🚩
Practical CTF
BlogContact
  • 🚩Home - Practical CTF
  • 🌐Web
    • Enumeration
      • Finding Hosts & Domains
      • Masscan
      • Nmap
      • OSINT
    • Client-Side
      • Cross-Site Scripting (XSS)
        • HTML Injection
        • Content-Security-Policy (CSP)
      • CSS Injection
      • Cross-Site Request Forgery (CSRF)
      • XS-Leaks
      • Window Popup Tricks
      • Header / CRLF Injection
      • WebSockets
      • Caching
    • Server-Side
      • SQL Injection
      • NoSQL Injection
      • GraphQL
      • XML External Entities (XXE)
      • HTTP Request Smuggling
      • Local File Disclosure
      • Arbitrary File Write
      • Reverse Proxies
    • Frameworks
      • Flask
      • Ruby on Rails
      • NodeJS
      • Bun
      • WordPress
      • Angular
    • Chrome Remote DevTools
    • ImageMagick
  • 🔣Cryptography
    • Encodings
    • Ciphers
    • Custom Ciphers
      • Z3 Solver
    • XOR
    • Asymmetric Encryption
      • RSA
      • Diffie-Hellman
      • PGP / GPG
    • AES
    • Hashing
      • Cracking Hashes
      • Cracking Signatures
    • Pseudo-Random Number Generators (PRNG)
    • Timing Attacks
    • Blockchain
      • Smart Contracts
      • Bitcoin addresses
  • 🔎Forensics
    • Wireshark
    • File Formats
    • Archives
    • Memory Dumps (Volatility)
    • VBA Macros
    • Grep
    • Git
    • File Recovery
  • ⚙️Reverse Engineering
    • Ghidra
    • Angr Solver
    • Reversing C# - .NET / Unity
    • PowerShell
  • 📟Binary Exploitation
    • ir0nstone's Binary Exploitation Notes
    • Reverse Engineering for Pwn
    • PwnTools
    • ret2win
    • ret2libc
    • Shellcode
    • Stack Canaries
    • Return-Oriented Programming (ROP)
      • SigReturn-Oriented Programming (SROP)
      • ret2dlresolve
    • Sandboxes (chroot, seccomp & namespaces)
    • Race Conditions
  • 📲Mobile
    • Setup
    • Reversing APKs
    • Patching APKs
    • HTTP(S) Proxy for Android
    • Android Backup
    • Compiling C for Android
    • iOS
  • 🌎Languages
    • PHP
    • Python
    • JavaScript
      • Prototype Pollution
      • postMessage Exploitation
    • Java
    • C#
    • Assembly
    • Markdown
    • LaTeX
    • JSON
    • YAML
    • CodeQL
    • NASL (Nessus Plugins)
    • Regular Expressions (RegEx)
  • 🤖Networking
    • Modbus - TCP/502
    • Redis/Valkey - TCP/6379
  • 🐧Linux
    • Shells
    • Bash
    • Linux Privilege Escalation
      • Enumeration
      • Networking
      • Command Triggers
      • Command Exploitation
      • Outdated Versions
      • Network File Sharing (NFS)
      • Docker
      • Filesystem Permissions
    • Analyzing Processes
  • 🪟Windows
    • The Hacker Recipes - AD
    • Scanning/Spraying
    • Exploitation
    • Local Enumeration
    • Local Privilege Escalation
    • Windows Authentication
      • Kerberos
      • NTLM
    • Lateral Movement
    • Active Directory Privilege Escalation
    • Persistence
    • Antivirus Evasion
    • Metasploit
    • Alternate Data Streams (ADS)
  • ☁️Cloud
    • Kubernetes
    • Microsoft Azure
  • ❔Other
    • Business Logic Errors
    • Password Managers
    • ANSI Escape Codes
    • WSL Tips
Powered by GitBook
On this page
  • Setup
  • Creating a database
  • Analyzing a database
  1. Languages

CodeQL

A query language for repositories of code

PreviousYAMLNextNASL (Nessus Plugins)

Last updated 1 month ago

Setup

Follow the Getting Started documentation to install the precompiled binary:

Example
codeql pack download codeql/python-queries

Creating a database

Create a database with the following command, inside the root folder of the project you are trying to analyze. <database> will be the output directory, and <language-identifier> is one of the supported languages that the project is written in.

codeql database create <database> --language=<language-identifier>
Example
codeql database create .codeql --language=python

Tip: For some compiled languages like java, the autobuilder may not be able to build your source code to index it. You can choose for --build-mode=none to disable building the project and just look at the source files.

Analyzing a database

When you have created a database, use the analyze command to run queries on a database. <format> can be one of the possible multiple formats, like csv or sarif-latest.

codeql database analyze <database> --format=<format> --output <output-file>
Example
codeql database analyze .codeql --format=sarif-latest --output codeql.sarif

On the releases page, you should download the "CodeQL Bundle" from any of the assets, likely .

In case you need more queries for different languages not already included in the bundle, try downloading a per language:

You can view a CSV file with any spreadsheet program, but the most useful format is . To view the findings and locations in the code you can use the .

🌎
codeql-bundle-linux64.tar.gz
precompiled pack of queries
.sarif
Sarif Viewer VSCode extension
Getting started with the CodeQL CLI - GitHub DocsGitHub Docs
Getting Started with installing the CodeQL CLI and some other useful tools
Creating CodeQL databases - GitHub DocsGitHub Docs
Create a CodeQL database from a repository to analyze later with queries
Analyzing databases with the CodeQL CLI - GitHub DocsGitHub Docs
Use queries to analyze a CodeQL database
https://marketplace.visualstudio.com/items?itemName=MS-SarifVSCode.sarif-viewermarketplace.visualstudio.com
Download SARIF Viewer extension by Microsoft DevLabs
Logo
Logo
Logo