Additional Resources #

Publications #

Trail of Bits blog posts on CodeQL #

• Look out! Divergent representations are everywhere!
• Finding unhandled errors using CodeQL
• Detecting iterator invalidation with CodeQL

Learning resources for CodeQL #

• CodeQL zero to hero part 1: The fundamentals of static analysis for vulnerability research
• QL language tutorials
• GitHub Security Lab CodeQL CTFs

Writing custom CodeQL queries #

• Practical introduction to CodeQL
• Security code reviewing with CodeQL
• Sharing security expertise through CodeQL packs (Part I)
• 🎦 Finding Security Vulnerabilities in C/C++ with CodeQL
• 🎦 Finding Security Vulnerabilities in JavaScript with CodeQL
• 🎦 Finding Security Vulnerabilities in Java with CodeQL

Using CodeQL for vulnerability discovery #

• Clang checkers and CodeQL queries for detecting untrusted pointer derefs and tainted loop conditions
• Vulnerability digging with CodeQL
• Make memcpy safe again: CodeQL

CodeQL in CI/CD #

• Blue-teaming for Exiv2: adding custom CodeQL queries to code scanning
• Best practices on rolling out code scanning at enterprise scale
• Fine tuning CodeQL scans using query filters
• Ignore files in GitHub CodeQL analysis