Dependencies:
- Docker
- Visual Studio Code + Remote - Container extension
In the first example use case we will use an already available database.
- Clone this repository -
git clone https://github.com/rvermeulen/codeql-development-container code-and-chill - Open the repository in Visual Studio Code -
code code-and-chill(This assumes you installed thecodecommand) - With the Remote Container extension installed, Visual Studio Code will detect the dev container configuration and ask to
Reopen in Container.
With the project now running in the dev container we are ready to start the CTF.
- Head over to https://securitylab.github.com/ctf/codeql-and-chill.
- In the Setup instructions section you can find the link to the database. Download the database and move it into the existing database folder.
- In Visual Studio Code start a new Terminal. You will see a prompt similar to
codeql@98bf68344db6:/workspaces/code-and-chill$ - Change the directory to
databasesand unzip the databaseunzip titus-control-plane-db.zip - Now activate the database by performing a
right clickon thetitus-control-plane-dbsubfolder in the Visual Code Explorer and click on the menu itemCodeQL: Set current database
With an active database we are ready to query the database.
- Add a folder
queriesto the project via the Visual Studio Code Explorer. - Copy the
qlpack.ymlfrom thejavasubfolder residing in theexamplesfolder to thequeriesfolder. - Create a new file
solution.qlin thequeriesfolder.
To test the setup you can run the following query. It should return 6 results.
import java
from ParameterizedType pt, ClassOrInterface c
where pt.getGenericType().hasName("ConstraintValidator") and
c.extendsOrImplements(pt)
select c