Find similar vulnerabilities and bugs across codebases using pattern-based analysis.
Author: Axel Mierczuk
Use this skill when you need to:
- Hunt for bug variants after finding an initial vulnerability
- Build CodeQL or Semgrep queries from a known bug pattern
- Perform systematic code audits across large codebases
- Analyze security vulnerabilities and find similar instances
- Create reusable patterns for recurring vulnerability classes
This skill provides a systematic five-step process for variant analysis:
- Understand the original issue - Identify root cause, conditions, and exploitability
- Create an exact match - Start with a pattern matching only the known bug
- Identify abstraction points - Determine what can be generalized
- Iteratively generalize - Expand patterns one element at a time
- Analyze and triage - Document and prioritize findings
Includes:
- Tool selection guidance (ripgrep, Semgrep, CodeQL)
- Critical pitfalls to avoid (narrow scope, over-specific patterns)
- Ready-to-use templates for CodeQL and Semgrep in Python, JavaScript, Java, Go, and C++
- Detailed methodology documentation
/plugin install trailofbits/skills/plugins/variant-analysis
codeql- Primary tool for deep interprocedural variant analysissemgrep- Fast pattern matching for simpler variantssarif-parsing- Process variant analysis results