codeql-c-sqli/cpp-sqli-834ef46.sarif

{"$schema":"https://json.schemastore.org/sarif-2.1.0.json","version":"2.1.0","runs":[{"tool":{"driver":{"name":"CodeQL","organization":"GitHub","semanticVersion":"2.20.0","notifications":[{"id":"cpp/baseline/expected-extracted-files","name":"cpp/baseline/expected-extracted-files","shortDescription":{"text":"Expected extracted files"},"fullDescription":{"text":"Files appearing in the source archive that are expected to be extracted."},"defaultConfiguration":{"enabled":true},"properties":{"tags":["expected-extracted-files","telemetry"]}},{"id":"cli/sip-enablement","name":"cli/sip-enablement","shortDescription":{"text":"macOS SIP enablement status"},"fullDescription":{"text":"macOS SIP enablement status"},"defaultConfiguration":{"enabled":true}},{"id":"cpp/extractor/summary","name":"cpp/extractor/summary","shortDescription":{"text":"C++ extractor telemetry"},"fullDescription":{"text":"C++ extractor telemetry"},"defaultConfiguration":{"enabled":true}}],"rules":[{"id":"cpp/sqlivulnerable","name":"cpp/sqlivulnerable","shortDescription":{"text":"SQLI Vulnerability"},"fullDescription":{"text":"Using untrusted strings in a sql query allows sql injection attacks."},"defaultConfiguration":{"enabled":true,"level":"warning"},"properties":{"description":"Using untrusted strings in a sql query allows sql injection attacks.","id":"cpp/sqlivulnerable","kind":"path-problem","name":"SQLI Vulnerability","problem.severity":"warning"}}]},"extensions":[{"name":"codeql-workshop/cpp-sql-injection","semanticVersion":"0.0.1","locations":[{"uri":"file:///Users/hohn/work-gh/codeql-c-sqli-lfs/","description":{"text":"The QL pack root directory."},"properties":{"tags":["CodeQL/LocalPackRoot"]}},{"uri":"file:///Users/hohn/work-gh/codeql-c-sqli-lfs/qlpack.yml","description":{"text":"The QL pack definition file."},"properties":{"tags":["CodeQL/LocalPackDefinitionFile"]}}]},{"name":"codeql/cpp-all","semanticVersion":"4.0.1+975881c74a74d3965e1690c9c24d82b581336b0c","locations":[{"uri":"file:///Users/hohn/.codeql/packages/codeql/cpp-all/4.0.1/","description":{"text":"The QL pack root directory."},"properties":{"tags":["CodeQL/LocalPackRoot"]}},{"uri":"file:///Users/hohn/.codeql/packages/codeql/cpp-all/4.0.1/qlpack.yml","description":{"text":"The QL pack definition file."},"properties":{"tags":["CodeQL/LocalPackDefinitionFile"]}}]}]},"invocations":[{"toolExecutionNotifications":[{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"add-user.c","uriBaseId":"%SRCROOT%","index":0}}}],"message":{"text":""},"level":"none","descriptor":{"id":"cpp/baseline/expected-extracted-files","index":0},"properties":{"formattedMessage":{"text":""}}},{"message":{"text":""},"level":"note","timeUtc":"2025-03-05T03:28:50.931470Z","descriptor":{"id":"cli/sip-enablement","index":1},"properties":{"attributes":{"isEnabled":true},"visibility":{"statusPage":false,"telemetry":true}}},{"message":{"text":"Internal telemetry for the C++ extractor.\n\nNo action needed.","markdown":"Internal telemetry for the C++ extractor.\n\nNo action needed."},"level":"note","timeUtc":"2025-03-05T03:29:09.209707Z","descriptor":{"id":"cpp/extractor/summary","index":2},"properties":{"attributes":{"cache-hits":0,"cache-misses":1,"compilers":[{"program":"clang","version":"Apple clang version 16.0.0 (clang-1600.0.26.6)"},{"program":"clang-cc1","version":"Apple clang version 16.0.0 (clang-1600.0.26.6)"}],"extractor-failures":0,"extractor-successes":1,"trap-caching":"disabled"},"visibility":{"statusPage":false,"telemetry":true}}}],"executionSuccessful":true}],"artifacts":[{"location":{"uri":"add-user.c","uriBaseId":"%SRCROOT%","index":0}}],"results":[{"ruleId":"cpp/sqlivulnerable","ruleIndex":0,"rule":{"id":"cpp/sqlivulnerable","index":0},"message":{"text":"Possible SQL injection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"add-user.c","uriBaseId":"%SRCROOT%","index":0},"region":{"startLine":84,"startColumn":27,"endColumn":32}}}],"partialFingerprints":{"primaryLocationLineHash":"9a8bc91bbc363391:1","primaryLocationStartColumnFingerprint":"22"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"add-user.c","uriBaseId":"%SRCROOT%","index":0},"region":{"startLine":52,"startColumn":32,"endColumn":35}},"message":{"text":"read output argument"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"add-user.c","uriBaseId":"%SRCROOT%","index":0},"region":{"startLine":60,"startColumn":12,"endColumn":15}},"message":{"text":"*buf"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"add-user.c","uriBaseId":"%SRCROOT%","index":0},"region":{"startLine":42,"startColumn":7,"endColumn":20}},"message":{"text":"**get_user_info"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"add-user.c","uriBaseId":"%SRCROOT%","index":0},"region":{"startLine":93,"startColumn":12,"endColumn":25}},"message":{"text":"*call to get_user_info"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"add-user.c","uriBaseId":"%SRCROOT%","index":0},"region":{"startLine":93,"startColumn":5,"endColumn":27}},"message":{"text":"*... = ..."}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"add-user.c","uriBaseId":"%SRCROOT%","index":0},"region":{"startLine":95,"startColumn":20,"endColumn":24}},"message":{"text":"*info"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"add-user.c","uriBaseId":"%SRCROOT%","index":0},"region":{"startLine":68,"startColumn":31,"endColumn":35}},"message":{"text":"*info"}}},{"location":{"physicalLocation":{"artifactLocation":{"uri":"add-user.c","uriBaseId":"%SRCROOT%","index":0},"region":{"startLine":84,"startColumn":27,"endColumn":32}},"message":{"text":"*query"}},"taxa":[{"id":"TaintFunction","properties":{"CodeQL/DataflowRole":"step"}}]}]}]}]}],"columnKind":"utf16CodeUnits","properties":{"semmle.formatSpecifier":"sarif-latest"}}]}