Edited
Sep 9, 2025 12:41 AM
Tags
pwnctfprogrammingweb
Intro
I decided to get back into more hardcore security research, and try to augment it with AI. After some research, I think learning CodeQL and then enhancing it with AI support might yield good results. Thus, this post will go over my learning process for it. These are just notes, and might not make sense, so feel free to reach out to me if you have questions that I might be able to answer.
Test Case
func UploadEnigma(c *fiber.Ctx) error {
user := c.Locals("user")
if user == nil {
return utils.ErrorResponse(c, "User not found", http.StatusForbidden)
}
userStruct, ok := user.(User)
if !ok {
return c.SendStatus(http.StatusInternalServerError)
}
file, err := c.FormFile("archive")
if err != nil {
return err
}
filename := uuid.New().String() + filepath.Ext(file.Filename)
tempFile := filepath.Join("./uploads", filename)
if err := c.SaveFile(file, filepath.Join("./uploads", filename)); err != nil {
return utils.ErrorResponse(c, "Error saving file", http.StatusInternalServerError)
}
userFolder := filepath.Join("./files", userStruct.Username)
if _, err := os.Stat(userFolder); os.IsNotExist(err) {
if err := os.MkdirAll(userFolder, 0755); err != nil {
log.Fatal(err)
}
}
err = archiver.Unarchive(tempFile, userFolder)
if err != nil {
return err
}
return utils.MessageResponse(c, "Archive uploaded and extracted successfully", http.StatusAccepted)
}package services
import (
"Desires/utils"
"bytes"
"crypto/sha256"
"encoding/json"
"fmt"
"log"
"net/http"
"os"
"path/filepath"
"strconv"
"strings"
"time"
"github.com/google/uuid"
"github.com/gofiber/fiber/v2"
"github.com/mholt/archiver/v3"
)import go
from Function f
select f, f.getQualifiedNamed()
graph TD
A["Input: c *fiber.Ctx"] --> B["c.FormFile('archive')"]
B --> C["file, err := c.FormFile('archive')"]
C --> D["c.SaveFile(file, filepath.Join('./uploads', filename))"]