This post explores how to write and query for specific library methods using CodeQL, the difference between data flow analysis and taint flow analysis, and how CodeQL can help with security research in codebases.
•27m read time• From github.blog
Table of contents
Querying for specific library methodsTaint analysis in CodeQL—taint trackingNew taint tracking APIVariant analysisSource and sink models in CodeQLSecurity research methodology with CodeQL—approaching a new targetMulti-repository variant analysis (MRVA)Community research with CodeQLReach out!Sort: