@elizaos/skills 2.0.0-alpha.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +126 -0
- package/package.json +53 -0
- package/skills/1password/SKILL.md +70 -0
- package/skills/1password/references/cli-examples.md +29 -0
- package/skills/1password/references/get-started.md +17 -0
- package/skills/apple-notes/SKILL.md +77 -0
- package/skills/apple-reminders/SKILL.md +96 -0
- package/skills/bear-notes/SKILL.md +107 -0
- package/skills/bird/SKILL.md +224 -0
- package/skills/blogwatcher/SKILL.md +69 -0
- package/skills/blucli/SKILL.md +47 -0
- package/skills/bluebubbles/SKILL.md +131 -0
- package/skills/camsnap/SKILL.md +45 -0
- package/skills/canvas/SKILL.md +203 -0
- package/skills/clawhub/SKILL.md +77 -0
- package/skills/coding-agent/SKILL.md +284 -0
- package/skills/discord/SKILL.md +578 -0
- package/skills/eightctl/SKILL.md +50 -0
- package/skills/food-order/SKILL.md +48 -0
- package/skills/gemini/SKILL.md +43 -0
- package/skills/gifgrep/SKILL.md +79 -0
- package/skills/github/SKILL.md +77 -0
- package/skills/gog/SKILL.md +116 -0
- package/skills/goplaces/SKILL.md +52 -0
- package/skills/healthcheck/SKILL.md +245 -0
- package/skills/himalaya/SKILL.md +257 -0
- package/skills/himalaya/references/configuration.md +184 -0
- package/skills/himalaya/references/message-composition.md +199 -0
- package/skills/imsg/SKILL.md +74 -0
- package/skills/local-places/SERVER_README.md +101 -0
- package/skills/local-places/SKILL.md +102 -0
- package/skills/local-places/pyproject.toml +21 -0
- package/skills/local-places/src/local_places/__init__.py +2 -0
- package/skills/local-places/src/local_places/google_places.py +314 -0
- package/skills/local-places/src/local_places/main.py +65 -0
- package/skills/local-places/src/local_places/schemas.py +107 -0
- package/skills/mcporter/SKILL.md +61 -0
- package/skills/model-usage/SKILL.md +69 -0
- package/skills/model-usage/references/codexbar-cli.md +33 -0
- package/skills/model-usage/scripts/model_usage.py +310 -0
- package/skills/nano-banana-pro/SKILL.md +58 -0
- package/skills/nano-banana-pro/scripts/generate_image.py +184 -0
- package/skills/nano-pdf/SKILL.md +38 -0
- package/skills/notion/SKILL.md +172 -0
- package/skills/obsidian/SKILL.md +81 -0
- package/skills/openai-image-gen/SKILL.md +89 -0
- package/skills/openai-image-gen/scripts/gen.py +240 -0
- package/skills/openai-whisper/SKILL.md +38 -0
- package/skills/openai-whisper-api/SKILL.md +52 -0
- package/skills/openai-whisper-api/scripts/transcribe.sh +85 -0
- package/skills/openhue/SKILL.md +51 -0
- package/skills/oracle/SKILL.md +125 -0
- package/skills/ordercli/SKILL.md +78 -0
- package/skills/peekaboo/SKILL.md +190 -0
- package/skills/sag/SKILL.md +87 -0
- package/skills/security-ask-questions-if-underspecified/.claude-plugin/plugin.json +10 -0
- package/skills/security-ask-questions-if-underspecified/README.md +24 -0
- package/skills/security-ask-questions-if-underspecified/skills/ask-questions-if-underspecified/SKILL.md +85 -0
- package/skills/security-audit-context-building/.claude-plugin/plugin.json +10 -0
- package/skills/security-audit-context-building/README.md +58 -0
- package/skills/security-audit-context-building/commands/audit-context.md +21 -0
- package/skills/security-audit-context-building/skills/audit-context-building/SKILL.md +297 -0
- package/skills/security-audit-context-building/skills/audit-context-building/resources/COMPLETENESS_CHECKLIST.md +47 -0
- package/skills/security-audit-context-building/skills/audit-context-building/resources/FUNCTION_MICRO_ANALYSIS_EXAMPLE.md +355 -0
- package/skills/security-audit-context-building/skills/audit-context-building/resources/OUTPUT_REQUIREMENTS.md +71 -0
- package/skills/security-building-secure-contracts/.claude-plugin/plugin.json +10 -0
- package/skills/security-building-secure-contracts/README.md +241 -0
- package/skills/security-building-secure-contracts/skills/algorand-vulnerability-scanner/SKILL.md +284 -0
- package/skills/security-building-secure-contracts/skills/algorand-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +405 -0
- package/skills/security-building-secure-contracts/skills/audit-prep-assistant/SKILL.md +409 -0
- package/skills/security-building-secure-contracts/skills/cairo-vulnerability-scanner/SKILL.md +329 -0
- package/skills/security-building-secure-contracts/skills/cairo-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +722 -0
- package/skills/security-building-secure-contracts/skills/code-maturity-assessor/SKILL.md +218 -0
- package/skills/security-building-secure-contracts/skills/code-maturity-assessor/resources/ASSESSMENT_CRITERIA.md +355 -0
- package/skills/security-building-secure-contracts/skills/code-maturity-assessor/resources/EXAMPLE_REPORT.md +248 -0
- package/skills/security-building-secure-contracts/skills/code-maturity-assessor/resources/REPORT_FORMAT.md +33 -0
- package/skills/security-building-secure-contracts/skills/cosmos-vulnerability-scanner/SKILL.md +334 -0
- package/skills/security-building-secure-contracts/skills/cosmos-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +740 -0
- package/skills/security-building-secure-contracts/skills/guidelines-advisor/SKILL.md +252 -0
- package/skills/security-building-secure-contracts/skills/guidelines-advisor/resources/ASSESSMENT_AREAS.md +329 -0
- package/skills/security-building-secure-contracts/skills/guidelines-advisor/resources/DELIVERABLES.md +118 -0
- package/skills/security-building-secure-contracts/skills/guidelines-advisor/resources/EXAMPLE_REPORT.md +298 -0
- package/skills/security-building-secure-contracts/skills/secure-workflow-guide/SKILL.md +161 -0
- package/skills/security-building-secure-contracts/skills/secure-workflow-guide/resources/EXAMPLE_REPORT.md +279 -0
- package/skills/security-building-secure-contracts/skills/secure-workflow-guide/resources/WORKFLOW_STEPS.md +132 -0
- package/skills/security-building-secure-contracts/skills/solana-vulnerability-scanner/SKILL.md +389 -0
- package/skills/security-building-secure-contracts/skills/solana-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +669 -0
- package/skills/security-building-secure-contracts/skills/substrate-vulnerability-scanner/SKILL.md +298 -0
- package/skills/security-building-secure-contracts/skills/substrate-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +791 -0
- package/skills/security-building-secure-contracts/skills/token-integration-analyzer/SKILL.md +362 -0
- package/skills/security-building-secure-contracts/skills/token-integration-analyzer/resources/ASSESSMENT_CATEGORIES.md +571 -0
- package/skills/security-building-secure-contracts/skills/token-integration-analyzer/resources/REPORT_TEMPLATES.md +141 -0
- package/skills/security-building-secure-contracts/skills/ton-vulnerability-scanner/SKILL.md +388 -0
- package/skills/security-building-secure-contracts/skills/ton-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +595 -0
- package/skills/security-burpsuite-project-parser/.claude-plugin/plugin.json +10 -0
- package/skills/security-burpsuite-project-parser/README.md +103 -0
- package/skills/security-burpsuite-project-parser/commands/burp-search.md +18 -0
- package/skills/security-burpsuite-project-parser/skills/SKILL.md +358 -0
- package/skills/security-burpsuite-project-parser/skills/scripts/burp-search.sh +99 -0
- package/skills/security-claude-in-chrome-troubleshooting/.claude-plugin/plugin.json +8 -0
- package/skills/security-claude-in-chrome-troubleshooting/README.md +31 -0
- package/skills/security-claude-in-chrome-troubleshooting/skills/claude-in-chrome-troubleshooting/SKILL.md +251 -0
- package/skills/security-constant-time-analysis/.claude-plugin/plugin.json +9 -0
- package/skills/security-constant-time-analysis/README.md +381 -0
- package/skills/security-constant-time-analysis/commands/ct-check.md +20 -0
- package/skills/security-constant-time-analysis/ct_analyzer/__init__.py +49 -0
- package/skills/security-constant-time-analysis/ct_analyzer/analyzer.py +1284 -0
- package/skills/security-constant-time-analysis/ct_analyzer/script_analyzers.py +3081 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/__init__.py +1 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_analyzer.py +1397 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/bn_excerpt.js +205 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/decompose_constant_time.c +181 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/decompose_vulnerable.c +74 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/decompose_vulnerable.go +78 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/decompose_vulnerable.rs +92 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.cs +174 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.java +161 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.kt +181 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.php +140 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.py +252 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.rb +188 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.swift +199 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.ts +154 -0
- package/skills/security-constant-time-analysis/pyproject.toml +52 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/README.md +90 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/SKILL.md +219 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/compiled.md +129 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/javascript.md +136 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/kotlin.md +252 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/php.md +172 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/python.md +179 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/ruby.md +198 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/swift.md +288 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/vm-compiled.md +354 -0
- package/skills/security-constant-time-analysis/uv.lock +8 -0
- package/skills/security-culture-index/.claude-plugin/plugin.json +8 -0
- package/skills/security-culture-index/README.md +79 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/SKILL.md +293 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/anti-patterns.md +255 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/conversation-starters.md +408 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/interview-trait-signals.md +253 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/motivators.md +158 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/patterns-archetypes.md +147 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/primary-traits.md +307 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/secondary-traits.md +228 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/team-composition.md +148 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/check_deps.py +108 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/__init__.py +20 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/constants.py +122 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/extract.py +187 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/models.py +16 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/opencv_extractor.py +520 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/extract_pdf.py +237 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/pyproject.toml +18 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/burnout-report.md +113 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/comparison-report.md +103 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/hiring-profile.md +127 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/individual-report.md +85 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/predicted-profile.md +165 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/team-report.md +109 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/analyze-team.md +188 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/coach-manager.md +267 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/compare-profiles.md +188 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/define-hiring-profile.md +220 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/detect-burnout.md +206 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/extract-from-pdf.md +121 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/interpret-individual.md +183 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/interview-debrief.md +234 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/mediate-conflict.md +306 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/plan-onboarding.md +322 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/predict-from-interview.md +250 -0
- package/skills/security-differential-review/.claude-plugin/plugin.json +10 -0
- package/skills/security-differential-review/README.md +109 -0
- package/skills/security-differential-review/commands/diff-review.md +21 -0
- package/skills/security-differential-review/skills/differential-review/SKILL.md +220 -0
- package/skills/security-differential-review/skills/differential-review/adversarial.md +203 -0
- package/skills/security-differential-review/skills/differential-review/methodology.md +234 -0
- package/skills/security-differential-review/skills/differential-review/patterns.md +300 -0
- package/skills/security-differential-review/skills/differential-review/reporting.md +369 -0
- package/skills/security-dwarf-expert/.claude-plugin/plugin.json +10 -0
- package/skills/security-dwarf-expert/README.md +38 -0
- package/skills/security-dwarf-expert/skills/dwarf-expert/SKILL.md +93 -0
- package/skills/security-dwarf-expert/skills/dwarf-expert/reference/coding.md +31 -0
- package/skills/security-dwarf-expert/skills/dwarf-expert/reference/dwarfdump.md +50 -0
- package/skills/security-dwarf-expert/skills/dwarf-expert/reference/readelf.md +8 -0
- package/skills/security-entry-point-analyzer/.claude-plugin/plugin.json +10 -0
- package/skills/security-entry-point-analyzer/README.md +74 -0
- package/skills/security-entry-point-analyzer/commands/entry-points.md +18 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/SKILL.md +251 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/cosmwasm.md +182 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/move-aptos.md +107 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/move-sui.md +87 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/solana.md +155 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/solidity.md +135 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/ton.md +185 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/vyper.md +141 -0
- package/skills/security-firebase-apk-scanner/.claude-plugin/plugin.json +10 -0
- package/skills/security-firebase-apk-scanner/README.md +85 -0
- package/skills/security-firebase-apk-scanner/commands/scan-apk.md +18 -0
- package/skills/security-firebase-apk-scanner/scanner.sh +1408 -0
- package/skills/security-firebase-apk-scanner/skills/firebase-apk-scanner/SKILL.md +197 -0
- package/skills/security-firebase-apk-scanner/skills/firebase-apk-scanner/references/vulnerabilities.md +803 -0
- package/skills/security-fix-review/.claude-plugin/plugin.json +13 -0
- package/skills/security-fix-review/README.md +118 -0
- package/skills/security-fix-review/commands/fix-review.md +24 -0
- package/skills/security-fix-review/skills/fix-review/SKILL.md +264 -0
- package/skills/security-fix-review/skills/fix-review/references/bug-detection.md +408 -0
- package/skills/security-fix-review/skills/fix-review/references/finding-matching.md +298 -0
- package/skills/security-fix-review/skills/fix-review/references/report-parsing.md +398 -0
- package/skills/security-insecure-defaults/.claude-plugin/plugin.json +10 -0
- package/skills/security-insecure-defaults/README.md +45 -0
- package/skills/security-insecure-defaults/skills/insecure-defaults/SKILL.md +117 -0
- package/skills/security-insecure-defaults/skills/insecure-defaults/references/examples.md +409 -0
- package/skills/security-modern-python/.claude-plugin/plugin.json +10 -0
- package/skills/security-modern-python/README.md +58 -0
- package/skills/security-modern-python/hooks/hooks.json +16 -0
- package/skills/security-modern-python/hooks/intercept-legacy-python.bats +388 -0
- package/skills/security-modern-python/hooks/intercept-legacy-python.sh +109 -0
- package/skills/security-modern-python/hooks/test_helper.bash +75 -0
- package/skills/security-modern-python/skills/modern-python/SKILL.md +333 -0
- package/skills/security-modern-python/skills/modern-python/references/dependabot.md +43 -0
- package/skills/security-modern-python/skills/modern-python/references/migration-checklist.md +141 -0
- package/skills/security-modern-python/skills/modern-python/references/pep723-scripts.md +259 -0
- package/skills/security-modern-python/skills/modern-python/references/prek.md +211 -0
- package/skills/security-modern-python/skills/modern-python/references/pyproject.md +254 -0
- package/skills/security-modern-python/skills/modern-python/references/ruff-config.md +240 -0
- package/skills/security-modern-python/skills/modern-python/references/security-setup.md +255 -0
- package/skills/security-modern-python/skills/modern-python/references/testing.md +284 -0
- package/skills/security-modern-python/skills/modern-python/references/uv-commands.md +200 -0
- package/skills/security-modern-python/skills/modern-python/templates/dependabot.yml +36 -0
- package/skills/security-modern-python/skills/modern-python/templates/pre-commit-config.yaml +66 -0
- package/skills/security-property-based-testing/.claude-plugin/plugin.json +9 -0
- package/skills/security-property-based-testing/README.md +47 -0
- package/skills/security-property-based-testing/skills/property-based-testing/README.md +88 -0
- package/skills/security-property-based-testing/skills/property-based-testing/SKILL.md +109 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/design.md +191 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/generating.md +200 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/libraries.md +130 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/refactoring.md +181 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/reviewing.md +209 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/strategies.md +124 -0
- package/skills/semgrep-rule-creator/.claude-plugin/plugin.json +8 -0
- package/skills/semgrep-rule-creator/README.md +43 -0
- package/skills/semgrep-rule-creator/commands/semgrep-rule.md +26 -0
- package/skills/semgrep-rule-creator/skills/semgrep-rule-creator/SKILL.md +168 -0
- package/skills/semgrep-rule-creator/skills/semgrep-rule-creator/references/quick-reference.md +203 -0
- package/skills/semgrep-rule-creator/skills/semgrep-rule-creator/references/workflow.md +240 -0
- package/skills/semgrep-rule-variant-creator/.claude-plugin/plugin.json +9 -0
- package/skills/semgrep-rule-variant-creator/README.md +86 -0
- package/skills/semgrep-rule-variant-creator/skills/semgrep-rule-variant-creator/SKILL.md +205 -0
- package/skills/semgrep-rule-variant-creator/skills/semgrep-rule-variant-creator/references/applicability-analysis.md +250 -0
- package/skills/semgrep-rule-variant-creator/skills/semgrep-rule-variant-creator/references/language-syntax-guide.md +324 -0
- package/skills/semgrep-rule-variant-creator/skills/semgrep-rule-variant-creator/references/workflow.md +518 -0
- package/skills/session-logs/SKILL.md +115 -0
- package/skills/sharp-edges/.claude-plugin/plugin.json +10 -0
- package/skills/sharp-edges/README.md +48 -0
- package/skills/sharp-edges/skills/sharp-edges/SKILL.md +292 -0
- package/skills/sharp-edges/skills/sharp-edges/references/auth-patterns.md +252 -0
- package/skills/sharp-edges/skills/sharp-edges/references/case-studies.md +274 -0
- package/skills/sharp-edges/skills/sharp-edges/references/config-patterns.md +333 -0
- package/skills/sharp-edges/skills/sharp-edges/references/crypto-apis.md +190 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-c.md +205 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-csharp.md +285 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-go.md +270 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-java.md +263 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-javascript.md +269 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-kotlin.md +265 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-php.md +245 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-python.md +274 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-ruby.md +273 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-rust.md +272 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-swift.md +287 -0
- package/skills/sharp-edges/skills/sharp-edges/references/language-specific.md +588 -0
- package/skills/sherpa-onnx-tts/SKILL.md +103 -0
- package/skills/sherpa-onnx-tts/bin/sherpa-onnx-tts +178 -0
- package/skills/skill-creator/SKILL.md +370 -0
- package/skills/skill-creator/license.txt +202 -0
- package/skills/skill-creator/scripts/init_skill.py +378 -0
- package/skills/skill-creator/scripts/package_skill.py +111 -0
- package/skills/skill-creator/scripts/quick_validate.py +101 -0
- package/skills/slack/SKILL.md +144 -0
- package/skills/songsee/SKILL.md +49 -0
- package/skills/sonoscli/SKILL.md +46 -0
- package/skills/spec-to-code-compliance/.claude-plugin/plugin.json +10 -0
- package/skills/spec-to-code-compliance/README.md +67 -0
- package/skills/spec-to-code-compliance/commands/spec-compliance.md +22 -0
- package/skills/spec-to-code-compliance/skills/spec-to-code-compliance/SKILL.md +349 -0
- package/skills/spec-to-code-compliance/skills/spec-to-code-compliance/resources/COMPLETENESS_CHECKLIST.md +69 -0
- package/skills/spec-to-code-compliance/skills/spec-to-code-compliance/resources/IR_EXAMPLES.md +417 -0
- package/skills/spec-to-code-compliance/skills/spec-to-code-compliance/resources/OUTPUT_REQUIREMENTS.md +105 -0
- package/skills/spotify-player/SKILL.md +64 -0
- package/skills/static-analysis/.claude-plugin/plugin.json +8 -0
- package/skills/static-analysis/README.md +59 -0
- package/skills/static-analysis/skills/codeql/SKILL.md +315 -0
- package/skills/static-analysis/skills/sarif-parsing/SKILL.md +479 -0
- package/skills/static-analysis/skills/sarif-parsing/resources/jq-queries.md +162 -0
- package/skills/static-analysis/skills/sarif-parsing/resources/sarif_helpers.py +331 -0
- package/skills/static-analysis/skills/semgrep/SKILL.md +337 -0
- package/skills/summarize/SKILL.md +87 -0
- package/skills/testing-handbook-skills/.claude-plugin/plugin.json +8 -0
- package/skills/testing-handbook-skills/README.md +241 -0
- package/skills/testing-handbook-skills/scripts/pyproject.toml +8 -0
- package/skills/testing-handbook-skills/scripts/validate-skills.py +657 -0
- package/skills/testing-handbook-skills/skills/address-sanitizer/SKILL.md +341 -0
- package/skills/testing-handbook-skills/skills/aflpp/SKILL.md +640 -0
- package/skills/testing-handbook-skills/skills/atheris/SKILL.md +515 -0
- package/skills/testing-handbook-skills/skills/cargo-fuzz/SKILL.md +454 -0
- package/skills/testing-handbook-skills/skills/codeql/SKILL.md +549 -0
- package/skills/testing-handbook-skills/skills/constant-time-testing/SKILL.md +507 -0
- package/skills/testing-handbook-skills/skills/coverage-analysis/SKILL.md +607 -0
- package/skills/testing-handbook-skills/skills/fuzzing-dictionary/SKILL.md +297 -0
- package/skills/testing-handbook-skills/skills/fuzzing-obstacles/SKILL.md +426 -0
- package/skills/testing-handbook-skills/skills/harness-writing/SKILL.md +614 -0
- package/skills/testing-handbook-skills/skills/libafl/SKILL.md +625 -0
- package/skills/testing-handbook-skills/skills/libfuzzer/SKILL.md +795 -0
- package/skills/testing-handbook-skills/skills/ossfuzz/SKILL.md +426 -0
- package/skills/testing-handbook-skills/skills/ruzzy/SKILL.md +443 -0
- package/skills/testing-handbook-skills/skills/semgrep/SKILL.md +601 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/SKILL.md +372 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/agent-prompt.md +280 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/discovery.md +452 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/templates/domain-skill.md +504 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/templates/fuzzer-skill.md +454 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/templates/technique-skill.md +527 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/templates/tool-skill.md +366 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/testing.md +482 -0
- package/skills/testing-handbook-skills/skills/wycheproof/SKILL.md +533 -0
- package/skills/things-mac/SKILL.md +86 -0
- package/skills/tmux/SKILL.md +135 -0
- package/skills/tmux/scripts/find-sessions.sh +112 -0
- package/skills/tmux/scripts/wait-for-text.sh +83 -0
- package/skills/trello/SKILL.md +95 -0
- package/skills/variant-analysis/.claude-plugin/plugin.json +8 -0
- package/skills/variant-analysis/README.md +41 -0
- package/skills/variant-analysis/commands/variants.md +23 -0
- package/skills/variant-analysis/skills/variant-analysis/METHODOLOGY.md +327 -0
- package/skills/variant-analysis/skills/variant-analysis/SKILL.md +142 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/codeql/cpp.ql +119 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/codeql/go.ql +69 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/codeql/java.ql +71 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/codeql/javascript.ql +63 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/codeql/python.ql +80 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/cpp.yaml +98 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/go.yaml +63 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/java.yaml +61 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/javascript.yaml +60 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/python.yaml +72 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/variant-report-template.md +75 -0
- package/skills/video-frames/SKILL.md +46 -0
- package/skills/video-frames/scripts/frame.sh +81 -0
- package/skills/voice-call/SKILL.md +45 -0
- package/skills/wacli/SKILL.md +72 -0
- package/skills/weather/SKILL.md +54 -0
- package/skills/yara-authoring/.claude-plugin/plugin.json +9 -0
- package/skills/yara-authoring/README.md +131 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/SKILL.md +645 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/examples/MAL_Mac_ProtonRAT_Jan25.yar +99 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/examples/MAL_NPM_SupplyChain_Jan25.yar +170 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/examples/MAL_Win_Remcos_Jan25.yar +103 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/examples/SUSP_CRX_SuspiciousPermissions.yar +134 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/examples/SUSP_JS_Obfuscation_Jan25.yar +185 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/crx-module.md +214 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/dex-module.md +383 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/performance.md +333 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/strings.md +433 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/style-guide.md +257 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/testing.md +399 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/scripts/atom_analyzer.py +526 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/scripts/pyproject.toml +25 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/scripts/yara_lint.py +631 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/workflows/rule-development.md +493 -0
|
@@ -0,0 +1,549 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: codeql
|
|
3
|
+
type: tool
|
|
4
|
+
description: >
|
|
5
|
+
CodeQL is a static analysis framework that queries code as a database.
|
|
6
|
+
Use when you need interprocedural analysis or complex data flow tracking.
|
|
7
|
+
---
|
|
8
|
+
|
|
9
|
+
# CodeQL
|
|
10
|
+
|
|
11
|
+
CodeQL is a powerful static analysis framework that allows developers and security researchers to query a codebase for specific code patterns. The CodeQL standard libraries implement support for both inter- and intraprocedural control flow and data flow analysis. However, the learning curve for writing custom queries is steep, and documentation for the CodeQL standard libraries is still scant.
|
|
12
|
+
|
|
13
|
+
## When to Use
|
|
14
|
+
|
|
15
|
+
**Use CodeQL when:**
|
|
16
|
+
- You need interprocedural control flow and data flow queries across the entire codebase
|
|
17
|
+
- Fine-grained control over the abstract syntax tree, control flow graph, and data flow graph is required
|
|
18
|
+
- You want to prevent introduction of known bugs and security vulnerabilities into the codebase
|
|
19
|
+
- You have access to source code and third-party dependencies (and can build compiled languages)
|
|
20
|
+
- The bug class requires complex analysis beyond single-file pattern matching
|
|
21
|
+
|
|
22
|
+
**Consider alternatives when:**
|
|
23
|
+
- Single-file pattern matching is sufficient → Consider Semgrep
|
|
24
|
+
- You don't have access to source code or can't build the project
|
|
25
|
+
- Analysis time is critical (complex queries may take a long time)
|
|
26
|
+
- You need to analyze a closed-source repository without a GitHub Advanced Security license
|
|
27
|
+
- The language is not supported by CodeQL
|
|
28
|
+
|
|
29
|
+
## Quick Reference
|
|
30
|
+
|
|
31
|
+
| Task | Command |
|
|
32
|
+
|------|---------|
|
|
33
|
+
| Create database (C/C++) | `codeql database create codeql.db --language=cpp --command='make -j8'` |
|
|
34
|
+
| Create database (Go) | `codeql database create codeql.db --language=go` |
|
|
35
|
+
| Create database (Java/Kotlin) | `codeql database create codeql.db --language=java` |
|
|
36
|
+
| Create database (JavaScript/TypeScript) | `codeql database create codeql.db --language=javascript` |
|
|
37
|
+
| Create database (Python) | `codeql database create codeql.db --language=python` |
|
|
38
|
+
| Analyze database | `codeql database analyze codeql.db --format=sarif-latest --output=results.sarif -- codeql/cpp-queries` |
|
|
39
|
+
| List installed packs | `codeql resolve qlpacks` |
|
|
40
|
+
| Download query pack | `codeql pack download trailofbits/cpp-queries` |
|
|
41
|
+
| Run custom query | `codeql query run --database codeql.db -- path/to/Query.ql` |
|
|
42
|
+
| Test custom queries | `codeql test run -- path/to/test/pack/` |
|
|
43
|
+
|
|
44
|
+
## Installation
|
|
45
|
+
|
|
46
|
+
### Installing CodeQL
|
|
47
|
+
|
|
48
|
+
CodeQL can be installed manually or via Homebrew on macOS/Linux.
|
|
49
|
+
|
|
50
|
+
**Manual Installation:**
|
|
51
|
+
Navigate to the [CodeQL release page](https://github.com/github/codeql-action/releases) and download the latest bundle for your architecture. The bundle contains the `codeql` binary, query libraries for supported languages, and pre-compiled queries.
|
|
52
|
+
|
|
53
|
+
**Using Homebrew:**
|
|
54
|
+
```bash
|
|
55
|
+
brew install --cask codeql
|
|
56
|
+
```
|
|
57
|
+
|
|
58
|
+
### Keeping CodeQL Up to Date
|
|
59
|
+
|
|
60
|
+
CodeQL is under active development. Update regularly to benefit from improvements.
|
|
61
|
+
|
|
62
|
+
**Manual installation:** Download new updates from the [CodeQL release page](https://github.com/github/codeql-action/releases).
|
|
63
|
+
|
|
64
|
+
**Homebrew installation:**
|
|
65
|
+
```bash
|
|
66
|
+
brew upgrade codeql
|
|
67
|
+
```
|
|
68
|
+
|
|
69
|
+
### Verification
|
|
70
|
+
|
|
71
|
+
```bash
|
|
72
|
+
codeql --version
|
|
73
|
+
```
|
|
74
|
+
|
|
75
|
+
## Core Workflow
|
|
76
|
+
|
|
77
|
+
### Step 1: Build a CodeQL Database
|
|
78
|
+
|
|
79
|
+
To build a CodeQL database, you typically need to be able to build the corresponding codebase. Ensure the codebase is in a clean state (e.g., run `make clean`, `go clean`, or similar).
|
|
80
|
+
|
|
81
|
+
**For compiled languages (C/C++, Swift):**
|
|
82
|
+
```bash
|
|
83
|
+
codeql database create codeql.db --language=cpp --command='make -j8'
|
|
84
|
+
```
|
|
85
|
+
|
|
86
|
+
If using CMake or out-of-source builds, add `--source-root` to specify the source file tree root:
|
|
87
|
+
```bash
|
|
88
|
+
codeql database create codeql.db --language=cpp --source-root=/path/to/source --command='cmake --build build'
|
|
89
|
+
```
|
|
90
|
+
|
|
91
|
+
**For interpreted languages (Python, JavaScript):**
|
|
92
|
+
```bash
|
|
93
|
+
codeql database create codeql.db --language=python
|
|
94
|
+
```
|
|
95
|
+
|
|
96
|
+
**For languages with auto-detection (Go, Java):**
|
|
97
|
+
```bash
|
|
98
|
+
codeql database create codeql.db --language=go
|
|
99
|
+
```
|
|
100
|
+
|
|
101
|
+
For complex build systems, use the `--command` argument to pass the build command.
|
|
102
|
+
|
|
103
|
+
### Step 2: Analyze the Database
|
|
104
|
+
|
|
105
|
+
Run pre-compiled query packs on the database:
|
|
106
|
+
|
|
107
|
+
```bash
|
|
108
|
+
codeql database analyze codeql.db --format=sarif-latest --output=results.sarif -- codeql/cpp-queries
|
|
109
|
+
```
|
|
110
|
+
|
|
111
|
+
Output formats include SARIF and CSV. SARIF results can be viewed with the [VSCode SARIF Explorer extension](https://marketplace.visualstudio.com/items?itemName=trailofbits.sarif-explorer).
|
|
112
|
+
|
|
113
|
+
### Step 3: Review Results
|
|
114
|
+
|
|
115
|
+
SARIF files contain findings with location, severity, and description. Import into your IDE or CI/CD pipeline for review and remediation.
|
|
116
|
+
|
|
117
|
+
### Installing Third-Party Query Packs
|
|
118
|
+
|
|
119
|
+
Published query packs are identified by scope/name/version. For example:
|
|
120
|
+
|
|
121
|
+
```bash
|
|
122
|
+
codeql pack download trailofbits/cpp-queries trailofbits/go-queries
|
|
123
|
+
```
|
|
124
|
+
|
|
125
|
+
For Trail of Bits public CodeQL queries, see [trailofbits/codeql-queries](https://github.com/trailofbits/codeql-queries).
|
|
126
|
+
|
|
127
|
+
## How to Customize
|
|
128
|
+
|
|
129
|
+
### Writing Custom Queries
|
|
130
|
+
|
|
131
|
+
CodeQL queries use a declarative, object-oriented language called QL with Java-like syntax and SQL-like query expressions.
|
|
132
|
+
|
|
133
|
+
**Basic query structure:**
|
|
134
|
+
```ql
|
|
135
|
+
import cpp
|
|
136
|
+
|
|
137
|
+
from FunctionCall call
|
|
138
|
+
where call.getTarget().getName() = "memcpy"
|
|
139
|
+
select call.getLocation(), call.getArgument(0)
|
|
140
|
+
```
|
|
141
|
+
|
|
142
|
+
This selects all expressions passed as the first argument to `memcpy`.
|
|
143
|
+
|
|
144
|
+
**Creating a custom class:**
|
|
145
|
+
```ql
|
|
146
|
+
import cpp
|
|
147
|
+
|
|
148
|
+
class MemcpyCall extends FunctionCall {
|
|
149
|
+
MemcpyCall() {
|
|
150
|
+
this.getTarget().getName() = "memcpy"
|
|
151
|
+
}
|
|
152
|
+
|
|
153
|
+
Expr getDestination() {
|
|
154
|
+
result = this.getArgument(0)
|
|
155
|
+
}
|
|
156
|
+
|
|
157
|
+
Expr getSource() {
|
|
158
|
+
result = this.getArgument(1)
|
|
159
|
+
}
|
|
160
|
+
|
|
161
|
+
Expr getSize() {
|
|
162
|
+
result = this.getArgument(2)
|
|
163
|
+
}
|
|
164
|
+
}
|
|
165
|
+
|
|
166
|
+
from MemcpyCall call
|
|
167
|
+
select call.getLocation(), call.getDestination()
|
|
168
|
+
```
|
|
169
|
+
|
|
170
|
+
### Key Syntax Reference
|
|
171
|
+
|
|
172
|
+
| Syntax/Operator | Description | Example |
|
|
173
|
+
|-----------------|-------------|---------|
|
|
174
|
+
| `from Type x where P(x) select f(x)` | Query: select f(x) for all x where P(x) is true | `from FunctionCall call where call.getTarget().getName() = "memcpy" select call` |
|
|
175
|
+
| `exists(...)` | Existential quantification | `exists(FunctionCall call \| call.getTarget() = fun)` |
|
|
176
|
+
| `forall(...)` | Universal quantification | `forall(Expr e \| e = arg.getAChild() \| e.isConstant())` |
|
|
177
|
+
| `+` | Transitive closure (1+ times) | `start.getASuccessor+()` |
|
|
178
|
+
| `*` | Reflexive transitive closure (0+ times) | `start.getASuccessor*()` |
|
|
179
|
+
| `result` | Special variable for method/function output | `result = this.getArgument(0)` |
|
|
180
|
+
|
|
181
|
+
### Example: Finding Unhandled Errors
|
|
182
|
+
|
|
183
|
+
```ql
|
|
184
|
+
import cpp
|
|
185
|
+
|
|
186
|
+
/**
|
|
187
|
+
* @name Unhandled error return value
|
|
188
|
+
* @id custom/unhandled-error
|
|
189
|
+
* @description Function calls that return error codes that are not checked
|
|
190
|
+
* @kind problem
|
|
191
|
+
* @problem.severity warning
|
|
192
|
+
* @precision medium
|
|
193
|
+
*/
|
|
194
|
+
|
|
195
|
+
predicate isErrorReturningFunction(Function f) {
|
|
196
|
+
f.getName().matches("%error%") or
|
|
197
|
+
f.getName().matches("%Error%")
|
|
198
|
+
}
|
|
199
|
+
|
|
200
|
+
from FunctionCall call
|
|
201
|
+
where
|
|
202
|
+
isErrorReturningFunction(call.getTarget()) and
|
|
203
|
+
not exists(Expr parent |
|
|
204
|
+
parent = call.getParent*() and
|
|
205
|
+
(parent instanceof IfStmt or parent instanceof SwitchStmt)
|
|
206
|
+
)
|
|
207
|
+
select call, "Error return value not checked"
|
|
208
|
+
```
|
|
209
|
+
|
|
210
|
+
### Adding Query Metadata
|
|
211
|
+
|
|
212
|
+
Query metadata is defined in an initial comment:
|
|
213
|
+
|
|
214
|
+
```ql
|
|
215
|
+
/**
|
|
216
|
+
* @name Short name for the issue
|
|
217
|
+
* @id scope/query-name
|
|
218
|
+
* @description Longer description of the issue
|
|
219
|
+
* @kind problem
|
|
220
|
+
* @tags security external/cwe/cwe-123
|
|
221
|
+
* @problem.severity error
|
|
222
|
+
* @precision high
|
|
223
|
+
*/
|
|
224
|
+
```
|
|
225
|
+
|
|
226
|
+
**Required fields:**
|
|
227
|
+
- `name`: Short string identifying the issue
|
|
228
|
+
- `id`: Unique identifier (lowercase letters, numbers, `/`, `-`)
|
|
229
|
+
- `description`: Longer description (a few sentences)
|
|
230
|
+
- `kind`: Either `problem` or `path-problem`
|
|
231
|
+
- `problem.severity`: `error`, `warning`, or `recommendation`
|
|
232
|
+
- `precision`: `low`, `medium`, `high`, or `very-high`
|
|
233
|
+
|
|
234
|
+
**Output format requirements:**
|
|
235
|
+
- `problem` queries: Output must be `(Location, string)`
|
|
236
|
+
- `path-problem` queries: Output must be `(DataFlow::Node, DataFlow::PathNode, DataFlow::PathNode, string)`
|
|
237
|
+
|
|
238
|
+
### Testing Custom Queries
|
|
239
|
+
|
|
240
|
+
Create a test pack with `qlpack.yml`:
|
|
241
|
+
|
|
242
|
+
```yaml
|
|
243
|
+
name: scope/name-test
|
|
244
|
+
version: 0.0.1
|
|
245
|
+
dependencies:
|
|
246
|
+
codeql-query-pack-to-test: "*"
|
|
247
|
+
extractor: cpp
|
|
248
|
+
```
|
|
249
|
+
|
|
250
|
+
Create a test directory (e.g., `MemcpyCall/`) containing:
|
|
251
|
+
- `test.c`: Source file with code pattern to detect
|
|
252
|
+
- `MemcpyCall.qlref`: Text file with path to the query
|
|
253
|
+
- `MemcpyCall.expected`: Expected output
|
|
254
|
+
|
|
255
|
+
Run tests:
|
|
256
|
+
```bash
|
|
257
|
+
codeql test run -- path/to/test/pack/
|
|
258
|
+
```
|
|
259
|
+
|
|
260
|
+
If `MemcpyCall.expected` is missing or incorrect, an `MemcpyCall.actual` file is created. Review it, and if correct, rename to `MemcpyCall.expected`.
|
|
261
|
+
|
|
262
|
+
## Advanced Usage
|
|
263
|
+
|
|
264
|
+
### Creating New Query Packs
|
|
265
|
+
|
|
266
|
+
Initialize a query pack:
|
|
267
|
+
```bash
|
|
268
|
+
codeql pack init <scope>/<name>
|
|
269
|
+
```
|
|
270
|
+
|
|
271
|
+
This creates a `qlpack.yml` file:
|
|
272
|
+
```yaml
|
|
273
|
+
---
|
|
274
|
+
library: false
|
|
275
|
+
warnOnImplicitThis: false
|
|
276
|
+
name: <scope>/<name>
|
|
277
|
+
version: 0.0.1
|
|
278
|
+
```
|
|
279
|
+
|
|
280
|
+
Add standard library dependencies:
|
|
281
|
+
```bash
|
|
282
|
+
codeql pack add codeql/cpp-all
|
|
283
|
+
```
|
|
284
|
+
|
|
285
|
+
Create a workspace file (`codeql-workspace.yml`) for the CLI to work correctly.
|
|
286
|
+
|
|
287
|
+
Install dependencies:
|
|
288
|
+
```bash
|
|
289
|
+
codeql pack install
|
|
290
|
+
```
|
|
291
|
+
|
|
292
|
+
Configure the CLI to find your queries by creating `~/.config/codeql/config`:
|
|
293
|
+
```plain
|
|
294
|
+
--search-path /full/path/to/your/codeql/root/directory
|
|
295
|
+
```
|
|
296
|
+
|
|
297
|
+
### Recommended Directory Structure
|
|
298
|
+
|
|
299
|
+
```plain
|
|
300
|
+
.
|
|
301
|
+
├── codeql-workspace.yml
|
|
302
|
+
├── cpp
|
|
303
|
+
│ ├── lib
|
|
304
|
+
│ │ ├── qlpack.yml
|
|
305
|
+
│ │ └── scope
|
|
306
|
+
│ │ └── security
|
|
307
|
+
│ │ └── someLibrary.qll
|
|
308
|
+
│ ├── src
|
|
309
|
+
│ │ ├── qlpack.yml
|
|
310
|
+
│ │ ├── suites
|
|
311
|
+
│ │ │ ├── scope-cpp-code-scanning.qls
|
|
312
|
+
│ │ │ └── scope-cpp-security.qls
|
|
313
|
+
│ │ └── security
|
|
314
|
+
│ │ └── AppSecAnalysis
|
|
315
|
+
│ │ ├── AppSecAnalysis.c
|
|
316
|
+
│ │ ├── AppSecAnalysis.qhelp
|
|
317
|
+
│ │ └── AppSecAnalysis.ql
|
|
318
|
+
│ └── test
|
|
319
|
+
│ ├── qlpack.yml
|
|
320
|
+
│ └── query-tests
|
|
321
|
+
│ └── security
|
|
322
|
+
│ └── AppSecAnalysis
|
|
323
|
+
│ ├── AppSecAnalysis.c
|
|
324
|
+
│ ├── AppSecAnalysis.expected
|
|
325
|
+
│ └── AppSecAnalysis.qlref
|
|
326
|
+
```
|
|
327
|
+
|
|
328
|
+
### Recursion and Transitive Closures
|
|
329
|
+
|
|
330
|
+
**Recursive predicate:**
|
|
331
|
+
```ql
|
|
332
|
+
predicate isReachableFrom(BasicBlock start, BasicBlock end) {
|
|
333
|
+
start = end or isReachableFrom(start.getASuccessor(), end)
|
|
334
|
+
}
|
|
335
|
+
```
|
|
336
|
+
|
|
337
|
+
**Using transitive closure (equivalent):**
|
|
338
|
+
```ql
|
|
339
|
+
predicate isReachableFrom(BasicBlock start, BasicBlock end) {
|
|
340
|
+
end = start.getASuccessor*()
|
|
341
|
+
}
|
|
342
|
+
```
|
|
343
|
+
|
|
344
|
+
Use `*` for zero or more applications, `+` for one or more.
|
|
345
|
+
|
|
346
|
+
### Excluding Individual Files
|
|
347
|
+
|
|
348
|
+
CodeQL instruments the build process. If object files already exist and are up-to-date, corresponding source files won't be added to the database. This can reduce database size but means CodeQL has only partial knowledge about excluded files and cannot reason about data flow through them.
|
|
349
|
+
|
|
350
|
+
**Recommendation:** Include third-party libraries and filter issues based on location rather than excluding files during database creation.
|
|
351
|
+
|
|
352
|
+
### Editor Support
|
|
353
|
+
|
|
354
|
+
**VSCode:** [CodeQL extension](https://marketplace.visualstudio.com/items?itemName=GitHub.vscode-codeql) provides LSP support, syntax highlighting, query running, and AST visualization.
|
|
355
|
+
|
|
356
|
+
**Neovim:** [codeql.nvim](https://github.com/pwntester/codeql.nvim) provides similar functionality.
|
|
357
|
+
|
|
358
|
+
**Helix/Other editors:** Use the CodeQL LSP server and [Tree-sitter grammar for CodeQL](https://github.com/tree-sitter/tree-sitter-ql).
|
|
359
|
+
|
|
360
|
+
**VSCode Quick Query:** Use "CodeQL: Quick Query" command to run single queries against a database.
|
|
361
|
+
|
|
362
|
+
**Debugging queries:** Add database source to workspace, then use "CodeQL: View AST" to display the AST for individual nodes.
|
|
363
|
+
|
|
364
|
+
## Configuration
|
|
365
|
+
|
|
366
|
+
### CodeQL Standard Libraries
|
|
367
|
+
|
|
368
|
+
CodeQL standard libraries are language-specific. Refer to API documentation:
|
|
369
|
+
|
|
370
|
+
- [C and C++](https://codeql.github.com/codeql-standard-libraries/cpp/)
|
|
371
|
+
- [Go](https://codeql.github.com/codeql-standard-libraries/go/)
|
|
372
|
+
- [Java and Kotlin](https://codeql.github.com/codeql-standard-libraries/java/)
|
|
373
|
+
- [JavaScript and TypeScript](https://codeql.github.com/codeql-standard-libraries/javascript/)
|
|
374
|
+
- [Python](https://codeql.github.com/codeql-standard-libraries/python/)
|
|
375
|
+
- [C#](https://codeql.github.com/codeql-standard-libraries/csharp/)
|
|
376
|
+
- [Ruby](https://codeql.github.com/codeql-standard-libraries/ruby/)
|
|
377
|
+
- [Swift](https://codeql.github.com/codeql-standard-libraries/swift/)
|
|
378
|
+
|
|
379
|
+
### Supported Languages
|
|
380
|
+
|
|
381
|
+
CodeQL supports C/C++, C#, Go, Java, Kotlin, JavaScript, TypeScript, Python, Ruby, and Swift. Check [supported languages and frameworks](https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks) for details.
|
|
382
|
+
|
|
383
|
+
## CI/CD Integration
|
|
384
|
+
|
|
385
|
+
### GitHub Actions
|
|
386
|
+
|
|
387
|
+
Enable code scanning from "Code security and analysis" in repository settings. Choose default or advanced setup.
|
|
388
|
+
|
|
389
|
+
**Advanced setup workflow:**
|
|
390
|
+
```yaml
|
|
391
|
+
name: "CodeQL"
|
|
392
|
+
|
|
393
|
+
on:
|
|
394
|
+
push:
|
|
395
|
+
branches: [ "main" ]
|
|
396
|
+
pull_request:
|
|
397
|
+
branches: [ "main" ]
|
|
398
|
+
schedule:
|
|
399
|
+
- cron: '34 10 * * 6'
|
|
400
|
+
|
|
401
|
+
jobs:
|
|
402
|
+
analyze:
|
|
403
|
+
name: Analyze
|
|
404
|
+
runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
|
|
405
|
+
timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }}
|
|
406
|
+
|
|
407
|
+
permissions:
|
|
408
|
+
actions: read
|
|
409
|
+
contents: read
|
|
410
|
+
security-events: write
|
|
411
|
+
|
|
412
|
+
strategy:
|
|
413
|
+
fail-fast: false
|
|
414
|
+
matrix:
|
|
415
|
+
language: [ 'cpp' ]
|
|
416
|
+
|
|
417
|
+
steps:
|
|
418
|
+
- name: Checkout repository
|
|
419
|
+
uses: actions/checkout@v4
|
|
420
|
+
|
|
421
|
+
- name: Initialize CodeQL
|
|
422
|
+
uses: github/codeql-action/init@v3
|
|
423
|
+
with:
|
|
424
|
+
languages: ${{ matrix.language }}
|
|
425
|
+
|
|
426
|
+
- name: Autobuild
|
|
427
|
+
uses: github/codeql-action/autobuild@v3
|
|
428
|
+
|
|
429
|
+
- name: Perform CodeQL Analysis
|
|
430
|
+
uses: github/codeql-action/analyze@v3
|
|
431
|
+
with:
|
|
432
|
+
category: "/language:${{matrix.language}}"
|
|
433
|
+
```
|
|
434
|
+
|
|
435
|
+
For compiled languages, replace autobuild with custom build commands:
|
|
436
|
+
```yaml
|
|
437
|
+
- run: |
|
|
438
|
+
make -j8
|
|
439
|
+
```
|
|
440
|
+
|
|
441
|
+
### Using Custom Queries in CI
|
|
442
|
+
|
|
443
|
+
Specify query packs and queries in the "Initialize CodeQL" step:
|
|
444
|
+
|
|
445
|
+
```yaml
|
|
446
|
+
- uses: github/codeql-action/init@v3
|
|
447
|
+
with:
|
|
448
|
+
queries: security-extended,security-and-quality
|
|
449
|
+
packs: trailofbits/cpp-queries
|
|
450
|
+
```
|
|
451
|
+
|
|
452
|
+
For repository-local queries:
|
|
453
|
+
```yaml
|
|
454
|
+
- uses: github/codeql-action/init@v3
|
|
455
|
+
with:
|
|
456
|
+
queries: ./codeql/UnhandledError.ql
|
|
457
|
+
packs: trailofbits/cpp-queries
|
|
458
|
+
```
|
|
459
|
+
|
|
460
|
+
Note the `.` prefix for repository-relative paths. All queries must be part of a query pack with a `qlpack.yml` file.
|
|
461
|
+
|
|
462
|
+
### Testing Custom Queries in CI
|
|
463
|
+
|
|
464
|
+
```yaml
|
|
465
|
+
name: Test CodeQL queries
|
|
466
|
+
|
|
467
|
+
on: [push, pull_request]
|
|
468
|
+
|
|
469
|
+
jobs:
|
|
470
|
+
codeql-test:
|
|
471
|
+
runs-on: ubuntu-latest
|
|
472
|
+
steps:
|
|
473
|
+
- uses: actions/checkout@v4
|
|
474
|
+
- id: init
|
|
475
|
+
uses: github/codeql-action/init@v3
|
|
476
|
+
- uses: actions/cache@v4
|
|
477
|
+
with:
|
|
478
|
+
path: ~/.codeql
|
|
479
|
+
key: ${{ runner.os }}-${{ runner.arch }}-${{ steps.init.outputs.codeql-version }}
|
|
480
|
+
- name: Run tests
|
|
481
|
+
run: |
|
|
482
|
+
${{ steps.init.outputs.codeql-path }} test run ./path/to/query/tests/
|
|
483
|
+
```
|
|
484
|
+
|
|
485
|
+
This workflow caches query extraction and compilation for faster subsequent runs.
|
|
486
|
+
|
|
487
|
+
## Common Mistakes
|
|
488
|
+
|
|
489
|
+
| Mistake | Why It's Wrong | Correct Approach |
|
|
490
|
+
|---------|----------------|------------------|
|
|
491
|
+
| Not building project before creating database | CodeQL won't have complete information | Run `make clean` or equivalent, then build with CodeQL |
|
|
492
|
+
| Excluding third-party libraries from database | Prevents interprocedural analysis through library code | Include libraries, filter results by location |
|
|
493
|
+
| Using relative imports in query packs | Causes resolution issues | Use absolute imports from standard libraries |
|
|
494
|
+
| Not adding query metadata | SARIF output lacks severity, description | Always add metadata comment with required fields |
|
|
495
|
+
| Forgetting workspace file | CLI won't find query packs | Create `codeql-workspace.yml` in root directory |
|
|
496
|
+
|
|
497
|
+
## Limitations
|
|
498
|
+
|
|
499
|
+
- **Licensing:** Closed-source repositories require GitHub Enterprise or Advanced Security license
|
|
500
|
+
- **Build requirement:** Compiled languages must be buildable; no build = incomplete database
|
|
501
|
+
- **Performance:** Complex interprocedural queries can take a long time on large codebases
|
|
502
|
+
- **Language support:** Limited to CodeQL-supported languages and frameworks
|
|
503
|
+
- **Learning curve:** Steep learning curve for writing custom queries; documentation is scant
|
|
504
|
+
- **Single-language databases:** Each database is for one language; multi-language projects need multiple databases
|
|
505
|
+
|
|
506
|
+
## Related Skills
|
|
507
|
+
|
|
508
|
+
| Skill | When to Use Together |
|
|
509
|
+
|-------|---------------------|
|
|
510
|
+
| **semgrep** | Use Semgrep first for quick pattern-based analysis, then CodeQL for deeper interprocedural analysis |
|
|
511
|
+
| **sarif-parsing** | For processing CodeQL SARIF output in custom CI/CD pipelines |
|
|
512
|
+
|
|
513
|
+
## Resources
|
|
514
|
+
|
|
515
|
+
### Trail of Bits Blog Posts on CodeQL
|
|
516
|
+
|
|
517
|
+
- [Look out! Divergent representations are everywhere!](https://blog.trailofbits.com/2022/11/10/divergent-representations-variable-overflows-c-compiler/)
|
|
518
|
+
- [Finding unhandled errors using CodeQL](https://blog.trailofbits.com/2022/01/11/finding-unhandled-errors-using-codeql/)
|
|
519
|
+
- [Detecting iterator invalidation with CodeQL](https://blog.trailofbits.com/2020/10/09/detecting-iterator-invalidation-with-codeql/)
|
|
520
|
+
|
|
521
|
+
### Learning Resources
|
|
522
|
+
|
|
523
|
+
- [CodeQL zero to hero part 1: The fundamentals of static analysis for vulnerability research](https://github.blog/2023-03-31-codeql-zero-to-hero-part-1-the-fundamentals-of-static-analysis-for-vulnerability-research/)
|
|
524
|
+
- [QL language tutorials](https://codeql.github.com/docs/writing-codeql-queries/ql-tutorials/)
|
|
525
|
+
- [GitHub Security Lab CodeQL CTFs](https://securitylab.github.com/ctf/)
|
|
526
|
+
|
|
527
|
+
### Writing Custom CodeQL Queries
|
|
528
|
+
|
|
529
|
+
- [Practical introduction to CodeQL](https://jorgectf.github.io/blog/post/practical-codeql-introduction/)
|
|
530
|
+
- [Sharing security expertise through CodeQL packs (Part I)](https://github.blog/2022-04-19-sharing-security-expertise-through-codeql-packs-part-i/)
|
|
531
|
+
|
|
532
|
+
### Video Resources
|
|
533
|
+
|
|
534
|
+
- [Trail of Bits: Introduction to CodeQL - Examples, Tools and CI Integration](https://www.youtube.com/watch?v=rQRlnUQPXDw)
|
|
535
|
+
- [Finding Security Vulnerabilities in C/C++ with CodeQL](https://www.youtube.com/watch?v=eAjecQrfv3o)
|
|
536
|
+
- [Finding Security Vulnerabilities in JavaScript with CodeQL](https://www.youtube.com/watch?v=pYzfGaLTqC0)
|
|
537
|
+
- [Finding Security Vulnerabilities in Java with CodeQL](https://www.youtube.com/watch?v=nvCd0Ee4FgE)
|
|
538
|
+
|
|
539
|
+
### Using CodeQL for Vulnerability Discovery
|
|
540
|
+
|
|
541
|
+
- [Clang checkers and CodeQL queries for detecting untrusted pointer derefs and tainted loop conditions](https://www.zerodayinitiative.com/blog/2022/2/22/clang-checkers-and-codeql-queries-for-detecting-untrusted-pointer-derefs-and-tainted-loop-conditions)
|
|
542
|
+
- [Heap exploitation with CodeQL](https://github.com/google/security-research/blob/master/analysis/kernel/heap-exploitation/README.md)
|
|
543
|
+
- [Interesting kernel objects dashboard](https://lookerstudio.google.com/reporting/68b02863-4f5c-4d85-b3c1-992af89c855c/page/n92nD)
|
|
544
|
+
|
|
545
|
+
### CodeQL in CI/CD
|
|
546
|
+
|
|
547
|
+
- [Blue-teaming for Exiv2: adding custom CodeQL queries to code scanning](https://github.blog/2021-11-16-adding-custom-codeql-queries-code-scanning/)
|
|
548
|
+
- [Best practices on rolling out code scanning at enterprise scale](https://github.blog/2022-09-28-best-practices-on-rolling-out-code-scanning-at-enterprise-scale/)
|
|
549
|
+
- [Fine tuning CodeQL scans using query filters](https://colinsalmcorner.com/fine-tuning-codeql-scans/)
|