You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello, I have some golang applications that use yaml format files as configuration files, but R&D often writes some accounts and passwords in the configuration files.
How can I use codeql to automatically detect whether the contents of these files contain sensitive files?
When the "codeql database create --language=go" command cannot retrieve the yml file
I created 2 databases by "codeql database create --language=go,yaml ...", but how do I write queries for the yaml database?
Are there some open source queries that can be referenced?
The text was updated successfully, but these errors were encountered:
The yaml extractor is unusual in that the fragment of the database schema ("dbscheme") is replicated in the database schema for Ruby, Javascript and Python, meaning that YAML extractor can either populate a plain yaml database, or contribute to a Ruby, JS or Python database. It also means one way to extract YAML and easily use one of those languages' libraries to deal with the YAML database content is to create a one-line JS, Python or Ruby file and extract that language. There's no reason this couldn't also be done with Go, except that we haven't happened to have had that need yet.
That means the JS, Python and Ruby languages are also the places to look for examples of CodeQL that uses yaml data.
Then there's a shared CodeQL module that defines YAML classes and predicates on top of the database schema: https://github.com/github/codeql/blob/main/shared/yaml/codeql/yaml/Yaml.qll -- for example, it defines YamlSequence for working with sequence types, with a getElement(int i) predicate for accessing elements.
Hello, I have some golang applications that use yaml format files as configuration files, but R&D often writes some accounts and passwords in the configuration files.
How can I use codeql to automatically detect whether the contents of these files contain sensitive files?
Are there some open source queries that can be referenced?
The text was updated successfully, but these errors were encountered: