
CodeQL for Visual Studio Code
This project is an extension for Visual Studio Code that adds rich language support for CodeQL. It's used to find problems in code bases using CodeQL. It's written primarily in TypeScript.
The extension is released. You can download it from the Visual Studio Marketplace.
To see what has changed in the last few versions of the extension, see the Changelog.
Features
- Enables you to use CodeQL to query databases and discover problems in codebases.
- Shows the flow of data through the results of path queries, which is essential for triaging security results.
- Provides an easy way to run queries from the large, open source repository of CodeQL security queries.
- Adds IntelliSense to support you writing and editing your own CodeQL query and library files.
Project goals and scope
This project will track new feature development in CodeQL and, whenever appropriate, bring that functionality to the Visual Studio Code experience.
Contributing
This project welcomes contributions. See CONTRIBUTING.md for details on how to build, install, and contribute.
License
The CodeQL extension for Visual Studio Code is licensed under the MIT License. The version of CodeQL used by the CodeQL extension is subject to the CodeQL Research Terms & Conditions.
When using the GitHub logos, be sure to follow the GitHub logo guidelines.