Thanks to those who attended! Please complete our feedback form so we can stay in touch with you and improve future workshops.

Complete our C++ QL challenge, and come to table 14 in the North Building by Wed 26 June to win a prize.

QL is an object-oriented dialect of Datalog developed by Semmle for implementing high-level, declarative, reusable, yet efficient queries over complex, structured data. It is particularly well-suited for implementing program analyses, from elegant one-liners that spot shallow programming mistakes to elaborate whole-program data flow analyses that identify lurking security vulnerabilities. The power of QL is showcased on LGTM.com, where it is used to continuously analyse more than 135K open-source projects written in C++, C#, Cobol, Java, JavaScript and Python. It is also demonstrated by the considerable number of CVEs found by Semmle security researchers while using QL for variant analysis of security vulnerabilities.

Objectives

In this tutorial, participants will:

• obtain a technical overview of the QL language, covering both general principles and its specific application to program analysis and security
• be given access to a QL IDE
• interactively develop their own analyses in QL to find known security vulnerabilities in open-source projects.

Agenda

1. Introduction to QL (9:00-11:00)

   • Overview of QL
   • Syntactic program representation as a database
   • Finding query injection vulnerabilities using QL
   • Local data flow analysis

2. Security analysis with QL (11:30-12:30)

   • Global data flow analysis
   • Finding code injection and deserialization vulnerabilities in Apache Struts using QL

Tutorial instructions can be found at: https://tinyurl.com/dpaql19

Tutorial materials will be available through Google Drive. The tutorial can also be carried out using the query console at https://lgtm.com/query.