About the CodeQL for research

Today, GitHub has a GitHub Security Lab for protecting source code on it.

1. GitHub Security Advisories : This is a chanel which project owner can contact to a Security Research Team in private to try to find and fix the security problem.Then, its will public a solution when they can fix it
2. GitHub Advisory Database : They try to find a defect hole of public database chancel on the databases with connect to GitHub source. And also try to protect it.
3. Token Scanning : GitHubprovide services for scanning and detecting a Hard code key or token. GitHub has more than 20 formats keys to detect.They will report to cloud provider to remove that key or token.

However, the interesting point is “CodeQL” .This is code to query defects.

The example of CodeQL

https://lgtm.com/query/5143707053254923402/

Let’s play with CodeQL

1. Login to your project then select the language of code and stucture of project like photo below:

2. After that , run the checking and you will see the result.

3. In addtion, GitHub has some examples of CodeQL to show and to lean about a query.

Reference

1. https://securitylab.github.com/tools/codeql
2. https://lgtm.com/query/5143707053254923402/
3. https://www.blognone.com/node/113310
4. https://github.com/github/codeql-go