diff --git a/java-demo.code-workspace b/java-demo.code-workspace index 7907a16..2110031 100644 --- a/java-demo.code-workspace +++ b/java-demo.code-workspace @@ -9,6 +9,7 @@ } ], "settings": { - "git.ignoreLimitWarning": true + "git.ignoreLimitWarning": true, + "sarif-viewer.connectToGithubCodeScanning": "off" } } \ No newline at end of file diff --git a/session/README.org b/session/README.org index 78796fe..4ded83c 100644 --- a/session/README.org +++ b/session/README.org @@ -23,11 +23,16 @@ Query results are available in several output formats using the cli. The following produces the sarif format, a json-based result description. + Requires [[file:~/local/codeql-workshop-sql-injection-java/src/README.org::*Build the codeql database][Build the codeql database]] + #+BEGIN_SRC sh # The setup information from before - SRCDIR=$HOME/local/codeql-training-material.java-sqli/java/codeql-dataflow-sql-injection + SRCDIR=$HOME/local/codeql-workshop-sql-injection-java DB=$SRCDIR/java-sqli-$(cd $SRCDIR && git rev-parse --short HEAD) + # The directory containing the query + SESSIONDIR=$(pwd -P) + # Check paths echo $DB echo $SRCDIR @@ -35,18 +40,18 @@ # To see the help codeql database analyze -h - # Run a query + # Run a query \ codeql database analyze \ -v \ --ram=14000 \ -j12 \ --rerun \ - --search-path ~/local/vmsync/ql \ --format=sarif-latest \ --output java-sqli.sarif \ + --sarif-include-query-help=always \ -- \ $DB \ - $SRCDIR/SqlInjection.ql + $SESSIONDIR/full-query.ql # Examine the file in an editor edit java-sqli.sarif