I've had my first :github: CodeQL query merged into the experimental section of the official CodeQL rules!

https://lnkd.in/dk_tTiQZ (and a "local" variant, https://lnkd.in/dP88QJwa).

That's query ids java/command-line-injection-extra and java/command-line-injection-extra-local

They spot something the existing :java: command injection query does, but in a way that's more robust to unusual code.

It’s an edge case, but one that was important to a customer.

#CodeQL #SAST #Java #CommandInjection

Microsoft :microsoft: have an open job for a Security Program Manager for Open Source.

“Help us solve open source security challenges at scale, both for the company and the world. If you live at the intersection of open source, software engineering, security, and making things happen, please take a look… [It] is US-based, but…up to 100% remote”

https://jobs.careers.microsoft.com/global/en/job/1575779/Senior-Security-Program-Manager

#jobs #SDLC #AppSec #OpenSource #OpenSSF #Security #CodeQL

About CodeQL — CodeQL https://codeql.github.com/docs/codeql-overview/about-codeql/ #vulnerability #developer #analysis #security #database #variant #codeql #engine #source #check #error #code #data #bug

:github: is looking for #Swift #opensource projects to try out the upcoming Swift support in #GitHub code scanning.

Sign up here:

https://github.com/github/codeql/discussions/12522

You’ll be able to get access to the new CodeQL-powered static source code analysis before it ships to everyone else.

#SwiftLang #IOSdev #SAST #SecureCoding #DevSecOps #CodeQL #BetaTesting #PrivateBeta #MobileDev

:github: is looking for #Swift #opensource projects to try out the upcoming Swift support in #GitHub code scanning.

Sign up here:

https://github.com/github/codeql/discussions/12522

You’ll be able to get access to the new CodeQL-powered static source code analysis before it ships to everyone else.

#SwiftLang #IOSdev #SAST #SecureCoding #DevSecOps #CodeQL #BetaTesting #PrivateBeta #MobileDev

#CodeQL zero to hero part 1: the fundamentals of static analysis for vulnerability research https://github.blog/2023-03-31-codeql-zero-to-hero-part-1-the-fundamentals-of-static-analysis-for-vulnerability-research/

I open sourced a tool to create lists of repos to run GitHub CodeQL’s Multi-Repository Variant Analysis on, using a keyword search on GitHub.

It's a Bash script you can trigger with a VSCode build task. It uses the GitHub API (via the GitHub CLI) to fill a list in the VSCode settings.

It’s a stopgap before this sort of feature makes it into the product.

https://github.com/advanced-security/mrva-code-search

#MRVA #VariantAnalysis #CodeQL #GitHub #VSCode #BuildTask #SAST #VulnerabilityResearch

UPDATED with another tidbit on
@GitHub #CodeQL quality-of-life improvement plans. #github

https://www.techtarget.com/searchsoftwarequality/news/365532412/GitHub-SBOM-updates-build-automation-foundation

You can now run a single static analysis query across thousands of repos on GitHub using CodeQL's MRVA (Multi-repo Variant Analysis).

That's great both for security research and rapidly auditing exposure to a single vuln or weakness for security teams.

It works from the CodeQL extension for VSCode, with open source public repos & private repos where CodeQL Code Scanning is enabled.

https://github.blog/2023-03-09-multi-repository-variant-analysis-a-powerful-new-way-to-perform-security-research-across-github/

#GitHub #SecurityResearch #VulnerabilityResearch #CodeQL #VariantAnalysis #MRVA #SAST

🤯

#ChatGPT can generate a (roughly) equivalent #CodeQL rule for a given #Semgrep rule. That's NUTS!

Simultaneously loving and hating #CodeQL . Just as I'm starting to get the hang of #github, github goes and does a #holdmybeer on me. Great tool, just steep learning curve getting it working with manually built binaries.

Turns out #GitHub does not support #rustlang in its #CodeQL #security and analysis tool yet. 🦀

In case a data flow is broken 💔 between the src & the sink, please consider debugging the #CodeQL query using partial paths. A very high ROI article by @geekmasher https://geekmasher.dev/sast/codeql/22-12-10--codeql-partical-paths/?utm_source=pocket_mylist

CodeQL path graphs are a useful aid in program understanding. In the following blog I discuss how they work and how you can create your own. https://mechanicalsympathy.nl/posts/codeql-path-graphs/ #codeql #securityresearch #codereview

https://blog.doyensec.com//2022/10/06/semgrep-codeql.html
#CodeQL This blog post from October 2022 compares opensource Semgrep https://github.com/returntocorp/semgrep with CodeQL https://codeql.github.com/

It's now easier to get set up with CodeQL code security analysis on GitHub :github: (which is free for public repos).

For Python :python:, JavaScript :javascript:, TypeScript :typescript: and Ruby :ruby: there's now a quick "default setup" that gets you started without creating an Actions workflow file.

https://www.bleepingcomputer.com/news/security/github-makes-it-easier-to-scan-your-code-for-vulnerabilities/

#GitHub #SAST #CodeQL #Python #JavaScript #Ruby

(Posting this as a reminder to self) #CodeQL looks like a fun project to follow along with on my next off-day https://frycos.github.io/vulns4free/2022/12/02/rce-in-20-minutes.html
An article from the Frycos security diary using CodeQL to look at pgAdmin which apparently can be run in a server mode.

Another fun #vulnerability #research writeup by @frycos

Pre-Auth RCE with #CodeQL in Under 20 Minutes

https://frycos.github.io/vulns4free/2022/12/02/rce-in-20-minutes.html

I wrote a blogpost on how you can benefit from using CodeQL during a security code review and how CodeQL can benefit from the things you learn. Let me know what you think.

https://mechanicalsympathy.nl/posts/security-code-reviewing-with-codeql/

#applicationsecurity #codeql #codereview

Using CodeQL to do security audit on Nodejs + GraphQL project by @LiveOverflow

▶️ CodeQL, Code analysis engine developed by GitHub to automate security checks

https://youtu.be/VrF1RwnJzBk

#codeql #appsec #websec #infosec