From 42e2c5de8b334839ba334ea6428d14491e1d11fa Mon Sep 17 00:00:00 2001
From: Michael Hohn <hohn@github.com>
Date: Mon, 20 Jul 2020 14:07:49 -0700
Subject: [PATCH] sql injection: source is argument to read

---
 SqlInjection.ql | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/SqlInjection.ql b/SqlInjection.ql
index 04206fa..d61334b 100644
--- a/SqlInjection.ql
+++ b/SqlInjection.ql
@@ -28,6 +28,7 @@ class SqliFlowConfig extends TaintTracking::Configuration {
 
 // Source identification
 // count = read(STDIN_FILENO, buf, BUFSIZE);
-from FunctionCall read
+from FunctionCall read, DataFlow::Node source
 where read.getTarget().getName() = "read"
-select read
+and read.getArgument(1) = source.asExpr()
+select read, source