hohn/codeql-lab
1
0
Fork 0
mirror of https://github.com/hohn/codeql-lab.git synced 2025-12-16 09:53:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

clarify *** Customizations via Model Editor: Jedis Example (Java Redis client)

Browse Source
This commit is contained in:
Michael Hohn
2025-07-30 15:52:38 -07:00
committed by =Michael Hohn
parent b65a498fcc
commit 68be793ee2
1 changed files with 11 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
README.org
View File

@@ -97,8 +97,18 @@
customization process can be found in
[[./codeql-dataflow-sql-injection-c/incoming.codeql-customizations-workshop.md][incoming.codeql-customizations-workshop.md]].
*** Customizations via Model Editor: Jedis Example (Java Redis client)
The Jedis example is a straightforward case with no unexpected
behavior. Although the library contains many functions, they follow a simple
and repetitive pattern, making it ideal for large-scale modeling. The CodeQL
model editor can be used to efficiently define sources and sinks for such
cases. A detailed explanation is provided
in [[file:~/work-gh/codeql-lab/codeql-jedis-java/README.org::*Modeling Jedis as a Dependency in Model Editor][Modeling Jedis as a Dependency in Model Editor]], while validation of
the modeled sink is discussed in [[file:~/work-gh/codeql-lab/codeql-jedis-java/README.org::*Verifying the Modeled Sink][Verifying the Modeled Sink]].
Finally, the query-level usage of these models can be seen
in [[file:~/work-gh/codeql-lab/codeql-jedis-java/README.org::*Identify usage of injection-related models in existing queries][Identify usage of injection-related models in existing queries]].
*** Model Editor: Single-function case (Java SQLite sample)
*** Customizations via Model Editor: Single-function case (Java SQLite sample)
1. Extend the Java example using the model editor. The data and spec are present.
1. This sample illustrates a subtle problem with the model editor:
=java.io.Console.readLine()= is already modeled as a /taint step/ and
@@ -113,14 +123,6 @@
by inspecting representative queries such as:
[[file:~/work-gh/codeql-lab/ql/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql::@name Query built from user-controlled sources]]
*** Model Editor: Jedis Example (Java Redis client)
1. This sample is straightforward and has no surprises.
2. There are many functions, but they all follow a simple, repetitive pattern.
3. Use the model editor to define sources and sinks at scale.
4. Explanation: [[file:~/work-gh/codeql-lab/codeql-jedis-java/README.org::*Modeling Jedis as a Dependency in Model Editor][Modeling Jedis as a Dependency in Model Editor]]
5. Validation: [[file:~/work-gh/codeql-lab/codeql-jedis-java/README.org::*Verifying the Modeled Sink][Verifying the Modeled Sink]]
6. Query usage: [[file:~/work-gh/codeql-lab/codeql-jedis-java/README.org::*Identify usage of injection-related models in existing queries][Identify usage of injection-related models in existing queries]]
*** TODO Review: SQLite Injection Workshop (C)
- C++ version of the workshop.