Author Archive

In this fifth post of my six part blog series, I will be starting to share techniques and tips that I found helpful for writing Semgrep rules for finding vulnerabilities. The previous post discussed the organization of queries and connecting data flows. The motivation is that while CodeQL excels in analyzing codebases with source code… » Read More

In this fourth post of my six part blog series, I look to share some of the most helpful techniques I learned while writing CodeQL queries as a security engineer. In the last blog post, I provided tips on how to improve the generalizability of the queries by adding custom function identification classes, and how… » Read More

This is the third post of a six part blog series where I cover the use of CodeQL and Semgrep in bug-hunting. In the previous installments of the series, I provided examples of custom queries and rules that identify CVEs in open-source libraries. In this section, I will be diving deeper into CodeQL, specifically how… » Read More

In the first blog post, I provided examples of a broadly generalizable bug query (written in both CodeQL and Semgrep) that were able to identify previously-known integer overflows CVEs across libraries such as libcurl, json-c, and libexpat. For that example, its simple construction and ability to operate across multiple codebases showcases the potential for CodeQL… » Read More

Huy Dai was previously a summer intern from MIT and has since graduated to join the Caesar Creek Software team in Woburn, MA. During his internship, he performed a security assessment of the Peloton Bike and, upon joining CC-SW full-time, he has conducted research using CodeQL and Semgrep to aid in vulnerability research. Motivation At… » Read More