From f1a70dd02323e119eb1d6fbae2c1a0e6b629dfd0 Mon Sep 17 00:00:00 2001 From: Michael Hohn Date: Thu, 13 Jul 2023 15:55:28 -0700 Subject: [PATCH] wip: remove extraneous slash --- .../sqlidb-1.sarif | 219 ++++++++++++++++++ 1 file changed, 219 insertions(+) create mode 100644 data/codeql-dataflow-sql-injection/sqlidb-1.sarif diff --git a/data/codeql-dataflow-sql-injection/sqlidb-1.sarif b/data/codeql-dataflow-sql-injection/sqlidb-1.sarif new file mode 100644 index 0000000..1e9d02c --- /dev/null +++ b/data/codeql-dataflow-sql-injection/sqlidb-1.sarif @@ -0,0 +1,219 @@ +{ + "$schema" : "https://json.schemastore.org/sarif-2.1.0.json", + "version" : "2.1.0", + "runs" : [ { + "tool" : { + "driver" : { + "name" : "CodeQL", + "organization" : "GitHub", + "semanticVersion" : "2.9.4", + "rules" : [ { + "id" : "cpp/SQLIVulnerable", + "name" : "cpp/SQLIVulnerable", + "shortDescription" : { + "text" : "SQLI Vulnerability" + }, + "fullDescription" : { + "text" : "Using untrusted strings in a sql query allows sql injection attacks." + }, + "defaultConfiguration" : { + "enabled" : true, + "level" : "warning" + }, + "properties" : { + "description" : "Using untrusted strings in a sql query allows sql injection attacks.", + "id" : "cpp/SQLIVulnerable", + "kind" : "path-problem", + "name" : "SQLI Vulnerability", + "problem.severity" : "warning" + } + } ] + }, + "extensions" : [ { + "name" : "legacy-upgrades", + "semanticVersion" : "0.0.0", + "locations" : [ { + "uri" : "file:///Users/hohn/.local/share/gh/extensions/gh-codeql/dist/release/v2.9.4/legacy-upgrades/", + "description" : { + "text" : "The QL pack root directory." + } + }, { + "uri" : "file:///Users/hohn/.local/share/gh/extensions/gh-codeql/dist/release/v2.9.4/legacy-upgrades/qlpack.yml", + "description" : { + "text" : "The QL pack definition file." + } + } ] + }, { + "name" : "sample/cpp-sql-injection", + "semanticVersion" : "0.0.1", + "locations" : [ { + "uri" : "file:///Users/hohn/local/sarif-cli/data/codeql-dataflow-sql-injection/", + "description" : { + "text" : "The QL pack root directory." + } + }, { + "uri" : "file:///Users/hohn/local/sarif-cli/data/codeql-dataflow-sql-injection/qlpack.yml", + "description" : { + "text" : "The QL pack definition file." + } + } ] + } ] + }, + "artifacts" : [ { + "location" : { + "uri" : "add-user.c", + "uriBaseId" : "%SRCROOT%", + "index" : 0 + } + } ], + "results" : [ { + "ruleId" : "cpp/SQLIVulnerable", + "ruleIndex" : 0, + "rule" : { + "id" : "cpp/SQLIVulnerable", + "index" : 0 + }, + "message" : { + "text" : "Possible SQL injection" + }, + "locations" : [ { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "add-user.c", + "uriBaseId" : "%SRCROOT%", + "index" : 0 + }, + "region" : { + "startLine" : 84, + "startColumn" : 27, + "endColumn" : 32 + } + } + } ], + "partialFingerprints" : { + "primaryLocationLineHash" : "9a8bc91bbc363391:1", + "primaryLocationStartColumnFingerprint" : "22" + }, + "codeFlows" : [ { + "threadFlows" : [ { + "locations" : [ { + "location" : { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "add-user.c", + "uriBaseId" : "%SRCROOT%", + "index" : 0 + }, + "region" : { + "startLine" : 52, + "startColumn" : 32, + "endColumn" : 35 + } + }, + "message" : { + "text" : "ref arg buf" + } + } + }, { + "location" : { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "add-user.c", + "uriBaseId" : "%SRCROOT%", + "index" : 0 + }, + "region" : { + "startLine" : 60, + "startColumn" : 12, + "endColumn" : 15 + } + }, + "message" : { + "text" : "buf" + } + } + }, { + "location" : { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "add-user.c", + "uriBaseId" : "%SRCROOT%", + "index" : 0 + }, + "region" : { + "startLine" : 93, + "startColumn" : 12, + "endColumn" : 25 + } + }, + "message" : { + "text" : "call to get_user_info" + } + } + }, { + "location" : { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "add-user.c", + "uriBaseId" : "%SRCROOT%", + "index" : 0 + }, + "region" : { + "startLine" : 95, + "startColumn" : 20, + "endColumn" : 24 + } + }, + "message" : { + "text" : "info" + } + } + }, { + "location" : { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "add-user.c", + "uriBaseId" : "%SRCROOT%", + "index" : 0 + }, + "region" : { + "startLine" : 68, + "startColumn" : 31, + "endColumn" : 35 + } + }, + "message" : { + "text" : "info" + } + } + }, { + "location" : { + "physicalLocation" : { + "artifactLocation" : { + "uri" : "add-user.c", + "uriBaseId" : "%SRCROOT%", + "index" : 0 + }, + "region" : { + "startLine" : 84, + "startColumn" : 27, + "endColumn" : 32 + } + }, + "message" : { + "text" : "query" + } + } + } ] + } ] + } ] + } ], + "automationDetails" : { + "id" : "mast-issue" + }, + "columnKind" : "utf16CodeUnits", + "properties" : { + "semmle.formatSpecifier" : "sarif-latest" + } + } ] +}