{"id":13841700,"url":"https://github.com/ice-doom/CodeQLRule","last_synced_at":"2025-07-11T13:32:03.039Z","repository":{"id":49389925,"uuid":"474915737","full_name":"ice-doom/CodeQLRule","owner":"ice-doom","description":"个人使用CodeQL编写的一些规则","archived":false,"fork":false,"pushed_at":"2022-03-30T16:08:29.000Z","size":52,"stargazers_count":167,"open_issues_count":0,"forks_count":21,"subscribers_count":3,"default_branch":"main","last_synced_at":"2024-08-05T17:28:56.964Z","etag":null,"topics":["codeql","codeql-queries"],"latest_commit_sha":null,"homepage":"","language":"CodeQL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ice-doom.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-03-28T08:39:27.000Z","updated_at":"2024-07-24T02:38:27.000Z","dependencies_parsed_at":"2022-08-27T08:52:53.621Z","dependency_job_id":null,"html_url":"https://github.com/ice-doom/CodeQLRule","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ice-doom%2FCodeQLRule","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ice-doom%2FCodeQLRule/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ice-doom%2FCodeQLRule/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ice-doom%2FCodeQLRule/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ice-doom","download_url":"https://codeload.github.com/ice-doom/CodeQLRule/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225729624,"owners_count":17515146,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["codeql","codeql-queries"],"created_at":"2024-08-04T17:01:18.718Z","updated_at":"2024-11-21T12:30:17.469Z","avatar_url":"https://github.com/ice-doom.png","language":"CodeQL","readme":"# CodeQLRule\n个人使用CodeQL编写的一些规则\n\n## ApplicationRoutes\n\n查询应用的路由信息\n\n### SpringMVC\n\n相关细节可以阅读：[CodeQL 提升篇之路由收集](https://tttang.com/archive/1512/)\n\n![SpringMVC](https://user-images.githubusercontent.com/25363717/160372489-33bd5928-9d4a-4e6d-a42f-74aec3e24e0d.png)\n\n#### 脚本处理\n\n```py\n$ python SpringMVCMapping.py -h\nusage: SpringMVCMapping.py [-h] [-r REQ] [-f FILE] [-p PROXY] [-a {0,1}]\n\noptional arguments:\n  -h, --help            show this help message and exit\n  -r REQ, --req REQ     输入请求目标地址，默认为http://127.0.0.1\n  -f FILE, --file FILE  存放路由的文件名，文件需存放在脚本相同目录中\n  -p PROXY, --proxy PROXY\n                        输入请求代理地址\n  -a {0,1}, --action {0,1}\n                        0表示保存文件默认生成在当前目录中，1表示直接发送请求。默认为0\n\nExample:\npython3 SpringMVCMapping.py -r http://sample.com/ -f route.txt -a 0\npython3 SpringMVCMapping.py -r http://sample.com/ -f route.txt -a 1\npython3 SpringMVCMapping.py -r http://sample.com/ -p http://127.0.0.1:8080 -f route.txt -a 1\n```\n\n选择保存在本地则会生成以**host+\\_RoutesSave\\_+时间戳**命名的文本\n![image](https://user-images.githubusercontent.com/25363717/160879538-b1c8dac1-f122-41e9-aa1a-432ec3a253c3.png)\n\n\n\n#### TODO\n\n- [ ] python工具脚本完成：codeql查询结果再进行处理包括本地保存处理后的内容、自动发送请求至目标\n- [ ] `Mapping`注解中使用`headers`表示需要带上的header头\n- [ ] `GetMapping`注解中使用`produces`表示Context-Type类型，可能需要添加该项\n- [ ] `Mapping`注解中设置了`params`表示需要带上的参数名，可以没有值\n- [ ] Date类型目前只考虑了`@DateTimeFormat(iso=ISO.DATE)`\n- [ ] Entity类中实现`PathVariable`\n    RESTful风格，在Entity类中绑定参数，\n    ```java\n    @GetMapping(\"dataBinding/{foo}/{fruit}\")\n    public String dataBinding(@Valid JavaBean javaBean, Model model){}\n    ```\n- [ ] RESTful风格，使用`PathVariable`等注解，目前可能存在问题，而且导致代码量较大，后期可能去除该项，直接取注解等信息然后通过Python额外处理\n- [ ] 参数存在`@Valid`注解对参数进行校验，将该类中在字段的注解定义了规范\n- [ ] 参数类型为`Map`则需要找到`Map.get`获取参数值的地方获取参数名（优先处理完成该项）\n- [ ] setter和构造函数传入参数和字段名不一致情况，是否需要考虑\n- [ ] 当接口的方法中使用`Mapping`等注解配置好，其实现类中再重写相应的方法，这种情况下实现类没有任何注解则需要额外考虑这种情况\n- [ ] 是否可以适用Struts2\n\n\n\n\n\n","funding_links":[],"categories":["CodeQL"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fice-doom%2FCodeQLRule","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fice-doom%2FCodeQLRule","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fice-doom%2FCodeQLRule/lists"}