{"id":15026974,"url":"https://github.com/astteam/codeql","last_synced_at":"2026-02-08T09:04:49.276Z","repository":{"id":37314720,"uuid":"437916406","full_name":"ASTTeam/CodeQL","owner":"ASTTeam","description":"《深入理解CodeQL》Finding vulnerabilities with CodeQL.","archived":false,"fork":false,"pushed_at":"2023-11-21T04:58:48.000Z","size":17893,"stargazers_count":1665,"open_issues_count":1,"forks_count":177,"subscribers_count":17,"default_branch":"main","last_synced_at":"2025-08-09T03:47:54.344Z","etag":null,"topics":["0e0w","codeql","codeql-queries","devsecops","hackaspx","hackgolang","hackjava","javasec","learning-codeql","ql","sast","semmle-ql"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ASTTeam.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2021-12-13T15:01:40.000Z","updated_at":"2025-08-08T15:03:36.000Z","dependencies_parsed_at":"2024-01-16T20:39:01.122Z","dependency_job_id":null,"html_url":"https://github.com/ASTTeam/CodeQL","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/ASTTeam/CodeQL","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ASTTeam%2FCodeQL","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ASTTeam%2FCodeQL/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ASTTeam%2FCodeQL/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ASTTeam%2FCodeQL/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ASTTeam","download_url":"https://codeload.github.com/ASTTeam/CodeQL/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ASTTeam%2FCodeQL/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":269527550,"owners_count":24432441,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-09T02:00:10.424Z","response_time":111,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["0e0w","codeql","codeql-queries","devsecops","hackaspx","hackgolang","hackjava","javasec","learning-codeql","ql","sast","semmle-ql"],"created_at":"2024-09-24T20:05:32.199Z","updated_at":"2026-02-08T09:04:47.791Z","avatar_url":"https://github.com/ASTTeam.png","language":null,"readme":"# 《深入理解CodeQL》\n\n![CodeQL](https://socialify.git.ci/ASTTeam/CodeQL/image?description=1\u0026font=Inter\u0026forks=1\u0026issues=1\u0026name=1\u0026owner=1\u0026pattern=Floating%20Cogs\u0026pulls=1\u0026stargazers=1\u0026theme=Light)\n\n本项目收集CodeQL相关内容，包括CodeQL的设计原理实现方法或使用CodeQL进行的漏洞挖掘案例等。其优点在于可以利用已知的漏洞信息来挖掘类似的漏洞，就像处理数据一样寻找漏洞。基于语义的代码分析思想在SAST领域更将会是一把利剑，这种思想更是下一代代码审计工具的发展方向。但CodeQL往往更适合开发人员对自己项目的漏洞自检，在某些环节处理上还存在较大问题，技术瓶颈有待提高。作者：[0e0w](https://github.com/0e0w)\n\n本项目创建于2021年12月13日，最近的一次更新时间为2023年11月21日。\n\n- [01-CodeQL资源](https://github.com/ASTTeam/CodeQL#01-CodeQL%E8%B5%84%E6%BA%90)\n- [02-CodeQL基础](https://github.com/ASTTeam/CodeQL#02-codeql%E5%9F%BA%E7%A1%80)\n- [03-CodeQL语言](https://github.com/ASTTeam/CodeQL#03-CodeQL%E8%AF%AD%E8%A8%80)\n- [04-CodeQL进阶](https://github.com/ASTTeam/CodeQL#04-CodeQL%E8%BF%9B%E9%98%B6)\n- [05-CodeQL案例](https://github.com/ASTTeam/CodeQL#05-CodeQL%E6%A1%88%E4%BE%8B)\n- [06-CodeQL参考](https://github.com/ASTTeam/CodeQL#06-CodeQL%E5%8F%82%E8%80%83)\n\n## 01-CodeQL资源\n\n本章节收集整理CodeQL的相关资源内容，文章内容质量参差不齐，建议深入学习官方资源！\n\n一、官方资源\n- [ ] https://codeql.github.com/docs\n- [ ] https://github.com/github/codeql\n- [ ] https://github.com/github/codeql-go\n- [ ] https://github.com/github/codeql-cli-binaries\n- [ ] https://github.com/github/vscode-codeql-starter\n- [ ] https://github.com/github/codeql-learninglab-actions\n- [ ] https://github.com/github/securitylab/issues\n- [ ] https://github.com/github/securitylab\n\n二、优秀资源\n- [ ] [《深入理解CodeQL》](https://github.com/ASTTeam/CodeQL)@0e0w\n- [x] [《CodeQL 学习笔记》](https://www.yuque.com/loulan-b47wt/rc30f7/)@楼兰\n- [x] [《Codeql学习笔记》](https://github.com/safe6Sec/CodeqlNote)@safe6Sec\n- [x] [《记录学习codeql的过程》](https://github.com/Firebasky/CodeqlLearn)@Firebasky\n- [x] [《CodeQL Java 全网最全的中文学习资料》](https://github.com/SummerSec/learning-codeql)@SummerSec\n- [x] [《代码分析平台CodeQL学习手记》](https://www.4hou.com/posts/o6wX)@fanyeee\n- [ ] [《静态分析☞CodeQL/Soot/SAST》](https://github.com/pen4uin/static-analysis)@pen4uin\n- [x] [《Finding security vulnerabilities with CodeQL》](https://github.com/githubsatelliteworkshops/codeql)@GitHub Satellite Workshops\n- [ ] [《CodeQL 寻找 JNDI利用 Lookup接口》](https://github.com/SummerSec/LookupInterface)@SummerSec\n- [ ] ~~[《CodeQL中文入门教程》](https://github.com/Cl0udG0d/codeqlCnLearn)@Cl0udG0d~~\n- [ ] https://github.com/haby0/mark\n- [ ] https://github.com/johnjohncom/webinar-2021sep-codeql2\n- [ ] https://github.com/githubsatelliteworkshops/codeql-cpp\n- [ ] https://github.com/pwntester/codeql_grehack_workshop\n- [ ] https://github.com/haby0/sec-note\n\n三、视频资源\n- [ ] [《CodeQL合集》](https://www.bilibili.com/video/BV1TL411L7ha)\n- [ ] [《使用 CodeQL 挖掘 Java 应用漏洞》](https://www.bilibili.com/video/BV153411r7HW)\n- [ ] [《Discover vulnerabilities with CodeQL》](https://www.bugbounty-videos.com/discover-vulnerabilities-with-codeql/)@admin4571\n- [ ] https://www.youtube.com/watch?v=y_-pIbsr7jc\n- [ ] https://www.youtube.com/watch?v=G_yDbouY0tM\n\n四、学术刊物\n- https://codeql.github.com/publications\n\n五、其他资源\n- 先知\n- [x] https://xz.aliyun.com/search?keyword=Codeql\n- [ ] [CodeQL 提升篇](https://xz.aliyun.com/t/10852)@Ironf4\n- [ ] https://xz.aliyun.com/t/7789\n- [ ] https://xz.aliyun.com/t/10829\n- [ ] https://xz.aliyun.com/t/10756\n- [ ] https://xz.aliyun.com/t/10755\n- [ ] https://xz.aliyun.com/t/10707\n- [ ] https://xz.aliyun.com/t/10046\n- [ ] https://xz.aliyun.com/t/9275\n- [ ] https://xz.aliyun.com/t/7979\n- [ ] https://xz.aliyun.com/t/7657\n- 跳跳糖\n- [x] https://tttang.com/?keyword=codeql\n- [ ] https://tttang.com/archive/1511\n- [ ] https://tttang.com/archive/1512\n- [ ] https://tttang.com/archive/1322\n- [ ] https://tttang.com/archive/1353\n- [ ] https://tttang.com/archive/1415\n- [ ] https://tttang.com/archive/1378\n- [ ] https://tttang.com/archive/1314\n- [ ] https://tttang.com/archive/1497\n- [ ] https://tttang.com/archive/1570\n- [ ] https://tttang.com/archive/1660\n- [ ] https://tttang.com/archive/1704\n- 安全客\n- [x] https://www.anquanke.com/search?s=codeql\n- [ ] https://www.anquanke.com/post/id/266823\n- [ ] https://www.anquanke.com/post/id/157583\n- [ ] https://www.anquanke.com/post/id/212305\n- [ ] https://www.anquanke.com/post/id/193171\n- [ ] https://www.anquanke.com/post/id/266824\n- 知乎\n- [ ] https://www.zhihu.com/search?type=content\u0026q=codeql\n- [ ] https://zhuanlan.zhihu.com/p/354275826\n- [ ] https://zhuanlan.zhihu.com/p/137569940\n- [ ] https://zhuanlan.zhihu.com/p/479431942\n- [ ] https://zhuanlan.zhihu.com/p/451369565\n- [ ] https://zhuanlan.zhihu.com/p/92769710\n- [ ] https://zhuanlan.zhihu.com/p/463665699\n- [ ] https://zhuanlan.zhihu.com/p/451364774\n- [ ] https://zhuanlan.zhihu.com/p/466504018\n- [ ] https://zhuanlan.zhihu.com/p/448538180\n- [ ] https://zhuanlan.zhihu.com/p/475499290\n- [ ] https://zhuanlan.zhihu.com/p/466932373\n- 微信\n- [ ] https://mp.weixin.qq.com/s/jVZ3Op8FYBmiFAV3p0li3w\n- [ ] https://mp.weixin.qq.com/s/KQso2nvWx737smunUHwXag\n- [ ] https://mp.weixin.qq.com/s/sAUSgRAohFlmzwSkkWjp9Q\n- [ ] https://mp.weixin.qq.com/s/3mlRedFwPz31Rwe7VDBAuA\n- [ ] https://mp.weixin.qq.com/s/zSI157qJXYivSvyxHzXALQ\n- [ ] https://mp.weixin.qq.com/s/Rqo12z9mapwlj6wGHZ1zZA\n- [ ] https://mp.weixin.qq.com/s/DW0PJfRC0LtMOYx1CQPWpA\n- [ ] https://mp.weixin.qq.com/s/mDWqyw5aRxBnW4Sewt9sLQ\n- Freebuf\n- [x] https://search.freebuf.com/search/?search=codeql#article\n- [ ] https://www.freebuf.com/articles/web/283795.html\n- [ ] https://www.freebuf.com/articles/network/316551.html\n- [ ] https://www.freebuf.com/sectool/291916.html\n- [ ] https://wiki.freebuf.com/detail?wiki=106\u0026post=319285\n- Github\n- [ ] https://github.com/l3yx/Choccy\n- [ ] https://github.com/Semmle/SecurityQueries\n- [ ] https://github.com/artem-smotrakov/ql-fun\n- [ ] https://github.com/s0/language-ql\n- [ ] https://github.com/pwntester/codeql-cs-template\n- [ ] https://github.com/ghas-bootcamp/ghas-bootcamp\n- [ ] https://github.com/zbazztian/codeql-inject\n- [ ] https://github.com/zbazztian/codeql-tools\n- [ ] https://github.com/JLLeitschuh/lgtm_hack_scripts\n- [ ] https://github.com/silentsignal/jms-codeql\n- [ ] https://github.com/Marcono1234/codeql-jdk-docker\n- [ ] https://github.com/j3ssie/codeql-docker\n- [ ] https://github.com/microsoft/codeql-container\n- [ ] https://github.com/zbazztian/codeql-debug\n- [ ] https://github.com/dsp-testing/codeql-action\n- [ ] https://github.com/uainc/codeql-example-01\n- [ ] https://github.com/advanced-security/custom-codeql-bundle\n- [ ] https://github.com/iflody/codeql-workshop\n- [ ] https://github.com/dassencio/parallel-code-scanning\n- [ ] https://github.com/advanced-security/codeql-basics\n- [ ] https://github.com/vchekan/CodeQL\n- [ ] https://github.com/ThibaudLopez/GHAS\n- [ ] https://github.com/synacktiv/QLinspector\n- [ ] https://github.com/advanced-security/codeql-workshop-2021-learning-journey\n- Medium\n- [ ] [《The journey of CodeQL》 ](https://medium.com/@qazbnm456/the-journey-of-codeql-part-1-cc4c6f3c610a)@Boik Su\n- [ ] [《CodeQL thần chưởng》](https://testbnull.medium.com/codeql-th%E1%BA%A7n-ch%C6%B0%E1%BB%9Fng-part-1-544a2b0df9d7)@Jang\n- [ ] [Hunting for XSS with CodeQL](https://medium.com/codex/hunting-for-xss-with-codeql-57f70763b938)@Daniel Santos\n- [ ] [Detect dangerous RMI objects with CodeQL](https://medium.com/geekculture/detecting-dangerous-rmi-objects-with-codeql-33e03686921f)@Artem Smotrakov\n- [ ] [About the CodeQL for research](https://medium.com/@lalida_a/about-the-codeql-for-research-c0686053337a)@Lalida Aramrueng\n- [ ] [Detecting Jackson deserialization vulnerabilities with CodeQL](https://medium.com/geekculture/detecting-jackson-deserialization-vulnerabilities-with-codeql-8ec6353c5cc6)@Artem Smotrakov\n- [ ] [Using CodeQL to detect client-side vulnerabilities in web applications](https://medium.com/@theRaz0r/using-codeql-to-detect-client-side-vulnerabilities-in-web-applications-1f4e4c773433)@Arseny Reutov\n- 其他博客\n- [ ] https://bestwing.me/codeql.html\n- [ ] https://lfysec.top/2020/06/03/CodeQL%E7%AC%94%E8%AE%B0/\n- [ ] https://docs.microsoft.com/zh-cn/windows-hardware/drivers/devtest/static-tools-and-codeql\n- [ ] https://codeantenna.com/a/fnmZS3Qg4F\n- [ ] https://www.cnblogs.com/goodhacker/p/\n- [ ] https://geekmasher.dev/posts/sast/codeql-introduction\n- [ ] http://blog.gamous.cn/post/codeql\n- [ ] https://www.cnblogs.com/goodhacker/p/13583650.html\n- [ ] https://yourbutterfly.github.io/note-site/module/semmle-ql/codeql\n- [ ] https://fynch3r.github.io/tags/CodeQL\n- [ ] https://blog.ycdxsb.cn/categories/research/codeql\n- [ ] https://cloud.tencent.com/developer/article/1645870\n- [ ] https://jorgectf.github.io/blog/post/practical-codeql-introduction\n- [ ] https://www.slideshare.net/shabgrd/semmle-codeql\n- [ ] https://blog.szfszf.top/article/59\n- [ ] https://firebasky.github.io/2022/03/22/Codeql-excavate-Java-quadratic-deserialization\n- [ ] https://www.synacktiv.com/en/publications/finding-gadgets-like-its-2022.html\n- [ ] https://github.com/waderwu/extractor-java\n- [ ] https://github.com/zbazztian/codeql-tools\n- [ ] https://paper.seebug.org/1921\n- [ ] https://github.com/webraybtl/codeQlpy\n\n## 02-CodeQL基础\n\n 本章节介绍CodeQL的基础用法及设计思路实现原理等！\n\n- AST、source、sink、\n- CodeQL的处理对象并不是源码本身，而是中间生成的AST结构数据库，所以我们先需要把我们的项目源码转换成CodeQL能够识别的CodeDatabase。\n- 1、创建数据库。2、对数据库进行查找。3、分析查询结果发现漏洞\n- Engine、Database、Queries\n- AutoBuilder、extractor、trap、逻辑谓词、连接词、逻辑连接词、predicate\n- CodeQL的缺点？不能直接通过打包好的程序进行代码审计。\n\n一、CodeQL安装\n\n二、CodeQL语法\n- https://github.com/semmle/ql\n\n三、CodeQL数据库\n- https://github.com/waderwu/extractor-java\n- https://lgtm.com/help/lgtm/generate-database\n- 生成数据库之前，需要先保证被分析程序可以正常跑起来。\n- 创建数据库\n  - codeql database create java-db --language=java\n  - codeql database create java-db --language=java --command='mvn clean install'\n  - codeql database create cpp-database --language=cpp --command=make\n  - codeql database create csharp-database --language=csharp --command='dotnet build /t:rebuild\n  - codeql database create csharp-database --language=csharp --command='dotnet build /p:UseSharedCompilation=false /t:rebuild'\n  - codeql database create java-database --language=java --command='gradle clean test'\n  - codeql database create java-database --language=java --command='mvn clean install'\n  - codeql database create java-database --language=java --command='ant -f build.xml'\n  - codeql database create new-database --language=java --command='./scripts/build.sh'\n- 分析数据库\n  - codeql database analyze java-db CWE-020.ql --format=csv --output=result.csv\n\n## 03-CodeQL语言\n\n本章节介绍QL语言的语法规则，包括优秀规则等内容。CodeQL为王，规则为先！\n\n一、基础语法\n\n二、规则编写\n- Java\n- C#\n- Go\n\n三、官方规则\n\n四、优秀规则\n- [ ] [《My CodeQL queries collection》](https://github.com/cldrn/codeql-queries)@cldrn\n- [ ] https://github.com/cor0ps/codeql\n- [ ] https://github.com/GeekMasher/security-queries\n- [ ] https://github.com/Marcono1234/codeql-java-queries\n- [ ] https://github.com/imagemlt/myQLrules\n- [ ] https://github.com/advanced-security/codeql-queries\n- [ ] https://github.com/jenkins-infra/jenkins-codeql\n- [ ] https://github.com/ice-doom/CodeQLRule\n- [ ] https://github.com/zbazztian/codeql-queries\n\n## 04-CodeQL进阶\n\n本章节是针对不同的开发语言进行CodeQL扫描的例子，本章节待整理。\n\n一、Java安全分析\n- https://codeql.github.com/codeql-query-help/java\n- https://codeql.github.com/codeql-standard-libraries/java\n- https://lgtm.com/search?q=language%3Ajava\u0026t=rules\n- [ ] https://github.com/msrkp/codeql_for_gadgets\n- [ ] https://github.com/chaimu100/java-test-for-codeql\n- [ ] https://github.com/synacktiv/QLinspector\n\n二、C#安全分析\n- https://codeql.github.com/codeql-query-help/csharp/\n- [ ] https://lgtm.com/search?q=language%3Acsharp\u0026t=projects\n\n三、Golang安全分析\n- https://codeql.github.com/codeql-query-help/go/\n- https://lgtm.com/search?q=language%3Ago\u0026t=rules\n- [ ] https://lgtm.com/search?q=language%3Ago\u0026t=projects\n- [ ] https://codeql.github.com/codeql-standard-libraries/go\n- [ ] https://github.com/github/codeql-ctf-go-return\n- [ ] https://github.com/gagliardetto/codemill\n- [ ] http://f4bb1t.com/post/2020/12/16/codeql-for-golang-practise3\n- [ ] https://www.freebuf.com/articles/web/253491.html\n\n四、Python\n- https://codeql.github.com/codeql-query-help/python/\n- [ ] https://github.com/10thmagnitude/custom-codeql-python\n- [ ] https://github.com/AlexAltea/codeql-python\n\n五、C++安全分析\n- [ ] https://github.com/trailofbits/itergator\n- [ ] https://github.com/0xcpu/codeql-uboot\n- [ ] https://github.com/RadCet/CodeQL\n\n六、Ruby\n- https://github.com/agius/codeql_ruby\n\n七、CodeQL工具\n- [x] https://github.com/ZhuriLab/Yi\n- [ ] https://github.com/ice-doom/codeql_compile\n- [x] https://github.com/hudangwei/codemillx\n- [ ] https://github.com/gagliardetto/codemill\n- [ ] https://github.com/pwntester/codeql.nvim\n- [ ] https://github.com/gagliardetto/codebox\n\n## 05-CodeQL案例\n\n本章节介绍CodeQL的具体使用案例，包括自己通过CodeQL挖掘的漏洞等内容。\n\n一、大型应用分析\n- 分析Shiro\n  - https://www.anquanke.com/post/id/256967\n- 分析Fastjson\n  - https://xz.aliyun.com/t/7482\n  - https://www.buaq.net/go-98696.html\n  - https://www.anquanke.com/post/id/281733\n- 分析Log4j\n  - https://www.anquanke.com/post/id/255721\n  - https://www.freebuf.com/articles/web/318141.html\n  - https://mp.weixin.qq.com/s/JYco8DysQNszMohH6zJEGw\n- 分析Dubbo\n  - https://github.com/github/codeql-dubbo-workshop\n  - https://mp.weixin.qq.com/s/B-uhbd5FApxSXnjPEFzArQ\n  - https://securitylab.github.com/research/apache-dubbo\n- 分析kylin\n  - https://xz.aliyun.com/t/8240\n- 分析grafana\n  - https://xz.aliyun.com/t/10648\n  - [用codeql分析grafana最新任意文件读取](https://github.com/safe6Sec/codeql-grafana)\n- 分析Hadoop\n  - https://mp.weixin.qq.com/s/CyhWw4t8LdGhCpixacb6Xg\n- 分析Struts2\n  - https://www.anquanke.com/post/id/157583\n\n二、代码审计案例\n- https://www.anquanke.com/post/id/203674\n- https://www.jianshu.com/p/99942852a3aa\n- https://www.anquanke.com/post/id/202987\n- https://mp.weixin.qq.com/s/LmOFGAhqAKiO8VDQW4vvLg\n- https://github.com/hac425xxx/codeql-snippets\n- https://github.com/elManto/StaticAnalysisQueries\n\n## 06-CodeQL参考\n\n- https://github.com/ASTTeam/CodeQL\n- https://github.com/pwntester\n- [微信公众号：xsser的博客](https://mp.weixin.qq.com/mp/profile_ext?action=home\u0026__biz=MzA4NzA5OTYzNw==\u0026scene=123#wechat_redirect)\n- [微信公众号：楼兰学习网络安全](https://mp.weixin.qq.com/s/7wJKMVyc36U-PciZGmjrcg)\n\n## Stargazers\n\n[![Stargazers @ASTTeam/CodeQL](https://reporoster.com/stars/ASTTeam/CodeQL)](https://github.com/ASTTeam/CodeQL/stargazers)\n\n## Forkers\n\n[![Forkers @ASTTeam/CodeQL](https://reporoster.com/forks/ASTTeam/CodeQL)](https://github.com/ASTTeam/CodeQL/network/members)\n\n![](01-CodeQL资源/TEMP/wx.png)\n\n[![Stargazers over time](https://starchart.cc/ASTTeam/CodeQL.svg)](https://starchart.cc/ASTTeam/CodeQL)\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fastteam%2Fcodeql","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fastteam%2Fcodeql","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fastteam%2Fcodeql/lists"}