hohn/codeql-dataflow-sql-injection
1
0
Fork 0
mirror of https://github.com/hohn/codeql-dataflow-sql-injection.git synced 2025-12-16 10:13:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

sql injection: taintstep across snprintf -- function not found

Browse Source
This commit is contained in:
Michael Hohn
2020-07-20 14:38:51 -07:00
committed by =Michael Hohn
parent aa5d019740
commit 45a5e89366
2 changed files with 12 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
SqlInjection.ql
View File

@@ -34,6 +34,11 @@ class SqliFlowConfig extends TaintTracking::Configuration {
} }
} }
from SqliFlowConfig conf, DataFlow::PathNode source, DataFlow::PathNode sink // from SqliFlowConfig conf, DataFlow::PathNode source, DataFlow::PathNode sink
where conf.hasFlowPath(source, sink) // where conf.hasFlowPath(source, sink)
select sink, source, sink, "Possible SQL injection" // select sink, source, sink, "Possible SQL injection"
// Extra taint step
// snprintf(query, bufsize, "INSERT INTO users VALUES (%d, '%s')", id, info);
from FunctionCall printf, DataFlow::Node into, DataFlow::Node out
where printf.getTarget().getName() = "snprintf"

4
codeql-dataflow-sql-injection.code-workspace
View File

@@ -2,6 +2,10 @@
"folders": [ "folders": [
{ {
"path": "." "path": "."
},
{
"name": "[codeql-dataflow-sql-injection-d5b28fb source archive]",
"uri": "codeql-zip-archive://0-66/Users/hohn/local/db/codeql-dataflow-sql-injection-d5b28fb/src.zip/"
} }
] ]
} }