CodeQL一键代码审计

博主： admin
发布时间：2024 年 03 月 19 日
186 次浏览
暂无评论
2714字数
分类：网络安全

下载codeql-cli
https://github.com/github/codeql-cli-binaries/releases
添加环境变量

下载规则：https://github.com/github/codeql
然后解压压缩包

1.在项目目录下创建数据库
比如 codeql database create exam --language=java --command="mvn clean install"

2.执行扫描
codeql database analyze databasePath 规则名 --format=csv --output=result.csv
比如
codeql database analyze C:\test\online-examination-system-master\exam C:\test\codeql-main\java\ql\src\Security\CWE\CWE-089 --format=csv --output=java-results.csv

规则
java
1、zip slip（zip解压覆盖任意文件）
https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql

2、命令注入
https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql

https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql

3、cookie安全
https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-312/CleartextStorageCookie.ql

https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql

4、XSS
https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-079/XSS.ql

5、依赖漏洞
https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-1104/MavenPomDependsOnBintray.ql

https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql

6、反序列化
https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql

7、http头注入
https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql

https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql

8、url跳转
https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql

9、ldap注入
https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql

10、sql注入
https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql

https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-089/SqlUnescaped.ql

11、file权限&目录注入
https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-732/ReadingFromWorldWritableFile.ql

https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql

12、xml注入
https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-611/XXE.ql

13、SSL校验
https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql

14、弱加密
https://github.com/github/codeql/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql

15、随机数种子可预测
https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-335/PredictableSeed.ql

最后修改：2024 年 03 月 19 日

如果觉得我的文章对你有用，请随意赞赏

发表评论取消回复
使用cookie技术保留您的个人信息以便您下次快速评论，继续评论表示您已同意该条款

评论 *

私密评论

名称 *

🎲

邮箱 *

地址

CodeQL一键代码审计

admin • 2024 年 03 月 19 日

下载codeql-cli <a class="no-external-link" href="https://github.com/github/codeql-cli-binaries/releases" target="_blank">https://github.com/github/codeql-cli-binaries/releases</a> 添加环境变量下载规则：<a class="no-external-link" href="https://github.com/github/codeql" target="_blank">https://github.com/github/codeql</a> 然后解压压缩包1.在项目目录下创建数据库 比如 codeql database create exam --language=java --command="mvn clean install"2.执行扫描 codeql database analyze databasePath 规则名 --format=csv --output=result.csv 比如 codeql database analyze C:\test\online-examination-system-master\exam C:\test\codeql-main\java\ql\src\Security\CWE\CWE-089 --format=csv --output=java-results.csv规则 java 1、zip slip（zip解压覆盖任意文件） <a class="no-external-link" href="https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql" target="_blank">https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql</a>2、命令注入 <a class="no-external-link" href="https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql" target="_blank">https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql</a><a class="no-external-link" href="https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql" target="_blank">https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql</a>3、cookie安全 <a class="no-external-link" href="https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-312/CleartextStorageCookie.ql" target="_blank">https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-312/CleartextStorageCookie.ql</a><a class="no-external-link" href="https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql" target="_blank">https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql</a>4、XSS <a class="no-external-link" href="https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-079/XSS.ql" target="_blank">https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-079/XSS.ql</a>5、依赖漏洞 <a class="no-external-link" href="https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-1104/MavenPomDependsOnBintray.ql" target="_blank">https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-1104/MavenPomDependsOnBintray.ql</a><a class="no-external-link" href="https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql" target="_blank">https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql</a>6、反序列化 <a class="no-external-link" href="https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql" target="_blank">https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql</a>7、http头注入 <a class="no-external-link" href="https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql" target="_blank">https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql</a><a class="no-external-link" href="https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql" target="_blank">https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql</a>8、url跳转 <a class="no-external-link" href="https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql" target="_blank">https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql</a>9、ldap注入 <a class="no-external-link" href="https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql" target="_blank">https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql</a>10、sql注入 <a class="no-external-link" href="https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql" target="_blank">https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql</a><a class="no-external-link" href="https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-089/SqlUnescaped.ql" target="_blank">https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-089/SqlUnescaped.ql</a>11、file权限&目录注入 <a class="no-external-link" href="https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-732/ReadingFromWorldWritableFile.ql" target="_blank">https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-732/ReadingFromWorldWritableFile.ql</a><a class="no-external-link" href="https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql" target="_blank">https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql</a>12、xml注入 <a class="no-external-link" href="https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-611/XXE.ql" target="_blank">https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-611/XXE.ql</a>13、SSL校验 <a class="no-external-link" href="https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql" target="_blank">https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql</a>14、弱加密 <a class="no-external-link" href="https://github.com/github/codeql/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql" target="_blank">https://github.com/github/codeql/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql</a>15、随机数种子可预测 <a class="no-external-link" href="https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-335/PredictableSeed.ql" target="_blank">https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-335/PredictableSeed.ql</a>

发表评论 取消回复 使用cookie技术保留您的个人信息以便您下次快速评论，继续评论表示您已同意该条款

CodeQL一键代码审计

发表评论取消回复
使用cookie技术保留您的个人信息以便您下次快速评论，继续评论表示您已同意该条款