hohn/sarif-cli
1
0
Fork 0
mirror of https://github.com/hohn/sarif-cli.git synced 2025-12-16 17:23:03 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add tests for 2.14.0; include versioned SARIF and CSV files in the repository

Browse Source
This commit is contained in:
Michael Hohn
2023-07-26 13:47:58 -07:00
committed by =Michael Hohn
parent c746161d35
commit d386e5da45
9 changed files with 1145 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
build-multiple-codeql-versions.sh
View File

@@ -2,6 +2,8 @@
#* Following are the steps needed to build a codeql db using different versions of #* Following are the steps needed to build a codeql db using different versions of
# the codeql cli # the codeql cli
# #
# Some files from prior runs are found in ./data/codeql-dataflow-sql-injection/
#
echo '$0: Interactive use only' echo '$0: Interactive use only'
exit 1 exit 1
@@ -35,6 +37,7 @@ v2.9.4
CLI_VERSION=v2.9.4 CLI_VERSION=v2.9.4
CLI_VERSION=v2.12.7 CLI_VERSION=v2.12.7
CLI_VERSION=v2.13.5 CLI_VERSION=v2.13.5
CLI_VERSION=v2.14.0
gh codeql set-version $CLI_VERSION gh codeql set-version $CLI_VERSION
#* Build vanilla DB #* Build vanilla DB
@@ -60,6 +63,7 @@ codeql pack init codeql-dataflow-sql-injection
cp -f dataflow-sql-injection/qlpack.yml codeql-dataflow-sql-injection/ cp -f dataflow-sql-injection/qlpack.yml codeql-dataflow-sql-injection/
# Add correct library dependency # Add correct library dependency
codeql pack add --dir=codeql-dataflow-sql-injection codeql/cpp-all@"$(codeql-complib cpp)" codeql pack add --dir=codeql-dataflow-sql-injection codeql/cpp-all@"$(codeql-complib cpp)"
cat codeql-dataflow-sql-injection/qlpack.yml
#* Install packs #* Install packs
cd ~/local/sarif-cli/codeql-dataflow-sql-injection cd ~/local/sarif-cli/codeql-dataflow-sql-injection
@@ -82,7 +86,7 @@ codeql database analyze \
# Verify cli version in SARIF output # Verify cli version in SARIF output
SAVER=`jq -r '.runs |.[] |.tool.driver.semanticVersion ' sqlidb-$CLI_VERSION.sarif` SAVER=`jq -r '.runs |.[] |.tool.driver.semanticVersion ' sqlidb-$CLI_VERSION.sarif`
echo $SAVER printf "db %s\ncli %s\n" $SAVER $CLI_VERSION
if [ v$SAVER != $CLI_VERSION ] ; if [ v$SAVER != $CLI_VERSION ] ;
then then
echo "---: codeql version inconsistency" echo "---: codeql version inconsistency"

255
data/codeql-dataflow-sql-injection/sqlidb-v2.12.7-1.sarif Normal file
View File

@@ -0,0 +1,255 @@
{
"$schema": "https://json.schemastore.org/sarif-2.1.0.json",
"version": "2.1.0",
"runs": [
{
"tool": {
"driver": {
"name": "CodeQL",
"organization": "GitHub",
"semanticVersion": "2.12.7",
"rules": [
{
"id": "cpp/SQLIVulnerable",
"name": "cpp/SQLIVulnerable",
"shortDescription": {
"text": "SQLI Vulnerability"
},
"fullDescription": {
"text": "Using untrusted strings in a sql query allows sql injection attacks."
},
"defaultConfiguration": {
"enabled": true,
"level": "warning"
},
"properties": {
"description": "Using untrusted strings in a sql query allows sql injection attacks.",
"id": "cpp/SQLIVulnerable",
"kind": "path-problem",
"name": "SQLI Vulnerability",
"problem.severity": "warning"
}
}
]
},
"extensions": [
{
"name": "legacy-upgrades",
"semanticVersion": "0.0.0",
"locations": [
{
"uri": "file:///Users/hohn/.local/share/gh/extensions/gh-codeql/dist/release/v2.12.7/legacy-upgrades/",
"description": {
"text": "The QL pack root directory."
}
},
{
"uri": "file:///Users/hohn/.local/share/gh/extensions/gh-codeql/dist/release/v2.12.7/legacy-upgrades/qlpack.yml",
"description": {
"text": "The QL pack definition file."
}
}
]
},
{
"name": "codeql-dataflow-sql-injection",
"semanticVersion": "0.0.1",
"locations": [
{
"uri": "file:///Users/hohn/local/sarif-cli/codeql-dataflow-sql-injection/",
"description": {
"text": "The QL pack root directory."
}
},
{
"uri": "file:///Users/hohn/local/sarif-cli/codeql-dataflow-sql-injection/qlpack.yml",
"description": {
"text": "The QL pack definition file."
}
}
]
}
]
},
"artifacts": [
{
"location": {
"uri": "add-user.c",
"uriBaseId": "%SRCROOT%",
"index": 0
}
}
],
"results": [
{
"ruleId": "cpp/SQLIVulnerable",
"ruleIndex": 0,
"rule": {
"id": "cpp/SQLIVulnerable",
"index": 0
},
"message": {
"text": "Possible SQL injection"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "add-user.c",
"uriBaseId": "%SRCROOT%",
"index": 0
},
"region": {
"startLine": 84,
"startColumn": 27,
"endColumn": 32
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "9a8bc91bbc363391:1",
"primaryLocationStartColumnFingerprint": "22"
},
"codeFlows": [
{
"threadFlows": [
{
"locations": [
{
"location": {
"physicalLocation": {
"artifactLocation": {
"uri": "add-user.c",
"uriBaseId": "%SRCROOT%",
"index": 0
},
"region": {
"startLine": 52,
"startColumn": 32,
"endColumn": 35
}
},
"message": {
"text": "ref arg buf"
}
}
},
{
"location": {
"physicalLocation": {
"artifactLocation": {
"uri": "add-user.c",
"uriBaseId": "%SRCROOT%",
"index": 0
},
"region": {
"startLine": 60,
"startColumn": 12,
"endColumn": 15
}
},
"message": {
"text": "buf"
}
}
},
{
"location": {
"physicalLocation": {
"artifactLocation": {
"uri": "add-user.c",
"uriBaseId": "%SRCROOT%",
"index": 0
},
"region": {
"startLine": 93,
"startColumn": 12,
"endColumn": 25
}
},
"message": {
"text": "call to get_user_info"
}
}
},
{
"location": {
"physicalLocation": {
"artifactLocation": {
"uri": "add-user.c",
"uriBaseId": "%SRCROOT%",
"index": 0
},
"region": {
"startLine": 95,
"startColumn": 20,
"endColumn": 24
}
},
"message": {
"text": "info"
}
}
},
{
"location": {
"physicalLocation": {
"artifactLocation": {
"uri": "add-user.c",
"uriBaseId": "%SRCROOT%",
"index": 0
},
"region": {
"startLine": 68,
"startColumn": 31,
"endColumn": 35
}
},
"message": {
"text": "info"
}
}
},
{
"location": {
"physicalLocation": {
"artifactLocation": {
"uri": "add-user.c",
"uriBaseId": "%SRCROOT%",
"index": 0
},
"region": {
"startLine": 84,
"startColumn": 27,
"endColumn": 32
}
},
"message": {
"text": "query"
}
}
}
]
}
]
}
]
}
],
"automationDetails": {
"id": "santa-chap/"
},
"columnKind": "utf16CodeUnits",
"properties": {
"semmle.formatSpecifier": "sarif-latest"
},
"versionControlProvenance": [
{
"repositoryUri": "vcp-no-uri",
"revisionId": "vcp-no-revid"
}
]
}
]
}

3
data/codeql-dataflow-sql-injection/sqlidb-v2.12.7-1.sarif.csv Normal file
View File

@@ -0,0 +1,3 @@
sarif_file,level,levelcode,message,extra_info
sqlidb-v2.12.7-1.sarif,WARNING,4,Input sarif contains extra unneccesary properties.,"Extra properties: type fields: ['description', 'kind', 'precision', 'problem.severity', 'security-severity', 'sub-severity', 'tags', 'uri']"
sqlidb-v2.12.7-1.sarif,SUCCESS,0,File successfully processed.,
1 sarif_file level levelcode message extra_info
2 sqlidb-v2.12.7-1.sarif WARNING 4 Input sarif contains extra unneccesary properties. Extra properties: type fields: ['description', 'kind', 'precision', 'problem.severity', 'security-severity', 'sub-severity', 'tags', 'uri']
3 sqlidb-v2.12.7-1.sarif SUCCESS 0 File successfully processed.

309
data/codeql-dataflow-sql-injection/sqlidb-v2.13.5-1.sarif Normal file
View File

@@ -0,0 +1,309 @@
{
"$schema": "https://json.schemastore.org/sarif-2.1.0.json",
"version": "2.1.0",
"runs": [
{
"tool": {
"driver": {
"name": "CodeQL",
"organization": "GitHub",
"semanticVersion": "2.13.5",
"notifications": [
{
"id": "cpp/baseline/expected-extracted-files",
"name": "cpp/baseline/expected-extracted-files",
"shortDescription": {
"text": "Expected extracted files"
},
"fullDescription": {
"text": "Files appearing in the source archive that are expected to be extracted."
},
"defaultConfiguration": {
"enabled": true
},
"properties": {
"tags": [
"expected-extracted-files",
"telemetry"
]
}
}
],
"rules": [
{
"id": "cpp/SQLIVulnerable",
"name": "cpp/SQLIVulnerable",
"shortDescription": {
"text": "SQLI Vulnerability"
},
"fullDescription": {
"text": "Using untrusted strings in a sql query allows sql injection attacks."
},
"defaultConfiguration": {
"enabled": true,
"level": "warning"
},
"properties": {
"description": "Using untrusted strings in a sql query allows sql injection attacks.",
"id": "cpp/SQLIVulnerable",
"kind": "path-problem",
"name": "SQLI Vulnerability",
"problem.severity": "warning"
}
}
]
},
"extensions": [
{
"name": "legacy-upgrades",
"semanticVersion": "0.0.0",
"locations": [
{
"uri": "file:///Users/hohn/.local/share/gh/extensions/gh-codeql/dist/release/v2.13.5/legacy-upgrades/",
"description": {
"text": "The QL pack root directory."
}
},
{
"uri": "file:///Users/hohn/.local/share/gh/extensions/gh-codeql/dist/release/v2.13.5/legacy-upgrades/qlpack.yml",
"description": {
"text": "The QL pack definition file."
}
}
]
},
{
"name": "codeql-dataflow-sql-injection",
"semanticVersion": "0.0.1",
"locations": [
{
"uri": "file:///Users/hohn/local/sarif-cli/codeql-dataflow-sql-injection/",
"description": {
"text": "The QL pack root directory."
}
},
{
"uri": "file:///Users/hohn/local/sarif-cli/codeql-dataflow-sql-injection/qlpack.yml",
"description": {
"text": "The QL pack definition file."
}
}
]
}
]
},
"invocations": [
{
"toolExecutionNotifications": [
{
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "add-user.c",
"uriBaseId": "%SRCROOT%",
"index": 0
}
}
}
],
"message": {
"text": ""
},
"level": "none",
"descriptor": {
"id": "cpp/baseline/expected-extracted-files",
"index": 0
},
"properties": {
"formattedMessage": {
"text": ""
}
}
}
],
"executionSuccessful": true
}
],
"artifacts": [
{
"location": {
"uri": "add-user.c",
"uriBaseId": "%SRCROOT%",
"index": 0
}
}
],
"results": [
{
"ruleId": "cpp/SQLIVulnerable",
"ruleIndex": 0,
"rule": {
"id": "cpp/SQLIVulnerable",
"index": 0
},
"message": {
"text": "Possible SQL injection"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "add-user.c",
"uriBaseId": "%SRCROOT%",
"index": 0
},
"region": {
"startLine": 84,
"startColumn": 27,
"endColumn": 32
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "9a8bc91bbc363391:1",
"primaryLocationStartColumnFingerprint": "22"
},
"codeFlows": [
{
"threadFlows": [
{
"locations": [
{
"location": {
"physicalLocation": {
"artifactLocation": {
"uri": "add-user.c",
"uriBaseId": "%SRCROOT%",
"index": 0
},
"region": {
"startLine": 52,
"startColumn": 32,
"endColumn": 35
}
},
"message": {
"text": "ref arg buf"
}
}
},
{
"location": {
"physicalLocation": {
"artifactLocation": {
"uri": "add-user.c",
"uriBaseId": "%SRCROOT%",
"index": 0
},
"region": {
"startLine": 60,
"startColumn": 12,
"endColumn": 15
}
},
"message": {
"text": "buf"
}
}
},
{
"location": {
"physicalLocation": {
"artifactLocation": {
"uri": "add-user.c",
"uriBaseId": "%SRCROOT%",
"index": 0
},
"region": {
"startLine": 93,
"startColumn": 12,
"endColumn": 25
}
},
"message": {
"text": "call to get_user_info"
}
}
},
{
"location": {
"physicalLocation": {
"artifactLocation": {
"uri": "add-user.c",
"uriBaseId": "%SRCROOT%",
"index": 0
},
"region": {
"startLine": 95,
"startColumn": 20,
"endColumn": 24
}
},
"message": {
"text": "info"
}
}
},
{
"location": {
"physicalLocation": {
"artifactLocation": {
"uri": "add-user.c",
"uriBaseId": "%SRCROOT%",
"index": 0
},
"region": {
"startLine": 68,
"startColumn": 31,
"endColumn": 35
}
},
"message": {
"text": "info"
}
}
},
{
"location": {
"physicalLocation": {
"artifactLocation": {
"uri": "add-user.c",
"uriBaseId": "%SRCROOT%",
"index": 0
},
"region": {
"startLine": 84,
"startColumn": 27,
"endColumn": 32
}
},
"message": {
"text": "query"
}
}
}
]
}
]
}
]
}
],
"automationDetails": {
"id": "santa-chap/"
},
"columnKind": "utf16CodeUnits",
"properties": {
"semmle.formatSpecifier": "sarif-latest"
},
"versionControlProvenance": [
{
"repositoryUri": "vcp-no-uri",
"revisionId": "vcp-no-revid"
}
]
}
]
}

3
data/codeql-dataflow-sql-injection/sqlidb-v2.13.5-1.sarif.csv Normal file
View File

@@ -0,0 +1,3 @@
sarif_file,level,levelcode,message,extra_info
sqlidb-v2.13.5-1.sarif,WARNING,4,Input sarif contains extra unneccesary properties.,"Extra properties: type fields: ['artifacts', 'automationDetails', 'columnKind', 'invocations', 'newlineSequences', 'properties', 'results', 'tool', 'versionControlProvenance']type fields: ['name', 'notifications', 'organization', 'rules', 'semanticVersion']type fields: ['description', 'kind', 'precision', 'problem.severity', 'security-severity', 'sub-severity', 'tags', 'uri']"
sqlidb-v2.13.5-1.sarif,SUCCESS,0,File successfully processed.,
1 sarif_file level levelcode message extra_info
2 sqlidb-v2.13.5-1.sarif WARNING 4 Input sarif contains extra unneccesary properties. Extra properties: type fields: ['artifacts', 'automationDetails', 'columnKind', 'invocations', 'newlineSequences', 'properties', 'results', 'tool', 'versionControlProvenance']type fields: ['name', 'notifications', 'organization', 'rules', 'semanticVersion']type fields: ['description', 'kind', 'precision', 'problem.severity', 'security-severity', 'sub-severity', 'tags', 'uri']
3 sqlidb-v2.13.5-1.sarif SUCCESS 0 File successfully processed.

309
data/codeql-dataflow-sql-injection/sqlidb-v2.14.0-1.sarif Normal file
View File

@@ -0,0 +1,309 @@
{
"$schema": "https://json.schemastore.org/sarif-2.1.0.json",
"version": "2.1.0",
"runs": [
{
"tool": {
"driver": {
"name": "CodeQL",
"organization": "GitHub",
"semanticVersion": "2.14.0",
"notifications": [
{
"id": "cpp/baseline/expected-extracted-files",
"name": "cpp/baseline/expected-extracted-files",
"shortDescription": {
"text": "Expected extracted files"
},
"fullDescription": {
"text": "Files appearing in the source archive that are expected to be extracted."
},
"defaultConfiguration": {
"enabled": true
},
"properties": {
"tags": [
"expected-extracted-files",
"telemetry"
]
}
}
],
"rules": [
{
"id": "cpp/SQLIVulnerable",
"name": "cpp/SQLIVulnerable",
"shortDescription": {
"text": "SQLI Vulnerability"
},
"fullDescription": {
"text": "Using untrusted strings in a sql query allows sql injection attacks."
},
"defaultConfiguration": {
"enabled": true,
"level": "warning"
},
"properties": {
"description": "Using untrusted strings in a sql query allows sql injection attacks.",
"id": "cpp/SQLIVulnerable",
"kind": "path-problem",
"name": "SQLI Vulnerability",
"problem.severity": "warning"
}
}
]
},
"extensions": [
{
"name": "legacy-upgrades",
"semanticVersion": "0.0.0",
"locations": [
{
"uri": "file:///Users/hohn/.local/share/gh/extensions/gh-codeql/dist/release/v2.14.0/legacy-upgrades/",
"description": {
"text": "The QL pack root directory."
}
},
{
"uri": "file:///Users/hohn/.local/share/gh/extensions/gh-codeql/dist/release/v2.14.0/legacy-upgrades/qlpack.yml",
"description": {
"text": "The QL pack definition file."
}
}
]
},
{
"name": "codeql-dataflow-sql-injection",
"semanticVersion": "0.0.1",
"locations": [
{
"uri": "file:///Users/hohn/local/sarif-cli/codeql-dataflow-sql-injection/",
"description": {
"text": "The QL pack root directory."
}
},
{
"uri": "file:///Users/hohn/local/sarif-cli/codeql-dataflow-sql-injection/qlpack.yml",
"description": {
"text": "The QL pack definition file."
}
}
]
}
]
},
"invocations": [
{
"toolExecutionNotifications": [
{
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "add-user.c",
"uriBaseId": "%SRCROOT%",
"index": 0
}
}
}
],
"message": {
"text": ""
},
"level": "none",
"descriptor": {
"id": "cpp/baseline/expected-extracted-files",
"index": 0
},
"properties": {
"formattedMessage": {
"text": ""
}
}
}
],
"executionSuccessful": true
}
],
"artifacts": [
{
"location": {
"uri": "add-user.c",
"uriBaseId": "%SRCROOT%",
"index": 0
}
}
],
"results": [
{
"ruleId": "cpp/SQLIVulnerable",
"ruleIndex": 0,
"rule": {
"id": "cpp/SQLIVulnerable",
"index": 0
},
"message": {
"text": "Possible SQL injection"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "add-user.c",
"uriBaseId": "%SRCROOT%",
"index": 0
},
"region": {
"startLine": 84,
"startColumn": 27,
"endColumn": 32
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "9a8bc91bbc363391:1",
"primaryLocationStartColumnFingerprint": "22"
},
"codeFlows": [
{
"threadFlows": [
{
"locations": [
{
"location": {
"physicalLocation": {
"artifactLocation": {
"uri": "add-user.c",
"uriBaseId": "%SRCROOT%",
"index": 0
},
"region": {
"startLine": 52,
"startColumn": 32,
"endColumn": 35
}
},
"message": {
"text": "ref arg buf"
}
}
},
{
"location": {
"physicalLocation": {
"artifactLocation": {
"uri": "add-user.c",
"uriBaseId": "%SRCROOT%",
"index": 0
},
"region": {
"startLine": 60,
"startColumn": 12,
"endColumn": 15
}
},
"message": {
"text": "buf"
}
}
},
{
"location": {
"physicalLocation": {
"artifactLocation": {
"uri": "add-user.c",
"uriBaseId": "%SRCROOT%",
"index": 0
},
"region": {
"startLine": 93,
"startColumn": 12,
"endColumn": 25
}
},
"message": {
"text": "call to get_user_info"
}
}
},
{
"location": {
"physicalLocation": {
"artifactLocation": {
"uri": "add-user.c",
"uriBaseId": "%SRCROOT%",
"index": 0
},
"region": {
"startLine": 95,
"startColumn": 20,
"endColumn": 24
}
},
"message": {
"text": "info"
}
}
},
{
"location": {
"physicalLocation": {
"artifactLocation": {
"uri": "add-user.c",
"uriBaseId": "%SRCROOT%",
"index": 0
},
"region": {
"startLine": 68,
"startColumn": 31,
"endColumn": 35
}
},
"message": {
"text": "info"
}
}
},
{
"location": {
"physicalLocation": {
"artifactLocation": {
"uri": "add-user.c",
"uriBaseId": "%SRCROOT%",
"index": 0
},
"region": {
"startLine": 84,
"startColumn": 27,
"endColumn": 32
}
},
"message": {
"text": "query"
}
}
}
]
}
]
}
]
}
],
"automationDetails": {
"id": "santa-chap/"
},
"columnKind": "utf16CodeUnits",
"properties": {
"semmle.formatSpecifier": "sarif-latest"
},
"versionControlProvenance": [
{
"repositoryUri": "vcp-no-uri",
"revisionId": "vcp-no-revid"
}
]
}
]
}

3
data/codeql-dataflow-sql-injection/sqlidb-v2.14.0-1.sarif.csv Normal file
View File

@@ -0,0 +1,3 @@
sarif_file,level,levelcode,message,extra_info
sqlidb-v2.14.0-1.sarif,WARNING,4,Input sarif contains extra unneccesary properties.,"Extra properties: type fields: ['artifacts', 'automationDetails', 'columnKind', 'invocations', 'newlineSequences', 'properties', 'results', 'tool', 'versionControlProvenance']type fields: ['name', 'notifications', 'organization', 'rules', 'semanticVersion']type fields: ['description', 'kind', 'precision', 'problem.severity', 'security-severity', 'sub-severity', 'tags', 'uri']"
sqlidb-v2.14.0-1.sarif,SUCCESS,0,File successfully processed.,
1 sarif_file level levelcode message extra_info
2 sqlidb-v2.14.0-1.sarif WARNING 4 Input sarif contains extra unneccesary properties. Extra properties: type fields: ['artifacts', 'automationDetails', 'columnKind', 'invocations', 'newlineSequences', 'properties', 'results', 'tool', 'versionControlProvenance']type fields: ['name', 'notifications', 'organization', 'rules', 'semanticVersion']type fields: ['description', 'kind', 'precision', 'problem.severity', 'security-severity', 'sub-severity', 'tags', 'uri']
3 sqlidb-v2.14.0-1.sarif SUCCESS 0 File successfully processed.

255
data/codeql-dataflow-sql-injection/sqlidb-v2.9.4-1.sarif Normal file
View File

@@ -0,0 +1,255 @@
{
"$schema": "https://json.schemastore.org/sarif-2.1.0.json",
"version": "2.1.0",
"runs": [
{
"tool": {
"driver": {
"name": "CodeQL",
"organization": "GitHub",
"semanticVersion": "2.9.4",
"rules": [
{
"id": "cpp/SQLIVulnerable",
"name": "cpp/SQLIVulnerable",
"shortDescription": {
"text": "SQLI Vulnerability"
},
"fullDescription": {
"text": "Using untrusted strings in a sql query allows sql injection attacks."
},
"defaultConfiguration": {
"enabled": true,
"level": "warning"
},
"properties": {
"description": "Using untrusted strings in a sql query allows sql injection attacks.",
"id": "cpp/SQLIVulnerable",
"kind": "path-problem",
"name": "SQLI Vulnerability",
"problem.severity": "warning"
}
}
]
},
"extensions": [
{
"name": "legacy-upgrades",
"semanticVersion": "0.0.0",
"locations": [
{
"uri": "file:///Users/hohn/.local/share/gh/extensions/gh-codeql/dist/release/v2.9.4/legacy-upgrades/",
"description": {
"text": "The QL pack root directory."
}
},
{
"uri": "file:///Users/hohn/.local/share/gh/extensions/gh-codeql/dist/release/v2.9.4/legacy-upgrades/qlpack.yml",
"description": {
"text": "The QL pack definition file."
}
}
]
},
{
"name": "sample/cpp-sql-injection",
"semanticVersion": "0.0.1",
"locations": [
{
"uri": "file:///Users/hohn/local/sarif-cli/codeql-dataflow-sql-injection/",
"description": {
"text": "The QL pack root directory."
}
},
{
"uri": "file:///Users/hohn/local/sarif-cli/codeql-dataflow-sql-injection/qlpack.yml",
"description": {
"text": "The QL pack definition file."
}
}
]
}
]
},
"artifacts": [
{
"location": {
"uri": "add-user.c",
"uriBaseId": "%SRCROOT%",
"index": 0
}
}
],
"results": [
{
"ruleId": "cpp/SQLIVulnerable",
"ruleIndex": 0,
"rule": {
"id": "cpp/SQLIVulnerable",
"index": 0
},
"message": {
"text": "Possible SQL injection"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "add-user.c",
"uriBaseId": "%SRCROOT%",
"index": 0
},
"region": {
"startLine": 84,
"startColumn": 27,
"endColumn": 32
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "9a8bc91bbc363391:1",
"primaryLocationStartColumnFingerprint": "22"
},
"codeFlows": [
{
"threadFlows": [
{
"locations": [
{
"location": {
"physicalLocation": {
"artifactLocation": {
"uri": "add-user.c",
"uriBaseId": "%SRCROOT%",
"index": 0
},
"region": {
"startLine": 52,
"startColumn": 32,
"endColumn": 35
}
},
"message": {
"text": "ref arg buf"
}
}
},
{
"location": {
"physicalLocation": {
"artifactLocation": {
"uri": "add-user.c",
"uriBaseId": "%SRCROOT%",
"index": 0
},
"region": {
"startLine": 60,
"startColumn": 12,
"endColumn": 15
}
},
"message": {
"text": "buf"
}
}
},
{
"location": {
"physicalLocation": {
"artifactLocation": {
"uri": "add-user.c",
"uriBaseId": "%SRCROOT%",
"index": 0
},
"region": {
"startLine": 93,
"startColumn": 12,
"endColumn": 25
}
},
"message": {
"text": "call to get_user_info"
}
}
},
{
"location": {
"physicalLocation": {
"artifactLocation": {
"uri": "add-user.c",
"uriBaseId": "%SRCROOT%",
"index": 0
},
"region": {
"startLine": 95,
"startColumn": 20,
"endColumn": 24
}
},
"message": {
"text": "info"
}
}
},
{
"location": {
"physicalLocation": {
"artifactLocation": {
"uri": "add-user.c",
"uriBaseId": "%SRCROOT%",
"index": 0
},
"region": {
"startLine": 68,
"startColumn": 31,
"endColumn": 35
}
},
"message": {
"text": "info"
}
}
},
{
"location": {
"physicalLocation": {
"artifactLocation": {
"uri": "add-user.c",
"uriBaseId": "%SRCROOT%",
"index": 0
},
"region": {
"startLine": 84,
"startColumn": 27,
"endColumn": 32
}
},
"message": {
"text": "query"
}
}
}
]
}
]
}
]
}
],
"automationDetails": {
"id": "santa-chap/"
},
"columnKind": "utf16CodeUnits",
"properties": {
"semmle.formatSpecifier": "sarif-latest"
},
"versionControlProvenance": [
{
"repositoryUri": "vcp-no-uri",
"revisionId": "vcp-no-revid"
}
]
}
]
}

3
data/codeql-dataflow-sql-injection/sqlidb-v2.9.4-1.sarif.csv Normal file
View File

@@ -0,0 +1,3 @@
sarif_file,level,levelcode,message,extra_info
sqlidb-v2.9.4-1.sarif,WARNING,4,Input sarif contains extra unneccesary properties.,"Extra properties: type fields: ['description', 'kind', 'precision', 'problem.severity', 'security-severity', 'sub-severity', 'tags', 'uri']"
sqlidb-v2.9.4-1.sarif,SUCCESS,0,File successfully processed.,
1 sarif_file level levelcode message extra_info
2 sqlidb-v2.9.4-1.sarif WARNING 4 Input sarif contains extra unneccesary properties. Extra properties: type fields: ['description', 'kind', 'precision', 'problem.severity', 'security-severity', 'sub-severity', 'tags', 'uri']
3 sqlidb-v2.9.4-1.sarif SUCCESS 0 File successfully processed.