How to use CodeQL to scan the sink of code（only sink）

[Firebasky]

I want to know how to use CodeQL to scan the sink in the code and output it as a sarif file.

[aibaars]

You can make a query of kind @kind problem that has a select clause with two columns, first the sink and the second a string message (e.g. "a sink").

It should not be too difficult to write such a query from scratch, alternatively, I think you can simply copy an existing @kind path-problem query, change its kind to problem, replace the first 3 columns in the select statement with just the sink and remove the import .....PathGraph line.

[Firebasky]

You can make a query of kind @kind problem that has a select clause with two columns, first the sink and the second a string message (e.g. "a sink").

It should not be too difficult to write such a query from scratch, alternatively, I think you can simply copy an existing @kind path-problem query, change its kind to problem, replace the first 3 columns in the select statement with just the sink and remove the import .....PathGraph line.

Thank you for your reply. Can you give me a demo? as follows

 import python
 import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking
 import semmle.python.ApiGraphs
 import semmle.python.dataflow.new.RemoteFlowSources
 private import semmle.python.Concepts
  
 class SinkCall extends DataFlow::CallCfgNode {
    SinkCall() {
    this = API::moduleImport("js2py").getMember(["eval_js", "eval_js6", "EvalJs"]).getACall()
    }
}

# How to query and ensure that the results support sarif format