codeql配置及使用

安装

CodeQL是一种将查询语言的概念引入源代码分析的工具，为开发者提供了全新的方式来发现和理解代码中的潜在问题^[1]

codeql分两个部分，一个是codeql-cli^[2]，还有一个codeql SDK^[3]（或者说codeql lib，总之是codeql官方提供的一些预定义的查询规则，codeql-cli依赖查询规则来执行查询）。

cli可以直接从^[2]直接下载对应架构和操作系统的可执行文件，放入环境变量即可

wget https://github.com/github/codeql-cli-binaries/releases/download/v2.23.1/codeql-linux64.zip
unzip codeql-linux64.zip
mv codeql /root/.local
export PATH=$PATH:/root/.local/codeql

SDK需要直接clone ^[3]这个仓库。

git clone --depth=1 https://github.com/github/codeql
mv codeql /root/.local/codeql-lib

两个部分最好版本一致。进入SDK的仓库之后，codeql pack ls可以查看该SDK支持的规则集。

把SDK放在和cli同一个目录，codeql resolve packs时会自动查询附近目录的lib。

> codeql resolve packs
Searching directories specified by `--additional-packs`. All directories have equal priority.
  Searching in:
    No packs were found at this location.
Searching directories specified by `--search-path`. Directories are searched in order.
Searching the root of the CodeQL distribution.
  Searching in:
      /root/.local/codeql
    The following packs were found:
      legacy-upgrades@0.0.0: (query) /root/.local/codeql/legacy-upgrades/qlpack.yml
Searching the parent directory of the CodeQL distribution.
  Searching in:
      /root/.local
    The following packs were found:
      codeql-csharp-consistency-queries@0.0.0: (query) /root/.local/codeql-lib/csharp/ql/consistency-queries/qlpack.yml
      # ... ...
      legacy-libraries-python@0.0.0: (query) /root/.local/codeql-lib/misc/legacy-support/python/qlpack.yml
    Some packs were hidden by previously found packs. Use --show-hidden-packs to see them.
Searching the local pack cache. This only applies when searching for a particular version of a pack specified in a lock file.
  Searching in: /root/.codeql/packages
  No packs were found at this location.

使用

待续

References

1. CodeQL安装及使用 - you_yu - 博客园 ↩
2. Releases · github/codeql-cli-binaries ↩
3. github/codeql: CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security ↩