Listen to this Post

Introduction:
Large Language Models (LLMs) struggle to analyze entire codebases due to token limits, missing inter-procedural data flows, and an inability to generate complex static analysis queries. Codebadger bridges this gap by integrating Joern’s Code Property Graph (CPG) engine with LLM agents, enabling automated vulnerability discovery across eight programming languages. This article extracts technical workflows from the recently accepted SVM ’26 paper, providing hands-on commands and mitigation strategies for the disclosed CVEs.
Learning Objectives:
- Deploy and configure Codebadger as a Model Context Protocol (MCP) server for static analysis.
- Execute CPGQL queries for backward slicing, taint analysis, and vulnerability pattern detection.
- Apply automated patch generation and exploit mitigation techniques for buffer overflows and HTTP request smuggling.
You Should Know:
1. Deploying Codebadger with Docker and Joern Engine
Codebadger ships as a containerized MCP server that pre‑implements Scala programs for slicing, call graphs, control flow graphs (CFGs), and 10+ vulnerability patterns. Instead of forcing LLMs to write CPGQL at runtime, agents invoke these tools directly.
Step‑by‑step setup (Linux/macOS/Windows WSL2):
Clone the repository git clone https://github.com/Lekssays/codebadger.git cd codebadger Build the Docker image (includes Joern, Scala, and MCP server) docker build -t codebadger:latest . Run the MCP server on port 8080 docker run -d -p 8080:8080 -v $(pwd)/workspace:/workspace codebadger:latest Verify Joern version docker exec -it <container_id> joern --version
Windows (PowerShell) alternative:
docker run -d -p 8080:8080 -v ${PWD}/workspace:/workspace codebadger:latest
The server exposes endpoints for LLM agents (e.g., , GPT‑4) to call tools like backward_slice, taint_track, `find_pattern` – eliminating token waste and query‑generation errors.
- Performing Backward Slicing and Taint Analysis on Real Codebases
The paper audited 8,000+ methods in GGML for memory safety. Backward slicing identifies all statements affecting a sink variable; taint analysis tracks attacker‑controlled data.
Using Joern CPGQL directly (for validation):
Import a C/C++ project
joern-parse /workspace/ggml/src/ --language c
joern
In Joern shell, run backward slice on a buffer write
cpg.method("ggml_compute_forward").asScala.foreach { m =>
m.parameter("data").reachableBy(cpg.call("memcpy").argument(1)).slice.p
}
Taint analysis from source (network input) to sink (strcpy)
cpg.call("recv").argument(2).reachableBy(cpg.call("strcpy").argument(2)).p
Codebadger tool invocation (via MCP JSON‑RPC):
{
"tool": "taint_track",
"params": {
"source_pattern": "recv|read|fgets",
"sink_pattern": "memcpy|strcpy|sprintf",
"max_depth": 10
}
}
This discovered an unreported buffer overflow in libtiff (CVE‑pending). Mitigation: replace unsafe functions with `memcpy_s` (Windows) or `__builtin___memcpy_chk` (Linux).
3. Automating Vulnerability Pattern Detection with Pre‑compiled Queries
Codebadger ships 10+ vulnerability patterns: SQL injection, XSS, path traversal, command injection, HTTP smuggling, use‑after‑free, double free, integer overflow, and race conditions.
List available patterns:
curl -X POST http://localhost:8080/tools/list -H "Content-Type: application/json" -d '{}'
Run pattern for HTTP request smuggling (CVE‑2026‑1801 in libsoup):
curl -X POST http://localhost:8080/tools/run -H "Content-Type: application/json" -d '{
"tool": "find_pattern",
"params": {"pattern": "http_smuggling", "repo_path": "/workspace/libsoup"}
}'
Output (simplified):
{
"vulnerabilities": [
{
"file": "soup-message-io.c",
"line": 1247,
"type": "HTTP request smuggling",
"description": "Inconsistent Content-Length vs Transfer-Encoding"
}
]
}
Mitigation: enforce strict header parsing and reject ambiguous requests using a reverse proxy like HAProxy with option http-buffer-request.
- Exploiting and Patching CVE‑2025‑6021 in libxml2 (First‑attempt Patch by LLM)
The LLM agent generated a correct patch for a use‑after‑free in libxml2’s XPath parser. Below is the patch logic and verification commands.
Exploit trigger (conceptual):
<?xml version="1.0"?> <!DOCTYPE root [ <!ENTITY ent "recursive"> ]> <root>&ent;</root>
Patch generated by codebadger (C‑like):
// In xmlXPathCompOpEval() - add null check after xmlXPathPopContext
xmlXPathContextPtr ctxt = xmlXPathContextPush(old_ctxt);
if (ctxt == NULL) {
xmlXPathErr(ctxt, XML_XPATH_MEMORY_ERROR);
return;
}
// ... existing code
Apply patch manually:
cd /usr/src/libxml2 wget https://raw.githubusercontent.com/Lekssays/codebadger/main/patches/CVE-2025-6021.patch patch -p1 < CVE-2025-6021.patch make && sudo make install
Verify fix:
xmllint --noout --valid malicious.xml Should return error, not crash
5. Cloud Hardening for Automated Static Analysis Pipelines
To run codebadger safely on cloud workloads (AWS CodeBuild, GitHub Actions), enforce least privilege and isolate analysis.
AWS (EC2 with IAM role):
Restrict instance to only pull Docker images and write to S3
aws iam put-role-policy --role-name codebadger-role --policy-name scan-policy --policy-document '{
"Version": "2012-10-17",
"Statement": [
{"Effect": "Allow", "Action": ["ecr:GetAuthorizationToken", "ecr:BatchGetImage"], "Resource": ""},
{"Effect": "Allow", "Action": ["s3:PutObject"], "Resource": "arn:aws:s3:::my-scan-results/"}
]
}'
GitHub Actions (hardened):
- name: Run Codebadger Scan
run: |
docker run --rm -v ${{ github.workspace }}:/workspace codebadger:latest \
find_pattern --pattern "sql_injection" --output results.json
env:
DOCKER_CONTENT_TRUST: 1
SECURITY_READONLY: true
Use `SECURITY_READONLY=true` to prevent the agent from modifying source code during analysis.
- Windows Native Static Analysis with Codebadger (WSL2 + PowerShell)
While codebadger is Linux‑first, Windows users can leverage WSL2 and integrate with Visual Studio.
Setup on Windows 11:
Enable WSL2 and install Ubuntu wsl --install -d Ubuntu Inside WSL, follow Linux setup wsl git clone https://github.com/Lekssays/codebadger.git cd codebadger docker build -t codebadger:latest . Analyze a Windows project (e.g., libtiff for Windows) docker run -v /mnt/c/Users/Admin/Projects/libtiff:/workspace codebadger:latest \ taint_track --source "recv|ReadFile" --sink "memcpy|RtlCopyMemory"
Output to Windows event log:
Parse results inside WSL, then invoke Windows EventLog
wsl docker run codebadger:latest find_pattern --pattern "buffer_overflow" --format json | `
ConvertFrom-Json | `
ForEach-Object { Write-EventLog -LogName Application -Source "Codebadger" -EventId 1001 -Message $_.description }
7. Extending Codebadger with Custom Vulnerability Patterns
You can add new patterns without modifying the core engine by writing Scala traits that compile into the MCP server.
Create a new pattern for hardcoded credentials:
// custom_patterns/HardcodedSecrets.scala
package io.codebadger.patterns
import io.shiftleft.codepropertygraph.Cpg
import overflowdb.traversal._
object HardcodedSecrets extends Pattern {
override def query(cpg: Cpg): Traversal[bash] = {
cpg.literal.code(".(password|api_key|token|secret).=.['\"][^'\"]+['\"]")
.where(_.inCall.name("assignment"))
.code
}
}
Rebuild and deploy:
cd codebadger sbt assembly docker build -t codebadger:custom .
Invoke via MCP:
{"tool": "run_custom", "params": {"pattern_class": "HardcodedSecrets"}}
What Undercode Say:
- Key Takeaway 1: LLMs are not replacements for static analysis engines; they excel at orchestrating pre‑built tools like Joern via MCP. Codebadger proves that agent‑led program analysis is production‑ready, having found three CVEs (libtiff, libxml2, libsoup) in real codebases.
- Key Takeaway 2: The integration of CPGs with LLMs creates a hybrid intelligence layer – the model decides where to look, while the CPG provides exact data and control flow. This reduces false positives by 60% compared to naive LLM prompting.
- Analysis: Codebadger’s approach – shipping 10+ pre‑implemented Scala tools instead of generating queries on the fly – sidesteps LLM hallucination and token limits. The MCP server pattern will likely become standard for AI‑assisted DevSecOps. However, organizations must harden these pipelines: container escape vulnerabilities in Docker, insecure tool serialization, and prompt injection into the MCP endpoint remain risks. Use read‑only mounts, signature verification (Docker Content Trust), and API gateways with strict schema validation.
Prediction:
Within two years, every major CI/CD platform (GitHub Actions, GitLab CI, Jenkins) will offer native MCP integrations that pair LLMs with property graph engines. Codebadger foreshadows a shift from “AI writes code” to “AI verifies and patches code at scale.” Expect an explosion of automated bug bounty submissions, but also a surge in adversarial attacks against MCP servers – attackers will poison codebases to trigger dangerous patches or exfiltrate CPG snapshots. The future of software security lies in hybrid systems where deterministic graph algorithms constrain generative models.
▶️ Related Video (84% Match):
🎯Let’s Practice For Free:
IT/Security Reporter URL:
Reported By: Ahmed Lekssays – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅


