hohn/codeql-dataflow-sql-injection
1
0
Fork 0
mirror of https://github.com/hohn/codeql-dataflow-sql-injection.git synced 2025-12-16 10:13:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

from...where...select

Browse Source
This commit is contained in:
Michael Hohn
2025-02-18 19:13:19 -08:00
committed by =Michael Hohn
parent 7b1daa9a8b
commit e6b23a9d86
1 changed files with 19 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
session.ql
View File

@@ -1,7 +1,22 @@
/**
* @kind path-problem
*/
import cpp import cpp
select 1 // 1. invalid input -- source
// count = read(STDIN_FILENO, buf, BUFSIZE - 1);
//
// 2. gets to a sql statement -- flow
// flow config
//
// 3. drops table -- sink
// rc = sqlite3_exec(db, query, NULL, 0, &zErrMsg);
// All predicates and classes are using one of:
// AST Abstract syntax tree
// CFG Control flow graph
// DFG Data flow graph
// Type hierarchy
from FunctionCall read, VariableAccess buf
where read.getTarget().getName() = "read" and
read.getArgument(1) = buf
select buf