Type of Submission
Poster
Keywords
Cryptography, JavaScript, Vulnerability Analysis, Security Vulnerabilities, Code Scanning, Codebase, Query Language, Security Checks, Automate, GitHub
Proposal
Cryptography is an important tool in the security of our software systems. However, mistakes are often made by developers who do not implement cryptography correctly in their projects. As JavaScript becomes more popular as a language for full-stack development, vulnerabilities in JavaScript due to misuses of the cryptographic APIs and incorrect practices have increased as well. Our project focuses on developing CodeQL queries to find vulnerabilities in JavaScript code due to misuses of cryptography. We are designing and implementing several queries that find some of these misuses and will submit them to GitHub for review with the hope of having them accepted as official queries included on the public repo. This will allow developers all over the world to improve the security of their codebases by automatically scanning them with CodeQL, and therefore with our queries.
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.
Publication Date
2023
ACCIDENT with CodeQL
Cryptography is an important tool in the security of our software systems. However, mistakes are often made by developers who do not implement cryptography correctly in their projects. As JavaScript becomes more popular as a language for full-stack development, vulnerabilities in JavaScript due to misuses of the cryptographic APIs and incorrect practices have increased as well. Our project focuses on developing CodeQL queries to find vulnerabilities in JavaScript code due to misuses of cryptography. We are designing and implementing several queries that find some of these misuses and will submit them to GitHub for review with the hope of having them accepted as official queries included on the public repo. This will allow developers all over the world to improve the security of their codebases by automatically scanning them with CodeQL, and therefore with our queries.
