mirror/api
1
0
Fork 0
mirror of https://github.com/unraid/api.git synced 2025-12-30 21:19:49 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
84f4a7221dd1942efc3ea7db19898a4bb81a898e
api/.github/codeql
History

README.md

CodeQL Security Analysis for Unraid API

This directory contains custom CodeQL queries and configurations for security analysis of the Unraid API codebase.

Overview

The analysis is configured to run:

  • On all pushes to the main branch
  • On all pull requests
  • Weekly via scheduled runs

Custom Queries

The following custom queries are implemented:

  1. API Authorization Bypass Detection
    Identifies API handlers that may not properly check authorization before performing operations.

  2. GraphQL Injection Detection
    Detects potential injection vulnerabilities in GraphQL queries and operations.

  3. Hardcoded Secrets Detection
    Finds potential hardcoded secrets or credentials in the codebase.

  4. Insecure Cryptographic Implementations
    Identifies usage of weak cryptographic algorithms or insecure random number generation.

  5. Path Traversal Vulnerability Detection
    Detects potential path traversal vulnerabilities in file system operations.

Configuration

The CodeQL analysis is configured in:

  • .github/workflows/codeql-analysis.yml - Workflow configuration
  • .github/codeql/codeql-config.yml - CodeQL engine configuration

Running Locally

To run these queries locally:

  1. Install the CodeQL CLI: https://github.com/github/codeql-cli-binaries/releases
  2. Create a CodeQL database: 
    codeql database create <db-name> --language=javascript --source-root=.
  3. Run a query: 
    codeql query run .github/codeql/custom-queries/javascript/api-auth-bypass.ql --database=<db-name>
Reference in New Issue View Git Blame Copy Permalink