FYP Project utilizing CodeQL for code analysis
Explore the docs »
CodeQL
·
View Demo
·
Neo4J
DISMFYP2021GRP8, also known as G8, is a static code scanning security tool designed with ReactJS and ExpressJS. It utilizes the CodeQL semantic code analysis engine to find all variants of a vulnerability. Below are some features of G8 but are not limited to.
- Uploading of project with folders, (zipped) files and Git repositories
- Alert results in a neat and concise page of CodeFlow
- Alert results visualization with Neo4J integration
- Interpret custom CodeQL queries
- Report generation for researcher
- Viewing custom SARIF file with sarif-web-components
- Documentation of CodeQL queries
The following tools should be installed before starting:
Use the provided docker configuration to deploy the project:
$ docker-compose up -d
Then, visit 127.0.0.1:3000, visit the dashboard page and upload a project you wish to analyze. Click analyze to begin the analysis and watch the magic unfold.
You can optionally edit the configuration file depending on your needs:
To start trying out the project, follow the steps below.
- Visit http://127.0.0.1:3000/#/dashboard/
- Click on the
Git Repo
button and paste in https://github.com/ISnackable/DISMFYP2021GRP8.git - Click
Submit
to upload the project - Under the Existing Project table, click on
Start Analysis
and wait for the analysis to be done - Click
Load Project
and navigate to CodeQL Alert to view the results
To get a local copy up and running follow these simple example steps.
Clone this repository on the latest version using git and update all submodules to the latest version.
$ git clone https://github.com/ISnackable/DISMFYP2021GRP8/ --recursive --depth 1
-
Download the CodeQL CLI zip package.
-
Create a new CodeQL directory where you can place the CLI and any queries and libraries you want to use. For example,
D:/programs/codeql-home
or/opt/codeql
. -
Extract the zip archive in the CodeQL directory;
D:/programs/codeql-home/codeql
-
Add CodeQL to Path.
-
Windows
- Go to
Control Panel\System and Security\System
- Click on
Advance System Settings
- Click on
Enviroment Variables
- Edit
Path
for both User variables and System variables - Click on
New
and add the CodeQL directory;D:/programs/codeql-home/codeql
- Go to
-
Linux
$ export PATH=/opt/codeql:$PATH
-
-
Verify your CodeQL CLI setup.
$ codeql --help
-
Download & Install the CodeQL VSCode Extension. (Optional)
$ docker run -p 3306:3306 -d -v G8/backend/init.sql:/docker-entrypoint-initdb.d --env MYSQL_ROOT_PASSWORD=secret docker.io/library/mariadb:10
$ docker run -p 7474:7474 -p 7687:7687 -d -v $HOME/neo4j/data:/data --env NEO4J_AUTH=neo4j/s3cr3t neo4j:4.2.7
- Download & Install MariaDB on the latest version
- Verify MariaDB is installed by running the following command
$ sudo service mysql status
- Download & Install Neo4J Community Server on the latest version
- Verify Neo4J is installed by visiting http://localhost:7474.
You can optionally edit the configuration file depending on your needs:
$ cd G8/frontend
$ yarn install
$ yarn start
$ cd G8/backend
$ yarn install
$ yarn start
The version of CodeQL used by the G8 is subject to the CodeQL Research Terms & Conditions.
By using G8, you agree to GitHub CodeQL Terms and Conditions. If you do not accept these Terms, do not download, install, use, or copy the Software.