Skip to content

jcogs33/codeql

BranchesTags

Repository files navigation

Ruby analysis support for CodeQL

Under development.

Building the tools from source

Install Rust, then run:

cargo build --release

Generating the database schema and QL library

The generated ql/lib/ruby.dbscheme and ql/lib/codeql/ruby/ast/internal/TreeSitter.qll files are included in the repository, but they can be re-generated as follows:

# Run the generator
cargo run --release -p ruby-generator -- --dbscheme ql/lib/ruby.dbscheme --library ql/lib/codeql/ruby/ast/internal/TreeSitter.qll
# Then auto-format the QL library
codeql query format -i ql/lib/codeql/ruby/ast/internal/TreeSitter.qll

Building a CodeQL database for a Ruby program

First, get an extractor pack. There are two options:

  1. Either download the latest codeql-ruby-pack from Actions and unzip it twice, or
  2. Run scripts/create-extractor-pack.sh (Linux/Mac) or scripts\create-extractor-pack.ps1 (Windows PowerShell) and the pack will be created in the extractor-pack directory.

Then run

codeql database create <database-path> -l ruby -s <project-source-path> --search-path <extractor-pack-path>

Running qltests

Run

codeql test run <test-path> --search-path <repository-root-path>

Writing database upgrade scripts

See this guide.

About

CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security (code scanning), LGTM.com, and LGTM Enterprise

securitylab.github.com/tools/codeql

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Contributing

Contributing
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages

  • CodeQL 42.1%
  • C# 26.6%
  • Kotlin 15.5%
  • Java 6.7%
  • JavaScript 3.1%
  • Python 1.9%
  • Other 4.1%