78a8760cfa
Co-authored-by: Sarita Iyer <66540150+saritai@users.noreply.github.com> Co-authored-by: Felicity Chapman <felicitymay@github.com> Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com> Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com> Co-authored-by: github-actions <github-actions@github.com> Co-authored-by: James Fletcher <42464962+jf205@users.noreply.github.com> Co-authored-by: Joe Clark <31087804+jc-clark@users.noreply.github.com>
3.1 KiB
title, shortTitle, versions, topics, type, intro
| title | shortTitle | versions | topics | type | intro | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Exploring data flow with path queries | Explore data flow |
|
|
reference | You can run {% data variables.product.prodname_codeql %} queries in {% data variables.product.prodname_vscode %} to help you track the flow of data through a program, highlighting areas that are potential security vulnerabilities. |
About path queries
A path query is a {% data variables.product.prodname_codeql %} query with the property @kind path-problem. You can find a number of these in the standard {% data variables.product.prodname_codeql %} libraries.
You can run the standard {% data variables.product.prodname_codeql %} path queries to identify security vulnerabilities and manually look through the results. For more information about how {% data variables.product.prodname_codeql %} tracks data flow, see "About data flow analysis" in the {% data variables.product.prodname_codeql %} documentation.
Once you're familiar with data flow analysis and existing queries, you can write your own path queries in {% data variables.product.prodname_codeql %}. For more information, see "Next steps."
Running path queries in {% data variables.product.prodname_vscode_shortname %} locally
- Open a path query in {% data variables.product.prodname_vscode_shortname %}.
- Right-click in the window with the query open, and select {% data variables.product.prodname_codeql %}: Run Query on Selected Database. Alternatively, you can also run this from the {% data variables.product.prodname_vscode_command_palette_shortname %}.
- Once the query has finished running, you can see the results in the "Results" view (under
alertsin the dropdown menu). Each query result describes the flow of information between a source and a sink. - Expand the result to see the individual steps that the data follows.
- Click each step to jump to it in the source code and investigate the problem further.
Next steps
{% ifversion codeql-vs-code-mrva %}
When you are ready to run a path query at scale, you can use the "Variant Analysis Repositories" view to run the query against up to 1,000 repositories on {% data variables.product.prodname_dotcom_the_website %}. For more information, see "AUTOTITLE."
{% endif %}
For information about how to use the correct format and metadata for your own path queries, see "Creating path queries" in the {% data variables.product.prodname_codeql %} documentation. The {% data variables.product.prodname_codeql %} documentation also contains detailed information about how to define new sources and sinks, as well as templates and examples of how to extend the standard {% data variables.product.prodname_codeql %} libraries to suit your analysis.