QLStat/example.yaml at main · Lslightly/QLStat · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
logRoot: logs
repoRoot: repos # repoRoot stores all repositories
dbRoot: codeql-db # dbRoot stores all databases created by codeql indexed by repository name

# clone
sources:
  - prefix: https://github.com/ # clone url prefix
    fullnames:
      - junegunn/fzf
      - gookit/filter
      - rclone/rclone v1.72.1 # you can specify branch/commit hash here with only spaces in between org/repo and branch. If repository eixsts, git checkout will be used to switch branch
  - prefix: https://test/
    fullnames:
      - false-sharing

# build database
language: go # language to analyze
buildTimeout: 3600 # timeout for building repository
buildGrps:
  - buildRepos: # "*" means all repositories. "-" means repositories defined in "sources" attribute. You can also specify fullname of repositories to force re-build. Note that repositories with same fullname in different source will be re-built also.
    - "-"
    # buildCmd will be executed in the root directory of buildRepos. The behavior is decided by codeql. If a custom build script is specified, then the absolute path will be used.
    #
    # There are 3 types of buildCmd:
    #   1. default: buildCmd lets codeql figure out the build command.
    #   2. custom script path: relative path from the project root to the build script.
    #   3. build command: the build command to execute in the root directory of buildRepos.
    #
    # If you use custom script, then 4 environment variables will be set:
    #   - REPO_DIR: the root directory of repository(This is used often in build phase)
    #   - PROJROOT: the root directory of the project
    buildCmd: default

# generate external predicates predicate
# For repositories in each group, same genScript will be applied in the root directory of repositories
# There are 2 types of genScript:
#
#   1. goescape: it means `go build -a -gcflags=-m=2 ./...`. The stderr will be redirected to $logRoot/path/to/repo/m2.log. Then escape_adapter is used to generate databases. The external predicate database is generated in $dbRoot/path/to/repo/ext/$external.csv.
#   2. custom script path: relative path from the project root to the genScript script.
#
# If you use custom genScript, then 4 environment variables will be set:
#   - PROJROOT: the root directory of the project
#   - REPO_DIR: the root directory of repository
#   - OUTPUT_DIR: the directory to store intermediate results/log to generate external predicate database
#   - DB_EXT_DIR: the directory to store external predicate database
externalGenGrps:
  - genRepos:
      - false-sharing
    genScript: goescape

# query
queryconfig:
  resultRoot: codeqlResult # resultRoot stores all query results. Example: <resultRoot>/<path/to/query>/<repo>.csv
  queryRoot: qlsrc # query root. There should be codeql-pack.yaml in queryRoot directory
  parallelCore: 20 # parallel cores to run query
  queryGrps:
    - queryRepos: # "*" means all repositories. "-" means repositories defined in "sources" attribute. Otherwise, use fullnames. Note that repositories with same fullname in different source will be queried.
        - false-sharing
        - rclone/rclone
      queries: # queries
        - escape_ext/heapvar_should_move.ql
        - escape_ext/ref_in_go_test.ql
        - escape_ext/heapvar_use_in_go_test.ql
        - escape_ext/same_scope_go_ref_heapvar_test.ql
        - escape_ext/debug_heapvar_c.ql
      externals: [movedToHeap] # names for external predicates. For each predicate $pred, the external database(csv file) is stored in $dbRoot/path/to/repo/ext/$pred.csv. Currently only "movedToHeap" is supported.