Auto QL

Automate a free and open source code analysis tool called CodeQL to perform Variant Analysis on a program through placing an LLM as an intermediary between a developer and CodeQL.

Comment

Inspiration

CodeQL is very powerful, but hard to use due to it's difficult syntax and complex documentation. LLMs are getting good at generating code, so we thought it'd be helpful for them to help us write CodeQL queries as well.

What it does

AutoQL automatically generates CodeQL queries given information about a vulnerability.

Challenges we ran into

CodeQL is complex, even for LLMs. We needed to play with different system prompts to see how capable it was of solving this problem.

What we learned

Learned a lot about how CodeQL works and how to make better prompts.

What's next for AutoQL

We hope to eventually make this, even past the hackathon.

Built With

+ 54 more
Share this project:

Updates