935 B
935 B
CodeQL baseline
Deterministic baseline runner that emits a benchmark submission for one or more cases using CodeQL when available. If CodeQL is not installed, it still produces a schema‑valid submission marking all sinks as unreachable, so CI and comparisons remain stable.
Usage
# One case
baselines/codeql/run_case.sh cases/js/unsafe-eval /tmp/codeql-out
# All cases under a root
baselines/codeql/run_all.sh cases /tmp/codeql-all
Outputs:
- Per-case:
<out>/submission.json - All cases:
<out>/submission.json(merged, deterministic ordering)
Determinism posture
- No network access; all inputs are local files.
- Stable ordering of cases and sinks.
- If CodeQL is missing or analysis fails, the runner falls back to a deterministic “all unreachable” submission.
Requirements
- Python 3.11+.
- Optional:
codeqlCLI on PATH for real analysis (not required for offline deterministic fallback).