A tool for customizing CodeQL packs.
This is similar in spirit to https://github.com/advanced-security/codeql-bundle-action but differs in a variety of ways:
- It only creates customized CodeQL packs as opposed to an entire CodeQL distribution.
- On average, compile times are significantly faster, since most users will only customize a small subset of a pack's queries. The bundle action compiles all queries and libraries unconditionally.
- It supports C/C++. The bundle action does not, since it relies on a language's
Customizations.qllfile, which does not exist for said language. - It is fully-automated in the sense that it tests, compiles, versions and publishes your CodeQL query packs. Specifically, the versioning aspect is different from the bundle approach.
- It includes various small command line utilities which can be used for pack customization and other tasks.
https://github.com/ghas-trials/debug-queries/ is an end-to-end example which uses this tool to create CodeQL debug queries.
gh extensions install "advanced-security/gh-tailor"
# optional but recommended:
gh extensions install "github/gh-codeql"The github/gh-codeql extension is optional, but makes using Tailor more convenient. Without it one will either have to supply a valid CodeQL CLI distribution via the --dist argument or by making it available via ${PATH}.
gh tailor init \
-b "codeql/java-queries" \
-n "advanced-security/customized-java-queries" \
customized-java-queriesThe above will create a project with several files, among which:
- The
Makefilecontains various targets, such asclean,download,compile,unit-test,integration-test,testandpublish, customizecontains all the modifications one wants to make to the original pack,Customizations.qllholds some of the modifications you want to inject into selected queries and- the
unit-testsdirectory holds stub test cases that you can extend.
You can add your customization code to any of the scripts. Most likely, however, you will only need to modify the create script.