mirror of
https://github.com/hohn/codeql-intro-csharp.git
synced 2025-12-16 02:33:04 +01:00
- Introduction to CodeQL
- CodeQL overview
- CodeQL CLI Setup
- Test Problem Setup
- SQL Injection Code Compilation and Sample Run
- Build CodeQL Database
- Run analysis using given script and database
- Optional: Multiple Builds
- CodeQL VS Code Setup
- CodeQL for Devops and Administrators
- CodeQL for Query Writers
TODO Introduction to CodeQL
-
describe the system using diagrams as reference point, with details from existing docs
- https://github.com/hohn/codeql-visual-guides/blob/master/codeql-system.drawio.pdf, ~/work-gh/codeql-visual-guides/
-
Update https://github.com/hohn/codeql-cli-end-to-end
-
Send setup instructions for windows / linux – for the laptops, not VMs or Docker.
- old: https://github.com/advanced-security/codeql-workshops-staging/blob/master/java/workshop-java-mismatched-loop-condition.md#setup-instructions
- better: https://github.com/ps-resources/codeql-partner-training/blob/39bc5e8d84a8f0dd1698d9cdcc59eed98fa691b9/preparation-materials/setup-instructions.md#codeql-workshop-preparation-instructions
- ~/local/codeql-operational-view/operational-view.pdf
- windows version – to be written.
- Suggest variant analysis for log4j etc.
-
Tools:
- octopuss deploy
- progit for package management – anito.
- Actions for building
-
-
https://github.com/hohn/codeql-workshop-sql-injection-java
- version for C#
TODO CodeQL overview
- /Users/hohn/local/codeql-dataflow-sql-injection/CodeQL-workshop-overview-only.pdf
There are two identifyable tracks for codeql users: devops and query writers. The first one focuses on setup, deployment, and query selection; the second on query writing. There is significant overlap; the CodeQL CLI Setup is needed by both.
TODO CodeQL CLI Setup
cd ~/work-gh/codeql-intro-csharp
codeql resolve packs
codeql pack installUsing
library: false
name: sample/csharp-sql-injection
version: 0.0.1
dependencies:
codeql/csharp-all: "*"with
codeql pack install
will install the packs matching this codeql version, then create
codeql-pack.lock.yml
which pins the version.
DONE Test Problem Setup
Hello World Sample
# Install sdk
brew install --cask dotnet-sdk
dotnet --version
# Create template project
mkdir HelloWorld
cd HelloWorld
dotnet new console
# Compile template project
cd ~/work-gh/codeql-intro-csharp/HelloWorld/
dotnet build
# Run template project
dotnet run
# or
./bin/Debug/net9.0/HelloWorldSQL Injection
# Project Setup
cd ~/work-gh/codeql-intro-csharp/
dotnet new console -n SqliDemo
cd SqliDemo
dotnet add package Microsoft.Data.Sqlite
# Database Init
cd ~/work-gh/codeql-intro-csharp/SqliDemo
sqlite3 users.sqlite
CREATE TABLE users (id INTEGER, info TEXT);
.exit
# Build
cd ~/work-gh/codeql-intro-csharp/SqliDemo
dotnet build
# Run
dotnet run
First User
# Check db
echo '
SELECT * FROM users;
' | sqlite3 users.sqlite
# Add Johnny Droptable
dotnet run
Johnny'); DROP TABLE users; --
# Check db
echo '
SELECT * FROM users;
' | sqlite3 users.sqlite
# Parse error near line 2: no such table: usersDONE SQL Injection Code Compilation and Sample Run
# All run in pwsh, typical prompt is
# PS /Users/hohn/work-gh/codeql-intro-csharp>
# Build
cd $HOME/work-gh/codeql-intro-csharp
./build.ps1
# Prepare db
./admin.ps1 -r
./admin.ps1 -c
./admin.ps1 -s
# Add regular user interactively
./build.ps1
./SqliDemo/bin/Debug/net9.0/SqliDemo
hello user
# Check
./admin.ps1 -s
# Add Johnny Droptable
./SqliDemo/bin/Debug/net9.0/SqliDemo
Johnny'); DROP TABLE users; --
# And the problem:
./admin.ps1 -s
Parse error near line 1: no such table: usersTODO Build CodeQL Database
To get started, build the codeql database (adjust paths to your setup).
The bash version
# Build the db with source commit id.
cd $HOME/work-gh/codeql-intro-csharp
SRCDIR=$(pwd)
DB=$SRCDIR/csharp-sqli-$(cd $SRCDIR && git rev-parse --short HEAD)
echo "preparing database directory $DB"
test -d "$DB" && rm -fR "$DB"
mkdir -p "$DB"
# Run the build under codeql
cd $SRCDIR && codeql database create --language=csharp -s . -j 8 -v $DB --command='./build.sh'
# ...
# Successfully created database at /Users/hohn/work-gh/codeql-intro-csharp/csharp-sqli-c89fbf8.TODO Run analysis using given script and database
The bash version
# The setup information from before
echo $DB
echo $SRCDIR
# To see the help
codeql database analyze -h
# Run a query
codeql database analyze \
-v \
--ram=14000 \
-j12 \
--rerun \
--format=sarif-latest \
--output csharp-sqli.sarif \
-- \
$DB \
$SRCDIR/FindFunction.ql
# optional: pretty-print
jq . < csharp-sqli.sarif | sponge csharp-sqli.sarif
# Examine the file in an editor
edit csharp-sqli.sarifAn example of using the sarif data is in the the jq script ./sarif-summary.jq. When run against the sarif input via
jq --raw-output --join-output -f sarif-summary.jq < csharp-sqli.sarif > csharp-sqli.txtit produces output in a form close to that of compiler error messages:
query-id: message line
Path
...Here, that is
csharp/intro/FindFunction: Method found [0 more]
SqliDemo/Injectable.cs:8:
csharp/intro/FindFunction: Method found [0 more]
SqliDemo/Injectable.cs:17:
csharp/intro/FindFunction: Method found [0 more]
SqliDemo/Injectable.cs:22:
csharp/intro/FindFunction: Method found [0 more]
SqliDemo/Injectable.cs:47:TODO Optional: Multiple Builds
dotnet sln codeql-intro-csharp.sln list
dotnet build codeql-intro-csharp.slnTODO CodeQL VS Code Setup
TODO CodeQL for Devops and Administrators
- https://docs.github.com/en/code-security/codeql-cli/codeql-cli-manual
- https://github.com/hohn/codeql-visual-guides/blob/master/codeql-system.drawio.pdf
- https://htmlpreview.github.io/?https://github.com/hohn/codeql-cli-end-to-end/blob/master/doc/readme.html
- Prerequisites and setup instructions
-
picking queries via query suites
- /Users/hohn/local/codeql-workshops-staging/java/codeql-java-workshop-notes.md
- /Users/hohn/local/codeql-cli-end-to-end/doc/readme.md
- /Users/hohn/local/codeql-cli-end-to-end/sarif-cli/non-sarif-metadata/README.org