search

github / codeql

CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
https://codeql.github.com
MIT License
7.53k stars 1.5k forks source link

How to make the codeql return result contain the content of the problem code line instead of the line number #17267

Closed ysuLihua closed 1 month ago

ysuLihua commented 1 month ago

The result returned by codeql contains only the line number. Is there any way to include the content of the problematic code line?

The returned result contains the line number:

image

aibaars commented 1 month ago

You can use the --sarif-add-snippets or --sarif-add-file-contents flag for that:

$ codeql database analyze --help            
Usage: codeql database analyze [OPTIONS] -- <database> [<query|dir|suite|pack>...]
Analyze a database, producing meaningful results in the context of the source code.
...
      --[no-]sarif-add-file-contents
                             [SARIF formats only] Include the full file contents for all files referenced in at least one result.
      --[no-]sarif-add-snippets
                             [SARIF formats only] Include code snippets for each location mentioned in the results, with two lines of context before and after the reported location.
ysuLihua commented 1 month ago

ok, Thanks!