hohn/codeql-dataflow-sql-injection
1
0
Fork 0
mirror of https://github.com/hohn/codeql-dataflow-sql-injection.git synced 2025-12-16 18:23:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

sql injection: taintstep across snprintf -- function not found

Browse Source
This commit is contained in:
Michael Hohn
2020-07-20 14:38:51 -07:00
committed by =Michael Hohn
parent aa5d019740
commit 45a5e89366
2 changed files with 12 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
SqlInjection.ql
View File

@@ -34,6 +34,11 @@ class SqliFlowConfig extends TaintTracking::Configuration {
}
}
from SqliFlowConfig conf, DataFlow::PathNode source, DataFlow::PathNode sink
where conf.hasFlowPath(source, sink)
select sink, source, sink, "Possible SQL injection"
// from SqliFlowConfig conf, DataFlow::PathNode source, DataFlow::PathNode sink
// where conf.hasFlowPath(source, sink)
// select sink, source, sink, "Possible SQL injection"
// Extra taint step
// snprintf(query, bufsize, "INSERT INTO users VALUES (%d, '%s')", id, info);
from FunctionCall printf, DataFlow::Node into, DataFlow::Node out
where printf.getTarget().getName() = "snprintf"