-
Hello - I'd be interested in adding Ruby / MRI language support for CodeQL. Is anyone working on that? If not, is it possible for an outside developer to build it? I noticed the terms & conditions explicitly disallow "work around any technical limitations" and "reverse engineer, decompile or disassemble" , and the CLI binaries for building databases are not open-source, so that makes it seem like a hard no. But figured I'd ask in case there's an NDA process or some other option. Thanks, |
Beta Was this translation helpful? Give feedback.
Replies: 4 comments 8 replies
-
The Go parts of CodeQL are fully open-source as far as I know. |
Beta Was this translation helpful? Give feedback.
-
Indeed, check out https://github.com/github/codeql-go :) |
Beta Was this translation helpful? Give feedback.
-
Heyo @p0 & @sauyon - just a head's up, but I've got a proof-of-concept working over on this repo. It does almost nothing right now, but it can analyze a single Ruby file, create a valid CodeQL DB for it, and allow you to run a query against that db structure. Next going to look into adding more node types, crawling file trees & dependencies, and building in Linux / Docker scenarios. Is there anywhere you'd recommend to chat with other CodeQL devs? Would be nice to bounce ideas off someone re: schema structure and extractor patterns. I saw there was a Github Security Lab Slack group, but wasn't sure if that was more researcher-oriented (which would probably be valuable in its own way, once the extractor & library are more mature). Thanks for the help & links! Excited to start digging in on this 😸 |
Beta Was this translation helpful? Give feedback.
-
Huge congrats 🎉 🚀 🎉 @agius "QL: Object-oriented Queries on Relational Data" describes the QL language. github/codeql#3850 I would greatly appreciate if any further discussions would be public or in an extra slack channel on the existing github security lab slack :) |
Beta Was this translation helpful? Give feedback.
Indeed, check out https://github.com/github/codeql-go :)