{ "$schema" : "https://json.schemastore.org/sarif-2.1.0.json", "version" : "2.1.0", "runs" : [ { "tool" : { "driver" : { "name" : "CodeQL", "organization" : "GitHub", "semanticVersion" : "2.9.4", "rules" : [ { "id" : "cpp/SQLIVulnerable", "name" : "cpp/SQLIVulnerable", "shortDescription" : { "text" : "SQLI Vulnerability" }, "fullDescription" : { "text" : "Using untrusted strings in a sql query allows sql injection attacks." }, "defaultConfiguration" : { "enabled" : true, "level" : "warning" }, "properties" : { "description" : "Using untrusted strings in a sql query allows sql injection attacks.", "id" : "cpp/SQLIVulnerable", "kind" : "path-problem", "name" : "SQLI Vulnerability", "problem.severity" : "warning" } } ] }, "extensions" : [ { "name" : "legacy-upgrades", "semanticVersion" : "0.0.0", "locations" : [ { "uri" : "file:///Users/hohn/.local/share/gh/extensions/gh-codeql/dist/release/v2.9.4/legacy-upgrades/", "description" : { "text" : "The QL pack root directory." } }, { "uri" : "file:///Users/hohn/.local/share/gh/extensions/gh-codeql/dist/release/v2.9.4/legacy-upgrades/qlpack.yml", "description" : { "text" : "The QL pack definition file." } } ] }, { "name" : "sample/cpp-sql-injection", "semanticVersion" : "0.0.1", "locations" : [ { "uri" : "file:///Users/hohn/local/sarif-cli/data/codeql-dataflow-sql-injection/", "description" : { "text" : "The QL pack root directory." } }, { "uri" : "file:///Users/hohn/local/sarif-cli/data/codeql-dataflow-sql-injection/qlpack.yml", "description" : { "text" : "The QL pack definition file." } } ] } ] }, "artifacts" : [ { "location" : { "uri" : "add-user.c", "uriBaseId" : "%SRCROOT%", "index" : 0 } } ], "results" : [ { "ruleId" : "cpp/SQLIVulnerable", "ruleIndex" : 0, "rule" : { "id" : "cpp/SQLIVulnerable", "index" : 0 }, "message" : { "text" : "Possible SQL injection" }, "locations" : [ { "physicalLocation" : { "artifactLocation" : { "uri" : "add-user.c", "uriBaseId" : "%SRCROOT%", "index" : 0 }, "region" : { "startLine" : 84, "startColumn" : 27, "endColumn" : 32 } } } ], "partialFingerprints" : { "primaryLocationLineHash" : "9a8bc91bbc363391:1", "primaryLocationStartColumnFingerprint" : "22" }, "codeFlows" : [ { "threadFlows" : [ { "locations" : [ { "location" : { "physicalLocation" : { "artifactLocation" : { "uri" : "add-user.c", "uriBaseId" : "%SRCROOT%", "index" : 0 }, "region" : { "startLine" : 52, "startColumn" : 32, "endColumn" : 35 } }, "message" : { "text" : "ref arg buf" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { "uri" : "add-user.c", "uriBaseId" : "%SRCROOT%", "index" : 0 }, "region" : { "startLine" : 60, "startColumn" : 12, "endColumn" : 15 } }, "message" : { "text" : "buf" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { "uri" : "add-user.c", "uriBaseId" : "%SRCROOT%", "index" : 0 }, "region" : { "startLine" : 93, "startColumn" : 12, "endColumn" : 25 } }, "message" : { "text" : "call to get_user_info" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { "uri" : "add-user.c", "uriBaseId" : "%SRCROOT%", "index" : 0 }, "region" : { "startLine" : 95, "startColumn" : 20, "endColumn" : 24 } }, "message" : { "text" : "info" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { "uri" : "add-user.c", "uriBaseId" : "%SRCROOT%", "index" : 0 }, "region" : { "startLine" : 68, "startColumn" : 31, "endColumn" : 35 } }, "message" : { "text" : "info" } } }, { "location" : { "physicalLocation" : { "artifactLocation" : { "uri" : "add-user.c", "uriBaseId" : "%SRCROOT%", "index" : 0 }, "region" : { "startLine" : 84, "startColumn" : 27, "endColumn" : 32 } }, "message" : { "text" : "query" } } } ] } ] } ] } ], "automationDetails" : { "id" : "mast-issue" }, "columnKind" : "utf16CodeUnits", "properties" : { "semmle.formatSpecifier" : "sarif-latest" } } ] }