CodeQL for C and C++ΒΆ
Experiment and learn how to write effective and efficient queries for CodeQL databases generated from C and C++ codebases.
- Basic query for C and C++ code: Learn to write and run a simple CodeQL query.
- CodeQL library for C and C++: When analyzing C or C++ code, you can use the large collection of classes in the CodeQL library for C and C++.
- CodeQL CTF: U-Boot Challenge: Follow the steps that members of GitHub Security Lab went through to find 13 CWE vulnerabilities in U-Boot.
- CodeQL CTF: SEGV Hunt: Follow the steps that members of GitHub Security Lab went through to find unsafe uses of
alloca
in the GNU C Library (glibc). - Functions in C and C++: You can use CodeQL to explore functions in C and C++ code.
- Expressions, types, and statements in C and C++: You can use CodeQL to explore expressions, types, and statements in C and C++ code to find, for example, incorrect assignments.
- Conversions and classes in C and C++: You can use the standard CodeQL libraries for C and C++ to detect when the type of an expression is changed.
- Analyzing data flow in C and C++: You can use data flow analysis to track the flow of potentially malicious or insecure data that can cause vulnerabilities in your codebase. For information about converting queries from the legacy workflow, see New dataflow API for CodeQL query writing.
- Refining a query to account for edge cases: You can improve the results generated by a CodeQL query by adding conditions to remove false positive results caused by common edge cases.
- Detecting a potential buffer overflow: You can use CodeQL to detect potential buffer overflows by checking for allocations equal to
strlen
in C and C++. - Using the guards library in C and C++: You can use the CodeQL guards library to identify conditional expressions that control the execution of other parts of a program in C and C++ codebases.
- Using range analysis for C and C++: You can use range analysis to determine the upper or lower bounds on an expression, or whether an expression could potentially over or underflow.
- Hash consing and value numbering: You can use specialized CodeQL libraries to recognize expressions that are syntactically identical or compute the same value at runtime in C and C++ codebases.
- Advanced C/C++ dataflow scenarios: You can track precise data flow in C and C++ codebases by distinguishing between a pointer and its indirection(s).
- Customizing library models for C and C++: You can model frameworks and libraries that your codebase depends on using data extensions and publish them as CodeQL model packs.