hohn/codeql-lab
1
0
Fork 0
mirror of https://github.com/hohn/codeql-lab.git synced 2025-12-16 09:53:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

cleanup: * Modeling Jedis as a Dependency in Model Editor

Browse Source
This commit is contained in:
Michael Hohn
2025-07-09 13:47:48 -07:00
committed by =Michael Hohn
parent 85a210f71a
commit 0e06b153cc
1 changed files with 5 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
codeql-jedis/README.org
View File

@@ -206,49 +206,19 @@
- =supported = true= → shows in the UI as /"Method already modeled"/ - =supported = true= → shows in the UI as /"Method already modeled"/
- =supported = false= → shown as /"Unmodeled"/ - =supported = false= → shown as /"Unmodeled"/
** Files Created or Modified by the Modeling Workflow ** Files Created or Modified by the Modeling Workflow
- Upon launching ==CodeQL: Method modeling==, a new pack manifest is created: - Upon launching ==CodeQL: Method modeling==, a new pack manifest is created:
: .github/codeql/extensions/jedis-db-local-java/codeql-pack.yml [[../.github/codeql/extensions/jedis-db-local-java/codeql-pack.yml]]
- After selecting methods and saving, modeling results are written to: - After selecting methods and saving, modeling results are written to:
: .github/codeql/extensions/jedis-db-local-java/models/redis.clients.jedis.model.yml [[../.github/codeql/extensions/jedis-db-local-java/models/redis.clients.jedis.model.yml]]
- Paths are rooted at =codeql-lab/=
An example entry for a sink added by the editor:
#+BEGIN_SRC yaml
extensions:
...
- addsTo:
pack: codeql/java-all
extensible: sinkModel
data:
- ["redis.clients.jedis","Jedis",true,"eval","(String)","","Argument[0]","code-injection","manual"]
...
#+END_SRC
** Workspace Configuration Required ** Workspace Configuration Required
To ensure that these model extensions are applied during query runs, include To ensure that these model extensions are applied during query runs, include
this setting in the workspace configuration file this setting in the workspace configuration file [[../qllab.code-workspace]]
: .../codeql-lab/qllab.code-workspace
#+begin_src javascript
{
"folders": [
{ "path": "." }
],
"settings": {
"omnisharp.autoStart": false,
"codeQL.githubDatabase.download": "never",
"sarif-viewer.connectToGithubCodeScanning": "off",
"codeQL.cli.executablePath": "/Users/hohn/work-gh/codeql-lab/codeql/codeql",
"codeQL.runningQueries.useExtensionPacks": "all"
}
}
#+end_src
In some environments (e.g., older VS Code versions), you may also need to In some environments (e.g., older VS Code versions), you may also need to
replicate this setting in: replicate this setting in [[../.vscode/settings.json]]
: .../codeql-lab/.vscode/settings.json
* Verifying the Modeled Sink * Verifying the Modeled Sink
Once the modeling is in place, a dataflow query like the following can be used Once the modeling is in place, a dataflow query like the following can be used
@@ -281,7 +251,6 @@
| 13 | script | code-injection | | 13 | script | code-injection |
| 14 | "return {}" | code-injection | | 14 | "return {}" | code-injection |
* Identify usage of injection-related models in existing queries * Identify usage of injection-related models in existing queries
To verify whether existing CodeQL queries make use of the injection-related To verify whether existing CodeQL queries make use of the injection-related