├── CODEOWNERS ├── LICENSE ├── README.md ├── common ├── cli-for-codeql.org └── vscode-for-codeql.org ├── cpp ├── codeql-dataflow-sql-injection │ ├── Makefile │ ├── README.org │ ├── SqlInjection.ql │ ├── add-user.c │ ├── add-user.sh │ ├── admin │ ├── build.sh │ ├── codeql-dataflow-sql-injection.md │ ├── codeql-overview-for-workshop.pdf │ ├── cpp-sqli.code-workspace │ ├── dataflow-cropped.pdf │ ├── dataflow.key │ ├── dataflow.pdf │ ├── qlpack.yml │ ├── sarif-summary.jq │ └── session.ql ├── introduction │ ├── codeql-workshop-for-cpp.md │ ├── session-1 │ │ ├── codeql-workshop-cpp-bad-overflow-check.md │ │ ├── codeql-workshop-cpp-empty-if-stmt.md │ │ ├── codeql-workshop-cpp-predicates-and-classes.md │ │ └── installing-vs-code.md │ ├── session-2 │ │ ├── codeql-workshop-cpp-local-data-flow.md │ │ └── codeql-workshop-cpp-snprintf-overflow.md │ ├── session-3 │ │ ├── codeql-workshop-cpp-global-data-flow.md │ │ └── codeql-workshop-cpp-uboot.md │ └── session-4 │ │ └── codeql-workshop-cpp-glibc-segv.md └── type-conversions-dangling-pointer │ └── README.md ├── csharp ├── codeql-workshop-csharp-unsafe-pointer-arithmetic.md ├── codeql-workshop-csharp-zipslip.md └── top-down-vulnerability-guide.md ├── go ├── codeql-go-sqli │ ├── .gitattributes │ ├── Makefile │ ├── README.org │ ├── SqlInjection.ql │ ├── add-user.go │ ├── add-user.sh │ ├── admin │ ├── build.sh │ ├── go-sqli.code-workspace │ ├── go.mod │ ├── go.sum │ ├── init.el │ ├── qlpack.yml │ └── sarif-summary.jq ├── codeql-workshop-go-bad-redirect-check.md └── oauth2-notes.org ├── java ├── Introduction to CodeQL - Java.pdf ├── apache-struts-online.txt ├── codeql-customizations-workshop.md ├── codeql-dataflow-sql-injection │ ├── AddUser.java │ ├── DataFlowGraph.png │ ├── Makefile │ ├── README.org │ ├── SqlInjection.ql │ ├── SqlInjectionNew.ql │ ├── add-user │ ├── admin │ ├── build.sh │ ├── codeql-overview-for-workshop.pdf │ ├── codeql-pack.lock.yml │ ├── java-all.tar.gz │ ├── java-demo.code-workspace │ ├── qlpack.yml │ ├── sarif-summary.jq │ ├── sql-injection-db.tar.gz │ ├── sqlite-jdbc-3.36.0.1.jar │ ├── steps │ │ ├── 01-readline-from-where-select.ql │ │ ├── 02-readline-predicate.ql │ │ ├── 03-executeupdate-from-where-select.ql │ │ ├── 04-executeupdate-predicate.ql │ │ ├── 05-dataflow.ql │ │ └── 06-pathgraph.ql │ └── workshop.ql ├── codeql-java-workshop-notes.md ├── codeql-java-workshop-sqlinjection.md ├── java-unsafe-deserialization.md ├── unsafe-deserialization-apache-struts.md └── workshop-java-mismatched-loop-condition.md ├── javascript ├── codeql-dataflow-sql-injection │ ├── README.md │ ├── SolutionNew.ql │ ├── add-user.js │ ├── admin │ ├── codeql-pack.lock.yml │ ├── package.json │ ├── qlpack.yml │ ├── solution.ql │ └── steps │ │ ├── 1-identifying-source.ql │ │ ├── 2-identifying-sink.ql │ │ ├── 3-generalizing-sink.ql │ │ └── TypeTrackerBoilerplate.txt ├── codeql-js-goof-workshop │ ├── GoofPrototypePollution-0.ql │ ├── GoofPrototypePollution-1.ql │ ├── GoofPrototypePollution-2.ql │ ├── PrototypePollution-0.ql │ ├── PrototypePollution-1.ql │ ├── README.org │ ├── codeql-js-goof-project.code-workspace │ ├── example.ql │ ├── flow-query-0.ql │ ├── flow-query-1.ql │ ├── flow-query-10.ql │ ├── flow-query-11.ql │ ├── flow-query-12.ql │ ├── flow-query-13.ql │ ├── flow-query-2.ql │ ├── flow-query-3.ql │ ├── flow-query-4.ql │ ├── flow-query-5.ql │ ├── flow-query-6.ql │ ├── flow-query-7.ql │ ├── flow-query-8.ql │ ├── flow-query-9.ql │ ├── l3style.css │ ├── make-zipfile │ ├── qlpack.yml │ ├── workshop.html │ └── workshop.org ├── codeql-workshop-javascript-unsafe-jquery-calls.md └── cryptographic_failure_tEnvoy.md └── python └── codeql-dataflow-sql-injection ├── LICENSE ├── README.org ├── TaintFlow.ql ├── TaintFlowPath.ql ├── TaintFlowTemplate.ql ├── add-user.py ├── admin ├── codeql-dataflow-sql-injection.md ├── qlpack.yml ├── sink.ql ├── source.ql └── workspace-template.code-workspace /CODEOWNERS: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/CODEOWNERS -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/README.md -------------------------------------------------------------------------------- /common/cli-for-codeql.org: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/common/cli-for-codeql.org -------------------------------------------------------------------------------- /common/vscode-for-codeql.org: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/common/vscode-for-codeql.org -------------------------------------------------------------------------------- /cpp/codeql-dataflow-sql-injection/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/cpp/codeql-dataflow-sql-injection/Makefile -------------------------------------------------------------------------------- /cpp/codeql-dataflow-sql-injection/README.org: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/cpp/codeql-dataflow-sql-injection/README.org -------------------------------------------------------------------------------- /cpp/codeql-dataflow-sql-injection/SqlInjection.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/cpp/codeql-dataflow-sql-injection/SqlInjection.ql -------------------------------------------------------------------------------- /cpp/codeql-dataflow-sql-injection/add-user.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/cpp/codeql-dataflow-sql-injection/add-user.c -------------------------------------------------------------------------------- /cpp/codeql-dataflow-sql-injection/add-user.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/cpp/codeql-dataflow-sql-injection/add-user.sh -------------------------------------------------------------------------------- /cpp/codeql-dataflow-sql-injection/admin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/cpp/codeql-dataflow-sql-injection/admin -------------------------------------------------------------------------------- /cpp/codeql-dataflow-sql-injection/build.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/cpp/codeql-dataflow-sql-injection/build.sh -------------------------------------------------------------------------------- /cpp/codeql-dataflow-sql-injection/codeql-dataflow-sql-injection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/cpp/codeql-dataflow-sql-injection/codeql-dataflow-sql-injection.md -------------------------------------------------------------------------------- /cpp/codeql-dataflow-sql-injection/codeql-overview-for-workshop.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/cpp/codeql-dataflow-sql-injection/codeql-overview-for-workshop.pdf -------------------------------------------------------------------------------- /cpp/codeql-dataflow-sql-injection/cpp-sqli.code-workspace: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/cpp/codeql-dataflow-sql-injection/cpp-sqli.code-workspace -------------------------------------------------------------------------------- /cpp/codeql-dataflow-sql-injection/dataflow-cropped.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/cpp/codeql-dataflow-sql-injection/dataflow-cropped.pdf -------------------------------------------------------------------------------- /cpp/codeql-dataflow-sql-injection/dataflow.key: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/cpp/codeql-dataflow-sql-injection/dataflow.key -------------------------------------------------------------------------------- /cpp/codeql-dataflow-sql-injection/dataflow.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/cpp/codeql-dataflow-sql-injection/dataflow.pdf -------------------------------------------------------------------------------- /cpp/codeql-dataflow-sql-injection/qlpack.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/cpp/codeql-dataflow-sql-injection/qlpack.yml -------------------------------------------------------------------------------- /cpp/codeql-dataflow-sql-injection/sarif-summary.jq: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/cpp/codeql-dataflow-sql-injection/sarif-summary.jq -------------------------------------------------------------------------------- /cpp/codeql-dataflow-sql-injection/session.ql: -------------------------------------------------------------------------------- 1 | /** 2 | * @kind path-problem 3 | */ 4 | 5 | import cpp 6 | 7 | select 1 8 | -------------------------------------------------------------------------------- /cpp/introduction/codeql-workshop-for-cpp.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/cpp/introduction/codeql-workshop-for-cpp.md -------------------------------------------------------------------------------- /cpp/introduction/session-1/codeql-workshop-cpp-bad-overflow-check.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/cpp/introduction/session-1/codeql-workshop-cpp-bad-overflow-check.md -------------------------------------------------------------------------------- /cpp/introduction/session-1/codeql-workshop-cpp-empty-if-stmt.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/cpp/introduction/session-1/codeql-workshop-cpp-empty-if-stmt.md -------------------------------------------------------------------------------- /cpp/introduction/session-1/codeql-workshop-cpp-predicates-and-classes.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/cpp/introduction/session-1/codeql-workshop-cpp-predicates-and-classes.md -------------------------------------------------------------------------------- /cpp/introduction/session-1/installing-vs-code.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/cpp/introduction/session-1/installing-vs-code.md -------------------------------------------------------------------------------- /cpp/introduction/session-2/codeql-workshop-cpp-local-data-flow.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/cpp/introduction/session-2/codeql-workshop-cpp-local-data-flow.md -------------------------------------------------------------------------------- /cpp/introduction/session-2/codeql-workshop-cpp-snprintf-overflow.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/cpp/introduction/session-2/codeql-workshop-cpp-snprintf-overflow.md -------------------------------------------------------------------------------- /cpp/introduction/session-3/codeql-workshop-cpp-global-data-flow.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/cpp/introduction/session-3/codeql-workshop-cpp-global-data-flow.md -------------------------------------------------------------------------------- /cpp/introduction/session-3/codeql-workshop-cpp-uboot.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/cpp/introduction/session-3/codeql-workshop-cpp-uboot.md -------------------------------------------------------------------------------- /cpp/introduction/session-4/codeql-workshop-cpp-glibc-segv.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/cpp/introduction/session-4/codeql-workshop-cpp-glibc-segv.md -------------------------------------------------------------------------------- /cpp/type-conversions-dangling-pointer/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/cpp/type-conversions-dangling-pointer/README.md -------------------------------------------------------------------------------- /csharp/codeql-workshop-csharp-unsafe-pointer-arithmetic.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/csharp/codeql-workshop-csharp-unsafe-pointer-arithmetic.md -------------------------------------------------------------------------------- /csharp/codeql-workshop-csharp-zipslip.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/csharp/codeql-workshop-csharp-zipslip.md -------------------------------------------------------------------------------- /csharp/top-down-vulnerability-guide.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/csharp/top-down-vulnerability-guide.md -------------------------------------------------------------------------------- /go/codeql-go-sqli/.gitattributes: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/go/codeql-go-sqli/.gitattributes -------------------------------------------------------------------------------- /go/codeql-go-sqli/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/go/codeql-go-sqli/Makefile -------------------------------------------------------------------------------- /go/codeql-go-sqli/README.org: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/go/codeql-go-sqli/README.org -------------------------------------------------------------------------------- /go/codeql-go-sqli/SqlInjection.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/go/codeql-go-sqli/SqlInjection.ql -------------------------------------------------------------------------------- /go/codeql-go-sqli/add-user.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/go/codeql-go-sqli/add-user.go -------------------------------------------------------------------------------- /go/codeql-go-sqli/add-user.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/go/codeql-go-sqli/add-user.sh -------------------------------------------------------------------------------- /go/codeql-go-sqli/admin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/go/codeql-go-sqli/admin -------------------------------------------------------------------------------- /go/codeql-go-sqli/build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | go build add-user.go 3 | -------------------------------------------------------------------------------- /go/codeql-go-sqli/go-sqli.code-workspace: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/go/codeql-go-sqli/go-sqli.code-workspace -------------------------------------------------------------------------------- /go/codeql-go-sqli/go.mod: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/go/codeql-go-sqli/go.mod -------------------------------------------------------------------------------- /go/codeql-go-sqli/go.sum: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/go/codeql-go-sqli/go.sum -------------------------------------------------------------------------------- /go/codeql-go-sqli/init.el: -------------------------------------------------------------------------------- 1 | (package-initialize) 2 | -------------------------------------------------------------------------------- /go/codeql-go-sqli/qlpack.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/go/codeql-go-sqli/qlpack.yml -------------------------------------------------------------------------------- /go/codeql-go-sqli/sarif-summary.jq: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/go/codeql-go-sqli/sarif-summary.jq -------------------------------------------------------------------------------- /go/codeql-workshop-go-bad-redirect-check.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/go/codeql-workshop-go-bad-redirect-check.md -------------------------------------------------------------------------------- /go/oauth2-notes.org: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/go/oauth2-notes.org -------------------------------------------------------------------------------- /java/Introduction to CodeQL - Java.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/java/Introduction to CodeQL - Java.pdf -------------------------------------------------------------------------------- /java/apache-struts-online.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/java/apache-struts-online.txt -------------------------------------------------------------------------------- /java/codeql-customizations-workshop.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/java/codeql-customizations-workshop.md -------------------------------------------------------------------------------- /java/codeql-dataflow-sql-injection/AddUser.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/java/codeql-dataflow-sql-injection/AddUser.java -------------------------------------------------------------------------------- /java/codeql-dataflow-sql-injection/DataFlowGraph.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/java/codeql-dataflow-sql-injection/DataFlowGraph.png -------------------------------------------------------------------------------- /java/codeql-dataflow-sql-injection/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/java/codeql-dataflow-sql-injection/Makefile -------------------------------------------------------------------------------- /java/codeql-dataflow-sql-injection/README.org: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/java/codeql-dataflow-sql-injection/README.org -------------------------------------------------------------------------------- /java/codeql-dataflow-sql-injection/SqlInjection.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/java/codeql-dataflow-sql-injection/SqlInjection.ql -------------------------------------------------------------------------------- /java/codeql-dataflow-sql-injection/SqlInjectionNew.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/java/codeql-dataflow-sql-injection/SqlInjectionNew.ql -------------------------------------------------------------------------------- /java/codeql-dataflow-sql-injection/add-user: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | java -cp ".:sqlite-jdbc-3.36.0.1.jar" AddUser $@ 3 | 4 | -------------------------------------------------------------------------------- /java/codeql-dataflow-sql-injection/admin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/java/codeql-dataflow-sql-injection/admin -------------------------------------------------------------------------------- /java/codeql-dataflow-sql-injection/build.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/java/codeql-dataflow-sql-injection/build.sh -------------------------------------------------------------------------------- /java/codeql-dataflow-sql-injection/codeql-overview-for-workshop.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/java/codeql-dataflow-sql-injection/codeql-overview-for-workshop.pdf -------------------------------------------------------------------------------- /java/codeql-dataflow-sql-injection/codeql-pack.lock.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/java/codeql-dataflow-sql-injection/codeql-pack.lock.yml -------------------------------------------------------------------------------- /java/codeql-dataflow-sql-injection/java-all.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/java/codeql-dataflow-sql-injection/java-all.tar.gz -------------------------------------------------------------------------------- /java/codeql-dataflow-sql-injection/java-demo.code-workspace: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/java/codeql-dataflow-sql-injection/java-demo.code-workspace -------------------------------------------------------------------------------- /java/codeql-dataflow-sql-injection/qlpack.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/java/codeql-dataflow-sql-injection/qlpack.yml -------------------------------------------------------------------------------- /java/codeql-dataflow-sql-injection/sarif-summary.jq: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/java/codeql-dataflow-sql-injection/sarif-summary.jq -------------------------------------------------------------------------------- /java/codeql-dataflow-sql-injection/sql-injection-db.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/java/codeql-dataflow-sql-injection/sql-injection-db.tar.gz -------------------------------------------------------------------------------- /java/codeql-dataflow-sql-injection/sqlite-jdbc-3.36.0.1.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/java/codeql-dataflow-sql-injection/sqlite-jdbc-3.36.0.1.jar -------------------------------------------------------------------------------- /java/codeql-dataflow-sql-injection/steps/01-readline-from-where-select.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/java/codeql-dataflow-sql-injection/steps/01-readline-from-where-select.ql -------------------------------------------------------------------------------- /java/codeql-dataflow-sql-injection/steps/02-readline-predicate.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/java/codeql-dataflow-sql-injection/steps/02-readline-predicate.ql -------------------------------------------------------------------------------- /java/codeql-dataflow-sql-injection/steps/03-executeupdate-from-where-select.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/java/codeql-dataflow-sql-injection/steps/03-executeupdate-from-where-select.ql -------------------------------------------------------------------------------- /java/codeql-dataflow-sql-injection/steps/04-executeupdate-predicate.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/java/codeql-dataflow-sql-injection/steps/04-executeupdate-predicate.ql -------------------------------------------------------------------------------- /java/codeql-dataflow-sql-injection/steps/05-dataflow.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/java/codeql-dataflow-sql-injection/steps/05-dataflow.ql -------------------------------------------------------------------------------- /java/codeql-dataflow-sql-injection/steps/06-pathgraph.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/java/codeql-dataflow-sql-injection/steps/06-pathgraph.ql -------------------------------------------------------------------------------- /java/codeql-dataflow-sql-injection/workshop.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/java/codeql-dataflow-sql-injection/workshop.ql -------------------------------------------------------------------------------- /java/codeql-java-workshop-notes.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/java/codeql-java-workshop-notes.md -------------------------------------------------------------------------------- /java/codeql-java-workshop-sqlinjection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/java/codeql-java-workshop-sqlinjection.md -------------------------------------------------------------------------------- /java/java-unsafe-deserialization.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/java/java-unsafe-deserialization.md -------------------------------------------------------------------------------- /java/unsafe-deserialization-apache-struts.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/java/unsafe-deserialization-apache-struts.md -------------------------------------------------------------------------------- /java/workshop-java-mismatched-loop-condition.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/java/workshop-java-mismatched-loop-condition.md -------------------------------------------------------------------------------- /javascript/codeql-dataflow-sql-injection/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/javascript/codeql-dataflow-sql-injection/README.md -------------------------------------------------------------------------------- /javascript/codeql-dataflow-sql-injection/SolutionNew.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/javascript/codeql-dataflow-sql-injection/SolutionNew.ql -------------------------------------------------------------------------------- /javascript/codeql-dataflow-sql-injection/add-user.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/javascript/codeql-dataflow-sql-injection/add-user.js -------------------------------------------------------------------------------- /javascript/codeql-dataflow-sql-injection/admin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/javascript/codeql-dataflow-sql-injection/admin -------------------------------------------------------------------------------- /javascript/codeql-dataflow-sql-injection/codeql-pack.lock.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/javascript/codeql-dataflow-sql-injection/codeql-pack.lock.yml -------------------------------------------------------------------------------- /javascript/codeql-dataflow-sql-injection/package.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/javascript/codeql-dataflow-sql-injection/package.json -------------------------------------------------------------------------------- /javascript/codeql-dataflow-sql-injection/qlpack.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/javascript/codeql-dataflow-sql-injection/qlpack.yml -------------------------------------------------------------------------------- /javascript/codeql-dataflow-sql-injection/solution.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/javascript/codeql-dataflow-sql-injection/solution.ql -------------------------------------------------------------------------------- /javascript/codeql-dataflow-sql-injection/steps/1-identifying-source.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/javascript/codeql-dataflow-sql-injection/steps/1-identifying-source.ql -------------------------------------------------------------------------------- /javascript/codeql-dataflow-sql-injection/steps/2-identifying-sink.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/javascript/codeql-dataflow-sql-injection/steps/2-identifying-sink.ql -------------------------------------------------------------------------------- /javascript/codeql-dataflow-sql-injection/steps/3-generalizing-sink.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/javascript/codeql-dataflow-sql-injection/steps/3-generalizing-sink.ql -------------------------------------------------------------------------------- /javascript/codeql-dataflow-sql-injection/steps/TypeTrackerBoilerplate.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/javascript/codeql-dataflow-sql-injection/steps/TypeTrackerBoilerplate.txt -------------------------------------------------------------------------------- /javascript/codeql-js-goof-workshop/GoofPrototypePollution-0.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/javascript/codeql-js-goof-workshop/GoofPrototypePollution-0.ql -------------------------------------------------------------------------------- /javascript/codeql-js-goof-workshop/GoofPrototypePollution-1.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/javascript/codeql-js-goof-workshop/GoofPrototypePollution-1.ql -------------------------------------------------------------------------------- /javascript/codeql-js-goof-workshop/GoofPrototypePollution-2.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/javascript/codeql-js-goof-workshop/GoofPrototypePollution-2.ql -------------------------------------------------------------------------------- /javascript/codeql-js-goof-workshop/PrototypePollution-0.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/javascript/codeql-js-goof-workshop/PrototypePollution-0.ql -------------------------------------------------------------------------------- /javascript/codeql-js-goof-workshop/PrototypePollution-1.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/javascript/codeql-js-goof-workshop/PrototypePollution-1.ql -------------------------------------------------------------------------------- /javascript/codeql-js-goof-workshop/README.org: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/javascript/codeql-js-goof-workshop/README.org -------------------------------------------------------------------------------- /javascript/codeql-js-goof-workshop/codeql-js-goof-project.code-workspace: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/javascript/codeql-js-goof-workshop/codeql-js-goof-project.code-workspace -------------------------------------------------------------------------------- /javascript/codeql-js-goof-workshop/example.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/javascript/codeql-js-goof-workshop/example.ql -------------------------------------------------------------------------------- /javascript/codeql-js-goof-workshop/flow-query-0.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/javascript/codeql-js-goof-workshop/flow-query-0.ql -------------------------------------------------------------------------------- /javascript/codeql-js-goof-workshop/flow-query-1.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/javascript/codeql-js-goof-workshop/flow-query-1.ql -------------------------------------------------------------------------------- /javascript/codeql-js-goof-workshop/flow-query-10.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/javascript/codeql-js-goof-workshop/flow-query-10.ql -------------------------------------------------------------------------------- /javascript/codeql-js-goof-workshop/flow-query-11.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/javascript/codeql-js-goof-workshop/flow-query-11.ql -------------------------------------------------------------------------------- /javascript/codeql-js-goof-workshop/flow-query-12.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/javascript/codeql-js-goof-workshop/flow-query-12.ql -------------------------------------------------------------------------------- /javascript/codeql-js-goof-workshop/flow-query-13.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/javascript/codeql-js-goof-workshop/flow-query-13.ql -------------------------------------------------------------------------------- /javascript/codeql-js-goof-workshop/flow-query-2.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/javascript/codeql-js-goof-workshop/flow-query-2.ql -------------------------------------------------------------------------------- /javascript/codeql-js-goof-workshop/flow-query-3.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/javascript/codeql-js-goof-workshop/flow-query-3.ql -------------------------------------------------------------------------------- /javascript/codeql-js-goof-workshop/flow-query-4.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/javascript/codeql-js-goof-workshop/flow-query-4.ql -------------------------------------------------------------------------------- /javascript/codeql-js-goof-workshop/flow-query-5.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/javascript/codeql-js-goof-workshop/flow-query-5.ql -------------------------------------------------------------------------------- /javascript/codeql-js-goof-workshop/flow-query-6.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/javascript/codeql-js-goof-workshop/flow-query-6.ql -------------------------------------------------------------------------------- /javascript/codeql-js-goof-workshop/flow-query-7.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/javascript/codeql-js-goof-workshop/flow-query-7.ql -------------------------------------------------------------------------------- /javascript/codeql-js-goof-workshop/flow-query-8.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/javascript/codeql-js-goof-workshop/flow-query-8.ql -------------------------------------------------------------------------------- /javascript/codeql-js-goof-workshop/flow-query-9.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/javascript/codeql-js-goof-workshop/flow-query-9.ql -------------------------------------------------------------------------------- /javascript/codeql-js-goof-workshop/l3style.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/javascript/codeql-js-goof-workshop/l3style.css -------------------------------------------------------------------------------- /javascript/codeql-js-goof-workshop/make-zipfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/javascript/codeql-js-goof-workshop/make-zipfile -------------------------------------------------------------------------------- /javascript/codeql-js-goof-workshop/qlpack.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/javascript/codeql-js-goof-workshop/qlpack.yml -------------------------------------------------------------------------------- /javascript/codeql-js-goof-workshop/workshop.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/javascript/codeql-js-goof-workshop/workshop.html -------------------------------------------------------------------------------- /javascript/codeql-js-goof-workshop/workshop.org: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/javascript/codeql-js-goof-workshop/workshop.org -------------------------------------------------------------------------------- /javascript/codeql-workshop-javascript-unsafe-jquery-calls.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/javascript/codeql-workshop-javascript-unsafe-jquery-calls.md -------------------------------------------------------------------------------- /javascript/cryptographic_failure_tEnvoy.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/javascript/cryptographic_failure_tEnvoy.md -------------------------------------------------------------------------------- /python/codeql-dataflow-sql-injection/LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/python/codeql-dataflow-sql-injection/LICENSE -------------------------------------------------------------------------------- /python/codeql-dataflow-sql-injection/README.org: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/python/codeql-dataflow-sql-injection/README.org -------------------------------------------------------------------------------- /python/codeql-dataflow-sql-injection/TaintFlow.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/python/codeql-dataflow-sql-injection/TaintFlow.ql -------------------------------------------------------------------------------- /python/codeql-dataflow-sql-injection/TaintFlowPath.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/python/codeql-dataflow-sql-injection/TaintFlowPath.ql -------------------------------------------------------------------------------- /python/codeql-dataflow-sql-injection/TaintFlowTemplate.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/python/codeql-dataflow-sql-injection/TaintFlowTemplate.ql -------------------------------------------------------------------------------- /python/codeql-dataflow-sql-injection/add-user.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/python/codeql-dataflow-sql-injection/add-user.py -------------------------------------------------------------------------------- /python/codeql-dataflow-sql-injection/admin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/python/codeql-dataflow-sql-injection/admin -------------------------------------------------------------------------------- /python/codeql-dataflow-sql-injection/codeql-dataflow-sql-injection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/python/codeql-dataflow-sql-injection/codeql-dataflow-sql-injection.md -------------------------------------------------------------------------------- /python/codeql-dataflow-sql-injection/qlpack.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/python/codeql-dataflow-sql-injection/qlpack.yml -------------------------------------------------------------------------------- /python/codeql-dataflow-sql-injection/sink.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/python/codeql-dataflow-sql-injection/sink.ql -------------------------------------------------------------------------------- /python/codeql-dataflow-sql-injection/source.ql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/python/codeql-dataflow-sql-injection/source.ql -------------------------------------------------------------------------------- /python/codeql-dataflow-sql-injection/workspace-template.code-workspace: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/advanced-security/codeql-workshops-staging/HEAD/python/codeql-dataflow-sql-injection/workspace-template.code-workspace --------------------------------------------------------------------------------