CodeQL

Say hello to the next chapter of the Testing Handbook!

| | CodeQL, Static Analysis
By Fredrik Dahlgren Today we are announcing the latest addition to the Trail of Bits Testing Handbook: a brand new chapter on CodeQL! CodeQL is a powerful and versatile static analysis tool, ...
Trail of Bits Blog

Publishing Trail of Bits’ CodeQL queries

| | C/C++, CodeQL, cryptography, Go
By Paweł Płatek We are publishing a set of custom CodeQL queries for Go and C. We have used them to find critical issues that the standard CodeQL queries would have missed ...
Trail of Bits Blog
Look out! Divergent representations are everywhere!

Look out! Divergent representations are everywhere!

| | Binary Ninja, CodeQL, Internship Projects, Research Practice, Uncategorized
By Andreas Kellas Trail of Bits recently published a blog post about a signed integer overflow in certain versions of SQLite that can enable arbitrary code execution and result in a denial ...
Trail of Bits Blog

Finding unhandled errors using CodeQL

| | CodeQL
By Fredrik Dahlgren One of your developers finds a bug in your codebase—an unhandled error code—and wonders whether there could be more. He combs through the code and finds unhandled error after ...
Trail of Bits Blog
Detecting Iterator Invalidation with CodeQL

Detecting Iterator Invalidation with CodeQL

| | CodeQL, Internship Projects, Static Analysis
by Kevin Higgs, Montgomery Blair High School Iterator invalidation is a common and subtle class of C++ bugs that often leads to exploitable vulnerabilities. During my Trail of Bits internship this summer, ...
Trail of Bits Blog