LiveQL episode 2: The Rhino in the room

We often see the same types of bugs repeated in code. What if we could detect an entire bug class and report all of its occurrences at once? What if we could automate this detection for any Pull Request so we can catch bugs before they ever enter your code?

In our LiveQL video series we pair a security researcher and an experienced CodeQL writer to explore a vulnerability class and capture its essence as a CodeQL query.

If you’re new to CodeQL, you will discover how to use it to automate and accelerate your variant analysis, and if you are already a CodeQL user, you’ll learn more about CodeQL libraries, debugging tips and tricks, and much more.

In this episode, we will explore CVE-2020-13924 an RCE on Apache Druid caused by two different vulnerabilities: a Rhino JS script injection and some sort of Mass Assignment bug in the Jackson library.

Join us on Friday March 12, 2021, at 5pm CET (Central European Time) on https://www.twitch.tv/github