Recent Posts
CodeQL in VSCode - solving a common problem
CodeQL, GitHub’s SAST engine, has a great VSCode extension to help you write queries.
One of the most common problems using it is that the extension can’t find the CodeQL libraries.
Solving this is pretty easy, but sometimes I forget what the problem is (as I did last night), so I’m dropping the error message here with the solution.
The error The error you’ll see is something like this (where I’ve replaced the real user path with ~ for this example):
read more
Partial Flow in CodeQL With ConfigSig
ℹ️ Edited 2024-01-11 to add a note about FlowExploration being deprecated in favour of FlowExplorationFwd and FlowExplorationRev, and to link to the CodeQL docs on partial flow
CodeQL is an ever-evolving static code analysis engine, which powers GitHub’s SAST.
It’s powerful, but it’s not perfect, and sometimes you need to debug queries to understand why they’re not behaving as you’d expect.
One great tool for that is “partial paths”, which lets you see the dataflow or taint steps that a query is flowing over, so you can see where the flow might have broken between a source and a sink.
read more
I wrote a Python Linting Code Scanning Action
A GitHub Action to lint Python code, for GitHub Code Scanning Recently I ran a training “bootcamp” for a customer on GitHub Advanced Security, and the topic of code quality came up.
Pinning down just what we mean by “code quality” can be a bit tricky: witness the debates over Uncle Bob’s work on “clean code”. It’s fair to say that it’s often about other factors of the code than the security of the code, which is the main focus of Advanced Security (the clue is in the name).
read more