hohn/codeql-c-sqli
1
0
Fork 0
mirror of https://github.com/hohn/codeql-c-sqli.git synced 2025-12-15 18:13:04 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
codeql-c-sqli/info.org
Michael Hohn 5c11c88a04 marked TBD sections
2025-03-06 11:17:17 -08:00

6.2 KiB
Raw Permalink Blame History

mac

build db

cpp-sqli-834ef46/

  SRCDIR=$(pwd)
  DB=$SRCDIR/cpp-sqli-$(cd $SRCDIR && git rev-parse --short HEAD)

  echo $DB
  test -d "$DB" && rm -fR "$DB"
  mkdir -p "$DB"

  cd $SRCDIR && codeql database create --language=cpp -s . -j 8 -v $DB --command='./build.sh'

analyze db 

  # Check paths
  echo $DB
  echo $SRCDIR

  # setup
  cd $SRCDIR
  codeql pack install

  # Run the query
  cd $SRCDIR
  codeql database analyze                         \
         -v                                       \
         --ram=14000                              \
         -j12                                     \
         --rerun                                  \
         --format=sarif-latest                    \
         --output cpp-sqli-834ef46.sarif          \
         --                                       \
         $DB                                      \
         $SRCDIR/SqlInjection.ql

hardware 

  0:$ uname -a
  Darwin ghm3 23.6.0 Darwin Kernel Version 23.6.0: Thu Dec 19 20:47:16 PST 2024; root:xnu-10063.141.1.703.2~1/RELEASE_ARM64_T6031 arm64

  0:$ sw_vers -productVersion
  14.7.3

  0:$ sysctl -n machdep.cpu.brand_string
  Apple M3 Max

  0:$ sysctl hw.model
  hw.model: Mac15,8

codeql 

  0:$ codeql --version
  CodeQL command-line toolchain release 2.20.0.

windows

analyze db built on mac 

  # nushell
  # Check paths
  let SRCDIR = (pwd)
  let DB = $"($SRCDIR)/cpp-sqli-834ef46"

  echo $DB
  echo $SRCDIR

  # setup
  cd $SRCDIR
  codeql pack install

  # Run the query
  cd $SRCDIR
  (
      codeql database analyze 
      -v 
      --ram=14000 
      -j12 
      --rerun 
      --format=sarif-latest 
      --output=cpp-sqli-834ef46-windows.sarif 
      -- 
      $DB 
      $"($SRCDIR)/SqlInjection.ql"
  )
  • query log
  ~\work-gh\codeql-c-sqli-lfs> (
      codeql database analyze
      -v
      --ram=14000
      -j12
      --rerun
      --format=sarif-latest
      --output=cpp-sqli-834ef46-windows.sarif
      --
      $DB
      $"($SRCDIR)/SqlInjection.ql"
  )
  Writing logs to C:\Users\mhhoh\work-gh\codeql-c-sqli-lfs\cpp-sqli-834ef46\log\database-analyze-20250305.163853.167.log.
  Running queries.
  Stringpool size measured as 2326938
  Writing logs to C:\Users\mhhoh\work-gh\codeql-c-sqli-lfs\cpp-sqli-834ef46\log\execute-queries-20250305.163853.654.log.
  Recording pack reference codeql-workshop/cpp-sql-injection at C:\Users\mhhoh\work-gh\codeql-c-sqli-lfs.
  Error retrieving qlpack commit hash from Git repository
  Compiling query plan for C:\Users\mhhoh\work-gh\codeql-c-sqli-lfs\SqlInjection.ql.
  Resolving imports for C:\Users\mhhoh\work-gh\codeql-c-sqli-lfs\SqlInjection.ql.
  Checking QL for C:\Users\mhhoh\work-gh\codeql-c-sqli-lfs\SqlInjection.ql.
  Optimizing C:\Users\mhhoh\work-gh\codeql-c-sqli-lfs\SqlInjection.ql.
  [1/1 comp 40.1s] Compiled C:\Users\mhhoh\work-gh\codeql-c-sqli-lfs\SqlInjection.ql.
  Starting evaluation of codeql-workshop\cpp-sql-injection\SqlInjection.ql.
  [1/1 eval 3.4s] Evaluation done; writing results to codeql-workshop\cpp-sql-injection\SqlInjection.bqrs.
  Shutting down query evaluator.
  Interpreting results.
  Writing logs to C:\Users\mhhoh\work-gh\codeql-c-sqli-lfs\cpp-sqli-834ef46\log\database-interpret-results-20250305.163940.362.log.
  Recording pack reference codeql-workshop/cpp-sql-injection at C:\Users\mhhoh\work-gh\codeql-c-sqli-lfs.
  Interpreting C:\Users\mhhoh\work-gh\codeql-c-sqli-lfs\SqlInjection.ql...
   ... found results file at C:\Users\mhhoh\work-gh\codeql-c-sqli-lfs\cpp-sqli-834ef46\results\codeql-workshop\cpp-sql-injection\SqlInjection.bqrs.
  Interpreted pathproblem query "SQLI Vulnerability" (cpp/sqlivulnerable) at path C:\Users\mhhoh\work-gh\codeql-c-sqli-lfs\cpp-sqli-834ef46\results\codeql-workshop\cpp-sql-injection\SqlInjection.bqrs.
  Interpreting file coverage baseline information
  Finished interpreting file coverage baseline information.
  Interpreting diagnostic messages...
  Found 2 raw diagnostic messages.
  Processed diagnostic messages (removed 0 due to limits, created 0 summary diagnostics for status page).
  Interpreted diagnostic messages (34ms).
  Exporting results to SARIF...
  Exported results to SARIF (90ms).

build db TBD 

  # SRCDIR=$(pwd)
  # DB=$SRCDIR/cpp-sqli-$(cd $SRCDIR && git rev-parse --short HEAD)

  # echo $DB
  # test -d "$DB" && rm -fR "$DB"
  # mkdir -p "$DB"

  # cd $SRCDIR && codeql database create --language=cpp -s . -j 8 -v $DB --command='./build.sh'

analyze windows-built db TBD 

  # # Check paths
  # echo $DB
  # echo $SRCDIR

  # # setup
  # cd $SRCDIR
  # codeql pack install

  # # Run the query
  # cd $SRCDIR
  # codeql database analyze                         \
  #        -v                                       \
  #        --ram=14000                              \
  #        -j12                                     \
  #        --rerun                                  \
  #        --format=sarif-latest                    \
  #        --output cpp-sqli-834ef46.sarif          \
  #        --                                       \
  #        $DB                                      \
  #        $SRCDIR/SqlInjection.ql

hardware 

  codeql-c-sqli-lfs> systeminfo | findstr /B /C:"OS Name" /C:"OS Version"
  OS Name:                       Microsoft Windows 11 Pro
  OS Version:                    10.0.26100 N/A Build 26100


  (Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion").ReleaseId
  2009


  Get-CimInstance -ClassName Win32_Processor | Select-Object -ExpandProperty Name
  Intel(R) Core(TM) i7-14700K

codeql 

  ~\work-gh\codeql-c-sqli-lfs> codeql --version
  CodeQL command-line toolchain release 2.20.5.