wip

README.org

@@ -66,6 +66,84 @@
 ** Additional Structure Notes
    - The original upstream README.md is preserved at [[./README-vscode-codeql-starter.md]]
 
+* Possible Reading Orders
+
+** Data Flow 
+*** Debugging data flow config (instead of taint flow), Java
+    We can illustrate taint-flow debugging in the Java SQL injection sample
+    - [[./codeql-sqlite/TaintFlowDebugging.ql]]
+    - [[./codeql-sqlite/TaintFlowDebugging.md]]
+
+*** Debugging data flow config (instead of taint flow), C
+
+** Modeling
+*** Review: SQLite Injection Workshop, Java
+    - Recap the Java-based injection example.
+
+*** Customizations via codeql, java
+      - codeql-dataflow-sql-injection/README.org, [[file:codeql-dataflow-sql-injection/README.org::*supplement codeql: Add to FlowSource or a subclass][supplement codeql: Add to FlowSource or a subclass]]
+      - TODO raw md from staging: codeql-dataflow-sql-injection/incoming.codeql-customizations-workshop.md
+
+*** Model Editor: Simplest Case, Java
+    - Extend the Java example using the model editor.
+    - Explain how "models-as-data" works under the hood.
+    - customizations using models-as-data, via model editor
+      - editor as illustration tool
+    - customizations using models-as-data, via text
+      - continue with codeql-dataflow-sql-injection
+      - [[file:codeql-dataflow-sql-injection/README.org::*supplement codeql: Add to models-as-data][supplement codeql: Add to models-as-data]]
+
+*** Jedis Example: Scale Demonstration, Java
+    - Use Jedis (Java Redis client) to show modeling at scale.
+    - Emphasize quantity; CodeQL logic is unchanged from #2.
+
+*** TODO Review: SQLite Injection Workshop (C)
+    - C++ version of the workshop.
+
+*** TODO (Optional) Extending Queries with Customizations.qll
+    - Supported in most languages, but not C++ by default.
+    - Can be enabled by building a custom CodeQL bundle.
+    - Use this CLI tool: https://github.com/advanced-security/codeql-bundle
+
+    - USE language in name
+
+    - Demonstrate using `codeql-lab`.
+      + in [[./codeql-sqlite/README.org]]
+      + ql/cpp/ql/lib/semmle/code/cpp/security/FlowSources.qll
+        #+BEGIN_SRC text
+          abstract class FlowSource extends DataFlow::Node 
+        #+END_SRC
+
+      + The other languages include Customizations.qll via <language.qll>, e.g.,
+        ql/python/ql/lib/python.qll
+        1. Modify
+           : ql/python/ql/lib/python.qll
+        2. Add
+           : ql/python/ql/lib/Customizations.qll
+
+      + For C/C++,
+        1. Modify
+           : ql/cpp/ql/lib/cpp.qll
+        2. Add
+           : ql/cpp/ql/lib/Customizations.qll
+
+*** TODO Use models-as-data QL code directly (no graphical editor).
+    
+
+      
+    - The model definition files exist
+    - Data files exist
+    - There is no editor
+    - Generate YAML manually.
+    - customizations using models-as-data, via text
+      - continue with codeql-dataflow-sql-injection
+      - The ./ql/cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql query works out of
+        the box
+      - Add =char* get_user_info()= as extra source for illustration
+
+
+** TODO codeql-bundling
+
 * Tool Setup
   Some scripts are used here, found in [[./bin/]].  To ensure the ones written in
   Python have access to prerequites, set up a virtual environment via