[codeql-go] I made a tool to generate taint-tracking models and their test code #198

gagliardetto · 2020-11-03T18:02:02Z

gagliardetto
Nov 3, 2020

What I made

I made a tool to speed up the creation of CodeQL taint-tracking models for Go: Codebox

It works like this: you select the flow of data in a web-based UI, and the tool generates the CodeQL taint-tracking models and the Go code to test those models.

Here's what the interface looks like:

When you close codebox, it generates your CodeQL and Go files in your specified directory.

Recently, I updated it to work with the official "Go Module Mirror" (proxy.golang.org) so that

you can analyze any Go package without having it already locally available on your system, and
you can analyze a specific version of a package, or just go with @latest.

What I used it for

See #187

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[codeql-go] I made a tool to generate taint-tracking models and their test code #198

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 0 comments

Select a reply

Uh oh!

[codeql-go] I made a tool to generate taint-tracking models and their test code #198

Uh oh!

Uh oh!

gagliardetto Nov 3, 2020

What I made

What I used it for

Replies: 0 comments

gagliardetto
Nov 3, 2020