hohn/codeql-dataflow-sql-injection
1
0
Fork 0
mirror of https://github.com/hohn/codeql-dataflow-sql-injection.git synced 2025-12-18 19:13:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: hohn:db-for-analysis
Branches Tags
hohn:master hohn:workshop-20250218
hohn:db-for-analysis hohn:presentation-1
...
compare: hohn:workshop-20250218
Branches Tags
hohn:master hohn:workshop-20250218
hohn:db-for-analysis hohn:presentation-1

6 Commits
db-for-ana ... workshop-2

Author SHA1 Message Date
Michael Hohn
92a678414d Use asIndirecArgument 2025-03-03 11:54:46 -08:00
Michael Hohn
00bd07be2b add flow with module boilerplate 2025-03-03 11:21:04 -08:00
Michael Hohn
ea0311f339 fix add-user.c 2025-03-03 11:11:52 -08:00
Michael Hohn
ade70e9b32 fixes for db 2025-03-03 10:22:40 -08:00
Michael Hohn
03c38d3c89 remove db 2025-03-03 10:15:25 -08:00
Michael Hohn
c532be53d4 first session 2025-03-02 21:28:48 -08:00
264 changed files with 75 additions and 56960 deletions
Expand all files Collapse all files

4
SqlInjection.ql
View File

@@ -15,7 +15,7 @@ module SqliFlowConfig implements DataFlow::ConfigSig {
// count = read(STDIN_FILENO, buf, BUFSIZE);
exists(FunctionCall read |
read.getTarget().getName() = "read" and
read.getArgument(1) = source.(DataFlow::PostUpdateNode).getPreUpdateNode().asExpr()
read.getArgument(1) = source.(DataFlow::PostUpdateNode).getPreUpdateNode().asIndirectArgument()
)
}
@@ -31,7 +31,7 @@ module SqliFlowConfig implements DataFlow::ConfigSig {
// #endif
exists(FunctionCall printf |
printf.getTarget().getName().matches("%snprintf%") and
printf.getArgument(0) = out.(DataFlow::PostUpdateNode).getPreUpdateNode().asExpr() and
printf.getArgument(0) = out.(DataFlow::PostUpdateNode).getPreUpdateNode().asIndirectArgument() and
// very specific: shifted index for macro.
printf.getArgument(6) = into.asExpr()
)

BIN
cpp-sqli-3fe610d-1.zip (Stored with Git LFS)
View File

Binary file not shown.

1
cpp-sqli-c1b3c8d/baseline-info.json
View File

@@ -1 +0,0 @@
{"languages":{"cpp":{"displayName":"C/C++","files":["add-user.c"],"linesOfCode":78,"name":"cpp"}}}

11
cpp-sqli-c1b3c8d/codeql-database.yml
View File

@@ -1,11 +0,0 @@
---
sourceLocationPrefix: /Users/hohn/local/codeql-dataflow-sql-injection
baselineLinesOfCode: 78
unicodeNewlines: false
columnKind: utf8
primaryLanguage: cpp
creationMetadata:
sha: c1b3c8d901eacddbb7949a8ca3b8acc11ffbda86
cliVersion: 2.20.0
creationTime: 2025-02-18T01:07:10.558137Z
finalised: true

BIN
cpp-sqli-c1b3c8d/db-cpp/default/affectedbymacroexpansion.rel
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/affectedbymacroexpansion.rel.checksum
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/arraysizes.rel
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/arraysizes.rel.checksum
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/attribute_arg_constant.rel
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/attribute_arg_constant.rel.checksum
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/attribute_arg_value.rel
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/attribute_arg_value.rel.checksum
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/attribute_args.rel
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/attribute_args.rel.checksum
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/attributes.rel
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/attributes.rel.checksum
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/bitfield.rel
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/bitfield.rel.checksum
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/blockscope.rel
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/blockscope.rel.checksum
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/builtintypes.rel
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/builtintypes.rel.checksum
View File

Binary file not shown.

0
cpp-sqli-c1b3c8d/db-cpp/default/cache/.lock vendored
View File

BIN
cpp-sqli-c1b3c8d/db-cpp/default/cache/cached-strings/pools/0/buckets/info vendored
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/cache/cached-strings/pools/0/buckets/page-000000 vendored
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/cache/cached-strings/pools/0/ids1/info vendored
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/cache/cached-strings/pools/0/ids1/page-000000 vendored
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/cache/cached-strings/pools/0/indices1/info vendored
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/cache/cached-strings/pools/0/indices1/page-000000 vendored
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/cache/cached-strings/pools/0/info vendored
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/cache/cached-strings/pools/0/metadata/info vendored
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/cache/cached-strings/pools/0/metadata/page-000000 vendored
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/cache/cached-strings/pools/0/pageDump/page-000000000 vendored
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/cache/cached-strings/pools/poolInfo vendored
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/cache/cached-strings/tuple-pool/header vendored
View File

Binary file not shown.

1
cpp-sqli-c1b3c8d/db-cpp/default/cache/version vendored
View File

@@ -1 +0,0 @@
20190805:20220702:20240828:20241116

BIN
cpp-sqli-c1b3c8d/db-cpp/default/commentbinding.rel
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/commentbinding.rel.checksum
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/comments.rel
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/comments.rel.checksum
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/compgenerated.rel
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/compgenerated.rel.checksum
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/compilation_args.rel
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/compilation_args.rel.checksum
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/compilation_compiling_files.rel
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/compilation_compiling_files.rel.checksum
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/compilation_finished.rel
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/compilation_finished.rel.checksum
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/compilation_time.rel
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/compilation_time.rel.checksum
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/compilations.rel
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/compilations.rel.checksum
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/containerparent.rel
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/containerparent.rel.checksum
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/conversionkinds.rel
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/conversionkinds.rel.checksum
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/derivedtypes.rel
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/derivedtypes.rel.checksum
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/enumconstants.rel
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/enumconstants.rel.checksum
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/expr_ancestor.rel
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/expr_ancestor.rel.checksum
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/expr_cond_false.rel
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/expr_cond_false.rel.checksum
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/expr_cond_guard.rel
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/expr_cond_guard.rel.checksum
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/expr_cond_true.rel
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/expr_cond_true.rel.checksum
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/expr_isload.rel
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/expr_isload.rel.checksum
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/expr_types.rel
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/expr_types.rel.checksum
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/exprconv.rel
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/exprconv.rel.checksum
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/exprparents.rel
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/exprparents.rel.checksum
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/exprs.rel
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/exprs.rel.checksum
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/extractor_version.rel
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/extractor_version.rel.checksum
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/fieldoffsets.rel
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/fieldoffsets.rel.checksum
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/fileannotations.rel
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/fileannotations.rel.checksum
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/files.rel
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/files.rel.checksum
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/folders.rel
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/folders.rel.checksum
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/fun_decl_specifiers.rel
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/fun_decl_specifiers.rel.checksum
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/fun_decls.rel
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/fun_decls.rel.checksum
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/fun_def.rel
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/fun_def.rel.checksum
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/funbind.rel
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/funbind.rel.checksum
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/funcattributes.rel
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/funcattributes.rel.checksum
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/function_entry_point.rel
View File

Binary file not shown.

BIN
cpp-sqli-c1b3c8d/db-cpp/default/function_entry_point.rel.checksum
View File

Binary file not shown.

Some files were not shown because too many files have changed in this diff Show More