session.ql: from-where-select

session.ql

@@ -0,0 +1,35 @@
+import cpp
+
+// from Call cl 
+// select cl
+
+
+/*
+
+int get_new_id() {
+    int id = getpid();
+    return id;
+}
+*/
+
+// Goal: Find connection
+
+// 1. reading user data -- source
+//    count = read(STDIN_FILENO, buf, BUFSIZE - 1);
+//                               ^^^
+// from FunctionCall read, Expr buf
+// where read.getTarget().getName() = "read"
+// and buf = read.getArgument(1)
+// select read, buf
+
+
+// 2. writing sql -- sink
+//     rc = sqlite3_exec(db, query, NULL, 0, &zErrMsg);
+//                           ^^^^^
+// from FunctionCall exec, Expr query
+// where exec.getTarget().getName() = "sqlite3_exec"
+// and query = exec.getArgument(1)
+// select exec, query
+
+
+// 3. find call path between 1 and 2 them