CodeQL Post Processing

A tool to post process files that are generated by the CodeQL CLI.

Currently supports adding version control provenance information to databases and sarif files generated by the CodeQL CLI.

Usage

Adding version control provenance information to a database

The tool supports both bundled (a zip archived database) and unbundled databases.

codeql-postproc database add-vcs-provenance --repository-uri https://github.com/rvermeulen/codeql-postproc --revision-id 0b3ee0ba4e2972da7b8f95e53cf1abe2e5d0b35c main <database>[.zip]

Adding version control provenance information to a sarif file

The tool expects a Sarif file with v2.1.0.

codeql-postproc sarif add-vcs-provenance --repository-uri https://github.com/rvermeulen/codeql-postproc --revision-id 0b3ee0ba4e2972da7b8f95e53cf1abe2e5d0b35c <sarif>

or from a database with provenance information

codeql-postproc sarif add-vcs-provenance --from-database <database>[.zip] <sarif>

Database properties

The tool provides the command database get-property to query the database meta data and user properties (currently only the version control provenance is supported through this tool). Here are some examples of querying for database properties:

• Database target language.

  codeql-postproc database get-property primaryLanguage <database>[.zip]

• Database meta data.

  codeql-postproc database get-property creationMetadata <database>[.zip]

To get nested properties use the . character to index dictionaries and the [0] to index arrays. Here are some examples of querying nested database properties:

• CLI version part of the database meta data.

  codeql-postproc database get-property creationMetadata.cliVersion <database>[.zip]

• The revisionId part of the first element of the versionControlProvenance array.

  codeql-postproc database get-property 'versionControlProvenance[0].revisionId' <database>[.zip]

By default the tool outputs JSON, but the option --format YAML can be used to output YAML.