Replies: 1 comment 1 reply
-
|
Does anyone from the Github/CodeQL team have thoughts on this? |
Beta Was this translation helpful? Give feedback.
-
|
Hi, @gsingh93. First, I'm sorry about the delay in the response.
I agree that this sounds like a good feature to have. While I do not speak for the CodeQL team, I'm not aware of any great solution. I'm afraid that the best I can offer is to copy the query source and commit the local modifications. But, I understand that's not what you're looking for. I have taken your suggestion and submitted it as feedback. |
Beta Was this translation helpful? Give feedback.
-
There are some existing queries like
cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql, as well as some custom queries I have, where the core query is the same regardless of the codebase but the only difference is where the user input comes from. I'd like to customizeSecurityOptionsto specify where the user input comes from, but it would be nice to reuse the existing queries and not have to modify them. Otherwise I need to copy the query for every codebase that has a different user input source.I wonder if it would be a good idea to allow users to customize existing queries somehow without modifying them. One example could be in a query suite file, there could be a field where a user could specify a fragment of QL code that included in each query before it's run. This would allow me to define a
SecurityOptionsclass in each project, and just create a single query suite file with all the existing queries from other QL packs, but with my customSecurityOptionsclass included in each query.Thoughts on this, or suggestions for other ways to achieve what I want?
Beta Was this translation helpful? Give feedback.
All reactions