CodeQL¶

CLI¶

To use the CodeQL CLI in Python, you need to first import CodeQL and set it up:

from ghastoolkit import CodeQL, CodeQLDatabases

codeql = CodeQL()
# load all local databases on system in common locations
databases = CodeQLDatabases.loadLocalDatabase()

print(f"CodeQL    :: {codeql}")
print(f"Databases :: {len(databases)}")

You can also download databases remotely.

Running Queries¶

By default you can run the default queries on a database which will run the standard CodeQL query pack codeql/$LANGUAGE-queries.

# get a single database by name
db = databases.get("ghastoolkit")

results = codeql.runQuery(db)
print(f"Results   :: {len(results)}")

If you want to run a suites from the default packs on the database, use one of the built-in suites:

# security-extended
results = codeql.runQuery(db, "security-extended")

# security-and-quality
results = codeql.runQuery(db, "security-and-quality")

# security-experimental
results = codeql.runQuery(db, "security-experimental")

You can also output the command to the console using display versus it being hidden by default.

codeql.runQuery(db, display=True)

Custom Packs¶

To run a query from a custom pack, you can use the following pattern.

from ghastoolkit import CodeQL, CodeQLDatabases, CodeQLPack

codeql = CodeQL()
databases = CodeQLDatabases.loadLocalDatabase()

# download the latest pack
pack = CodeQLPack.download("geekmasher/codeql-python")
print(f"Pack: {pack} (queries: {len(pack.resolveQueries())})")

for db in databases:
    results = codeql.runQuery(db, pack.name)
    print(f" >> {db} :: {len(results)}")

CodeQL¶

CLI¶

Running Queries¶

Custom Packs¶

GHAS Toolkit

Navigation

Related Topics