Added Kotlin scripting support for queries

Author: oxisto

buildSrc/src/main/kotlin/cpg.formatting-conventions.gradle.kts

@@ -118,6 +118,7 @@ val headerWithHashes = """#
 
 spotless {
     kotlin {
+        targetExclude("**/*.query.kts")
         ktfmt().kotlinlangStyle()
         licenseHeader(headerWithStars).yearSeparator(" - ")
     }

codyze-core/build.gradle.kts

@@ -43,4 +43,20 @@ dependencies {
     api(libs.sarif4k)
     implementation(libs.clikt)
     implementation(projects.cpgCore)
+    api(projects.cpgAnalysis)
+    testImplementation(kotlin("test"))
+
+    // Script definition
+    api("org.jetbrains.kotlin:kotlin-scripting-common")
+    api("org.jetbrains.kotlin:kotlin-scripting-jvm")
+
+    // Scripting host
+    api("org.jetbrains.kotlin:kotlin-scripting-jvm-host")
+
+    // We depend on the Python frontend for the integration tests, but the frontend is only available if enabled.
+    // If it's not available, the integration tests fail (which is ok). But if we would directly reference the
+    // project here, the build system would fail any task since it will not find a non-enabled project.
+    findProject(":cpg-language-python")?.also {
+        integrationTestImplementation(it)
+    }
 }

codyze-core/src/integrationTest/kotlin/codyze/QueryHostTest.kt

@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 2025, Fraunhofer AISEC. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ *                    $$$$$$\  $$$$$$$\   $$$$$$\
+ *                   $$  __$$\ $$  __$$\ $$  __$$\
+ *                   $$ /  \__|$$ |  $$ |$$ /  \__|
+ *                   $$ |      $$$$$$$  |$$ |$$$$\
+ *                   $$ |      $$  ____/ $$ |\_$$ |
+ *                   $$ |  $$\ $$ |      $$ |  $$ |
+ *                   \$$$$$   |$$ |      \$$$$$   |
+ *                    \______/ \__|       \______/
+ *
+ */
+package codyze
+
+import de.fraunhofer.aisec.codyze.evalQuery
+import de.fraunhofer.aisec.cpg.frontends.python.PythonLanguage
+import de.fraunhofer.aisec.cpg.graph.*
+import de.fraunhofer.aisec.cpg.query.QueryTree
+import de.fraunhofer.aisec.cpg.test.analyze
+import java.io.File
+import kotlin.io.path.Path
+import kotlin.script.experimental.api.ResultValue
+import kotlin.script.experimental.api.valueOrNull
+import kotlin.test.Test
+import kotlin.test.assertEquals
+import kotlin.test.assertNotNull
+
+class QueryHostTest {
+    @Test
+    fun testQuery() {
+        val topLevel = Path("src/integrationTest/resources")
+        val result =
+            analyze(listOf(topLevel.resolve("simple.py").toFile()), topLevel, true) {
+                it.registerLanguage<PythonLanguage>()
+            }
+        val scriptResult = result.evalQuery(File("src/integrationTest/resources/simple.query.kts"))
+        val evalResult = (scriptResult.valueOrNull()?.returnValue as? ResultValue.Value)?.value
+
+        val queryTree = evalResult as? QueryTree<*>
+        assertNotNull(queryTree)
+        assertEquals(true, queryTree.value)
+    }
+}

codyze-core/src/integrationTest/resources/simple.py

@@ -0,0 +1,3 @@
+def foo() -> int:
+    bar = 42
+    return bar

codyze-core/src/integrationTest/resources/simple.query.kts

@@ -0,0 +1,30 @@
+/*
+ * Copyright (c) 2025, Fraunhofer AISEC. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ *                    $$$$$$\  $$$$$$$\   $$$$$$\
+ *                   $$  __$$\ $$  __$$\ $$  __$$\
+ *                   $$ /  \__|$$ |  $$ |$$ /  \__|
+ *                   $$ |      $$$$$$$  |$$ |$$$$\
+ *                   $$ |      $$  ____/ $$ |\_$$ |
+ *                   $$ |  $$\ $$ |      $$ |  $$ |
+ *                   \$$$$$   |$$ |      \$$$$$   |
+ *                    \______/ \__|       \______/
+ *
+ */
+import de.fraunhofer.aisec.cpg.graph.Node
+import de.fraunhofer.aisec.cpg.graph.declarations.FunctionDeclaration
+
+val queryResult = result.allExtended<FunctionDeclaration>(mustSatisfy = { QueryTree(it.name.localName) eq "foo" })
+queryResult

codyze-core/src/main/kotlin/de/fraunhofer/aisec/codyze/QueryHost.kt

@@ -0,0 +1,49 @@
+/*
+ * Copyright (c) 2025, Fraunhofer AISEC. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ *                    $$$$$$\  $$$$$$$\   $$$$$$\
+ *                   $$  __$$\ $$  __$$\ $$  __$$\
+ *                   $$ /  \__|$$ |  $$ |$$ /  \__|
+ *                   $$ |      $$$$$$$  |$$ |$$$$\
+ *                   $$ |      $$  ____/ $$ |\_$$ |
+ *                   $$ |  $$\ $$ |      $$ |  $$ |
+ *                   \$$$$$   |$$ |      \$$$$$   |
+ *                    \______/ \__|       \______/
+ *
+ */
+package de.fraunhofer.aisec.codyze
+
+import de.fraunhofer.aisec.cpg.TranslationResult
+import java.io.File
+import kotlin.script.experimental.api.*
+import kotlin.script.experimental.host.toScriptSource
+import kotlin.script.experimental.jvmhost.BasicJvmScriptingHost
+import kotlin.script.experimental.jvmhost.createJvmCompilationConfigurationFromTemplate
+import kotlin.script.experimental.jvmhost.createJvmEvaluationConfigurationFromTemplate
+
+fun TranslationResult.evalQuery(scriptFile: File): ResultWithDiagnostics<EvaluationResult> {
+    val evalCtx = QueryScriptContext(this)
+
+    val compilationConfiguration = createJvmCompilationConfigurationFromTemplate<QueryScript>()
+    val evaluationConfiguration =
+        createJvmEvaluationConfigurationFromTemplate<QueryScript> { implicitReceivers(evalCtx) }
+    val scriptResult =
+        BasicJvmScriptingHost()
+            .eval(scriptFile.toScriptSource(), compilationConfiguration, evaluationConfiguration)
+
+    println(scriptResult)
+
+    return scriptResult
+}

codyze-core/src/main/kotlin/de/fraunhofer/aisec/codyze/QueryScriptDefinition.kt

@@ -0,0 +1,59 @@
+/*
+ * Copyright (c) 2025, Fraunhofer AISEC. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ *                    $$$$$$\  $$$$$$$\   $$$$$$\
+ *                   $$  __$$\ $$  __$$\ $$  __$$\
+ *                   $$ /  \__|$$ |  $$ |$$ /  \__|
+ *                   $$ |      $$$$$$$  |$$ |$$$$\
+ *                   $$ |      $$  ____/ $$ |\_$$ |
+ *                   $$ |  $$\ $$ |      $$ |  $$ |
+ *                   \$$$$$   |$$ |      \$$$$$   |
+ *                    \______/ \__|       \______/
+ *
+ */
+package de.fraunhofer.aisec.codyze
+
+import de.fraunhofer.aisec.cpg.TranslationResult
+import kotlin.script.experimental.annotations.KotlinScript
+import kotlin.script.experimental.api.*
+import kotlin.script.experimental.jvm.dependenciesFromCurrentContext
+import kotlin.script.experimental.jvm.jvm
+
+@KotlinScript(
+    // File extension for the script type
+    fileExtension = "query.kts",
+    // Compilation configuration for the script type
+    compilationConfiguration = QueryScriptConfiguration::class,
+)
+abstract class QueryScript
+
+open class QueryScriptContext(val result: TranslationResult)
+
+object QueryScriptConfiguration :
+    ScriptCompilationConfiguration({
+        baseClass(QueryScript::class)
+        jvm { dependenciesFromCurrentContext(wholeClasspath = true) }
+        implicitReceivers(QueryScriptContext::class)
+        compilerOptions("-Xcontext-receivers", "-jvm-target=17")
+        defaultImports.append(
+            "de.fraunhofer.aisec.codyze.*",
+            "de.fraunhofer.aisec.cpg.*",
+            "de.fraunhofer.aisec.cpg.graph.*",
+            "de.fraunhofer.aisec.cpg.query.*",
+        )
+        ide { acceptedLocations(ScriptAcceptedLocation.Everywhere) }
+    }) {
+    private fun readResolve(): Any = QueryScriptConfiguration
+}

codyze-core/src/main/resources/META-INF/kotlin/script/templates/de.fraunhofer.aisec.codyze.QueryScript.classname

@@ -0,0 +1,14 @@
+<Configuration status="WARN">
+	<Appenders>
+		<Console name="STDOUT" target="SYSTEM_OUT">
+			<PatternLayout pattern="%d{HH:mm:ss,SSS} %-5p %C{1} %m%n"/>
+			<ThresholdFilter level="DEBUG"/>
+		</Console>
+	</Appenders>
+	<Loggers>
+		<Logger level="DEBUG" name="de.fraunhofer.aisec"/>
+		<Root level="DEBUG">
+			<AppenderRef ref="STDOUT"/>
+		</Root>
+	</Loggers>
+</Configuration>