codeql
codeql copied to clipboard
github
Including All Query Results in .sarif File
Currently we can only use @kind problem and @kind path-problem queries with query suites. Other queries need to be run manually and they end up in a separate format (.bqrs and not .sarif).
- There's a difference in exporting results from the UI in vscode. If you right click on a row in the query history, this is what you see for a raw query:
This is what you see for a path-problem query:
Notice the "View Alerts (SARIF)" option
-
You can directly run a CodeQL query like this:
codeql database analyze ~/codeql-dbs/<db>/ queries/SampleFile.ql --format=sarif-latest --output=results.sarifHowever, with the output format set to sarif, we get this error:
A fatal error occurred: Could not process query metadata for ~/path/to/codeql-dbs/<db>/ queries/SampleFile.ql Error was: Cannot process query metadata for a query without the '@kind' metadata property. To learn more, see https://codeql.github.com/docs/writing-codeql-queries/metadata-for-codeql-queries/ [NO_KIND_SPECIFIED]This error happens after we have the BQRS, the tool is just saying it can't convert the BQRS to a SARIF.
Is it possible to include all query results in the sarif file?
Thanks in advance
SARIF is a static analysis results interchange format, and is meant as a common output format for static analysis tools. Therefore it is mainly designed for representing alerts/warnings/errors in source code. CodeQL is a general purpose query language and can output arbitrary table data. CodeQL uses the @kind metadata tag to determine how to interpret the table data as static analysis results when writing SARIF output. Only a limited number of @kinds can be included in SARIF (mainly problem and path-problem). If there is no @kind then CodeQL does not know how to interpret the data, and fails.
