Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update CodeQL chapter #47

Merged
merged 5 commits into from
Sep 18, 2024
Merged

Update CodeQL chapter #47

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
3458398
Update CodeQL additional resources
ahpaleus Jun 21, 2024
2138be2
Update 10-advanced.md
ahpaleus Jun 21, 2024
66ce0c9
lints
ahpaleus Jun 21, 2024
ebc82d8
lint
ahpaleus Jun 21, 2024
b677072
Update 10-advanced.md
ahpaleus Jun 21, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions content/docs/static-analysis/codeql/10-advanced.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -201,6 +201,16 @@ version.)

## Writing custom queries

{{< hint info >}}
To write custom CodeQL queries, you need access to the standard libraries and queries. We recommend using the starter workspace.

1. Clone the [vscode-codeql-starter](https://github.com/github/vscode-codeql-starter.git) repository to your computer:
`git clone --recursive https://github.com/github/vscode-codeql-starter.git`
2. In VSCode, click **File** -> **Open Workspace from File** and open the
`vscode-codeql-starter.code-workspace` file from the `vscode-codeql-starter` repository

{{< /hint >}}

QL is a declarative language and CodeQL queries are expressed using an SQL-like
syntax on the following form:

Expand Down
4 changes: 4 additions & 0 deletions content/docs/static-analysis/codeql/99-resources.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ weight: 99

### Learning resources for CodeQL

- [CodeQL zero to hero part 1: The fundamentals of static analysis for vulnerability research](https://github.blog/2023-03-31-codeql-zero-to-hero-part-1-the-fundamentals-of-static-analysis-for-vulnerability-research/)
- [QL language tutorials](https://codeql.github.com/docs/writing-codeql-queries/ql-tutorials/)
- [GitHub Security Lab CodeQL CTFs](https://securitylab.github.com/ctf/)

Expand All @@ -25,6 +26,9 @@ weight: 99
- [Practical introduction to CodeQL](https://jorgectf.github.io/blog/post/practical-codeql-introduction/)
- [Security code reviewing with CodeQL](https://mechanicalsympathy.nl/posts/security-code-reviewing-with-codeql/)
- [Sharing security expertise through CodeQL packs (Part I)](https://github.blog/2022-04-19-sharing-security-expertise-through-codeql-packs-part-i/)
- :cinema: [Finding Security Vulnerabilities in C/C++ with CodeQL](https://www.youtube.com/watch?v=eAjecQrfv3o)
- :cinema: [Finding Security Vulnerabilities in JavaScript with CodeQL](https://www.youtube.com/watch?v=pYzfGaLTqC0)
- :cinema: [Finding Security Vulnerabilities in Java with CodeQL](https://www.youtube.com/watch?v=nvCd0Ee4FgE)

### Using CodeQL for vulnerability discovery

Expand Down
Loading