diff --git a/README.org b/README.org index af113db..3828277 100644 --- a/README.org +++ b/README.org @@ -1,40 +1,36 @@ -* NEXT Introduction to CodeQL - The full CodeQL and GHAS integration is shown [[https://htmlpreview.github.io/?https://github.com/hohn/codeql-intro-csharp/blob/mh-wip/codeql-system.drawio.svg][here]]. This document is intended - to support CodeQL workshops and presentations; it focuses on the the section - labeled 'CodeQL Running Sequence', in grids C2 through E5. +* Introduction to CodeQL + The document [[./CodeQL-workshop-overview-only.pdf]] gives a very short overview + just to highlight the language capabilities. + This document is intended to support CodeQL workshops and presentations; it + focuses on the the section labeled 'CodeQL Running Sequence', in grids C2 + through E5 of the full CodeQL and GHAS integration diagram shown [[https://htmlpreview.github.io/?https://github.com/hohn/codeql-intro-csharp/blob/mh-wip/codeql-system.drawio.svg][here]]. The section 'CodeQL query development sequence, using CI artifacts', in grids H0 through J4, is a subset without database building. -* TODO CodeQL overview - - /Users/hohn/local/codeql-dataflow-sql-injection/CodeQL-workshop-overview-only.pdf - There are two identifyable tracks for codeql users: [[*CodeQL for Devops and Administrators][devops]] and [[*CodeQL for Query Writers][query writers]]. The first one focuses on setup, deployment, and query selection; the second on query writing. There is significant overlap; the [[*CodeQL CLI Setup][CodeQL CLI Setup]] is needed by both. -* TODO CodeQL CLI Setup - #+BEGIN_SRC text +* CodeQL CLI Setup + After you have installed the CodeQL CLI proceed with setting up this repository: + #+BEGIN_SRC sh + # Clone repository + cd && mkdir -p work-gh && cd work-gh + git clone https://github.com/hohn/codeql-intro-csharp.git + + # Initialize CodeQL cd ~/work-gh/codeql-intro-csharp codeql resolve packs codeql pack install #+END_SRC - Using - #+BEGIN_SRC yaml - library: false - name: sample/csharp-sql-injection - version: 0.0.1 - dependencies: - codeql/csharp-all: "*" - #+END_SRC - with - : codeql pack install - will install the packs matching this codeql version, then create - : codeql-pack.lock.yml + + Using the file =qlpack.yml=, this will install the packs matching this codeql + version, then create =codeql-pack.lock.yml= which pins the version. -* DONE Test Problem Setup +* Setup Test Problems ** Hello World Sample #+BEGIN_SRC sh # Install sdk @@ -56,8 +52,7 @@ ./bin/Debug/net9.0/HelloWorld #+END_SRC - -** SQL Injection +** SQL Injection Sample #+BEGIN_SRC sh # Project Setup cd ~/work-gh/codeql-intro-csharp/ @@ -96,7 +91,7 @@ # Parse error near line 2: no such table: users #+END_SRC -* DONE SQL Injection Code Compilation and Sample Run +* SQL Injection Code Sample Run #+BEGIN_SRC sh # All run in pwsh, typical prompt is # PS /Users/hohn/work-gh/codeql-intro-csharp> @@ -128,7 +123,7 @@ #+END_SRC -* NEXT Build CodeQL Database +* Build CodeQL Database To get started, build the codeql database (adjust paths to your setup). The bash version @@ -208,7 +203,6 @@ dotnet build codeql-intro-csharp.sln #+END_SRC -* TODO CodeQL VS Code Setup * TODO CodeQL for Devops and Administrators - https://docs.github.com/en/code-security/codeql-cli/codeql-cli-manual - https://github.com/hohn/codeql-visual-guides/blob/master/codeql-system.drawio.pdf