hohn/codeql-dataflow-sql-injection
1
0
Fork 0
mirror of https://github.com/hohn/codeql-dataflow-sql-injection.git synced 2025-12-16 10:13:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

workshop updates

Browse Source
This commit is contained in:
Michael Hohn
2022-06-08 14:05:32 +02:00
committed by =Michael Hohn
parent dd664fe4ef
commit 3fe610d354
4 changed files with 78 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
CodeQL-workshop-overview-only.pdf Normal file
View File

Binary file not shown.

29
README.org
View File

@@ -57,8 +57,8 @@
To get started, build the codeql database (adjust paths to your setup): To get started, build the codeql database (adjust paths to your setup):
#+BEGIN_SRC sh #+BEGIN_SRC sh
# Build the db with source commit id. # Build the db with source commit id.
export PATH=$HOME/local/vmsync/codeql250:"$PATH" export PATH=$HOME/local/codeql-2.7.6/codeql:"$PATH"
SRCDIR=$HOME/local/codeql-training-material.cpp-sqli/cpp/codeql-dataflow-sql-injection SRCDIR=$HOME/local/codeql-dataflow-sql-injection
DB=$SRCDIR/cpp-sqli-$(cd $SRCDIR && git rev-parse --short HEAD) DB=$SRCDIR/cpp-sqli-$(cd $SRCDIR && git rev-parse --short HEAD)
echo $DB echo $DB
@@ -70,7 +70,6 @@
Then add this database directory to your VS Code =DATABASES= tab. Then add this database directory to your VS Code =DATABASES= tab.
** Build codeql database in steps ** Build codeql database in steps
For larger projects, using a single command to build everything is costly when For larger projects, using a single command to build everything is costly when
any part of the build fails. any part of the build fails.
@@ -179,8 +178,8 @@
#+BEGIN_SRC sh #+BEGIN_SRC sh
# The setup information from before # The setup information from before
export PATH=$HOME/local/vmsync/codeql250:"$PATH" export PATH=$HOME/local/codeql-2.7.6/codeql:"$PATH"
SRCDIR=$HOME/local/codeql-training-material.cpp-sqli/cpp/codeql-dataflow-sql-injection SRCDIR=$HOME/local/codeql-dataflow-sql-injection
DB=$SRCDIR/cpp-sqli-$(cd $SRCDIR && git rev-parse --short HEAD) DB=$SRCDIR/cpp-sqli-$(cd $SRCDIR && git rev-parse --short HEAD)
# Check paths # Check paths
@@ -191,16 +190,16 @@
codeql database analyze -h codeql database analyze -h
# Run a query # Run a query
codeql database analyze \ codeql database analyze \
-v \ -v \
--ram=14000 \ --ram=14000 \
-j12 \ -j12 \
--rerun \ --rerun \
--search-path ~/local/vmsync/ql \ --search-path $HOME/local/codeql-2.7.6/ql \
--format=sarif-latest \ --format=sarif-latest \
--output cpp-sqli.sarif \ --output cpp-sqli.sarif \
-- \ -- \
$DB \ $DB \
$SRCDIR/SqlInjection.ql $SRCDIR/SqlInjection.ql
# Examine the file in an editor # Examine the file in an editor

6
codeql-dataflow-sql-injection.code-workspace
View File

@@ -4,11 +4,11 @@
"path": "." "path": "."
}, },
{ {
"path": "../../../vmsync/ql" "path": "../codeql-2.7.6/codeql"
}, },
{ {
"name": "[cpp-sqli-89900b3 source archive]", "name": "[cpp-sqli-dd664fe source archive]",
"uri": "codeql-zip-archive://0-110/Users/hohn/local/codeql-training-material.cpp-sqli/cpp/codeql-dataflow-sql-injection/cpp-sqli-89900b3/src.zip" "uri": "codeql-zip-archive://0-72/Users/hohn/local/codeql-dataflow-sql-injection/cpp-sqli-dd664fe/src.zip"
} }
], ],
"settings": { "settings": {

60
sarif-summary.jq Normal file
View File

@@ -0,0 +1,60 @@
# -*- sh -*-
.runs | .[] | .results | .[] |
( (.ruleId, ": ",
(.message.text | split("\n") | ( .[0], " [", length-1 , " more]")),
"\n")
,
(if (.codeFlows != null) then
(.codeFlows | .[] |
(" Path\n"
,
( .threadFlows | .[] | .locations | .[] | .location | " "
,
( .physicalLocation | ( .artifactLocation.uri, ":", .region.startLine, ":"))
,
(.message.text, " ")
,
"\n"
)))
else
(.locations | .[] |
( " "
,
(.physicalLocation | ( .artifactLocation.uri, ":", .region.startLine, ":"))
))
,
# .message.text,
"\n"
end)
) | tostring
# This script extracts the following parts of the sarif output:
#
# # problem
# "runs" : [ {
# "results" : [ {
# "ruleId" : "cpp/UncheckedErrorCode",
# # path problem
# "runs" : [ {
# "tool" : {
# "driver" : {
# "rules" : [ {
# "properties" : {
# "kind" : "path-problem",
# "runs" : [ {
# "results" : [ {
# "ruleId" : "cpp/DangerousArithmetic",
# "ruleIndex" : 6,
# "message" : {
# "text" : "Potential overflow (conversion: int -> unsigned int)\nPotential overflow (con
# "runs" : [ {
# "results" : [ {
# "codeFlows" : [ {
# "threadFlows" : [ {
# "locations" : [ {
# "location" : {
# "message" : {
# "text" : "buff"