Having predicate call external tool?

github / codeql

CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security

https://codeql.github.com

MIT License

7.51k stars 1.49k forks source link

Having predicate call external tool? #17265

Open Manouchehri opened 3 weeks ago

Manouchehri commented 3 weeks ago

Is there a way, directly or indirectly, to have a CodeQL query use an external tool?

predicate isCurrentYear(string year) {
  year = cmd("date +%Y")
}

aibaars commented 3 weeks ago

There is no direct way. However, you can

define an external predicate,
run the command before running the query
save the command output in a CSV file
pass the flag --external=<pred>=<file.csv> when running the query

$ codeql database run-queries --help
 ...
      --external=<pred>=<file.csv>
                             A CSV file that contains rows for external predicate <pred>. Multiple --external options can be supplied.