Tool to find the Atoms of Confusion in a project
Install CodeQL CLI from here
- DB Create:
cd <project directory>
codeql database create <db location> --language=<language> --command="<optional build command for compiled languages"
- Install ql pack: Create qlpack.yml in query directory (refer this)
cd <codeql query directory> && codeql pack install
- DB Analyze:
codeql database analyze <db> --format=csv --output=<output location> <query.ql file>
Install Semgrep from here
- Pattern Matching:
semgrep --config <rule.yaml file> --output <output location> --json