hohn/codeql-dataflow-sql-injection
1
0
Fork 0
mirror of https://github.com/hohn/codeql-dataflow-sql-injection.git synced 2025-12-16 02:03:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

sql injection: taintstep across snprintf -- function not found

Browse Source
This commit is contained in:
Michael Hohn
2020-07-20 14:38:51 -07:00
committed by =Michael Hohn
parent aa5d019740
commit 45a5e89366
2 changed files with 12 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
SqlInjection.ql
View File

@@ -34,6 +34,11 @@ class SqliFlowConfig extends TaintTracking::Configuration {
}
}
from SqliFlowConfig conf, DataFlow::PathNode source, DataFlow::PathNode sink
where conf.hasFlowPath(source, sink)
select sink, source, sink, "Possible SQL injection"
// from SqliFlowConfig conf, DataFlow::PathNode source, DataFlow::PathNode sink
// where conf.hasFlowPath(source, sink)
// select sink, source, sink, "Possible SQL injection"
// Extra taint step
// snprintf(query, bufsize, "INSERT INTO users VALUES (%d, '%s')", id, info);
from FunctionCall printf, DataFlow::Node into, DataFlow::Node out
where printf.getTarget().getName() = "snprintf"

4
codeql-dataflow-sql-injection.code-workspace
View File

@@ -2,6 +2,10 @@
"folders": [
{
"path": "."
},
{
"name": "[codeql-dataflow-sql-injection-d5b28fb source archive]",
"uri": "codeql-zip-archive://0-66/Users/hohn/local/db/codeql-dataflow-sql-injection-d5b28fb/src.zip/"
}
]
}