mirror of
https://github.com/hohn/sarif-cli.git
synced 2025-12-16 09:13:04 +01:00
310 lines
9.7 KiB
JSON
310 lines
9.7 KiB
JSON
{
|
|
"$schema": "https://json.schemastore.org/sarif-2.1.0.json",
|
|
"version": "2.1.0",
|
|
"runs": [
|
|
{
|
|
"tool": {
|
|
"driver": {
|
|
"name": "CodeQL",
|
|
"organization": "GitHub",
|
|
"semanticVersion": "2.14.0",
|
|
"notifications": [
|
|
{
|
|
"id": "cpp/baseline/expected-extracted-files",
|
|
"name": "cpp/baseline/expected-extracted-files",
|
|
"shortDescription": {
|
|
"text": "Expected extracted files"
|
|
},
|
|
"fullDescription": {
|
|
"text": "Files appearing in the source archive that are expected to be extracted."
|
|
},
|
|
"defaultConfiguration": {
|
|
"enabled": true
|
|
},
|
|
"properties": {
|
|
"tags": [
|
|
"expected-extracted-files",
|
|
"telemetry"
|
|
]
|
|
}
|
|
}
|
|
],
|
|
"rules": [
|
|
{
|
|
"id": "cpp/SQLIVulnerable",
|
|
"name": "cpp/SQLIVulnerable",
|
|
"shortDescription": {
|
|
"text": "SQLI Vulnerability"
|
|
},
|
|
"fullDescription": {
|
|
"text": "Using untrusted strings in a sql query allows sql injection attacks."
|
|
},
|
|
"defaultConfiguration": {
|
|
"enabled": true,
|
|
"level": "warning"
|
|
},
|
|
"properties": {
|
|
"description": "Using untrusted strings in a sql query allows sql injection attacks.",
|
|
"id": "cpp/SQLIVulnerable",
|
|
"kind": "path-problem",
|
|
"name": "SQLI Vulnerability",
|
|
"problem.severity": "warning"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"extensions": [
|
|
{
|
|
"name": "legacy-upgrades",
|
|
"semanticVersion": "0.0.0",
|
|
"locations": [
|
|
{
|
|
"uri": "file:///Users/hohn/.local/share/gh/extensions/gh-codeql/dist/release/v2.14.0/legacy-upgrades/",
|
|
"description": {
|
|
"text": "The QL pack root directory."
|
|
}
|
|
},
|
|
{
|
|
"uri": "file:///Users/hohn/.local/share/gh/extensions/gh-codeql/dist/release/v2.14.0/legacy-upgrades/qlpack.yml",
|
|
"description": {
|
|
"text": "The QL pack definition file."
|
|
}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"name": "codeql-dataflow-sql-injection",
|
|
"semanticVersion": "0.0.1",
|
|
"locations": [
|
|
{
|
|
"uri": "file:///Users/hohn/local/sarif-cli/codeql-dataflow-sql-injection/",
|
|
"description": {
|
|
"text": "The QL pack root directory."
|
|
}
|
|
},
|
|
{
|
|
"uri": "file:///Users/hohn/local/sarif-cli/codeql-dataflow-sql-injection/qlpack.yml",
|
|
"description": {
|
|
"text": "The QL pack definition file."
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"invocations": [
|
|
{
|
|
"toolExecutionNotifications": [
|
|
{
|
|
"locations": [
|
|
{
|
|
"physicalLocation": {
|
|
"artifactLocation": {
|
|
"uri": "add-user.c",
|
|
"uriBaseId": "%SRCROOT%",
|
|
"index": 0
|
|
}
|
|
}
|
|
}
|
|
],
|
|
"message": {
|
|
"text": ""
|
|
},
|
|
"level": "none",
|
|
"descriptor": {
|
|
"id": "cpp/baseline/expected-extracted-files",
|
|
"index": 0
|
|
},
|
|
"properties": {
|
|
"formattedMessage": {
|
|
"text": ""
|
|
}
|
|
}
|
|
}
|
|
],
|
|
"executionSuccessful": true
|
|
}
|
|
],
|
|
"artifacts": [
|
|
{
|
|
"location": {
|
|
"uri": "add-user.c",
|
|
"uriBaseId": "%SRCROOT%",
|
|
"index": 0
|
|
}
|
|
}
|
|
],
|
|
"results": [
|
|
{
|
|
"ruleId": "cpp/SQLIVulnerable",
|
|
"ruleIndex": 0,
|
|
"rule": {
|
|
"id": "cpp/SQLIVulnerable",
|
|
"index": 0
|
|
},
|
|
"message": {
|
|
"text": "Possible SQL injection"
|
|
},
|
|
"locations": [
|
|
{
|
|
"physicalLocation": {
|
|
"artifactLocation": {
|
|
"uri": "add-user.c",
|
|
"uriBaseId": "%SRCROOT%",
|
|
"index": 0
|
|
},
|
|
"region": {
|
|
"startLine": 84,
|
|
"startColumn": 27,
|
|
"endColumn": 32
|
|
}
|
|
}
|
|
}
|
|
],
|
|
"partialFingerprints": {
|
|
"primaryLocationLineHash": "9a8bc91bbc363391:1",
|
|
"primaryLocationStartColumnFingerprint": "22"
|
|
},
|
|
"codeFlows": [
|
|
{
|
|
"threadFlows": [
|
|
{
|
|
"locations": [
|
|
{
|
|
"location": {
|
|
"physicalLocation": {
|
|
"artifactLocation": {
|
|
"uri": "add-user.c",
|
|
"uriBaseId": "%SRCROOT%",
|
|
"index": 0
|
|
},
|
|
"region": {
|
|
"startLine": 52,
|
|
"startColumn": 32,
|
|
"endColumn": 35
|
|
}
|
|
},
|
|
"message": {
|
|
"text": "ref arg buf"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"location": {
|
|
"physicalLocation": {
|
|
"artifactLocation": {
|
|
"uri": "add-user.c",
|
|
"uriBaseId": "%SRCROOT%",
|
|
"index": 0
|
|
},
|
|
"region": {
|
|
"startLine": 60,
|
|
"startColumn": 12,
|
|
"endColumn": 15
|
|
}
|
|
},
|
|
"message": {
|
|
"text": "buf"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"location": {
|
|
"physicalLocation": {
|
|
"artifactLocation": {
|
|
"uri": "add-user.c",
|
|
"uriBaseId": "%SRCROOT%",
|
|
"index": 0
|
|
},
|
|
"region": {
|
|
"startLine": 93,
|
|
"startColumn": 12,
|
|
"endColumn": 25
|
|
}
|
|
},
|
|
"message": {
|
|
"text": "call to get_user_info"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"location": {
|
|
"physicalLocation": {
|
|
"artifactLocation": {
|
|
"uri": "add-user.c",
|
|
"uriBaseId": "%SRCROOT%",
|
|
"index": 0
|
|
},
|
|
"region": {
|
|
"startLine": 95,
|
|
"startColumn": 20,
|
|
"endColumn": 24
|
|
}
|
|
},
|
|
"message": {
|
|
"text": "info"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"location": {
|
|
"physicalLocation": {
|
|
"artifactLocation": {
|
|
"uri": "add-user.c",
|
|
"uriBaseId": "%SRCROOT%",
|
|
"index": 0
|
|
},
|
|
"region": {
|
|
"startLine": 68,
|
|
"startColumn": 31,
|
|
"endColumn": 35
|
|
}
|
|
},
|
|
"message": {
|
|
"text": "info"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"location": {
|
|
"physicalLocation": {
|
|
"artifactLocation": {
|
|
"uri": "add-user.c",
|
|
"uriBaseId": "%SRCROOT%",
|
|
"index": 0
|
|
},
|
|
"region": {
|
|
"startLine": 84,
|
|
"startColumn": 27,
|
|
"endColumn": 32
|
|
}
|
|
},
|
|
"message": {
|
|
"text": "query"
|
|
}
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"automationDetails": {
|
|
"id": "santa-chap/"
|
|
},
|
|
"columnKind": "utf16CodeUnits",
|
|
"properties": {
|
|
"semmle.formatSpecifier": "sarif-latest"
|
|
},
|
|
"versionControlProvenance": [
|
|
{
|
|
"repositoryUri": "vcp-no-uri",
|
|
"revisionId": "vcp-no-revid"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|