Vulnerability Variant Analysis
After finding one bug, hunt for its variants across the codebase using pattern-based analysis. Helps build CodeQL and Semgrep queries to systematically find every instance of a vulnerability class.
A single bug is rarely alone. This skill takes an initial finding and helps you generalize it into a pattern, then build CodeQL or Semgrep queries to sweep the whole codebase for similar instances — turning one fix into a class of fixes.
When to use
Use when hunting bug variants after an initial finding, building CodeQL or Semgrep queries, or performing systematic security audits to find every occurrence of a vulnerability pattern.
Examples
Find variants
Sweep for similar bugs after one finding
I found an unchecked user input reaching a shell call here — find all variants of this pattern in the repo
Build a query
Generalize a bug into a Semgrep rule
Turn this specific injection bug into a Semgrep query that catches the whole class