hohn/codeql-lab
1
0
Fork 0
mirror of https://github.com/hohn/codeql-lab.git synced 2025-12-16 09:53:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

* TODO vulnerable sample, jedis

Browse Source
This commit is contained in:
Michael Hohn
2025-07-08 17:45:27 -07:00
committed by =Michael Hohn
parent e8426847f4
commit 3324221c8b
1 changed files with 6 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
codeql-jedis/README.org
View File

@@ -183,10 +183,7 @@
=sqlite-jdbc-3.36.0.1.jar=, so we can use it to illustrate modeling on a smaller =sqlite-jdbc-3.36.0.1.jar=, so we can use it to illustrate modeling on a smaller
example. example.
* Modeling jedis as dependency * TODO Modeling jedis as dependency
Running the model editor a jedis db models jedis dependencies; we need jedis
/as/ dependency to model it.
Using the Using the
- model as depedency option - model as depedency option
the query run by model editor is the query run by model editor is
@@ -337,10 +334,12 @@
These files indicate active use of injection-related taint tracking in the C++ suite as well. These files indicate active use of injection-related taint tracking in the C++ suite as well.
* TODO for java, the sqltainted query will find the sink, not the source yet. * TODO for java, the sqltainted query will find the sink, not the source yet.
* TODO vulnerable sample, jedis
* TODO vulnerable sample Running the model editor a jedis db models jedis dependencies; we need jedis
/as/ dependency to model it.
* TODO vulnerable sample, sqlite
For .eval() to show in a query, it has to be used in an application. So we For .eval() to show in a query, it has to be used in an application. So we
modify src-sqlite/AddUser.java for jedis. modify src-sqlite/AddUser.java for jedis.