https://miscreants.github.io/blog.trailofbits.com/categories/codeql/Recent content in codeql on The Trail of Bits BlogHugoen-usThu, 11 Dec 2025 00:00:00 -0500https://miscreants.github.io/blog.trailofbits.com/2025/12/11/introducing-mrva-a-terminal-first-approach-to-codeql-multi-repo-variant-analysis/Thu, 11 Dec 2025 07:00:00 -0500https://miscreants.github.io/blog.trailofbits.com/2025/12/11/introducing-mrva-a-terminal-first-approach-to-codeql-multi-repo-variant-analysis/Our new tool mrva is a terminal-first tool for running CodeQL multi-repository variant analysis locally,allowing users to download pre-built databases, analyze them with custom queries, and view results directly in the terminal.https://miscreants.github.io/blog.trailofbits.com/2025/09/25/taming-2500-compiler-warnings-with-codeql-an-openvpn2-case-study/Thu, 25 Sep 2025 07:00:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/09/25/taming-2500-compiler-warnings-with-codeql-an-openvpn2-case-study/We created a CodeQL query that reduced 2,500+ compiler warnings about implicit conversions in OpenVPN2 to just 20 high-priority cases, demonstrating how to effectively identify potentially dangerous type conversions in C code.https://miscreants.github.io/blog.trailofbits.com/2023/12/22/catching-openssl-misuse-using-codeql/Fri, 22 Dec 2023 09:00:35 -0500https://miscreants.github.io/blog.trailofbits.com/2023/12/22/catching-openssl-misuse-using-codeql/I’ve created five CodeQL queries that catch potentially potent bugs in the OpenSSL libcrypto API, a widely adopted but often unforgiving API that can be misused to cause memory leaks, authentication bypasses, and other subtle cryptographic issues in implementations. These queries—which I developed during my internship with my mentors, Fredrik Dahlgren and […]https://miscreants.github.io/blog.trailofbits.com/2023/12/11/say-hello-to-the-next-chapter-of-the-testing-handbook/Mon, 11 Dec 2023 08:30:16 -0500https://miscreants.github.io/blog.trailofbits.com/2023/12/11/say-hello-to-the-next-chapter-of-the-testing-handbook/Today we are announcing the latest addition to the Trail of Bits Testing Handbook: a brand new chapter on CodeQL! CodeQL is a powerful and versatile static analysis tool, and at Trail of Bits, we regularly use CodeQL on client engagements to find common vulnerabilities and to perform variant analysis for already […]https://miscreants.github.io/blog.trailofbits.com/2023/12/06/publishing-trail-of-bits-codeql-queries/Wed, 06 Dec 2023 08:30:25 -0500https://miscreants.github.io/blog.trailofbits.com/2023/12/06/publishing-trail-of-bits-codeql-queries/We are publishing a set of custom CodeQL queries for Go and C. We have used them to find critical issues that the standard CodeQL queries would have missed. This new release of a continuously updated repository of CodeQL queries joins our public Semgrep rules and Automated Testing Handbook in an effort […]https://miscreants.github.io/blog.trailofbits.com/2022/11/10/divergent-representations-variable-overflows-c-compiler/Thu, 10 Nov 2022 07:30:53 -0500https://miscreants.github.io/blog.trailofbits.com/2022/11/10/divergent-representations-variable-overflows-c-compiler/Trail of Bits recently published a blog post about a signed integer overflow in certain versions of SQLite that can enable arbitrary code execution and result in a denial of service. While working on proof-of-concept exploits for that vulnerability, we noticed that the compiler’s representation of an important integer variable is semantically […]https://miscreants.github.io/blog.trailofbits.com/2022/01/11/finding-unhandled-errors-using-codeql/Tue, 11 Jan 2022 07:00:58 -0500https://miscreants.github.io/blog.trailofbits.com/2022/01/11/finding-unhandled-errors-using-codeql/One of your developers finds a bug in your codebase—an unhandled error code—and wonders whether there could be more. He combs through the code and finds unhandled error after unhandled error. One lone developer playing whack-a-mole. It’s not enough. And your undisciplined team of first-year Stanford grads never learned software engineering. You’re […]https://miscreants.github.io/blog.trailofbits.com/2020/10/09/detecting-iterator-invalidation-with-codeql/Fri, 09 Oct 2020 08:30:22 -0400https://miscreants.github.io/blog.trailofbits.com/2020/10/09/detecting-iterator-invalidation-with-codeql/Iterator invalidation is a common and subtle class of C++ bugs that often leads to exploitable vulnerabilities. During my Trail of Bits internship this summer, I developed Itergator, a set of CodeQL classes and queries for analyzing and discovering iterator invalidation. Results are easily interpretable by an auditor, […]