Skip to content

Latest commit

 

History

History
42 lines (31 loc) · 3.17 KB

exploring-data-flow-with-path-queries.md

File metadata and controls

42 lines (31 loc) · 3.17 KB
title shortTitle versions topics type intro redirect_from
Exploring data flow with path queries
Explore data flow
fpt ghec ghes
*
*
*
Advanced Security
Code scanning
CodeQL
reference
You can run {% data variables.product.prodname_codeql %} queries in {% data variables.product.prodname_vscode %} to help you track the flow of data through a program, highlighting areas that are potential security vulnerabilities.
/code-security/codeql-for-vs-code/exploring-data-flow-with-path-queries

About path queries

A path query is a {% data variables.product.prodname_codeql %} query with the property @kind path-problem. You can find a number of these in the standard {% data variables.product.prodname_codeql %} libraries.

You can run the standard {% data variables.product.prodname_codeql %} path queries to identify security vulnerabilities and manually look through the results. For more information about how {% data variables.product.prodname_codeql %} tracks data flow, see About data flow analysis in the {% data variables.product.prodname_codeql %} documentation.

Once you're familiar with data flow analysis and existing queries, you can write your own path queries in {% data variables.product.prodname_codeql %}. For more information, see Next steps.

Running path queries in {% data variables.product.prodname_vscode_shortname %} locally

  1. Open a path query in {% data variables.product.prodname_vscode_shortname %}.
  2. Right-click in the window with the query open, and select {% data variables.product.prodname_codeql %}: Run Query on Selected Database. Alternatively, you can also run this from the {% data variables.product.prodname_vscode_command_palette_shortname %}.
  3. Once the query has finished running, you can see the results in the "Results" view (under alerts in the dropdown menu). Each query result describes the flow of information between a source and a sink.
  4. Expand the result to see the individual steps that the data follows.
  5. Click each step to jump to it in the source code and investigate the problem further.

Next steps

{% ifversion codeql-vs-code-mrva %}

When you are ready to run a path query at scale, you can use the "Variant Analysis Repositories" view to run the query against up to 1,000 repositories on {% data variables.product.prodname_dotcom_the_website %}. For more information, see AUTOTITLE.

{% endif %}

For information about how to use the correct format and metadata for your own path queries, see Creating path queries in the {% data variables.product.prodname_codeql %} documentation. The {% data variables.product.prodname_codeql %} documentation also contains detailed information about how to define new sources and sinks, as well as templates and examples of how to extend the standard {% data variables.product.prodname_codeql %} libraries to suit your analysis.