codeql/cpp/ql/test/query-tests/Security/CWE/CWE-089/SqlTainted/SqlTainted.expected at 32464a8995313745599540e67f1351e31bb8b69f · ebickle/codeql · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
edges
| test.c:14:27:14:30 | **argv | test.c:15:20:15:26 | *access to array | provenance |  |
| test.c:15:20:15:26 | *access to array | test.c:21:18:21:23 | *query1 | provenance | TaintFunction |
| test.c:15:20:15:26 | *access to array | test.c:35:16:35:23 | *userName | provenance |  |
| test.c:35:16:35:23 | *userName | test.c:40:25:40:32 | *username | provenance |  |
| test.c:38:7:38:20 | **globalUsername | test.c:48:20:48:33 | *globalUsername | provenance |  |
| test.c:40:25:40:32 | *username | test.c:41:3:41:27 | *... = ... | provenance |  |
| test.c:41:3:41:27 | *... = ... | test.c:38:7:38:20 | **globalUsername | provenance |  |
| test.c:48:20:48:33 | *globalUsername | test.c:51:18:51:23 | *query1 | provenance | TaintFunction |
| test.c:75:8:75:16 | gets output argument | test.c:76:17:76:25 | *userInput | provenance |  |
| test.c:75:8:75:16 | gets output argument | test.c:77:20:77:28 | *userInput | provenance |  |
| test.c:101:8:101:16 | gets output argument | test.c:106:24:106:29 | *query1 | provenance | TaintFunction Sink:MaD:325 |
| test.c:101:8:101:16 | gets output argument | test.c:107:28:107:33 | *query1 | provenance | TaintFunction Sink:MaD:326 |
| test.cpp:39:27:39:30 | **argv | test.cpp:43:27:43:33 | *access to array | provenance |  |
nodes
| test.c:14:27:14:30 | **argv | semmle.label | **argv |
| test.c:15:20:15:26 | *access to array | semmle.label | *access to array |
| test.c:21:18:21:23 | *query1 | semmle.label | *query1 |
| test.c:35:16:35:23 | *userName | semmle.label | *userName |
| test.c:38:7:38:20 | **globalUsername | semmle.label | **globalUsername |
| test.c:40:25:40:32 | *username | semmle.label | *username |
| test.c:41:3:41:27 | *... = ... | semmle.label | *... = ... |
| test.c:48:20:48:33 | *globalUsername | semmle.label | *globalUsername |
| test.c:51:18:51:23 | *query1 | semmle.label | *query1 |
| test.c:75:8:75:16 | gets output argument | semmle.label | gets output argument |
| test.c:76:17:76:25 | *userInput | semmle.label | *userInput |
| test.c:77:20:77:28 | *userInput | semmle.label | *userInput |
| test.c:101:8:101:16 | gets output argument | semmle.label | gets output argument |
| test.c:106:24:106:29 | *query1 | semmle.label | *query1 |
| test.c:107:28:107:33 | *query1 | semmle.label | *query1 |
| test.cpp:39:27:39:30 | **argv | semmle.label | **argv |
| test.cpp:43:27:43:33 | *access to array | semmle.label | *access to array |
subpaths
#select
| test.c:21:18:21:23 | query1 | test.c:14:27:14:30 | **argv | test.c:21:18:21:23 | *query1 | This argument to a SQL query function is derived from $@ and then passed to mysql_query(sqlArg). | test.c:14:27:14:30 | **argv | user input (a command-line argument) |
| test.c:51:18:51:23 | query1 | test.c:14:27:14:30 | **argv | test.c:51:18:51:23 | *query1 | This argument to a SQL query function is derived from $@ and then passed to mysql_query(sqlArg). | test.c:14:27:14:30 | **argv | user input (a command-line argument) |
| test.c:76:17:76:25 | userInput | test.c:75:8:75:16 | gets output argument | test.c:76:17:76:25 | *userInput | This argument to a SQL query function is derived from $@ and then passed to SQLPrepare(StatementText). | test.c:75:8:75:16 | gets output argument | user input (string read by gets) |
| test.c:77:20:77:28 | userInput | test.c:75:8:75:16 | gets output argument | test.c:77:20:77:28 | *userInput | This argument to a SQL query function is derived from $@ and then passed to SQLExecDirect(StatementText). | test.c:75:8:75:16 | gets output argument | user input (string read by gets) |
| test.cpp:43:27:43:33 | access to array | test.cpp:39:27:39:30 | **argv | test.cpp:43:27:43:33 | *access to array | This argument to a SQL query function is derived from $@ and then passed to pqxx::work::exec1((unnamed parameter 0)). | test.cpp:39:27:39:30 | **argv | user input (a command-line argument) |