GoSecCode For Codeql

一个基于Codeql规则的go靶场

博客分析：https://lya0.github.io/2023/04/20/codeql-GoSecCode

原靶场介绍

🏠 Homepage

Install

运行需要安装beego和bee

参考:beego和bee安装

然后执行

git clone https://github.com/cokeBeer/go-sec-code
cd go-sec-code
bee run

服务器就运行在http://localhost:233 上了

为了测试SQLInjection，需要连接数据库。这里使用mysql，先执行下面的语句创建数据库和表

create database goseccode;
create table user(
	id int,
	username varchar(40),
	password varchar(40),
);
insert into user values(1,"admin","admin@123");
insert into user values(2,"test","test@123");

然后找到sqlinjection.go，修改source变量的值

source := "username:password@tcp(127.0.0.1:3306)/goseccode"

即可连接数据库

Name		Name	Last commit message	Last commit date
Latest commit History 1 Commit
.idea		.idea
bee		bee
cmd/taint		cmd/taint
conf		conf
controllers		controllers
models		models
routers		routers
static		static
utils		utils
views		views
.DS_Store		.DS_Store
.gitignore		.gitignore
README.md		README.md
favicon.ico		favicon.ico
go-sec-code.png		go-sec-code.png
go.mod		go.mod
go.sum		go.sum
main.go		main.go

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

GoSecCode For Codeql

原靶场介绍

Install

About

Releases

Packages

Languages

Lya0/GoSecCode-codeql

Folders and files

Latest commit

History

Repository files navigation

GoSecCode For Codeql

原靶场介绍

Install

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages