A sample C++ project designed to test and explore CodeQL's build tracing behavior. This project includes multiple compilation units, generated code during build, conditional compilation, and various code patterns useful for analyzing how CodeQL traces build processes.
codeql-tracing-playground/
├── README.md
├── Makefile
├── src/
│ ├── main.cpp # Main entry point, ties everything together
│ ├── utils.cpp # String manipulation and logging utilities
│ ├── utils.h
│ ├── math_ops.cpp # Math operations including recursive functions
│ ├── math_ops.h
│ └── generated/ # Directory for dynamically generated code
│ └── config.h # Generated during build (not in git)
├── scripts/
│ └── generate_config.sh # Script that generates config.h during build
└── .gitignore
This project is specifically designed to exercise different aspects of CodeQL tracing:
- Multiple Compilation Units: 3 separate
.cppfiles compiled and linked together - Generated Code:
config.his generated during build with timestamp/version info - Conditional Compilation:
DEBUG_MODEflag controls logging behavior - Cross-file Function Calls: Functions call across different compilation units
- Recursive Functions: Factorial, Fibonacci, GCD, and Ackermann functions
- Pointer Operations: Array operations and pointer arithmetic for security analysis
- Intentionally Unsafe Code:
unsafe_copy()usesstrcpyfor CodeQL to detect
- C++ compiler with C++17 support (g++ or clang++)
- GNU Make
- Bash shell (for the config generation script)
# Build the release version
make
# Run the built program
make run
# Or build and run in one step
make run# Build with debug flags (-g -DDEBUG_MODE)
make DEBUG=1
# Build and run debug version
make run DEBUG=1# Show all available targets
make help
# Clean build artifacts
make clean
# Clean and rebuild
make rebuild
# Just generate the config.h file
make generateCodeQL can trace this build to create a database for analysis. Here's how:
- Install the CodeQL CLI
- Download the CodeQL standard libraries
# Clean any previous build first
make clean
# Create CodeQL database (this traces the build)
codeql database create codeql-db --language=cpp --command="make"
# Or with debug flags
codeql database create codeql-db-debug --language=cpp --command="make DEBUG=1"When creating the database, CodeQL will trace:
- Multiple compiler invocations: One for each
.cppfile - Script execution: The
generate_config.shscript runs before compilation - Preprocessor flags:
-DDEBUG_MODEwhen building withDEBUG=1 - Include paths:
-Iflags for header resolution - Linker invocation: Final linking of object files
# Run all C++ queries
codeql database analyze codeql-db codeql/cpp-queries --format=sarif-latest --output=results.sarif
# Run a specific query
codeql query run path/to/query.ql --database=codeql-db
# Look for security issues (e.g., buffer overflow from unsafe_copy)
codeql database analyze codeql-db codeql/cpp-queries:Security --format=sarif-latest --output=security-results.sarifutils::unsafe_copy()- Usesstrcpy, potential buffer overflowmath_ops::offset_pointer()- Raw pointer arithmetic without bounds checking
math_ops::factorial()- Simple recursive dataflowmath_ops::fibonacci()- Multiple recursive callsmath_ops::ackermann()- Deeply nested recursiondemo_cross_file_calls()- Data flowing between compilation units
math_ops::classify_number()- Multiple return paths- Conditional compilation blocks with
#ifdef DEBUG_MODE
| File | Description |
|---|---|
src/main.cpp |
Entry point, demonstrates all features |
src/utils.cpp |
String helpers, logging (with DEBUG_MODE behavior) |
src/utils.h |
Utils declarations |
src/math_ops.cpp |
Math operations, recursive functions, pointer ops |
src/math_ops.h |
Math operations declarations |
scripts/generate_config.sh |
Generates config.h with build info |
Makefile |
Build system with separate compile/link steps |
MIT License - Feel free to use this for learning and testing CodeQL.