Codeql c c++ ql 查询
Codeql c c++ ql queries
我想用codeql静态检查c c++代码的漏洞,比如:double free, array out of bounds, resource Allocates, releases unpaired等,哪里有ql脚本可以用。
这个SDK:https://github.com/github/codeql太乱了,太多了,能不能给个完整的ql脚本?
如果我自己写ql查询,是否需要学习相关语法?
求解答,万分感谢~! ^_^
这在很大程度上取决于您要使用 CodeQL 的环境。 license only permits you to use it on open source projects and for academic research (read the complete license for more information). If you want to add CodeQL code scanning to your GitHub repository, you can take a look at About code scanning with CodeQL.
如果您想自己编写查询,documentation is probably a good place to start. They also have a guide for getting started with CodeQL for C and C++, and tutorials. The language reference 也可能有用,但可能只有在您稍微熟悉它之后才有用。
CodeQL query help for C and C++ 可能也有帮助,可以查看哪些查询已经存在,以及它们是如何实现的。但是当然,尝试自己实施它们并进行一些练习也没有坏处。
我想用codeql静态检查c c++代码的漏洞,比如:double free, array out of bounds, resource Allocates, releases unpaired等,哪里有ql脚本可以用。 这个SDK:https://github.com/github/codeql太乱了,太多了,能不能给个完整的ql脚本? 如果我自己写ql查询,是否需要学习相关语法?
求解答,万分感谢~! ^_^
这在很大程度上取决于您要使用 CodeQL 的环境。 license only permits you to use it on open source projects and for academic research (read the complete license for more information). If you want to add CodeQL code scanning to your GitHub repository, you can take a look at About code scanning with CodeQL.
如果您想自己编写查询,documentation is probably a good place to start. They also have a guide for getting started with CodeQL for C and C++, and tutorials. The language reference 也可能有用,但可能只有在您稍微熟悉它之后才有用。
CodeQL query help for C and C++ 可能也有帮助,可以查看哪些查询已经存在,以及它们是如何实现的。但是当然,尝试自己实施它们并进行一些练习也没有坏处。