hohn/codeql-dataflow-sql-injection
1
0
Fork 0
mirror of https://github.com/hohn/codeql-dataflow-sql-injection.git synced 2025-12-16 10:13:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

Summary: sql injection: sink identification

Browse Source
This commit is contained in:
Michael Hohn
2020-07-20 14:14:55 -07:00
committed by =Michael Hohn
parent c91db6a653
commit 1f385ddfe3
1 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
SqlInjection.ql
View File

@@ -30,10 +30,10 @@ class SqliFlowConfig extends TaintTracking::Configuration {
// where conf.hasFlowPath(source, sink) // where conf.hasFlowPath(source, sink)
// select sink, source, sink, "Possible SQL injection" // select sink, source, sink, "Possible SQL injection"
// Sink identification
// Source identification // rc = sqlite3_exec(db, query, NULL, 0, &zErrMsg);
// count = read(STDIN_FILENO, buf, BUFSIZE); from FunctionCall exec, DataFlow::Node sink
from FunctionCall read, DataFlow::Node source where
where read.getTarget().getName() = "read" exec.getTarget().getName() = "sqlite3_exec" and
and read.getArgument(1) = source.asExpr() exec.getArgument(1) = sink.asExpr()
select read, source select exec, sink