{"id":16353680,"url":"https://github.com/gagliardetto/codebox","last_synced_at":"2025-08-24T19:39:59.221Z","repository":{"id":42652665,"uuid":"264975478","full_name":"gagliardetto/codebox","owner":"gagliardetto","description":"Generate CodeQL taint-tracking models for Go (along with tests) in a graphical UI ","archived":false,"fork":false,"pushed_at":"2023-05-05T02:28:54.000Z","size":873,"stargazers_count":20,"open_issues_count":2,"forks_count":2,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-03-01T20:03:53.899Z","etag":null,"topics":["codeql","codeql-taint-tracking","generate-code","golang"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/gagliardetto.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-05-18T15:07:01.000Z","updated_at":"2023-08-17T15:23:38.000Z","dependencies_parsed_at":"2024-06-19T09:16:48.199Z","dependency_job_id":"1c8af753-7462-4884-b163-922337060cef","html_url":"https://github.com/gagliardetto/codebox","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gagliardetto%2Fcodebox","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gagliardetto%2Fcodebox/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gagliardetto%2Fcodebox/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gagliardetto%2Fcodebox/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/gagliardetto","download_url":"https://codeload.github.com/gagliardetto/codebox/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244257251,"owners_count":20424131,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["codeql","codeql-taint-tracking","generate-code","golang"],"created_at":"2024-10-11T01:30:11.889Z","updated_at":"2025-03-23T01:31:03.993Z","avatar_url":"https://github.com/gagliardetto.png","language":"JavaScript","readme":"**Summary**: Codebox is a **graphical tool** that helps to **create taint-tracking models** for **Go** functions/methods/interfaces.\n\nYou specify the **taint logic** in a graphical (**web**) interface, and it **generates CodeQL taint-tracking models** along with Go scenario **test cases** for those models.\n\n![codebox_screenshot](https://user-images.githubusercontent.com/15271561/86345187-e2bc5900-bc63-11ea-95e5-5f5e63e7040f.png)\n\n# Example\n\nThe `codebox` tool was created to expand the **taint-tracking models** of [codeql-go](https://github.com/github/codeql-go) (the official CodeQL extractor and libraries for Go.)\n\nYou can find below all the models and tests that were generated by `codebox` and then merged into the [codeql-go](https://github.com/github/codeql-go) repo:\n - Taint-tracking models: https://github.com/github/codeql-go/tree/main/ql/src/semmle/go/frameworks/stdlib\n - Tests: https://github.com/github/codeql-go/tree/main/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow\n - Imports: https://github.com/github/codeql-go/blob/main/ql/src/semmle/go/frameworks/Stdlib.qll#L6-L65\n - More about the goal: https://github.com/github/securitylab/issues/187\n\nNOTE: The `codebox` tool and its author have no affiliation with GitHub/Semmle.\n\n# How it works\n\n```bash\n# - go get\ngo get github.com/gagliardetto/codebox\n\n# - Enter the codebox folder:\ncd $GOPATH/src/github.com/gagliardetto/codebox\n\n# - Compile and install the binary:\nmake\n\n# - Spin up the graphical tool http server for e.g. the \"io\" package.\n# NOTE: You still need to be inside $GOPATH/src/github.com/gagliardetto/codebox (to be able to access static assets)\n# NOTE: You need to have Go installed to be able to analyze standard library packages.\n# NOTE: The --pkg flag can either be \u003cpackage\u003e (defaults to latest version), or \u003cpackage\u003e@\u003cversion\u003e;\n# e.g. github.com/gin-gonic/gin@latest\n# e.g. github.com/gin-gonic/gin@v1.6.2\n# NOTE: There might be some issues with some packages or modules.\n# NOTE: The --out-dir flag is the folder where all the generated files will go.\ncodebox --out-dir=./generated/compressed --pkg=net/http --stub --http\n\n# - Open the UI in the browser:\nchrome http://127.0.0.1:8080/\n\n# - Now that you see the UI in the browser, complete the taint-tracking logic\n# and when you're done, close the server program you started in the terminal\n# with a CTRL-C.\n# You will find the generated codeql and golang files inside ./generated/compressed\n\n# NOTE: if you only want to regenerate the code without starting the server,\n# then you need to remove the --http flag:\ncodebox --out-dir=./generated/compressed --pkg=net/http --stub\n```\n\n# Helpful commands for batch processing\n\n```bash\n# Move all files from child directories to parent directory:\n# find . -mindepth 2 -type f -name \"*.go\" -print -exec mv {} . \\;\n# find . -mindepth 2 -type f -name \"*.qll\" -print -exec mv {} . \\;\n find . -mindepth 2 -type f -print -exec mv {} . \\;\n\n#for f in *.qll; do printf '%s\\n' \"${f%.qll}TaintTracking.qll\"; done\n\nrename 's/\\.qll$/TaintTracking.qll/' *.qll\n\n# format a codeql file:\ncodeql query format -qq -i file.qll\n\n# format all codeql files:\n\n echo ~/.config/Code/User/globalStorage/github.vscode-codeql/distribution*/codeql/codeql\n find . -type f -name \"*.ql\" -or -name \"*.qll\" -exec ~/.config/Code/User/globalStorage/github.vscode-codeql/distribution12/codeql/codeql query format -qq -i {} ';' -print\n\n find . -type f -name \"*.ql\" -or -name \"*.qll\" | while read cqlFile; do echo $cqlFile \u0026\u0026 codeql query format -qq -i $cqlFile; done\n\n\n```\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgagliardetto%2Fcodebox","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgagliardetto%2Fcodebox","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgagliardetto%2Fcodebox/lists"}