Well, have no fear because GitHub has got your back (or should we say front) with their amazing Security Teams and CodeQL tool.
Let’s start by talking about the Security Teams. These guys are like a team of superheroes who swoop in to save you from any potential security threats that may arise within your codebase. They offer a range of services, including vulnerability assessments, penetration testing, and code reviews. ️
GitHub also has this incredible tool called CodeQL (short for “Code Query Language”) that allows you to write queries in plain English to analyze your codebase for potential security vulnerabilities. It’s like having a personal cybersecurity analyst at your fingertips!
So, how does it work? Well, let’s say you have this piece of code:
// This script prompts the user for a password and stores its hashed version in local storage for security purposes.
// Prompt user for input
const password = prompt("Enter your password");
// Hash the password using SHA-256 algorithm
let hashedPassword = sha256(password);
// Store the hash in local storage
localStorage.setItem('hashed_password', hashedPassword);
Now, let’s say you want to check if this code is vulnerable to a potential security issue where someone could easily guess your password by looking at the hash value stored in local storage.
To do that, you can write a CodeQL query like this:
/**
* This query checks if the code is vulnerable to a potential security issue where someone could easily guess the password by looking at the hash value stored in local storage.
* It looks for two specific functions: "prompt" and "sha256" and checks if they are used to prompt for a password and hash it respectively.
* If both functions are found, it returns the local variable statements for the password and hashed password.
*/
query get_password {
/**
* This selects all matches where the function "prompt" is declared with the argument "Enter your password".
* It also checks for a method invocation and a statement within the function.
* Finally, it looks for a local variable statement with the name "password".
*/
select * from (
match p: function_declaration(name="prompt") where p.arguments[0].value = "Enter your password"
and m: method_invocation(callee=p)
and s: statement(parent=m)
and ls: local_variable_statement(parent=s, name="password")
)
/**
* This union combines the previous match with another match for the function "sha256".
* It follows the same pattern as the previous match, but looks for the argument "password" and a local variable statement with the name "hashedPassword".
*/
union (
match p: function_declaration(name="sha256") where p.arguments[0].value = "password"
and m: method_invocation(callee=p)
and s: statement(parent=m)
and ls: local_variable_statement(parent=s, name="hashedPassword")
)
}
This query will match any function declarations named “prompt” or “sha256”, where the first argument is set to “Enter your password” or “password”, respectively. It then matches any method invocations that call these functions and stores their results in a local variable called “password” or “hashedPassword”.
So, if you run this query against your codebase using CodeQL, it will highlight any potential security vulnerabilities within your codebase. And the best part? It’s all done automatically! No more manually scanning through thousands of lines of code to find potential issues.