hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 18:25:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

docs: rename ql-training-rst > ql-training

Browse Source
This commit is contained in:
james
2019-08-30 16:53:33 +01:00
parent c8dd5e620c
commit 65573492e7
113 changed files with 0 additions and 118 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
docs/language/ql-training/query-examples/java/data-flow-java-1.ql Normal file
View File

@@ -0,0 +1,11 @@
import java
class StringConcat extends AddExpr {
StringConcat() { getType() instanceof TypeString }
}
from MethodAccess ma
where
ma.getMethod().getName().matches("sparql%Query") and
ma.getArgument(0) instanceof StringConcat
select ma, "SPARQL query vulnerable to injection."

8
docs/language/ql-training/query-examples/java/data-flow-java-2.ql Normal file
View File

@@ -0,0 +1,8 @@
import java
import semmle.code.java.dataflow.DataFlow::DataFlow
from MethodAccess ma, StringConcat stringConcat
where
ma.getMethod().getName().matches("sparql%Query") and
localFlow(exprNode(stringConcat), exprNode(ma.getArgument(0)))
select ma, "SPARQL query vulnerable to injection."

12
docs/language/ql-training/query-examples/java/empty-if-java-class.ql Normal file
View File

@@ -0,0 +1,12 @@
import java
class EmptyBlock extends Block {
EmptyBlock() {
this.getNumStmt() = 0
}
from IfStmt ifstmt
where ifstmt.getThen() instanceof
EmptyBlock
select ifstmt

11
docs/language/ql-training/query-examples/java/empty-if-java-model.ql Normal file
View File

@@ -0,0 +1,11 @@
import java
class EmptyBlock extends Block {
EmptyBlock() { this.getNumStmt() = 0 }
}
from IfStmt ifstmt
where
ifstmt.getThen() instanceof EmptyBlock and
not exists(ifstmt.getElse())
select ifstmt, "This if-statement is redundant."

9
docs/language/ql-training/query-examples/java/empty-if-java-predicate.ql Normal file
View File

@@ -0,0 +1,9 @@
import java
predicate isEmpty(Block block) {
block.getNumStmt() = 0
}
from IfStmt ifstmt
where isEmpty(ifstmt.getThen())
select ifstmt

7
docs/language/ql-training/query-examples/java/empty-if-java.ql Normal file
View File

@@ -0,0 +1,7 @@
import java
from IfStmt ifstmt, Block block
where
block = ifstmt.getThen() and
block.getNumStmt() = 0
select ifstmt, "This if-statement is redundant."

14
docs/language/ql-training/query-examples/java/global-data-flow-java-1.ql Normal file
View File

@@ -0,0 +1,14 @@
import java
import semmle.code.java.dataflow.TaintTracking
class TaintedOGNLConfig extends TaintTracking::Configuration {
TaintedOGNLConfig() { this = "TaintedOGNLConfig" }
override predicate isSource(DataFlow::Node source) { /* TBD */ }
override predicate isSink(DataFlow::Node sink) { /* TBD */ }
}
from TaintedOGNLConfig cfg, DataFlow::Node source, DataFlow::Node sink
where cfg.hasFlow(source, sink)
select source,
"This untrusted input is evaluated as an OGNL expression $@.",
sink, "here"

7
docs/language/ql-training/query-examples/java/query-injection-java-1.ql Normal file
View File

@@ -0,0 +1,7 @@
import java
from Method m, MethodAccess ma
where
m.getName().matches("sparql%Query") and
ma.getMethod() = m
select ma, m

8
docs/language/ql-training/query-examples/java/query-injection-java-2.ql Normal file
View File

@@ -0,0 +1,8 @@
import java
from Method m, MethodAccess ma
where
m.getName().matches("sparql%Query") and
ma.getMethod() = m and
isStringConcat(ma.getArgument(0))
select ma, m

12
docs/language/ql-training/query-examples/java/query-injection-java-3.ql Normal file
View File

@@ -0,0 +1,12 @@
import java
predicate isStringConcat(AddExpr ae) {
ae.getType() instanceof TypeString
}
from Method m, MethodAccess ma
where
m.getName().matches("sparql%Query") and
ma.getMethod() = m and
isStringConcat(ma.getArgument(0))
select ma, "SPARQL query vulnerable to injection."