Skip to content
This repository was archived by the owner on Oct 18, 2022. It is now read-only.

ssst0n3/codeql-go-vendor-extractor

BranchesTags

Repository files navigation

(Migrated to https://github.com/ssst0n3/codeql-go-vendor now)codeql-go-vendor-extractor

WHY?

The official extractor for golang only support gomod mode.

It's not graceful for pure vendor mode.

For example, the result of this query below will be empty:

https://lgtm.com/query/8418405387172037343/

import go

from CallExpr e
where e.getTarget().getName()="panic"
select e

But it should find the function call here:

https://github.com/ssst0n3/go-vendor-test/blob/main/vendor/st0n3/st0n3.go

package st0n3

func Crash() {
    panic("crash")
}

How to Use?

GO111MODULE=off codeql database create -l go <DATABASE_NAME> -c "vendor_extractor --package <PACKAGE>"

And then, you will get the correct database.

For example:

get vendor-extractor binary

go get -u github.com/ssst0n3/codeql-go-vendor-extractor/cmd/vendor_extractor

download source code

cd $GOPATH/src/
mkdir -p github.com/ssst0n3/
cd github.com/ssst0n3/
git clone https://github.com/ssst0n3/go-vendor-test.git

create database

codeql database create -l go /tmp/go-vendor-test -c "vendor_extractor --package ."

About

(Migrated to https://github.com/ssst0n3/codeql-go-vendor now)A codeql extractor for go vendor mode project

Topics

golang codeql

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 2

v1.27.0 Latest
Sep 27, 2021
+ 1 release

Packages

No packages published

Languages