Skip to content

CodeQL Query Development

Overview

CodeQL ships with hundreds of queries out of the box for each language that typically cover the most critical and important security vulnerability categories. In this engagement, we will write, deliver and assist with testing and deploying one or more new queries to find security vulnerabilities which are not covered out-of-the-box, or to identify correctness, performance or code smell issues.

For each requested query, detailed specifications for the queries to be developed must be provided. If determined to be necessary during the pre-sales scoping phase, test-cases and example code to assist development and verify the correctness of deliverable queries must also be provided.

This engagement also offers the option to additionally release the developed CodeQL queries as an open-source contribution to the CodeQL Standard Library, thus saving future query maintenance costs at the expense of a longer initial query development phase.

Target Audience

  • Security Researchers
  • Application Security Teams
  • Software Engineering Technical Leads

Key Features and Benefits

After an initial scoping and feasibility assessment meeting, one or more CodeQL experts will be assigned to write custom queries and assist in deploying them in an organization. This engagement will provide CodeQL queries adding targeted code coverage of additional or organization-specific vulnerabilities, correctness, performance, or code smell issues.

Syllabus

  1. A pre-sales scoping and feasibility evaluation meeting to define each rule to be implemented as a query and determine an estimated time-to-implement for each rule based on its assigned difficulty.
  2. A post-sales kick-off call to clarify any remaining scope or architectural questions as well as to remediate any missing dependencies, such as access to proprietary code or query test cases.
  3. Internal project management and engineering tasks.
  4. Development of the queries, using an iterative process:
    • CodeQL query development
    • Incremental delivery of queries as CodeQL query packs or similar with deployment guidance
    • Collaborative review of query feedback and issue reports
    • Remediation of any false-positives, false-negatives, or other issues reported
    • Optionally, based on the individual services agreement, open-sourcing of the queries
  5. A final review and Q&A session

Learning/Business Outcomes

  • One or more custom queries ready to be deployed in your organization.
  • A deeper understanding of how CodeQL can be used to model patterns in your code.

Prerequisites

  • A clear technical scope for the CodeQL query or queries to be implemented can be provided; this prerequisite can be fulfilled through items including but not strictly limited to the following:
    • Specifying an established coding standard which contains technical specifications for the behaviour to be enforced or prohibited as well as demonstrative examples of the behaviour in question
    • An example of a security vulnerability, correctness issue, or otherwise undesired code pattern in a shareable codebase, proof-of-concept application, or code snippet
  • To develop custom queries which specifically model proprietary or closed-source software, it must be possible to provide access to the source code to be targeted or self-contained examples modelling their proprietary code.
  • In the pre-sales phase, a CodeQL Analysis Engineer has evaluated the feasibility of the proposed technical scope of the custom queries to be developed as well as CodeQL support for the language(s) to be targeted. Custom queries can only be developed to model problems of a clear and reasonably defined scope.

How can we help?

Let's build a customized solution that meets all of your needs.