codeql icon indicating copy to clipboard operation
codeql copied to clipboard

Published 20 hours ago verified publisher icon github

Having predicate call external tool?

Open Manouchehri opened this issue 1 year ago • 1 comments
trafficstars

Is there a way, directly or indirectly, to have a CodeQL query use an external tool?

predicate isCurrentYear(string year) {
  year = cmd("date +%Y")
}

Manouchehri avatar Aug 20 '24 21:08 Manouchehri

There is no direct way. However, you can

  • define an external predicate,
  • run the command before running the query
  • save the command output in a CSV file
  • pass the flag --external=<pred>=<file.csv> when running the query
$ codeql database run-queries --help
 ...
      --external=<pred>=<file.csv>
                             A CSV file that contains rows for external predicate <pred>. Multiple --external options can be supplied.

aibaars avatar Aug 21 '24 06:08 aibaars

Hi @Manouchehri,

I'm closing this issue because it seems @aibaars provided you with next steps to import data into a query at runtime.

An alternative to external predicates are data extensions.

If you have further questions, feel free to re-open this issue.

rvermeulen avatar Oct 14 '24 21:10 rvermeulen