CodeQL is a static analysis engine used by developers to automate security checks, and by security researchers to perform variant analysis.
Unlike traditional static analysis tools CodeQL provides an ability to extend the analysis via custom queries in addition to the built-in queries. The following steps show how to run CodeQL analysis on Linux, However CodeQL supports both Linux and Windows.
- Run scripts/codeql.py
- It downloads CodeQL CLI tools and library repoistory.
- Builds CodeQL database by compiling Open Enclave using CodeQL toolset.
- Executes Open Enclave custom query and builtin query suites on the database built. At the end of the scan it generates the results in SARIF format (OpenEnclave.sarif).
- Install CodeQL extension for Visual Studio Code or SARIF viewer extension.
- Open OpenEnclave.sarif from build folder in Visual Studio Code to see results in results tab.
- Add the database (openenclave-codeql-db) in CodeQL extension.
- Navigate to queries/cpp/openenclave and select a query.
- Right-click a query and select "Run Queries in selected files" or Open the query annd select "CodeQL: Run a query" in Ctrl+Shift+P.
References to learn more about CodeQL: