hohn/codeql-lab
1
0
Fork 0
mirror of https://github.com/hohn/codeql-lab.git synced 2025-12-16 18:03:08 +01:00
Code Issues Packages Projects Releases Wiki Activity

wip: codeql-sqlite: * Using sqlite to illustrate models-as-data

Browse Source
This commit is contained in:
Michael Hohn
2025-07-09 15:41:37 -07:00
committed by =Michael Hohn
parent e2e555c44c
commit 55745c1362
5 changed files with 57 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/java-sqlite-e2e555c.db.zip (Stored with Git LFS) Normal file
View File

Binary file not shown.

15
codeql-sqlite/Illustrations.ql Normal file
View File

@@ -0,0 +1,15 @@
/**
* @name Illustrations
* @description Illustrations of some codeql classes.
*/
import java
import semmle.code.java.dataflow.FlowSources
import semmle.code.java.security.SqlInjectionQuery
import QueryInjectionFlow::PathGraph
// Find starting points -- UserInput etc. -- from
// ql/cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql
from UserInput ui, QueryInjectionSink qsi
select ui, qsi

34
codeql-sqlite/README.org
View File

@@ -1,3 +1,27 @@
* Using sqlite to illustrate models-as-data
This description uses / recycles a codeql workshop. The original instructions
are below: [[*SQL injection example][SQL injection example]]
** Build the codeql database
To get started, build the codeql database (adjust paths to your setup):
#+BEGIN_SRC sh
# Build the db with source commit id.
SRCDIR=$(pwd)
DB=$SRCDIR/java-sqlite-$(cd $SRCDIR && git rev-parse --short HEAD).db
echo $DB
test -d "$DB" && rm -fR "$DB"
mkdir -p "$DB"
# Use the correct codeql
export PATH="$(cd ../codeql && pwd):$PATH"
codeql database create --language=java -s . -j 8 -v $DB --command='./build.sh'
# Check for AddUser in the db
unzip -v $DB/src.zip | grep AddUser
#+END_SRC
Then add this database directory to your VS Code =DATABASES= tab.
* SQL injection example * SQL injection example
This directory contains the problematic Java source code. The rest of this This directory contains the problematic Java source code. The rest of this
README describes README describes
@@ -65,13 +89,15 @@
#+BEGIN_SRC sh #+BEGIN_SRC sh
# Build the db with source commit id. # Build the db with source commit id.
SRCDIR=$(pwd) SRCDIR=$(pwd)
DB=$SRCDIR/java-sqli-$(cd $SRCDIR && git rev-parse --short HEAD) DB=$SRCDIR/java-sqlite-$(cd $SRCDIR && git rev-parse --short HEAD).db
echo $DB echo $DB
test -d "$DB" && rm -fR "$DB" test -d "$DB" && rm -fR "$DB"
mkdir -p "$DB" mkdir -p "$DB"
cd $SRCDIR && codeql database create --language=java -s . -j 8 -v $DB --command='./build.sh' # Use the correct codeql
export PATH="$(cd ../codeql && pwd):$PATH"
codeql database create --language=java -s . -j 8 -v $DB --command='./build.sh'
# Check for AddUser in the db # Check for AddUser in the db
unzip -v $DB/src.zip | grep AddUser unzip -v $DB/src.zip | grep AddUser
@@ -193,7 +219,3 @@
echo "Results in simple-$VERSION.sarif" echo "Results in simple-$VERSION.sarif"
#+END_SRC #+END_SRC
We kept the output for this sample in [[./simple-161a1d5.sarif]] We kept the output for this sample in [[./simple-161a1d5.sarif]]

4
codeql-sqlite/codeql-pack.lock.yml Normal file
View File

@@ -0,0 +1,4 @@
---
lockVersion: 1.0.0
dependencies: {}
compiled: false

7
codeql-sqlite/qlpack.yml Normal file
View File

@@ -0,0 +1,7 @@
# Change 'getting-started' to the name of a user or organization that you have write access to.
name: codeql-sqlite/codeql-extra-queries-java
version: 0.0.0
dependencies:
# This uses the latest version of the codeql/java-all library.
# You may want to change to a more precise semver string.
codeql/java-all: "*"