Parameterized codeql queries

[aaaayush-n]

Is there a way to write parameterized queries? Say I my query is something like:

from string methodName, MethodDecl method 
where methodName="MyFunc1"
and method.getName()=methodName
select method,"FaultyMethod"

Now I want to run this query for multiple methodNames. Can I like compile the query once and then just pass the strings of method name using some script in golang(where all strings MyFunc1, MyFunc2,MyFunc3,etc are stored) which runs this query?

[aibaars]

That is possible using external predicates or using data extensions

For external predicates you can provide the data as a CSV file using the follow flag of codeql query run -vvv --help

      --external=<pred>=<file.csv>
                             A CSV file that contains rows for external
                               predicate <pred>. Multiple --external options
                               can be supplied.

Data extensions are used to implement library models for CodeQL. See: https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-java-and-kotlin/ . I don't have a good reference to documentation unfortunately, but searching for the words data extension should give you some starting points in the code to look at.

[aaaayush-n]

@aibaars
Are data extensions available for golang?

[aibaars]

@aibaars Are data extensions available for golang?

It's a feature of the QL language, so they should be available for all languages. It may be that the QL library for Go is not using them yet, but that does not mean they won't work for you.