e8aa5db07a
There was a recent round of tree-sitter-* package releases, so the latest code is now a) released and b) available on crates.io. Therefore, move away from the (super slow on CI) git dependencies to released crates instead. This also includes a run of `cargo update`, so there's a bunch of more changes to the lockfile. |
||
|---|---|---|
| .. | ||
| .vscode | ||
| buramu | ||
| extractor | ||
| ql | ||
| scripts | ||
| tools | ||
| .gitattributes | ||
| .gitignore | ||
| Cargo.lock | ||
| Cargo.toml | ||
| README.md | ||
| codeql-extractor.yml | ||
| rust-toolchain.toml | ||
README.md
QL for QL
QL for QL is a CodeQL analysis designed to find common bug patterns in QL code.
This analysis is mostly used as a PR check in github/codeql.
QL for QL is experimental technology and not a supported product.
This directory contains the extractor, CodeQL libraries, and queries that power QL for QL.
Some setup is required to use QL for QL (see the below sections).
Building the tools from source
Install Rust (if using VSCode, you may also want the rust-analyzer extension), then run:
cargo build --release
Generating the database schema and QL library
The generated ql/src/ql.dbscheme and ql/src/codeql_ql/ast/internal/TreeSitter.qll files are included in the repository, but they can be re-generated as follows:
./scripts/create-extractor-pack.sh
Building a CodeQL database for a QL program
First, get an extractor pack:
Run ./scripts/create-extractor-pack.sh (Linux/Mac) or .\scripts\create-extractor-pack.ps1 (Windows PowerShell) and the pack will be created in the extractor-pack directory.
Then run
codeql database create <database-path> -l ql -s <project-source-path> --search-path <extractor-pack-path>
CodeQL can be configured to remember the extractor by setting the config file ~/.config/codeql/config to:
--search-path /full/path/to/extractor-pack
Running qltests
Run
codeql test run <test-path> --search-path <repository-root-path>