Scribd
Upload
45 views15 pages

Codeql

CodeQL is a tool for analyzing source code by generating a database representation that can be queried for vulnerabilities. It supports languages like JavaScript, Python, C/C++, C#, Java, and Go, but not PHP. Users can develop custom queries and generate code scanning alerts for GitHub integration.

Uploaded by

Thành
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
45 views15 pages

Codeql

CodeQL is a tool for analyzing source code by generating a database representation that can be queried for vulnerabilities. It supports languages like JavaScript, Python, C/C++, C#, Java, and Go, but not PHP. Users can develop custom queries and generate code scanning alerts for GitHub integration.

Uploaded by

Thành
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 15

What is CodeQL

and use codeQL for


what?
What is
CodeQL?
- CodeQL is a tool that used to analyze source
code
- It is generate a database representation for a
source code and query it interactively or run a
suite of queries to generate a set of result in sarif
format
- CodeQL CLI can analyze: JS, Python, C/C++, C#,
Java, Go but not PHP :> “ao kinh”
Can we Use CodeQL for
what?
- Develop and test custom CodeQL queries to use
in your own analyses to find vulnerabilities

- Generate code scanning alerts that you can


upload to github
Basic
Concepts
Source, Sink and Data Flow?
Source, Sink and Flow?
String name = location.hash(“#”)
Document.getElementById(“thanh”).in
nerHTML= ‘<h1>“Hello” + name + “!”’
How does this
work?
How does this work?
How to use
codeQL to find
vuln?
How to use codeQL to find
vuln?
How to use codeQL to find
vuln?
Video demo for
use codeQL to
find vuln

You might also like