This repository is part of Tweag's experience sharing of using GitHub's CodeQL static analysis tool. Other resources of ours include:

• A variant of this repository using Python as the programming language of choice: smelc/sarge-security-codeql
• A technical blog post: [Getting started with CodeQL, GitHub's declarative static analyzer for security](LINK TBD)

We provide a .envrc file to enter the development shell automatically. You need both direnv and Nix installed to use it.

Once you've entered the nix-shell, provision the Python dependencies as follows:

pip install -r dev-requirements.txt

In one terminal, run:

./gradlew run

Trigger vulnerabilities in another terminal:

curl -X POST https://localhost:8080/api/invoke -d "method=sayHello"

The query to catch the example vulnerability is in queries/JoorMain.ql. This query relies on library code located in queries/JoorLib.qll. Debugging code, used to find out how to write the main query is in queries/Scratch.ql: this file gives insight how one discovers what to write in a CodeQL query (the blog post linked above explains this process in details).