This post is pretty much an ad for a very useful tool developed by GitHub that helps you find errors or vulnerabilities in your code by querying it as if it were data. I have personally found it very useful in finding small errors in my code and would recommend everyone to use it. If you want to check it out, this is their webpage.

What type of errors does it find?

CodeQL is capable of finding a large number of mistakes or possible improvements in your code. You can see a full list of things it searches for in python here. These range from minor things like unused imports to potential security vulnerabilities like code injections. It also offers suggestions on how to fix the errors and vulnerabilities it finds. In general it is a great tool for spotting common oversights in your code, however it won’t be able to catch bugs where functions don’t work the way you intended.

How do I use it?

The easiest way to use it is to set it up on your GitHub repository. This can be easily done via one of workflow templates in GitHub actions. With the default setup, it will analyse your code after each commit and flag any issues it finds in the security tab of your repo.

CodeQL can also be used with VS code. For a tutorial on how to set this up see here.

So there you go!! Hopefully CodeQL can help you make your code better and safer!! If you have read this far I hope this was not a complete waste of your time.