Sure! The translation to American English is: “From Novice to Expert in CodeQL: Part 5 – Perfecting Query Debugging”

When starting in the world of CodeQL, users often face frustrations when queries do not yield the expected results. Debugging these queries can be complicated since CodeQL uses a language similar to Prolog, whose evaluation model differs significantly from more common languages like Python. This means that traditional techniques, such as “stepping through the code” or adding print statements, are not applicable.

However, CodeQL offers multiple built-in features that facilitate diagnosing and troubleshooting queries. Key tools include the abstract syntax tree (AST) and partial path graphs, which are essential for the debugging process. Users have the opportunity to experiment with sample queries and pose questions in the public Slack instance of GitHub Security Lab, where CodeQL specialists are available to provide assistance.

Recently, difficulties have arisen when trying to write a CodeQL query to detect vulnerabilities in projects using the Gradio framework. This issue has been highlighted by several users who found it challenging to implement such a query. A notable case involved a user seeking to identify variants of an insecure deserialization vulnerability in a specific project.

The vulnerability in question arises from the use of the pickle.load function to load files uploaded by users, which can lead to attacks if a malicious file is processed. To address this situation, developers need to draft queries that trace the data flow from input parameters to output points capable of executing code, such as in the cases of insecure deserialization.

To facilitate the process, experts advise users to create minimal code examples that allow for the generation of CodeQL databases. This strategy helps reduce the number of results and simplifies query testing. With this approach, it becomes possible to move towards rapid predicate evaluation, visualizing abstract syntax trees, and implementing additional steps that properly propagate the data.

The correct implementation of these tools can lead to the successful identification of vulnerabilities in the code, enabling developers not only to better understand their applications but also to strengthen their security against potential attacks.