session.ql: from-where-select

2025-12-16 10:33:03 +01:00 · 2025-06-04 12:05:23 -07:00
parent 5c11c88a04
commit caba676949
1 changed files with 35 additions and 0 deletions
--- a/session.ql
+++ b/session.ql
@@ -0,0 +1,35 @@
+import cpp
+
+// from Call cl 
+// select cl
+
+
+/*
+
+int get_new_id() {
+    int id = getpid();
+    return id;
+}
+*/
+
+// Goal: Find connection
+
+// 1. reading user data -- source
+//    count = read(STDIN_FILENO, buf, BUFSIZE - 1);
+//                               ^^^
+// from FunctionCall read, Expr buf
+// where read.getTarget().getName() = "read"
+// and buf = read.getArgument(1)
+// select read, buf
+
+
+// 2. writing sql -- sink
+//     rc = sqlite3_exec(db, query, NULL, 0, &zErrMsg);
+//                           ^^^^^
+// from FunctionCall exec, Expr query
+// where exec.getTarget().getName() = "sqlite3_exec"
+// and query = exec.getArgument(1)
+// select exec, query
+
+
+// 3. find call path between 1 and 2 them