CodeQL用于在代码库中发现漏洞,用一个query找到同一漏洞的所有变种
主页的示例
UnsafeDeserialization.ql
from DataFlow::PathNode source, DataFlow::PathNode sink, UnsafeDeserializationConfig conf
where conf.hasFlowPath(source, sink)
select sink.getNode().(UnsafeDeserializationSink).getMethodAccess(), source, sink,
"Unsafe deserialization of $@.", source.getNode(), "user input"
看起来是污点分析