hohn/codeql-workshop-sql-injection-java
1
0
Fork 0
mirror of https://github.com/hohn/codeql-workshop-sql-injection-java.git synced 2025-12-15 18:23:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add parts to build the codeql database in steps and provide log for comparison

Browse Source
This commit is contained in:
Michael Hohn
2025-01-10 13:49:49 -08:00
committed by =Michael Hohn
parent 161a1d54f8
commit 5aadf85fb6
5 changed files with 2051 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
session/simple.ql Normal file
View File

@@ -0,0 +1,13 @@
/**
* @name simple test
* @description simple test
* @kind problem
* @id cpp/simple
* @problem.severity warning
*/
import java
from Call read
where read.getCallee().getName() = "readLine"
select read, "Found readline"

2
session/AddUser.java → src/AddUser.java
View File

@@ -2,8 +2,6 @@ import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.SQLException;
break!!!
public class AddUser {
public static Connection connect() {
Connection conn = null;

116
src/README.org
View File

@@ -79,34 +79,122 @@
Then add this database directory to your VS Code =DATABASES= tab.
** (old / optional) Build the codeql database in steps
** (optional) Build the codeql database in steps
For larger projects, using a single command to build everything is costly when
any part of the build fails.
any part of the build fails. The sequence here is also used by the GHAS
default setup, so familiarity with it helps in reviewing logs.
The purpose of these sections is to illustrate the codeql commands used in
default setup and making the connection between the GHAS default action and the
CodeQL CLI explicit.
After running default setup and downloading the log, you will see the following
entries embedded in the full log, [[./logs/32779726737/0_Analyze
(java-kotlin).txt]]. They are repeated here for completeness; you can skip the
command-line options for now.
#+BEGIN_SRC sh
codeql version --format=json
codeql resolve languages --format=betterjson --extractor-options-verbosity=4 --extractor-include-aliases
codeql database init --force-overwrite --db-cluster /home/runner/work/_temp/codeql_databases --source-root=/home/runner/work/codeql-workshop-sql-injection-java/codeql-workshop-sql-injection-java --extractor-include-aliases --language=java --codescanning-config=/home/runner/work/_temp/user-config.yaml --build-mode=none --calculate-language-specific-baseline --sublanguage-file-coverage
codeql database trace-command --use-build-mode --working-dir /home/runner/work/codeql-workshop-sql-injection-java/codeql-workshop-sql-injection-java /home/runner/work/_temp/codeql_databases/java
codeql database finalize --finalize-dataset --threads=4 --ram=14567 /home/runner/work/_temp/codeql_databases/java
codeql database run-queries --ram=14567 --threads=4 /home/runner/work/_temp/codeql_databases/java --expect-discarded-cache --min-disk-free=1024 -v --intra-layer-parallelism
codeql database cleanup /home/runner/work/_temp/codeql_databases/java --cache-cleanup=brutal
codeql database bundle /home/runner/work/_temp/codeql_databases/java --output=/home/runner/work/_temp/codeql_databases/java.zip --name=java
#+END_SRC
To build a database in steps, use the following sequence, adjusting paths to
your setup:
To build a database in steps locally, use the following sequence, adjusting
paths to your setup:
#+BEGIN_SRC sh
# Build the db with source commit id.
export PATH=$HOME/local/vmsync/codeql250:"$PATH"
SRCDIR=$HOME/local/codeql-training-material.java-sqli/java/codeql-dataflow-sql-injection
SRCDIR=$HOME/local/codeql-workshop-sql-injection-java/src
DB=$SRCDIR/java-sqli-$(cd $SRCDIR && git rev-parse --short HEAD)
# Check paths
echo $DB
echo $SRCDIR
echo "DB will be: $DB"
echo "SRC is in: $SRCDIR"
# Prepare db directory
test -d "$DB" && rm -fR "$DB"
mkdir -p "$DB"
# Run the build
# Run the build, without --db-cluster
# Init database
cd $SRCDIR
codeql database init --language=java -s . -v $DB
# Repeat trace-command as needed to cover all targets
codeql database trace-command -v $DB -- make
codeql database finalize -j4 $DB
codeql database init \
--language=java \
--build-mode=none \
--source-root=. \
-v $DB
# Repeat trace-command as needed to cover all targets
codeql database trace-command \
--use-build-mode \
--working-dir . \
$DB
# Finalize database
codeql database finalize \
--finalize-dataset \
--threads=4 \
--ram=14567 \
$DB
# Use the database; get the location
echo $DB
# /Users/hohn/local/codeql-workshop-sql-injection-java/src/java-sqli-161a1d5
#+END_SRC
Then add this database directory to your VS Code =DATABASES= tab.
To also analyze the database just built, we use the log's command but add an
explicit query name:
#+BEGIN_SRC sh
codeql database run-queries \
--ram=14567 \
--threads=4 $DB \
--expect-discarded-cache \
--min-disk-free=1024 \
-v \
--intra-layer-parallelism \
-- \
../session/simple.ql
#+END_SRC
This only gives us a bqrs file, we want sarif. Checking help:
#+BEGIN_SRC text
codeql database run-queries --help
Usage: codeql database run-queries [OPTIONS] -- <database> [<query|dir|suite|pack>...]
[Plumbing] Run a set of queries together.
Run one or more queries against a CodeQL database, saving the results to the results
subdirectory of the database directory.
The results can later be converted to readable formats by codeql database interpret-results,
or query-for-query by with codeql bqrs decode or codeql bqrs interpret.
#+END_SRC
So we run the following
#+BEGIN_SRC sh
VERSION=$(cd $SRCDIR && git rev-parse --short HEAD)
codeql database interpret-results \
--format=sarifv2.1.0 \
-o simple-$VERSION.sarif \
-- $DB ../session/simple.ql
echo "Results in simple-$VERSION.sarif"
#+END_SRC
We kept the output for this sample in [[./simple-161a1d5.sarif]]

1470
src/logs/32779726737/0_Analyze (java-kotlin).txt Normal file
View File

File diff suppressed because it is too large Load Diff

466
src/simple-161a1d5.sarif Normal file
View File

@@ -0,0 +1,466 @@
{
"$schema": "https://json.schemastore.org/sarif-2.1.0.json",
"version": "2.1.0",
"runs": [
{
"tool": {
"driver": {
"name": "CodeQL",
"organization": "GitHub",
"semanticVersion": "2.20.0",
"notifications": [
{
"id": "java/baseline/expected-extracted-files",
"name": "java/baseline/expected-extracted-files",
"shortDescription": {
"text": "Expected extracted files"
},
"fullDescription": {
"text": "Files appearing in the source archive that are expected to be extracted."
},
"defaultConfiguration": {
"enabled": true
},
"properties": {
"tags": [
"expected-extracted-files",
"telemetry"
]
}
},
{
"id": "cli/build-mode",
"name": "cli/build-mode",
"shortDescription": {
"text": "A build mode was specified"
},
"fullDescription": {
"text": "A build mode was specified"
},
"defaultConfiguration": {
"enabled": true
}
},
{
"id": "cli/sip-enablement",
"name": "cli/sip-enablement",
"shortDescription": {
"text": "macOS SIP enablement status"
},
"fullDescription": {
"text": "macOS SIP enablement status"
},
"defaultConfiguration": {
"enabled": true
}
},
{
"id": "cli/database/interpret-results",
"name": "cli/database/interpret-results",
"shortDescription": {
"text": "CodeQL CLI: database interpret-results"
},
"fullDescription": {
"text": "CodeQL CLI: database interpret-results"
},
"defaultConfiguration": {
"enabled": true
}
},
{
"id": "java/autobuilder/buildless/mode-active",
"name": "java/autobuilder/buildless/mode-active",
"shortDescription": {
"text": "Java was extracted with build-mode set to 'none'"
},
"fullDescription": {
"text": "Java was extracted with build-mode set to 'none'"
},
"defaultConfiguration": {
"enabled": true
}
},
{
"id": "java/autobuilder/buildless/no-build-tool-advice",
"name": "java/autobuilder/buildless/no-build-tool-advice",
"shortDescription": {
"text": "Java analysis found no usable build tool"
},
"fullDescription": {
"text": "Java analysis found no usable build tool"
},
"defaultConfiguration": {
"enabled": true
}
},
{
"id": "java/autobuilder/buildless/jdk-system-default",
"name": "java/autobuilder/buildless/jdk-system-default",
"shortDescription": {
"text": "Java analysis used the system default JDK"
},
"fullDescription": {
"text": "Java analysis used the system default JDK"
},
"defaultConfiguration": {
"enabled": true
}
},
{
"id": "java/autobuilder/buildless/complete",
"name": "java/autobuilder/buildless/complete",
"shortDescription": {
"text": "Java analysis with build-mode 'none' completed"
},
"fullDescription": {
"text": "Java analysis with build-mode 'none' completed"
},
"defaultConfiguration": {
"enabled": true
}
}
],
"rules": [
{
"id": "cpp/simple",
"name": "cpp/simple",
"shortDescription": {
"text": "simple test"
},
"fullDescription": {
"text": "simple test"
},
"defaultConfiguration": {
"enabled": true,
"level": "warning"
},
"properties": {
"description": "simple test",
"id": "cpp/simple",
"kind": "problem",
"name": "simple test",
"problem.severity": "warning"
}
}
]
},
"extensions": [
{
"name": "codeql-workshop/java-sql-injection",
"semanticVersion": "0.0.1+161a1d54f8b84d282044f3678694f78265305b21",
"locations": [
{
"uri": "file:///Users/hohn/local/codeql-workshop-sql-injection-java/session/",
"description": {
"text": "The QL pack root directory."
},
"properties": {
"tags": [
"CodeQL/LocalPackRoot"
]
}
},
{
"uri": "file:///Users/hohn/local/codeql-workshop-sql-injection-java/session/qlpack.yml",
"description": {
"text": "The QL pack definition file."
},
"properties": {
"tags": [
"CodeQL/LocalPackDefinitionFile"
]
}
}
]
},
{
"name": "codeql/java-all",
"semanticVersion": "4.1.0+569b650916c26dc0559c066ad690f594ae70b8db",
"locations": [
{
"uri": "file:///Users/hohn/.codeql/packages/codeql/java-all/4.1.0/",
"description": {
"text": "The QL pack root directory."
},
"properties": {
"tags": [
"CodeQL/LocalPackRoot"
]
}
},
{
"uri": "file:///Users/hohn/.codeql/packages/codeql/java-all/4.1.0/qlpack.yml",
"description": {
"text": "The QL pack definition file."
},
"properties": {
"tags": [
"CodeQL/LocalPackDefinitionFile"
]
}
}
]
},
{
"name": "codeql/threat-models",
"semanticVersion": "1.0.9+569b650916c26dc0559c066ad690f594ae70b8db",
"locations": [
{
"uri": "file:///Users/hohn/.codeql/packages/codeql/threat-models/1.0.9/",
"description": {
"text": "The QL pack root directory."
},
"properties": {
"tags": [
"CodeQL/LocalPackRoot"
]
}
},
{
"uri": "file:///Users/hohn/.codeql/packages/codeql/threat-models/1.0.9/qlpack.yml",
"description": {
"text": "The QL pack definition file."
},
"properties": {
"tags": [
"CodeQL/LocalPackDefinitionFile"
]
}
}
]
}
]
},
"invocations": [
{
"toolExecutionNotifications": [
{
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "AddUser.java",
"uriBaseId": "%SRCROOT%",
"index": 0
}
}
}
],
"message": {
"text": ""
},
"level": "none",
"descriptor": {
"id": "java/baseline/expected-extracted-files",
"index": 0
},
"properties": {
"formattedMessage": {
"text": ""
}
}
},
{
"message": {
"text": "The none build mode was specified.",
"markdown": "The none build mode was specified."
},
"level": "none",
"timeUtc": "2025-01-10T21:12:49.316382Z",
"descriptor": {
"id": "cli/build-mode",
"index": 1
},
"properties": {
"attributes": {
"buildMode": "none"
},
"visibility": {
"statusPage": false,
"telemetry": true
}
}
},
{
"message": {
"text": ""
},
"level": "note",
"timeUtc": "2025-01-10T21:12:49.334953Z",
"descriptor": {
"id": "cli/sip-enablement",
"index": 2
},
"properties": {
"attributes": {
"isEnabled": true
},
"visibility": {
"statusPage": false,
"telemetry": true
}
}
},
{
"message": {
"text": "A fatal error occurred: Could not process query metadata for /Users/hohn/local/codeql-workshop-sql-injection-java/src/java-sqli-161a1d5/results/codeql-workshop/java-sql-injection/simple.bqrs.\nError was: Cannot process query metadata for a query without the '@kind' metadata property. To learn more, see https://codeql.github.com/docs/writing-codeql-queries/metadata-for-codeql-queries/ [NO_KIND_SPECIFIED]"
},
"level": "error",
"timeUtc": "2025-01-10T21:35:55.616131Z",
"descriptor": {
"id": "cli/database/interpret-results",
"index": 3
},
"properties": {
"attributes": {
"exitCode": 2
},
"visibility": {
"telemetry": false
}
}
},
{
"message": {
"text": "A fatal error occurred: Could not process query metadata for /Users/hohn/local/codeql-workshop-sql-injection-java/src/java-sqli-161a1d5/results/codeql-workshop/java-sql-injection/simple.bqrs.\nError was: Cannot process query metadata for a query without the '@kind' metadata property. To learn more, see https://codeql.github.com/docs/writing-codeql-queries/metadata-for-codeql-queries/ [NO_KIND_SPECIFIED]"
},
"level": "error",
"timeUtc": "2025-01-10T21:37:56.799098Z",
"descriptor": {
"id": "cli/database/interpret-results",
"index": 3
},
"properties": {
"attributes": {
"exitCode": 2
},
"visibility": {
"telemetry": false
}
}
},
{
"message": {
"text": "Java was extracted with build-mode set to 'none'. This means that all Java source in the working directory will be scanned, with build tools such as Maven and Gradle only contributing information about external dependencies.",
"markdown": "Java was extracted with build-mode set to 'none'. This means that all Java source in the working directory will be scanned, with build tools such as Maven and Gradle only contributing information about external dependencies."
},
"level": "note",
"timeUtc": "2025-01-10T21:15:46.780504Z",
"descriptor": {
"id": "java/autobuilder/buildless/mode-active",
"index": 4
},
"properties": {
"visibility": {
"statusPage": true,
"telemetry": true
}
}
},
{
"message": {
"text": "Because no usable build tool (Gradle, Maven, etc) was found, build scripts could not be queried for guidance about the appropriate JDK version for the code being extracted, or precise dependency information. The default JDK will be used, and external dependencies will be inferred from the Java package names used.",
"markdown": "Because no usable build tool (Gradle, Maven, etc) was found, build scripts could not be queried for guidance about the appropriate JDK version for the code being extracted, or precise dependency information. The default JDK will be used, and external dependencies will be inferred from the Java package names used."
},
"level": "none",
"timeUtc": "2025-01-10T21:15:46.823124Z",
"descriptor": {
"id": "java/autobuilder/buildless/no-build-tool-advice",
"index": 5
},
"properties": {
"visibility": {
"statusPage": false,
"telemetry": true
}
}
},
{
"message": {
"text": "Java analysis used the system default JDK.",
"markdown": "Java analysis used the system default JDK."
},
"level": "none",
"timeUtc": "2025-01-10T21:15:46.826485Z",
"descriptor": {
"id": "java/autobuilder/buildless/jdk-system-default",
"index": 6
},
"properties": {
"visibility": {
"statusPage": false,
"telemetry": true
}
}
},
{
"message": {
"text": "Java analysis with build-mode 'none' completed.",
"markdown": "Java analysis with build-mode 'none' completed."
},
"level": "none",
"timeUtc": "2025-01-10T21:15:53.761353Z",
"descriptor": {
"id": "java/autobuilder/buildless/complete",
"index": 7
},
"properties": {
"visibility": {
"statusPage": false,
"telemetry": true
}
}
}
],
"executionSuccessful": true
}
],
"artifacts": [
{
"location": {
"uri": "AddUser.java",
"uriBaseId": "%SRCROOT%",
"index": 0
}
}
],
"results": [
{
"ruleId": "cpp/simple",
"ruleIndex": 0,
"rule": {
"id": "cpp/simple",
"index": 0
},
"message": {
"text": "Found readline"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "AddUser.java",
"uriBaseId": "%SRCROOT%",
"index": 0
},
"region": {
"startLine": 20,
"startColumn": 16,
"endColumn": 43
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "35e0e9191319eb2b:1",
"primaryLocationStartColumnFingerprint": "7"
}
}
],
"columnKind": "utf16CodeUnits",
"properties": {
"semmle.formatSpecifier": "sarifv2.1.0"
}
}
]
}