Skip to content

lucasamorimca/codeql-solidity

BranchesTags

Repository files navigation

CodeQL Solidity

Test Release License

CodeQL extractor and queries for Solidity smart contract security analysis.

Features

  • Tree-sitter based Solidity parsing
  • Dataflow and taint tracking
  • Call graph and inheritance analysis

Installation

Download CodeQL Packs

codeql pack download lucasamorimca/solidity-all
codeql pack download lucasamorimca/solidity-queries

Download Extractor

Download from Releases

Usage

# Create database
export CODEQL_EXTRACTOR_SOLIDITY_ROOT=/path/to/extractor-pack
codeql database create db --language=solidity --source-root=/path/to/contracts

# Run analysis
codeql database analyze db lucasamorimca/solidity-queries --format=sarif-latest --output=results.sarif

Project Structure

codeql-solidity/
├── extractor/           # Rust extractor binary
├── ql/lib/              # QL library (lucasamorimca/solidity-all)
├── queries/             # Security queries (lucasamorimca/solidity-queries)
├── extractor-pack/      # CodeQL extractor configuration
└── tests/               # Test fixtures

Building from Source

cd extractor
cargo build --release

# Generate schema and QL library
./target/release/codeql-extractor-solidity generate \
  --dbscheme ../ql/lib/solidity.dbscheme \
  --library ../ql/lib/codeql/solidity/ast/internal/TreeSitter.qll

License

Apache-2.0

About

CodeQL extractor and queries for Solidity smart contract security analysis

Resources

Readme

License

Apache-2.0 license
Activity

Stars

5 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases 2

v0.1.0 Latest
Feb 7, 2026
+ 1 release

Packages

 
 
 

Contributors

Languages