diff --git a/codeql-jedis/README.org b/codeql-jedis/README.org index 237b5ed..cd19bba 100644 --- a/codeql-jedis/README.org +++ b/codeql-jedis/README.org @@ -252,7 +252,6 @@ | 14 | "return {}" | code-injection | * Identify usage of injection-related models in existing queries - To verify whether existing CodeQL queries make use of the injection-related models, we can search for files in the =ql/java= and =ql/cpp= directories that contain the string =-injection=. This string often appears in taint-tracking @@ -290,7 +289,6 @@ These files include both top-level queries (under =src/Security/...=) and reusable model libraries (under =lib/semmle/...=). Experimental and framework-specific queries are also included. ** C++ Queries - Likewise, to check for C++ queries that reference =-injection=, use: #+BEGIN_SRC sh @@ -309,6 +307,7 @@ These files indicate active use of injection-related taint tracking in the C++ suite as well. * TODO for java, the sqltainted query will find the sink, not the source yet. + [[../ql/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql]] * TODO vulnerable sample, jedis Running the model editor a jedis db models jedis dependencies; we need jedis /as/ dependency to model it. diff --git a/codeql-jedis/src-sqlite/AddUser.java b/codeql-sqlite/AddUser.java similarity index 100% rename from codeql-jedis/src-sqlite/AddUser.java rename to codeql-sqlite/AddUser.java diff --git a/codeql-jedis/src-sqlite/README.org b/codeql-sqlite/README.org similarity index 100% rename from codeql-jedis/src-sqlite/README.org rename to codeql-sqlite/README.org diff --git a/codeql-jedis/src-sqlite/add-user b/codeql-sqlite/add-user similarity index 100% rename from codeql-jedis/src-sqlite/add-user rename to codeql-sqlite/add-user diff --git a/codeql-jedis/src-sqlite/admin b/codeql-sqlite/admin similarity index 100% rename from codeql-jedis/src-sqlite/admin rename to codeql-sqlite/admin diff --git a/codeql-jedis/src-sqlite/build.sh b/codeql-sqlite/build.sh similarity index 100% rename from codeql-jedis/src-sqlite/build.sh rename to codeql-sqlite/build.sh diff --git a/codeql-jedis/src-sqlite/sarif-summary.jq b/codeql-sqlite/sarif-summary.jq similarity index 100% rename from codeql-jedis/src-sqlite/sarif-summary.jq rename to codeql-sqlite/sarif-summary.jq diff --git a/codeql-jedis/src-sqlite/sqlite-jdbc-3.36.0.1.jar b/codeql-sqlite/sqlite-jdbc-3.36.0.1.jar similarity index 100% rename from codeql-jedis/src-sqlite/sqlite-jdbc-3.36.0.1.jar rename to codeql-sqlite/sqlite-jdbc-3.36.0.1.jar