search

b1tg / codeql-uboot

https://lab.github.com/githubtraining/codeql-u-boot-challenge-(cc++)
MIT License
0 stars 0 forks source link

Step 6 - Relating two variables #6

Closed github-learning-lab[bot] closed 3 years ago

github-learning-lab[bot] commented 3 years ago

Step 6: Relating two variables

In step 4, you wrote a query that finds the definitions of functions named memcpy in the codebase. Now, we want to find all the calls to memcpy in the codebase.

One way to do this is to declare two variables: one to represent functions, and one to represent function calls. Then you will have to create a relationship between these variables in the where section, so that they are restricted to only functions that are named memcpy, and calls to exactly those functions.

github-learning-lab[bot] commented 3 years ago

:keyboard: Activity: Find all the calls to memcpy

  1. Edit the file 6_memcpy_calls.ql
  2. Use the auto-completion feature to find the class that represents function calls, and declare a variable that belongs to this class.
  3. Use auto-completion again on your function call variable to guess the predicate that tells us the target function that is being called.
  4. Combine this with your logic from step 4 to make sure the target function is named memcpy.
  5. Once you're happy with the results, submit your solution.

Tip: You can have a look at this C++ example in the CodeQL cookbook. Note that your query will be simpler as you won't need to consider the declaringType.

Note: Once you have good results, you can try to make your query more compact by omitting the intermediate Function variable. The 2 queries below are equivalent:

from Class1 c1, Class2 c2
where
  c1.getClass2() = c2 and
  c2.getProp() = "something"
select c1
from Class1 c1
where c1.getClass2().getProp() = "something"
select c1
github-learning-lab[bot] commented 3 years ago

Ooops! The query you submitted in 37f1b1044de243886a8d0f8e9ad6020ea465209d didn't find the right results. Please take a look at the comment and try again.

To submit a new iteration of your query, you just have to push a new commit to the same branch (main or the PR branch).

github-learning-lab[bot] commented 3 years ago

Ooops! The query you submitted in 08659d27536a8a627e035640174ec1d716455104 didn't find the right results. Please take a look at the comment and try again.

To submit a new iteration of your query, you just have to push a new commit to the same branch (main or the PR branch).

github-learning-lab[bot] commented 3 years ago

Ooops! The query you submitted in 995ccfae61e7087f98ea1cb249eee19c17692755 didn't find the right results. Please take a look at the comment and try again.

To submit a new iteration of your query, you just have to push a new commit to the same branch (main or the PR branch).

github-learning-lab[bot] commented 3 years ago

Congratulations, looks like the query you introduced in 0ee20aa000352d2a36acb826915c3d7dfab33352 finds the correct results!

If you created a pull request, merge it.

Let's continue to the next step.

b1tg commented 3 years ago

wired, select call, callee give wrong result