mirror of
https://github.com/hohn/sarif-cli.git
synced 2025-12-16 17:23:03 +01:00
Remove repls; add scripts/test-vcp.sh
This commit is contained in:
Michael Hohn
committed by
=Michael Hohn
=Michael Hohn
parent
f1a70dd023
commit
c299321ab8
246
data/codeql-dataflow-sql-injection/sqlidb-0.sarif
Normal file
246
data/codeql-dataflow-sql-injection/sqlidb-0.sarif
Normal file
@@ -0,0 +1,246 @@
|
||||
{
|
||||
"$schema": "https://json.schemastore.org/sarif-2.1.0.json",
|
||||
"version": "2.1.0",
|
||||
"runs": [
|
||||
{
|
||||
"tool": {
|
||||
"driver": {
|
||||
"name": "CodeQL",
|
||||
"organization": "GitHub",
|
||||
"semanticVersion": "2.9.4",
|
||||
"rules": [
|
||||
{
|
||||
"id": "cpp/SQLIVulnerable",
|
||||
"name": "cpp/SQLIVulnerable",
|
||||
"shortDescription": {
|
||||
"text": "SQLI Vulnerability"
|
||||
},
|
||||
"fullDescription": {
|
||||
"text": "Using untrusted strings in a sql query allows sql injection attacks."
|
||||
},
|
||||
"defaultConfiguration": {
|
||||
"enabled": true,
|
||||
"level": "warning"
|
||||
},
|
||||
"properties": {
|
||||
"description": "Using untrusted strings in a sql query allows sql injection attacks.",
|
||||
"id": "cpp/SQLIVulnerable",
|
||||
"kind": "path-problem",
|
||||
"name": "SQLI Vulnerability",
|
||||
"problem.severity": "warning"
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"extensions": [
|
||||
{
|
||||
"name": "legacy-upgrades",
|
||||
"semanticVersion": "0.0.0",
|
||||
"locations": [
|
||||
{
|
||||
"uri": "file:///Users/hohn/.local/share/gh/extensions/gh-codeql/dist/release/v2.9.4/legacy-upgrades/",
|
||||
"description": {
|
||||
"text": "The QL pack root directory."
|
||||
}
|
||||
},
|
||||
{
|
||||
"uri": "file:///Users/hohn/.local/share/gh/extensions/gh-codeql/dist/release/v2.9.4/legacy-upgrades/qlpack.yml",
|
||||
"description": {
|
||||
"text": "The QL pack definition file."
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "sample/cpp-sql-injection",
|
||||
"semanticVersion": "0.0.1",
|
||||
"locations": [
|
||||
{
|
||||
"uri": "file:///Users/hohn/local/sarif-cli/data/codeql-dataflow-sql-injection/",
|
||||
"description": {
|
||||
"text": "The QL pack root directory."
|
||||
}
|
||||
},
|
||||
{
|
||||
"uri": "file:///Users/hohn/local/sarif-cli/data/codeql-dataflow-sql-injection/qlpack.yml",
|
||||
"description": {
|
||||
"text": "The QL pack definition file."
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"artifacts": [
|
||||
{
|
||||
"location": {
|
||||
"uri": "add-user.c",
|
||||
"uriBaseId": "%SRCROOT%",
|
||||
"index": 0
|
||||
}
|
||||
}
|
||||
],
|
||||
"results": [
|
||||
{
|
||||
"ruleId": "cpp/SQLIVulnerable",
|
||||
"ruleIndex": 0,
|
||||
"rule": {
|
||||
"id": "cpp/SQLIVulnerable",
|
||||
"index": 0
|
||||
},
|
||||
"message": {
|
||||
"text": "Possible SQL injection"
|
||||
},
|
||||
"locations": [
|
||||
{
|
||||
"physicalLocation": {
|
||||
"artifactLocation": {
|
||||
"uri": "add-user.c",
|
||||
"uriBaseId": "%SRCROOT%",
|
||||
"index": 0
|
||||
},
|
||||
"region": {
|
||||
"startLine": 84,
|
||||
"startColumn": 27,
|
||||
"endColumn": 32
|
||||
}
|
||||
}
|
||||
}
|
||||
],
|
||||
"partialFingerprints": {
|
||||
"primaryLocationLineHash": "9a8bc91bbc363391:1",
|
||||
"primaryLocationStartColumnFingerprint": "22"
|
||||
},
|
||||
"codeFlows": [
|
||||
{
|
||||
"threadFlows": [
|
||||
{
|
||||
"locations": [
|
||||
{
|
||||
"location": {
|
||||
"physicalLocation": {
|
||||
"artifactLocation": {
|
||||
"uri": "add-user.c",
|
||||
"uriBaseId": "%SRCROOT%",
|
||||
"index": 0
|
||||
},
|
||||
"region": {
|
||||
"startLine": 52,
|
||||
"startColumn": 32,
|
||||
"endColumn": 35
|
||||
}
|
||||
},
|
||||
"message": {
|
||||
"text": "ref arg buf"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"location": {
|
||||
"physicalLocation": {
|
||||
"artifactLocation": {
|
||||
"uri": "add-user.c",
|
||||
"uriBaseId": "%SRCROOT%",
|
||||
"index": 0
|
||||
},
|
||||
"region": {
|
||||
"startLine": 60,
|
||||
"startColumn": 12,
|
||||
"endColumn": 15
|
||||
}
|
||||
},
|
||||
"message": {
|
||||
"text": "buf"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"location": {
|
||||
"physicalLocation": {
|
||||
"artifactLocation": {
|
||||
"uri": "add-user.c",
|
||||
"uriBaseId": "%SRCROOT%",
|
||||
"index": 0
|
||||
},
|
||||
"region": {
|
||||
"startLine": 93,
|
||||
"startColumn": 12,
|
||||
"endColumn": 25
|
||||
}
|
||||
},
|
||||
"message": {
|
||||
"text": "call to get_user_info"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"location": {
|
||||
"physicalLocation": {
|
||||
"artifactLocation": {
|
||||
"uri": "add-user.c",
|
||||
"uriBaseId": "%SRCROOT%",
|
||||
"index": 0
|
||||
},
|
||||
"region": {
|
||||
"startLine": 95,
|
||||
"startColumn": 20,
|
||||
"endColumn": 24
|
||||
}
|
||||
},
|
||||
"message": {
|
||||
"text": "info"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"location": {
|
||||
"physicalLocation": {
|
||||
"artifactLocation": {
|
||||
"uri": "add-user.c",
|
||||
"uriBaseId": "%SRCROOT%",
|
||||
"index": 0
|
||||
},
|
||||
"region": {
|
||||
"startLine": 68,
|
||||
"startColumn": 31,
|
||||
"endColumn": 35
|
||||
}
|
||||
},
|
||||
"message": {
|
||||
"text": "info"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"location": {
|
||||
"physicalLocation": {
|
||||
"artifactLocation": {
|
||||
"uri": "add-user.c",
|
||||
"uriBaseId": "%SRCROOT%",
|
||||
"index": 0
|
||||
},
|
||||
"region": {
|
||||
"startLine": 84,
|
||||
"startColumn": 27,
|
||||
"endColumn": 32
|
||||
}
|
||||
},
|
||||
"message": {
|
||||
"text": "query"
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"columnKind": "utf16CodeUnits",
|
||||
"properties": {
|
||||
"semmle.formatSpecifier": "sarif-latest"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
Reference in New Issue
Block a user