Table of Contents
1 AST Sample for Javascript Source
Create dot output from query and db, and then get a rendered graph in SVG.
# export PATH=$HOME/local/vmsync/codeql250:"$PATH" # cd ~/w/codeql-javascript/src/ codeql database create -j8 -v --language=javascript -s . callbacks.db # cd ~/w/codeql-javascript/queries/ codeql database analyze \ ~/w/codeql-javascript/src/callbacks.db/ \ ~/w/codeql-javascript/queries/printast.ql \ -j8 -v --ram=16000 \ --format=dot \ --output=printast.dot # Results in ls ./callbacks.db/results/codeql-custom-queries-javascript/printast.bqrs # and ls ./printast.dot/null.dot # cd ~/w/codeql-javascript/src/ dot -Tsvg < ./printast.dot/null.dot > ./printast.dot/null.svg open -a safari printast.dot/null.svg
Figure 1: Graph from dot
2 Correspondence between query and graph
2.1 Node Query
query predicate nodes(PrintAstNode node, string key, string value)
query result
| node | key | value |
|---|---|---|
| [DeclStmt] var arr = … | semmle.label | [DeclStmt] var arr = … |
dot source in ./src/printast.dot/null.dot
digraph {
28[label="[DeclStmt] var arr = ..."; ];
}
2.2 Edge Query
query predicate edges(PrintAstNode source, PrintAstNode target, string key, string value)
query result
| source | target | key | value |
|---|---|---|---|
| [DeclStmt] var result = … | [VariableDeclarator] result … > 3; }) | semmle.order | 1 |
| [DeclStmt] var result = … | [VariableDeclarator] result … > 3; }) | semmle.label | 1 |
dot source in ./src/printast.dot/null.dot
digraph {
29[label="[DeclStmt] var result = ..."; ];
9[label="[VariableDeclarator] result ... > 3; })"; ];
29 -> 9[label="1"; ];
}
2.3 graph properties
query predicate graphProperties(string key, string value) { key = "semmle.graphKind" and value = "tree" }
query result
| key | value |
|---|---|
| semmle.graphKind | tree |
dot source: none
3 Simple direct use of graph API
For illustration, the query ./queries/graphout.ql uses the @kind graph output
for a trivial graph defined in the edges() predicate.
The ouput:
Figure 2: Trivial graph rendered by dot
# export PATH=$HOME/local/vmsync/codeql250:"$PATH" # Create the db cd ~/w/codeql-javascript/src/ rm -fR callbacks.db codeql database create -j8 -v --language=javascript -s . callbacks.db # Run the query to create dot file (and bqrs as side effect) cd ~/w/codeql-javascript/ codeql database analyze \ ~/w/codeql-javascript/src/callbacks.db/ \ ~/w/codeql-javascript/queries/graphout.ql \ -j8 -v --ram=16000 \ --format=dot --rerun \ --output=printast.dot # Create SVG version of graph cd ~/w/codeql-javascript/ dot -Tsvg < ./printast.dot/null.dot > ./printast.dot/null.svg open -a safari printast.dot/null.svg # List query result meta info BQRS=src/callbacks.db/results/exploratory-queries-javascript/graphout.bqrs codeql bqrs info --format=text -- $BQRS # Format results using bqrs decode. codeql bqrs decode --output=printast.csv --result-set=edges \ --format=csv --entities=all -- $BQRS codeql bqrs decode --output=printast.json --format=json --entities=all -- $BQRS # Result files ls -1l ./src/callbacks.db/results/exploratory-queries-javascript/graphout.bqrs \ ./printast.dot/null.dot \ printast.csv printast.json