26 lines
935 B
Markdown
26 lines
935 B
Markdown
# CodeQL baseline
|
||
|
||
Deterministic baseline runner that emits a benchmark submission for one or more cases using CodeQL when available. If CodeQL is not installed, it still produces a schema‑valid submission marking all sinks as `unreachable`, so CI and comparisons remain stable.
|
||
|
||
## Usage
|
||
```bash
|
||
# One case
|
||
baselines/codeql/run_case.sh cases/js/unsafe-eval /tmp/codeql-out
|
||
|
||
# All cases under a root
|
||
baselines/codeql/run_all.sh cases /tmp/codeql-all
|
||
```
|
||
|
||
Outputs:
|
||
- Per-case: `<out>/submission.json`
|
||
- All cases: `<out>/submission.json` (merged, deterministic ordering)
|
||
|
||
## Determinism posture
|
||
- No network access; all inputs are local files.
|
||
- Stable ordering of cases and sinks.
|
||
- If CodeQL is missing or analysis fails, the runner falls back to a deterministic “all unreachable” submission.
|
||
|
||
## Requirements
|
||
- Python 3.11+.
|
||
- Optional: `codeql` CLI on PATH for real analysis (not required for offline deterministic fallback).
|