From 00bd07be2ba6aa948bcf2b160c1b1e2224378f5a Mon Sep 17 00:00:00 2001
From: Michael Hohn <hohn@github.com>
Date: Mon, 3 Mar 2025 11:21:04 -0800
Subject: [PATCH] add flow with module boilerplate

---
 session.ql | 29 +++++++++++++++++++++++++----
 1 file changed, 25 insertions(+), 4 deletions(-)

diff --git a/session.ql b/session.ql
index b678559..e1cf388 100644
--- a/session.ql
+++ b/session.ql
@@ -26,14 +26,14 @@ class DataSource extends VariableAccess {
 class DataSink extends Expr {
     DataSink() {
       exists(FunctionCall read |
-        read.getTarget().getName() = "sqlite3_exec" and
-        read.getArgument(1) = this
+       read.getTarget().getName() = "sqlite3_exec" and
+       read.getArgument(1) = this
       )
     }
   }
 
-from DataSource ds
-select ds
+// from DataSource ds
+// select ds
 
 
 // from FunctionCall exec, Expr query 
@@ -52,3 +52,24 @@ select ds
 // DFG Data flow graph
 // Type hierarchy
 //
+
+
+import semmle.code.cpp.dataflow.new.TaintTracking
+
+
+module SqliFlowConfig implements DataFlow::ConfigSig {
+    predicate isSource(DataFlow::Node source) {
+    }
+
+    predicate isSink(DataFlow::Node sink) {
+    }
+    
+}
+
+
+module MyFlow = TaintTracking::Global<SqliFlowConfig>;
+import MyFlow::PathGraph
+
+from  MyFlow::PathNode source, MyFlow::PathNode sink
+where MyFlow::flowPath(source, sink)
+select sink, source, sink, "Possible SQL injection"