search

mainsean435 / codeql-uboot

https://lab.github.com/githubtraining/codeql-u-boot-challenge-(cc++)
MIT License
0 stars 0 forks source link

Step 4 - Anatomy of a query #4

Closed github-learning-lab[bot] closed 2 years ago

github-learning-lab[bot] commented 2 years ago

Step 4: Anatomy of a query

Now let's analyze what you have written. A CodeQL query has the following basic structure:

import /* ... path to some CodeQL libraries ... */

from /* ... variable declarations ... */
where /* ... logical formulas that say something about the variables ... */
select /* ... expressions to output ... */

The from/where/select part is the query clause: it describes what we are trying to find in the source code.

Let's look closer at the query we wrote in the previous step.

Show the query ```ql import cpp from Function f where f.getName() = "strlen" select f, "a function named strlen" ```

Imports

At the top of the query is import cpp. This is an import statement. It brings into scope the standard CodeQL library that models C/C++ code, allowing us to use its features in our query. We'll use this library in every query, and in later steps we'll also use some more specialized libraries.

Classes

In the from section, there is a declaration Function f. Here we declare a variable named f which has the type Function. Function is a class declared in the standard library (you can jump to the definition using F12). A class represents a collection of values, in this case the collection of all C/C++ functions in the source code.

Predicates

Now look at the expression f.getName() in the where section. Here we call the predicate getName on the variable f of type Function. Predicates are the building blocks of a query: they express logical properties that we want to hold. Some predicates return results (like getName), and some predicates do not (they just assert that a property must be true).

So far your query finds all functions with the name strlen. It does this by asserting that the result of f.getName() is equal to the string "strlen".

github-learning-lab[bot] commented 2 years ago

:keyboard: Activity: Find all functions named memcpy

  1. Edit the file 4_memcpy_definitions.ql
  2. Copy the query you wrote in step 3 into this file, and modify the where clause so that the query finds all definitions of functions named memcpy instead.
  3. Run your query on the U-Boot codebase to verify the results.
  4. Submit your solution as explained previously.
github-learning-lab[bot] commented 2 years ago

Ooops! The query you submitted in 5a1faf42969b51045cfd49644b9fc8da2cb4eca9 didn't find the right results. Please take a look at the comment and try again.

To submit a new iteration of your query, you just have to push a new commit to the same branch (main or the PR branch).

github-learning-lab[bot] commented 2 years ago

Congratulations, looks like the query you introduced in 6063fffa7a499feda38a0f5c7282d4f88b8667ec finds the correct results!

If you created a pull request, merge it.

Let's continue to the next step.