Send request via gui, using vs code

Table of Contents

The following sequence works when run from a local vs code with the custom codeql plugin.

Connect to vscode-codeql container at http://localhost:9080/?folder=/home/coder

1. Provide settings

The file 

/home/coder/.vscode/settings.json

cat > /home/coder/.vscode/settings.json << EOF
{
    "codeQL.runningQueries.numberOfThreads": 2,
    "codeQL.cli.executablePath": "/opt/codeql/codeql",

    "codeQL.variantAnalysis.enableGhecDr": true,
    "github-enterprise.uri": "http://server:8080/"
}
EOF

2. Provide list of repositories to analyze

ql tab > variant analysis repositories > {}, put this into databases.json 

{
    "version": 1,
    "databases": {
        "variantAnalysis": {
            "repositoryLists": [
                {
                    "name": "mrva-list",
                    "repositories": [
                        "Serial-Studio/Serial-Studio",
                        "UEFITool/UEFITool",
                        "aircrack-ng/aircrack-ng",
                        "bulk-builder/bulk-builder",
                        "tesseract/tesseract"
                    ]
                }
            ],
            "owners": [],
            "repositories": []
        }
    },
    "selected": {
        "kind": "variantAnalysisUserDefinedList",
        "listName": "mirva-list"
    }
}

3. Make the list current

ql tab > variant analysis repositories > 'select' mrva-list

4. Provide a query

Select file qldemo/simple.ql and put Fprintf.ql parallel to it: 

cat > /home/coder/qldemo/Fprintf.ql <<eof
/**
 * @name findPrintf
 * @description find calls to plain fprintf
 * @kind problem
 * @id cpp-fprintf-call
 * @problem.severity warning
 */

import cpp

from FunctionCall fc
where
  fc.getTarget().getName() = "fprintf"
select fc, "call of fprintf"
eof

/**
 * @name findPrintf
 * @description find calls to plain fprintf
 * @kind problem
 * @id cpp-fprintf-call
 * @problem.severity warning
 */

import cpp

from FunctionCall fc
where
  fc.getTarget().getName() = "fprintf"
select fc, "call of fprintf"

5. Provide the qlpack specification

Create qlpack.yml for cpp: 

cat > /home/coder/qldemo/qlpack.yml <<eof
library: false
name: codeql-dataflow-ii-cpp
version: 0.0.1
dependencies:
  codeql/cpp-all: 0.5.3
eof

Then

  1. Delete qlpack.lock file

  2. In shell, 

    cd ~/qldemo
/opt/codeql/codeql pack install
  3. In GUI, 'install pack dependencies'
  4. In GUI, 'reload windows'

6. Submit the analysis job

Fprintf.ql > right click > run variant analysis

Author: Michael Hohn

Created: 2025-08-04 Mon 14:41

Validate