|
|
|
|
|
|
by injuly
480 days ago
|
|
|
Admirable effort :) But in its current state I don't think it actually replaces any of CodeQL's use cases. The most straight forward way to do what CodeQL does today, would to be implement a flow analysis IR (say CFG+CallGraph) on top of tree-sitter. Even the QL grammar itself can be in tree-sitter. |
|
|
current state of codepathfinder is less than 5% of what codeql has implemented. As security engineer, I personally use it and i'll keep adding + closing the gap.
Feel free to contribute ideas/feedback/bugs. Super appreciable honestly!