From 04e366d0a021866ada2e866c3820084fb9723a84 Mon Sep 17 00:00:00 2001 From: Michael Hohn Date: Tue, 16 Apr 2024 18:54:17 -0700 Subject: [PATCH] Updated readme information --- java-demo.code-workspace | 3 ++- session/README.org | 13 +++++++++---- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/java-demo.code-workspace b/java-demo.code-workspace index 7907a16..2110031 100644 --- a/java-demo.code-workspace +++ b/java-demo.code-workspace @@ -9,6 +9,7 @@ } ], "settings": { - "git.ignoreLimitWarning": true + "git.ignoreLimitWarning": true, + "sarif-viewer.connectToGithubCodeScanning": "off" } } \ No newline at end of file diff --git a/session/README.org b/session/README.org index 78796fe..4ded83c 100644 --- a/session/README.org +++ b/session/README.org @@ -23,11 +23,16 @@ Query results are available in several output formats using the cli. The following produces the sarif format, a json-based result description. + Requires [[file:~/local/codeql-workshop-sql-injection-java/src/README.org::*Build the codeql database][Build the codeql database]] + #+BEGIN_SRC sh # The setup information from before - SRCDIR=$HOME/local/codeql-training-material.java-sqli/java/codeql-dataflow-sql-injection + SRCDIR=$HOME/local/codeql-workshop-sql-injection-java DB=$SRCDIR/java-sqli-$(cd $SRCDIR && git rev-parse --short HEAD) + # The directory containing the query + SESSIONDIR=$(pwd -P) + # Check paths echo $DB echo $SRCDIR @@ -35,18 +40,18 @@ # To see the help codeql database analyze -h - # Run a query + # Run a query \ codeql database analyze \ -v \ --ram=14000 \ -j12 \ --rerun \ - --search-path ~/local/vmsync/ql \ --format=sarif-latest \ --output java-sqli.sarif \ + --sarif-include-query-help=always \ -- \ $DB \ - $SRCDIR/SqlInjection.ql + $SESSIONDIR/full-query.ql # Examine the file in an editor edit java-sqli.sarif