Highest Voted 'codeql' Questions

0

votes

1 answer

I can't run database analyse in CodeQL

I can't successfully launch a database analyse command. I tried to launch it like this: codeql database analyze test $HOME/codeql-home/codeql-repo/cpp/ql/examples/snippets/function_call.ql --format=csv --output=c_test.csv I got this error: is not…

code-analysis codeql

asked Oct 03 '21 at 14:32

aelk

1
1

0

votes

1 answer

How to check if a Java annotation has a specific property using CodeQL?

Let's say we have the following piece of code: public class Demo { @ABC(name = "abc") private String field1; @ABC private String field2; } @interface ABC { String name() default ""; } How can I write a query that selects all…

java annotations static-analysis codeql semmle-ql

asked Sep 18 '21 at 07:10

Mansur

1,661
3
17
41

0

votes

1 answer

Does GitHub publish the CodeQL ruleset?

I'd like to cross-check the vulnerabilities covered by GitHub's CodeQL service and OWASP Top Ten Web Application Security Risks so that I know where the gaps are. I can't find a list of vulnerabilities covered by CodeQL. Does GitHub publish the list…

security github owasp codeql

asked Sep 09 '21 at 10:55

Kye

5,919
10
49
84

0

votes

1 answer

CodeQL "otherwise"-ish construct?

I'm new to CodeQL, and still trying to wrap my head around it. On a semi-frequent basis, I find myself wanting for a language construct that supports specifying a "fallback value", to implement the following logic: foot Foo(...) { result = A or …

codeql

asked Jul 20 '21 at 12:52

Christoph Lipka

652
4
15

0

votes

1 answer

How to add extra source code for libraries/dependencies to a CodeQL database?

I'm trying to track taint globally across a code repository I downloaded from LGTM (GNU coreutils) but CodeQL seems to also consider calls to libc 'tainted', whereas they do not actually introduce any taint. Consider the following example: size_t…

static-analysis dynamic-library taint codeql

asked Feb 17 '21 at 16:20

Adriaan Jacobs

309
2
9

0

votes

1 answer

Choose database from folder Code QL on Visual Studio Code

I would like to use Code QL in Visual Studio Code to parse a Java project and I am selecting the source folder of my java project after clicking on the icon "choose database from folder". My project's folder looks like this: I am receiving the…

java parsing codeql

asked Nov 13 '20 at 15:54

Mouna Camelia Hammoudi

596
1
5
19

0

votes

1 answer

CodeQL does not work: "Fatal error compiling: invalid target release: 11"

I want to use the code scanning tool CodeQL. I follow the steps in the guide to enable code scanning using github actions. But I get the following error message from the pipeline: [ERROR] Failed to execute goal…

github github-actions codeql

asked Oct 02 '20 at 18:25

flaxel

4,173
4
17
30

0

votes

1 answer

Way to implement CI test to check if function argument is valid?

Let's say I have a python function and dictionary as follows: d = {"a": 1, "b": 2, "c": 3} def foo(input): return d[input] Is there a way when I push my code to GitHub (presumably with some sort of continuous integration) to check that all…

python django travis-ci codeql semmle-ql

asked Sep 09 '20 at 01:41

William Gearty

166
1
8

0

votes

1 answer

codeql CLI lgtm.yml: how to customize javascript extraction?

I can use an lgtm.yml file to customize the javascript extractor when building a database with LGTM.com, but how do I provide these customizations to the codeql CLI? Specifically, I want to include a directory that the extractor excludes by default…

javascript semmle-ql codeql

asked Jul 27 '20 at 19:26

emarteca

51
4

0

votes

1 answer

Can GitHub's / Semmle's CodeQL Query Executor be Self-hosted

I'd like to enable users of my service to write and execute CodeQL queries. I don't want to offload their execution to GitHub's / Semmle's servers. It's unclear whether this is doable, or whether I'd run into licensing issues. In the security lab,…

github semmle-ql codeql

asked May 27 '20 at 18:25

Harry Solovay

483
3
14

0

votes

1 answer

How is this recursive CodeQL predicate is evaluated?

I'm in the process of trying to learn CodeQL and I'm a little confused about how certain CodeQL code is evaluated. I'm hoping someone can help me with a more simplistic explanation. Take the following CodeQL code: string getANeighbor(string…

recursion codeql

asked May 16 '20 at 03:03

wtfacoconut

334
1
8

-1

votes

1 answer

running precommit hooks with codeql/GHAS sast scans?

I'm just getting started with CodeQL and we have a requirement from our devs to CodeQL sast scans as precommit hooks. I could not find any docs on how to set up CodeQL to make it run on my machine. Additional context (to answer questions…

pre-commit-hook pre-commit codeql sast

asked May 25 '23 at 16:24

nnay84

167
1
12

-1

votes

1 answer

What is a good indicator of a request sent over a socket?

I am writing some codeql for web servers like apache and nginx. I have done some research and found that a good indicator of a request is ntohs or ntohl because the the data that is sent over a socket needs to be converted from network byte order to…

c sockets web-services web codeql

asked Dec 27 '20 at 18:42

lemonadeice

13
4

-2

votes

1 answer

Compiling single file from Chromium

I am trying to run codeql on Chromium among a few other open-source software, and I was wondering if it is possible to compile a single file from the full source code, because my machine takes a long time to compile such huge codebases. For example,…

c++ compilation codeql

asked Jan 26 '23 at 17:36

sadmansh

917
2
9
21

-2

votes

1 answer

How to pass GIT_COMMIT variable to the Jenkins Pipeline

I'm unable to find a way to pass the GIT_COMMIT variable to the jenkins pipeline. There are two steps, first step checks out the repo and second step creates the codeql report. To publish the report I need the recent ccommit id from the repo and…

jenkins jenkins-pipeline codeql

asked Jul 13 '22 at 09:36

tarun

17
7

Questions tagged [codeql]