Skills / Engineering / Vulnerability Variant Analysis

Vulnerability Variant Analysis

After finding one bug, hunt for its variants across the codebase using pattern-based analysis. Helps build CodeQL and Semgrep queries to systematically find every instance of a vulnerability class.

A single bug is rarely alone. This skill takes an initial finding and helps you generalize it into a pattern, then build CodeQL or Semgrep queries to sweep the whole codebase for similar instances — turning one fix into a class of fixes.

security variant-analysis codeql semgrep audit

When to use

Use when hunting bug variants after an initial finding, building CodeQL or Semgrep queries, or performing systematic security audits to find every occurrence of a vulnerability pattern.

Examples

Find variants

Sweep for similar bugs after one finding

I found an unchecked user input reaching a shell call here — find all variants of this pattern in the repo

Build a query

Generalize a bug into a Semgrep rule

Turn this specific injection bug into a Semgrep query that catches the whole class
Added to wishlist