I previously added CodeQL static analysis support to the SerenityOS build workflow. https://github.com/SerenityOS/serenity/pull/4175
Unfortunately you there doesn’t seem to be a way to consume the CodeQL database that as part of that build pipline on GitHub. This seems like a bit of an oversight, and I have raised an issue here: https://github.com/github/codeql-action/issues/355
To work around that we will need to create our own database so we can write some custom CodeQL queries.
Here are the steps I put together:
Setup a clone of the VSCode Starter Workspace (docs)
$ git clone https://github.com/github/vscode-codeql-starter.git $ cd vscode-codeql-starter $ git submodule update --init --remote
Build a codeql database for serenity OS (docs):
$ codeql database create -l cpp -s /home/bgianf/src/serenity -c "make -j -C /home/bgianf/src/serenity/BuildMake" ~/serenity-codeql
Install the VS Code CodeQL extension (docs)
Configure the VS Code CodeQL extension to point to your new database (
vscode-codeql-starterworkspace in VS Code.
cpp/example.qlquery and start writing queries and executing them against the database.
This simple example finds all classes in the
AKstandard library in SerenityOS:
import cpp from Class c where c.getQualifiedName().matches("AK::%") select base.getQualifiedName()