codeql
codeql copied to clipboard
github
Parameterized codeql queries
Is there a way to write parameterized queries? Say I my query is something like:
from string methodName, MethodDecl method
where methodName="MyFunc1"
and method.getName()=methodName
select method,"FaultyMethod"
Now I want to run this query for multiple methodNames. Can I like compile the query once and then just pass the strings of method name using some script in golang(where all strings MyFunc1, MyFunc2,MyFunc3,etc are stored) which runs this query?
That is possible using external predicates or using data extensions
For external predicates you can provide the data as a CSV file using the follow flag of codeql query run -vvv --help
--external=<pred>=<file.csv>
A CSV file that contains rows for external
predicate <pred>. Multiple --external options
can be supplied.
Data extensions are used to implement library models for CodeQL. See: https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-java-and-kotlin/ . I don't have a good reference to documentation unfortunately, but searching for the words data extension should give you some starting points in the code to look at.
@aibaars Are data extensions available for golang?
It's a feature of the QL language, so they should be available for all languages. It may be that the QL library for Go is not using them yet, but that does not mean they won't work for you.
Hi @aaaayush-n,
I'm closing this issue because it seems that @aibaars has provided you with possible next steps. If you still have questions, feel free to re-open this issue.
