From a69c511dc13d5e0fe7383d40883f83dfbacf25f5 Mon Sep 17 00:00:00 2001
From: Michael Hohn <hohn@github.com>
Date: Mon, 20 Jul 2020 14:04:42 -0700
Subject: [PATCH] sql injection: call to read

---
 SqlInjection.ql | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/SqlInjection.ql b/SqlInjection.ql
index ad90230..04206fa 100644
--- a/SqlInjection.ql
+++ b/SqlInjection.ql
@@ -21,6 +21,13 @@ class SqliFlowConfig extends TaintTracking::Configuration {
     override predicate isSink(DataFlow::Node sink) { any() }
 }
 
-from SqliFlowConfig conf, DataFlow::PathNode source, DataFlow::PathNode sink
-where conf.hasFlowPath(source, sink)
-select sink, source, sink, "Possible SQL injection"
+// from SqliFlowConfig conf, DataFlow::PathNode source, DataFlow::PathNode sink
+// where conf.hasFlowPath(source, sink)
+// select sink, source, sink, "Possible SQL injection"
+
+
+// Source identification
+// count = read(STDIN_FILENO, buf, BUFSIZE);
+from FunctionCall read
+where read.getTarget().getName() = "read"
+select read