hohn/sarif-cli
1
0
Fork 0
mirror of https://github.com/hohn/sarif-cli.git synced 2025-12-16 17:23:03 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
93e7c79752241eaa7bf9497db07266a864279bca
sarif-cli/data/codeql-dataflow-sql-injection/sqlidb-v2.12.7-1.sarif

256 lines
8.1 KiB (Stored with Git LFS)
JSON
Raw Blame History

{
"$schema": "https://json.schemastore.org/sarif-2.1.0.json",
"version": "2.1.0",
"runs": [
{
"tool": {
"driver": {
"name": "CodeQL",
"organization": "GitHub",
"semanticVersion": "2.12.7",
"rules": [
{
"id": "cpp/SQLIVulnerable",
"name": "cpp/SQLIVulnerable",
"shortDescription": {
"text": "SQLI Vulnerability"
},
"fullDescription": {
"text": "Using untrusted strings in a sql query allows sql injection attacks."
},
"defaultConfiguration": {
"enabled": true,
"level": "warning"
},
"properties": {
"description": "Using untrusted strings in a sql query allows sql injection attacks.",
"id": "cpp/SQLIVulnerable",
"kind": "path-problem",
"name": "SQLI Vulnerability",
"problem.severity": "warning"
}
}
]
},
"extensions": [
{
"name": "legacy-upgrades",
"semanticVersion": "0.0.0",
"locations": [
{
"uri": "file:///Users/hohn/.local/share/gh/extensions/gh-codeql/dist/release/v2.12.7/legacy-upgrades/",
"description": {
"text": "The QL pack root directory."
}
},
{
"uri": "file:///Users/hohn/.local/share/gh/extensions/gh-codeql/dist/release/v2.12.7/legacy-upgrades/qlpack.yml",
"description": {
"text": "The QL pack definition file."
}
}
]
},
{
"name": "codeql-dataflow-sql-injection",
"semanticVersion": "0.0.1",
"locations": [
{
"uri": "file:///Users/hohn/local/sarif-cli/codeql-dataflow-sql-injection/",
"description": {
"text": "The QL pack root directory."
}
},
{
"uri": "file:///Users/hohn/local/sarif-cli/codeql-dataflow-sql-injection/qlpack.yml",
"description": {
"text": "The QL pack definition file."
}
}
]
}
]
},
"artifacts": [
{
"location": {
"uri": "add-user.c",
"uriBaseId": "%SRCROOT%",
"index": 0
}
}
],
"results": [
{
"ruleId": "cpp/SQLIVulnerable",
"ruleIndex": 0,
"rule": {
"id": "cpp/SQLIVulnerable",
"index": 0
},
"message": {
"text": "Possible SQL injection"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "add-user.c",
"uriBaseId": "%SRCROOT%",
"index": 0
},
"region": {
"startLine": 84,
"startColumn": 27,
"endColumn": 32
}
}
}
],
"partialFingerprints": {
"primaryLocationLineHash": "9a8bc91bbc363391:1",
"primaryLocationStartColumnFingerprint": "22"
},
"codeFlows": [
{
"threadFlows": [
{
"locations": [
{
"location": {
"physicalLocation": {
"artifactLocation": {
"uri": "add-user.c",
"uriBaseId": "%SRCROOT%",
"index": 0
},
"region": {
"startLine": 52,
"startColumn": 32,
"endColumn": 35
}
},
"message": {
"text": "ref arg buf"
}
}
},
{
"location": {
"physicalLocation": {
"artifactLocation": {
"uri": "add-user.c",
"uriBaseId": "%SRCROOT%",
"index": 0
},
"region": {
"startLine": 60,
"startColumn": 12,
"endColumn": 15
}
},
"message": {
"text": "buf"
}
}
},
{
"location": {
"physicalLocation": {
"artifactLocation": {
"uri": "add-user.c",
"uriBaseId": "%SRCROOT%",
"index": 0
},
"region": {
"startLine": 93,
"startColumn": 12,
"endColumn": 25
}
},
"message": {
"text": "call to get_user_info"
}
}
},
{
"location": {
"physicalLocation": {
"artifactLocation": {
"uri": "add-user.c",
"uriBaseId": "%SRCROOT%",
"index": 0
},
"region": {
"startLine": 95,
"startColumn": 20,
"endColumn": 24
}
},
"message": {
"text": "info"
}
}
},
{
"location": {
"physicalLocation": {
"artifactLocation": {
"uri": "add-user.c",
"uriBaseId": "%SRCROOT%",
"index": 0
},
"region": {
"startLine": 68,
"startColumn": 31,
"endColumn": 35
}
},
"message": {
"text": "info"
}
}
},
{
"location": {
"physicalLocation": {
"artifactLocation": {
"uri": "add-user.c",
"uriBaseId": "%SRCROOT%",
"index": 0
},
"region": {
"startLine": 84,
"startColumn": 27,
"endColumn": 32
}
},
"message": {
"text": "query"
}
}
}
]
}
]
}
]
}
],
"automationDetails": {
"id": "santa-chap/"
},
"columnKind": "utf16CodeUnits",
"properties": {
"semmle.formatSpecifier": "sarif-latest"
},
"versionControlProvenance": [
{
"repositoryUri": "vcp-no-uri",
"revisionId": "vcp-no-revid"
}
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink