生成codeql sarif格式报告,在浏览器打开sarif-viewer.html,导入报告即可查看漏洞链路。
# example
# create database
codeql database create vuln-flask-db -s vuln-flask-app -l python
# analyze database
codeql database analyze vuln-flask-db -o vuln-flask-full.sarif --format=sarif-latest --sarif-add-snippets --sarif-add-file-contents
codeql database analyze vuln-flask-db -o vuln-flask-medium.sarif --format=sarif-latest --sarif-add-snippets
codeql database analyze vuln-flask-db -o vuln-flask-brief.sarif --format=sarif-latest导入报告
查看漏洞链路
usage:
usage: sarif-extractor.py [-h] [-o OUTPUT] [-s SOURCE_ROOT] [-f {json,json-compact,text}] [-n]
sarif_file
从 CodeQL SARIF 报告中提取漏洞链路和源代码
positional arguments:
sarif_file SARIF 文件路径
options:
-h, --help show this help message and exit
-o OUTPUT, --output OUTPUT
输出文件路径
-s SOURCE_ROOT, --source-root SOURCE_ROOT
源代码根目录
-f {json,json-compact,text}, --format {json,json-compact,text}
-n, --with-line-number
输出文件内容时带行号
example
python sarif-extractor.py -f text -n vuln-flask-full.sarif
✓ 已保存 4 个漏洞到 vuln-flask-full_vulnerabilities.txt
统计信息:
总漏洞数: 4
规则分布:
py/stack-trace-exposure: 2
py/full-ssrf: 2vuln-flask-full_vulnerabilities.txt
The code is generated by AI.