hohn/codeql-lab
1
0
Fork 0
mirror of https://github.com/hohn/codeql-lab.git synced 2025-12-16 18:03:08 +01:00
Code Issues Packages Projects Releases Wiki Activity

clarify *** Customizations via Model Editor: Jedis Example (Java Redis client)

Browse Source
This commit is contained in:
Michael Hohn
2025-07-30 15:52:38 -07:00
committed by =Michael Hohn
parent b65a498fcc
commit 68be793ee2
1 changed files with 11 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
README.org
View File

@@ -97,8 +97,18 @@
customization process can be found in customization process can be found in
[[./codeql-dataflow-sql-injection-c/incoming.codeql-customizations-workshop.md][incoming.codeql-customizations-workshop.md]]. [[./codeql-dataflow-sql-injection-c/incoming.codeql-customizations-workshop.md][incoming.codeql-customizations-workshop.md]].
*** Customizations via Model Editor: Jedis Example (Java Redis client)
The Jedis example is a straightforward case with no unexpected
behavior. Although the library contains many functions, they follow a simple
and repetitive pattern, making it ideal for large-scale modeling. The CodeQL
model editor can be used to efficiently define sources and sinks for such
cases. A detailed explanation is provided
in [[file:~/work-gh/codeql-lab/codeql-jedis-java/README.org::*Modeling Jedis as a Dependency in Model Editor][Modeling Jedis as a Dependency in Model Editor]], while validation of
the modeled sink is discussed in [[file:~/work-gh/codeql-lab/codeql-jedis-java/README.org::*Verifying the Modeled Sink][Verifying the Modeled Sink]].
Finally, the query-level usage of these models can be seen
in [[file:~/work-gh/codeql-lab/codeql-jedis-java/README.org::*Identify usage of injection-related models in existing queries][Identify usage of injection-related models in existing queries]].
*** Model Editor: Single-function case (Java SQLite sample) *** Customizations via Model Editor: Single-function case (Java SQLite sample)
1. Extend the Java example using the model editor. The data and spec are present. 1. Extend the Java example using the model editor. The data and spec are present.
1. This sample illustrates a subtle problem with the model editor: 1. This sample illustrates a subtle problem with the model editor:
=java.io.Console.readLine()= is already modeled as a /taint step/ and =java.io.Console.readLine()= is already modeled as a /taint step/ and
@@ -113,14 +123,6 @@
by inspecting representative queries such as: by inspecting representative queries such as:
[[file:~/work-gh/codeql-lab/ql/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql::@name Query built from user-controlled sources]] [[file:~/work-gh/codeql-lab/ql/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql::@name Query built from user-controlled sources]]
*** Model Editor: Jedis Example (Java Redis client)
1. This sample is straightforward and has no surprises.
2. There are many functions, but they all follow a simple, repetitive pattern.
3. Use the model editor to define sources and sinks at scale.
4. Explanation: [[file:~/work-gh/codeql-lab/codeql-jedis-java/README.org::*Modeling Jedis as a Dependency in Model Editor][Modeling Jedis as a Dependency in Model Editor]]
5. Validation: [[file:~/work-gh/codeql-lab/codeql-jedis-java/README.org::*Verifying the Modeled Sink][Verifying the Modeled Sink]]
6. Query usage: [[file:~/work-gh/codeql-lab/codeql-jedis-java/README.org::*Identify usage of injection-related models in existing queries][Identify usage of injection-related models in existing queries]]
*** TODO Review: SQLite Injection Workshop (C) *** TODO Review: SQLite Injection Workshop (C)
- C++ version of the workshop. - C++ version of the workshop.