├── 1 ├── challenge-1 │ └── instructions.md ├── challenge-2 │ └── instructions.md └── challenge-3 │ └── instructions.md ├── 2 ├── challenge-1 │ ├── code-injection.py │ ├── command-injection.py │ ├── instructions.md │ ├── sql-injection-flask.py │ └── sql-injection.py ├── challenge-10 │ └── instructions.md ├── challenge-11 │ └── instructions.md ├── challenge-12 │ └── intructions.md ├── challenge-2 │ └── instructions.md ├── challenge-3 │ └── instructions.md ├── challenge-4 │ ├── call.ql │ └── instructions.md ├── challenge-5 │ ├── call-eval.ql │ └── intructions.md ├── challenge-6 │ ├── function.ql │ └── instructions.md ├── challenge-7 │ ├── call-eval-predicate.ql │ └── intructions.md ├── challenge-8 │ └── intructions.md ├── challenge-9 │ ├── function-command-class.ql │ ├── function-command-predicate.ql │ ├── function-command.ql │ └── intructions.md ├── codeql-pack.lock.yml └── codeql-pack.yml ├── 3 ├── 1 │ ├── instructions.md │ └── query.ql ├── 2 │ ├── instructions.md │ └── query.ql ├── 3 │ ├── instructions.md │ └── query.ql ├── 4 │ ├── instructions.md │ └── query.ql ├── 5 │ ├── instructions.md │ └── query.ql ├── 6 │ ├── instructions.md │ └── query.ql ├── 7 │ └── instructions.md ├── 8 │ ├── instructions.md │ └── query.ql ├── 9 │ ├── instructions.md │ └── query.ql ├── 10 │ └── instructions.md ├── 11 │ └── instructions.md ├── codeql-pack.lock.yml └── codeql-pack.yml ├── 4 ├── README.md ├── codeql-pack.lock.yml ├── codeql-pack.yml ├── queries │ ├── 1.ql │ ├── 2.ql │ ├── 3.ql │ ├── 4.ql │ ├── 5.ql │ ├── 6.ql │ └── 7.ql ├── vulnerable-code-snippets-db.zip └── vulnerable-code-snippets │ ├── cmdi-interface-list.py │ ├── cmdi-interface.py │ ├── cmdi-list.py │ └── cmdi.py ├── 5 ├── 1.ql ├── 2.ql ├── 3.ql ├── 4.ql ├── 5.ql ├── 6.ql ├── codeql-pack.lock.yml ├── codeql-pack.yml ├── vulnerable-code-snippets │ ├── README.md │ └── example.py └── zth5-db.zip ├── README.md └── images ├── 4-results.png ├── README.md ├── alert-view.png ├── download-from-github.png ├── specify-github-repo.png └── test-hello-world.png /1/challenge-1/instructions.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/1/challenge-1/instructions.md -------------------------------------------------------------------------------- /1/challenge-2/instructions.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/1/challenge-2/instructions.md -------------------------------------------------------------------------------- /1/challenge-3/instructions.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/1/challenge-3/instructions.md -------------------------------------------------------------------------------- /2/challenge-1/code-injection.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/2/challenge-1/code-injection.py -------------------------------------------------------------------------------- /2/challenge-1/command-injection.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/2/challenge-1/command-injection.py -------------------------------------------------------------------------------- /2/challenge-1/instructions.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/2/challenge-1/instructions.md -------------------------------------------------------------------------------- /2/challenge-1/sql-injection-flask.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/2/challenge-1/sql-injection-flask.py -------------------------------------------------------------------------------- /2/challenge-1/sql-injection.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/2/challenge-1/sql-injection.py -------------------------------------------------------------------------------- /2/challenge-10/instructions.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/2/challenge-10/instructions.md -------------------------------------------------------------------------------- /2/challenge-11/instructions.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/2/challenge-11/instructions.md -------------------------------------------------------------------------------- /2/challenge-12/intructions.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/2/challenge-12/intructions.md -------------------------------------------------------------------------------- /2/challenge-2/instructions.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/2/challenge-2/instructions.md -------------------------------------------------------------------------------- /2/challenge-3/instructions.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/2/challenge-3/instructions.md -------------------------------------------------------------------------------- /2/challenge-4/call.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/2/challenge-4/call.ql -------------------------------------------------------------------------------- /2/challenge-4/instructions.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/2/challenge-4/instructions.md -------------------------------------------------------------------------------- /2/challenge-5/call-eval.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/2/challenge-5/call-eval.ql -------------------------------------------------------------------------------- /2/challenge-5/intructions.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/2/challenge-5/intructions.md -------------------------------------------------------------------------------- /2/challenge-6/function.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/2/challenge-6/function.ql -------------------------------------------------------------------------------- /2/challenge-6/instructions.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/2/challenge-6/instructions.md -------------------------------------------------------------------------------- /2/challenge-7/call-eval-predicate.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/2/challenge-7/call-eval-predicate.ql -------------------------------------------------------------------------------- /2/challenge-7/intructions.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/2/challenge-7/intructions.md -------------------------------------------------------------------------------- /2/challenge-8/intructions.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/2/challenge-8/intructions.md -------------------------------------------------------------------------------- /2/challenge-9/function-command-class.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/2/challenge-9/function-command-class.ql -------------------------------------------------------------------------------- /2/challenge-9/function-command-predicate.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/2/challenge-9/function-command-predicate.ql -------------------------------------------------------------------------------- /2/challenge-9/function-command.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/2/challenge-9/function-command.ql -------------------------------------------------------------------------------- /2/challenge-9/intructions.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/2/challenge-9/intructions.md -------------------------------------------------------------------------------- /2/codeql-pack.lock.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/2/codeql-pack.lock.yml -------------------------------------------------------------------------------- /2/codeql-pack.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/2/codeql-pack.yml -------------------------------------------------------------------------------- /3/1/instructions.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/3/1/instructions.md -------------------------------------------------------------------------------- /3/1/query.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/3/1/query.ql -------------------------------------------------------------------------------- /3/10/instructions.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/3/10/instructions.md -------------------------------------------------------------------------------- /3/11/instructions.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/3/11/instructions.md -------------------------------------------------------------------------------- /3/2/instructions.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/3/2/instructions.md -------------------------------------------------------------------------------- /3/2/query.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/3/2/query.ql -------------------------------------------------------------------------------- /3/3/instructions.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/3/3/instructions.md -------------------------------------------------------------------------------- /3/3/query.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/3/3/query.ql -------------------------------------------------------------------------------- /3/4/instructions.md: -------------------------------------------------------------------------------- 1 | Run a query with `getAQlClass` predicate. 2 | 3 | See example in this folder. 4 | -------------------------------------------------------------------------------- /3/4/query.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/3/4/query.ql -------------------------------------------------------------------------------- /3/5/instructions.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/3/5/instructions.md -------------------------------------------------------------------------------- /3/5/query.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/3/5/query.ql -------------------------------------------------------------------------------- /3/6/instructions.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/3/6/instructions.md -------------------------------------------------------------------------------- /3/6/query.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/3/6/query.ql -------------------------------------------------------------------------------- /3/7/instructions.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/3/7/instructions.md -------------------------------------------------------------------------------- /3/8/instructions.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/3/8/instructions.md -------------------------------------------------------------------------------- /3/8/query.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/3/8/query.ql -------------------------------------------------------------------------------- /3/9/instructions.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/3/9/instructions.md -------------------------------------------------------------------------------- /3/9/query.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/3/9/query.ql -------------------------------------------------------------------------------- /3/codeql-pack.lock.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/3/codeql-pack.lock.yml -------------------------------------------------------------------------------- /3/codeql-pack.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/3/codeql-pack.yml -------------------------------------------------------------------------------- /4/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/4/README.md -------------------------------------------------------------------------------- /4/codeql-pack.lock.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/4/codeql-pack.lock.yml -------------------------------------------------------------------------------- /4/codeql-pack.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/4/codeql-pack.yml -------------------------------------------------------------------------------- /4/queries/1.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/4/queries/1.ql -------------------------------------------------------------------------------- /4/queries/2.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/4/queries/2.ql -------------------------------------------------------------------------------- /4/queries/3.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/4/queries/3.ql -------------------------------------------------------------------------------- /4/queries/4.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/4/queries/4.ql -------------------------------------------------------------------------------- /4/queries/5.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/4/queries/5.ql -------------------------------------------------------------------------------- /4/queries/6.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/4/queries/6.ql -------------------------------------------------------------------------------- /4/queries/7.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/4/queries/7.ql -------------------------------------------------------------------------------- /4/vulnerable-code-snippets-db.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/4/vulnerable-code-snippets-db.zip -------------------------------------------------------------------------------- /4/vulnerable-code-snippets/cmdi-interface-list.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/4/vulnerable-code-snippets/cmdi-interface-list.py -------------------------------------------------------------------------------- /4/vulnerable-code-snippets/cmdi-interface.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/4/vulnerable-code-snippets/cmdi-interface.py -------------------------------------------------------------------------------- /4/vulnerable-code-snippets/cmdi-list.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/4/vulnerable-code-snippets/cmdi-list.py -------------------------------------------------------------------------------- /4/vulnerable-code-snippets/cmdi.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/4/vulnerable-code-snippets/cmdi.py -------------------------------------------------------------------------------- /5/1.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/5/1.ql -------------------------------------------------------------------------------- /5/2.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/5/2.ql -------------------------------------------------------------------------------- /5/3.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/5/3.ql -------------------------------------------------------------------------------- /5/4.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/5/4.ql -------------------------------------------------------------------------------- /5/5.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/5/5.ql -------------------------------------------------------------------------------- /5/6.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/5/6.ql -------------------------------------------------------------------------------- /5/codeql-pack.lock.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/5/codeql-pack.lock.yml -------------------------------------------------------------------------------- /5/codeql-pack.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/5/codeql-pack.yml -------------------------------------------------------------------------------- /5/vulnerable-code-snippets/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/5/vulnerable-code-snippets/README.md -------------------------------------------------------------------------------- /5/vulnerable-code-snippets/example.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/5/vulnerable-code-snippets/example.py -------------------------------------------------------------------------------- /5/zth5-db.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/5/zth5-db.zip -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/README.md -------------------------------------------------------------------------------- /images/4-results.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/images/4-results.png -------------------------------------------------------------------------------- /images/README.md: -------------------------------------------------------------------------------- 1 | Images folder. Nothing to see here. 2 | -------------------------------------------------------------------------------- /images/alert-view.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/images/alert-view.png -------------------------------------------------------------------------------- /images/download-from-github.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/images/download-from-github.png -------------------------------------------------------------------------------- /images/specify-github-repo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/images/specify-github-repo.png -------------------------------------------------------------------------------- /images/test-hello-world.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GitHubSecurityLab/codeql-zero-to-hero/HEAD/images/test-hello-world.png --------------------------------------------------------------------------------