CodeQL for Go¶
Experiment and learn how to write effective and efficient queries for CodeQL databases generated from Go codebases.
- Basic query for Go code: Learn to write and run a simple CodeQL query.
- CodeQL library for Go: When you’re analyzing a Go program, you can make use of the large collection of classes in the CodeQL library for Go.
- CodeQL CTF: Go and don’t return: Follow the steps that members of GitHub Security Lab went through to find a high severity vulnerability in MinIO, an Amazon S3-compatible object store.
- Abstract syntax tree classes for working with Go programs: CodeQL has a large selection of classes for representing the abstract syntax tree of Go programs.
- Modeling data flow in Go libraries: When analyzing a Go program, CodeQL does not examine the source code for external packages. To track the flow of untrusted data through a library, you can create a model of the library.
- Customizing library models for Go: You can model frameworks and libraries that your codebase depends on using data extensions and publish them as CodeQL model packs.