{"id":7846,"date":"2023-11-01T18:13:02","date_gmt":"2023-11-01T09:13:02","guid":{"rendered":"\/blog\/?p=7846"},"modified":"2023-11-01T18:19:41","modified_gmt":"2023-11-01T09:19:41","slug":"github-codeql-%ed%85%8c%ec%8a%a4%ed%8a%b8","status":"publish","type":"post","link":"https:\/\/hasu0707.duckdns.org\/blog\/?p=7846","title":{"rendered":"GitHub CodeQL \ud14c\uc2a4\ud2b8"},"content":{"rendered":"\n<p><span style=\"font-family: \uad74\ub9bc\uccb4; font-size: 14px;\">\u25a0\uac1c\uc694<\/span><br><span style=\"font-family: \uad74\ub9bc\uccb4; font-size: 14px;\">&nbsp; CodeQL\uc740 GitHub \ubcf4\uc548\uae30\ub2a5 \uc911 \ud558\ub098\ub85c \uac1c\ubc1c\uc790\uac00 \ubcf4\uc548 \uac80\uc0ac\ub97c \uc790\ub3d9\ud654\ud558\uace0 \ucde8\uc57d\uc810 \uc9c4\ub2e8\uc744 \uc218\ud589\ud558\ub294\ub370 \uc0ac\uc6a9\ub418\ub294 \ubd84\uc11d\uc5d4\uc9c4\uc774\ub2e4.<\/span><br><span style=\"font-family: \uad74\ub9bc\uccb4; font-size: 14px;\">&nbsp; CodeQL\uc740 \uc18c\uc2a4\ucf54\ub4dc \ucef4\ud30c\uc77c\uc744 \ubaa8\ub2c8\ud130\ub9c1\ud558\uc5ec \uc18c\uc2a4\ucf54\ub4dc \ub0b4 \ub370\uc774\ud130 \ud750\ub984\uc774\ub098 \ubcc0\uc218\ub4f1\uc744 \uc790\uccb4 DB\uc5d0 \uc800\uc7a5\ud558\uace0, \uc804\uc6a9 \ucffc\ub9ac\ubb38\uc744 \ud1b5\ud574 DB\uc5d0\uc11c \uc6d0\ud558\ub294 \uacb0\uacfc\ub97c \ub3c4\ucd9c \ud560 \uc218 \uc788\ub2e4.<\/span><\/p>\n<p><span style=\"font-family: \uad74\ub9bc\uccb4; font-size: 14px;\">\u25a0\uad00\ub828 \ub9c1\ud06c<\/span><br><span style=\"font-family: \uad74\ub9bc\uccb4; font-size: 14px;\">&nbsp; https:\/\/codeql.github.com\/docs\/codeql-overview\/<\/span><br><span style=\"font-family: \uad74\ub9bc\uccb4; font-size: 14px;\">&nbsp; https:\/\/codeql.github.com\/docs\/codeql-language-guides\/codeql-for-cpp\/<\/span><br><span style=\"font-family: \uad74\ub9bc\uccb4; font-size: 14px;\">&nbsp; https:\/\/dev.to\/aws-builders\/find-source-code-vulnerabilities-with-codeql-before-you-commit-2hof<\/span><br><span style=\"font-family: \uad74\ub9bc\uccb4; font-size: 14px;\">&nbsp; https:\/\/github.com\/github\/codeql-cli-binaries\/releases<\/span><\/p>\n<p><span style=\"font-family: \uad74\ub9bc\uccb4; font-size: 14px;\">\u25a0\ub77c\uc774\uc120\uc2a4<\/span><br><span style=\"font-family: \uad74\ub9bc\uccb4; font-size: 14px;\">&nbsp; 1. \ud559\ubb38\uc801 \uc5f0\uad6c \ub610\ub294 \uac1c\uc778 \uc0ac\uc6a9 \uac00\ub2a5<\/span><br><span style=\"font-family: \uad74\ub9bc\uccb4; font-size: 14px;\">&nbsp; 2. GitHub.com\uc5d0 \ub4f1\uc7ac\ub41c \uc624\ud508 \uc18c\uc2a4 \uac00\ub2a5<\/span><br><span style=\"font-family: \uad74\ub9bc\uccb4; font-size: 14px;\">&nbsp; 3. GitHub Advanced Security \ub77c\uc774\uc120\uc2a4\ub97c \uad6c\ub9e4\ud55c \uc720\ub8cc \uace0\uac1d \uc0ac\uc6a9 \uac00\ub2a5<\/span><br><span style=\"font-family: \uad74\ub9bc\uccb4; font-size: 14px;\">&nbsp; \uadf8 \uc678 \uc0ac\uc6a9 \uae08\uc9c0.<\/span><\/p>\n<p><span style=\"font-family: \uad74\ub9bc\uccb4; font-size: 14px;\">\u25a0\uc9c0\uc6d0 \uc5b8\uc5b4<\/span><br><span style=\"font-family: \uad74\ub9bc\uccb4; font-size: 14px;\">&nbsp; c++, c#, csv, go, html, java, javascript, properties, python, ruby, swift, xml, yaml<\/span><\/p>\n<p><span style=\"font-family: \uad74\ub9bc\uccb4; font-size: 14px;\">\u25a0\uc124\uce58<\/span><br><span style=\"font-family: \uad74\ub9bc\uccb4; font-size: 14px;\">&nbsp; 1. CodeQL CLI\uc6a9 \ubc14\uc774\ub108\ub9ac \ub2e4\uc6b4\ub85c\ub4dc (https:\/\/github.com\/github\/codeql-cli-binaries\/releases)<\/span><br><span style=\"font-family: \uad74\ub9bc\uccb4; font-size: 14px;\">&nbsp; 2. \uc124\uce58 (codeql \uc2e4\ud589\ud30c\uc77c \uacbd\ub85c\ub97c PATH \ud658\uacbd \ubcc0\uc218\uc5d0 \ucd94\uac00)<\/span><\/p>\n<p><span style=\"font-family: \uad74\ub9bc\uccb4; font-size: 14px;\">\u25a0\ud14c\uc2a4\ud2b8<\/span><br><span style=\"font-family: \uad74\ub9bc\uccb4; font-size: 14px;\">&nbsp; 1. \uc900\ube44\ubb3c<\/span><br><span style=\"font-family: \uad74\ub9bc\uccb4; font-size: 14px;\">&nbsp; &nbsp; webgoat \uc18c\uc2a4\ucf54\ub4dc, CodeQL, ant, java 1.8<\/span><\/p>\n<p><span style=\"font-family: \uad74\ub9bc\uccb4; font-size: 14px;\">&nbsp; 2. webgoat \uc18c\uc2a4\ucf54\ub4dc \ucef4\ud30c\uc77c \uc900\ube44<\/span><br><span style=\"font-family: \uad74\ub9bc\uccb4; font-size: 14px;\">&nbsp; &nbsp; # build.xml javac \ud56d\ubaa9\uc5d0 encoding=\"ISO-8859-1\" \ucd94\uac00<\/span><br><span style=\"font-family: \uad74\ub9bc\uccb4; font-size: 14px;\">&nbsp; &nbsp; &nbsp; &lt;javac srcdir=\"${src.home}\"<\/span><br><span style=\"font-family: \uad74\ub9bc\uccb4; font-size: 14px;\">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; destdir=\"${build.home}\/WEB-INF\/classes\"<\/span><br><span style=\"font-family: \uad74\ub9bc\uccb4; font-size: 14px;\">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; debug=\"${compile.debug}\"<\/span><br><span style=\"font-family: \uad74\ub9bc\uccb4; font-size: 14px;\">&nbsp; &nbsp; &nbsp; &nbsp; deprecation=\"${compile.deprecation}\"<\/span><br><span style=\"font-family: \uad74\ub9bc\uccb4; font-size: 14px;\">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;optimize=\"${compile.optimize}\"<\/span><br><span style=\"font-family: \uad74\ub9bc\uccb4; font-size: 14px;\">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;encoding=\"ISO-8859-1\"&gt;<\/span><\/p>\n<p><span style=\"font-family: \uad74\ub9bc\uccb4; font-size: 14px;\">&nbsp; 3. \uc9c0\uc6d0 \uc5b8\uc5b4 \ud655\uc778<\/span><br><span style=\"font-family: \uad74\ub9bc\uccb4; font-size: 14px;\">&nbsp; &nbsp; codeql resolve languages<\/span><\/p>\n<p><span style=\"font-family: \uad74\ub9bc\uccb4; font-size: 14px;\">&nbsp; 4. Java \uc5b8\uc5b4 \ucffc\ub9ac\ubb38 \ub2e4\uc6b4\ub85c\ub4dc \ubc0f \uc124\uce58<\/span><br><span style=\"font-family: \uad74\ub9bc\uccb4; font-size: 14px;\">&nbsp; &nbsp; codeql pack download codeql\/java-queries<\/span><\/p>\n<p><span style=\"font-family: \uad74\ub9bc\uccb4; font-size: 14px;\">&nbsp; 5. \ucef4\ud30c\uc77c\uc744 \ud558\uba70 \ub370\uc774\ud130\ubca0\uc774\uc2a4 \uc0dd\uc131<\/span><br><span style=\"font-family: \uad74\ub9bc\uccb4; font-size: 14px;\">&nbsp; &nbsp; \u203b\uc774 \uacfc\uc815\uc740 Fortify SCA\uac00 MBS\ub97c \uc0dd\uc131\ud558\ub294 \uacfc\uc815\uc73c\ub85c \uc774\ud574.<\/span><br><span style=\"font-family: \uad74\ub9bc\uccb4; font-size: 14px;\">&nbsp; &nbsp; # DB \ub514\ub809\ud1a0\ub9ac \uc0dd\uc131<\/span><br><span style=\"font-family: \uad74\ub9bc\uccb4; font-size: 14px;\">&nbsp; &nbsp; &nbsp; rmdir \/s \/q d:\\0_tmp\\codeql-dbs<\/span><br><span style=\"font-family: \uad74\ub9bc\uccb4; font-size: 14px;\">&nbsp; &nbsp; &nbsp; mkdir d:\\0_tmp\\codeql-dbs\\webgoat<\/span><\/p>\n<p><span style=\"font-family: \uad74\ub9bc\uccb4; font-size: 14px;\">&nbsp; &nbsp; # \uc18c\uc2a4\ucf54\ub4dc \ub514\ub809\ud1a0\ub9ac\ub85c \uc774\ub3d9<\/span><br><span style=\"font-family: \uad74\ub9bc\uccb4; font-size: 14px;\">&nbsp; &nbsp; &nbsp; cd \/d d:\\0_tmp\\webgoat1<\/span><\/p>\n<p><span style=\"font-family: \uad74\ub9bc\uccb4; font-size: 14px;\">&nbsp; &nbsp; # ant clean \ud6c4 \ucef4\ud30c\uc77c \uc2e4\ud589<\/span><br><span style=\"font-family: \uad74\ub9bc\uccb4; font-size: 14px;\">&nbsp; &nbsp; &nbsp; ant clean<\/span><br><span style=\"font-family: \uad74\ub9bc\uccb4; font-size: 14px;\">&nbsp; &nbsp; &nbsp; codeql database create d:\\0_tmp\\codeql-dbs\\webgoat --overwrite --language=java --command=\"ant -buildfile build.xml\"<\/span><br><span style=\"font-family: \uad74\ub9bc\uccb4; font-size: 14px;\">&nbsp; &nbsp; &nbsp; ...<\/span><br><span style=\"font-family: \uad74\ub9bc\uccb4; font-size: 14px;\">&nbsp; &nbsp; &nbsp; Successfully created database at D:\\0_tmp\\codeql-dbs\\webgoat.<\/span><br><span style=\"font-family: \uad74\ub9bc\uccb4; font-size: 14px;\">&nbsp; &nbsp; &nbsp; \uba54\uc138\uc9c0\uac00 \ub098\uc624\uba74 \uc131\uacf5.<\/span><\/p>\n<p><span style=\"font-family: \uad74\ub9bc\uccb4; font-size: 14px;\">&nbsp; &nbsp; 6. \ucffc\ub9ac\ub97c \uc2e4\ud589\ud558\uc5ec \uacb0\uacfc \ucd9c\ub825<\/span><br><span style=\"font-family: \uad74\ub9bc\uccb4; font-size: 14px;\">&nbsp; &nbsp; &nbsp; \u203b\uc774 \uacfc\uc815\uc740 Fortify SCA\uac00 FPR\uc744 \uc0dd\uc131\ud558\ub294 \uacfc\uc815\uc73c\ub85c \uc774\ud574.<\/span><br><span style=\"font-family: \uad74\ub9bc\uccb4; font-size: 14px;\">&nbsp; &nbsp; &nbsp; \uc9c0\uc6d0\ud558\ub294 \uacb0\uacfc \ud3ec\ub9f7: csv, sarif-latest, sarifv2.1.0, dgml, dot<\/span><\/p>\n<p><span style=\"font-family: \uad74\ub9bc\uccb4; font-size: 14px;\">&nbsp; &nbsp; &nbsp; codeql database analyze d:\\0_tmp\\codeql-dbs\\webgoat --format=\"csv\" --output=d:\\0_tmp\\codeql-output\\scan.csv<\/span><br><span style=\"font-family: \uad74\ub9bc\uccb4; font-size: 14px;\">&nbsp; &nbsp; &nbsp; ...\ucffc\ub9ac\ubb38\uc778 qlx \ud30c\uc77c\ub4e4\uc744 \ub85c\ub4dc \ud6c4 \uc2e4\ud589\ud558\ub294 \uacfc\uc815...<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u25a0\uac1c\uc694&nbsp; CodeQL\uc740 GitHub \ubcf4\uc548\uae30\ub2a5 \uc911 \ud558\ub098\ub85c \uac1c\ubc1c\uc790\uac00 \ubcf4\uc548 \uac80\uc0ac\ub97c \uc790\ub3d9\ud654\ud558\uace0 \ucde8\uc57d\uc810 \uc9c4\ub2e8\uc744 \uc218\ud589\ud558\ub294\ub370 \uc0ac\uc6a9\ub418\ub294 \ubd84\uc11d\uc5d4\uc9c4\uc774\ub2e4.&nbsp; CodeQL\uc740 \uc18c\uc2a4\ucf54\ub4dc \ucef4\ud30c\uc77c\uc744 \ubaa8\ub2c8\ud130\ub9c1\ud558\uc5ec \uc18c\uc2a4\ucf54\ub4dc \ub0b4 \ub370\uc774\ud130 \ud750\ub984\uc774\ub098 \ubcc0\uc218\ub4f1\uc744 \uc790\uccb4 DB\uc5d0 \uc800\uc7a5\ud558\uace0, \uc804\uc6a9 \ucffc\ub9ac\ubb38\uc744 \ud1b5\ud574 DB\uc5d0\uc11c \uc6d0\ud558\ub294 \uacb0\uacfc\ub97c \ub3c4\ucd9c \ud560 \uc218 \uc788\ub2e4. \u25a0\uad00\ub828 \ub9c1\ud06c&nbsp; https:\/\/codeql.github.com\/docs\/codeql-overview\/&nbsp; https:\/\/codeql.github.com\/docs\/codeql-language-guides\/codeql-for-cpp\/&nbsp; https:\/\/dev.to\/aws-builders\/find-source-code-vulnerabilities-with-codeql-before-you-commit-2hof&nbsp; https:\/\/github.com\/github\/codeql-cli-binaries\/releases \u25a0\ub77c\uc774\uc120\uc2a4&nbsp; 1. \ud559\ubb38\uc801 \uc5f0\uad6c \ub610\ub294 \uac1c\uc778 \uc0ac\uc6a9 \uac00\ub2a5&nbsp; 2. GitHub.com\uc5d0 \ub4f1\uc7ac\ub41c \uc624\ud508 [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_import_markdown_pro_load_document_selector":0,"_import_markdown_pro_submit_text_textarea":"","site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"set","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[66],"tags":[],"class_list":["post-7846","post","type-post","status-publish","format-standard","hentry","category-computing_fortify"],"_links":{"self":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts\/7846","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=7846"}],"version-history":[{"count":0,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts\/7846\/revisions"}],"wp:attachment":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=7846"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=7846"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=7846"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}