hohn/codeql-dataflow-sql-injection
1
0
Fork 0
mirror of https://github.com/hohn/codeql-dataflow-sql-injection.git synced 2025-12-15 17:53:04 +01:00
Code Issues Packages Projects Releases Wiki Activity
62 Commits 2 Branches 2 Tags
master
Commit Graph

62 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Hohn
bc7cda5274 update from pre/postUpdate node to new forms db-for-analysis 2025-03-05 11:12:35 -08:00
Michael Hohn
bf69cb0f45 comment isAdditionalFlowStep--no longer needed 2025-03-03 12:08:36 -08:00
Michael Hohn
684b4c145a fix flow indirection 2025-03-03 12:04:02 -08:00
Michael Hohn
7ec8b18eac db 2025-03-03 11:59:42 -08:00
Michael Hohn
01048300c0 from...where...select with class 2025-02-18 19:21:30 -08:00
Michael Hohn
e6b23a9d86 from...where...select 2025-02-18 19:13:19 -08:00
Michael Hohn
7b1daa9a8b updates for pack lock 2025-02-17 17:17:49 -08:00
Michael Hohn
f3b703a35f updates for module system; include a db 2025-02-17 17:09:04 -08:00
Michael Hohn
c1b3c8d901 Updated readme 2022-08-21 21:05:38 -07:00
Michael Hohn
c01a039d23 Partially revert qlpack to get working cli command 
This, from the README, now works:
    codeql database analyze                                 \
           -v                                               \
           --ram=14000                                      \
           -j12                                             \
           --rerun                                          \
           --search-path $HOME/local/codeql-v2.9.3/ql       \
           --format=sarif-latest                            \
           --output cpp-sqli.sarif                          \
           --                                               \
           $DB                                              \
           $SRCDIR/SqlInjection.ql

It failed with

    ERROR: Referenced pack 'codeql/cpp-all' not found. (/Users/hohn/local/codeql-dataflow-sql-injection/qlpack.yml:1,1-1)

when using
    dependencies:
 2022-08-21 20:59:06 -07:00
Michael Hohn
83e4ac9be8 Add xkcd link for inspiration 2022-08-03 10:33:07 -07:00
Michael Hohn
48dede015c Change from codeql v2.7.6 to codeql v2.9.3 2022-08-03 10:27:03 -07:00
Michael Hohn
f64503ae1d remove git lfs 2022-08-03 10:25:51 -07:00
Michael Hohn
bd93cad633 remove git lfs 2022-08-03 10:25:22 -07:00
Michael Hohn
3851fcb9eb database w/o git lfs 2022-06-08 15:08:17 +02:00
Michael Hohn
f9eba14771 include git lfs 2022-06-08 15:06:19 +02:00
Michael Hohn
4c7b111ea9 include database 2022-06-08 15:03:00 +02:00
Michael Hohn
3fe610d354 workshop updates 2022-06-08 14:05:32 +02:00
Michael Hohn
dd664fe4ef Insert updates from github.com:hohn/codeql.git 2022-06-08 08:36:05 +02:00
Michael Hohn
9d130f1466 minor presentation-1 2020-07-23 10:42:47 -07:00
Michael Hohn
77fefdf78d The isAdditionalTaintStep Predicate, toc 2020-07-23 10:42:22 -07:00
Michael Hohn
dce515cabd dataflow pdf, cropped for presentation 2020-07-23 10:22:53 -07:00
Michael Hohn
bb0841eee4 Reviewd all non-xx: sections, toc updated 2020-07-22 15:53:58 -07:00
Michael Hohn
9a41879346 Codeql Recap 2020-07-22 15:45:21 -07:00
Michael Hohn
c0bedda060 The isSource Predicate 2020-07-22 15:10:18 -07:00
Michael Hohn
fd27af2216 Update Appendix 2020-07-22 15:06:30 -07:00
Michael Hohn
ab99c0fb44 move isAdditionalTaintStep explanation to Taint Flow Configuration 2020-07-22 14:59:06 -07:00
Michael Hohn
999f665ceb The isSink Predicate 2020-07-22 14:24:44 -07:00
Michael Hohn
f99935159b path problem query format, start of 'the isSink Predicate' 2020-07-22 14:12:05 -07:00
Michael Hohn
d0507b79d6 Taint Flow Configuration 2020-07-22 13:48:45 -07:00
Michael Hohn
4fcd08f394 toc and title caps 2020-07-22 11:58:19 -07:00
Michael Hohn
38bc479725 The extra flow step 2020-07-22 11:52:29 -07:00
Michael Hohn
12a90e9a54 topic reordering 2020-07-22 10:51:37 -07:00
Michael Hohn
62234f4d55 wip: dataflow doc rearrangements 2020-07-21 17:39:23 -07:00
Michael Hohn
73a49d5ba5 Formatting updates in dataflow keynote file 2020-07-21 17:21:39 -07:00
Michael Hohn
3030f717c1 dataflow slides in PDF, cropped to use more space 2020-07-21 17:21:07 -07:00
Michael Hohn
d2a9737b4e readme code reordering 2020-07-21 14:31:01 -07:00
Michael Hohn
9970524b8d Tutorial, part 1: running the code to see the problem 2020-07-21 14:29:14 -07:00
Michael Hohn
ba3cfcb010 sql injection: use post-update nodes for function return values 2020-07-20 16:16:40 -07:00
Michael Hohn
5bce3ae696 sql injection: taintstep across macro under snprintf as predicate 2020-07-20 16:15:50 -07:00
Michael Hohn
4060f31100 sql injection: taintstep across macro under snprintf, with position adjustment 2020-07-20 14:46:13 -07:00
Michael Hohn
45a5e89366 sql injection: taintstep across snprintf -- function not found 2020-07-20 14:38:51 -07:00
Michael Hohn
aa5d019740 sql injection: try flow configuration (with pathgraph). Not ready 2020-07-20 14:26:44 -07:00
Michael Hohn
7aa51e67c8 sql injection: sink as class predicate 2020-07-20 14:20:32 -07:00
Michael Hohn
1f385ddfe3 Summary: sql injection: sink identification 2020-07-20 14:14:55 -07:00
Michael Hohn
c91db6a653 Summary: sql injection: move source identification to configuration 2020-07-20 14:10:36 -07:00
Michael Hohn
42e2c5de8b sql injection: source is argument to read 2020-07-20 14:07:49 -07:00
Michael Hohn
a69c511dc1 sql injection: call to read 2020-07-20 14:04:42 -07:00
Michael Hohn
47b1c9522c Build codeql database 2020-07-20 14:02:53 -07:00
Michael Hohn
d5b28fb6b5 project metadata 2020-07-20 13:53:28 -07:00