hohn/codeql-dataflow-sql-injection
1
0
Fork 0
mirror of https://github.com/hohn/codeql-dataflow-sql-injection.git synced 2025-12-16 18:23:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

sql injection: call to read

Browse Source
This commit is contained in:
Michael Hohn
2020-07-20 14:04:42 -07:00
committed by =Michael Hohn
parent 47b1c9522c
commit a69c511dc1
1 changed files with 10 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
SqlInjection.ql
View File

@@ -21,6 +21,13 @@ class SqliFlowConfig extends TaintTracking::Configuration {
override predicate isSink(DataFlow::Node sink) { any() } override predicate isSink(DataFlow::Node sink) { any() }
} }
from SqliFlowConfig conf, DataFlow::PathNode source, DataFlow::PathNode sink // from SqliFlowConfig conf, DataFlow::PathNode source, DataFlow::PathNode sink
where conf.hasFlowPath(source, sink) // where conf.hasFlowPath(source, sink)
select sink, source, sink, "Possible SQL injection" // select sink, source, sink, "Possible SQL injection"
// Source identification
// count = read(STDIN_FILENO, buf, BUFSIZE);
from FunctionCall read
where read.getTarget().getName() = "read"
select read