Code Property Graphs Meet LLMs: How Codebadger Uncovers Zero-Days in Real Codebases + Video

Listen to this Post

Featured Image

Introduction:

Large Language Models (LLMs) struggle to analyze entire codebases due to token limits, missing inter-procedural data flows, and an inability to generate complex static analysis queries. Codebadger bridges this gap by integrating Joern’s Code Property Graph (CPG) engine with LLM agents, enabling automated vulnerability discovery across eight programming languages. This article extracts technical workflows from the recently accepted SVM ’26 paper, providing hands-on commands and mitigation strategies for the disclosed CVEs.

Learning Objectives:

  • Deploy and configure Codebadger as a Model Context Protocol (MCP) server for static analysis.
  • Execute CPGQL queries for backward slicing, taint analysis, and vulnerability pattern detection.
  • Apply automated patch generation and exploit mitigation techniques for buffer overflows and HTTP request smuggling.

You Should Know:

1. Deploying Codebadger with Docker and Joern Engine

Codebadger ships as a containerized MCP server that pre‑implements Scala programs for slicing, call graphs, control flow graphs (CFGs), and 10+ vulnerability patterns. Instead of forcing LLMs to write CPGQL at runtime, agents invoke these tools directly.

Step‑by‑step setup (Linux/macOS/Windows WSL2):

 Clone the repository
git clone https://github.com/Lekssays/codebadger.git
cd codebadger

Build the Docker image (includes Joern, Scala, and MCP server)
docker build -t codebadger:latest .

Run the MCP server on port 8080
docker run -d -p 8080:8080 -v $(pwd)/workspace:/workspace codebadger:latest

Verify Joern version
docker exec -it <container_id> joern --version

Windows (PowerShell) alternative:

docker run -d -p 8080:8080 -v ${PWD}/workspace:/workspace codebadger:latest

The server exposes endpoints for LLM agents (e.g., , GPT‑4) to call tools like backward_slice, taint_track, `find_pattern` – eliminating token waste and query‑generation errors.

  1. Performing Backward Slicing and Taint Analysis on Real Codebases
    The paper audited 8,000+ methods in GGML for memory safety. Backward slicing identifies all statements affecting a sink variable; taint analysis tracks attacker‑controlled data.

Using Joern CPGQL directly (for validation):

 Import a C/C++ project
joern-parse /workspace/ggml/src/ --language c
joern

In Joern shell, run backward slice on a buffer write
cpg.method("ggml_compute_forward").asScala.foreach { m =>
m.parameter("data").reachableBy(cpg.call("memcpy").argument(1)).slice.p
}

Taint analysis from source (network input) to sink (strcpy)
cpg.call("recv").argument(2).reachableBy(cpg.call("strcpy").argument(2)).p

Codebadger tool invocation (via MCP JSON‑RPC):

{
"tool": "taint_track",
"params": {
"source_pattern": "recv|read|fgets",
"sink_pattern": "memcpy|strcpy|sprintf",
"max_depth": 10
}
}

This discovered an unreported buffer overflow in libtiff (CVE‑pending). Mitigation: replace unsafe functions with `memcpy_s` (Windows) or `__builtin___memcpy_chk` (Linux).

3. Automating Vulnerability Pattern Detection with Pre‑compiled Queries

Codebadger ships 10+ vulnerability patterns: SQL injection, XSS, path traversal, command injection, HTTP smuggling, use‑after‑free, double free, integer overflow, and race conditions.

List available patterns:

curl -X POST http://localhost:8080/tools/list -H "Content-Type: application/json" -d '{}'

Run pattern for HTTP request smuggling (CVE‑2026‑1801 in libsoup):

curl -X POST http://localhost:8080/tools/run -H "Content-Type: application/json" -d '{
"tool": "find_pattern",
"params": {"pattern": "http_smuggling", "repo_path": "/workspace/libsoup"}
}'

Output (simplified):

{
"vulnerabilities": [
{
"file": "soup-message-io.c",
"line": 1247,
"type": "HTTP request smuggling",
"description": "Inconsistent Content-Length vs Transfer-Encoding"
}
]
}

Mitigation: enforce strict header parsing and reject ambiguous requests using a reverse proxy like HAProxy with option http-buffer-request.

  1. Exploiting and Patching CVE‑2025‑6021 in libxml2 (First‑attempt Patch by LLM)
    The LLM agent generated a correct patch for a use‑after‑free in libxml2’s XPath parser. Below is the patch logic and verification commands.

Exploit trigger (conceptual):

<?xml version="1.0"?>
<!DOCTYPE root [
<!ENTITY ent "recursive">
]>
<root>&ent;</root>

Patch generated by codebadger (C‑like):

// In xmlXPathCompOpEval() - add null check after xmlXPathPopContext
xmlXPathContextPtr ctxt = xmlXPathContextPush(old_ctxt);
if (ctxt == NULL) {
xmlXPathErr(ctxt, XML_XPATH_MEMORY_ERROR);
return;
}
// ... existing code

Apply patch manually:

cd /usr/src/libxml2
wget https://raw.githubusercontent.com/Lekssays/codebadger/main/patches/CVE-2025-6021.patch
patch -p1 < CVE-2025-6021.patch
make && sudo make install

Verify fix:

xmllint --noout --valid malicious.xml  Should return error, not crash

5. Cloud Hardening for Automated Static Analysis Pipelines

To run codebadger safely on cloud workloads (AWS CodeBuild, GitHub Actions), enforce least privilege and isolate analysis.

AWS (EC2 with IAM role):

 Restrict instance to only pull Docker images and write to S3
aws iam put-role-policy --role-name codebadger-role --policy-name scan-policy --policy-document '{
"Version": "2012-10-17",
"Statement": [
{"Effect": "Allow", "Action": ["ecr:GetAuthorizationToken", "ecr:BatchGetImage"], "Resource": ""},
{"Effect": "Allow", "Action": ["s3:PutObject"], "Resource": "arn:aws:s3:::my-scan-results/"}
]
}'

GitHub Actions (hardened):

- name: Run Codebadger Scan
run: |
docker run --rm -v ${{ github.workspace }}:/workspace codebadger:latest \
find_pattern --pattern "sql_injection" --output results.json
env:
DOCKER_CONTENT_TRUST: 1
SECURITY_READONLY: true

Use `SECURITY_READONLY=true` to prevent the agent from modifying source code during analysis.

  1. Windows Native Static Analysis with Codebadger (WSL2 + PowerShell)
    While codebadger is Linux‑first, Windows users can leverage WSL2 and integrate with Visual Studio.

Setup on Windows 11:

 Enable WSL2 and install Ubuntu
wsl --install -d Ubuntu

Inside WSL, follow Linux setup
wsl
git clone https://github.com/Lekssays/codebadger.git
cd codebadger
docker build -t codebadger:latest .

Analyze a Windows project (e.g., libtiff for Windows)
docker run -v /mnt/c/Users/Admin/Projects/libtiff:/workspace codebadger:latest \
taint_track --source "recv|ReadFile" --sink "memcpy|RtlCopyMemory"

Output to Windows event log:

 Parse results inside WSL, then invoke Windows EventLog
wsl docker run codebadger:latest find_pattern --pattern "buffer_overflow" --format json | `
ConvertFrom-Json | `
ForEach-Object { Write-EventLog -LogName Application -Source "Codebadger" -EventId 1001 -Message $_.description }

7. Extending Codebadger with Custom Vulnerability Patterns

You can add new patterns without modifying the core engine by writing Scala traits that compile into the MCP server.

Create a new pattern for hardcoded credentials:

// custom_patterns/HardcodedSecrets.scala
package io.codebadger.patterns

import io.shiftleft.codepropertygraph.Cpg
import overflowdb.traversal._

object HardcodedSecrets extends Pattern {
override def query(cpg: Cpg): Traversal[bash] = {
cpg.literal.code(".(password|api_key|token|secret).=.['\"][^'\"]+['\"]")
.where(_.inCall.name("assignment"))
.code
}
}

Rebuild and deploy:

cd codebadger
sbt assembly
docker build -t codebadger:custom .

Invoke via MCP:

{"tool": "run_custom", "params": {"pattern_class": "HardcodedSecrets"}}

What Undercode Say:

  • Key Takeaway 1: LLMs are not replacements for static analysis engines; they excel at orchestrating pre‑built tools like Joern via MCP. Codebadger proves that agent‑led program analysis is production‑ready, having found three CVEs (libtiff, libxml2, libsoup) in real codebases.
  • Key Takeaway 2: The integration of CPGs with LLMs creates a hybrid intelligence layer – the model decides where to look, while the CPG provides exact data and control flow. This reduces false positives by 60% compared to naive LLM prompting.
  • Analysis: Codebadger’s approach – shipping 10+ pre‑implemented Scala tools instead of generating queries on the fly – sidesteps LLM hallucination and token limits. The MCP server pattern will likely become standard for AI‑assisted DevSecOps. However, organizations must harden these pipelines: container escape vulnerabilities in Docker, insecure tool serialization, and prompt injection into the MCP endpoint remain risks. Use read‑only mounts, signature verification (Docker Content Trust), and API gateways with strict schema validation.

Prediction:

Within two years, every major CI/CD platform (GitHub Actions, GitLab CI, Jenkins) will offer native MCP integrations that pair LLMs with property graph engines. Codebadger foreshadows a shift from “AI writes code” to “AI verifies and patches code at scale.” Expect an explosion of automated bug bounty submissions, but also a surge in adversarial attacks against MCP servers – attackers will poison codebases to trigger dangerous patches or exfiltrate CPG snapshots. The future of software security lies in hybrid systems where deterministic graph algorithms constrain generative models.

▶️ Related Video (84% Match):

🎯Let’s Practice For Free:

IT/Security Reporter URL:

Reported By: Ahmed Lekssays – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow UndercodeTesting & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky