### Set up Docusaurus documentation server Source: https://github.com/github/codeql/blob/main/go/ql/test/library-tests/semmle/go/frameworks/Twirp/vendor/github.com/twitchtv/twirp/CONTRIBUTING.md Install and start the local Docusaurus server to preview documentation changes before publishing. Navigate to http://localhost:3000/twirp after starting. ```bash cd website ``` ```bash npm install ``` ```bash npm start ``` -------------------------------- ### Bash script for CodeQL integration test setup Source: https://github.com/github/codeql/blob/main/python/extractor/cli-integration-test/README.md This script provides a robust starting point for `test.sh` files in new integration test cases, ensuring strict error handling and proper directory navigation. ```bash #!/bin/bash set -Eeuo pipefail # see https://vaneyckt.io/posts/safer_bash_scripts_with_set_euxo_pipefail/ set -x CODEQL=${CODEQL:-codeql} SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" cd "$SCRIPTDIR" ``` -------------------------------- ### Run Django Migrations and Development Server Source: https://github.com/github/codeql/blob/main/python/ql/test/library-tests/frameworks/rest_framework/README.md These commands prepare the database and start the local development server for a Django project. They should be executed after initial project setup. ```bash python manage.py makemigrations python manage.py migrate python manage.py runserver ``` -------------------------------- ### Install CodeQL Pack Dependencies Source: https://github.com/github/codeql/blob/main/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.6.0.md Installs all dependencies specified in the `qlpack.yml` file for the current CodeQL pack. ```bash codeql pack install ``` -------------------------------- ### QL Order Comparison Examples Source: https://github.com/github/codeql/blob/main/docs/codeql/query-help/ql-language-reference/formulas.md Examples demonstrating the use of order comparison operators in QL, showing formulas that evaluate to true. ```ql "Ann" < "Anne" ``` ```ql 5 + 6 >= 11 ``` -------------------------------- ### Start MongoDB daemon with configuration Source: https://github.com/github/codeql/blob/main/python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/PoC/readme.md Start the MongoDB server using mongod with a configuration file and fork to background process. ```bash mongod --config /usr/local/etc/mongod.conf --fork ``` -------------------------------- ### QL String Literal Examples Source: https://github.com/github/codeql/blob/main/docs/codeql/ql-training/ql-language-reference/ql-language-specification.md Provides examples of string literals in QL, including basic strings and those with escaped double quotes. ```none "hello" "He said, \"Logic clearly dictates that the needs of the many...\"" ``` -------------------------------- ### QL Integer Literal Examples Source: https://github.com/github/codeql/blob/main/docs/codeql/ql-training/ql-language-reference/ql-language-specification.md Illustrates examples of valid integer literals in QL, including positive, zero, and negative values. ```none 0 42 123 -2147483648 ``` -------------------------------- ### Query Example - List Methods in a Class Source: https://github.com/github/codeql/blob/main/docs/codeql/query-help/codeql-language-guides/codeql-library-for-ruby.md Example CodeQL query demonstrating how to list all methods in the ApiController class using the ClassDeclaration and getAMethod() predicate. ```APIDOC ## Query Example - List Methods in a Class ### Description Lists all methods in the class ApiController. ### Query ```ql import codeql.ruby.AST from ClassDeclaration m where m.getName() = "ApiController" select m, m.getAMethod() ``` ### Usage This query imports the CodeQL Ruby AST library and finds all ClassDeclaration nodes where the name equals "ApiController", then returns the class declaration and all methods within it. ``` -------------------------------- ### Install retool via go get Source: https://github.com/github/codeql/blob/main/go/ql/test/library-tests/semmle/go/frameworks/Twirp/vendor/github.com/twitchtv/twirp/CONTRIBUTING.md Install the retool dependency manager when `make setup` fails. Used for managing linters and other tools in the Twirp project. ```bash go get github.com/twitchtv/retool ``` -------------------------------- ### Install pre-commit framework and hooks Source: https://github.com/github/codeql/blob/main/docs/pre-commit-hook-setup.md Install the pre-commit framework via pip and initialize hooks in the repository. Requires pip and CodeQL CLI in PATH. ```bash python3 -m pip install pre-commit pre-commit install ``` -------------------------------- ### QL Identifier Examples Source: https://github.com/github/codeql/blob/main/docs/codeql/ql-training/ql-language-reference/ql-language-specification.md Provides examples of valid identifiers in QL, including those starting with a letter or an '@' sign. ```none width Window_width window5000_mark_II @expr ``` -------------------------------- ### Examples of QL 'any' expressions Source: https://github.com/github/codeql/blob/main/docs/codeql/ql-language-reference/expressions.md These examples demonstrate various forms of the `any` expression in QL, showing how to retrieve files, element names, and sequences of integers or their transformations. ```ql any(File f) ``` ```ql any(Element e | e.getName()) ``` ```ql any(int i | i = [0 .. 3]) ``` ```ql any(int i | i = [0 .. 3] | i * i) ``` -------------------------------- ### Find all Python functions starting with 'get' using CodeQL Source: https://github.com/github/codeql/blob/main/docs/codeql/codeql-language-guides/functions-in-python.md This query identifies all functions whose names begin with 'get'. It often returns many results, including functions that are not methods. ```ql import python from Function f where f.getName().matches("get%") select f, "This is a function called get..." ``` -------------------------------- ### Set up and run Twirp tests Source: https://github.com/github/codeql/blob/main/go/ql/test/library-tests/semmle/go/frameworks/Twirp/vendor/github.com/twitchtv/twirp/CONTRIBUTING.md Standard workflow for building and testing Twirp. Run `make` to install dependencies, build core, and run tests. Use `make test` for Go unit tests only. ```bash make ``` ```bash make test ``` -------------------------------- ### QLDoc Comment Example Source: https://github.com/github/codeql/blob/main/docs/codeql/ql-training/ql-language-reference/ql-language-specification.md Illustrates the structure of a QLDoc comment, starting with '/**' and ending with '*/', with leading asterisks on internal lines. ```none /** It was the best of code. It was the worst of code. It had a qldoc comment. */ ``` -------------------------------- ### Initialize a CodeQL Pack Source: https://github.com/github/codeql/blob/main/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.6.0.md Creates an empty CodeQL pack from a template, setting up the necessary structure for a new pack. ```bash codeql pack init ``` -------------------------------- ### Example Python If/Elif/Else Structure Source: https://github.com/github/codeql/blob/main/python/extractor/tsg-python/README.md Sample Python code demonstrating the if/elif/else syntax that gets unrolled by the parser into nested if statements. ```python if x: do_x elif y: do_y elif z: do_z else: do_else ``` -------------------------------- ### Enable Sandwiched Tracing for CodeQL Database Initialization Source: https://github.com/github/codeql/blob/main/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.6.0.md Use the `--begin-tracing` argument with `codeql database init` to enable sandwiched tracing, which is useful for CI systems that cannot wrap build actions directly. ```bash codeql database init --begin-tracing ``` -------------------------------- ### Find all Python methods starting with 'get' using CodeQL Source: https://github.com/github/codeql/blob/main/docs/codeql/codeql-language-guides/functions-in-python.md Refine the search to only include methods by using the `Function.isMethod()` predicate. This helps filter out non-method functions. ```ql import python from Function f where f.getName().matches("get%") and f.isMethod() select f, "This is a method called get..." ``` -------------------------------- ### Manage CodeQL Starter Workspace with Git Submodules Source: https://github.com/github/codeql/blob/main/docs/codeql/codeql-for-visual-studio-code/setting-up-codeql-in-visual-studio-code.rst These commands are used to clone the CodeQL starter repository with its submodules and to keep those submodules updated. ```bash git clone --recursive ``` ```bash git submodule update --init --remote ``` ```bash git submodule update --remote ``` -------------------------------- ### Access path example with nested components Source: https://github.com/github/codeql/blob/main/ruby/ql/docs/flow_summaries.md Example access path demonstrating nested component syntax. Shows how to reference the return value of an element at a specific index within an array argument. ```ql Argument[0].Element[1].ReturnValue ``` -------------------------------- ### Inefficient predicate for comparing elements in QL Source: https://github.com/github/codeql/blob/main/docs/codeql/ql-training/writing-codeql-queries/troubleshooting-query-performance.md This predicate compares two elements based on their name, file, and start line. It is presented as an example of a predicate that can be optimized by folding. ```ql predicate similar(Element e1, Element e2) { e1.getName() = e2.getName() and e1.getFile() = e2.getFile() and e1.getLocation().getStartLine() = e2.getLocation().getStartLine() } ``` -------------------------------- ### CodeQL Query for Basic Python Getter Detection Source: https://github.com/github/codeql/blob/main/docs/codeql/codeql-language-guides/expressions-and-statements-in-python.md Identifies Python methods that start with 'get', are marked as methods, and contain only a single statement. This serves as a preliminary detection for getter-like functions. ```ql import python from Function f where f.getName().matches("get%") and f.isMethod() and count(f.getAStmt()) = 1 select f, "This function is (probably) a getter." ``` -------------------------------- ### Basic CodeQL Query Structure for Ruby Source: https://github.com/github/codeql/blob/main/docs/codeql/query-help/codeql-language-guides/basic-query-for-ruby-code.md Illustrates the fundamental components of a CodeQL query, including import, variable declaration, conditions, and result selection, using a Ruby AST example. ```ql import codeql.ruby.AST ``` ```ql from IfExpr ifexpr ``` ```ql where not exists(ifexpr.getThen()) ``` ```ql select ifexpr, "This 'if' expression is redundant." ``` -------------------------------- ### Find single-statement Python methods starting with 'get' using CodeQL Source: https://github.com/github/codeql/blob/main/docs/codeql/codeql-language-guides/functions-in-python.md Further refine the query to find methods with a single statement body, often indicative of simple getters. It uses `count(f.getAStmt()) = 1`. ```ql import python from Function f where f.getName().matches("get%") and f.isMethod() and count(f.getAStmt()) = 1 select f, "This function is (probably) a getter." ``` -------------------------------- ### Install QL Emacs Modes Source: https://github.com/github/codeql/blob/main/misc/emacs/README.md Add the QL Emacs directory to the 'load-path' and require the 'ql-mode-base' and 'dbscheme-mode' in your Emacs initialization file. ```elisp ; ~/.emacs, ~/.emacs.el, or ~/.emacs.d/init.el ; ... (add-to-list 'load-path "~/ql/misc/emacs") (require 'ql-mode-base) (require 'dbscheme-mode) ; ... ``` -------------------------------- ### Example Project Configuration for Flask Source: https://github.com/github/codeql/blob/main/python/tools/recorded-call-graph-metrics/README.md Illustrates the JSON configuration structure for adding a new project like Flask to the tracing system. It specifies the repository, commit SHA, test command, and setup steps. ```json "flask": { "repo": "https://github.com/pallets/flask.git", "sha": "21c3df31de4bc2f838c945bd37d185210d9bab1a", "module_command": "pytest -c /dev/null tests examples", "setup": [ "pip install -r requirements/tests.txt", "pip install -q -e examples/tutorial[test]", "pip install -q -e examples/javascript[test]" ] } ``` -------------------------------- ### Import CodeQL Go Libraries Source: https://github.com/github/codeql/blob/main/docs/codeql/codeql-language-guides/basic-query-for-go-code.md Every CodeQL query begins with one or more import statements to include standard libraries, such as the Go libraries in this example. ```ql import go ``` -------------------------------- ### Query Example - List All Jobs in Named Workflow Source: https://github.com/github/codeql/blob/main/docs/codeql/codeql-language-guides/codeql-library-for-actions.md A practical CodeQL query example that demonstrates how to retrieve all jobs from a workflow with a specific name declaration. This example shows how to combine the getName() and getAJob() predicates. ```APIDOC ## Query: List All Jobs in Workflow Named "test" ### Description This query retrieves all jobs from workflows with the name declaration `name: test`. ### Query Code ```ql import actions from Workflow w where w.getName() = "test" select w, w.getAJob() ``` ### Query Explanation - **import actions** - Imports the CodeQL actions library containing the Workflow class - **from Workflow w** - Iterates over all Workflow objects - **where w.getName() = "test"** - Filters workflows with the name "test" - **select w, w.getAJob()** - Returns the workflow and each of its jobs ### Results The query returns tuples containing: - The Workflow object matching the name filter - Each Job object within that workflow ``` -------------------------------- ### CodeQL Path Query for Network Input to File System (Python) Source: https://github.com/github/codeql/blob/main/docs/codeql/codeql-language-guides/analyzing-data-flow-in-python.md This path query version of the network input example identifies the full data flow path from remote input to file system access. It uses `@kind path-problem` to visualize the flow. ```ql /** * @kind path-problem * @problem.severity warning * @id file-system-access-from-remote-input */ import python import semmle.python.dataflow.new.DataFlow import semmle.python.dataflow.new.TaintTracking import semmle.python.dataflow.new.RemoteFlowSources import semmle.python.Concepts module RemoteToFileConfiguration implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } predicate isSink(DataFlow::Node sink) { sink = any(FileSystemAccess fa).getAPathArgument() } } module RemoteToFileFlow = TaintTracking::Global; import RemoteToFileFlow::PathGraph from RemoteToFileFlow::PathNode input, RemoteToFileFlow::PathNode fileAccess where RemoteToFileFlow::flowPath(input, fileAccess) select fileAccess.getNode(), input, fileAccess, "This file access uses data from $@.", input, "user-controllable input." ``` -------------------------------- ### Install ripunzip with Bazel to a custom directory Source: https://github.com/github/codeql/blob/main/misc/ripunzip/README.md Use this command to specify a custom installation directory for ripunzip. ```bash bazel run //misc/ripunzip:install -- /path/to/installation/dir ``` -------------------------------- ### QL Equality Comparison Examples Source: https://github.com/github/codeql/blob/main/docs/codeql/query-help/ql-language-reference/formulas.md Examples illustrating the use of equality and inequality operators in QL, showing formulas that evaluate to true under specific conditions or always. ```ql x.sqrt() = 2 ``` ```ql 4 != 5 ``` -------------------------------- ### Property Pluralization Examples Source: https://github.com/github/codeql/blob/main/misc/codegen/schema_documentation.md Examples of property definitions illustrating how pluralization is handled for auto-generated documentation and when `doc()` is used. ```python generic_type_params: list[GenericTypeParamDecl] arguments: list[Argument] | doc("arguments passed to the applied function") ``` -------------------------------- ### Execute `cg-trace` for a Simple Example Source: https://github.com/github/codeql/blob/main/python/tools/recorded-call-graph-metrics/README.md Demonstrates how to run the `cg-trace` tool on a Python script, outputting the call graph to an XML file. This is a basic usage example for local testing. ```bash cg-trace --xml example/simple.xml example/simple.py ``` -------------------------------- ### QL Type Check Example Source: https://github.com/github/codeql/blob/main/docs/codeql/query-help/ql-language-reference/formulas.md An example demonstrating how to use the `instanceof` operator to check the type of a variable in QL. ```ql x instanceof Person ``` -------------------------------- ### Install ripunzip with Bazel to default location Source: https://github.com/github/codeql/blob/main/misc/ripunzip/README.md Use this command to install ripunzip to the default location, typically ~/.local/bin. ```bash bazel run //misc/ripunzip:install ``` -------------------------------- ### Redundant If Statement Example in C# Source: https://github.com/github/codeql/blob/main/docs/codeql/codeql-language-guides/basic-query-for-csharp-code.md Example of C# code with an empty if statement branch that the CodeQL query is designed to detect. ```csharp if (error) { } ```