diff --git a/assets/java-sqlite-e2e555c.db.zip b/assets/java-sqlite-e2e555c.db.zip new file mode 100644 index 0000000..cd36c2f --- /dev/null +++ b/assets/java-sqlite-e2e555c.db.zip @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c258912817e4e054263761f04ac3326c2f95d7a6c8a02cd3e604221badef50a8 +size 734099 diff --git a/codeql-sqlite/Illustrations.ql b/codeql-sqlite/Illustrations.ql new file mode 100644 index 0000000..967b24d --- /dev/null +++ b/codeql-sqlite/Illustrations.ql @@ -0,0 +1,15 @@ +/** + * @name Illustrations + * @description Illustrations of some codeql classes. + */ + +import java +import semmle.code.java.dataflow.FlowSources +import semmle.code.java.security.SqlInjectionQuery +import QueryInjectionFlow::PathGraph + +// Find starting points -- UserInput etc. -- from +// ql/cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql + +from UserInput ui, QueryInjectionSink qsi +select ui, qsi diff --git a/codeql-sqlite/README.org b/codeql-sqlite/README.org index 0552543..768ade3 100644 --- a/codeql-sqlite/README.org +++ b/codeql-sqlite/README.org @@ -1,3 +1,27 @@ +* Using sqlite to illustrate models-as-data + This description uses / recycles a codeql workshop. The original instructions + are below: [[*SQL injection example][SQL injection example]] +** Build the codeql database + To get started, build the codeql database (adjust paths to your setup): + #+BEGIN_SRC sh + # Build the db with source commit id. + SRCDIR=$(pwd) + DB=$SRCDIR/java-sqlite-$(cd $SRCDIR && git rev-parse --short HEAD).db + + echo $DB + test -d "$DB" && rm -fR "$DB" + mkdir -p "$DB" + + # Use the correct codeql + export PATH="$(cd ../codeql && pwd):$PATH" + codeql database create --language=java -s . -j 8 -v $DB --command='./build.sh' + + # Check for AddUser in the db + unzip -v $DB/src.zip | grep AddUser + #+END_SRC + Then add this database directory to your VS Code =DATABASES= tab. + + * SQL injection example This directory contains the problematic Java source code. The rest of this README describes @@ -65,13 +89,15 @@ #+BEGIN_SRC sh # Build the db with source commit id. SRCDIR=$(pwd) - DB=$SRCDIR/java-sqli-$(cd $SRCDIR && git rev-parse --short HEAD) + DB=$SRCDIR/java-sqlite-$(cd $SRCDIR && git rev-parse --short HEAD).db echo $DB test -d "$DB" && rm -fR "$DB" mkdir -p "$DB" - cd $SRCDIR && codeql database create --language=java -s . -j 8 -v $DB --command='./build.sh' + # Use the correct codeql + export PATH="$(cd ../codeql && pwd):$PATH" + codeql database create --language=java -s . -j 8 -v $DB --command='./build.sh' # Check for AddUser in the db unzip -v $DB/src.zip | grep AddUser @@ -193,7 +219,3 @@ echo "Results in simple-$VERSION.sarif" #+END_SRC We kept the output for this sample in [[./simple-161a1d5.sarif]] - - - - diff --git a/codeql-sqlite/codeql-pack.lock.yml b/codeql-sqlite/codeql-pack.lock.yml new file mode 100644 index 0000000..5300427 --- /dev/null +++ b/codeql-sqlite/codeql-pack.lock.yml @@ -0,0 +1,4 @@ +--- +lockVersion: 1.0.0 +dependencies: {} +compiled: false diff --git a/codeql-sqlite/qlpack.yml b/codeql-sqlite/qlpack.yml new file mode 100644 index 0000000..96ce683 --- /dev/null +++ b/codeql-sqlite/qlpack.yml @@ -0,0 +1,7 @@ +# Change 'getting-started' to the name of a user or organization that you have write access to. +name: codeql-sqlite/codeql-extra-queries-java +version: 0.0.0 +dependencies: + # This uses the latest version of the codeql/java-all library. + # You may want to change to a more precise semver string. + codeql/java-all: "*"