ShiftLeft Ocular enables code auditors to leverage the power of the Code Property Graph (CPG) with custom queries. Traditional code analysis tools run a generic set of tests against code. However, this leads to false positives and false negatives. With custom queries, the code auditor can use their knowledge of sources, transforms, and sinks to minimize false positives, such as alerting on unsanitized routes. Additionally, custom queries can identify vulnerabilities in indirect data flows that generic tests miss. Lastly, queries can be saved as policies and automatically inserted to evaluate every release in DevOps pipeline.
Learn how to craft powerful queries and uncover vulnerabilities in complex code-bases. See Dr Fabian Yamaguchi uncover the Zip-Slip vulnerability by analyzing data flow paths in the code responsible for illegal file path traversal.
Ocular Query Language - OQL (pronounced as ‘Oh-kewl!’) is built on top of Scala. Developers can create their own powerful analysis scripts within minutes and arm themselves with their custom nifty tools!Learn more