In this episode of Hacker Talk:
One of the most powerful newer static analysis tool is CodeQL.  
By converting your code base into a Codeql database, you can now write  
queries in a read-only way, in order to find security vulnerabilities   
and problems in you Code-base.

We wanted to know more about this declarative language called "CodeQL".
Straight from Github's Security Lab, we are joined by Alvaro Munoz!  
Alvaro, is a Security Researcher, Leads a team of researchers that leverage Codeql to find and model vulnerabilities at Github, with a background in research related to finding remote code execution bugs through deserialization.  

Tune in as we get to hear the ins and out of CodeQL, how to get started, when Codeql was used to find a vulnerability in a public Covid-19 system, how to find vulnerabilities with Codeql and a lot more!



Topics covered:
Learning to thing outsite the box by playing Capture the flag
CodeQL declarative languages 
Static code analysis
Getting a broad view of the source code
Writing queries with CodeQL to find vulnerabilities   
Modeling vulnerabilities with CodeQL
The learning curve of CodeQL
Quering github repositories for vulnerabilities

Write codeql for a large amount of repositories with lgtm(use it goes before it goes EOL)
Linters vs codeql
CodeQL integrated with continuous integration pipelines
Get started with Codeql
Submit your codeql queries to Github Security Lab's Bug bounty
Best practices for writing queries    
Thinking of the code as a database with codeql
Finding vulnerabilities in Covid-19 systems
Best pratices for CodeQL 
Reduce false possitives 
CodeQL with nvim(neovim)    
Improving vim by creating a more interactive development enviroment alternative, "neovim".
LSP integration with neovim.  
CodeQL with Emacs
Remote code execution bugs found with CodeQL.  
Bugs found in Radar Covid App
Patterns leading to remote code execution   
Auditing javascript frameworks
CodeQL vs other static analysis tools
Capture the flag codeql challanges
The future of CodeQL


External links:
https://lgtm.com/  
https://github.com/pwntester  
https://neovim.io/
https://en.wikipedia.org/wiki/Language_Server_Protocol    
https://en.wikipedia.org/wiki/Semgrep

Covid 19 tracing app
- https://securitylab.github.com/research/securing-the-fight-against-covid19-through-oss/
- https://threatpost.com/german-covid-19-contact-tracing-vulnerability-rce/161419/

Github Security Lab web site: https://securitylab.github.com/

Join Github Security Lab Slack Channel: 
https://join.slack.com/t/ghsecuritylab/shared_invite/zt-120w4vby8-_O9u9k2hPfgbju1tddBPcg

https://twitter.com/pwntester
Bounty program: https://securitylab.github.com/bounties/
https://codeql.github.com/
https://codeql.github.com/docs/codeql-overview/  
http://www.pwntester.com/
https://en.wikipedia.org/wiki/Abstract_syntax_tree  
https://en.wikipedia.org/wiki/Control_flow_analysis
https://github.com/github/codeql-learninglab-actions
https://github.com/anticomputer/emacs-codeql/   

Special thanks too:
We want to give a huge thanks to Github's Security Lab Team for making this episode a reality!

Ver todos los episodios