codeql-intro-csharp/README.org

* TODO Introduction to CodeQL 
  1. [ ] describe the system using diagrams as reference point, with details from
     existing docs
     - https://github.com/hohn/codeql-visual-guides/blob/master/codeql-system.drawio.pdf,
       ~/work-gh/codeql-visual-guides/ 

  2. Update https://github.com/hohn/codeql-cli-end-to-end
     - [ ] Send setup instructions for windows / linux -- for the laptops, not
       VMs or Docker.
       - old:
         https://github.com/advanced-security/codeql-workshops-staging/blob/master/java/workshop-java-mismatched-loop-condition.md#setup-instructions
       - better:
         https://github.com/ps-resources/codeql-partner-training/blob/39bc5e8d84a8f0dd1698d9cdcc59eed98fa691b9/preparation-materials/setup-instructions.md#codeql-workshop-preparation-instructions

       - ~/local/codeql-operational-view/operational-view.pdf

       - [ ] windows version -- to be written.

     - [ ] Suggest variant analysis for log4j etc.
     - [ ] Tools:
       - octopuss deploy
       - progit for package management -- anito.
       - Actions for building
     - [ ] 
  3. https://github.com/hohn/codeql-workshop-sql-injection-java
     - [ ] version for C#

* TODO CodeQL overview
  - /Users/hohn/local/codeql-dataflow-sql-injection/CodeQL-workshop-overview-only.pdf

  There are two identifyable tracks for codeql users: [[*CodeQL for Devops and Administrators][devops]] and [[*CodeQL for Query Writers][query writers]].
  The first one focuses on setup, deployment, and query selection; the second on
  query writing.  There is significant overlap; the [[*CodeQL CLI Setup][CodeQL CLI Setup]] is needed by
  both. 

* TODO CodeQL CLI Setup
  #+BEGIN_SRC text
    cd ~/work-gh/codeql-intro-csharp
    codeql resolve  packs
    codeql pack install
  #+END_SRC
  Using
  #+BEGIN_SRC yaml
    library: false
    name: sample/csharp-sql-injection
    version: 0.0.1
    dependencies:
      codeql/csharp-all: "*"
  #+END_SRC
  with
  : codeql pack install
  will install the packs matching this codeql version, then create
  : codeql-pack.lock.yml
  which pins the version.

* DONE Test Problem Setup
** Hello World Sample
  #+BEGIN_SRC sh 
    # Install sdk
    brew install --cask dotnet-sdk
    dotnet --version

    # Create template project
    mkdir HelloWorld
    cd HelloWorld
    dotnet new console

    # Compile template project
    cd ~/work-gh/codeql-intro-csharp/HelloWorld/
    dotnet build

    # Run template project
    dotnet run
    # or
    ./bin/Debug/net9.0/HelloWorld 

  #+END_SRC

** SQL Injection
  #+BEGIN_SRC sh 
    # Project Setup
    cd ~/work-gh/codeql-intro-csharp/
    dotnet new console -n SqliDemo
    cd SqliDemo

    dotnet add package Microsoft.Data.Sqlite

    # Database Init
    cd ~/work-gh/codeql-intro-csharp/SqliDemo
    sqlite3 users.sqlite
    CREATE TABLE users (id INTEGER, info TEXT);
    .exit

    # Build
    cd ~/work-gh/codeql-intro-csharp/SqliDemo
    dotnet build

    # Run
    dotnet run
    First User

    # Check db
    echo '
        SELECT * FROM users;
    ' | sqlite3 users.sqlite 

    # Add Johnny Droptable 
    dotnet run
    Johnny'); DROP TABLE users; --

    # Check db
    echo '
        SELECT * FROM users;
    ' | sqlite3 users.sqlite 
    # Parse error near line 2: no such table: users
  #+END_SRC

* DONE SQL Injection Code Compilation and Sample Run
  #+BEGIN_SRC sh
    # All run in pwsh, typical prompt is
    # PS /Users/hohn/work-gh/codeql-intro-csharp> 

    # Build
    cd $HOME/work-gh/codeql-intro-csharp
    ./build.ps1

    # Prepare db
    ./admin.ps1 -r
    ./admin.ps1 -c
    ./admin.ps1 -s

    # Add regular user interactively
    ./build.ps1
    ./SqliDemo/bin/Debug/net9.0/SqliDemo
    hello user

    # Check
    ./admin.ps1 -s

    # Add Johnny Droptable 
    ./SqliDemo/bin/Debug/net9.0/SqliDemo
    Johnny'); DROP TABLE users; --

    # And the problem:
    ./admin.ps1 -s
    Parse error near line 1: no such table: users
    
  #+END_SRC


* TODO Build CodeQL Database
   To get started, build the codeql database (adjust paths to your setup).  

   The bash version
   #+BEGIN_SRC sh
     # Build the db with source commit id.
     cd $HOME/work-gh/codeql-intro-csharp
     SRCDIR=$(pwd)
     DB=$SRCDIR/csharp-sqli-$(cd $SRCDIR && git rev-parse --short HEAD)

     echo "preparing database directory $DB"
     test -d "$DB" && rm -fR "$DB"
     mkdir -p "$DB"

     # Run the build under codeql
     cd $SRCDIR && codeql database create --language=csharp -s . -j 8 -v $DB --command='./build.sh'
     # ...
     # Successfully created database at /Users/hohn/work-gh/codeql-intro-csharp/csharp-sqli-c89fbf8.
   #+END_SRC

* TODO Run analysis using given script and database

   The bash version
   #+BEGIN_SRC sh
     # The setup information from before
     echo $DB
     echo $SRCDIR

     # To see the help
     codeql database analyze -h

     # Run a query
     codeql database analyze                                 \
            -v                                               \
            --ram=14000                                      \
            -j12                                             \
            --rerun                                          \
            --format=sarif-latest                            \
            --output csharp-sqli.sarif                       \
            --                                               \
            $DB                                              \
            $SRCDIR/FindFunction.ql

     # optional: pretty-print
     jq . < csharp-sqli.sarif | sponge csharp-sqli.sarif

     # Examine the file in an editor
     edit csharp-sqli.sarif
   #+END_SRC

   An example of using the sarif data is in the the jq script [[./sarif-summary.jq]].
   When run against the sarif input via 
   #+BEGIN_SRC sh
     jq --raw-output --join-output  -f sarif-summary.jq < csharp-sqli.sarif > csharp-sqli.txt
   #+END_SRC
   it produces output in a form close to that of compiler error messages:
   #+BEGIN_SRC text
     query-id: message line 
         Path
            ...
   #+END_SRC
   Here, that is
   #+BEGIN_SRC text
     csharp/intro/FindFunction: Method found [0 more]
             SqliDemo/Injectable.cs:8:
     csharp/intro/FindFunction: Method found [0 more]
             SqliDemo/Injectable.cs:17:
     csharp/intro/FindFunction: Method found [0 more]
             SqliDemo/Injectable.cs:22:
     csharp/intro/FindFunction: Method found [0 more]
             SqliDemo/Injectable.cs:47:

   #+END_SRC

   
* TODO CodeQL VS Code Setup
* TODO CodeQL for Devops and Administrators
  - https://docs.github.com/en/code-security/codeql-cli/codeql-cli-manual
  - https://github.com/hohn/codeql-visual-guides/blob/master/codeql-system.drawio.pdf
  - https://htmlpreview.github.io/?https://github.com/hohn/codeql-cli-end-to-end/blob/master/doc/readme.html
  - https://github.com/hohn/codeql-workshop-sql-injection-java
    + https://github.com/hohn/codeql-workshop-sql-injection-java/blob/master/src/README.org
  - [[file:~/local/codeql-dataflow-II-cpp/README.org::*Prerequisites and setup instructions][Prerequisites and setup instructions]]
  - picking queries via query suites
    - /Users/hohn/local/codeql-workshops-staging/java/codeql-java-workshop-notes.md
    - /Users/hohn/local/codeql-cli-end-to-end/doc/readme.md
    - /Users/hohn/local/codeql-cli-end-to-end/sarif-cli/non-sarif-metadata/README.org

* TODO CodeQL for Query Writers
  - https://github.com/hohn/codeql-workshop-sql-injection-java
    + https://github.com/hohn/codeql-workshop-sql-injection-java/blob/master/session/README.org