Skip to content

zerotyr/codeql-aspx

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

75 Commits
.github/workflows
.github/workflows
 
 
README.md
README.md
 
 
dummy.js
dummy.js
 
 
wheresthe.aspx
wheresthe.aspx
 
 

Repository files navigation

ayespex

This repo is used to demo different ways of scanning .aspx files. aspx files are markup files that are generated by .NET programs which sport an HTML-like syntax and are generally used for generating web pages. As such, they can contain inline JS via <script> tags which, like all other JS code, may contain vulnerabilities.

prerequisites

  1. The advanced setup for CodeQL must be used
  2. There must be at least 1 JS file in the repo before CodeQL will scan

This is a quirk of CodeQL where things like html files are not scanned unless JS is also present. In this case, this repo includes a dummy.js file to satisfy CodeQL's need. Prior to running the init step, you could generate this file on the fly if you don't want a random file cluttering the repo.

[...]
    steps:
    - name: Checkout repository
      uses: actions/checkout@v3

    - name: generate dummy.js
      run: echo "console.log('satisfied?')" > dummy.js
[...]

results are not guaranteed

CodeQL does not currently support aspx files, so this workaround may produce false positives or false negatives.

For accurate results, JS embedded in .aspx files should be removed and stored in their respective .js/.ts/.whatevers files.

modify aspx files and the resulting SARIF (simplest)

One method of scanning aspx files with the CodeQL action is to add some additional steps to the default workflow. See custom-codeql-action-aspx.yml for the full workflow.

  1. Modify all aspx files to have a .html extension
  2. Perform the typical analysis, but ensure the JS SARIF doesn't upload automatically
  3. Modify the resulting SARIF by stripping the .html extension
  4. Manually upload the now modified SARIF file

If done properly, the results will display under the code scanning alerts section of security overview while pointing to the correct file and correct line of code.

use the CodeQL CLI

Only use this method if you cannot use the Actions.

The other method is to eschew using the CodeQL actions and to use the CodeQL CLI instead. Again, since CodeQL doesn't scan aspx files, CodeQL will need to be manipulated into scanning these files. This can be done with CodeQL CLI commands. The demo does use Actions, but the CLI commands can be easily copied and modified for use in other systems.

See the custom-codeql-cli-aspx.yml workflow for a full example.

All commands basically use codeql database [command]. See [codeql database](

  1. Initialize the CodeQL database
  2. Configure the trace command
  3. Tell the CodeQL extractor to target .aspx files using trace-command
  4. Finalize the database
  5. Analyze the database
  6. Upload the results

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages