From e6b23a9d86c607016b254a773fa0911473ee58ea Mon Sep 17 00:00:00 2001
From: Michael Hohn <hohn@github.com>
Date: Tue, 18 Feb 2025 19:13:19 -0800
Subject: [PATCH] from...where...select

---
 session.ql | 23 +++++++++++++++++++----
 1 file changed, 19 insertions(+), 4 deletions(-)

diff --git a/session.ql b/session.ql
index 7e05772..0201d61 100644
--- a/session.ql
+++ b/session.ql
@@ -1,7 +1,22 @@
-/**
- * @kind path-problem
- */
 
 import cpp
 
-select 1
+// 1. invalid input -- source
+//    count = read(STDIN_FILENO, buf, BUFSIZE - 1);
+//
+// 2. gets to a sql statement -- flow
+//    flow config
+//
+// 3. drops table -- sink
+//    rc = sqlite3_exec(db, query, NULL, 0, &zErrMsg);
+
+// All predicates and classes are using one of:
+// AST Abstract syntax tree
+// CFG Control flow graph
+// DFG Data flow graph
+// Type hierarchy
+
+from FunctionCall read, VariableAccess buf
+where read.getTarget().getName() = "read" and
+    read.getArgument(1) = buf
+select buf