CodeQL with Alvaro Munoz

In this episode of Hacker Talk:

One of the most powerful newer static analysis tool is CodeQL.

By converting your code base into a Codeql database, you can now write

queries in a read-only way, in order to find security vulnerabilities

and problems in you Code-base.

We wanted to know more about this declarative language called "CodeQL".

Straight from Github's Security Lab, we are joined by Alvaro Munoz!

Alvaro, is a Security Researcher, Leads a team of researchers that leverage Codeql to find and model vulnerabilities at Github, with a background in research related to finding remote code execution bugs through deserialization.

Tune in as we get to hear the ins and out of CodeQL, how to get started, when Codeql was used to find a vulnerability in a public Covid-19 system, how to find vulnerabilities with Codeql and a lot more!

Topics covered:

Learning to thing outsite the box by playing Capture the flag

CodeQL declarative languages

Static code analysis

Getting a broad view of the source code

Writing queries with CodeQL to find vulnerabilities

Modeling vulnerabilities with CodeQL

The learning curve of CodeQL

Quering github repositories for vulnerabilities

Write codeql for a large amount of repositories with lgtm(use it goes before it goes EOL)

Linters vs codeql

CodeQL integrated with continuous integration pipelines

Get started with Codeql

Submit your codeql queries to Github Security Lab's Bug bounty

Best practices for writing queries

Thinking of the code as a database with codeql

Finding vulnerabilities in Covid-19 systems

Best pratices for CodeQL

Reduce false possitives

CodeQL with nvim(neovim)

Improving vim by creating a more interactive development enviroment alternative, "neovim".

LSP integration with neovim.

CodeQL with Emacs

Remote code execution bugs found with CodeQL.

Bugs found in Radar Covid App

Patterns leading to remote code execution

Auditing javascript frameworks

CodeQL vs other static analysis tools

Capture the flag codeql challanges

The future of CodeQL

External links:

https://lgtm.com/

https://github.com/pwntester

https://neovim.io/

https://en.wikipedia.org/wiki/Language_Server_Protocol

https://en.wikipedia.org/wiki/Semgrep

Covid 19 tracing app

- https://securitylab.github.com/research/securing-the-fight-against-covid19-through-oss/

- https://threatpost.com/german-covid-19-contact-tracing-vulnerability-rce/161419/

Github Security Lab web site: https://securitylab.github.com/

Join Github Security Lab Slack Channel:

https://join.slack.com/t/ghsecuritylab/shared_invite/zt-120w4vby8-_O9u9k2hPfgbju1tddBPcg

https://twitter.com/pwntester

Bounty program: https://securitylab.github.com/bounties/

https://codeql.github.com/

https://codeql.github.com/docs/codeql-overview/

http://www.pwntester.com/

https://en.wikipedia.org/wiki/Abstract_syntax_tree

https://en.wikipedia.org/wiki/Control_flow_analysis

https://github.com/github/codeql-learninglab-actions

https://github.com/anticomputer/emacs-codeql/

Special thanks too:

We want to give a huge thanks to Github's Security Lab Team for making this episode a reality!