On September 1, 2022, GitHub Learning Lab will shut down.
Read more on the GitHub blog and check out GitHub Skills for courses backed by GitHub Actions.
See an up-to-date option for this page.

CodeQL U-Boot Challenge (C/C++)

Learn to use CodeQL, a query language that helps find bugs in source code. Find 9 remote code execution vulnerabilities in the open-source project Das U-Boot, and join the growing community of security researchers using CodeQL.

Start free course Join 3345 others!

social preview

Quickly learn CodeQL, an expressive language for code analysis, which helps you explore source code to find bugs and vulnerabilities. During this beginner-level course, you will learn to write queries in CodeQL and find critical security vulnerabilities that were identified in Das U-Boot, a popular open-source project.

What you'll learn

Upon completion of the course, you'll be able to:

  • Understand the basic syntax of CodeQL queries
  • Use the standard CodeQL libraries to write queries and explore code written in C/C++
  • Use predicates and classes, the building blocks of CodeQL queries, to make your queries more expressive and reusable
  • Use the CodeQL data flow and taint tracking libraries to write queries that find real security vulnerabilities

What you'll build

You will walk in the steps of our security researchers, and create:

  • Several CodeQL queries that look for interesting patterns in C/C++ code.
  • A CodeQL security query that finds 9 critical security vulnerabilities in the Das U-Boot codebase from 2019 (before it was patched!) and can be reused to audit other open-source projects of your choice.


  • Some knowledge of the C language and standard library.
  • A basic knowledge of secure coding practices is useful to understand the context of this course, and all the consequences of the bugs we'll find, but is not mandatory to learn CodeQL.
  • This is a beginner course. No prior knowledge of CodeQL is required.


  • Security researchers
  • Developers
Steps to complete this course 10
  1. Welcome to the course!

    See what you will cover in the course, and where to find documentation and help.

  2. Set up your IDE

    Set up your IDE for CodeQL development.

  3. Your first query

    Run a CodeQL query. Learn how to submit your work for checking during this course.

  4. Anatomy of a query

    Learn the basic structure of a CodeQL query. Modify a query to find the definition of a particular function.

  5. Using different classes and their predicates

    See how source code is represented in the classes and predicates of the CodeQL standard library. Find the definitions of particular macros.

  6. Relating two variables

    Declare multiple variables to represent different source code elements and learn how to describe relationships between them. Find calls to functions named memcpy.

  7. Relating two variables, continued

    Declare multiple variables to represent different source code elements and learn how to describe relationships between them. Find invocations of macros named ntoh*.

  8. Changing the selected output

    Learn how to change which source code element is identified by your query. Find the expressions that correspond to macro invocations.

  9. Write your own class

    Learn how to declare temporary variables with the exists keyword. Write your own CodeQL class to represent a set of interesting source code elements.

  10. Data flow and taint tracking analysis

    Learn how to use CodeQL to track the flow of tainted data through a program. Write a taint tracking query that find 9 RCE vulnerabilities!

Share this course
Average time to complete

1458 minutes


All public courses on Learning Lab are free.

Latest release

Users who took this course also took

What is GitHub Learning Lab?

Learn new skills by completing fun, realistic projects in your very own GitHub repository.

Ready to start learning?

Start CodeQL U-Boot Challenge (C/C++)