I-GitHub ivuliwe ezinsukwini ezimbalwa ezedlule ukungezwa kwe ukuhlolwa kwesistimu yokufunda komshinil kusevisi yokuskena ikhodi ukukhomba izinhlobo ezivamile zobuthakathaka Ekhodini. Ngalokhu, ubuchwepheshe bokuhlaziya ikhodi obusekelwe ku-CodeQL ye-GitHub buvuselelwe kabusha futhi manje busebenzisa ukufunda ngomshini (ML) ukuze kutholwe ubungozi bokuphepha obungaba khona ngekhodi.
Futhi leyo GitHub uthole ubuchwepheshe be-CodeQL njengengxenye yokutholwa kukaSemmie. I-CodeQL isetshenziswa amaqembu ocwaningo lwezokuphepha ukwenza ukuhlaziya kwekhodi ye-semantic, futhi i-GitHub iyenze yaba umthombo ovulekile.
Ngalawa mamodeli, i-CodeQL ingakwazi ukuhlonza ukusakazwa kwedatha yabasebenzisi abaningi abangathembekile ngakho-ke kungaba sengozini enkulu yokuphepha.
Kuqashelwa ukuthi ukusetshenziswa kwesistimu yokufunda yomshini kwenze kwaba nokwenzeka ukunweba ngokuphawulekayo ububanzi bezinkinga ezikhonjiwe, ekuhlaziyweni kwazo isistimu manje ayikhawulelwe ekuqinisekiseni amaphethini ajwayelekile futhi ayiboshelwe kuzinhlaka ezaziwayo.
Ezinkingeni ezikhonjwe uhlelo olusha, amaphutha aholela ekubhalweni kwe-cross-site (XSS), ukuhlanekezelwa kwezindlela zamafayela (isibonelo, ngenkomba ethi "/.."), ukufakwa esikhundleni semibuzo ye-SQL kanye ne-NoSQL. .
Ukuskena ikhodi manje kungathola ubungozi obuningi bokuvikeleka obunamandla ngokusebenzisa imodeli entsha yokufunda ejulile. Lesi sici sokuhlola siyatholakala ku-beta yomphakathi yamakhosombe e-JavaScript kanye ne-TypeScript ku-GitHub.com.
Ithuluzi elisha le-GitHub fue ikhishwe njenge-beta yomphakathi yamahhala Kubo bonke abasebenzisi, isici sisebenzisa ukufunda komshini nokufunda okujulile ukuskena izisekelo zekhodi nokuhlonza ubungozi obuvamile bokuphepha ngaphambi kokuba umkhiqizo uthunyelwe.
Isici sokuhlola okwamanje sitholakala kubo bonke abasebenzisi benkundla, okuhlanganisa abasebenzisi be-GitHub Enterprise njenge-GitHub Advanced Security Feature, futhi singasetshenziselwa amaphrojekthi abhalwe ku-JavaScript noma ku-TypeScript.
Ngokuthuthuka okusheshayo kwe-ecosystem yomthombo ovulekile, kunomsila omude okhula njalo wemitapo yolwazi osetshenziswa kancane. Sisebenzisa izibonelo ezivela emibuzweni ye-CodeQL edalwe mathupha ukuze siqeqeshe amamodeli okufunda ajulile ukuze sibone amalabhulali emithombo evulekile kanye namalabhulali emithombo evaliwe ethuthukiswe ngaphakathi.
Ithuluzi yakhelwe ukubheka ubungozi obune obuvame kakhulu ezithinta amaphrojekthi abhalwe ngalezi zilimi ezimbili: cross-site scripting (XSS), umjovo womzila, umjovo we-NoSQL kanye nomjovo we-SQL.
Isevisi yokuskena amakhodi ikuvumela ukuthi uthole ubungozi kusenesikhathi sokuthuthuka ngokuskena ukusebenza kwe-git push ngakunye ngezinkinga ezingaba khona.
Umphumela unamathiselwe ngqo kwisicelo sokudonsa. Ngaphambilini, ukuhlola kwenziwa kusetshenziswa injini ye-CodeQL, ehlaziya amaphethini ngezibonelo ezijwayelekile zekhodi esengozini (I-CodeQL ikuvumela ukuthi ukhiqize isifanekiso sekhodi esengozini ukuze uthole ukuba sengozini okufanayo kukhodi yeminye imiklamo).
Ngamakhono amasha okuhlaziya, I-Code Scanning ingakwazi ukukhiqiza izexwayiso ezengeziwe zamaphethini amane avamile okuba sengozini: I-Cross-Site Scripting (XSS), I-Path Injection, i-NoSQL Injection, kanye ne-SQL Injection. Ndawonye, lezi zinhlobo ezine zobungozi zimelela ubungozi obuningi bakamuva (ama-CVE) ku-ecosystem ye-JavaScript/TypeScript, futhi ukuthuthukisa ikhono lokuskena ikhodi ukuze kutholwe ubungozi obunjalo ekuqaleni kwenqubo yokuthuthukisa kuwukhiye ekusizeni onjiniyela babhale ikhodi evikeleke kakhulu.
Injini entsha yokufunda yomshini ingakhomba ubungozi obungaziwa ngaphambilini ngoba ayiboshelwe ekuphindaphindweni kwamaphethini ekhodi achaza ubungozi obuthile. Intengo yalelo thuba iwukukhuphuka kwenani lemibono engamanga uma kuqhathaniswa namasheke asekelwe ku-CodeQL.
Okokugcina kulabo abanentshisekelo yokwazi kabanzi ngalo, ungabheka imininingwane Kulesi sixhumanisi esilandelayo.
Futhi kubalulekile ukusho ukuthi esigabeni sokuhlola, ukusebenza okusha okwamanje kutholakala kuphela kumakhosombe ane-JavaScript kanye nekhodi ye-TypeScript.