You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The idea is that I want to add some addition data to codeql database and use these new data as new predicates to enhance the analysis capabilities. I notice the --external option, but I don't know how to use it. So I'm asking here.
Idea: The data can be generated by compiler or other static analysis tools. And they are convertible to CodeQL classes/predicates through user-defined mapping rules. For example, for AST nodes, the location string can be converted to AST node if user-defined adaptor predicates are satisfied. Additional information can be inserted to the added data to avoid conflicts when it is generated by compiler or other static analysis tools.
Take escape analysis in golang as an example. Some variables can be heap allocated decided by compiler. We can dump the definition location, the type and other information about these variables to csv file. When imported by CodeQL, we can define a adaptor using the location string and the type to map csv file to HeapAllocatedVariable class, then we can do more things through CodeQL, like linters or statistical analysis. It's somewhat a problem about fusing the data generated by another extractor.
Issue #9758 also reveals similiar problem I think.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
The idea is that I want to add some addition data to codeql database and use these new data as new predicates to enhance the analysis capabilities. I notice the
--externaloption, but I don't know how to use it. So I'm asking here.Idea: The data can be generated by compiler or other static analysis tools. And they are convertible to CodeQL classes/predicates through user-defined mapping rules. For example, for AST nodes, the location string can be converted to AST node if user-defined adaptor predicates are satisfied. Additional information can be inserted to the added data to avoid conflicts when it is generated by compiler or other static analysis tools.
Take escape analysis in golang as an example. Some variables can be heap allocated decided by compiler. We can dump the definition location, the type and other information about these variables to csv file. When imported by CodeQL, we can define a adaptor using the location string and the type to map csv file to
HeapAllocatedVariableclass, then we can do more things through CodeQL, like linters or statistical analysis. It's somewhat a problem about fusing the data generated by another extractor.Issue #9758 also reveals similiar problem I think.
Beta Was this translation helpful? Give feedback.
All reactions