{ "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "version": "2.1.0", "runs": [ { "tool": { "driver": { "name": "CodeQL", "organization": "GitHub", "semanticVersion": "2.13.5", "notifications": [ { "id": "cpp/baseline/expected-extracted-files", "name": "cpp/baseline/expected-extracted-files", "shortDescription": { "text": "Expected extracted files" }, "fullDescription": { "text": "Files appearing in the source archive that are expected to be extracted." }, "defaultConfiguration": { "enabled": true }, "properties": { "tags": [ "expected-extracted-files", "telemetry" ] } } ], "rules": [ { "id": "cpp/SQLIVulnerable", "name": "cpp/SQLIVulnerable", "shortDescription": { "text": "SQLI Vulnerability" }, "fullDescription": { "text": "Using untrusted strings in a sql query allows sql injection attacks." }, "defaultConfiguration": { "enabled": true, "level": "warning" }, "properties": { "description": "Using untrusted strings in a sql query allows sql injection attacks.", "id": "cpp/SQLIVulnerable", "kind": "path-problem", "name": "SQLI Vulnerability", "problem.severity": "warning" } } ] }, "extensions": [ { "name": "legacy-upgrades", "semanticVersion": "0.0.0", "locations": [ { "uri": "file:///Users/hohn/.local/share/gh/extensions/gh-codeql/dist/release/v2.13.5/legacy-upgrades/", "description": { "text": "The QL pack root directory." } }, { "uri": "file:///Users/hohn/.local/share/gh/extensions/gh-codeql/dist/release/v2.13.5/legacy-upgrades/qlpack.yml", "description": { "text": "The QL pack definition file." } } ] }, { "name": "codeql-dataflow-sql-injection", "semanticVersion": "0.0.1", "locations": [ { "uri": "file:///Users/hohn/local/sarif-cli/codeql-dataflow-sql-injection/", "description": { "text": "The QL pack root directory." } }, { "uri": "file:///Users/hohn/local/sarif-cli/codeql-dataflow-sql-injection/qlpack.yml", "description": { "text": "The QL pack definition file." } } ] } ] }, "invocations": [ { "toolExecutionNotifications": [ { "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "add-user.c", "uriBaseId": "%SRCROOT%", "index": 0 } } } ], "message": { "text": "" }, "level": "none", "descriptor": { "id": "cpp/baseline/expected-extracted-files", "index": 0 }, "properties": { "formattedMessage": { "text": "" } } } ], "executionSuccessful": true } ], "artifacts": [ { "location": { "uri": "add-user.c", "uriBaseId": "%SRCROOT%", "index": 0 } } ], "results": [ { "ruleId": "cpp/SQLIVulnerable", "ruleIndex": 0, "rule": { "id": "cpp/SQLIVulnerable", "index": 0 }, "message": { "text": "Possible SQL injection" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "add-user.c", "uriBaseId": "%SRCROOT%", "index": 0 }, "region": { "startLine": 84, "startColumn": 27, "endColumn": 32 } } } ], "partialFingerprints": { "primaryLocationLineHash": "9a8bc91bbc363391:1", "primaryLocationStartColumnFingerprint": "22" }, "codeFlows": [ { "threadFlows": [ { "locations": [ { "location": { "physicalLocation": { "artifactLocation": { "uri": "add-user.c", "uriBaseId": "%SRCROOT%", "index": 0 }, "region": { "startLine": 52, "startColumn": 32, "endColumn": 35 } }, "message": { "text": "ref arg buf" } } }, { "location": { "physicalLocation": { "artifactLocation": { "uri": "add-user.c", "uriBaseId": "%SRCROOT%", "index": 0 }, "region": { "startLine": 60, "startColumn": 12, "endColumn": 15 } }, "message": { "text": "buf" } } }, { "location": { "physicalLocation": { "artifactLocation": { "uri": "add-user.c", "uriBaseId": "%SRCROOT%", "index": 0 }, "region": { "startLine": 93, "startColumn": 12, "endColumn": 25 } }, "message": { "text": "call to get_user_info" } } }, { "location": { "physicalLocation": { "artifactLocation": { "uri": "add-user.c", "uriBaseId": "%SRCROOT%", "index": 0 }, "region": { "startLine": 95, "startColumn": 20, "endColumn": 24 } }, "message": { "text": "info" } } }, { "location": { "physicalLocation": { "artifactLocation": { "uri": "add-user.c", "uriBaseId": "%SRCROOT%", "index": 0 }, "region": { "startLine": 68, "startColumn": 31, "endColumn": 35 } }, "message": { "text": "info" } } }, { "location": { "physicalLocation": { "artifactLocation": { "uri": "add-user.c", "uriBaseId": "%SRCROOT%", "index": 0 }, "region": { "startLine": 84, "startColumn": 27, "endColumn": 32 } }, "message": { "text": "query" } } } ] } ] } ] } ], "automationDetails": { "id": "santa-chap/" }, "columnKind": "utf16CodeUnits", "properties": { "semmle.formatSpecifier": "sarif-latest" }, "versionControlProvenance": [ { "repositoryUri": "vcp-no-uri", "revisionId": "vcp-no-revid" } ] } ] }