Git Product home page Git Product logo

cq's Introduction

cq

Code Query, a universal code security scanning tool.

CQ scans code for security vulnerabilities and other items of interest to security-focussed code reviewers. It outputs text files containing references to issues found, into an output directory. These output files can then be reviewed, filtered by unix command line tools such as grep, or used as a means to 'jump' into the codebase at the specified file:line reference.

One popular mode of use is to consider the output files as a 'todo' list, deleting references as they are reviewed and either considered false positives, or copying the references into some report file to either review in detail or provide the basis for a bug report.

The tool is extremely basic, largely manual, and assumes deep knowledge of application security vulnerabilities and code review. It does, however, have the advantages of being relatively fast and reliable, and working even when only partial code is available.

CQ is Code Query, or Sécurité, or CQD, or "Seek You".

Intended Purpose

CQ is intended to be used in a security code review context by human experts. It is not intended for use in automated scenarios, although it might be applied in that context.

CQ outputs plain text files, with typically one finding per line, using the convention full path:line number to represent locations in the codebase. This format is used to allow for ease of manipulation using the standard unix command line utilities, such as grep, wc, sed and similar, and the line-based facilities of many editors such as vi, Sublime Text, Atom and Visual Studio Code.

The focus on reporting all items of interest results in a tool that will find many points of interest in almost any codebase, but which will also report a large number of 'false positives'. These false positives can be removed from the results either by inspection or in an automated fashion, due to the line-based reporting method.

Little to no explanation of issues is provided; it's assumed that you are aware of the context, impact and characteristics of the issues reported.

cq's People

Contributors

chris-anley avatar chris-anley-ncc avatar

Stargazers

avatar 5l1v3r1 avatar avatar DAssemblerxXBin3ryNinj! avatar Joshua avatar GDB HackerOne avatar Stefan Streichsbier avatar Nerd avatar avatar SaberCC avatar Gustin Johnson avatar Michael Genkin avatar avatar avatar Thomas Leary avatar Alessandro Marcolini avatar DavidB avatar Greg Keene avatar Luis Felipe Ritta avatar Ariel Coronel avatar Gladiola avatar Martin Langhoff avatar Anna avatar Jason Stangroome avatar Salim S. avatar avatar avatar Jean avatar Letlaka Tsotetsi avatar Tuvya Kfir avatar avatar Ryan Whitworth avatar Dan avatar Ender Akbas avatar Colman Mbuya avatar avatar avatar BEWNIAC avatar avatar jackson5 avatar Colin Rubbert avatar Dolev Farhi avatar Jason Benaim avatar avatar avatar João Zamite avatar DexVik avatar Frieder Steinmetz avatar Jonathan Yu avatar Chiira avatar avatar Greg M avatar Jack Enders avatar Mayank Sharma avatar Zafer Balkan avatar Prabin369 avatar Ajam avatar FCHA256 avatar avatar Mike avatar Nipun Gupta avatar James Conlan avatar avatar Mucahit Karadag avatar Sebin Thomas avatar Magno Logan avatar Talesh Seeparsan avatar Yogi Kortisa avatar Riccardo Mazza avatar avatar Ryan Emmons avatar Ahmed Alaa El-Din ( Ahmed Andaloes) avatar avatar Mihai avatar 安文的记录本 avatar avatar Harry Ha avatar Glynn Bevan avatar Resery avatar cocoonk1d avatar John avatar avatar Isaac avatar backcover7 avatar avatar avatar avatar 长歌短笛 avatar avatar avatar adi avatar b4nbird avatar avatar xrkk avatar stuwifu avatar MegaNiko avatar Evi1ran avatar avatar Edwin Siebel avatar avatar

Watchers

Jevin Sweval avatar Yun Zheng Hu avatar Felix Ingram avatar Matt Lewis avatar Stephen Tomkinson avatar Letlaka Tsotetsi avatar Stella Polaris avatar avatar

Forkers

excloudx6 edvrfn dutchcyberguy latkes magnologan x30n alema-r m4rm0k xcalibure2 5l1v3r1

cq's Issues

Add some useful parameters

hi, Is it possible to add parameters to specify the path of the target source code to make scanning more flexible

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.