Рет қаралды 15,891
First time using CodeQL, trying to find an access control bug in a nodeJS application using ApolloServer for GraphQL.
My Shop (advertisement): shop.liveoverflow.com/
CodeQL: codeql.github.com/
RedEye: github.com/cisagov/RedEye
Reported Issue: github.com/cisagov/RedEye/iss...
Chapters:
00:00 - Introduction
04:20 - The Research Question
06:40 - Getting Started CodeQL
09:24 - CodeQL for Visual Studio Code
12:41 - CodeQL Setup
16:55 - Create CodeQL Database
20:29 - Running First Query
22:26 - AST Viewer
28:36 - Create New Query
38:36 - ChatGPT Mixes CodeQL with SQL
30:28 - First Successful Query - Review Results
41:25 - Adding "Mutations" to Query
45:05 - Discovering Bug
45:56 - Proof of Concept with Burp
47:14 - Create Mutation PoC with ChatGPT
49:01 - Report Bug
50:16 - Conclusion
---
→ Twitch Subscription: / liveoverflow
→ per Video: / liveoverflow
→ per Month: / @liveoverflow
=[ 📄 Info. ]=
Main Channel: / liveoverflowctf
Twitch: / liveoverflow
=[ 🐕 Social ]=
→ Twitter: / liveoverflow
→ Website: liveoverflow.com/
→ Subreddit: / liveoverflow
→ Facebook: / liveoverflow
=[ 📄 P.S. ]=
#liveoverflow