CodeQL

Apowerful, open-source semantic code analysis engine used to find security vulnerabilities and bugs by querying code as data. It treats source code as a relational database, allowing developers to write custom queries in a logic-based language (QL) to identify complex patterns, security flaws (SAST), and variants of known bugs. 

Key Aspects of CodeQL:

• How it Works: CodeQL converts code into a searchable database containing relational data, abstract syntax trees, and control flow.
• Usage Modes: It can be used via the CodeQL CLI for CI/CD pipelines, integrated directly into GitHub Actions for automatic scanning, or through the CodeQL extension for VS Code.
• Languages Supported: Supports major languages including C/C++, C#, Java/Kotlin, JavaScript/TypeScript, Python, Go, Ruby, and Swift.
• Variant Analysis: More than 400 CVEs have been identified using CodeQL, making it highly effective for finding similar vulnerabilities across large codebases.
• 
  
• Example 

• import javascript
  
  from BlockStmt b
  where b.getNumStmt() = 0
  select b, "This is an empty code block."
  

  • import javascript: Loads the standard CodeQL library for JavaScript.
  • from BlockStmt b: Defines a variable b that represents any "Block Statement" (code inside curly braces).
  • where b.getNumStmt() = 0: Filters for blocks where the number of statements is exactly zero.
  • select b, "...": Outputs the location of the empty block along with a descriptive message.