hohn/codeql-lab
1
0
Fork 0
mirror of https://github.com/hohn/codeql-lab.git synced 2025-12-16 09:53:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

wip: codeql-sqlite: * Using sqlite to illustrate models-as-data

Browse Source
This commit is contained in:
Michael Hohn
2025-07-09 15:41:37 -07:00
committed by =Michael Hohn
parent e2e555c44c
commit 55745c1362
5 changed files with 57 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/java-sqlite-e2e555c.db.zip (Stored with Git LFS) Normal file
View File

Binary file not shown.

15
codeql-sqlite/Illustrations.ql Normal file
View File

@@ -0,0 +1,15 @@
/**
* @name Illustrations
* @description Illustrations of some codeql classes.
*/
import java
import semmle.code.java.dataflow.FlowSources
import semmle.code.java.security.SqlInjectionQuery
import QueryInjectionFlow::PathGraph
// Find starting points -- UserInput etc. -- from
// ql/cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql
from UserInput ui, QueryInjectionSink qsi
select ui, qsi

34
codeql-sqlite/README.org
View File

@@ -1,3 +1,27 @@
* Using sqlite to illustrate models-as-data
This description uses / recycles a codeql workshop. The original instructions
are below: [[*SQL injection example][SQL injection example]]
** Build the codeql database
To get started, build the codeql database (adjust paths to your setup):
#+BEGIN_SRC sh
# Build the db with source commit id.
SRCDIR=$(pwd)
DB=$SRCDIR/java-sqlite-$(cd $SRCDIR && git rev-parse --short HEAD).db
echo $DB
test -d "$DB" && rm -fR "$DB"
mkdir -p "$DB"
# Use the correct codeql
export PATH="$(cd ../codeql && pwd):$PATH"
codeql database create --language=java -s . -j 8 -v $DB --command='./build.sh'
# Check for AddUser in the db
unzip -v $DB/src.zip | grep AddUser
#+END_SRC
Then add this database directory to your VS Code =DATABASES= tab.
* SQL injection example
This directory contains the problematic Java source code. The rest of this
README describes
@@ -65,13 +89,15 @@
#+BEGIN_SRC sh
# Build the db with source commit id.
SRCDIR=$(pwd)
DB=$SRCDIR/java-sqli-$(cd $SRCDIR && git rev-parse --short HEAD)
DB=$SRCDIR/java-sqlite-$(cd $SRCDIR && git rev-parse --short HEAD).db
echo $DB
test -d "$DB" && rm -fR "$DB"
mkdir -p "$DB"
cd $SRCDIR && codeql database create --language=java -s . -j 8 -v $DB --command='./build.sh'
# Use the correct codeql
export PATH="$(cd ../codeql && pwd):$PATH"
codeql database create --language=java -s . -j 8 -v $DB --command='./build.sh'
# Check for AddUser in the db
unzip -v $DB/src.zip | grep AddUser
@@ -193,7 +219,3 @@
echo "Results in simple-$VERSION.sarif"
#+END_SRC
We kept the output for this sample in [[./simple-161a1d5.sarif]]

4
codeql-sqlite/codeql-pack.lock.yml Normal file
View File

@@ -0,0 +1,4 @@
---
lockVersion: 1.0.0
dependencies: {}
compiled: false

7
codeql-sqlite/qlpack.yml Normal file
View File

@@ -0,0 +1,7 @@
# Change 'getting-started' to the name of a user or organization that you have write access to.
name: codeql-sqlite/codeql-extra-queries-java
version: 0.0.0
dependencies:
# This uses the latest version of the codeql/java-all library.
# You may want to change to a more precise semver string.
codeql/java-all: "*"