Example app for demo 1 (flask application runs debug mode) and demo 2 (taint tracking usage for xss).
Example app for demo 3 (implementing clickhouse sql injection sink).
Example app for demot 4. Improving taint propogation on cross middlware steps in express app.
- Download VSCode
- Install CodeQL extension
- Download codeql-cli-binaries: https://github.com/github/codeql-cli-binaries/releases
- Get vscode-codeql-started project: https://github.com/github/vscode-codeql-starter
- To build codeql snapshot for python project:
codeql database create -l python /path/to/resulting/codeql-database - To build codeql snapshot for javascript project:
codeql database create -l javascript /path/to/resulting/codeql-database
Queries that were written during the workshop:
1-debug.ql- query search for flask application that runs in debug mode.2-xss.ql- query search for xss vulnerability using taint tracking.3-clickhouse-Customizations.qll- extending standard library, to implement clickhouse_driver sql injection query sink.4-jstaint-Customizations.qll- extending standard library, to improve quality of taint tracking. Adding one more taint propogation step between express middlewares and handlers.4-full-jstaint-Customizations.qll- extending standard library, to improve quality of taint tracking. Adding one more taint propogation step between express middlewares and handlers. Extended example.