codeql-internal-data-extensions-demo

A repo used in a demo of internal data extensions for code scanning.

Getting started in vscode

This requires vscode-codeql v1.7.13 or later and CodeQL CLI v2.12.3 or later.

Clone this repository in a sibling directory to a checkout of codeql
In the repo's root directory, run: gh codeql database create --overwrite --language javascript --source-root src db
Open the workflow file codeql-internal-data-extensions-demo.code-workspace in vscode.
In vscode, set "codeQL.runningQueries.useExtensionPacks": "all" in your user settings
Run codeql/javascript/ql/src/Security/CWE-078/CommandInjection.ql.
You should see a single result.
Open .github/codeql/extensions/custom-extensions.yml and comment out one of the addsTo blocks.
Re-run the query and you should see no results.

The extension pack defined at .github/codeql/extensions will automatically be used in code scanning.

Name		Name	Last commit message	Last commit date
Latest commit History 9 Commits
.github		.github
src		src
.gitignore		.gitignore
README.md		README.md
codeql-internal-data-extensions-demo.code-workspace		codeql-internal-data-extensions-demo.code-workspace