├── 01-CodeQL资源 ├── 04-学术刊物 │ ├── 1903.02436.pdf │ ├── 1908.09157.pdf │ ├── 2108.09293.pdf │ ├── Conf_Poster_Production.pdf │ ├── LIPIcs-ECOOP-2016-2.pdf │ ├── QL_Object-Oriented_Queries_Made_Easy.pdf │ ├── algebraic-data-types.pdf │ ├── measuring-software-development.pdf │ ├── ql-for-source-code-analysis.pdf │ └── tracking-analysis-violations.pdf ├── 05-其他资源 │ └── 04 无名侠 CodeQL 漏洞挖掘分享.pdf ├── README.md └── TEMP │ ├── CodeQL 闭源应用创建数据库 & SQL注入.pdf │ ├── Java中的QL使用 │ ├── CodeQL的Java类库CodeQLibraryorava).pdf │ ├── Java中易于溢出的比较Overflow-proneomparisonsnava).pdf │ ├── Java中的注解Annotationsnava).pdf │ ├── Java中的类型Typenava).pdf │ ├── java中的注释Javadoc).pdf │ ├── 分析Java中的数据流Analyzingatalownava).pdf │ ├── 对Java代码的基本查询Basicueryoravaode).pdf │ ├── 导航调用图Navigatingheallraph).pdf │ ├── 用于Java程序的抽象语法树类Abstractyntaxreelassesororking.pdf │ └── 获取代码的位置信息Workingithourceocations).pdf │ ├── githubsatelliteworkshops │ └── codeql-master.zip │ └── wx.png ├── 02-CodeQL基础 └── README.md ├── 03-CodeQL语言 ├── 01-基础语法 │ ├── QL基础.pdf │ ├── QL语言基本数据类型.pdf │ ├── 公式Formulas).pdf │ ├── 其他.pdf │ ├── 别名Aliases).pdf │ ├── 变量Variables).pdf │ ├── 查询Querie).pdf │ ├── 模块Modules).pdf │ ├── 注解Annotations).pdf │ ├── 类Class).pdf │ ├── 表达式Expressions).pdf │ ├── 谓词Predicates).pdf │ └── 递归Recursion).pdf └── README.md ├── 04-CodeQL进阶 └── README.md ├── 05-CodeQL案例 └── README.md ├── 06-CodeQL参考 └── README.md └── README.md /01-CodeQL资源/04-学术刊物/1903.02436.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ASTTeam/CodeQL/703876068920ae5b3211b63bdb390f9d506c38ce/01-CodeQL资源/04-学术刊物/1903.02436.pdf -------------------------------------------------------------------------------- /01-CodeQL资源/04-学术刊物/1908.09157.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ASTTeam/CodeQL/703876068920ae5b3211b63bdb390f9d506c38ce/01-CodeQL资源/04-学术刊物/1908.09157.pdf -------------------------------------------------------------------------------- /01-CodeQL资源/04-学术刊物/2108.09293.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ASTTeam/CodeQL/703876068920ae5b3211b63bdb390f9d506c38ce/01-CodeQL资源/04-学术刊物/2108.09293.pdf -------------------------------------------------------------------------------- /01-CodeQL资源/04-学术刊物/Conf_Poster_Production.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ASTTeam/CodeQL/703876068920ae5b3211b63bdb390f9d506c38ce/01-CodeQL资源/04-学术刊物/Conf_Poster_Production.pdf -------------------------------------------------------------------------------- /01-CodeQL资源/04-学术刊物/LIPIcs-ECOOP-2016-2.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ASTTeam/CodeQL/703876068920ae5b3211b63bdb390f9d506c38ce/01-CodeQL资源/04-学术刊物/LIPIcs-ECOOP-2016-2.pdf -------------------------------------------------------------------------------- /01-CodeQL资源/04-学术刊物/QL_Object-Oriented_Queries_Made_Easy.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ASTTeam/CodeQL/703876068920ae5b3211b63bdb390f9d506c38ce/01-CodeQL资源/04-学术刊物/QL_Object-Oriented_Queries_Made_Easy.pdf -------------------------------------------------------------------------------- /01-CodeQL资源/04-学术刊物/algebraic-data-types.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ASTTeam/CodeQL/703876068920ae5b3211b63bdb390f9d506c38ce/01-CodeQL资源/04-学术刊物/algebraic-data-types.pdf -------------------------------------------------------------------------------- /01-CodeQL资源/04-学术刊物/measuring-software-development.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ASTTeam/CodeQL/703876068920ae5b3211b63bdb390f9d506c38ce/01-CodeQL资源/04-学术刊物/measuring-software-development.pdf -------------------------------------------------------------------------------- /01-CodeQL资源/04-学术刊物/ql-for-source-code-analysis.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ASTTeam/CodeQL/703876068920ae5b3211b63bdb390f9d506c38ce/01-CodeQL资源/04-学术刊物/ql-for-source-code-analysis.pdf -------------------------------------------------------------------------------- /01-CodeQL资源/04-学术刊物/tracking-analysis-violations.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ASTTeam/CodeQL/703876068920ae5b3211b63bdb390f9d506c38ce/01-CodeQL资源/04-学术刊物/tracking-analysis-violations.pdf -------------------------------------------------------------------------------- /01-CodeQL资源/05-其他资源/04 无名侠 CodeQL 漏洞挖掘分享.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ASTTeam/CodeQL/703876068920ae5b3211b63bdb390f9d506c38ce/01-CodeQL资源/05-其他资源/04 无名侠 CodeQL 漏洞挖掘分享.pdf -------------------------------------------------------------------------------- /01-CodeQL资源/README.md: -------------------------------------------------------------------------------- 1 | # 01-CodeQL资源 2 | 3 | 01-CodeQL资源 4 | 5 | -------------------------------------------------------------------------------- /01-CodeQL资源/TEMP/CodeQL 闭源应用创建数据库 & SQL注入.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ASTTeam/CodeQL/703876068920ae5b3211b63bdb390f9d506c38ce/01-CodeQL资源/TEMP/CodeQL 闭源应用创建数据库 & SQL注入.pdf -------------------------------------------------------------------------------- /01-CodeQL资源/TEMP/Java中的QL使用/CodeQL的Java类库CodeQLibraryorava).pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ASTTeam/CodeQL/703876068920ae5b3211b63bdb390f9d506c38ce/01-CodeQL资源/TEMP/Java中的QL使用/CodeQL的Java类库CodeQLibraryorava).pdf -------------------------------------------------------------------------------- /01-CodeQL资源/TEMP/Java中的QL使用/Java中易于溢出的比较Overflow-proneomparisonsnava).pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ASTTeam/CodeQL/703876068920ae5b3211b63bdb390f9d506c38ce/01-CodeQL资源/TEMP/Java中的QL使用/Java中易于溢出的比较Overflow-proneomparisonsnava).pdf -------------------------------------------------------------------------------- /01-CodeQL资源/TEMP/Java中的QL使用/Java中的注解Annotationsnava).pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ASTTeam/CodeQL/703876068920ae5b3211b63bdb390f9d506c38ce/01-CodeQL资源/TEMP/Java中的QL使用/Java中的注解Annotationsnava).pdf -------------------------------------------------------------------------------- /01-CodeQL资源/TEMP/Java中的QL使用/Java中的类型Typenava).pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ASTTeam/CodeQL/703876068920ae5b3211b63bdb390f9d506c38ce/01-CodeQL资源/TEMP/Java中的QL使用/Java中的类型Typenava).pdf -------------------------------------------------------------------------------- /01-CodeQL资源/TEMP/Java中的QL使用/java中的注释Javadoc).pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ASTTeam/CodeQL/703876068920ae5b3211b63bdb390f9d506c38ce/01-CodeQL资源/TEMP/Java中的QL使用/java中的注释Javadoc).pdf -------------------------------------------------------------------------------- /01-CodeQL资源/TEMP/Java中的QL使用/分析Java中的数据流Analyzingatalownava).pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ASTTeam/CodeQL/703876068920ae5b3211b63bdb390f9d506c38ce/01-CodeQL资源/TEMP/Java中的QL使用/分析Java中的数据流Analyzingatalownava).pdf -------------------------------------------------------------------------------- /01-CodeQL资源/TEMP/Java中的QL使用/对Java代码的基本查询Basicueryoravaode).pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ASTTeam/CodeQL/703876068920ae5b3211b63bdb390f9d506c38ce/01-CodeQL资源/TEMP/Java中的QL使用/对Java代码的基本查询Basicueryoravaode).pdf -------------------------------------------------------------------------------- /01-CodeQL资源/TEMP/Java中的QL使用/导航调用图Navigatingheallraph).pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ASTTeam/CodeQL/703876068920ae5b3211b63bdb390f9d506c38ce/01-CodeQL资源/TEMP/Java中的QL使用/导航调用图Navigatingheallraph).pdf -------------------------------------------------------------------------------- /01-CodeQL资源/TEMP/Java中的QL使用/用于Java程序的抽象语法树类Abstractyntaxreelassesororking.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ASTTeam/CodeQL/703876068920ae5b3211b63bdb390f9d506c38ce/01-CodeQL资源/TEMP/Java中的QL使用/用于Java程序的抽象语法树类Abstractyntaxreelassesororking.pdf -------------------------------------------------------------------------------- /01-CodeQL资源/TEMP/Java中的QL使用/获取代码的位置信息Workingithourceocations).pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ASTTeam/CodeQL/703876068920ae5b3211b63bdb390f9d506c38ce/01-CodeQL资源/TEMP/Java中的QL使用/获取代码的位置信息Workingithourceocations).pdf -------------------------------------------------------------------------------- /01-CodeQL资源/TEMP/githubsatelliteworkshops/codeql-master.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ASTTeam/CodeQL/703876068920ae5b3211b63bdb390f9d506c38ce/01-CodeQL资源/TEMP/githubsatelliteworkshops/codeql-master.zip -------------------------------------------------------------------------------- /01-CodeQL资源/TEMP/wx.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ASTTeam/CodeQL/703876068920ae5b3211b63bdb390f9d506c38ce/01-CodeQL资源/TEMP/wx.png -------------------------------------------------------------------------------- /02-CodeQL基础/README.md: -------------------------------------------------------------------------------- 1 | # 02-CodeQL基础 2 | 3 | 02-CodeQL技术基础 4 | 5 | -------------------------------------------------------------------------------- /03-CodeQL语言/01-基础语法/QL基础.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ASTTeam/CodeQL/703876068920ae5b3211b63bdb390f9d506c38ce/03-CodeQL语言/01-基础语法/QL基础.pdf -------------------------------------------------------------------------------- /03-CodeQL语言/01-基础语法/QL语言基本数据类型.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ASTTeam/CodeQL/703876068920ae5b3211b63bdb390f9d506c38ce/03-CodeQL语言/01-基础语法/QL语言基本数据类型.pdf -------------------------------------------------------------------------------- /03-CodeQL语言/01-基础语法/公式Formulas).pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ASTTeam/CodeQL/703876068920ae5b3211b63bdb390f9d506c38ce/03-CodeQL语言/01-基础语法/公式Formulas).pdf -------------------------------------------------------------------------------- /03-CodeQL语言/01-基础语法/其他.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ASTTeam/CodeQL/703876068920ae5b3211b63bdb390f9d506c38ce/03-CodeQL语言/01-基础语法/其他.pdf -------------------------------------------------------------------------------- /03-CodeQL语言/01-基础语法/别名Aliases).pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ASTTeam/CodeQL/703876068920ae5b3211b63bdb390f9d506c38ce/03-CodeQL语言/01-基础语法/别名Aliases).pdf -------------------------------------------------------------------------------- /03-CodeQL语言/01-基础语法/变量Variables).pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ASTTeam/CodeQL/703876068920ae5b3211b63bdb390f9d506c38ce/03-CodeQL语言/01-基础语法/变量Variables).pdf -------------------------------------------------------------------------------- /03-CodeQL语言/01-基础语法/查询Querie).pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ASTTeam/CodeQL/703876068920ae5b3211b63bdb390f9d506c38ce/03-CodeQL语言/01-基础语法/查询Querie).pdf -------------------------------------------------------------------------------- /03-CodeQL语言/01-基础语法/模块Modules).pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ASTTeam/CodeQL/703876068920ae5b3211b63bdb390f9d506c38ce/03-CodeQL语言/01-基础语法/模块Modules).pdf -------------------------------------------------------------------------------- /03-CodeQL语言/01-基础语法/注解Annotations).pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ASTTeam/CodeQL/703876068920ae5b3211b63bdb390f9d506c38ce/03-CodeQL语言/01-基础语法/注解Annotations).pdf -------------------------------------------------------------------------------- /03-CodeQL语言/01-基础语法/类Class).pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ASTTeam/CodeQL/703876068920ae5b3211b63bdb390f9d506c38ce/03-CodeQL语言/01-基础语法/类Class).pdf -------------------------------------------------------------------------------- /03-CodeQL语言/01-基础语法/表达式Expressions).pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ASTTeam/CodeQL/703876068920ae5b3211b63bdb390f9d506c38ce/03-CodeQL语言/01-基础语法/表达式Expressions).pdf -------------------------------------------------------------------------------- /03-CodeQL语言/01-基础语法/谓词Predicates).pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ASTTeam/CodeQL/703876068920ae5b3211b63bdb390f9d506c38ce/03-CodeQL语言/01-基础语法/谓词Predicates).pdf -------------------------------------------------------------------------------- /03-CodeQL语言/01-基础语法/递归Recursion).pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ASTTeam/CodeQL/703876068920ae5b3211b63bdb390f9d506c38ce/03-CodeQL语言/01-基础语法/递归Recursion).pdf -------------------------------------------------------------------------------- /03-CodeQL语言/README.md: -------------------------------------------------------------------------------- 1 | # 03-CodeQL语言 2 | 3 | 03-CodeQL语言 4 | 5 | -------------------------------------------------------------------------------- /04-CodeQL进阶/README.md: -------------------------------------------------------------------------------- 1 | # 04-CodeQL进阶 2 | 3 | 04-CodeQL进阶 4 | 5 | -------------------------------------------------------------------------------- /05-CodeQL案例/README.md: -------------------------------------------------------------------------------- 1 | # 05-CodeQL案例 2 | 3 | 05-CodeQL案例 4 | 5 | -------------------------------------------------------------------------------- /06-CodeQL参考/README.md: -------------------------------------------------------------------------------- 1 | # 06-CodeQL参考 2 | 3 | 06-CodeQL参考 4 | 5 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # 《深入理解CodeQL》 2 | 3 | ![CodeQL](https://socialify.git.ci/ASTTeam/CodeQL/image?description=1&font=Inter&forks=1&issues=1&name=1&owner=1&pattern=Floating%20Cogs&pulls=1&stargazers=1&theme=Light) 4 | 5 | 本项目收集CodeQL相关内容,包括CodeQL的设计原理实现方法或使用CodeQL进行的漏洞挖掘案例等。其优点在于可以利用已知的漏洞信息来挖掘类似的漏洞,就像处理数据一样寻找漏洞。基于语义的代码分析思想在SAST领域更将会是一把利剑,这种思想更是下一代代码审计工具的发展方向。但CodeQL往往更适合开发人员对自己项目的漏洞自检,在某些环节处理上还存在较大问题,技术瓶颈有待提高。作者:[0e0w](https://github.com/0e0w) 6 | 7 | 本项目创建于2021年12月13日,最近的一次更新时间为2023年11月21日。 8 | 9 | - [01-CodeQL资源](https://github.com/ASTTeam/CodeQL#01-CodeQL%E8%B5%84%E6%BA%90) 10 | - [02-CodeQL基础](https://github.com/ASTTeam/CodeQL#02-codeql%E5%9F%BA%E7%A1%80) 11 | - [03-CodeQL语言](https://github.com/ASTTeam/CodeQL#03-CodeQL%E8%AF%AD%E8%A8%80) 12 | - [04-CodeQL进阶](https://github.com/ASTTeam/CodeQL#04-CodeQL%E8%BF%9B%E9%98%B6) 13 | - [05-CodeQL案例](https://github.com/ASTTeam/CodeQL#05-CodeQL%E6%A1%88%E4%BE%8B) 14 | - [06-CodeQL参考](https://github.com/ASTTeam/CodeQL#06-CodeQL%E5%8F%82%E8%80%83) 15 | 16 | ## 01-CodeQL资源 17 | 18 | 本章节收集整理CodeQL的相关资源内容,文章内容质量参差不齐,建议深入学习官方资源! 19 | 20 | 一、官方资源 21 | - [ ] https://codeql.github.com/docs 22 | - [ ] https://github.com/github/codeql 23 | - [ ] https://github.com/github/codeql-go 24 | - [ ] https://github.com/github/codeql-cli-binaries 25 | - [ ] https://github.com/github/vscode-codeql-starter 26 | - [ ] https://github.com/github/codeql-learninglab-actions 27 | - [ ] https://github.com/github/securitylab/issues 28 | - [ ] https://github.com/github/securitylab 29 | 30 | 二、优秀资源 31 | - [ ] [《深入理解CodeQL》](https://github.com/ASTTeam/CodeQL)@0e0w 32 | - [x] [《CodeQL 学习笔记》](https://www.yuque.com/loulan-b47wt/rc30f7/)@楼兰 33 | - [x] [《Codeql学习笔记》](https://github.com/safe6Sec/CodeqlNote)@safe6Sec 34 | - [x] [《记录学习codeql的过程》](https://github.com/Firebasky/CodeqlLearn)@Firebasky 35 | - [x] [《CodeQL Java 全网最全的中文学习资料》](https://github.com/SummerSec/learning-codeql)@SummerSec 36 | - [x] [《代码分析平台CodeQL学习手记》](https://www.4hou.com/posts/o6wX)@fanyeee 37 | - [ ] [《静态分析☞CodeQL/Soot/SAST》](https://github.com/pen4uin/static-analysis)@pen4uin 38 | - [x] [《Finding security vulnerabilities with CodeQL》](https://github.com/githubsatelliteworkshops/codeql)@GitHub Satellite Workshops 39 | - [ ] [《CodeQL 寻找 JNDI利用 Lookup接口》](https://github.com/SummerSec/LookupInterface)@SummerSec 40 | - [ ] ~~[《CodeQL中文入门教程》](https://github.com/Cl0udG0d/codeqlCnLearn)@Cl0udG0d~~ 41 | - [ ] https://github.com/haby0/mark 42 | - [ ] https://github.com/johnjohncom/webinar-2021sep-codeql2 43 | - [ ] https://github.com/githubsatelliteworkshops/codeql-cpp 44 | - [ ] https://github.com/pwntester/codeql_grehack_workshop 45 | - [ ] https://github.com/haby0/sec-note 46 | 47 | 三、视频资源 48 | - [ ] [《CodeQL合集》](https://www.bilibili.com/video/BV1TL411L7ha) 49 | - [ ] [《使用 CodeQL 挖掘 Java 应用漏洞》](https://www.bilibili.com/video/BV153411r7HW) 50 | - [ ] [《Discover vulnerabilities with CodeQL》](https://www.bugbounty-videos.com/discover-vulnerabilities-with-codeql/)@admin4571 51 | - [ ] https://www.youtube.com/watch?v=y_-pIbsr7jc 52 | - [ ] https://www.youtube.com/watch?v=G_yDbouY0tM 53 | 54 | 四、学术刊物 55 | - https://codeql.github.com/publications 56 | 57 | 五、其他资源 58 | - 先知 59 | - [x] https://xz.aliyun.com/search?keyword=Codeql 60 | - [ ] [CodeQL 提升篇](https://xz.aliyun.com/t/10852)@Ironf4 61 | - [ ] https://xz.aliyun.com/t/7789 62 | - [ ] https://xz.aliyun.com/t/10829 63 | - [ ] https://xz.aliyun.com/t/10756 64 | - [ ] https://xz.aliyun.com/t/10755 65 | - [ ] https://xz.aliyun.com/t/10707 66 | - [ ] https://xz.aliyun.com/t/10046 67 | - [ ] https://xz.aliyun.com/t/9275 68 | - [ ] https://xz.aliyun.com/t/7979 69 | - [ ] https://xz.aliyun.com/t/7657 70 | - 跳跳糖 71 | - [x] https://tttang.com/?keyword=codeql 72 | - [ ] https://tttang.com/archive/1511 73 | - [ ] https://tttang.com/archive/1512 74 | - [ ] https://tttang.com/archive/1322 75 | - [ ] https://tttang.com/archive/1353 76 | - [ ] https://tttang.com/archive/1415 77 | - [ ] https://tttang.com/archive/1378 78 | - [ ] https://tttang.com/archive/1314 79 | - [ ] https://tttang.com/archive/1497 80 | - [ ] https://tttang.com/archive/1570 81 | - [ ] https://tttang.com/archive/1660 82 | - [ ] https://tttang.com/archive/1704 83 | - 安全客 84 | - [x] https://www.anquanke.com/search?s=codeql 85 | - [ ] https://www.anquanke.com/post/id/266823 86 | - [ ] https://www.anquanke.com/post/id/157583 87 | - [ ] https://www.anquanke.com/post/id/212305 88 | - [ ] https://www.anquanke.com/post/id/193171 89 | - [ ] https://www.anquanke.com/post/id/266824 90 | - 知乎 91 | - [ ] https://www.zhihu.com/search?type=content&q=codeql 92 | - [ ] https://zhuanlan.zhihu.com/p/354275826 93 | - [ ] https://zhuanlan.zhihu.com/p/137569940 94 | - [ ] https://zhuanlan.zhihu.com/p/479431942 95 | - [ ] https://zhuanlan.zhihu.com/p/451369565 96 | - [ ] https://zhuanlan.zhihu.com/p/92769710 97 | - [ ] https://zhuanlan.zhihu.com/p/463665699 98 | - [ ] https://zhuanlan.zhihu.com/p/451364774 99 | - [ ] https://zhuanlan.zhihu.com/p/466504018 100 | - [ ] https://zhuanlan.zhihu.com/p/448538180 101 | - [ ] https://zhuanlan.zhihu.com/p/475499290 102 | - [ ] https://zhuanlan.zhihu.com/p/466932373 103 | - 微信 104 | - [ ] https://mp.weixin.qq.com/s/jVZ3Op8FYBmiFAV3p0li3w 105 | - [ ] https://mp.weixin.qq.com/s/KQso2nvWx737smunUHwXag 106 | - [ ] https://mp.weixin.qq.com/s/sAUSgRAohFlmzwSkkWjp9Q 107 | - [ ] https://mp.weixin.qq.com/s/3mlRedFwPz31Rwe7VDBAuA 108 | - [ ] https://mp.weixin.qq.com/s/zSI157qJXYivSvyxHzXALQ 109 | - [ ] https://mp.weixin.qq.com/s/Rqo12z9mapwlj6wGHZ1zZA 110 | - [ ] https://mp.weixin.qq.com/s/DW0PJfRC0LtMOYx1CQPWpA 111 | - [ ] https://mp.weixin.qq.com/s/mDWqyw5aRxBnW4Sewt9sLQ 112 | - Freebuf 113 | - [x] https://search.freebuf.com/search/?search=codeql#article 114 | - [ ] https://www.freebuf.com/articles/web/283795.html 115 | - [ ] https://www.freebuf.com/articles/network/316551.html 116 | - [ ] https://www.freebuf.com/sectool/291916.html 117 | - [ ] https://wiki.freebuf.com/detail?wiki=106&post=319285 118 | - Github 119 | - [ ] https://github.com/l3yx/Choccy 120 | - [ ] https://github.com/Semmle/SecurityQueries 121 | - [ ] https://github.com/artem-smotrakov/ql-fun 122 | - [ ] https://github.com/s0/language-ql 123 | - [ ] https://github.com/pwntester/codeql-cs-template 124 | - [ ] https://github.com/ghas-bootcamp/ghas-bootcamp 125 | - [ ] https://github.com/zbazztian/codeql-inject 126 | - [ ] https://github.com/zbazztian/codeql-tools 127 | - [ ] https://github.com/JLLeitschuh/lgtm_hack_scripts 128 | - [ ] https://github.com/silentsignal/jms-codeql 129 | - [ ] https://github.com/Marcono1234/codeql-jdk-docker 130 | - [ ] https://github.com/j3ssie/codeql-docker 131 | - [ ] https://github.com/microsoft/codeql-container 132 | - [ ] https://github.com/zbazztian/codeql-debug 133 | - [ ] https://github.com/dsp-testing/codeql-action 134 | - [ ] https://github.com/uainc/codeql-example-01 135 | - [ ] https://github.com/advanced-security/custom-codeql-bundle 136 | - [ ] https://github.com/iflody/codeql-workshop 137 | - [ ] https://github.com/dassencio/parallel-code-scanning 138 | - [ ] https://github.com/advanced-security/codeql-basics 139 | - [ ] https://github.com/vchekan/CodeQL 140 | - [ ] https://github.com/ThibaudLopez/GHAS 141 | - [ ] https://github.com/synacktiv/QLinspector 142 | - [ ] https://github.com/advanced-security/codeql-workshop-2021-learning-journey 143 | - Medium 144 | - [ ] [《The journey of CodeQL》 ](https://medium.com/@qazbnm456/the-journey-of-codeql-part-1-cc4c6f3c610a)@Boik Su 145 | - [ ] [《CodeQL thần chưởng》](https://testbnull.medium.com/codeql-th%E1%BA%A7n-ch%C6%B0%E1%BB%9Fng-part-1-544a2b0df9d7)@Jang 146 | - [ ] [Hunting for XSS with CodeQL](https://medium.com/codex/hunting-for-xss-with-codeql-57f70763b938)@Daniel Santos 147 | - [ ] [Detect dangerous RMI objects with CodeQL](https://medium.com/geekculture/detecting-dangerous-rmi-objects-with-codeql-33e03686921f)@Artem Smotrakov 148 | - [ ] [About the CodeQL for research](https://medium.com/@lalida_a/about-the-codeql-for-research-c0686053337a)@Lalida Aramrueng 149 | - [ ] [Detecting Jackson deserialization vulnerabilities with CodeQL](https://medium.com/geekculture/detecting-jackson-deserialization-vulnerabilities-with-codeql-8ec6353c5cc6)@Artem Smotrakov 150 | - [ ] [Using CodeQL to detect client-side vulnerabilities in web applications](https://medium.com/@theRaz0r/using-codeql-to-detect-client-side-vulnerabilities-in-web-applications-1f4e4c773433)@Arseny Reutov 151 | - 其他博客 152 | - [ ] https://bestwing.me/codeql.html 153 | - [ ] https://lfysec.top/2020/06/03/CodeQL%E7%AC%94%E8%AE%B0/ 154 | - [ ] https://docs.microsoft.com/zh-cn/windows-hardware/drivers/devtest/static-tools-and-codeql 155 | - [ ] https://codeantenna.com/a/fnmZS3Qg4F 156 | - [ ] https://www.cnblogs.com/goodhacker/p/ 157 | - [ ] https://geekmasher.dev/posts/sast/codeql-introduction 158 | - [ ] http://blog.gamous.cn/post/codeql 159 | - [ ] https://www.cnblogs.com/goodhacker/p/13583650.html 160 | - [ ] https://yourbutterfly.github.io/note-site/module/semmle-ql/codeql 161 | - [ ] https://fynch3r.github.io/tags/CodeQL 162 | - [ ] https://blog.ycdxsb.cn/categories/research/codeql 163 | - [ ] https://cloud.tencent.com/developer/article/1645870 164 | - [ ] https://jorgectf.github.io/blog/post/practical-codeql-introduction 165 | - [ ] https://www.slideshare.net/shabgrd/semmle-codeql 166 | - [ ] https://blog.szfszf.top/article/59 167 | - [ ] https://firebasky.github.io/2022/03/22/Codeql-excavate-Java-quadratic-deserialization 168 | - [ ] https://www.synacktiv.com/en/publications/finding-gadgets-like-its-2022.html 169 | - [ ] https://github.com/waderwu/extractor-java 170 | - [ ] https://github.com/zbazztian/codeql-tools 171 | - [ ] https://paper.seebug.org/1921 172 | - [ ] https://github.com/webraybtl/codeQlpy 173 | 174 | ## 02-CodeQL基础 175 | 176 | 本章节介绍CodeQL的基础用法及设计思路实现原理等! 177 | 178 | - AST、source、sink、 179 | - CodeQL的处理对象并不是源码本身,而是中间生成的AST结构数据库,所以我们先需要把我们的项目源码转换成CodeQL能够识别的CodeDatabase。 180 | - 1、创建数据库。2、对数据库进行查找。3、分析查询结果发现漏洞 181 | - Engine、Database、Queries 182 | - AutoBuilder、extractor、trap、逻辑谓词、连接词、逻辑连接词、predicate 183 | - CodeQL的缺点?不能直接通过打包好的程序进行代码审计。 184 | 185 | 一、CodeQL安装 186 | 187 | 二、CodeQL语法 188 | - https://github.com/semmle/ql 189 | 190 | 三、CodeQL数据库 191 | - https://github.com/waderwu/extractor-java 192 | - https://lgtm.com/help/lgtm/generate-database 193 | - 生成数据库之前,需要先保证被分析程序可以正常跑起来。 194 | - 创建数据库 195 | - codeql database create java-db --language=java 196 | - codeql database create java-db --language=java --command='mvn clean install' 197 | - codeql database create cpp-database --language=cpp --command=make 198 | - codeql database create csharp-database --language=csharp --command='dotnet build /t:rebuild 199 | - codeql database create csharp-database --language=csharp --command='dotnet build /p:UseSharedCompilation=false /t:rebuild' 200 | - codeql database create java-database --language=java --command='gradle clean test' 201 | - codeql database create java-database --language=java --command='mvn clean install' 202 | - codeql database create java-database --language=java --command='ant -f build.xml' 203 | - codeql database create new-database --language=java --command='./scripts/build.sh' 204 | - 分析数据库 205 | - codeql database analyze java-db CWE-020.ql --format=csv --output=result.csv 206 | 207 | ## 03-CodeQL语言 208 | 209 | 本章节介绍QL语言的语法规则,包括优秀规则等内容。CodeQL为王,规则为先! 210 | 211 | 一、基础语法 212 | 213 | 二、规则编写 214 | - Java 215 | - C# 216 | - Go 217 | 218 | 三、官方规则 219 | 220 | 四、优秀规则 221 | - [ ] [《My CodeQL queries collection》](https://github.com/cldrn/codeql-queries)@cldrn 222 | - [ ] https://github.com/cor0ps/codeql 223 | - [ ] https://github.com/GeekMasher/security-queries 224 | - [ ] https://github.com/Marcono1234/codeql-java-queries 225 | - [ ] https://github.com/imagemlt/myQLrules 226 | - [ ] https://github.com/advanced-security/codeql-queries 227 | - [ ] https://github.com/jenkins-infra/jenkins-codeql 228 | - [ ] https://github.com/ice-doom/CodeQLRule 229 | - [ ] https://github.com/zbazztian/codeql-queries 230 | 231 | ## 04-CodeQL进阶 232 | 233 | 本章节是针对不同的开发语言进行CodeQL扫描的例子,本章节待整理。 234 | 235 | 一、Java安全分析 236 | - https://codeql.github.com/codeql-query-help/java 237 | - https://codeql.github.com/codeql-standard-libraries/java 238 | - https://lgtm.com/search?q=language%3Ajava&t=rules 239 | - [ ] https://github.com/msrkp/codeql_for_gadgets 240 | - [ ] https://github.com/chaimu100/java-test-for-codeql 241 | - [ ] https://github.com/synacktiv/QLinspector 242 | 243 | 二、C#安全分析 244 | - https://codeql.github.com/codeql-query-help/csharp/ 245 | - [ ] https://lgtm.com/search?q=language%3Acsharp&t=projects 246 | 247 | 三、Golang安全分析 248 | - https://codeql.github.com/codeql-query-help/go/ 249 | - https://lgtm.com/search?q=language%3Ago&t=rules 250 | - [ ] https://lgtm.com/search?q=language%3Ago&t=projects 251 | - [ ] https://codeql.github.com/codeql-standard-libraries/go 252 | - [ ] https://github.com/github/codeql-ctf-go-return 253 | - [ ] https://github.com/gagliardetto/codemill 254 | - [ ] http://f4bb1t.com/post/2020/12/16/codeql-for-golang-practise3 255 | - [ ] https://www.freebuf.com/articles/web/253491.html 256 | 257 | 四、Python 258 | - https://codeql.github.com/codeql-query-help/python/ 259 | - [ ] https://github.com/10thmagnitude/custom-codeql-python 260 | - [ ] https://github.com/AlexAltea/codeql-python 261 | 262 | 五、C++安全分析 263 | - [ ] https://github.com/trailofbits/itergator 264 | - [ ] https://github.com/0xcpu/codeql-uboot 265 | - [ ] https://github.com/RadCet/CodeQL 266 | 267 | 六、Ruby 268 | - https://github.com/agius/codeql_ruby 269 | 270 | 七、CodeQL工具 271 | - [x] https://github.com/ZhuriLab/Yi 272 | - [ ] https://github.com/ice-doom/codeql_compile 273 | - [x] https://github.com/hudangwei/codemillx 274 | - [ ] https://github.com/gagliardetto/codemill 275 | - [ ] https://github.com/pwntester/codeql.nvim 276 | - [ ] https://github.com/gagliardetto/codebox 277 | 278 | ## 05-CodeQL案例 279 | 280 | 本章节介绍CodeQL的具体使用案例,包括自己通过CodeQL挖掘的漏洞等内容。 281 | 282 | 一、大型应用分析 283 | - 分析Shiro 284 | - https://www.anquanke.com/post/id/256967 285 | - 分析Fastjson 286 | - https://xz.aliyun.com/t/7482 287 | - https://www.buaq.net/go-98696.html 288 | - https://www.anquanke.com/post/id/281733 289 | - 分析Log4j 290 | - https://www.anquanke.com/post/id/255721 291 | - https://www.freebuf.com/articles/web/318141.html 292 | - https://mp.weixin.qq.com/s/JYco8DysQNszMohH6zJEGw 293 | - 分析Dubbo 294 | - https://github.com/github/codeql-dubbo-workshop 295 | - https://mp.weixin.qq.com/s/B-uhbd5FApxSXnjPEFzArQ 296 | - https://securitylab.github.com/research/apache-dubbo 297 | - 分析kylin 298 | - https://xz.aliyun.com/t/8240 299 | - 分析grafana 300 | - https://xz.aliyun.com/t/10648 301 | - [用codeql分析grafana最新任意文件读取](https://github.com/safe6Sec/codeql-grafana) 302 | - 分析Hadoop 303 | - https://mp.weixin.qq.com/s/CyhWw4t8LdGhCpixacb6Xg 304 | - 分析Struts2 305 | - https://www.anquanke.com/post/id/157583 306 | 307 | 二、代码审计案例 308 | - https://www.anquanke.com/post/id/203674 309 | - https://www.jianshu.com/p/99942852a3aa 310 | - https://www.anquanke.com/post/id/202987 311 | - https://mp.weixin.qq.com/s/LmOFGAhqAKiO8VDQW4vvLg 312 | - https://github.com/hac425xxx/codeql-snippets 313 | - https://github.com/elManto/StaticAnalysisQueries 314 | 315 | ## 06-CodeQL参考 316 | 317 | - https://github.com/ASTTeam/CodeQL 318 | - https://github.com/pwntester 319 | - [微信公众号:xsser的博客](https://mp.weixin.qq.com/mp/profile_ext?action=home&__biz=MzA4NzA5OTYzNw==&scene=123#wechat_redirect) 320 | - [微信公众号:楼兰学习网络安全](https://mp.weixin.qq.com/s/7wJKMVyc36U-PciZGmjrcg) 321 | 322 | ## Stargazers 323 | 324 | [![Stargazers @ASTTeam/CodeQL](https://reporoster.com/stars/ASTTeam/CodeQL)](https://github.com/ASTTeam/CodeQL/stargazers) 325 | 326 | ## Forkers 327 | 328 | [![Forkers @ASTTeam/CodeQL](https://reporoster.com/forks/ASTTeam/CodeQL)](https://github.com/ASTTeam/CodeQL/network/members) 329 | 330 | ![](01-CodeQL资源/TEMP/wx.png) 331 | 332 | [![Stargazers over time](https://starchart.cc/ASTTeam/CodeQL.svg)](https://starchart.cc/ASTTeam/CodeQL) 333 | --------------------------------------------------------------------------------