Discover vulnerabilities across a codebase with CodeQL on localhost

CodeQL is the analysis engine used by developers to automate security checks, and by security researchers to perform variant analysis.

In CodeQL, code is treated like data. Security vulnerabilities, bugs, and other errors are modeled as queries that can be executed against databases extracted from code. You can run the standard CodeQL queries, written by GitHub researchers and community contributors, or write your own to use in custom analyses. Queries that find potential bugs highlight the result directly in the source file.

In this post, I'll make an example in Go language, first download the CodeQL command-line tools from the release page, extract into $GOPATH/src/github.com/github/codeql-cli-binaries, and export this path to ~/.zprofile:

# CodeQL
export PATH="$PATH:$GOPATH/src/github.com/github/codeql-cli-binaries"

Checkout git repo github.com/github/codeql and github.com/github/codeql-go into $GOPATH/src/github.com/github directory. Run following command in the codebase, it will generate the CSV format report:

CODEQL_EXTRACTOR_GO_BUILD_TRACING=on codeql database create go-database --language=go && codeql database analyze go-database $GOPATH/src/github.com/github/codeql-go/ql/src/codeql-suites/go-lgtm.qls --format=csv --output=result.csv
5.00 avg. rating (98% score) - 2 votes