Learn to use CodeQL, a query language that helps find bugs in source code. Find 9 remote code execution vulnerabilities in the open-source project Das U-Boot, and join the growing community of security researchers using CodeQL.
Start free course Join 2605 others!
Quickly learn CodeQL, an expressive language for code analysis, which helps you explore source code to find bugs and vulnerabilities. During this beginner-level course, you will learn to write queries in CodeQL and find critical security vulnerabilities that were identified in Das U-Boot, a popular open-source project.
Upon completion of the course, you'll be able to:
You will walk in the steps of our security researchers, and create:
See what you will cover in the course, and where to find documentation and help.
Set up your IDE for CodeQL development.
Run a CodeQL query. Learn how to submit your work for checking during this course.
Learn the basic structure of a CodeQL query. Modify a query to find the definition of a particular function.
See how source code is represented in the classes and predicates of the CodeQL standard library. Find the definitions of particular macros.
Declare multiple variables to represent different source code elements and learn how to describe relationships between them. Find calls to functions named memcpy
.
Declare multiple variables to represent different source code elements and learn how to describe relationships between them. Find invocations of macros named ntoh*
.
Learn how to change which source code element is identified by your query. Find the expressions that correspond to macro invocations.
Learn how to declare temporary variables with the exists
keyword. Write your own CodeQL class to represent a set of interesting source code elements.
Learn how to use CodeQL to track the flow of tainted data through a program. Write a taint tracking query that find 9 RCE vulnerabilities!
1384 minutes
All public courses on Learning Lab are free.
Design Thinking is a human-centric approach to creating solutions. This course will teach you the...
Learn the basics of Ruby. Make a hello world program, then include if/else statements
Learn about the principles of continuous integration with GitHub and Travis CI.
Learn new skills by completing fun, realistic projects in your very own GitHub repository.