CodeQL with Alvaro Munoz

In this episode of Hacker Talk: One of the most powerful newer static analysis tool is CodeQL.   By converting your code base into a Codeql database, you can now write   queries in a read-only way, in order to find security vulnerabilities    and problems in you Code-base. We wanted to know more about this declarative language called "CodeQL". Straight from Github's Security Lab, we are joined by Alvaro Munoz!   Alvaro, is a Security Researcher, Leads a team of researchers that leverage Codeql to find and model vulnerabilities at Github, with a background in research related to finding remote code execution bugs through deserialization.   Tune in as we get to hear the ins and out of CodeQL, how to get started, when Codeql was used to find a vulnerability in a public Covid-19 system, how to find vulnerabilities with Codeql and a lot more! Topics covered: Learning to thing outsite the box by playing Capture the flag CodeQL declarative languages  Static code analysis Getting a broad view of the source code Writing queries with CodeQL to find vulnerabilities    Modeling vulnerabilities with CodeQL The learning curve of CodeQL Quering github repositories for vulnerabilities Write codeql for a large amount of repositories with lgtm(use it goes before it goes EOL) Linters vs codeql CodeQL integrated with continuous integration pipelines Get started with Codeql Submit your codeql queries to Github Security Lab's Bug bounty Best practices for writing queries     Thinking of the code as a database with codeql Finding vulnerabilities in Covid-19 systems Best pratices for CodeQL  Reduce false possitives  CodeQL with nvim(neovim)     Improving vim by creating a more interactive development enviroment alternative, "neovim". LSP integration with neovim.   CodeQL with Emacs Remote code execution bugs found with CodeQL.   Bugs found in Radar Covid App Patterns leading to remote code execution    Auditing javascript frameworks CodeQL vs other static analysis tools Capture the flag codeql challanges The future of CodeQL External links: https://lgtm.com/   https://github.com/pwntester   https://neovim.io/ https://en.wikipedia.org/wiki/Language_Server_Protocol     https://en.wikipedia.org/wiki/Semgrep Covid 19 tracing app - https://securitylab.github.com/research/securing-the-fight-against-covid19-through-oss/ - https://threatpost.com/german-covid-19-contact-tracing-vulnerability-rce/161419/ Github Security Lab web site: https://securitylab.github.com/ Join Github Security Lab Slack Channel:  https://join.slack.com/t/ghsecuritylab/shared_invite/zt-120w4vby8-_O9u9k2hPfgbju1tddBPcg https://twitter.com/pwntester Bounty program: https://securitylab.github.com/bounties/ https://codeql.github.com/ https://codeql.github.com/docs/codeql-overview/   http://www.pwntester.com/ https://en.wikipedia.org/wiki/Abstract_syntax_tree   https://en.wikipedia.org/wiki/Control_flow_analysis https://github.com/github/codeql-learninglab-actions https://github.com/anticomputer/emacs-codeql/    Special thanks too: We want to give a huge thanks to Github's Security Lab Team for making this episode a reality!