updates for module system; include a db

README.org

@@ -63,8 +63,8 @@
    To get started, build the codeql database (adjust paths to your setup):
    #+BEGIN_SRC sh
      # Build the db with source commit id.
-     export PATH=$HOME/local/codeql-v2.9.3/codeql:"$PATH"
-     SRCDIR=$HOME/local/codeql-dataflow-sql-injection
+     # export PATH=$HOME/local/vmsync/codeql250:"$PATH"
+     SRCDIR=$(pwd)
      DB=$SRCDIR/cpp-sqli-$(cd $SRCDIR && git rev-parse --short HEAD)
 
      echo $DB
@@ -76,6 +76,7 @@
 
    Then add this database directory to your VS Code =DATABASES= tab.
 
+
 ** Build codeql database in steps
    For larger projects, using a single command to build everything is costly when
    any part of the build fails.
@@ -184,8 +185,8 @@
 
    #+BEGIN_SRC sh
      # The setup information from before
-     export PATH=$HOME/local/codeql-v2.9.3/codeql:"$PATH"
-     SRCDIR=$HOME/local/codeql-dataflow-sql-injection
+     export PATH=$HOME/local/vmsync/codeql250:"$PATH"
+     SRCDIR=$HOME/local/codeql-training-material.cpp-sqli/cpp/codeql-dataflow-sql-injection
      DB=$SRCDIR/cpp-sqli-$(cd $SRCDIR && git rev-parse --short HEAD)
 
      # Check paths
@@ -196,16 +197,16 @@
      codeql database analyze -h
 
      # Run a query
-     codeql database analyze                                 \
-            -v                                               \
-            --ram=14000                                      \
-            -j12                                             \
-            --rerun                                          \
-            --search-path $HOME/local/codeql-v2.9.3/ql       \
-            --format=sarif-latest                            \
-            --output cpp-sqli.sarif                          \
-            --                                               \
-            $DB                                              \
+     codeql database analyze                         \
+            -v                                       \
+            --ram=14000                              \
+            -j12                                     \
+            --rerun                                  \
+            --search-path ~/local/vmsync/ql          \
+            --format=sarif-latest                    \
+            --output cpp-sqli.sarif                  \
+            --                                       \
+            $DB                                      \
             $SRCDIR/SqlInjection.ql
 
      # Examine the file in an editor

SqlInjection.ql

@@ -2,18 +2,16 @@
  * @name SQLI Vulnerability
  * @description Using untrusted strings in a sql query allows sql injection attacks.
  * @kind path-problem
- * @id cpp/SQLIVulnerable
+ * @id cpp/sqlivulnerable
  * @problem.severity warning
  */
 
 import cpp
-import semmle.code.cpp.dataflow.TaintTracking
-import DataFlow::PathGraph
+import semmle.code.cpp.dataflow.new.TaintTracking
 
-class SqliFlowConfig extends TaintTracking::Configuration {
-    SqliFlowConfig() { this = "SqliFlow" }
+module SqliFlowConfig implements DataFlow::ConfigSig {
 
-    override predicate isSource(DataFlow::Node source) {
+    predicate isSource(DataFlow::Node source) {
         // count = read(STDIN_FILENO, buf, BUFSIZE);
         exists(FunctionCall read |
             read.getTarget().getName() = "read" and
@@ -21,9 +19,9 @@ class SqliFlowConfig extends TaintTracking::Configuration {
         )
     }
 
-    override predicate isSanitizer(DataFlow::Node sanitizer) { none() }
+    predicate isBarrier(DataFlow::Node sanitizer) { none() }
 
-    override predicate isAdditionalTaintStep(DataFlow::Node into, DataFlow::Node out) {
+    predicate isAdditionalFlowStep(DataFlow::Node into, DataFlow::Node out) {
         // Extra taint step
         //     snprintf(query, bufsize, "INSERT INTO users VALUES (%d, '%s')", id, info);
         // But snprintf is a macro on mac os.  The actual function's name is
@@ -39,7 +37,7 @@ class SqliFlowConfig extends TaintTracking::Configuration {
         )
     }
 
-    override predicate isSink(DataFlow::Node sink) {
+    predicate isSink(DataFlow::Node sink) {
         // rc = sqlite3_exec(db, query, NULL, 0, &zErrMsg);
         exists(FunctionCall exec |
             exec.getTarget().getName() = "sqlite3_exec" and
@@ -48,6 +46,9 @@ class SqliFlowConfig extends TaintTracking::Configuration {
     }
 }
 
-from SqliFlowConfig conf, DataFlow::PathNode source, DataFlow::PathNode sink
-where conf.hasFlowPath(source, sink)
+module MyFlow = TaintTracking::Global<SqliFlowConfig>;
+import MyFlow::PathGraph
+
+from  MyFlow::PathNode source, MyFlow::PathNode sink
+where MyFlow::flowPath(source, sink)
 select sink, source, sink, "Possible SQL injection"

codeql-dataflow-sql-injection.code-workspace

@@ -12,6 +12,7 @@
 		}
 	],
 	"settings": {
-		"codeQL.runningQueries.autoSave": true
+		"codeQL.runningQueries.autoSave": true,
+		"sarif-viewer.connectToGithubCodeScanning": "off"
 	}
 }

cpp-sqli-c1b3c8d/baseline-info.json

@@ -0,0 +1 @@
+{"languages":{"cpp":{"displayName":"C/C++","files":["add-user.c"],"linesOfCode":78,"name":"cpp"}}}

cpp-sqli-c1b3c8d/codeql-database.yml

@@ -0,0 +1,11 @@
+---
+sourceLocationPrefix: /Users/hohn/local/codeql-dataflow-sql-injection
+baselineLinesOfCode: 78
+unicodeNewlines: false
+columnKind: utf8
+primaryLanguage: cpp
+creationMetadata:
+  sha: c1b3c8d901eacddbb7949a8ca3b8acc11ffbda86
+  cliVersion: 2.20.0
+  creationTime: 2025-02-18T01:07:10.558137Z
+finalised: true

cpp-sqli-c1b3c8d/db-cpp/default/cache/version

@@ -0,0 +1 @@
+20190805:20220702:20240828:20241116