Semmle

The power of variant analysis (Semmle QL) CVE-2019-15937 and CVE-2019-15938

28 October 2019 ~9 min By Hector Cuesta

Cve Exploit Variant Analysis Vulnerability Research Code Analysis Cve-2019-15937 Cve-2019-15938 Ql Semmle Vulnerability

Cve
Exploit
Variant Analysis
Vulnerability Research
Code Analysis
Cve-2019-15937
Cve-2019-15938
Ql
Semmle
Vulnerability

Intro This post will try to do a small introduction to the QL language using real-world vulnerabilities that I found in the past, and it will end with a small challenge using QL. A few months ago, I heard of Semmle QL for the first time, what they do is perform multiple code analysis techniques against source code, and dump these results into a database. Then using the QL language, you can query this data to perform variant analysis.

Page 1 of 1