We will be investigating CVE-2022-24839 in this workshop.

Using CLI version 2.9.0 and CodeQL lib version 2.9.0.

If you are on OSX, after downloading the CLI and library, you will need to clear the extra attributes set on the zips using the following: xattr -c *.zip

Pre-made databases can be downloaded from here.

Locally build using:

• obtain the application that we will be querying, nekohtml
• the following buildstep requires ant to be installed
• make a databases directory: mkdir databases
• checkout the versions of the application right before the patch, and the commit where the patch was applied, then for each of those commits:
  • run ./makedb.sh