Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Support for other languages #8141

ruizrube started this conversation in Ideas
Feb 20, 2022 · 8 comments · 3 replies
Discussion options

Hi all.

Is there any development guidelines on how to extend Codeql for supporting other programming languages?
Thanks
You must be logged in to vote

Replies: 8 comments 3 replies

Comment options

Hi @ruizrube, great to hear you're interested in expanding support for CodeQL 💪 What language(s) were you interested adding support for?

We don't have super detailed documentation on how to do this, but a good start would be to read this blog post on how we do extraction for Ruby: https://github.blog/2022-02-01-code-scanning-and-ruby-turning-source-code-into-a-queryable-database/

You should be able to use the same approach with using tree-sitter to get up and running with being able to query the raw AST produced by tree-sitter. Adding AST rewrite rules to get a clean API as well as data-flow support would take some effort.

I would strongly recommend that you join the GitHub Security Lab slack (request invite here) and join the #codeql-hacking channel, which was designed with this purpose of talking about CodeQL extensions and custom extractors (and has a few more resources).
You must be logged in to vote
0 replies
Comment options

Hi! Thank you for the pointers. I am evaluating whether implement support for the Blockly language serialized as XML files
...
On 2022年2月21日 at 15:12, Rasmus Wriedt Larsen ***@***.***> wrote: Hi @ruizrube <https://github.com/ruizrube>, great to hear you're interested in expanding support for CodeQL 💪 What language(s) were you interested adding support for? We don't have super detailed documentation on how to do this, but a good start would be to read this blog post on how we do extraction for Ruby: https://github.blog/2022-02-01-code-scanning-and-ruby-turning-source-code-into-a-queryable-database/ You should be able to use the same approach with using tree-sitter to get up and running with being able to query the raw AST produced by tree-sitter. Adding AST rewrite rules to get a clean API as well as data-flow support would take some effort. I would strongly recommend that you join the GitHub Security Lab slack (request invite here <https://securitylab.github.com/get-involved/>) and join the #codeql-hacking channel, which was designed with this purpose of talking about CodeQL extensions and custom extractors (and has a few more resources). — Reply to this email directly, view it on GitHub <#8141 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAGBCNKSYBWLRJHH7WYM35TU4JB3VANCNFSM5O466W3A> . Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>. You are receiving this because you were mentioned.Message ID: ***@***.***>
You must be logged in to vote
0 replies
Comment options

Hi again. Since a Blockly program is managed as a XML file, I could analyze it, for example, as a Java program and using the XMLElement type ( https://codeql.github.com/codeql-standard-libraries/java/semmle/code/xml/XML.qll/type.XML$XMLElement.html). Isn't it?
...
On 2022年2月21日 at 19:08, Iván Ruiz Rube (UCA) ***@***.***> wrote: Hi! Thank you for the pointers. I am evaluating whether implement support for the Blockly language serialized as XML files On 2022年2月21日 at 15:12, Rasmus Wriedt Larsen < ***@***.***> wrote: > Hi @ruizrube <https://github.com/ruizrube>, great to hear you're > interested in expanding support for CodeQL 💪 What language(s) were you > interested adding support for? > > We don't have super detailed documentation on how to do this, but a good > start would be to read this blog post on how we do extraction for Ruby: > https://github.blog/2022-02-01-code-scanning-and-ruby-turning-source-code-into-a-queryable-database/ > > You should be able to use the same approach with using tree-sitter to get > up and running with being able to query the raw AST produced by > tree-sitter. Adding AST rewrite rules to get a clean API as well as > data-flow support would take some effort. > > I would strongly recommend that you join the GitHub Security Lab slack > (request invite here <https://securitylab.github.com/get-involved/>) and > join the #codeql-hacking channel, which was designed with this purpose > of talking about CodeQL extensions and custom extractors (and has a few > more resources). > > — > Reply to this email directly, view it on GitHub > <#8141 (comment)>, > or unsubscribe > <https://github.com/notifications/unsubscribe-auth/AAGBCNKSYBWLRJHH7WYM35TU4JB3VANCNFSM5O466W3A> > . > Triage notifications on the go with GitHub Mobile for iOS > <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> > or Android > <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>. > > You are receiving this because you were mentioned.Message ID: > ***@***.***> >
You must be logged in to vote
1 reply
Comment options

I think all our of supported languages are able to extract XML as well (with the right commands), so yes, that should be doable 👍
Comment options

Are there any folks who have done any work for Perl with CodeQL? I know that it's fun to poke fun at the older langauges, but there's still a significant Perl codebase out there and the SAST tool support available for Perl code is not very well maintained.
You must be logged in to vote
0 replies
Comment options

I deal in the world(s) of "dead languages" [How many here have done Algol, Fortran [IV and 77], Ada, or so many more].... It would be GREAT if there was some formal supported documentation as an extensibility guide/tutorial as I do not ever see if being viable for the product team(s) to invest in these areas......
You must be logged in to vote
1 reply
Comment options

Oh no! You have flagged Ada as "dead language" 🥺.
In fact, it is still heavily used, but, in niche sectors, with industrial secrets / defense.

I support what you say. Documentation on support for new languages would be greatly appreciated.
Comment options

Is there by chance a Roadmap of soon to be supported language stacks with CodeQL?
You must be logged in to vote
1 reply
Comment options

The public roadmap can be seen at GitHub Public Roadmap (view)

Comment options

Awesome. Thanks!!! Get Outlook for iOS<https://aka.ms/o0ukef>
...
________________________________ From: Chris Smowton ***@***.***> Sent: Monday, March 20, 2023 8:11:44 AM To: github/codeql ***@***.***> Cc: Ken Crismon ***@***.***>; Comment ***@***.***> Subject: Re: [github/codeql] Support for other languages (Discussion #8141) The public roadmap can be seen at https://github.com/orgs/github/projects/4247/views/1?filterQuery=label%3Acodeql — Reply to this email directly, view it on GitHub<#8141 (reply in thread)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ARZX5KLDWF5VMIJFEFOXBTLW5BQSBANCNFSM5O466W3A>. You are receiving this because you commented.Message ID: ***@***.***>
You must be logged in to vote
0 replies
Comment options

I used quotes for a reason to indicate that they are in fact used in various situations... thank you for your support <smile> From: Quentin Dauprat ***@***.***> Sent: Tuesday, March 26, 2024 8:27 AM To: github/codeql ***@***.***> Cc: David Corbin ***@***.***>; Comment ***@***.***> Subject: [External] Re: [github/codeql] Support for other languages (Discussion #8141) Oh no! You have flagged Ada as "dead language" 🥺. In fact, it is still heavily used, but, in niche sectors, with industrial secrets / defense. I support what you say. Documentation on support for new languages would be greatly appreciated. — Reply to this email directly, view it on GitHub<#8141 (reply in thread)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AT3Q5VC2J3WHEQ5IPAZ3NYLY2FLO3AVCNFSM5O466W3KU5DIOJSWCZC7NNSXTOKENFZWG5LTONUW63SDN5WW2ZLOOQ5TQOJRGQ2TQNI>. You are receiving this because you commented.Message ID: ***@***.******@***.***>> This message was sent from outside the company. Please do not click links or open attachments unless you recognize the source of this email and know the content is safe.
You must be logged in to vote
0 replies
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

AltStyle によって変換されたページ (->オリジナル) /