CodeQL
Setup
Just follow the offical manual.
Only note that you should extract the cli under our home directory, or some QL libraries may fail.
Compile Linux Kernel into CodeQL Intermediate Data Structure
During this stage we create the CodeQL database and turn the analyze target into intermediate data structure.
Following the instruction for compiled language
We apply the compile commands towards the Linux Kernel:
$ make xxxconfig # generate configuration
$ codeql database create codeql --language=cpp --command='make -j$(nproc)'
Make CodeQL Query
Take one query example: find all struct containing a field with type struct address_space *
.
import cpp
from Struct struct
where
exists(Field f |
f = struct.getAField() and
f.getType().getName().matches("address_space%*%")
)
select struct
Run this query with codeql cli:
This command execute the query and generate the resulting file with bqrs
extension.
bqrs
file is not human-readable. We have to decode it: