-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathtest.yaml
More file actions
62 lines (57 loc) · 2.24 KB
/
test.yaml
File metadata and controls
62 lines (57 loc) · 2.24 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
logRoot: logs
repoRoot: repos # repoRoot stores all repositories
dbRoot: codeql-db # dbRoot stores all databases created by codeql indexed by repository name
# clone
sources:
- prefix: https://test/ # clone url prefix
fullnames:
# - aliasFieldAcc
# - assignToInterface
# - convInterface
# - CWE-369
# - CWE-400
# - CWE-525
# - CWE-807
- escape
- false-sharing
# - intraResourceLeak
# - memacc
# - memStatSliceExprSetNil
# - pkgcall
# - pkgtest
# - sliceExprNotSetNil
# build
language: go # language to analyze
buildTimeout: 3600 # timeout for building repository
buildGrps:
- buildRepos: # "*" means all repositories. "-" means repositories defined in "sources" attribute. You can also specify fullname of repositories to force re-build. Note that repositories with same fullname in different source will be re-built also.
- "-"
buildCmd: default
# generate external predicates predicate
# For repositories in each group, same genScript will be applied in the root directory of repositories
# "goescape" means `go build -a -gcflags=-m=2 ./...`. The stderr will be redirected to $logRoot/path/to/repo/m2.log. Then escape_adapter is used to generate databases. The external predicate database is generated in $dbRoot/path/to/repo/ext/$external.csv.
externalGenGrps:
- genRepos:
- escape
- false-sharing
genScript: goescape
# query
queryconfig:
resultRoot: codeqlResult # resultRoot stores all query results. Example: <resultRoot>/<path/to/query>/<repo>.csv
parallelCore: 20 # parallel cores to run query
queryRoot: qlsrc # query root. There should be codeql-pack.yaml in queryRoot directory
queryGrps:
- queryRepos: # "*" means all repositories. "-" means repositories defined in "sources" attribute. Otherwise, use fullnames. Note that repositories with same fullname in different source will be queried.
- "-"
queries: # queries
- convInterface/assign.ql
- convInterface/call.ql
externals: []
- queryRepos:
- false-sharing
queries:
- escape_ext/moved_to_heap_var_test.ql
- escape_ext/inlined_var_test.ql
- escape_ext/heapvar_should_move.ql
externals:
- movedToHeap