hohn/codeql-lab
1
0
Fork 0
mirror of https://github.com/hohn/codeql-lab.git synced 2025-12-16 09:53:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

revise *** Extending Queries with Customizations.qll for C

Browse Source
This commit is contained in:
Michael Hohn
2025-07-30 16:10:40 -07:00
committed by =Michael Hohn
parent 732e3706e4
commit 6583c5a76f
1 changed files with 23 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
README.org
View File

@@ -127,32 +127,32 @@
[[./ql/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql][SqlTainted.ql]]. [[./ql/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql][SqlTainted.ql]].
*** TODO Review: SQLite Injection Workshop (C) *** Review: SQLite Injection Workshop (C)
- C++ version of the workshop. This is the C version of the workshop.
*** TODO Extending Queries with Customizations.qll for C *** Extending Queries with Customizations.qll for C
- Supported in most languages, but not C++ by default. While most CodeQL-supported languages provide out-of-the-box support for
- Can be enabled by building a custom CodeQL bundle. `Customizations.qll`, C and C++ do not include this by default. However, it is
- Use this CLI tool: https://github.com/advanced-security/codeql-bundle possible to enable such support by building a custom CodeQL bundle. This can
- Demonstrate using `codeql-lab`. be done using the CLI tool at
+ in [[./codeql-sqlite-java/README.org]] https://github.com/advanced-security/codeql-bundle. Since the tool functions
+ ql/cpp/ql/lib/semmle/code/cpp/security/FlowSources.qll largely as a black box, we provide a more detailed illustration of the
#+BEGIN_SRC text underlying steps.
abstract class FlowSource extends DataFlow::Node
#+END_SRC
+ The other languages include Customizations.qll via <language.qll>, e.g., A working demonstration is available in
ql/python/ql/lib/python.qll [[./codeql-dataflow-sql-injection-c/README.org]]. In languages like Java,
1. Modify `Customizations.qll` is included automatically via imports from
: ql/python/ql/lib/python.qll `<language>.qll`, such as [[./ql/java/ql/lib/java.qll][java.qll]] importing [[./ql/java/ql/lib/Customizations.qll][Customizations.qll]], which defines
2. Add user-extensible predicates for flow modeling.
: ql/python/ql/lib/Customizations.qll
+ For C/C++, For C/C++, the process requires explicit modification:
1. Modify 1. Modify `ql/cpp/ql/lib/cpp.qll` to import `Customizations.qll`.
: ql/cpp/ql/lib/cpp.qll 2. Create and populate `ql/cpp/ql/lib/Customizations.qll` with custom sources/sinks or extensions.
2. Add 3. Rebuild the CodeQL bundle to include these changes.
: ql/cpp/ql/lib/Customizations.qll
This customization enables consistent user-defined flow modeling across
languages, making it possible to reuse modeling patterns from Java or Python
in C/C++ contexts.
*** TODO Use models-as-data QL code directly (no graphical editor). *** TODO Use models-as-data QL code directly (no graphical editor).
summary summary