Skip to content

Commit 655a66e

Browse files
ahpaleusahpaleus
authored
Merge pull request #47 from trailofbits/codeql-update
Update CodeQL chapter
2 parents c291725 + b677072 commit 655a66e

File tree

2 files changed

+14
-0
lines changed

2 files changed

+14
-0
lines changed

content/docs/static-analysis/codeql/10-advanced.md

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -201,6 +201,16 @@ version.)
201201

202202
## Writing custom queries
203203

204+
{{< hint info >}}
205+
To write custom CodeQL queries, you need access to the standard libraries and queries. We recommend using the starter workspace.
206+
207+
1. Clone the [vscode-codeql-starter](https://github.com/github/vscode-codeql-starter.git) repository to your computer:
208+
`git clone --recursive https://github.com/github/vscode-codeql-starter.git`
209+
2. In VSCode, click **File** -> **Open Workspace from File** and open the
210+
`vscode-codeql-starter.code-workspace` file from the `vscode-codeql-starter` repository
211+
212+
{{< /hint >}}
213+
204214
QL is a declarative language and CodeQL queries are expressed using an SQL-like
205215
syntax on the following form:
206216

content/docs/static-analysis/codeql/99-resources.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,7 @@ weight: 99
1717

1818
### Learning resources for CodeQL
1919

20+
- [CodeQL zero to hero part 1: The fundamentals of static analysis for vulnerability research](https://github.blog/2023-03-31-codeql-zero-to-hero-part-1-the-fundamentals-of-static-analysis-for-vulnerability-research/)
2021
- [QL language tutorials](https://codeql.github.com/docs/writing-codeql-queries/ql-tutorials/)
2122
- [GitHub Security Lab CodeQL CTFs](https://securitylab.github.com/ctf/)
2223

@@ -25,6 +26,9 @@ weight: 99
2526
- [Practical introduction to CodeQL](https://jorgectf.github.io/blog/post/practical-codeql-introduction/)
2627
- [Security code reviewing with CodeQL](https://web.archive.org/web/20240529182656/https://remcovermeulen.com/posts/security-code-reviewing-with-codeql/)
2728
- [Sharing security expertise through CodeQL packs (Part I)](https://github.blog/2022-04-19-sharing-security-expertise-through-codeql-packs-part-i/)
29+
- :cinema: [Finding Security Vulnerabilities in C/C++ with CodeQL](https://www.youtube.com/watch?v=eAjecQrfv3o)
30+
- :cinema: [Finding Security Vulnerabilities in JavaScript with CodeQL](https://www.youtube.com/watch?v=pYzfGaLTqC0)
31+
- :cinema: [Finding Security Vulnerabilities in Java with CodeQL](https://www.youtube.com/watch?v=nvCd0Ee4FgE)
2832

2933
### Using CodeQL for vulnerability discovery
3034

0 commit comments

Comments
 (0)