CodeQL for JavaScript: Unsafe jQuery Plugin
In this course, we will use CodeQL to analyze the source code of Bootstrap, and find unsafe calls to JQuery that could lead to cross-site scripting (XSS) attacks.
Quickly learn CodeQL, an expressive language for code analysis, which helps you explore source code to find bugs and vulnerabilities. During this beginner-accessible course, you will learn to write queries in CodeQL and find critical security vulnerabilities that were identified in Bootstrap, a popular open-source project.
What you'll learn
Upon completion of the course, you'll be able to:
- Understand the basic syntax of CodeQL queries
- Use the standard CodeQL libraries to write queries and explore code written in JavaScript
- Use predicates and classes, the building blocks of CodeQL queries, to make your queries more expressive and reusable
- Use the CodeQL data flow and taint tracking libraries to write queries that find real security vulnerabilities
What you'll build
You will walk in the steps of our security researchers, and create:
- Several CodeQL queries that look for interesting patterns in JavaScript code.
- A CodeQL security query that finds 5 critical security vulnerabilities in the Bootstrap codebase (before it was patched!) and can be reused to audit other open-source projects of your choice.
Pre-requisites
- Some knowledge of the JavaScript language and the JQuery library.
- A basic knowledge of secure coding practices is useful to understand the context of this course, and all the consequences of the bugs we'll find, but is not mandatory to learn CodeQL.
- This is a beginner-accessible course. No prior knowledge of CodeQL is required.
Audiences
- Security researchers
- Developers
Steps to complete this course 9
-
Welcome to the course
Know where to find documentation and help, install CodeQL, setup your IDE.
-
Your first query
Finding all calls to the jQuery $ function
-
Understanding the query, binding objects
Finding the first argument of all calls to the $ function
-
Using the jquery predicate
The CodeQL JavaScript library provides a jquery predicate
-
Finding jQuery plugin options: property reads
Finding jQuery property reads
-
Finding jQuery plugin options: plugins
Using local data flow analysis to find jQuery plugins
-
Finding jQuery plugin options: final step
Using local data flow analysis to find jQuery plugins options
-
Detecting untrusted data flow sources
Detecting untrusted data flow sources
-
Putting it all together: the taint tracking query
Using global data flow analysis: finalizing the taint tracking query
Average time to complete
1375 minutes
Free
All public courses on Learning Lab are free.
Get help
Latest release
Users who took this course also took
-
TomTom Maps SDK for Android - Display a Map
In this course you will learn how to create an Android application that displays a TomTom Map
-
Community starter kit
There are millions of projects on GitHub, all competing for attention from the millions of open...
-
Communicating using Markdown
This course will walk you through everything you need to start organizing ideas and collaborating...
What is GitHub Learning Lab?
Learn new skills by completing fun, realistic projects in your very own GitHub repository.