Skip to content

Add CodeQL resources to README #280

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
kevinbackhouse merged 1 commit into from
Feb 23, 2021
+40 −5
Merged

Add CodeQL resources to README #280

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
45 changes: 40 additions & 5 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,44 @@
# GitHub Security Lab

## CodeQL Queries
[Security related queries](CodeQL_Queries)
This is the main git repository of [GitHub Security Lab](https://securitylab.github.com/).
We use it for these main purposes:

## Proof of Concepts
[Proof-of-concept exploits (PoCs) for bugs found by the Lab](SecurityExploits/)
* We use [issues on this repo](https://github.com/github/securitylab/issues?q=is%3Aissue+is%3Aopen+label%3A%22All+For+One%22) to track CodeQL [bounty requests](https://securitylab.github.com/bounties).
* We use it for publishing some of our proof-of-concept exploits (after the vulnerability has been fixed). These PoCs can be found in the [SecurityExploits](SecurityExploits) sub-directory.
* Examples of CodeQL queries, which can be found in the [CodeQL_Queries](CodeQL_Queries) sub-directory.

Resources related to [GitHub Security Lab](https://securitylab.github.com).
## CodeQL Resources

### Official resources

* [CodeQL documentation](https://codeql.github.com/docs/)
* [CodeQL GitHub repo](https://github.com/github/codeql)

### Example queries

* Java
* [Apache Struts CVE-2018-11776](CodeQL_Queries/java/Apache_Struts_CVE-2018-11776)
* C/C++
* [Apple XNU icmp_error CVE-2018-4407](CodeQL_Queries/cpp/XNU_icmp_error_CVE-2018-4407)
* [Facebook Fizz integer overflow vulnerability (CVE-2019-3560)](CodeQL_Queries/cpp/Facebook_Fizz_CVE-2019-3560)
* [Eating error codes in libssh2](CodeQL_Queries/cpp/libssh2_eating_error_codes)
* Javascript
* [Etherpad CVE-2018-6835](CodeQL_Queries/javascript/Etherpad_CVE-2018-6835)
* C#
* [C# Zip Slip demo](CodeQL_Queries/csharp/ZipSlip)
* GitHub Actions:
* [pull_request_target with explicit pull request checkout](CodeQL_Queries/actions/pull_request_target.ql)
* [Command injection from user-controlled Actions context](CodeQL_Queries/actions/script_injections.ql)

### Videos

* Conference talks/workshops:
* [Finding security vulnerabilities in JavaScript with CodeQL - GitHub Satellite 2020](https://www.youtube.com/watch?v=pYzfGaLTqC0)
* [Finding security vulnerabilities in Java with CodeQL - GitHub Satellite 2020](https://www.youtube.com/watch?v=nvCd0Ee4FgE)
* [CodeQL as an auditing oracle - POC 2020](https://www.youtube.com/watch?v=XmAEgl8bVhg)
* [mbuf-oflow: Finding Vulnerabilities In iOS/MacOS Networking Code](https://www.youtube.com/watch?v=0EHP2gzwVAY)
* CodeQL demos from the Semmle days (short Youtube videos):
* [PII data leaks: Identifying personal information in logs with CodeQL](https://www.youtube.com/watch?v=hHaOxbyqy44)
* [Vulnerability Hunting: Quest for an Exploit using QL](https://www.youtube.com/watch?v=irrYp3wdtsw)
* [Finding Insecure Deserialization in Java](https://www.youtube.com/watch?v=XsUcSd75K00)
* [Finding integer overflows in Libssh2](https://www.youtube.com/watch?v=czXicfULOfk)