Replies: 8 comments 3 replies
-
Hi @ruizrube, great to hear you're interested in expanding support for CodeQL 💪 What language(s) were you interested adding support for? We don't have super detailed documentation on how to do this, but a good start would be to read this blog post on how we do extraction for Ruby: https://github.blog/2022-02-01-code-scanning-and-ruby-turning-source-code-into-a-queryable-database/ You should be able to use the same approach with using tree-sitter to get up and running with being able to query the raw AST produced by tree-sitter. Adding AST rewrite rules to get a clean API as well as data-flow support would take some effort. I would strongly recommend that you join the GitHub Security Lab slack (request invite here) and join the |
Beta Was this translation helpful? Give feedback.
-
Hi!
Thank you for the pointers. I am evaluating whether implement support for
the Blockly language serialized as XML files
…On Mon, 21 Feb 2022 at 15:12, Rasmus Wriedt Larsen ***@***.***> wrote:
Hi @ruizrube <https://github.com/ruizrube>, great to hear you're
interested in expanding support for CodeQL 💪 What language(s) were you
interested adding support for?
We don't have super detailed documentation on how to do this, but a good
start would be to read this blog post on how we do extraction for Ruby:
https://github.blog/2022-02-01-code-scanning-and-ruby-turning-source-code-into-a-queryable-database/
You should be able to use the same approach with using tree-sitter to get
up and running with being able to query the raw AST produced by
tree-sitter. Adding AST rewrite rules to get a clean API as well as
data-flow support would take some effort.
I would strongly recommend that you join the GitHub Security Lab slack
(request invite here <https://securitylab.github.com/get-involved/>) and
join the #codeql-hacking channel, which was designed with this purpose of
talking about CodeQL extensions and custom extractors (and has a few more
resources).
—
Reply to this email directly, view it on GitHub
<#8141 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAGBCNKSYBWLRJHH7WYM35TU4JB3VANCNFSM5O466W3A>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
Hi again.
Since a Blockly program is managed as a XML file, I could analyze it, for
example, as a Java program and using the XMLElement type (
https://codeql.github.com/codeql-standard-libraries/java/semmle/code/xml/XML.qll/type.XML$XMLElement.html).
Isn't it?
…On Mon, 21 Feb 2022 at 19:08, Iván Ruiz Rube (UCA) ***@***.***> wrote:
Hi!
Thank you for the pointers. I am evaluating whether implement support for
the Blockly language serialized as XML files
On Mon, 21 Feb 2022 at 15:12, Rasmus Wriedt Larsen <
***@***.***> wrote:
> Hi @ruizrube <https://github.com/ruizrube>, great to hear you're
> interested in expanding support for CodeQL 💪 What language(s) were you
> interested adding support for?
>
> We don't have super detailed documentation on how to do this, but a good
> start would be to read this blog post on how we do extraction for Ruby:
> https://github.blog/2022-02-01-code-scanning-and-ruby-turning-source-code-into-a-queryable-database/
>
> You should be able to use the same approach with using tree-sitter to get
> up and running with being able to query the raw AST produced by
> tree-sitter. Adding AST rewrite rules to get a clean API as well as
> data-flow support would take some effort.
>
> I would strongly recommend that you join the GitHub Security Lab slack
> (request invite here <https://securitylab.github.com/get-involved/>) and
> join the #codeql-hacking channel, which was designed with this purpose
> of talking about CodeQL extensions and custom extractors (and has a few
> more resources).
>
> —
> Reply to this email directly, view it on GitHub
> <#8141 (comment)>,
> or unsubscribe
> <https://github.com/notifications/unsubscribe-auth/AAGBCNKSYBWLRJHH7WYM35TU4JB3VANCNFSM5O466W3A>
> .
> Triage notifications on the go with GitHub Mobile for iOS
> <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
> or Android
> <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
>
> You are receiving this because you were mentioned.Message ID:
> ***@***.***>
>
|
Beta Was this translation helpful? Give feedback.
-
Are there any folks who have done any work for Perl with CodeQL? I know that it's fun to poke fun at the older langauges, but there's still a significant Perl codebase out there and the SAST tool support available for Perl code is not very well maintained. |
Beta Was this translation helpful? Give feedback.
-
I deal in the world(s) of "dead languages" [How many here have done Algol, Fortran [IV and 77], Ada, or so many more].... It would be GREAT if there was some formal supported documentation as an extensibility guide/tutorial as I do not ever see if being viable for the product team(s) to invest in these areas...... |
Beta Was this translation helpful? Give feedback.
-
Is there by chance a Roadmap of soon to be supported language stacks with CodeQL? |
Beta Was this translation helpful? Give feedback.
-
Awesome. Thanks!!!
Get Outlook for iOS<https://aka.ms/o0ukef>
…________________________________
From: Chris Smowton ***@***.***>
Sent: Monday, March 20, 2023 8:11:44 AM
To: github/codeql ***@***.***>
Cc: Ken Crismon ***@***.***>; Comment ***@***.***>
Subject: Re: [github/codeql] Support for other languages (Discussion #8141)
The public roadmap can be seen at https://github.com/orgs/github/projects/4247/views/1?filterQuery=label%3Acodeql
—
Reply to this email directly, view it on GitHub<#8141 (reply in thread)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ARZX5KLDWF5VMIJFEFOXBTLW5BQSBANCNFSM5O466W3A>.
You are receiving this because you commented.Message ID: ***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
I used quotes for a reason to indicate that they are in fact used in various situations… thank you for your support <smile>
From: Quentin Dauprat ***@***.***>
Sent: Tuesday, March 26, 2024 8:27 AM
To: github/codeql ***@***.***>
Cc: David Corbin ***@***.***>; Comment ***@***.***>
Subject: [External] Re: [github/codeql] Support for other languages (Discussion #8141)
Oh no! You have flagged Ada as "dead language" 🥺.
In fact, it is still heavily used, but, in niche sectors, with industrial secrets / defense.
I support what you say. Documentation on support for new languages would be greatly appreciated.
—
Reply to this email directly, view it on GitHub<#8141 (reply in thread)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AT3Q5VC2J3WHEQ5IPAZ3NYLY2FLO3AVCNFSM5O466W3KU5DIOJSWCZC7NNSXTOKENFZWG5LTONUW63SDN5WW2ZLOOQ5TQOJRGQ2TQNI>.
You are receiving this because you commented.Message ID: ***@***.******@***.***>>
This message was sent from outside the company. Please do not click links or open attachments unless you recognize the source of this email and know the content is safe.
|
Beta Was this translation helpful? Give feedback.
-
Hi all.
Is there any development guidelines on how to extend Codeql for supporting other programming languages?
Thanks
Beta Was this translation helpful? Give feedback.
All reactions