Awesome
GitHub Security Lab
This is the main git repository of GitHub Security Lab. We use it for these main purposes:
- We share with our community some best practices about security research and vulnerability disclosures in our docs
- We use issues on this repo to track CodeQL bounty requests.
- We use it for publishing some of our proof-of-concept exploits (after the vulnerability has been fixed). These PoCs can be found in the SecurityExploits sub-directory.
- Examples of CodeQL queries, which can be found in the CodeQL_Queries sub-directory.
CodeQL Resources
This section is yours! Do you want to share a cool CodeQL query with the community? Or an awesome tutorial or video, or some helpful tooling? Your contributions are welcome. Please open a pull request. See Contributing below.
Official resources
Example queries
- Java
- C/C++
- Apple XNU icmp_error CVE-2018-4407
- Facebook Fizz integer overflow vulnerability (CVE-2019-3560)
- Eating error codes in libssh2
- Itergator - Library and queries for iterator invalidation (blog post)
- Javascript
- C#
- GitHub Actions:
Articles
Videos
- Conference talks/workshops:
- CodeQL demos from the Semmle days (short Youtube videos):
Tools
- Editor plugins
- Visual Studio Code (Official)
- Neovim
- Emacs
- Code generation
Disclaimer
The recommendations from the GitHub Security Lab are provided graciously and it's ultimately the responsibility of the recipients to apply them or not. This concerns recommendations given through our written or audio content, our conferences, our answers in our community spaces, or our informal office hours.
Contributing
We welcome contributions to the CodeQL_Queries sub-directory and to the CodeQL Resources section of this README.
If you have written a cool CodeQL query that you would like to share with the community, then please open a pull request to add it to the CodeQL_Queries sub-directory. Put your query in its own new sub-directory. For example: CodeQL_Queries/cpp/mynewsubdir/mycoolquery.ql
. Of course, if you think your query might be eligible for a bounty, then you should open a pull request to the codeql repo instead, as we do not offer bounties for queries submitted to this repo. The queries in this repo are usually highly specialized queries that only make sense for a specific codebase, such as queries that specifically target Chrome or Apache Struts, or utility queries that help you explore your code without necessarily finding a vulnerability. Such queries are inappropriate for the codeql repo, which is for general purpose queries only.
If you would like to add a link to the CodeQL Resources section of this README, to share a nice video or an awesome tool, then just add another bullet point in the appropriate section.
- Each bullet point should consist of a hyperlinked title and a short description. The short description is optional if the title is already self-explanatory.
- Please add new bullet points at the bottom of the list. In the future, we may choose some other ordering such as alphabetical but for now it is just a sequential list.
Please see CONTRIBUTING.md, CODE_OF_CONDUCT.md, and LICENSE.md for further information on our contributing guidelines and license.