With this week being the 6th week of the Internship, the progress I have made as regards the project I am working on; "Suricata Hardening: Work on finding and fixing bugs in Suricata using code analyzing tools.", the Code analysis tool which will be utilised for the codebase hardening is CodeQL, and the environmental setup for this tool has been completed. I have researched several queries in CodeQL's query database to figure out queries of specific flaws that could be detrimental to the functionality and security of Suricata.

I have performed a series of test with CodeQL on the codebase, to be sure the environmental set-up has been done correctly and everything works fine.

I have also compiled and downloaded 14 groups of queries which contains more than 25 queries that will be ran on the Suricata's codebase to check for vulnerabilities and bad coding practices.

I will begin performing the code analysis on the codebase with CodeQL this week.

Resources:

• CodeQL's Website.

• Setting Up CodeQL.

• CodeQL CPP Security Queries.

• Common Weakness Enumeration's Website.

N.B: Possible weaknesses that could be found in a software are available in the CWE database, along with details about these weaknesses. Weaknesses are identified with numbers, for example; CWE-111, CWE-89.